fuse in golang (or s3fs-fuse)

[Jiri B]

Hi,

is golang fuse library working on OpenBSD, or what is missing?

The goal is to be able to mount seawedfs with fuse, Seaweedfs[1] is
a distributed fs in golang but comparing to minio it's more simple
(although it has s3 compat) and fuse mount would be handy.

Talking about s3, is s3fs-fuse working?

[1] https://github.com/chrislusf/seaweedfs
[2] https://github.com/seaweedfs/fuse

Jiri

installing non-interactively emacs-26.1p1-no_x11

[Jiri B .]

Hi,

I cannot figure out how to install non-interactively emacs-26.1p1-no_x11

Is it branch, right? But what is it's value after '%'?

emacs--no_x11 still request version selection, emacs%--no_x11 is wrong.

Jiri

python/ruby modules for bsdauth?

[Jiri B]

Do we have python/ruby modules for bsdauth?

If not, do python/ruby pam modules work with security/openpam
port? (IIUC it uses bsdauth beneath, right?).

Jiri

py libs to make Ansible winrm transport working (Windows mgmt)

[Jiri B]

Hi,

I need to manage multiple Windows ADs at work thus I made couple of
new python lib ports to have Ansible working with winrm transport
and thus have possibility to use OpenBSD and Ansible to manage remote
Windows boxes.

Tested with remote Windows 2016 with ntlm, kerberos auth.

Only thing is I'm not really sure I made correctly py-kerberos port,
I could not manage to have port-lib-depends-check without some bogus
output (read Heimdal involved here).

There's no difference between OpenBSD and other *nix system to
make winrm working. But if you would need some 'howto', I can provide
steps.

Jiri

sysutils/py-winrm (default is with ntlm support)

- textproc/py-xmltodict [new]
- py-requests-ntlm [new]
  - security/py-ntlm-auth [new]
- devel/py-six
- devel/py-six
- www/requests

sysutils/py-winrm + kerberos support


- textproc/py-xmltodict [new]
- py-requests-ntlm [new]
  - security/py-ntlm-auth [new]
- devel/py-six
- devel/py-six
- www/requests
- (optional) www/py-requests-kerberos [new]
  - www/py-requests
  - security/py-cryptography
  - security/py-kerberos [new]

sysutils/py-winrm + credssp support
---
- textproc/py-xmltodict [new]
- py-requests-ntlm [new]
  - security/py-ntlm-auth [new]
- devel/py-six
- devel/py-six
- www/requests
- (optional) www/py-requests-credssp [new]
  - security/py-ntlm-auth [new]
  - security/py-openssl
  - www/py-requests


py-kerberos.tgz
Description: application/tar-gz


py-ntlm-auth.tgz
Description: application/tar-gz


py-requests-credssp.tgz
Description: application/tar-gz


py-requests-kerberos.tgz
Description: application/tar-gz


py-requests-ntlm.tgz
Description: application/tar-gz


py-winrm.tgz
Description: application/tar-gz


py-xmltodict.tgz
Description: application/tar-gz

Re: [update] openvpn-2.4.5

[Jiri B]

On Sat, Mar 03, 2018 at 03:21:15PM +0100, Jeremie Courreges-Anglas wrote:
> 
> See changelog at
> 
>   https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
> 
> If anyone wants to give it a try.  The src/openvpn/openssl_compat.h diff
> is being worked on.

I can still connect (client) to work. Thank you.

Jiri

Re: UPDATE: burp -> 2.0/2.0.54, stable (2.1.28)

[Jiri B]

On Fri, Mar 02, 2018 at 08:47:01PM +, Stuart Henderson wrote:
> On 2018/02/28 17:32, Jiri B wrote:
> > OK, new diff and tarball attached.
> 
> I've cleaned it up a bit. Does it still work for you?

Yes, it does work. Some comments below.

Our pkg* tools don't have a method to upgrade between various
branches? I tried to upgrade from 2.0.54 to 2.1.28 and it seems
our pkg* tools can't do it - thus I did pkg_delete and pkg_add.

While uninstalling 2.0.54 and installing 2.1.28 it revealed
a little change in configuration, 2.1.28 has 'monitor_exe'
option added (so we don't need to keep Landry's patch for this).
But when doing such "upgrade" this little change is not visible.
How to solve this? A 'MESSAGE' or something else?

Thank you for help. It's OK for me.

Jiri

porting grub2 - how to get arm64 modules available in amd64 PKG_PATH?

[Jiri B]

Hi,

I have simple GRUB2 port working but I'm trying to figure out how to change
the port to get some part of it to be a kind of 'noarch' as Linux distros do.

My question is, how to get eg. /usr/local/lib/grub/arm64-efi modules which - 
IIUC -
would need to build on arm64 box "into" amd64 repo, so they are installable via
pkg_add.

The purpose is to be able to configure netbooting on amd64 box for other
hw platforms.

Example (from Linux), I was preparing network boot for IBM POWER8 on EL7/x86_64:

(grub2-mknetdir is x86_64 binary, but modules are for POWER8)

# grub2-mknetdir -d /usr/lib/grub/powerpc-ieee1275 --net-directory=/tftpboot
Netboot directory for powerpc-ieee1275 created. Configure your DHCP server to 
point to /data/tftp/boot/grub2/powerpc-ieee1275/core.elf

As I said, Linux distros have 'noarch' repos, IIUC we don't use it.
And I did not understand purpose of NO_ARCH in bsd.port.mk.

One can check how are subpackages of GRUB2 built on Fedora:

https://koji.fedoraproject.org/koji/buildinfo?buildID=1051700

One can also see that on an amd64 box they build "variations" of GRUB2.

$ ftp -MVo - 
https://kojipkgs.fedoraproject.org//packages/grub2/2.02/26.fc29/data/logs/x86_64/build.log
 | ggrep -Po '^\+ \.\./configure --build.*\K(--with-platform.*--target=[^ ]*)'
--with-platform=efi --target=x86_64-redhat-linux-gnu
--with-platform=efi --target=i386-redhat-linux-gnu
--with-platform=pc --target=x86_64-redhat-linux-gnu

So, even if I would build on an OpenBSD amd64 these 3 variations (and pc/i386 on
an i386 OpenBSD box), I still don't know how to get 'noarch' packages.

Thank you very much for help.

Jiri

Re: UPDATE: burp -> 2.0/2.0.54, stable (2.1.28)

[Jiri B]

On Wed, Feb 28, 2018 at 10:05:57PM +, Stuart Henderson wrote:
> > I hope I finally was successful to make diff for burp.
> 
> Diff only has one of the two versions. Can you just send a tar?

OK, new diff and tarball attached.

> > - moving current port version into '2.0' subdir
> > - adding 'stable' subdir for 2.1.28
> 
> 2.0 and 'stable' doesn't seem very natural. I think this would
> be better named 2.0 and 2.1.
> 
> > - I would love to know how to build -static flavor so I could use burp
> >   for disaster recovery from ramdisk env.
> 
> You're into custom ramdisks then really, which is beyond the scope of
> ports. It would probably need to be non-PIE as well as static. I think
> you'd have less trouble with a USB stick or netboot installation
> rather than ramdisk for DR.

I was using install and restore over it in the past - although on RHEL -
and I was not very happy about it, too much fragile IMO.

Thank you for help.

Jiri

diff --git sysutils/burp/2.0/Makefile sysutils/burp/2.0/Makefile
new file mode 100644
index 000..ceb51612cbf
--- /dev/null
+++ sysutils/burp/2.0/Makefile
@@ -0,0 +1,13 @@
+# $OpenBSD: Makefile,v 1.3 2018/02/09 10:41:45 nigel Exp $
+
+VERSION =  2.0.54
+REVISION = 1
+
+post-patch:
+   ${SUBST_CMD} ${WRKSRC}/src/client/monitor/status_client_ncurses.c
+
+post-install:
+   @rm -Rf ${WRKINST}/${SYSCONFDIR}/burp/autoupgrade
+   @mv ${WRKINST}/${SYSCONFDIR}/burp ${PREFIX}/share/examples/burp
+
+.include 
diff --git sysutils/burp/distinfo sysutils/burp/2.0/distinfo
similarity index 100%
rename from sysutils/burp/distinfo
rename to sysutils/burp/2.0/distinfo
diff --git sysutils/burp/patches/patch-Makefile_in 
sysutils/burp/2.0/patches/patch-Makefile_in
similarity index 100%
rename from sysutils/burp/patches/patch-Makefile_in
rename to sysutils/burp/2.0/patches/patch-Makefile_in
diff --git sysutils/burp/patches/patch-configs_client_burp_conf_in 
sysutils/burp/2.0/patches/patch-configs_client_burp_conf_in
similarity index 100%
rename from sysutils/burp/patches/patch-configs_client_burp_conf_in
rename to sysutils/burp/2.0/patches/patch-configs_client_burp_conf_in
diff --git sysutils/burp/patches/patch-configs_server_burp_conf_in 
sysutils/burp/2.0/patches/patch-configs_server_burp_conf_in
similarity index 100%
rename from sysutils/burp/patches/patch-configs_server_burp_conf_in
rename to sysutils/burp/2.0/patches/patch-configs_server_burp_conf_in
diff --git sysutils/burp/patches/patch-configs_server_timer_script 
sysutils/burp/2.0/patches/patch-configs_server_timer_script
similarity index 100%
rename from sysutils/burp/patches/patch-configs_server_timer_script
rename to sysutils/burp/2.0/patches/patch-configs_server_timer_script
diff --git 
sysutils/burp/patches/patch-src_client_monitor_status_client_ncurses_c 
sysutils/burp/2.0/patches/patch-src_client_monitor_status_client_ncurses_c
similarity index 100%
rename from 
sysutils/burp/patches/patch-src_client_monitor_status_client_ncurses_c
rename to 
sysutils/burp/2.0/patches/patch-src_client_monitor_status_client_ncurses_c
diff --git sysutils/burp/pkg/DESCR sysutils/burp/2.0/pkg/DESCR
similarity index 100%
rename from sysutils/burp/pkg/DESCR
rename to sysutils/burp/2.0/pkg/DESCR
diff --git sysutils/burp/pkg/PLIST sysutils/burp/2.0/pkg/PLIST
similarity index 98%
rename from sysutils/burp/pkg/PLIST
rename to sysutils/burp/2.0/pkg/PLIST
index 767d2faa6e1..71f076924f1 100644
--- sysutils/burp/pkg/PLIST
+++ sysutils/burp/2.0/pkg/PLIST
@@ -1,4 +1,6 @@
 @comment $OpenBSD: PLIST,v 1.1.1.1 2017/11/03 11:31:01 landry Exp $
+@option is-branch
+@conflict burp-*
 @newgroup _burp:794
 @newuser _burp:794:794:daemon:BackUp and Recovery 
Daemon:/var/empty:/sbin/nologin
 @bin bin/vss_strip
diff --git sysutils/burp/pkg/burp.rc sysutils/burp/2.0/pkg/burp.rc
similarity index 100%
rename from sysutils/burp/pkg/burp.rc
rename to sysutils/burp/2.0/pkg/burp.rc
diff --git sysutils/burp/Makefile sysutils/burp/Makefile
index c7292cb155d..abe55ff38ee 100644
--- sysutils/burp/Makefile
+++ sysutils/burp/Makefile
@@ -1,34 +1,7 @@
-# $OpenBSD: Makefile,v 1.3 2018/02/09 10:41:45 nigel Exp $
+# $OpenBSD$
 
-COMMENT =  BackUp and Restore Program
-DISTNAME = burp-2.0.54
-REVISION = 1
+SUBDIR =
+SUBDIR += 2.0
+SUBDIR += stable
 
-CATEGORIES =   sysutils
-HOMEPAGE = http://burp.grke.org/
-
-# AGPLv3
-PERMIT_PACKAGE_CDROM = Yes
-
-MASTER_SITES = ${MASTER_SITE_SOURCEFORGE:=burp/}
-EXTRACT_SUFX = .tar.bz2
-
-CONFIGURE_STYLE =  gnu
-INSTALL_TARGET =   install-all
-
-# check is used for tests but detected at configure time
-BUILD_DEPENDS =devel/uthash \
-   devel/check
-LIB_DEPENDS =  net/librsync
-RUN_DEPENDS =  shells/bash
-WANTLIB += b2 c crypto m curses rsync ssl z
-
-SUBST_VARS +=  TRUEPREFIX
-post-patch:
-   ${SUBST_CMD} ${WRKSRC}/src/client/monitor/status_client_ncurses.c
-
-post-install:
-   @rm -Rf ${WRKINST}/${SYSCONFDIR}/burp/autoupgrade
-   @mv ${WRKINST}/${SYSCONFDIR}/burp 

UPDATE: burp -> 2.0/2.0.54, stable (2.1.28)

[Jiri B]

On Thu, Feb 22, 2018 at 08:08:02PM -0500, Jiri B wrote:
> I have no idea how to solve this - no conflict, thus one could have
> old server and would like to install new client or vice-versa.
> What to do with configuration files? I have no opinion.

Hi,

I hope I finally was successful to make diff for burp.

- moving current port version into '2.0' subdir
- adding 'stable' subdir for 2.1.28
- customizing Makefile and adding Makefile.inc
- making both ports 'conflict' and have '@option is-branch'

IIUC, both ports can be installed with something like:

  env PKG_DBDIR= pkg_add -B  

- I would love to know how to build -static flavor so I could use burp
  for disaster recovery from ramdisk env.
- If there would be pledge restrictions, it would be great too...

Question: I could not do 'make fetch' in 'stable' subdir, it was
showing error that distinfo does not exist, no idea what's going on?!

Jiri


diff --git Makefile Makefile
new file mode 100644
index 000..ceb51612cbf
--- /dev/null
+++ Makefile
@@ -0,0 +1,13 @@
+# $OpenBSD: Makefile,v 1.3 2018/02/09 10:41:45 nigel Exp $
+
+VERSION =  2.0.54
+REVISION = 1
+
+post-patch:
+   ${SUBST_CMD} ${WRKSRC}/src/client/monitor/status_client_ncurses.c
+
+post-install:
+   @rm -Rf ${WRKINST}/${SYSCONFDIR}/burp/autoupgrade
+   @mv ${WRKINST}/${SYSCONFDIR}/burp ${PREFIX}/share/examples/burp
+
+.include 
diff --git distinfo distinfo
new file mode 100644
index 000..8261a2d01ba
--- /dev/null
+++ distinfo
@@ -0,0 +1,2 @@
+SHA256 (burp-2.0.54.tar.bz2) = rhBHBYbx/uRVbqrls8UreM/A6sQQn0uCU8VJ5/8ADYY=
+SIZE (burp-2.0.54.tar.bz2) = 754566
diff --git patches/patch-Makefile_in patches/patch-Makefile_in
new file mode 100644
index 000..045e0419c45
--- /dev/null
+++ patches/patch-Makefile_in
@@ -0,0 +1,14 @@
+$OpenBSD: patch-Makefile_in,v 1.1.1.1 2017/11/03 11:31:01 landry Exp $
+
+Index: Makefile.in
+--- Makefile.in.orig
 Makefile.in
+@@ -625,7 +625,7 @@ sbindir = @sbindir@
+ scriptdir = @scriptdir@
+ sharedstatedir = @sharedstatedir@
+ srcdir = @srcdir@
+-sysconfdir = @sysconfdir@
++sysconfdir = @sysconfdir@/burp
+ target_alias = @target_alias@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
diff --git patches/patch-configs_client_burp_conf_in 
patches/patch-configs_client_burp_conf_in
new file mode 100644
index 000..4b0fe24292f
--- /dev/null
+++ patches/patch-configs_client_burp_conf_in
@@ -0,0 +1,14 @@
+$OpenBSD: patch-configs_client_burp_conf_in,v 1.1.1.1 2017/11/03 11:31:01 
landry Exp $
+
+Index: configs/client/burp.conf.in
+--- configs/client/burp.conf.in.orig
 configs/client/burp.conf.in
+@@ -11,7 +11,7 @@ cname = testclient
+ # with a pseudo mirrored storage on the server and optional rsync). 2 forces
+ # protocol2 mode (inline deduplication with variable length blocks).
+ # protocol = 0
+-pidfile = @runstatedir@/burp.client.pid
++pidfile = @runstatedir@/burp/client.pid
+ syslog = 0
+ stdout = 1
+ progress_counter = 1
diff --git patches/patch-configs_server_burp_conf_in 
patches/patch-configs_server_burp_conf_in
new file mode 100644
index 000..e40588384a1
--- /dev/null
+++ patches/patch-configs_server_burp_conf_in
@@ -0,0 +1,26 @@
+$OpenBSD: patch-configs_server_burp_conf_in,v 1.1.1.1 2017/11/03 11:31:01 
landry Exp $
+
+Index: configs/server/burp.conf.in
+--- configs/server/burp.conf.in.orig
 configs/server/burp.conf.in
+@@ -22,7 +22,7 @@ clientconfdir = @sysconfdir@/clientconfdir
+ # Like many other settings, this can be set per client in the clientconfdir
+ # files.
+ # protocol = 0
+-pidfile = @runstatedir@/burp.server.pid
++pidfile = @runstatedir@/burp/server.pid
+ hardlinked_archive = 0
+ working_dir_recovery_method = delete
+ max_children = 5
+@@ -68,8 +68,9 @@ keep = 7
+ # keep = 6
+ 
+ # Run as different user/group.
+-# user=graham
+-# group=nogroup
++user=_burp
++group=_burp
++dedup_group=_burp
+ 
+ # CA options.
+ # If you want your server to be a certificate authority and generate its own
diff --git patches/patch-configs_server_timer_script 
patches/patch-configs_server_timer_script
new file mode 100644
index 000..1b1d569ea9f
--- /dev/null
+++ patches/patch-configs_server_timer_script
@@ -0,0 +1,42 @@
+$OpenBSD: patch-configs_server_timer_script,v 1.1.1.1 2017/11/03 11:31:01 
landry Exp $
+
+https://github.com/grke/burp/issues/627
+
+Index: configs/server/timer_script
+--- configs/server/timer_script.orig
 configs/server/timer_script
+@@ -77,29 +77,12 @@ get_intervals()
+ 
+   read junk ts < "$timestamp"
+ 
+-  if   ! secs=$(LANG=C LC_TIME=C date +%s -d "$ts") \
+-|| ! now=$(LANG=C LC_TIME=C date +"%Y-%m-%d %H:%M:%S") \
+-|| ! nowsecs=$(LANG=C LC_TIME=C date +%s -d "$now")
+-  then
+-  echo "$0: Date command returned error for $client."
+-  return 0
+-  fi
+-
++  mts=$(echo $ts | sed -e 's/-//g; s/ //; s/://; s/:/./')
++  secs=$(LAN

Re: burp - experience and 2.1 version

[Jiri B]

On Thu, Feb 22, 2018 at 08:08:02PM -0500, Jiri B wrote:
> On Thu, Feb 22, 2018 at 12:05:00PM +, Stuart Henderson wrote:
> > On 2018/02/22 04:59, Jiri B wrote:
> > > On Thu, Feb 22, 2018 at 10:21:54AM +0100, Landry Breuil wrote:
> > > > As for the update itself, i have no opinion. You decided to use 2.1 on
> > > > your clients, you assume the choice...
> > > 
> > > Do you want to keep old stable? Should I create new 'branch'
> > > for 2.1.x or just update current port?
> > 
> > Since a client may be stuck with an old server that is difficult to get
> > updated, carrying multiple branches might be useful. And since this is
> > unlikely to be a build dep of other ports, there should be no requirement
> > to avoid a conflict between the two.
> 
> I have no idea how to solve this - no conflict, thus one could have
> old server and would like to install new client or vice-versa.
> What to do with configuration files? I have no opinion.
> 
> Anyway, here's my current diff.
> 
> - I did not touch old port, just move it and made branches
> - 2.1.28 does not need some old patches and it uses autoconf/automake
>   now
> 
> 
> (I'm still learning, so please apologize my mistakes.)

Too many mistakes, please ignore it, I'll send new one later.

Jiri

Re: burp - experience and 2.1 version

[Jiri B]

On Thu, Feb 22, 2018 at 12:05:00PM +, Stuart Henderson wrote:
> On 2018/02/22 04:59, Jiri B wrote:
> > On Thu, Feb 22, 2018 at 10:21:54AM +0100, Landry Breuil wrote:
> > > As for the update itself, i have no opinion. You decided to use 2.1 on
> > > your clients, you assume the choice...
> > 
> > Do you want to keep old stable? Should I create new 'branch'
> > for 2.1.x or just update current port?
> 
> Since a client may be stuck with an old server that is difficult to get
> updated, carrying multiple branches might be useful. And since this is
> unlikely to be a build dep of other ports, there should be no requirement
> to avoid a conflict between the two.

I have no idea how to solve this - no conflict, thus one could have
old server and would like to install new client or vice-versa.
What to do with configuration files? I have no opinion.

Anyway, here's my current diff.

- I did not touch old port, just move it and made branches
- 2.1.28 does not need some old patches and it uses autoconf/automake
  now


(I'm still learning, so please apologize my mistakes.)

Jiri

diff --git sysutils/burp/2.0/Makefile sysutils/burp/2.0/Makefile
new file mode 100644
index 000..329384ba03f
--- /dev/null
+++ sysutils/burp/2.0/Makefile
@@ -0,0 +1,13 @@
+# $OpenBSD: Makefile,v 1.3 2018/02/09 10:41:45 nigel Exp $
+
+GH_TAGNAME =   2.0.54
+REVISION = 1
+
+post-patch:
+   ${SUBST_CMD} ${WRKSRC}/src/client/monitor/status_client_ncurses.c
+
+post-install:
+   @rm -Rf ${WRKINST}/${SYSCONFDIR}/burp/autoupgrade
+   @mv ${WRKINST}/${SYSCONFDIR}/burp ${PREFIX}/share/examples/burp
+
+.include 
diff --git sysutils/burp/2.0/distinfo sysutils/burp/2.0/distinfo
new file mode 100644
index 000..8261a2d01ba
--- /dev/null
+++ sysutils/burp/2.0/distinfo
@@ -0,0 +1,2 @@
+SHA256 (burp-2.0.54.tar.bz2) = rhBHBYbx/uRVbqrls8UreM/A6sQQn0uCU8VJ5/8ADYY=
+SIZE (burp-2.0.54.tar.bz2) = 754566
diff --git sysutils/burp/2.0/patches/patch-Makefile_in 
sysutils/burp/2.0/patches/patch-Makefile_in
new file mode 100644
index 000..045e0419c45
--- /dev/null
+++ sysutils/burp/2.0/patches/patch-Makefile_in
@@ -0,0 +1,14 @@
+$OpenBSD: patch-Makefile_in,v 1.1.1.1 2017/11/03 11:31:01 landry Exp $
+
+Index: Makefile.in
+--- Makefile.in.orig
 Makefile.in
+@@ -625,7 +625,7 @@ sbindir = @sbindir@
+ scriptdir = @scriptdir@
+ sharedstatedir = @sharedstatedir@
+ srcdir = @srcdir@
+-sysconfdir = @sysconfdir@
++sysconfdir = @sysconfdir@/burp
+ target_alias = @target_alias@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
diff --git sysutils/burp/2.0/patches/patch-configs_client_burp_conf_in 
sysutils/burp/2.0/patches/patch-configs_client_burp_conf_in
new file mode 100644
index 000..4b0fe24292f
--- /dev/null
+++ sysutils/burp/2.0/patches/patch-configs_client_burp_conf_in
@@ -0,0 +1,14 @@
+$OpenBSD: patch-configs_client_burp_conf_in,v 1.1.1.1 2017/11/03 11:31:01 
landry Exp $
+
+Index: configs/client/burp.conf.in
+--- configs/client/burp.conf.in.orig
 configs/client/burp.conf.in
+@@ -11,7 +11,7 @@ cname = testclient
+ # with a pseudo mirrored storage on the server and optional rsync). 2 forces
+ # protocol2 mode (inline deduplication with variable length blocks).
+ # protocol = 0
+-pidfile = @runstatedir@/burp.client.pid
++pidfile = @runstatedir@/burp/client.pid
+ syslog = 0
+ stdout = 1
+ progress_counter = 1
diff --git sysutils/burp/2.0/patches/patch-configs_server_burp_conf_in 
sysutils/burp/2.0/patches/patch-configs_server_burp_conf_in
new file mode 100644
index 000..e40588384a1
--- /dev/null
+++ sysutils/burp/2.0/patches/patch-configs_server_burp_conf_in
@@ -0,0 +1,26 @@
+$OpenBSD: patch-configs_server_burp_conf_in,v 1.1.1.1 2017/11/03 11:31:01 
landry Exp $
+
+Index: configs/server/burp.conf.in
+--- configs/server/burp.conf.in.orig
 configs/server/burp.conf.in
+@@ -22,7 +22,7 @@ clientconfdir = @sysconfdir@/clientconfdir
+ # Like many other settings, this can be set per client in the clientconfdir
+ # files.
+ # protocol = 0
+-pidfile = @runstatedir@/burp.server.pid
++pidfile = @runstatedir@/burp/server.pid
+ hardlinked_archive = 0
+ working_dir_recovery_method = delete
+ max_children = 5
+@@ -68,8 +68,9 @@ keep = 7
+ # keep = 6
+ 
+ # Run as different user/group.
+-# user=graham
+-# group=nogroup
++user=_burp
++group=_burp
++dedup_group=_burp
+ 
+ # CA options.
+ # If you want your server to be a certificate authority and generate its own
diff --git sysutils/burp/2.0/patches/patch-configs_server_timer_script 
sysutils/burp/2.0/patches/patch-configs_server_timer_script
new file mode 100644
index 000..1b1d569ea9f
--- /dev/null
+++ sysutils/burp/2.0/patches/patch-configs_server_timer_script
@@ -0,0 +1,42 @@
+$OpenBSD: patch-configs_server_timer_script,v 1.1.1.1 2017/11/03 11:31:01 
landry Exp $
+
+https://github.com/grke/burp/issues/627
+
+Index: configs/server/timer_script
+--- configs/server/timer_sc

Re: burp - experience and 2.1 version

[Jiri B]

On Thu, Feb 22, 2018 at 10:21:54AM +0100, Landry Breuil wrote:
> As for the update itself, i have no opinion. You decided to use 2.1 on
> your clients, you assume the choice...

Do you want to keep old stable? Should I create new 'branch'
for 2.1.x or just update current port?

Jiri

Re: burp - experience and 2.1 version

[Jiri B]

On Thu, Feb 22, 2018 at 08:20:15AM +0100, Landry Breuil wrote:
> The 2.1 branch was only declared stable recently, and this discussion
> already happened in https://marc.info/?t=15181794432=1=2
> 
> Landry

I'll send my diff for update the port because of this issue:
https://github.com/grke/burp/issues/691

Is it worth to make it as "static" binary?

I finished my burp/WinPE quick test and I'm thinking to have
burp either on ramdisk or downloadable via NFS and using it
inside ramdisk env for disaster recovery.

Jiri

burp - experience and 2.1 version

[Jiri B]

Hi guys,

landry@ added burp[1] into ports and while searching for
something easier that bacula/bareos for disk-based backups,
I found burp and read 'Migrating from Bacula to Burp'[2].

What are you experiences with burp?

Are you staying with ports version (2.0.54) because it was said
to be (old) stable which should not change?[3]

I pretty like how easy it is and that I can get data directly from
users backup dir in /var/spool/burp/$client after decompressing it.

(I made a port for 2.1.128 and my quick testing while reading docs
is OK. What about having "statically" built burp so one could
restore while being in ramdisk env?)

I'm in process to decide for a backup solution, so I'm a big ear ;)

Jiri

[1] http://burp.grke.org/index.html
[2] http://www.kudos.be/Articles/Migrating_from_Bacula_to_Burp.html
[3]https://github.com/grke/burp/issues/626

Re: [new] sysutils/restic

[Jiri B]

On Sun, Feb 18, 2018 at 01:56:32PM -0700, Aaron Bieber wrote:
> Hi!
> 
> Here is a nifty backup tool written in Go and BSD licensed. It supports
> a grip of backends:
> 
>  - Local directory
>  - sftp server (via SSH)
>  - HTTP REST server (protocol rest-server)
>  - AWS S3 (either from Amazon or using the Minio server)
>  - OpenStack Swift
>  - BackBlaze B2
>  - Microsoft Azure Blob Storage
>  - Google Cloud Storage
> 
> I also have a port for the "rest-server" backend - but I am waiting on a
> new release that will incude support for bcrypt'd password (so we can
> use htpasswd from base).
> 
> Clue sticks? OKs?

Looks like nice and simple tool. Thinking loud, what about pledging
restic when running as root and doing backup to not be able to write
files? A variation to

https://restic.readthedocs.io/en/latest/080_examples.html#backing-up-your-system-without-running-restic-as-root

Jiri

libqcow - qcowmount (fuse) does not work (VNDIOCSET: Permission denied)

[Jiri B]

Hi,

while investigating possibilities to access data inside qcow* images
on OpenBSD[1], I discovered libqcow's qcowmount does not work:

Flow below:

- info about qcow2 disk
- qcowmount the disk
- ls -l /mnt
- vnconfig
- chmod

Thank you for clarification.

[1] https://marc.info/?l=openbsd-misc=151872394819788=2

Jiri

# qemu-img info test.qcow2  


image: test.qcow2
file format: qcow2
virtual size: 20G (21474836480 bytes)
disk size: 2.8G
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: true
refcount bits: 16
corrupt: false

# qcowmount -X allow_root test.qcow2 /mnt 
qcowmount 20170222
# ps auxww | grep '[q]cowmount'
root 92331  0.0  0.0   448  1308 ??  Is10:33PM0:00.08 qcowmount -X 
allow_root test.qcow2 /mnt

# ls -la /mnt
total 12
dr-xr-xr-x   2 root  wheel0 Feb 15 22:34 .
drwxr-xr-x  14 root  wheel  512 Feb 14 11:42 ..
-r--r--r--   1 root  wheel  21474836480 Feb 15 22:34 qcow1
host1# file /mnt/qcow1  

 
/mnt/qcow1: x86 boot sector; partition 1: ID=0x83, active, starthead 32, 
startsector 2048, 1024000 sectors; partition 2: ID=0x8e, starthead 221, 
startsector 1026048, 40916992 sectors

# vnconfig vnd0 /mnt/qcow1  


vnconfig: VNDIOCSET: Permission denied

 23767 vnconfig 1518730964.047329 CALL  open(0x98e61332060,0)
 23767 vnconfig 1518730964.047336 NAMI  "/dev/rvnd0c"
 23767 vnconfig 1518730964.047348 RET   open 3
 23767 vnconfig 1518730964.047351 CALL  ioctl(3,VNDIOCSET,0x7f7c4f78)
 23767 vnconfig 1518730964.047358 NAMI  "/mnt/qcow1"
 23767 vnconfig 1518730964.047670 RET   ioctl -1 errno 13 Permission denied

# chmod 644 /mnt/qcow1  


chmod: /mnt/qcow1: Function not implemented

 11286 chmod1518729842.168399 CALL  
fstatat(AT_FDCWD,0x15cad2c79a78,0x15cad2c79a88,0<>)
 11286 chmod1518729842.168404 NAMI  "/mnt/qcow1"
 11286 chmod1518729842.168639 STRU  struct stat { dev=9729, ino=2, 
mode=-r--r--r-- , nlink=1, uid=0<"root">, gid=0<"wheel">, rdev=0, 
atime=1518729782<"Feb 15 22:23:02 2018">, mtime=1518729782<"Feb 15 22:23:02 
2018">, ctime=1518729782<"Feb 15 22:23:02 2018">, size=21474836480, blocks=4, 
blksize=512, flags=0x, gen=0x }
 11286 chmod1518729842.168644 RET   fstatat 0
 11286 chmod1518729842.168650 CALL  
open(0x15c896b351db,0x1)
 11286 chmod1518729842.168656 NAMI  "."
 11286 chmod1518729842.168661 RET   open 3
 11286 chmod1518729842.168667 CALL  fchdir(3)
 11286 chmod1518729842.168671 RET   fchdir 0
 11286 chmod1518729842.168675 CALL  
fchmodat(AT_FDCWD,0x15cb00fa3000,0100644,0<>)
 11286 chmod1518729842.168680 NAMI  "/mnt/qcow1"
 11286 chmod1518729842.168825 RET   fchmodat -1 errno 78 Function not 
implemented

Why it cannot get 'activated' with VNDIOCSET?
Is it because our FUSE does not have 'allow_root' option?

# sysctl kern.version ; pkg_info | grep libqcow 
kern.version=OpenBSD 6.2-current (GENERIC.MP) #6: Tue Feb 13 20:16:11 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

libqcow-20170222p0  library and tools to access the QEMU Copy-On-Write (QCOW)

[solved] Re: tor is stucked for couple of minutes [was Re: tor inside vmm, horribly slow?!]

[Jiri B]

On Tue, Feb 13, 2018 at 09:02:06PM +, Stuart Henderson wrote:
> On 2018/02/13 12:57, Jiri B wrote:
> > On Mon, Feb 12, 2018 at 10:02:52PM +0100, Thomas Weinbrenner wrote:
> > > Perhaps this has nothing to do with vmm.
> > 
> > I can confirm too that this Tor issue - being stucked for cca 2 minutes -
> > happens also on baremetal.
> > 
> > Thus moving from misc@ to ports@ as this is more appropriate, CC tor port
> > maintainer (sorry for multiple mails).
> > 
> > If anybody has a recommendation, please share it. Is it OpenBSD specific
> > problem?
> 
> Try a kernel built from source after 2018/02/11 14:53:57 (uipc_syscalls.c).

Thanks to all, with recent kernel everything works as expected.

...
Feb 14 11:54:19.000 [debug] circuit_consider_stop_edge_reading: considering 
layer_hint->package_window 941
^^ here it was stucked before...
Feb 14 11:54:19.000 [debug] connection_or_process_cells_from_inbuf: 4: 
starting, inbuf_datalen 0 (0 pending in tls object).
Feb 14 11:54:19.000 [debug] connection_bucket_refill_helper: global_read_bucket 
now 1073741824.
Feb 14 11:54:19.000 [debug] connection_bucket_refill_helper: 
or_conn->read_bucket now 1073741824.
Feb 14 11:54:19.000 [debug] circuit_remove_handled_ports: Port 443 is already 
being handled; removing.
Feb 14 11:54:20.000 [debug] circuit_remove_handled_ports: Port 443 is already 
being handled; removing.
...

kern.version=OpenBSD 6.2-current (GENERIC.MP) #6: Tue Feb 13 20:16:11 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Jiri

tor is stucked for couple of minutes [was Re: tor inside vmm, horribly slow?!]

[Jiri B]

On Mon, Feb 12, 2018 at 10:02:52PM +0100, Thomas Weinbrenner wrote:
> Perhaps this has nothing to do with vmm.

I can confirm too that this Tor issue - being stucked for cca 2 minutes -
happens also on baremetal.

Thus moving from misc@ to ports@ as this is more appropriate, CC tor port
maintainer (sorry for multiple mails).

If anybody has a recommendation, please share it. Is it OpenBSD specific
problem?

Not sure if Thomas findings below are relevant:

> [...]
> Since upgrading OpenBSD from
> 
> | OpenBSD 6.2-current (GENERIC.MP) #399: Fri Feb  2 18:28:58 MST 2018
> |dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> to
> 
> | OpenBSD 6.2-current (GENERIC.MP) #4: Sat Feb 10 18:04:19 MST 2018
> |dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> my tor server also has problems.
> 
> /var/log/daemon:
> | Feb 11 20:15:50 server Tor[54286]: Your system clock just jumped 115 
> seconds forward; assuming established circuits no longer work.
> | Feb 11 20:16:02 server Tor[54286]: Tor has successfully opened a circuit. 
> Looks like client functionality is working.
> | Feb 11 20:16:02 server Tor[54286]: Tor has successfully opened a circuit. 
> Looks like client functionality is working.
> | Feb 11 20:24:43 server Tor[54286]: Your system clock just jumped 299 
> seconds forward; assuming established circuits no longer work.
> | Feb 11 20:26:24 server Tor[54286]: tor_assertion_failed_: Bug: 
> src/or/channel.c:1503: channel_closed: Assertion CHANNEL_CONDEMNED(chan) 
> failed; aborting. (on Tor 0.3.2.9 9e8b762fcecfece6)
> | Feb 11 20:26:24 server Tor[54286]: Bug: Assertion CHANNEL_CONDEMNED(chan) 
> failed in channel_closed at src/or/channel.c:1503. (Stack trace not 
> available) (on Tor 0.3.2.9 9e8b762fcecfece6)

What I see is that lines with 'circuit_consider_stop_edge_reading: considering 
layer_hint->package_window '
are last ones before Tor gets stucked with tor-0.3.2.9p0.

# awk '/18:15:31.*circuit_consider_stop_edge_reading: considering 
layer_hint->package_window 99/ { print; getline; print }' 
/data/services/onion/archive/tor/logs/debug.log  
Feb 13 18:15:31.000 [debug] circuit_consider_stop_edge_reading: considering 
layer_hint->package_window 999
Feb 13 18:18:31.000 [debug] read_to_chunk: Read 596 bytes. 876 on inbuf.

^^ 3 mins now

An attempt to ktrace it:

...
 13589 tor  1518542131.362968 GIO   fd 6 wrote 95 bytes
   "Feb 13 18:15:31.000 [debug] connection_edge_package_raw_inbuf: 
conn->package_window is now 499
   "
 13589 tor  1518542131.362972 RET   write 95/0x5f
 13589 tor  1518542131.362981 CALL  gettimeofday(0x7f7bfa28,0)
 13589 tor  1518542131.362988 STRU  struct timeval { 1518542131<"Feb 13 
18:15:31 2018">.362985 }
 13589 tor  1518542131.363012 RET   gettimeofday 0
 13589 tor  1518542131.363020 CALL  write(6,0x7f7bfae0,0x6b)
 13589 tor  1518542131.363032 GIO   fd 6 wrote 107 bytes
   "Feb 13 18:15:31.000 [debug] circuit_consider_stop_edge_reading: 
considering layer_hint->package_window 999
   "
 13589 tor  1518542131.363044 RET   write 107/0x6b
 13589 tor  1518542131.363056 CALL  recvfrom(4,0x12664c160336,0x3cf6,0,0,0)

^^ see above timestamp, and below reply from httpd (18:18:31.372), this 
correspond to
   httpd.conf's 'connection request timeout 180'

   but when i tried to access either httpd or sshd (just test) locally, they 
work
   fine.

 13589 tor  1518542311.372642 GIO   fd 4 read 596 bytes
   "HTTP/1.0 408 Request Timeout\r
Date: Tue, 13 Feb 2018 17:18:31 GMT\r
Server: OpenBSD httpd\r
Connection: close\r
Content-Type: text/html\r
Content-Length: 439\r
\r




408 Request Timeout



408 Request Timeout

OpenBSD httpd


   "
 13589 tor  1518542311.372664 RET   recvfrom 596/0x254
 13589 tor  1518542311.372675 CALL  gettimeofday(0x7f7bfd28,0)
 13589 tor  1518542311.372685 STRU  struct timeval { 1518542311<"Feb 13 
18:18:31 2018">.372679 }

Jiri

Re: [NEW] net/onionshare

[Jiri B]

> > Attached is a port OnionShare (https://onionshare.org).  It requires
> > the net/stem python3 flavor patch I posted earlier.  Both GUI and CLI
> > have been lightly tested.
> > 
> > $ cat pkg/DESCR
> > Tool for sharing files of any size anonymously over the Tor public
> > anonymity network.
> > 
> > It works by starting a web server, making it accessible as a Tor onion
> > service, and generating an unguessable URL to access and download the
> > files. It doesn't require setting up a server on the internet somewhere
> > or using a third party file-sharing service. The file on your own
> > computer and use a Tor onion service to make it temporarily accessible
> > over the internet. The other user just needs to use Tor Browser to
> > download the file from you.
> 
> Ping w/updated port attached that depends on the newly renamed
> net/py-stem3.

OMG, again these...

-if not gui_mode or common.get_platform() == 'Linux':
+if not gui_mode or common.platform_is_unixy():

Is this piece of sw really good enough to be trusted by people who really
depend on anonymity and bad quality of such sw could cause them serious
personal consequences?

Why are those diffs not pushed upstream?

j.

Re: [wip] Firefox 57.0b4

[Jiri B]

On Mon, Oct 02, 2017 at 02:31:49PM +0200, Landry Breuil wrote:
> Hi,
> 
> of course not targeted for the upcoming 6.2 release, but firefox 57 will
> be quite a big change from 56, so testing is more than welcome.
> 
> https://www.mozilla.org/en-US/firefox/57.0beta/releasenotes/
> https://www.mozilla.org/en-US/firefox/quantum/
> https://hacks.mozilla.org/2017/09/firefox-quantum-developer-edition-fastest-firefox-ever/
> 
> etc etc - to note: non-webextensions addons (which are labelled
> 'legacy' in about:addons) will stop working with this version, you've
> been warned. A separate content process should be enabled by default,
> and thanks to semarie@'s help we managed to build and enable the new
> 'stylo' css rendering engine, written in rust.
> 
> So as usual, pull/update/rebuild from
> https://cgit.rhaalovely.net/mozilla-firefox/log/?h=beta
> 
> Or try the packages from https://packages.rhaalovely.net/
> 
> Landry

Wow, I can't now use silly bluejeans.com webrtc conference in
Firefox! Great work, thank you very much. It will decrease rebooting
my laptop to Linux now :-)

Jiri

Re: zbar, python module import core dumps

[Jiri B]

On Sat, Sep 30, 2017 at 01:00:11PM +1000, Jonathan Gray wrote:
> > # python2.7 -c 'import zbar'
> > Segmentation fault (core dumped)
> 
> Here is a patch from debian that seems to avoid the crash.
> I never used the python api back when I actually used zbar.

Thank you, works OK on amd64. Tested with qrtools[1] to decode
a sample QR code from internet.

[1] 
https://ralgozino.wordpress.com/2011/06/13/how-to-create-and-decode-a-qr-code-in-python-using-qrtools/

Jiri

zbar, python module import core dumps

[Jiri B]

Hi,

this simple things make python core dump. Anything more for this
issue report I could provide?

Jiri

# python2.7 -c 'import zbar'
Segmentation fault (core dumped)

# pkg_info | egrep '^(python-2|zbar)'
python-2.7.14   interpreted object-oriented programming language
zbar-0.10p16ZBar barcode reader

$ sysctl kern.version
kern.version=OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Thread 1 (process 469219):
#0  strlen () at /usr/src/lib/libc/arch/amd64/string/strlen.S:124
No locals.
#1  0x089fb71af88e in PyString_FromString (str=0x8 ) at Objects/stringobject.c:121
size = 9483253481056
op = (PyStringObject *) 0xfb33092845f4980d
#2  0x089fb71993c9 in PyDict_GetItemString (v=0x89ffdf555c8, key=0x8 
) at Objects/dictobject.c:2505
kv = (PyObject *) 0x89ffdf555c8
rv = (PyObject *) 0x89fdc72ab51
#3  0x089fb71cb65d in add_getset (type=0x89fdc82e698, gsp=0x89fdc82e698) at 
Objects/typeobject.c:3784
descr = (PyObject *) 0x89ffdf47e60
dict = (PyObject *) 0x89ffdf555c8
#4  0x089fb71c7576 in PyType_Ready (type=0x89fdc82e698) at 
Objects/typeobject.c:4203
dict = (PyObject *) 0x89ffdf555c8
bases = (PyObject *) 0x89ffdf48d50
base = (PyTypeObject *) 0x89fb755d7c0
i = 1
n = 1
#5  0x089fdc620d9d in initzbar () at python/zbarmodule.c:126
ei = 2208
mod = (PyObject *) 0x89fac44
dict = (PyObject *) 0x89fc86ee800
tp_dict = (PyObject *) 0x0
#6  0x089fb726a785 in _PyImport_LoadDynamicModule (name=0x89fac44b800 
"zbar", pathname=0x89fc86ee800 
"/usr/local/lib/python2.7/site-packages/zbar.so", fp=0x8a035d78760) at 
./Python/importdl.c:53
m = (PyObject *) 0x0
lastdot = 0x0
shortname = 0x89fac44b800 "zbar"
packagecontext = 0x0
oldcontext = 0x0
p = 0x89fdc620c70 
#7  0x089fb72663a0 in load_module (name=0x89fac44b800 "zbar", 
fp=0x8a035d78760, pathname=0x89fc86ee800 
"/usr/local/lib/python2.7/site-packages/zbar.so", type=3, loader=0x0) at 
Python/import.c:1937
modules = (PyObject *) 0x2
m = (PyObject *) 0x401
err = 0
#8  0x089fb7268081 in import_submodule (mod=0x89fb7557b58, 
subname=0x89fac44b800 "zbar", fullname=0x89fac44b800 "zbar") at 
Python/import.c:2725
buf = 0x89fc86ee800 "/usr/local/lib/python2.7/site-packages/zbar.so"
fp = (FILE *) 0x8a035d78760
path = (PyObject *) 0x0
loader = (PyObject *) 0x0
fdp = (struct filedescr *) 0x89f86855e80
modules = (PyObject *) 0x8a020ea9b40
m = (PyObject *) 0x0
#9  0x089fb72678bd in load_next (mod=0x89fb7557b58, altmod=0x89fb7557b58, 
p_name=0x7f7c4990, buf=0x89fac44b800 "zbar", p_buflen=0x7f7c4988) at 
Python/import.c:2539
name = 0x89ffdf53234 "zbar"
dot = 0x0
len = 4
p = 0x89fac44b800 "zbar"
result = (PyObject *) 0xabe4c180
#10 0x089fb72658e4 in import_module_level (name=0x0, globals=0x89f80530168, 
locals=0x89f80530168, fromlist=0x89fb7557b58, level=-1) at Python/import.c:2247
buf = 0x89fac44b800 "zbar"
buflen = 4
parent = (PyObject *) 0x89fb7557b58
head = (PyObject *) 0x89fb72940f0
next = (PyObject *) 0x7f7c4970
tail = (PyObject *) 0x0
#11 0x089fb726572a in PyImport_ImportModuleLevel (name=0x89ffdf53234 
"zbar", globals=0x89f80530168, locals=0x89f80530168, fromlist=0x89fb7557b58, 
level=-1) at Python/import.c:2312
result = (PyObject *) 0x0
#12 0x089fb722eb32 in builtin___import__ (self=0x0, args=0x89fba637cb0, 
kwds=0x0) at Python/bltinmodule.c:49
kwlist = 0x89fb756f210
name = 0x89ffdf53234 "zbar"
globals = (PyObject *) 0x89f80530168
locals = (PyObject *) 0x89f80530168
fromlist = (PyObject *) 0x89fb7557b58
level = -1
#13 0x089fb719f651 in PyCFunction_Call (func=0x8a020eadfc8, 
arg=0x89fba637cb0, kw=0x0) at Objects/methodobject.c:85
f = (PyCFunctionObject *) 0x8a020eadfc8
meth = 0x89fb722ea80 
self = (PyObject *) 0x0
size = 9483840078184
#14 0x089fb713ce07 in PyObject_Call (func=0x8a020eadfc8, arg=0x89fba637cb0, 
kw=0x0) at Objects/abstract.c:2547
result = (PyObject *) 0x7f7c4b50
call = 0x89fb719f590 
#15 0x089fb72448a0 in PyEval_CallObjectWithKeywords (func=0x8a020eadfc8, 
arg=0x89fba637cb0, kw=0x0) at Python/ceval.c:4226
result = (PyObject *) 0x89fba637cb0
#16 0x089fb7240cfb in PyEval_EvalFrameEx (f=0x8a020ea3c20, throwflag=0) at 
Python/ceval.c:2628
opcode_targets = 0x89fb756f320
exit = (PyObject *) 0x8a020e96e10
enter = (PyObject *) 0x8a020e96de0
stack_pointer = (PyObject **) 0x8a020ea3da0
next_instr = (unsigned char *) 0x89ffdf51a6d "Z"
opcode = 108
oparg = 0
why = WHY_NOT
err = 0
   

security/encfs problem - fusefs: access error 35

[Jiri B]

Hello,

I use encfs to share files on dual-boot laptop with Linux. The
partition is ext2. I get quite often encfs mount issues, it
becomes not available. Any tips how could I provide more info?

# pkg_info | grep encfs
encfs-1.9.2 fuse-based cryptographic filesystem

$ sysctl kern.version
kern.version=OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

# mount -v | grep fuse
fusefs on /home/jirib/share type fuse (rw, local, ctime=Fri Sep 29 20:07:02 
2017)

# rsync -av /home/jirib/share/ /home/jirib/
sending incremental file list
rsync: change_dir "/home/jirib/share" failed: Resource temporarily unavailable 
(35)

sent 20 bytes  received 12 bytes  3.05 bytes/sec
total size is 0  speedup is 0.00
rsync error: some files/attrs were not transferred (see previous errors) (code 
23) at main.c(1178) [sender=3.1.2]

# dmesg | grep fuse | tail -n1
fusefs: access error 35

The encfs process is still running and it is shown in mount output:

# ps auxww | grep '[e]ncfs'
root 80178  0.0  0.0  1740  1880 ??  TXs8:07PM0:00.00 encfs 
/home/jirib/.share /home/jirib/share

j.

Chromium with kerberos

[Jiri B]

Hi,

does OpenBSD chromium work with heimdal in ports?

I found following part in Chromium code
https://github.com/adobe/chromium/blob/master/net/net.gyp#L800
which makes me doubtful.

...
['use_kerberos==1', {
  'defines': [
'USE_KERBEROS',
  ],
  'conditions': [
['OS=="openbsd"', {
  'include_dirs': [
'/usr/include/kerberosV'
  ],
}],
...

And if it does work, do I have to put '--auth-server-whitelist=.example.com'
as cmd option?

j.

Re: [NEW] sshpass-1.06

[Jiri B]

On Mon, Apr 10, 2017 at 02:10:47PM +0200, Jeremie Courreges-Anglas wrote:
> 
> sshpass is useful when dealing hosts where you haven't installed keys
> yet, but you want to manage using tools like ansible.  Lightly tested
> using raw sshpass ssh and ansible -k -m ping.
> 
> ok?

Works fine for my ansible use case (tested on amd64 only).

j.

Squid alternative - Apache trafficserver on OpenBSD

[Jiri B]

Hello,

I see some Squid functionality a little bit annoying, eg. how to
list objects in cache without logs... So I've started to have a
look at Apache TrafficServer.

If anybody would be interested I submitted couple of bugs and there
is at least LibreSSL support now but the proxy can't do its work
right now yet.

http://trafficserver.apache.org/
https://github.com/apache/trafficserver/issues?utf8=%E2%9C%93=is%3Aissue%20is%3Aopen%20openbsd

I have a WIP port in my tree which BUILD_DEPENDS on luajit:configure,
is this valid way to have OpenBSD compatible luajit which trafficserver
could use? (They ship luajit src but I see OpenBSD luajit port has
couple of OpenBSD specific patches.)

j.

Re: NEW: graphics/pdfsandwich

[Jiri B]

On Fri, Jan 20, 2017 at 07:19:13PM +0100, Ingo Feinerer wrote:
> Hi,
> 
> please find attached a port for pdfsandwich,
> a tool to make "sandwich" OCR pdf files.
> 
> $ cat pkg/DESCR
> pdfsandwich generates "sandwich" OCR pdf files, i.e. pdf files which contain
> only images (no text) will be processed by optical character recognition (OCR)
> and the text will be added to each page invisibly "behind" the images.
> 
> pdfsandwich is a command line tool which is supposed to be useful to OCR
> scanned books or journals. It is able to recognize the page layout even for
> multicolumn text.
> 
> OK to import?
> 
> Best regards,
> Ingo

Hi,

I haven't tested pdfsandwich but I have WIP port for ocrmypdf, at least
python is more readable for me than ocalm :)

https://github.com/jbarlow83/OCRmyPDF

j.

[update] py-passlib to make Ansible encrypt passwords

[Jiri B]

Hi,

while playing with Ansible I saw an issue with password_hash('blowfish')
filter - it did not work[1], and I found py-passlib has newer version.

With py-passlib 1.7.0 I am able with little change in Ansible (22 chars
long salt) to make encrypted passwords using Blowfish on OpenBSD.

With old py-passlib I could not make passwords to have '2b' ident.

I did not test much, not enough skills here :/ There sure will be
some mistakes, sorry.

(My goal was just make Ansible do valid passwords encryption. Not sure
I follow good way.)

j.

[1] https://marc.info/?l=openbsd-ports=148482296414763=2

~~
--- /usr/local/lib/python2.7/site-packages/ansible/plugins/filter/core.py.orig  
Thu Jan 19 18:46:05 2017
+++ /usr/local/lib/python2.7/site-packages/ansible/plugins/filter/core.py   
Thu Jan 19 18:48:42 2017
@ -247,6 +247,8 @@ def get_encrypted_password(password, hashtype='sha512'
 r = SystemRandom()
 if hashtype in ['md5']:
 saltsize = 8
+elif hashtype in ['blowfish']:
+saltsize = 22
 else:
 saltsize = 16
 salt = ''.join([r.choice(string.ascii_letters + string.digits) for 
_ in range(saltsize)])
#
~~~

Diff:

~~~
Index: Makefile
===
RCS file: /cvs/ports/security/py-passlib/Makefile,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 Makefile
--- Makefile3 Jan 2017 19:26:14 -   1.8
+++ Makefile19 Jan 2017 17:49:35 -
@@ -2,10 +2,9 @@
 
 COMMENT =  Python module providing a password hashing framework
 
-MODPY_EGG_VERSION =1.6.5
+MODPY_EGG_VERSION =1.7.0
 DISTNAME = passlib-${MODPY_EGG_VERSION}
 PKGNAME =  py-passlib-${MODPY_EGG_VERSION}
-REVISION = 0
 
 CATEGORIES =   security
 
Index: distinfo
===
RCS file: /cvs/ports/security/py-passlib/distinfo,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 distinfo
--- distinfo15 Jan 2016 12:46:36 -  1.2
+++ distinfo19 Jan 2017 17:49:35 -
@@ -1,2 +1,2 @@
-SHA256 (passlib-1.6.5.tar.gz) = qD009T3JsXqkLJo1w/vMUSDz/LB/f4ch7EXmonvjR/w=
-SIZE (passlib-1.6.5.tar.gz) = 417044
+SHA256 (passlib-1.7.0.tar.gz) = C+T2BTNXxOu6VXigZfva11qERQHUxtkdSjoMFZTGq+0=
+SIZE (passlib-1.7.0.tar.gz) = 637909
Index: pkg/PLIST
===
RCS file: /cvs/ports/security/py-passlib/pkg/PLIST,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 PLIST
--- pkg/PLIST   13 May 2014 09:18:24 -  1.3
+++ pkg/PLIST   19 Jan 2017 17:49:35 -
@@ -1,11 +1,12 @@
 @comment $OpenBSD: PLIST,v 1.3 2014/05/13 09:18:24 sthen Exp $
 lib/python${MODPY_VERSION}/site-packages/passlib/
-lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/
-lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/PKG-INFO
-lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/SOURCES.txt
-lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/dependency_links.txt
-lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/top_level.txt
-lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/zip-safe
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/PKG-INFO
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/SOURCES.txt
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/dependency_links.txt
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/requires.txt
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/top_level.txt
+lib/python${MODPY_VERSION}/site-packages/passlib-${MODPY_EGG_VERSION}.post20170119181752-py${MODPY_VERSION}.egg-info/zip-safe
 lib/python${MODPY_VERSION}/site-packages/passlib/__init__.py
 
${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}/
 
lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc
@@ -16,8 +17,16 @@ lib/python${MODPY_VERSION}/site-packages
 
lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}hash.${MODPY_PYC_MAGIC_TAG}pyc
 
lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}hosts.${MODPY_PYC_MAGIC_TAG}pyc
 
lib/python${MODPY_VERSION}/site-packages/passlib/${MODPY_PYCACHE}ifc.${MODPY_PYC_MAGIC_TAG}pyc

Re: ansible and encrypting passwords using Blowfish hashing

[Jiri B]

I managed to create this workaround (but there's seem to be an issue
with 'register' and 'changed_when' in OpenBSD specific 'user' module
task). It pre-encrypts passwords via preceding task.

Any comments?

j.

~~~
---
- name: Testing adding users on OpenBSD and Linux with vault
  hosts: all
  become: True
  vars_files:
- secret.yml
  tasks:
- name: Pre-encrypt passwords using Blowfish hashing
  command: encrypt -b a {{ item.password }}
  with_items: "{{ users }}"
  register: encpassword
  no_log: True
  changed_when: "encpassword.rc != 0"
  when: ansible_distribution == "OpenBSD"
  tags: openbsd

#- debug: var=encpassword
#- debug: msg="item.item.name={{item.item.name}}, 
item.stdout={{item.stdout}}"
#  with_items: "{{encpassword.results}}"

- name: Create users from secret.yml on OpenBSD
  user:
name: "{{ item.item.name }}"
comment: "{{ item.item.name }} (ansible managed)"
password: "{{ item.stdout }}"
  with_items: "{{ encpassword.results }}"
  when: ansible_distribution == "OpenBSD"
  no_log: True
# XXX bug?
#  register: createusers
#  changed_when: "createusers.rc != 0"
  tags: openbsd

- name: Create users from secret.yml
  user:
name: "{{ item.name }}"
comment: "{{ item.name }} (ansible managed)"
password: "{{ item.password | password_hash('sha512') }}"
  no_log: True
  with_items: "{{ users }}"
  when: ansible_distribution != "OpenBSD"
  tags: linux
~~~

~~~
$ ansible-playbook -i inventory --ask-vault-pass -l test_host test.yml 
Vault password:

PLAY [Testing adding users on OpenBSD and Linux with vault] 

TASK [setup] ***
ok: [192.168.2.1]

TASK [Pre-encrypt passwords using Blowfish hashing] 
ok: [192.168.2.1] => (item=(censored due to no_log))
ok: [192.168.2.1] => (item=(censored due to no_log))

TASK [Create users from secret.yml on OpenBSD] *
changed: [192.168.2.1] => (item=(censored due to no_log))
changed: [192.168.2.1] => (item=(censored due to no_log))

TASK [Create users from secret.yml] 
skipping: [192.168.2.1] => (item=(censored due to no_log))
skipping: [192.168.2.1] => (item=(censored due to no_log))

PLAY RECAP *
192.168.2.1: ok=3changed=1unreachable=0failed=0
~~~

ansible and encrypting passwords using Blowfish hashing

[Jiri B]

Hi,

how do you encrypt passwords using Blowfish hashing in Ansible?

hash('blowfish') filter does nothing for me, ie. an user ends
with empty password in /etc/master.passwd.

password('blowfish') filter fails:

~~~
TASK [Create users from secret.yml] 
fatal: [192.168.2.1]: FAILED! => {"failed": true, "msg": "the field 'args' has 
an invalid value ([]), and could not be converted to an dict. Error was: salt 
too small (bcrypt requires exactly 22 chars)\n\nThe error appears to have been 
in '/home/jirib/ansible/test.yml': line 11, column 7, but may\nbe elsewhere in 
the file depending on the exact syntax problem.\n\nThe offending line appears 
to be:\n\n  tasks:\n- name: Create users from secret.yml\n  ^ here\n"}
to retry, use: --limit @/home/jirib/ansible/test.retry
~~~

Thank you for tips.

j.

PS: I could use `encrypt' to encrypt all password used in Ansible
but it seems little bit uncomfortable.

help with porting luaffifb

[Jiri B]

Hi,

I know nothing about lua but it would be nice if anybody could
have a look a help to finish luaffi(fb).

Whole story: I wanted to try weechat-matrix-protocol-script[1] but it needs
luaffi[2] to use OML[3]...

"Matrix is an open standard for decentralised communication, providing
simple HTTP APIs and open source reference implementations for
securely distributing and persisting JSON over an open federation of
servers."[4]

j.

[1] https://github.com/torhve/weechat-matrix-protocol-script
[2] https://github.com/facebook/luaffifb
[3] https://matrix.org/git/olm/
[4] http://matrix.org/


luaffifb.tar.gz
Description: application/tar-gz

newer phantomjs anybody?

[Jiri B]

Hi,

has anybody newer phantomjs or at least a WIP port?

I discovered an accessibility testing tool[1] which I would
like to try but it needs phantomjs 2.x :/

j.

[1] http://pa11y.org/

Re: Let's remove sysutils/lsof

[Jiri B]

On Thu, Dec 01, 2016 at 07:49:22AM -0500, Jiri B wrote:
> > lsof is a problem.  It is tightly coupled to the base system, enough to
> > require /usr/src/sys checked out to be able to build it.  This means
> > that it breaks quite frequently:
> 
> Correcting Pascal's mail...

LOL, .co != .com :) Stupid me!

> IMO lsof is used because BSD' netstat
> doesn't show PID of a process with open sockets. fstat could be
> used with little filter effort.
> 
> j.

Re: Let's remove sysutils/lsof

[Jiri B]

> lsof is a problem.  It is tightly coupled to the base system, enough to
> require /usr/src/sys checked out to be able to build it.  This means
> that it breaks quite frequently:

Correcting Pascal's mail... IMO lsof is used because BSD' netstat
doesn't show PID of a process with open sockets. fstat could be
used with little filter effort.

j.

[UPDATE] virt-viewer + libgovirt

[Jiri B]

Hi,

I work with oVirt everyday and thus I find handy to have
'change cd' feature inside remote-viewer. See attached
screenshot (it shows 'foreign menu' inside remote-viewer).

It needs new lib, attached as well.

I would be happy if you would consider it for import,
I could take care of libgovirt if needed.

(Tested only on amd64, I have no access to other platforms.)

j.

Index: Makefile
===
RCS file: /cvs/ports/x11/virt-viewer/Makefile,v
retrieving revision 1.28
diff -u -p -r1.28 Makefile
--- Makefile8 Nov 2016 14:38:55 -   1.28
+++ Makefile16 Nov 2016 18:17:07 -
@@ -5,7 +5,7 @@ BROKEN-hppa=build stuck on virt-viewer-
 
 DISTNAME=  virt-viewer-4.0
 CATEGORIES=x11
-REVISION=  1
+REVISION=  2
 
 MAINTAINER=Jasper Lievisse Adriaanse 
 
@@ -19,23 +19,25 @@ WANTLIB += Xfixes Xi Xinerama Xrandr Xre
 WANTLIB += atspi avahi-client avahi-common c cairo cairo-gobject crypto
 WANTLIB += curl dbus-1 epoxy execinfo expat ffi fontconfig freetype
 WANTLIB += gcrypt gdbm gdk-3 gdk_pixbuf-2.0 gio-2.0 glib-2.0 gmodule-2.0
-WANTLIB += gmp gnutls gobject-2.0 gpg-error graphite2 gstapp-1.0
+WANTLIB += gmp gnutls gobject-2.0 govirt gpg-error graphite2 gstapp-1.0
 WANTLIB += gstaudio-1.0 gstbase-1.0 gstreamer-1.0 gsttag-1.0
 WANTLIB += gstvideo-1.0 gthread-2.0 gtk-3 gtk-vnc-2.0 gvnc-1.0 harfbuzz
 WANTLIB += hogweed idn jpeg json-c lz4 lzma m nettle nghttp2 ogg opus
 WANTLIB += orc-0.4 p11-kit pango-1.0 pangocairo-1.0 pangoft2-1.0 pcre
 WANTLIB += pixman-1 png pthread pthread-stubs pulse pulse-mainloop-glib
-WANTLIB += sasl2 sndfile spice-client-glib-2.0 spice-client-gtk-3.0
-WANTLIB += spice-controller ssh2 ssl tasn1 util virt virt-glib-1.0
-WANTLIB += vorbis vorbisenc xcb xcb-render xcb-shm xml2 z
+WANTLIB += rest-0.7 sasl2 sndfile soup-2.4 soup-gnome-2.4 spice-client-glib-2.0
+WANTLIB += spice-client-gtk-3.0 spice-controller sqlite3 ssh2 ssl tasn1 util
+WANTLIB += virt virt-glib-1.0 vorbis vorbisenc xcb xcb-render xcb-shm xml2 z
 
 MASTER_SITES=  http://virt-manager.org/download/sources/virt-viewer/
 
 USE_GMAKE= Yes
 
-LIB_DEPENDS=   devel/libvirt-glib \
+LIB_DEPENDS=   devel/gettext \
+   devel/libvirt-glib \
x11/gtk-vnc \
-   x11/spice-gtk>=0.30
+   x11/spice-gtk>=0.30 \
+   net/libgovirt
 RUN_DEPENDS=   devel/desktop-file-utils \
x11/gtk+3,-guic \
misc/shared-mime-info

Re: [UPDATE] print/unpaper

[Jiri B]

On Wed, Nov 09, 2016 at 05:14:01PM +0100, Antoine Jacoutot wrote:
> New diff.

Nice, thanks!

It's strange I get failure for all F* and G* tests.

j.

~~~
===
   unpaper 6.1: ./test-suite.log
===

# TOTAL: 19
# PASS:  13
# SKIP:  0
# XFAIL: 1
# FAIL:  5
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: tests/runtestF1.sh


[F1] Merging 2-page layout into single output page (with input and output 
wildcard).
+ rm -f tests/resultsF11.pbm
+ ./unpaper --end-sheet 1 -v --layout double --input-pages 2 
./tests/imgsrcE%03d.png tests/resultsF1%d.pbm
[image2 @ 0x1467617a6800] Encoder did not produce proper pts, making some up.
unpaper 6.1
License GPLv2: GNU GPL version 2.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

---
Processing sheet #1: ./tests/imgsrcE001.png, ./tests/imgsrcE002.png -> 
tests/resultsF11.pbm
input-files for sheet 1: ./tests/imgsrcE001.png, ./tests/imgsrcE002.png
output-file for sheet 1: tests/resultsF11.pbm
sheet size: 7014x2480
...
noise-filter ... deleted 345 clusters.
blur-filter... deleted 0 pixels.
auto-masking (1753,1240): 0,0,3506,2479 (invalid detection, using full page 
size)
auto-masking (5261,1240): 3508,0,7014,2479 (invalid detection, using full page 
size)
gray-filter... deleted 24840220 pixels.
auto-masking (1753,1240): 0,0,3506,2479 (invalid detection, using full page 
size)
auto-masking (5261,1240): 3508,0,7014,2479 (invalid detection, using full page 
size)
detected rotation left: [0,0,3506,2479]: 0.013963
detected rotation right: [0,0,3506,2479]: -0.045379
rotation average: -0.015708  deviation: 0.041961  rotation-scan-deviation 
(maximum): 0.017453  [0,0,3506,2479]
out of deviation range - NO ROTATING
rotate (1753,1240): 0.00
detected rotation left: [3508,0,7014,2479]: 0.013963
detected rotation right: [3508,0,7014,2479]: -0.045379
rotation average: -0.015708  deviation: 0.041961  rotation-scan-deviation 
(maximum): 0.017453  [3508,0,7014,2479]
out of deviation range - NO ROTATING
rotate (5261,1240): 0.00
auto-masking (1753,1240): 0,0,3506,2479 (invalid detection, using full page 
size)
auto-masking (5261,1240): 3508,0,7014,2479 (invalid detection, using full page 
size)
centering mask [0,0,3506,2479] (1753,1240): 0, 0
centering mask [3508,0,7014,2479] (5261,1240): 0, 0 - NO CENTERING (would shift 
area outside visible image)
border detected: (0,110,3507,71) in [0,0,3507,2479]
border detected: (3507,110,1,71) in [3507,0,7013,2479]
aligning mask [0,110,3506,2408] (0,90): 0, -20
aligning mask [3507,110,7012,2408] (3507,90): 0, -20
writing output.
+ [ -f tests/resultsF11.pbm ]
+ md5sum -c -
+ << EOF 
tests/resultsF11.pbm: FAILED
md5sum: WARNING: 1 computed checksum did NOT match

FAIL: tests/runtestF2.sh


[F2] Merging 2-page layout into single output page (with output wildcard only).
+ rm -f tests/resultsF21.pbm
+ ./unpaper -v --layout double --input-pages 2 ./tests/imgsrcE001.png 
./tests/imgsrcE002.png tests/resultsF2%d.pbm
[image2 @ 0x1166a8bba000] Encoder did not produce proper pts, making some up.
unpaper 6.1
License GPLv2: GNU GPL version 2.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

---
Processing sheet #1: ./tests/imgsrcE001.png, ./tests/imgsrcE002.png -> 
tests/resultsF21.pbm
input-files for sheet 1: ./tests/imgsrcE001.png, ./tests/imgsrcE002.png
output-file for sheet 1: tests/resultsF21.pbm
sheet size: 7014x2480
...
noise-filter ... deleted 345 clusters.
blur-filter... deleted 0 pixels.
auto-masking (1753,1240): 0,0,3506,2479 (invalid detection, using full page 
size)
auto-masking (5261,1240): 3508,0,7014,2479 (invalid detection, using full page 
size)
gray-filter... deleted 24840220 pixels.
auto-masking (1753,1240): 0,0,3506,2479 (invalid detection, using full page 
size)
auto-masking (5261,1240): 3508,0,7014,2479 (invalid detection, using full page 
size)
detected rotation left: [0,0,3506,2479]: 0.013963
detected rotation right: [0,0,3506,2479]: -0.045379
rotation average: -0.015708  deviation: 0.041961  rotation-scan-deviation 
(maximum): 0.017453  [0,0,3506,2479]
out of deviation range - NO ROTATING
rotate (1753,1240): 0.00
detected rotation left: [3508,0,7014,2479]: 0.013963
detected rotation right: [3508,0,7014,2479]: -0.045379
rotation average: -0.015708  deviation: 0.041961  rotation-scan-deviation 
(maximum): 0.017453  [3508,0,7014,2479]
out of deviation range - NO ROTATING
rotate (5261,1240): 0.00
auto-masking (1753,1240): 0,0,3506,2479 (invalid detection, using full page 
size)
auto-masking (5261,1240): 3508,0,7014,2479 (invalid detection, using full page 
size)
centering mask [0,0,3506,2479] (1753,1240): 0, 0
centering mask 

[UPDATE] print/unpaper

[Jiri B]

Hi,

an update of unpaper, it needs now libav which is part of ffmpeg.

I tooks diffs from pkgsrc who use ffmpeg and not libav directly.
I can't comment those diff but it works for me on amd64.

I removed README as it was useless anyway and new doc files are
markdown-based so I did not include them.

I'v tried my best ;)

j.

Index: Makefile
===
RCS file: /cvs/ports/print/unpaper/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- Makefile10 May 2014 07:42:47 -  1.4
+++ Makefile8 Nov 2016 23:52:18 -
@@ -2,31 +2,29 @@
 
 COMMENT=   post-processing tool for scanned paper sheets
 
-DISTNAME=  unpaper-0.3
+DISTNAME=  unpaper-6.1
 
 CATEGORIES=print graphics
 
-HOMEPAGE=  http://unpaper.berlios.de/
+HOMEPAGE=  https://github.com/Flameeyes/unpaper
 
 MAINTAINER=Antoine Jacoutot 
 
 # GPLv2
 PERMIT_PACKAGE_CDROM=  Yes
 
-WANTLIB += c m
+WANTLIB += avcodec avformat avutil c m
 
-MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=unpaper/}
+MASTER_SITES=  https://www.flameeyes.eu/files/
 
 NO_TEST=   Yes
+EXTRACT_SUFX=  .tar.xz
 
-do-build:
-   cd ${WRKSRC} && \
-   ${CC} ${CFLAGS} -lm -o unpaper src/unpaper.c
+CONFIGURE_STYLE=   gnu
+LIB_DEPENDS=   graphics/ffmpeg
 
 do-install:
${INSTALL_PROGRAM} ${WRKBUILD}/unpaper ${PREFIX}/bin
-   ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/unpaper
-   ${INSTALL_DATA} ${WRKSRC}/README \
-   ${PREFIX}/share/doc/unpaper
+   ${INSTALL_MAN} ${WRKBUILD}/unpaper.1 ${PREFIX}/man/man1/unpaper.1
 
 .include 
Index: distinfo
===
RCS file: /cvs/ports/print/unpaper/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo18 Jan 2015 03:14:58 -  1.2
+++ distinfo8 Nov 2016 23:52:18 -
@@ -1,2 +1,2 @@
-SHA256 (unpaper-0.3.tar.gz) = NDNmQECUK/djiUbiMn5cZBGcYA/eis6Rj0cQn6+95b4=
-SIZE (unpaper-0.3.tar.gz) = 546488
+SHA256 (unpaper-6.1.tar.xz) = I3yE9dpUSz93CYJ/nxLDfDRs3wKbESj7RjP5uvpcuTA=
+SIZE (unpaper-6.1.tar.xz) = 2655724
Index: patches/patch-file_c
===
RCS file: patches/patch-file_c
diff -N patches/patch-file_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-file_c8 Nov 2016 23:52:18 -
@@ -0,0 +1,92 @@
+$OpenBSD$
+
+From pkgsrc-wip
+
+--- file.c.origSun Oct 26 23:35:38 2014
 file.c Tue Nov  8 20:13:38 2016
+@@ -105,7 +105,7 @@ void loadImage(const char *filename, AVFrame **image) 
+ case AV_PIX_FMT_RGB24:
+ case AV_PIX_FMT_MONOBLACK:
+ case AV_PIX_FMT_MONOWHITE:
+-*image = frame;
++*image = av_frame_clone(frame);
+ break;
+ 
+ case AV_PIX_FMT_PAL8:
+@@ -123,6 +123,10 @@ void loadImage(const char *filename, AVFrame **image) 
+ default:
+ errOutput("unable to open file %s: unsupported pixel format", 
filename);
+ }
++
++avcodec_close(avctx);
++av_free(avctx);
++avformat_close_input();
+ }
+ 
+ 
+@@ -134,13 +138,14 @@ void loadImage(const char *filename, AVFrame **image) 
+  * @param type filetype of the image to save
+  * @return true on success, false on failure
+  */
+-void saveImage(char *filename, AVFrame *image, int outputPixFmt) {
++void saveImage(char *filename, AVFrame *input, int outputPixFmt) {
+ AVOutputFormat *fmt = NULL;
+ enum AVCodecID output_codec = -1;
+ AVCodec *codec;
+ AVFormatContext *out_ctx;
+ AVCodecContext *codec_ctx;
+ AVStream *video_st;
++AVFrame *output = input;
+ int ret;
+ char errbuff[1024];
+ 
+@@ -174,13 +179,11 @@ void saveImage(char *filename, AVFrame *image, int out
+ break;
+ }
+ 
+-if ( image->format != outputPixFmt ) {
+-AVFrame *output;
+-initImage(, image->width, image->height,
++if ( input->format != outputPixFmt ) {
++initImage(, input->width, input->height,
+   outputPixFmt, -1);
+-copyImageArea(0, 0, image->width, image->height,
+-  image, 0, 0, output);
+-image = output;
++copyImageArea(0, 0, input->width, input->height,
++  input, 0, 0, output);
+ }
+ 
+ codec = avcodec_find_encoder(output_codec);
+@@ -194,9 +197,9 @@ void saveImage(char *filename, AVFrame *image, int out
+ }
+ 
+ codec_ctx = video_st->codec;
+-codec_ctx->width = image->width;
+-codec_ctx->height = image->height;
+-codec_ctx->pix_fmt = image->format;
++codec_ctx->width = output->width;
++codec_ctx->height = output->height;
++codec_ctx->pix_fmt = output->format;
+ video_st->time_base.den = codec_ctx->time_base.den = 1;
+ video_st->time_base.num = codec_ctx->time_base.num = 1;
+ 
+@@ -221,7 +224,7 @@ void saveImage(char *filename, AVFrame *image, int out
+ av_init_packet();
+ 
+ /* encode the image */
+-

Re: Building electron on OpenBSD

[Jiri B]

On Wed, Nov 02, 2016 at 06:46:30PM -0500, Ax0n wrote:
> [..]
> Electron:
> https://github.com/electron/electron/
> 
> "Build Instructions":
> https://github.com/electron/electron/blob/master/docs/development/build-instructions-linux.md
> 
> I am not a developer. At best, I'm an excited end-user that's got a lot of
> sysadmin experience. I can apply patches to programs, compile basic stuff
> if the Makefiles aren't totally hosed, and maybe sometimes tweak code a
> bit, but this stuff really isn't my strong suit at all. I can sometimes get
> things to work. This isn't one of them. Anyone have some pointers for me?
> Would ports@ be a better place for this?

IIUC the problem is nw.js (aka node-webkit) which is only for Mac, Linux and
Windows. Even FreeBSD users are out of luck.

ports@ is better place for this.

j.

Re: krb5-config --libs (was: Re: building curl with gssapi disables ssl)

[Jiri B]

On Tue, Nov 01, 2016 at 03:52:00PM -0400, Jiri B wrote:
> With the path and my original path I was able to build curl with
> gssapi and ssl:
> 
> $ curl -V
> curl 7.50.3 (x86_64-unknown-openbsd6.0) libcurl/7.50.3 LibreSSL/2.0.0 
> zlib/1.2.3 libidn/1.33 nghttp2/1.16.0
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp 
> smb smbs smtp smtps telnet tftp
> Features: IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz 
> HTTP2 UnixSockets
> 
> Although I still have some issues to tested in our krb env.

It works! I tried this:

$ /usr/local/heimdal/bin/klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: us...@freeipa.example.com

  IssuedExpires   Principal
  Nov  2 09:34:33 2016  Nov  2 19:34:32 2016  
krbtgt/freeipa.example@freeipa.example.com
  
$ ktrace -id -s -i --negotiate -u : -k -o /dev/stdout 
'https://freeipa.example.com/ipa/session/login_kerberos'
HTTP/1.1 401 Authorization Required
Date: Wed, 02 Nov 2016 08:55:05 GMT
Server: Apache/2.2.15 (Red Hat)
WWW-Authenticate: Negotiate
Last-Modified: Mon, 30 Sep 2013 07:42:36 GMT
ETag: "42861-55a-4e794fad0b300"
Accept-Ranges: bytes
Content-Length: 1370
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.1 200 Success
Date: Wed, 02 Nov 2016 08:55:05 GMT
Server: Apache/2.2.15 (Red Hat)
WWW-Authenticate: Negotiate 
oYG3MIG0oAMKAQChCwYJKoZIhvcSAQICooGfBIGcYIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRvqXPDfDMQnVv2+pETxGhlwlV1Mgt4egOd3Nuop3MhXl1BBj0uGU1UFR3U9gW7Qr05t+QTMVRAHa9WdngUCtq\
Df1mrpbAa3dV5IRhkeYPUZJ8urbb+uFZlxUYKrxeJtmk3w5Q2BW1zyxeeIeFAvGLU
Set-Cookie: ipa_session=92bde3376fcfa1df563d82e8869920c4; 
Domain=freeipa.example.com; Path=/ipa; Expires=Wed, 02 Nov 2016 09:15:05 GMT; 
Secure; HttpOnly
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

$ kdump | egrep -B 1 'RET.*open [0-9]+' | grep NAMI | awk '$NF ~ /krb/ { print 
$NF }' | sort | uniq
"/etc/heimdal/krb5.conf"
"/home/jirib/.krb5/config"
"/tmp/krb5cc_1000"
"/usr/local/heimdal/lib/libkrb5.so.21.1"

Voila, thx!

Will this go in?

j.

Re: krb5-config --libs (was: Re: building curl with gssapi disables ssl)

[Jiri B]

On Tue, Nov 01, 2016 at 10:30:22AM +0100, Jeremie Courreges-Anglas wrote:
> Using only your diff I can't get gssapi detected.  I suspect you have
> local changes somewhere, perhaps in krb5-config?

Could it be caused by shlib_dirs="/usr/local/heimdal/lib" in my rc.conf.local?

> Using the following heimdal diff, I have curl detect both gssapi and
> libssl.
> 
> - krb5-config --libs should pass -R/usr/local/heimdal/libs to help ld.so
>   find heimdal libs at runtime
> - krb5-config --libs should pass -L/usr/local/lib because that's where
>   libcom_err is.  If we add only -R/usr/local/heimdal/lib, later tests
>   for functions in libcrypto/libssl fail because libcom_err isn't in the
>   library search path.
> 
> Robert, any opinion regarding the following patch?

With the path and my original path I was able to build curl with
gssapi and ssl:

$ curl -V
curl 7.50.3 (x86_64-unknown-openbsd6.0) libcurl/7.50.3 LibreSSL/2.0.0 
zlib/1.2.3 libidn/1.33 nghttp2/1.16.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb 
smbs smtp smtps telnet tftp
Features: IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz 
HTTP2 UnixSockets

Although I still have some issues to tested in our krb env.

Thanks!

j.


> Index: Makefile
> ===
> RCS file: /d/cvs/ports/security/heimdal/Makefile,v
> retrieving revision 1.17
> diff -u -p -r1.17 Makefile
> --- Makefile  11 Mar 2016 20:28:30 -  1.17
> +++ Makefile  1 Nov 2016 02:12:38 -
> @@ -12,7 +12,7 @@ PKGNAME-devel-docs= heimdal-devel-docs-$
>  PKGNAME-libs=heimdal-libs-${V}
>  
>  REVISION-main=   1
> -REVISION-libs=   0
> +REVISION-libs=   1
>  
>  CATEGORIES=  security net
>  
> @@ -132,6 +132,9 @@ RM_MAN=   man1/afslog.1 \
>   man8/ftpd.8 \
>   man8/kxd.8 \
>   man8/push.8
> +
> +post-patch:
> + sed -i 's,%%LOCALBASE%%,${LOCALBASE},g' ${WRKSRC}/tools/krb5-config.in
>  
>  post-install:
>   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/heimdal
> Index: patches/patch-tools_krb5-config_in
> ===
> RCS file: patches/patch-tools_krb5-config_in
> diff -N patches/patch-tools_krb5-config_in
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-tools_krb5-config_in1 Nov 2016 02:49:49 -
> @@ -0,0 +1,16 @@
> +$OpenBSD$
> +
> +- help ld.so(1) find libs out of its default search path
> +- help ld(1) find libcom_err in ${LOCALBASE}
> +
> +--- tools/krb5-config.in.origTue Nov  1 02:23:30 2016
>  tools/krb5-config.in Tue Nov  1 02:23:53 2016
> +@@ -120,7 +120,7 @@ if test "$print_exec_prefix" = "yes"; then
> + fi
> + 
> + if test "$do_libs" = "yes"; then
> +-lib_flags="-L${libdir}"
> ++lib_flags="-L${libdir} -R${libdir} -L%%LOCALBASE%%/lib"
> + case $library in
> + gssapi)
> + lib_flags="$lib_flags -lgssapi -lheimntlm"
> 
> 
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
> 

Re: building curl with gssapi disables ssl

[Jiri B]

On Thu, Oct 27, 2016 at 10:31:04AM -0400, William Leuschner wrote:
> >   SSL support:  no  
> > (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
> 
> Have you tried adding "--with-ssl" to CONFIGURE_ARGS?
> 
> - William

Hi,

yes, I did.

j.

$ env FLAVOR=gssapi make show=CONFIGURE_ARGS
--with-ca-bundle=/etc/ssl/cert.pem  --with-libidn=/usr/local  --without-libpsl  
--without-libssh2 --with-ssl --with-gssapi=/usr/local/heimdal 
--prefix='/usr/local' --sysconfdir='/etc' --mandir='/usr/local/man' 
--infodir='/usr/local/info' --localstatedir='/var' --disable-silent-rules 
--disable-gtk-doc

jirib:/home/jirib/cvs/openbsd-ports/net/curl
$ env FLAVOR=gssapi make configure 2>&1 | grep Protocols:
  Protocols:DICT FILE FTP GOPHER HTTP IMAP POP3 RTSP SMTP TELNET TFTP

building curl with gssapi disables ssl

[Jiri B]

Hi,

after openldap got gssapi flavor I've decided to try gssapi for our
curl as I would benefit from it everyday at work.

But configuring curl with gssapi it does by some miracle disables
ssl :/

Any idea? (Building curl without gssapi of course keeps ssl option
enabled.)

j.

Index: Makefile
===
RCS file: /cvs/ports/net/curl/Makefile,v
retrieving revision 1.120
diff -u -p -r1.120 Makefile
--- Makefile17 Sep 2016 19:34:35 -  1.120
+++ Makefile27 Oct 2016 11:49:22 -
@@ -37,6 +37,16 @@ CONFIGURE_ENV+= \
 curl_cv_func_send_args="int,const void *,size_t,int,ssize_t" \
 curl_cv_func_getnameinfo_args="const struct sockaddr 
*,socklen_t,size_t,int"
 
+FLAVOR ?=
+FLAVORS =  gssapi
+
+.if ${FLAVOR:Mgssapi}
+CONFIGURE_ARGS +=  --with-ssl --with-gssapi=${LOCALBASE}/heimdal
+WANTLIB += ${MODHEIMDAL_WANTLIB}
+LIB_DEPENDS += ${MODHEIMDAL_LIB_DEPENDS}
+MODULES += security/heimdal
+.endif
+
 # Note:
 # use ulimit -p 256 for test


===> curl-7.50.3-gssapi depends on: xz-* -> xz-5.2.2p0
===> curl-7.50.3-gssapi depends on: gettext-* -> gettext-0.19.8.1
===> curl-7.50.3-gssapi depends on: libidn-* -> libidn-1.33
===> curl-7.50.3-gssapi depends on: nghttp2-* -> nghttp2-1.16.0
===> curl-7.50.3-gssapi depends on: heimdal-libs-* -> heimdal-libs-1.5.3p0
===>  Verifying specs:  c crypto iconv idn intl nghttp2 ssl z heimdal/lib/asn1 
heimdal/lib/heimbase heimdal/lib/hx509 heimdal/lib/krb5 heimdal/lib/roken 
heimdal/lib/wind heimdal/lib/asn1 heimdal/lib/heimbase heimdal/lib/hx509 
heimdal/lib/krb5 heimdal/lib/roken heimdal/lib/wind
===>  found c.89.2 crypto.38.1 iconv.6.0 idn.17.2 intl.6.0 nghttp2.0.9 ssl.39.1 
z.5.0 heimdal/lib/asn1.21.1 heimdal/lib/heimbase.1.1 heimdal/lib/hx509.0.1 
heimdal/lib/krb5.21.1 heimdal/lib/roken.2.1 heimdal/lib/wind.2.1
===>  Checking files for curl-7.50.3-gssapi
`/home/jirib/cvs/openbsd-ports/distfiles/curl-7.50.3.tar.lzma' is up to date.
>> (SHA256) curl-7.50.3.tar.lzma: OK
===>  Extracting for curl-7.50.3-gssapi
===>  Patching for curl-7.50.3-gssapi
===>  Configuring for curl-7.50.3-gssapi
Using /home/jirib/openbsd/pobj/curl-7.50.3-gssapi/config.site (generated)
configure: loading site script 
/home/jirib/openbsd/pobj/curl-7.50.3-gssapi/config.site
checking whether to enable maintainer-specific portions of Makefiles... no
checking whether make supports nested variables... yes
checking whether to enable debug build options... no
checking whether to enable compiler optimizer... (assumed) yes
checking whether to enable strict compiler warnings... no
checking whether to enable compiler warnings as errors... no
checking whether to enable curl debug memory tracking... no
checking whether to enable hiding of library internal symbols... yes
checking whether to enable c-ares for DNS lookups... no
checking whether to disable dependency on -lrt... (assumed no)
checking for path separator... :
checking for grep... (cached) /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ar... /usr/bin/ar
checking for a BSD-compatible install... 
/home/jirib/openbsd/pobj/curl-7.50.3-gssapi/bin/install -c 
checking for gcc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... (cached) o
checking whether we are using the GNU C compiler... (cached) yes
checking whether cc accepts -g... (cached) yes
checking for cc option to accept ISO C89... none needed
checking whether cc understands -c and -o together... yes
checking how to run the C preprocessor... cc -E
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... mkdir -p
checking for gawk... (cached) awk
checking whether make sets $(MAKE)... (cached) yes
checking for style of include used by make... GNU
checking dependency style of cc... gcc3
checking curl version... 7.50.3
checking build system type... x86_64-unknown-openbsd6.0
checking host system type... x86_64-unknown-openbsd6.0
checking for sys/types.h... (cached) yes
checking for stdint.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for grep that handles long lines and -e... (cached) /usr/bin/grep
checking for egrep... (cached) /usr/bin/egrep
checking for ANSI C header files... (cached) yes
checking for sys/types.h... (cached) yes
checking for sys/stat.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for memory.h... (cached) yes
checking for strings.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for stdint.h... (cached) yes
checking for unistd.h... (cached) yes
checking if cpp -P is needed... no
checking size of long... 8
checking size of void*... 8
checking for 64-bit curl_off_t data type... long
checking size of curl_off_t... 8
checking formatting string directive for curl_off_t... "ld"
checking 

Re: lftp man page broken

[Jiri B]

On Tue, Sep 13, 2016 at 11:25:56PM +0200, Rafael Sadowski wrote:
> I know of no Jiri B's "/usr/local/man/cat1/lftp.0"! man(1) shows me:
> 
> $ man -w lftp
> /usr/local/man/man1/lftp.1

I have no idea why this differs:

$ pkg_info -L lftp | grep man
/usr/local/man/cat1/lftp.0
/usr/local/man/cat1/lftpget.0
/usr/local/man/cat5/lftp.conf.0

jirib:/home/jirib
$ grep man cvs/openbsd-ports/net/lftp/pkg/PLIST
@man man/man1/lftp.1
@man man/man1/lftpget.1
@man man/man5/lftp.conf.5

$ pkg_info lftp | head -n1
Information for inst:lftp-4.7.3

j.

lftp man page broken

[Jiri B]

Hi,

lftp man pages is odd, see section for 'mirror' command.

~~~
$ cat /usr/local/man/cat1/lftp.0 | col -b | sed -n '/mirror.*OPTS/,/When using 
\-R/p' | head
   mirror [OPTS] [source [target]]

   Mirror specified source directory to local target directory. If the
   target directory ends with a slash (except the root), the source base
   name is appended to target directory name. Source and/or target can be
   URLs pointing to directories.

l1   llx   .  -c,  --continue T{ continue a mirror job if
possible T} -e,  --delete  T{ delete files not present at remote
site T}  --delete-first T{ delete old files before

~~~

On EL7:

~~~
# man -P cat lftp | col -b | sed -n '/mirror.*OPTS/,/When using \-R/p' | head
   mirror [OPTS] 
   ing to directories.

-c,--continuecontinue a mirror job if possible
-e,--delete  delete files not present at remote 
site
   --delete-firstdelete old files before 
transferring new ones
   --depth-first descend into subdirectories before 
transferring files
-s,--allow-suid  set suid/sgid bits according to 
remote site
[source [target]]

   Mirror  specified source directory to local target directory. If target 
directory ends with a slash, the source base name is appended to target 
directory name. Source and/or target can be URLs point
~~~

j.

Re: openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

[Jiri B]

On Sun, Sep 11, 2016 at 06:03:07PM +0900, Bryan Linton wrote:
> I'm seeing this too.  From reading this thread on bugs@, it looks
> like support for this was removed from the /sbin/route command (as
> well as the kernel itself) to enable upcoming support for other
> features.
> 
> Unfortunately, it doesn't look like support for having
> non-directly-connected static routes is planned to be re-added
> anytime soon, because it would interfere with the current efforts
> to move the network stack to a more SMP-friendly design.
> 
> http://marc.info/?l=openbsd-bugs=147291674529119=2
> 
> If anyone has any suggestions for a workaround, please enlighten
> me.  Unfortunately I don't have control over the server in my
> case, so changing the "topology subnet" to "topology p2p" as
> suggested previously in the thread isn't something I can do in my
> case.

Thanks for raising this info, you are right, it is route.c changed
which caused this issue.

I tried with an older OpenBSD box where it is working fine:

~~~
...
Sun Sep 11 11:29:58 2016 /sbin/route add -net 10.0.0.0 10.40.204.1 -netmask 
255.0.0.0
add net 10.0.0.0: gateway 10.40.204.1
Sun Sep 11 11:29:58 2016 GID set to _openvpn
Sun Sep 11 11:29:58 2016 UID set to _openvpn
Sun Sep 11 11:29:58 2016 Initialization Sequence Completed
^CSun Sep 11 11:30:13 2016 event_wait : Interrupted system call (code=4)
Sun Sep 11 11:30:13 2016 SIGTERM received, sending exit notification to peer
Sun Sep 11 11:30:16 2016 /sbin/route delete -net 10.0.0.0 10.40.204.1 -netmask 
255.0.0.0
route: must be root to alter routing table
Sun Sep 11 11:30:16 2016 ERROR: OpenBSD/NetBSD route delete command failed: 
external program exited with error status: 1
Sun Sep 11 11:30:16 2016 Closing TUN/TAP interface
Sun Sep 11 11:30:16 2016 PLUGIN_CALL: POST 
/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so/PLUGIN_DOWN status=0
Sun Sep 11 11:30:16 2016 PLUGIN_CLOSE: 
/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so
Sun Sep 11 11:30:16 2016 SIGTERM[soft,exit-with-notification] received, process 
exiting
# sysctl kern.version ; pkg_info openvpn | head -n1
kern.version=OpenBSD 6.0-current (GENERIC.MP) #2371: Fri Aug 19 09:18:22 MDT 
2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Information for inst:openvpn-2.3.11
~~~

j.

Re: openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

[Jiri B]

On Sat, Sep 10, 2016 at 05:35:01PM -0500, Brent Cook wrote:
> > ​Hi Jiri,
> >
> >  I just double-checked an OpenVPN setup using ​the latest snap + the
> > latest ports package, and it should no longer cause the segfault.
> >
> > OpenBSD 6.0-current (RAMDISK_CD) #2212: Sat Sep 10 10:03:50 MDT 2016
> >
> > The too many symbolic links issue seems to be related to the 'topology
> > subnet' configuration on the server. I was having a similar issue and
> > showed it to phessler in Cambridge. We found that OpenVPN seemed to be
> > adding a route that mirrored an existing one, which led to that somewhat
> > confusing error message. I'm not entirely sure how to resolve it, though
> > locally I switched back to p2p topology.
> >
> > ​ - Brent​

Thanks I do not see segfaults anymore but issue about 'too many symbolic links'
is strange. I doubt they have changed anything on remote OpenVPN gw.

He, '-d' in route is strange, not showing any useful info in this context:

~~~
# /sbin/route -dv add -net 10.0.0.0 10.40.204.1 -netmask 255.0.0.0   
so_dst: inet 10.0.0.0; so_gate: inet 10.40.204.1; so_mask: inet 255.0.0.0; 
RTM_ADD: Add Route: len 136, priority 0, table 0, ifidx 0, pid: 0, seq 1, errno 0
flags:
fmask:
use:0   mtu:0expire:0
locks:  inits:
sockaddrs: 
 10.0.0.0 10.40.204.1 255.0.0.0
add net 10.0.0.0: gateway 10.40.204.1

# /sbin/route -v add -net 10.0.0.0 10.40.204.1 -netmask 255.0.0.0 
so_dst: inet 10.0.0.0; so_gate: inet 10.40.204.1; so_mask: inet 255.0.0.0; 
RTM_ADD: Add Route: len 136, priority 0, table 0, ifidx 0, pid: 0, seq 1, errno 0
flags:
fmask:
use:0   mtu:0expire:0
locks:  inits:
sockaddrs: 
 10.0.0.0 10.40.204.1 255.0.0.0
add net 10.0.0.0: gateway 10.40.204.1: Too many levels of symbolic links

# netstat -rnf inet
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default192.168.100.1  UGS5   40 - 8 em0
224/4  127.0.0.1  URS00 32768 8 lo0
10.40.204/22   10.40.204.16   UGS06 - 8 tun0
10.40.204.16   10.40.204.16   UHhl   11 - 1 tun0
10.40.204.16   10.40.204.16   UH 00 - 8 tun0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHhl   3  757 32768 1 lo0
192.168.100/24 192.168.100.100UCn17 - 4 em0
192.168.100.1  00:25:90:60:8f:1e  UHLch  25 - 4 em0
192.168.100.10028:d2:44:df:a1:87  UHLl   0   98 - 1 em0
192.168.100.255192.168.100.100UHb02 - 1 em0
~~~

j.

Re: openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

[Jiri B]

On Fri, Sep 09, 2016 at 01:30:24PM +0200, Theo Buehler wrote:
> Recent changes to libcrypto were responsible for some fallout. The
> offending changes were backed out and this should be fixed with r1.35 of
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/evp/evp_enc.c
> 
> CVSROOT:  /cvs
> Module name:  src
> Changes by:   bc...@cvs.openbsd.org   2016/09/08 18:03:22
> 
> Modified files:
>   lib/libcrypto/evp: evp_enc.c 
> 
> Log message:
> back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinal
> 
> Software that refers to ctx after calling Final breaks with these changes.
> revert parts of 1.31 and 1.32

I updated to 'OpenBSD 6.0-current (GENERIC.MP) #2427: Fri Sep  9 12:46:15 MDT 
2016'
and rebuilt openvpn package and I have still the issue :/

j.

Re: openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

[Jiri B]

~~~
#0  0x193e5bfa2973 in EVP_CIPHER_CTX_iv_length (ctx=0x193e57d3c800) at 
/usr/src/lib/libcrypto/evp/evp_lib.c:244
No locals.
#1  0x193c57809f58 in cipher_ctx_iv_length (ctx=0x193e57d3c800) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/crypto_openssl.c:606
No locals.
#2  0x193c57804fa6 in openvpn_encrypt (buf=0x7f7e26c0, work={capacity = 
1504, offset = 0, len = 0, data = 0x193ea7808000 ""}, opt=0x7f7e25e0, 
frame=0x7f7e2458) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/crypto.c:102
iv_buf = "\001\000\000\000\b\000\000\000��S��\233� "
iv_size = 6462
cipher_kt = (const cipher_kt_t *) 0x193ea78064f8
outlen = -1484758720
ctx = (struct key_ctx *) 0x193ea7806548
gc = {list = 0x0}
#3  0x193c5780e692 in encrypt_sign (c=0x7f7e1c20, comp_frag=true) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:475
b = (struct context_buffers *) 0x193e8b961200
orig_buf = (const uint8_t *) 0x193ea780b800 ""
#4  0x193c5785840b in check_ping_send_dowork (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/ping.c:94
No locals.
#5  0x193c5780ee9d in check_ping_send (c=0x7f7e1c20) at ping-inline.h:56
No locals.
#6  0x193c5780e9f2 in process_coarse_timers (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:565
No locals.
#7  0x193c5780eeec in check_coarse_timers_dowork (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:574
save = {tv_sec = 604800, tv_usec = 0}
#8  0x193c578117b1 in check_coarse_timers (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:589
local_now = 1473413910
#9  0x193c57811723 in pre_select (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:1327
No locals.
#10 0x193c5783a644 in tunnel_point_to_point (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/openvpn.c:80
No locals.
#11 0x193c5783aa8b in openvpn_main (argc=3, argv=0x7f7e2938) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/openvpn.c:270
c = {options = {gc = {list = 0x193e71e75440}, gc_owned = true, config = 
0x7f7e2a49 "/etc/openvpn/ovpn-brq-udp-x86_64.conf", mode = 0, 
forward_compatible = false, ignore_unknown_option = 0x0, persist_config = 
false, persist_mode = 0, key_pass_file = 0x0, show_ciphers = false, 
show_digests = false, show_engines = false, show_tls_ciphers = false, genkey = 
false, ce = {proto = 1, local_port = 0, local_port_defined = false, remote_port 
= 443, local = 0x0, remote = 0x193e680499c8 "", remote_float = 
false, bind_defined = false, bind_local = false, connect_retry_seconds = 5, 
connect_retry_defined = false, connect_retry_max = 0, connect_timeout = 10, 
connect_timeout_defined = false, http_proxy_options = 0x0, socks_proxy_server = 
0x0, socks_proxy_port = 0, socks_proxy_authfile = 0x0, socks_proxy_retry = 
false, tun_mtu = 1360, tun_mtu_defined = true, tun_mtu_extra = 0, 
tun_mtu_extra_defined = false, link_mtu = 1500, link_mtu_defined = false, 
mtu_discover_type = -1, fragment = 0, mssfix = 1450, mssfix_default = false, 
explicit_exit_notification = 3, flags = 0}, remote_ip_hint = 0x0, 
connection_list = 0x0, remote_list = 0x193f07133808, force_connection_list = 
false, http_proxy_override = 0x0, rh_store = 0x0, remote_random = false, 
ipchange = 0x0, dev = 0x193f459ab1e8 "tun", dev_type = 0x0, dev_node = 0x0, 
lladdr = 0x0, topology = 3, ifconfig_local = 0x193ef49038c8 "10.40.204.156", 
ifconfig_remote_netmask = 0x193e71e75448 "255.255.252.0", ifconfig_ipv6_local = 
0x0, ifconfig_ipv6_netbits = 0, ifconfig_ipv6_remote = 0x0, ifconfig_noexec = 
false, ifconfig_nowarn = false, shaper = 0, proto_force = -1, mtu_test = false, 
mlock = false, keepalive_ping = 0, keepalive_timeout = 0, inactivity_timeout = 
0, inactivity_minimum_bytes = 0, ping_send_timeout = 30, ping_rec_timeout = 
600, ping_timer_remote = false, tun_ipv6 = false, ping_rec_timeout_action = 1, 
persist_tun = true, persist_local_ip = false, persist_remote_ip = false, 
persist_key = true, passtos = false, resolve_retry_seconds = 10, 
tuntap_options = {dummy = 0}, username = 0x193e68049be8 "_openvpn", groupname = 
0x193e68049c08 "_openvpn", chroot_dir = 0x0, cd_dir = 0x193edecc2ee8 
"/etc/openvpn", writepid = 0x0, up_script = 0x193e7cd25188 
"/etc/openvpn/ovpn-brq-udp-client.up", down_script = 0x0, user_script_used = 
true, down_pre = false, up_delay = false, up_restart = false, daemon = false, 
remap_sigusr1 = 0, inetd = 0, log = false, suppress_timestamps = false, nice = 
0, verbosity = 3, mute = 0, gremlin = 0, status_file = 0x193f08d54548 
"/tmp/ovpn-brq-upd.status", status_file_version = 3, status_file_update_freq = 
60, 

Re: Samba as DC on OpenBSD 6.0 is unusable :(

[Jiri B]

On Fri, Sep 09, 2016 at 08:53:20AM +0300, kasak wrote:

> I think, if Theo says that we don't need acl, than we don't need acl. He
> knows better. Keeping things simple is very secure and this is good!
> I am very thankful to you for maintaining samba on OpenBSD! Undoubtedly ,
> OpenBSD is now best of all OS, and fresh port of samba is what we really
> need!

But missing extattr/xattr supports is not only about ACLs, extended filesystem
attributes are used also for other things. For example both Ceph FS and
glusterfs keep their metadata in extended attributes, thus without this you
cannot port such filesystems to OpenBSD :/

j.

openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

[Jiri B]

Hi,

I use same openvpn config for long time but it seems recent updates (base, 
packages)
caused openvpn to segfault after a route add error.

Any help would be appreciated.

j.

openvpn-2.3.11
OpenBSD 6.0-current (GENERIC.MP) #2421: Mon Sep  5 07:50:28 MDT 2016

~~~
# openvpn --config /etc/openvpn/ovpn-brq-udp-x86_64.conf
Fri Sep  9 09:53:55 2016 OpenVPN 2.3.11 x86_64-unknown-openbsd6.0 [SSL 
(OpenSSL)] [LZO] [MH] [IPv6] built on Sep  3 2016
Fri Sep  9 09:53:55 2016 library versions: LibreSSL 2.5.0, LZO 2.09
Enter Auth Username:jbelka
Enter Auth Password:
Fri Sep  9 09:54:09 2016 WARNING: No server certificate verification method has 
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Sep  9 09:54:09 2016 NOTE: the current --script-security setting may allow 
this configuration to call user-defined scripts
Fri Sep  9 09:54:09 2016 PLUGIN_INIT: POST 
/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so 
'[/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so] 
[/etc/openvpn/ovpn-brq-udp-client.down]' intercepted=PLUGIN_UP|PLUGIN_DOWN
Fri Sep  9 09:54:09 2016 WARNING: normally if you use --mssfix and/or 
--fragment, you should also set --tun-mtu 1500 (currently it is 1360)
Fri Sep  9 09:54:09 2016 Socket Buffers: R=[41600->41600] S=[9216->9216]
Fri Sep  9 09:54:09 2016 NOTE: UID/GID downgrade will be delayed because of 
--client, --pull, or --up-delay
Fri Sep  9 09:54:09 2016 UDPv4 link local: [undef]
Fri Sep  9 09:54:09 2016 UDPv4 link remote: [AF_INET]:443
Fri Sep  9 09:54:09 2016 TLS: Initial packet from [AF_INET]:443, 
sid=75faf7af 81d7f0cc
Fri Sep  9 09:54:13 2016 VERIFY OK: depth=1, C=US, ST=North Carolina, 
L=Raleigh, O=Example, Inc., OU=IS, CN=Example IS CA, 
emailAddress=sysadmin-...@example.com
Fri Sep  9 09:54:13 2016 VERIFY OK: depth=0, C=US, ST=North Carolina, 
O=Example, Inc., OU=Information Technology, CN=ovpn-brq.example.com, 
emailAddress=serviced...@example.com
Fri Sep  9 09:54:17 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized 
with 256 bit key
Fri Sep  9 09:54:17 2016 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri Sep  9 09:54:17 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized 
with 256 bit key
Fri Sep  9 09:54:17 2016 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri Sep  9 09:54:17 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 
DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Sep  9 09:54:17 2016 [ovpn-brq.example.com] Peer Connection Initiated with 
[AF_INET]:443
Fri Sep  9 09:54:19 2016 SENT CONTROL [ovpn-brq.example.com]: 'PUSH_REQUEST' 
(status=1)
Fri Sep  9 09:54:19 2016 PUSH: Received control message: 
'PUSH_REPLY,route-gateway 10.40.204.1,route 10.0.0.0 255.0.0.0,dhcp-option DNS 
10.38.5.26,dhcp-option DNS 10.35.255.14,dhcp-option DOMAIN example.com,ping 
30,ping-exit 600,explicit-exit-notify 3,topology subnet,ifconfig 10.40.204.138 
255.255.252.0'
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: route options modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: route-related options modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option 
options modified
Fri Sep  9 09:54:19 2016 ROUTE_GATEWAY 192.168.100.1
Fri Sep  9 09:54:19 2016 TUN/TAP device /dev/tun0 opened
Fri Sep  9 09:54:19 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep  9 09:54:19 2016 /sbin/ifconfig tun0 10.40.204.138 10.40.204.138 mtu 
1360 netmask 255.255.252.0 up
Fri Sep  9 09:54:20 2016 /sbin/route add -net 10.40.204.0 10.40.204.138 
-netmask 255.255.252.0
add net 10.40.204.0: gateway 10.40.204.138
Fri Sep  9 09:54:20 2016 PLUGIN_CALL: POST 
/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so/PLUGIN_UP status=0
Fri Sep  9 09:54:20 2016 /etc/openvpn/ovpn-brq-udp-client.up tun0 1360 1417 
10.40.204.138 255.255.252.0 init
OpenVPN run:
Opening socket /var/pdnsd/pdnsd.status
Succeeded
Fri Sep  9 09:54:20 2016 /sbin/route add -net 10.0.0.0 10.40.204.1 -netmask 
255.0.0.0
add net 10.0.0.0: gateway 10.40.204.1: Too many levels of symbolic links
Fri Sep  9 09:54:20 2016 ERROR: OpenBSD/NetBSD route add command failed: 
external program exited with error status: 1
Fri Sep  9 09:54:20 2016 GID set to _openvpn
Fri Sep  9 09:54:20 2016 UID set to _openvpn
Fri Sep  9 09:54:20 2016 Initialization Sequence Completed
Segmentation fault
~~~

dmesg

~~~
OpenBSD 6.0-current (GENERIC.MP) #2421: Mon Sep  5 07:50:28 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12540866560 (11959MB)
avail mem = 12156301312 (11593MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014

Re: Samba as DC on OpenBSD 6.0 is unusable :(

[Jiri B]

On Thu, Sep 08, 2016 at 11:01:45PM +0200, Jeremie Courreges-Anglas wrote:
> Everything is possible, but our lack of ACLs and extended attributes
> make OpenBSD a poor choice for samba, even if upstream supports backends
> that don't suffer these limitations.  From my POV, net/samba is here
> first for simple file sharing and client libraries support.

IIUC this is why NetBSD has xattr.h which is just for such purpose,
ie. unrelated to FFS/UFS.

http://ftp.fau.de/netbsd/NetBSD-current/src/sys/sys/xattr.h

j.

libreoffice online - anybody has tried to build?

[Jiri B]

Hi,

has anybody tried to build 'libreoffice online'? Is it even doable?
https://gerrit.libreoffice.org/gitweb?p=online.git;a=tree;f=loolwsd/debian;h=930c57b566f25fc508ccf4fbcf953f5747bc43a8;hb=HEAD

owncloud/nextcloud could use 'libreoffice online' from Collabora as backend
for Google Docs-like feature in their "cloud" web app. This thus does interest
me the most.

(I know owncloud/nextcloud can talk to 'libreoffice online' via network, eg.
running as Docker image provided by Collabora.)

j.

Re: epub reader

[Jiri B]

On Fri, Jul 08, 2016 at 10:47:54AM -0400, Jiri B wrote:
> On Fri, Jul 08, 2016 at 08:36:11AM -0600, Jack J. Woehr wrote:
> > Is there a tool to read epubs on OpenBSD? I looked in MARC archives and 
> > don't find any info.
> 
> mupdf
> calibre
> an extension in firefox...

I had working sigil port in my tree, maybe I could
bring it up-to-date.

I would also love to see pandoc in tree for convertion to epubs.

j.

Re: epub reader

[Jiri B]

On Fri, Jul 08, 2016 at 08:36:11AM -0600, Jack J. Woehr wrote:
> Is there a tool to read epubs on OpenBSD? I looked in MARC archives and don't 
> find any info.

mupdf
calibre
an extension in firefox...

j.

Re: [NEW] www/tbb - Tor Browser Bundle 6.0.2

[Jiri B]

First of all, it's great to see this effort.

But, we have seen diffs in ports tree which were irrelevant,
eg. upstream solved the issues the diffs were trying to solve
specifically for OpenBSD ports tree.

semarie@ did a review for TBB and he raised some question about
diverting from upstream. As TBB is anonymity oriented sw and can be
considered by users as "safe to use", this raises a question - what is
the trust between all changes in OpenBSD ports tree and upstream? What
would be regular review mode?

I have no answer to this question but I would be hesitant to see
current situation as optimal, because a little mistake/oversight could
have real impact on TBB users using it in some peculiar countries.

I just wanted to show my cautiousness towards potential issues just
existing in OpenBSD porting effort itself.

j.

Re: /etc/rc.d/dnscrypt_proxy(failed)

[Jiri B]

On Thu, May 12, 2016 at 05:19:35PM +0800, johnw wrote:
> On 05/12/2016 03:18 PM, Stuart Henderson wrote:
> > pgrep -lf dnscrypt
> 65727 /usr/local/sbin/dnscrypt-proxy -d --user=_dnscrypt-proxy -R
> dnscrypt.eu-nl --local-address=[::1]:53
> --resolver-address=176.56.237.171:443
> --provider-key=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66
> 
> > rcctl get dnscrypt_proxy
> dnscrypt_proxy_class=dnscrypt_proxy
> dnscrypt_proxy_flags=-R dnscrypt.eu-nl --local-address=[::1]:53
> --resolver-address=176.56.237.171:443
> --provider-key=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66
> dnscrypt_proxy_rtable=0
> dnscrypt_proxy_timeout=30
> dnscrypt_proxy_user=root
> 
> > cat /var/run/rc.d/dnscrypt_proxy (if it exists)
> Not exists
> 
> Thank you.
> 


Try to run it directly as rc.d does:

su -l -c daemon -s /bin/sh root -c "dnscrypt_proxy -R dnscrypt.eu-nl 
--local-address=[::1]:53"

Don't you miss '--user=_dnscrypt-proxy' and '-d' (daemonize) in flags?

j.

[UPDATE] let mupdf-x11-curl talk to https

[Jiri B]

Hi,

I got instructed at #ghostcript FreeNode channel that mupdf
code does not check for https. So here's diff.

Works with https://knihy.nic.cz/files/nic/edice/pavel_satrapa_ipv6_2012.pdf

j.


Index: Makefile
===
RCS file: /cvs/ports/textproc/mupdf/Makefile,v
retrieving revision 1.63
diff -u -p -r1.63 Makefile
--- Makefile16 Mar 2016 16:46:33 -  1.63
+++ Makefile4 May 2016 12:00:08 -
@ -7,7 +7,7 @@ COMMENT =   graphic library, pdf parser, v
 V =1.8
 DISTNAME = mupdf-$V-source
 PKGNAME =  mupdf-$V
-REVISION = 2
+REVISION = 3
 
 CATEGORIES =   textproc x11
 
Index: patches/patch-platform_x11_pdfapp_c
===
RCS file: /cvs/ports/textproc/mupdf/patches/patch-platform_x11_pdfapp_c,v
retrieving revision 1.4
diff -u -p -r1.4 patch-platform_x11_pdfapp_c
--- patches/patch-platform_x11_pdfapp_c 26 Jan 2016 14:43:08 -  1.4
+++ patches/patch-platform_x11_pdfapp_c 4 May 2016 12:00:08 -
@ -1,6 +1,6 @@
 $OpenBSD: patch-platform_x11_pdfapp_c,v 1.4 2016/01/26 14:43:08 tb Exp $
 --- platform/x11/pdfapp.c.orig Tue Nov 10 17:19:51 2015
-+++ platform/x11/pdfapp.c  Mon Jan 18 10:14:13 2016
 platform/x11/pdfapp.c  Wed May  4 13:50:11 2016
 @@ -26,8 +26,18 @@ enum
  static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int 
repaint, int transition, int searching);
  static void pdfapp_updatepage(pdfapp_t *app);
@ -21,6 +21,15 @@ $OpenBSD: patch-platform_x11_pdfapp_c,v 
  static int zoom_in(int oldres)
  {
int i;
+@@ -316,7 +326,7 @@ void pdfapp_open_progressive(pdfapp_t *app, char *file
+   }
+ 
+ #ifdef HAVE_CURL
+-  if (!strncmp(filename, "http://;, 7))
++  if (!strncmp(filename, "http://;, 7) || !strncmp(filename, 
"https://;, 8))
+   {
+   app->stream = fz_stream_from_curl(ctx, filename, 
pdfapp_more_data, app);
+   while (1)
 @@ -1041,6 +1051,12 @@ static void pdfapp_search_in_direction(pdfapp_t *app, 
  {
int firstpage, page;

Re: help about merging PLIST and PFRAG.$flavor

[Jiri B]

On Wed, Apr 27, 2016 at 06:09:22PM +0200, Dmitrij D. Czarkoff wrote:
> Jiri B said:
> > I'm working on a port (recoll desktop indexer) and it can be
> > built without GUI and with QT4 GUI.
> > 
> > My question is: how to handle PLIST when most of the files are
> > same for both version of the app but each version add just
> > couple of files more?
> > 
> > Should I have 'no_x11' flavor and a flavor for 'gui' and one
> > PLIST with '%%no_x11%%' and '%%qui%%'?
> > 
> > I'm not sure if I can have two flavors and no "default"...
> > 
> > An advise is appreciated.
> 
> So you want to give users a choice between gui and no gui.  The one most
> likely to be used should become default FLAVOR.  Another one should
> become either "no_x11" or "qt4".

This is clear but flavors generally do not have individual PLIST
files, that's why there's PFRAG.$flavor and you put '%%$flavor%%'
into PLIST.

I would probably like to achive:

- "no_x11" flavor package
- "python" subpackage
- "qt4" flavor package (should be default, -main iiuc)

no_x11 flavor package one more binary
python has just python stuff linked against recoll library
qt4 flavor package has some more binaries, desktop files, images.

PLIST has most of content, libs, data files, examples

How to combine all of this?

j.

help about merging PLIST and PFRAG.$flavor

[Jiri B]

Hi,

I'm working on a port (recoll desktop indexer) and it can be
built without GUI and with QT4 GUI.

My question is: how to handle PLIST when most of the files are
same for both version of the app but each version add just
couple of files more?

Should I have 'no_x11' flavor and a flavor for 'gui' and one
PLIST with '%%no_x11%%' and '%%qui%%'?

I'm not sure if I can have two flavors and no "default"...

An advise is appreciated.

j.

WebRTC - [was: Re: [NEW] x11/teamwords - an open source Slack native client]

[Jiri B]

On Tue, Mar 29, 2016 at 01:32:47PM -0400, Bryan C. Everly wrote:
> Hi ports@,
> 
> For those of you unfamiliar with it, Slack is a  commercial software
> development team collaboration tool similar to HipChat from Atlassian.

Hmm, while mentioning Slack... What's status of WebRTC in OpenBSD
Firefox?

I found a fully OSS video/audio chat service - http://hubl.in - but it seems
we are out of luck :(

j.

Re: [WIP] Grub 2.02-beta3

[Jiri B]

On Tue, Mar 22, 2016 at 06:46:25AM -0400, Josh Grosse wrote:
> Hi, Jiri.  I haven't built your port, yet, just ran it through 
> portcheck(1).  It found a missing gettext dependency, and if you
> add gettext to your modules, you won't need a lib dependency on xz.
> 

Something like this?

--- /tmp/Makefile.orig  Tue Mar 22 12:04:00 2016
+++ MakefileTue Mar 22 12:02:19 2016
@ -13,8 +13,10 @@ PERMIT_PACKAGE_CDROM=Yes
 
 MASTER_SITES=  http://alpha.gnu.org/gnu/grub/
 
-MODULES+=  lang/python
-MODULES += gcc4
+WANTLIB+=  c util
+
+MODULES+=  lang/python devel/gettext
+MODULES+=  gcc4
 MODGCC4_LANGS = c
 MODGCC4_ARCHS = *
 
@ -24,7 +26,6 @@ AUTOMAKE_VERSION= 1.15
 BUILD_DEPENDS+=${MODGNU_AUTOCONF_DEPENDS} \
${MODGNU_AUTOMAKE_DEPENDS} \
devel/bison
-LIB_DEPENDS+=  archivers/xz
 
 CONFIGURE_STYLE=automake
 CONFIGURE_ARGS+=--sysconfdir=${SYSCONFDIR} \

j.

[WIP] Grub 2.02-beta3

[Jiri B]

Hi,

this is real WIP of Grub 2.02-beta3. I've tried my best
but it needs for sure more testing - I'd tried to adapt
README and configuration file for disabling partition to
Grub 2 syntax but I'm not personally user of such features.

My original goal was to replace pxelinux with Grub2 but
I still have issues to "pxechain" OpenBSD pxeboot from
Grub2 downloaded via PXE.

Tests, comments are welcomed.

j.


grub2.tar.gz
Description: application/tar-gz

grub(2) - ONLY_FOR_ARCHS= i386 ?

[Jiri B]

Hi,

I'm working on to make grub2 work on OpenBSD to replace
pxelinux on my netinstall server and I have this question -
- why is there 'ONLY_FOR_ARCHS= i386' in our old grub?

I'm working on grub2 on amd64, I haven't tested that yet
but following works on amd64:

jirib:/tmp
$ grub-mknetdir --net-directory=/tmp/netboot
Netboot directory for i386-pc created. Configure your DHCP server to point to 
/tmp/netboot/grub/i386-pc/core.0

jirib:/tmp
$ find netboot/ | head
netboot/
netboot/grub
netboot/grub/i386-pc
netboot/grub/i386-pc/adler32.mod
netboot/grub/i386-pc/affs.mod
netboot/grub/i386-pc/afs.mod
netboot/grub/i386-pc/ahci.mod
netboot/grub/i386-pc/all_video.mod
netboot/grub/i386-pc/aout.mod
netboot/grub/i386-pc/archelp.mod

Thanks for explanation.

j.

Re: grub(2) - ONLY_FOR_ARCHS= i386 ?

[Jiri B]

> > I'm working on to make grub2 work on OpenBSD to replace
> > pxelinux on my netinstall server and I have this question -
> > - why is there 'ONLY_FOR_ARCHS= i386' in our old grub?
> 
> Try building. You get the following during configure:
> 
> > checking whether the C compiler works... configure: error: cannot run C 
> > compiled programs.
> > If you meant to cross compile, use `--host'.
> > See `config.log' for more details.
> > *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2700 
> > '/usr/ports/pobj/grub-0.97/.configure_done': @for d in 
> > /usr/ports/pobj/grub-...)
> > *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1923 
> > '/usr/ports/packages/amd64/all/grub-0.97p6.tgz')
> > *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2465 
> > '_internal-package')
> > *** Error 1 in /usr/ports/sysutils/grub 
> > (/usr/ports/infrastructure/mk/bsd.port.mk:2445 'package')
> 
> I recall finding a better explanation (or coming up with one myself)
> when I originally tried this a few months ago, but I've since forgotten.
> Considering that PIE broke it when introduced, I wouldn't be surprised
> if some of our linking features are related.

Hmm, I was able to successfully build grub2 and I'm able to
load grub2 via pxe with qemu x86_64 VM:

But then I can't load 'pxeboot' from grub, here are steps:

> set
[...]
> insmod pxechain
> pxechainloader /openbsd/pxeboot
alising devices...ok
probing: pc0 com0 pxe![2.1] mem[624K 253M 320K a20=on]
disk: fd0
net: mac 52:54:00:12:34:56, ip 10.0.2.15, server 10.0.2.2
>> OpenBSD/amd64 PXEBOOT 3.25 Network Boot Firmware -- http://ipxe.org
sendrecv: short write! (-1 < 23)E bzImage ELF MBOOT PXE Menu PXEXT

j.

Re: grub(2) - ONLY_FOR_ARCHS= i386 ?

[Jiri B]

> > I recall finding a better explanation (or coming up with one myself)
> > when I originally tried this a few months ago, but I've since forgotten.
> > Considering that PIE broke it when introduced, I wouldn't be surprised
> > if some of our linking features are related.
> 
> It's testing that it can run programs built with the compiler flags.
> config.log has this:
> 
> configure:2424: cc -m32 -ftrampolines -fno-stack-protector -fno-pie -nopie   
> conftest.c  >&5
> /usr/bin/ld: warning: i386 architecture of input file `/tmp//ccNKPoep.o' is 
> incompatible with i386:x86-64 output
> 
> This (producing i386 code on amd64) is basically a cross-compile situation.
> 
> > > I'm working on grub2 on amd64, I haven't tested that yet
> > > but following works on amd64:
> 
> mmcc is right, grub 0.97 as present in the port does not build on amd64.

FYI, I just booted OpenBSD from "native OpenBSD" grub2 on amd64:

grub-install /dev/rwd0c # used qemu for testing
XX_ files put into /etc/grub.d
cat >> /etc/grub.d/40_custom << EOF
menuentry "OpenBSD" {
set root=(hd0,4)
chainloader +1
}
EOF
grub-mkconfig -o /grub/grub.cfg
reboot

j.

Re: Maven-based projects vs. our build process

[Jiri B]

On Tue, Mar 15, 2016 at 12:56:22PM -0400, Bryan C. Everly wrote:
> Hi,
> 
> I have several maven-based projects that I'd like to create ports for, but
> our build process makes that challenging.
> 
> Maven (for those who don't know) likes to download additional files as it
> compiles which is a non-starter for our build process.  A solution that I
> have found to work around this is to run maven once, let it cache the files
> locally, turn them into a tarball which I then place in my "files"
> directory and make the real port run maven in offline mode from the cached
> files in the tarball.
> 
> This process works, but it sure seems awkward.
> 
> Does anyone have any suggestions on how I could make this better?

Packaging java, ruby, node.js apps which many dependencies  is nightmare
for everybody. IIRC Fedora must have for each dependency separate package
but I have heard recently that inside Fedora/RHEL thins are changing
and some projects are permitted to have one big package including all
its deps. The problem is - who and how will be those dependencies
maintained?

It doesn't answer your question. But it seems that if an app can be
installed via its own framework (npm, cabal, pip), some devs prefer
not to package it - at least I have the feeling about haskell, node.js
ports.

j.

Re: pywinrm, py-xmltodict for Ansible Windows mgmt

[Jiri B]

On Sun, Mar 13, 2016 at 11:04:24PM +, Stuart Henderson wrote:
> On 2016/03/13 18:17, Jiri B wrote:
> > I'd like to use Ansible to manage Windows machines at work,
> > thus here are two new ports - pywinrm (python module for
> > Windows Remote Management) and its dependent, py-xmltodict.
> 
> Attachments missing. But "pywinrm" isn't a good name for the
> port, it should be "py-winrm" or "py-pywinrm" or similar,
> both for consistency, and so the py- / py3- mechanism works.

Now with attachments and renamed pywinrm to py-winrm (the module
is called 'pywinrm' in pip, that's why I had this name).




py-winrm.tar.gz
Description: application/tar-gz


py-xmltodict.tar.gz
Description: application/tar-gz

pywinrm, py-xmltodict for Ansible Windows mgmt

[Jiri B]

I'd like to use Ansible to manage Windows machines at work,
thus here are two new ports - pywinrm (python module for
Windows Remote Management) and its dependent, py-xmltodict.

Example tests work ok.

j.

~~~
In [5]: s = winrm.Session('ad-w2k12r2.example.com', auth=('Administrator', 
'password'))
In [6]: r = s.run_cmd('ipconfig', ['/all'])
In [7]: r.status_code
Out[7]: 0
In [8]: r.std_out
Out[8]: '\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . 
. : brq-w2k12r2\r\n   Primary Dns Suffix  . . . . . . . : 
ad-w2k12r2.example.com\r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   
IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . 
: No\r\n   DNS Suffix Search List. . . . . . : 
ad-w2k12r2.example.com\r\n\r\nEthernet adapter Ethernet:\r\n\r\n   
Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : 
Red Hat VirtIO Ethernet Adapter\r\n   Physical Address. . . . . . . . . : 
00-1A-4A-01-3F-FB\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   
Autoconfiguration Enabled . . . . : Yes\r\n   IPv4 Address. . . . . . . . . . . 
: 10.34.63.245(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 
255.255.252.0\r\n   Default Gateway . . . . . . . . . : 10.34.63.254\r\n   DNS 
Servers . . . . . . . . . . . : 127.0.0.1\r\n   NetBIOS over Tcpip. . . . . . . 
. : Enabled\r\n\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n   
Media State . . . . . . . . . . . : Media disconnected\r\n   
Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : 
Teredo Tunneling Pseudo-Interface\r\n   Physical Address. . . . . . . . . : 
00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   
Autoconfiguration Enabled . . . . : Yes\r\n\r\nTunnel adapter 
isatap.{8E0EBBF3-CDFB-44DE-B6C7-CD12C5B14CBD}:\r\n\r\n   Media State . . . . . 
. . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n 
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2\r\n   
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. 
. . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n'
~~~

[UPDATE] icedtea-web + textproc/tagsoup dep

[Jiri B]

Hi,

an updae for icedtea-web to 1.6.2. I added tagsoup as deps
as it is recommended by upstream to solve issue wth bad
jnlp files. I also added *.desktop files to make it work
nicely with xdg-open.

Oh yeah, it's horrible bashism and gnuism.

tagsoup based on textproc/stringtemplate.

icedtea-web works fine with iDRAC7 java mgmt console.

j.

Index: Makefile
===
RCS file: /cvs/ports/www/icedtea-web/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile17 Jul 2015 21:46:11 -  1.17
+++ Makefile9 Mar 2016 18:22:35 -
@@ -1,9 +1,9 @@
 # $OpenBSD: Makefile,v 1.17 2015/07/17 21:46:11 jasper Exp $
 
+# new releases are reported via 
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/
 SHARED_ONLY =  Yes
 COMMENT =  Java web browser plugin
-DISTNAME = icedtea-web-1.5.2
-REVISION = 0
+DISTNAME = icedtea-web-1.6.2
 CATEGORIES =   www
 
 MAINTAINER =   Landry Breuil 
@@ -26,16 +26,29 @@ MODULES =   java \
 MODJAVA_VER=   1.7+
 
 #build system does horrible things with bash

-RUN_DEPENDS =  shells/bash
+RUN_DEPENDS =  shells/bash \
+   textproc/tagsoup
 BUILD_DEPENDS =${RUN_DEPENDS} \
archivers/zip \
-   devel/xulrunner/24,-devel
+   devel/xulrunner/24,-devel \
+   textproc/gsed \
+   textproc/tagsoup
 
 USE_GMAKE =Yes
 LIB_DEPENDS =  devel/glib2
 WANTLIB += glib-2.0 m stdc++
 
+CONFIGURE_ENV +=   CONFIG_SHELL="${LOCALBASE}/bin/bash"
+
+# bashism and gnu date format for nanoseconds
 post-patch:
${SUBST_CMD} ${WRKSRC}/launcher/launchers.in
+   perl -i -pe 's/\bsed\b/gsed/g;' ${WRKSRC}/html-gen.sh \
+   ${WRKSRC}/Makefile.in
+   perl -i -pe 's/%N//;' ${WRKSRC}/html-gen.sh
+
+post-install:
+   ${INSTALL_DATA_DIR} ${PREFIX}/share/applications
+   ${INSTALL_DATA} ${WRKSRC}/*.desktop ${PREFIX}/share/applications/
 
 .include 
Index: distinfo
===
RCS file: /cvs/ports/www/icedtea-web/distinfo,v
retrieving revision 1.8
diff -u -p -r1.8 distinfo
--- distinfo24 Mar 2015 20:29:10 -  1.8
+++ distinfo9 Mar 2016 18:22:35 -
@@ -1,2 +1,2 @@
-SHA256 (icedtea-web-1.5.2.tar.gz) = 
sp6P8lM8xlIaZQmgAgAfTJfICgBEYAYxVtADiY2hO/M=
-SIZE (icedtea-web-1.5.2.tar.gz) = 1583105
+SHA256 (icedtea-web-1.6.2.tar.gz) = 
zmcDQJbWuWDits+1xBp71rMOsux/E78+zbR3/2zmkwA=
+SIZE (icedtea-web-1.6.2.tar.gz) = 1824557
Index: patches/patch-Makefile_in
===
RCS file: /cvs/ports/www/icedtea-web/patches/patch-Makefile_in,v
retrieving revision 1.8
diff -u -p -r1.8 patch-Makefile_in
--- patches/patch-Makefile_in   17 Jul 2015 21:46:11 -  1.8
+++ patches/patch-Makefile_in   9 Mar 2016 18:22:35 -
@@ -1,11 +1,11 @@
 $OpenBSD: patch-Makefile_in,v 1.8 2015/07/17 21:46:11 jasper Exp $
 javaws/itweb-settings/policyeditor are scripts not programs..
 Makefile.in.orig   Wed Nov 26 17:39:55 2014
-+++ Makefile.inTue Mar 24 21:16:40 2015
-@@ -859,9 +859,9 @@ install-exec-local:
- @ENABLE_PLUGIN_TRUE@  ${INSTALL_DATA} 
$(abs_top_builddir)/liveconnect/lib/classes.jar 
$(DESTDIR)$(datadir)/$(PACKAGE_NAME)/plugin.jar
+--- Makefile.in.orig   Wed Feb  3 14:49:10 2016
 Makefile.inWed Mar  9 18:51:31 2016
+@@ -901,14 +901,14 @@ install-exec-local:
${INSTALL_DATA} $(NETX_DIR)/lib/classes.jar 
$(DESTDIR)$(datadir)/$(PACKAGE_NAME)/netx.jar
${INSTALL_DATA} $(NETX_SRCDIR)/javaws_splash.png 
$(DESTDIR)$(datadir)/$(PACKAGE_NAME)/javaws_splash.png
+   ${INSTALL_DATA} $(abs_top_srcdir)/javaws.png $(ICONS_DEST_DIR)/
 -  ${INSTALL_PROGRAM} launcher.build/$(javaws) $(DESTDIR)$(bindir)
 -  ${INSTALL_PROGRAM} launcher.build/$(itweb_settings) $(DESTDIR)$(bindir)
 -  ${INSTALL_PROGRAM} launcher.build/$(policyeditor) $(DESTDIR)$(bindir)
@@ -13,10 +13,27 @@ javaws/itweb-settings/policyeditor are s
 +  ${INSTALL_SCRIPT} launcher.build/$(itweb_settings) $(DESTDIR)$(bindir)
 +  ${INSTALL_SCRIPT} launcher.build/$(policyeditor) $(DESTDIR)$(bindir)
  
+ # all generated manpages are installed in swarm
  install-data-local:
-   ${mkinstalldirs} -d $(DESTDIR)$(mandir)/man1
-@@ -1075,14 +1075,15 @@ stamps/netx.stamp: netx-source-files.txt stamps/bootst
-   $(NETX_CLASSPATH_ARG) \
+   ${mkinstalldirs} -d $(DESTDIR)$(mandir)
+-  cp -r "$(DOCS_DIR)/man/"* $(DESTDIR)$(mandir)/
++  cp -r "$(DOCS_DIR)/man/"man1 $(DESTDIR)$(mandir)/
+ @ENABLE_DOCS_TRUE@${mkinstalldirs} $(DESTDIR)$(htmldir)
+ @ENABLE_DOCS_TRUE@(cd ${abs_top_builddir}/docs/netx; \
+ @ENABLE_DOCS_TRUE@ for files in $$(find . -type f); \
+@@ -1160,8 +1160,8 @@ stamps/generate-docs.stamp: stamps/netx.stamp
+   echo "$(PLUGIN_VERSION)" > 
"$$HTML_DOCS_INDEX" ; \
+   echo "$(PLUGIN_VERSION) docs:"  >> "$$HTML_DOCS_INDEX" ; 
\
+   

Re: apache-httpd-openbsd pexp conflicts with httpd's one

[Jiri B]

> Or we could say that it's time to remove apache-httpd-openbsd?

OK, but what's approach for apache2 and chroot? No approach or
on a TODO list?

Or is chrooting considered obsolete?

j.

apache-httpd-openbsd pexp conflicts with httpd's one

[Jiri B]

Hi,

apache-httpd-openbsd pexp conflicts with base httpd pexp.

* apache-httpd-openbsd
  pexp="httpd: parent.*"

# ps aux | grep httpd 
www  30230  0.0  1.2 72272 24376 ??  SsSat10PM0:03.16 httpd: parent 
[chroot /var/www] (httpd)
www  13731  0.0  2.3 73008 47032 ??  I Sat10PM0:06.62 httpd: child 
(httpd)
www  10501  0.0  2.3 73076 48188 ??  I Sat10PM0:16.88 httpd: child 
(httpd)
www   9071  0.0  2.0 73000 41832 ??  I Sat10PM0:08.97 httpd: child 
(httpd)
www  17830  0.0  2.0 73088 42236 ??  I Sat10PM0:08.50 httpd: child 
(httpd)
www  29437  0.0  1.9 73004 40296 ??  I Sat10PM0:08.11 httpd: child 
(httpd)
www   4192  0.0  2.4 73080 49128 ??  I Sat10PM0:08.52 httpd: child 
(httpd)
www  29101  0.0  1.9 73016 39592 ??  I Sat10PM0:04.94 httpd: child 
(httpd)
www  23205  0.0  2.0 73016 41852 ??  I Sat10PM0:06.61 httpd: child 
(httpd)
www  17791  0.0  1.6 72876 32588 ??  I Sun01AM0:00.54 httpd: child 
(httpd)
root 25587  0.0  0.0   168   304 p2  R+ 3:23PM0:00.00 grep httpd

* (base) httpd
  pexp="httpd: parent.*"

# ps aux | grep httpd   
root 10695  0.2  0.1  1200  2220 ??  Ssp3:23PM0:00.05 httpd: parent 
(httpd)
www  13344  0.0  0.1   816  1704 ??  Sp 3:23PM0:00.02 httpd: server 
(httpd)
www  15789  0.0  0.1   804  1684 ??  Sp 3:23PM0:00.03 httpd: server 
(httpd)
www   2091  0.1  0.1   944  1840 ??  Sp 3:23PM0:00.02 httpd: logger 
(httpd)
www  25297  0.1  0.1   812  1808 ??  Sp 3:23PM0:00.02 httpd: server 
(httpd)
root 11960  0.0  0.0   164   308 p2  R+ 3:23PM0:00.00 grep httpd

Well, maybe we should modify apache-httpd-openbsd process name to
httpd1 to mimic what we do for apache2?

j.

Re: UPDATE: devel/intellij 15.0.4

[Jiri B]

On Sun, Mar 06, 2016 at 10:36:10PM +0100, Caspar Schutijser wrote:
> Hi ports@,
> 
> Below is an update of devel/intellij to 15.0.4. I tested it on amd64,
> works fine for me.

Not sure how you did your tests but intellij is far from being
fully functional on OpenBSD.

See https://github.com/idea4bsd

* fsnotifier has some issues
* i could not run virtualenv from idea
* iiuc breakgen should not work too
* cannot be built from source by default

There's a lot of checking for OS type in java code, and mostly
there's Windows, Linux, MacOS and little bit of FreeBSD.

j.

pkg_add (_pfetch) - Permission denied for /root/.netrc

[Jiri B]

Hi,

I did quick install and then I executed 'pkg_add -iv $packages'
under root user.

The output get spammed with:

ftp: /root/.netrc: Permission denied

IIUC this is caused by 'drop_priviledge_and_setup_env' function
in PackageRepository.pm which changes uid to '_pfetch' which
spawns /bin/sh that cannot access root's homedir.

OpenBSD 5.9 #1880 Sat Feb 20 2016

* su - root
* export PKG_PATH=$path
* pkg_add -vi $package
* observe terminal

j.

Re: devel/intellj - pty4j

[Jiri B]

On Thu, Feb 18, 2016 at 09:29:58AM +0300, Vadim Zhukov wrote:
> Thank you! I started working on pty4j and some related libs which are used
> in IDEA, but didn't finish this work. Your patch should speed up things.
> 
> The problem is that IDEA bundles quiet a few libraries, like pty4j. We
> generally don't like such bundling. I thought about replacing binaries
> within IDEA directory by symlinks and/or files from pty4j package, to avoid
> double patching...
> 
> Anyway, since we're almost locked now, I'll keep an eye on pty4j and see
> what could be done after unlock. My plan is to finish KDE5/Wayland first,
> though: one big fat port at a time. :)

FYI remote debugging via pydev and native libs is relevant for Ultimate
edition. We do community and I can't have access to Ultimate one anymore.

I'll check fsnotifier as I got a diff from JetBrains' employee.

KDE5/Wayland... Wow, thank you for your great work!

j.

Re: (py-)selenium continues...

[Jiri B]

On Sun, Feb 14, 2016 at 06:22:00PM +0100, frantisek holop wrote:
> Jiri B, 13 Feb 2016 16:50:
> > $ pkg_info -L py-selenium | grep .so$
> > /usr/local/lib/python2.7/site-packages/selenium/webdriver/firefox/amd64/x_ignore_nofocus.so
> > /usr/local/lib/python2.7/site-packages/selenium/webdriver/firefox/x86/x_ignore_nofocus.so
> > 
> > These are Linux libs.
> > 
> > I used to try to build the lib myself, not sure if still relevant and even
> > not sure if building that lib is correct:
> 
> these files are harmless and not used.
> https://github.com/SeleniumHQ/selenium/wiki/Native-Events-On-Linux

ACK.

FYI I could open FF via webdriver.Firefox and also via webdriver.Remote to
local (standalone) hub with Xvfb where DISPLAY value is passed to selenium
as 'setenv=DISPLAY=\c1' from login.conf.

Thanks!

j.

Re: devel/intellj - pty4j

[Jiri B]

On Wed, Feb 17, 2016 at 03:42:55PM -0500, Jiri B wrote:
> [...]
> With little changes I could build OpenBSD native lib and jar
> for pty4j
> 
> https://github.com/traff/pty4j
> 
> pty4j seems little bit sleeping, there's waiting pull request for
> FreeBSD support. Not sure if submitting another pull request for
> OpenBSD would help then :)

It was not correct, FreeBSD support was merged and they merged
my copy of FreeBSD support.
https://github.com/traff/pty4j/pull/28#event-554339235

I don't like how they do that but..., it's in.

j.

devel/intellj - pty4j

[Jiri B]

Hi,

OpenBSD port of intellj contains native libs for other OSes for
pty4j.

/usr/local/intellij/lib/libpty/linux/x86/libpty.so
/usr/local/intellij/lib/libpty/linux/x86_64/libpty.so
/usr/local/intellij/lib/libpty/macosx/x86/libpty.dylib
/usr/local/intellij/lib/libpty/macosx/x86_64/libpty.dylib
/usr/local/intellij/lib/libpty/win/x86/libwinpty.dll
/usr/local/intellij/lib/libpty/win/x86/winpty-agent.exe
/usr/local/intellij/lib/libpty/win/x86_64/cyglaunch.exe
/usr/local/intellij/lib/libpty/win/x86_64/libwinpty.dll
/usr/local/intellij/lib/libpty/win/x86_64/winpty-agent.exe
/usr/local/intellij/lib/libpty/win/xp/libwinpty.dll
/usr/local/intellij/lib/libpty/win/xp/winpty-agent.exe

I discoverd this while comparing content of intellj and pycharm
upstream tarballs.

With little changes I could build OpenBSD native lib and jar
for pty4j

https://github.com/traff/pty4j

pty4j seems little bit sleeping, there's waiting pull request for
FreeBSD support. Not sure if submitting another pull request for
OpenBSD would help then :)

Thus, maybe it would make sense to delete those above libs and
not care, or to make some post-build kung-fu to build libpty.so and
pty4j for OpenBSD.

I'm not really idea/pycharm user, thus I can't do real tests.

j.

Re: pytidylib

[Jiri B]

And now with attachment :)

On Mon, Feb 15, 2016 at 10:44:57AM -0500, Jiri B wrote:
> A python wrapper against libtidy(p).
> 
> Maybe to useful to reconsider after ports unlock.
> 
> $ env LD_DEBUG=1 python2.7 -c "import tidylib" 2>&1 | grep tidy
> dlopen: loading: libtidyp.so
>  flags /usr/local/lib/libtidyp.so.0.0 = 0x0
> head /usr/local/lib/libtidyp.so.0.0
> obj /usr/local/lib/libtidyp.so.0.0 has /usr/local/lib/libtidyp.so.0.0 as head
> linking /usr/local/lib/libtidyp.so.0.0 as dlopen()ed
> head [/usr/local/lib/libtidyp.so.0.0]
> examining: '/usr/local/lib/libtidyp.so.0.0'
> tail /usr/local/lib/libtidyp.so.0.0
> doing ctors obj 0x1e8a91b3ac00 @0x1e8aa134c380: 
> [/usr/local/lib/libtidyp.so.0.0]
> dlopen: libtidyp.so: done (success).
> dlsym: tidyCreate in /usr/local/lib/libtidyp.so.0.0: 0x1e8aa1372360
> doing dtors obj 0x1e8a91b3ac00 @0x1e8aa1372570: 
> [/usr/local/lib/libtidyp.so.0.0]
> 
> And little test (from official doc):
> 
> $ python2.7 -c "from tidylib import tidy_document; doc, errors = 
> tidy_document('''fo ''', 
> options={'numeric-entities':1}); print(doc); print(errors)"
> 
> 
>   
> 
>   
>   
> 
>   fo 
> 
>   
> 
> 
> line 1 column 1 - Warning: missing  declaration
> line 1 column 1 - Warning: inserting implicit 
> line 1 column 1 - Warning: inserting missing 'title' element
> line 1 column 15 - Warning:  lacks "alt" attribute
> 
> j.
> 


pytidylib.tar.gz
Description: application/tar-gz

pytidylib

[Jiri B]

A python wrapper against libtidy(p).

Maybe to useful to reconsider after ports unlock.

$ env LD_DEBUG=1 python2.7 -c "import tidylib" 2>&1 | grep tidy
dlopen: loading: libtidyp.so
 flags /usr/local/lib/libtidyp.so.0.0 = 0x0
head /usr/local/lib/libtidyp.so.0.0
obj /usr/local/lib/libtidyp.so.0.0 has /usr/local/lib/libtidyp.so.0.0 as head
linking /usr/local/lib/libtidyp.so.0.0 as dlopen()ed
head [/usr/local/lib/libtidyp.so.0.0]
examining: '/usr/local/lib/libtidyp.so.0.0'
tail /usr/local/lib/libtidyp.so.0.0
doing ctors obj 0x1e8a91b3ac00 @0x1e8aa134c380: [/usr/local/lib/libtidyp.so.0.0]
dlopen: libtidyp.so: done (success).
dlsym: tidyCreate in /usr/local/lib/libtidyp.so.0.0: 0x1e8aa1372360
doing dtors obj 0x1e8a91b3ac00 @0x1e8aa1372570: [/usr/local/lib/libtidyp.so.0.0]

And little test (from official doc):

$ python2.7 -c "from tidylib import tidy_document; doc, errors = 
tidy_document('''fo ''', 
options={'numeric-entities':1}); print(doc); print(errors)"


  

  
  

  fo 

  


line 1 column 1 - Warning: missing  declaration
line 1 column 1 - Warning: inserting implicit 
line 1 column 1 - Warning: inserting missing 'title' element
line 1 column 15 - Warning:  lacks "alt" attribute

j.

(py-)selenium continues...

[Jiri B]

Hi,

some comments about your (py-)selenium ports from June '15 [1]:

$ pkg_info -L py-selenium | grep .so$
/usr/local/lib/python2.7/site-packages/selenium/webdriver/firefox/amd64/x_ignore_nofocus.so
/usr/local/lib/python2.7/site-packages/selenium/webdriver/firefox/x86/x_ignore_nofocus.so

These are Linux libs.

I used to try to build the lib myself, not sure if still relevant and even
not sure if building that lib is correct:

--- /home/jirib/Downloads/py-selenium/Makefile  Mon Jun 22 22:02:43 2015
+++ MakefileSat Feb 13 22:42:13 2016
@ -10,6 +10,15 @@ CATEGORIES = www devel
 HOMEPAGE = http://www.seleniumhq.org/
 MAINTAINER =   frantisek holop 
 
+# XXX: clarify
+MASTER_SITES0 = 
http://selenium.googlecode.com/svn/tags/selenium-2.28.0/cpp/linux-specific/
+
+DIST_SUBDIR =  py-selenium
+EXTRACT_ONLY = ${DISTNAME}${EXTRACT_SUFX}
+DISTFILES =${DISTNAME}${EXTRACT_SUFX} \
+   print_events.h:0 \
+   x_ignore_nofocus.c:0
+
 MODPY_PI = Yes
 
 # Apache
@ -17,5 +26,23 @@ PERMIT_PACKAGE_CDROM =   Yes
 
 MODULES =  lang/python
 MODPY_SETUPTOOLS = Yes
+
+post-extract:
+   cp ${DISTDIR}/${DIST_SUBDIR}/*.[ch] \
+   ${WRKSRC}/
+   perl -i -pe 's,elf.h,libelf/libelf.h,' \
+   ${WRKSRC}/x_ignore_nofocus.c
+
+post-build:
+   cd ${WRKSRC} && \
+   ${CC} ${CFLAGS} -shared -fPIC -I${LOCALBASE}/include -L${LOCALBASE}/lib 
\
+   -I${X11BASE}/include -L${X11BASE}/lib \
+   -o x_ignore_nofocus.so x_ignore_nofocus.c -lelf
+
+post-install:
+   rm -rf ${DESTDIR}${MODPY_SITEPKG}/selenium/webdriver/firefox/{x86,amd64}
+   ${INSTALL_DATA_DIR} 
${DESTDIR}${MODPY_SITEPKG}/selenium/webdriver/firefox/${ARCH}/
+   ${INSTALL_DATA} ${WRKSRC}/x_ignore_nofocus.so \
+   ${DESTDIR}${MODPY_SITEPKG}/selenium/webdriver/firefox/${ARCH}/
 
 .include 

I still have problem to use both local Firefox. Using OpenBSD Firefox via
remote I still can't make it run with Xvfb. Any alternative? A VNC server?

I tried py-selenium with phantomjs and it works, but my test was very primitive
as I'm very beginner.

IMO rc script would be nice. One can put DISPLAY in setenv in login.conf
and have selenium working with a display (just theory). rc script would also
help to maintain multiple hub instances (symlinks)...

Thanks for working on (py-)selenium.

j.

[1] http://marc.info/?l=openbsd-ports=143500635028523=2

Re: (py-)selenium continues...

[Jiri B]

Plus, I don't see the point to have version in jar filename
for selenium port.

j.

why no php modules for ap2 flavor?

[Jiri B]

Hi,

why don't we build php modules for ap2 flavor?

revision 1.35
date: 2012/11/30 12:56:02;  author: sthen;  state: Exp;  lines: +5 -1;
For the ap2 flavour, strip the unwanted subpackages from MULTI_PACKAGES rather
than BUILD_PACKAGES (which is for pseudo-flavours). Reported by naddy.

j.

py-sip, python3 flavor

[Jiri B]

Something like this? I still don't have real working app to test it.
A PLIST hack to keep ${LOCALBASE}/bin/sip... I don't know any other
way to not-conflict between python flavors.

j.

~~~
--- Makefile20 Aug 2015 10:02:25 -  1.29
+++ Makefile7 Feb 2016 12:18:06 -
@ -36,9 +36,15 @@ CONFIGURE_ARGS=  -b ${PREFIX}/bin \
 
 NO_TEST=   Yes
 
+FLAVORS=   python3
+FLAVOR?=
+
+SUBST_VARS=MODPY_MAJOR_VERSION MODPY_LIB_SUFFIX
+
 post-install:
${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py ${WRKINST}${MODPY_SITEPKG}
-   ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/py-sip
-   ${INSTALL_DATA} ${WRKSRC}/doc/html/_sources/* ${PREFIX}/share/doc/py-sip
+   ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/${MODPY_PY_PREFIX}sip
+   ${INSTALL_DATA} ${WRKSRC}/doc/html/_sources/* 
${PREFIX}/share/doc/${MODPY_PY_PREFIX}sip
+   mv ${WRKINST}${TRUEPREFIX}/bin/sip 
${WRKINST}${TRUEPREFIX}/bin/python${MODPY_MAJOR_VERSION}-sip
 
 .include 
Index: pkg/PLIST
===
RCS file: /cvs/ports/devel/py-sip/pkg/PLIST,v
retrieving revision 1.6
diff -u -p -r1.6 PLIST
--- pkg/PLIST   26 Jun 2015 13:03:36 -  1.6
+++ pkg/PLIST   7 Feb 2016 12:18:06 -
@ -1,11 +1,12 @@
 @comment $OpenBSD: PLIST,v 1.6 2015/06/26 13:03:36 ajacoutot Exp $
-@bin bin/sip
-include/python${MODPY_VERSION}/sip.h
+@bin bin/python${MODPY_MAJOR_VERSION}-sip
+include/python${MODPY_VERSION}${MODPY_LIB_SUFFIX}/sip.h
+lib/python${MODPY_VERSION}/site-packages/${MODPY_PYCACHE}/
+${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/${MODPY_PYCACHE}sipconfig.${MODPY_PYC_MAGIC_TAG}pyc
+${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/${MODPY_PYCACHE}sipdistutils.${MODPY_PYC_MAGIC_TAG}pyc
 lib/python${MODPY_VERSION}/site-packages/sip.so
 lib/python${MODPY_VERSION}/site-packages/sipconfig.py
-lib/python${MODPY_VERSION}/site-packages/sipconfig.pyc
 lib/python${MODPY_VERSION}/site-packages/sipdistutils.py
-lib/python${MODPY_VERSION}/site-packages/sipdistutils.pyc
 share/doc/${MODPY_PY_PREFIX}sip/
 share/doc/${MODPY_PY_PREFIX}sip/annotations.txt
 share/doc/${MODPY_PY_PREFIX}sip/build_system.txt
@ -21,3 +22,5 @@ share/doc/${MODPY_PY_PREFIX}sip/introduc
 share/doc/${MODPY_PY_PREFIX}sip/python_api.txt
 share/doc/${MODPY_PY_PREFIX}sip/specification_files.txt
 share/doc/${MODPY_PY_PREFIX}sip/using.txt
+@exec if [ -e "${LOCALBASE}/bin/python2-sip"  ]; then ln -sf python2-sip 
${LOCALBASE}/bin/sip; fi
+@extraunexec if [ -e "${LOCALBASE}/bin/python2-sip"  ]; then rm -f 
${LOCALBASE}/bin/sip; fi
~~~

help to build curl,-kerberos

[Jiri B]

I have an app which uses kerberos via py-curl -> curl. But I have a
problem to build curl with kerberos. Any advice?

j.

$ env FLAVOR=kerberos make
...
configure: error: one or more libs available at link-time are not available 
run-time. Libs used at link-time:  -lnghttp2  -lidn -L/usr/local/heimdal/lib 
-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lwind -lheimbase 
-lroken -pthread -pthread -lz

My WIP diff below:

~~~
Index: Makefile
===
RCS file: /cvs/ports/net/curl/Makefile,v
retrieving revision 1.114
diff -u -p -r1.114 Makefile
--- Makefile29 Jan 2016 23:52:24 -  1.114
+++ Makefile7 Feb 2016 12:45:38 -
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.114 2016/01/29 23:52:24 naddy Exp $
+# $OpenBSD: Makefile,v 1.113 2016/01/01 22:17:05 naddy Exp $
 
 COMMENT=   get files from FTP, Gopher, HTTP or HTTPS servers
 
@ -23,6 +23,9 @@ LIB_DEPENDS=  devel/libidn \
www/nghttp2
 WANTLIB=   c crypto idn nghttp2 ssl z
 
+FLAVORS=   kerberos
+FLAVOR?=
+
 SEPARATE_BUILD=Yes
 CONFIGURE_STYLE=gnu
 CONFIGURE_ARGS=${CONFIGURE_SHARED} \
@ -38,6 +41,13 @@ CONFIGURE_ENV+= \
 curl_cv_func_recv_args="int,void *,size_t,int,ssize_t" \
 curl_cv_func_send_args="int,const void *,size_t,int,ssize_t" \
 curl_cv_func_getnameinfo_args="const struct sockaddr 
*,socklen_t,size_t,int"
+
+.if ${FLAVOR:Mkerberos}
+CONFIGURE_ARGS+=   --with-gssapi=${LOCALBASE}/heimdal
+CONFIGURE_ENV+=CPPFLAGS="-I${LOCALBASE}/heimdal/include" \
+   LDFLAGS="-L${LOCALBASE}/heimdal/lib"
+LIB_DEPENS+=   security/heimdal,-libs
+.endif
 
 # Note:
 # use ulimit -p 256 for test
~~~

And 'env FLAVOR=kerberos make configure':

~~~
===>  Configuring for curl-7.46.0-kerberos
Using /home/jirib/openbsd/pobj/curl-7.46.0-kerberos/config.site (generated)
configure: loading site script 
/home/jirib/openbsd/pobj/curl-7.46.0-kerberos/config.site
checking whether to enable maintainer-specific portions of Makefiles... no
checking whether make supports nested variables... yes
checking whether to enable debug build options... no
checking whether to enable compiler optimizer... (assumed) yes
checking whether to enable strict compiler warnings... no
checking whether to enable compiler warnings as errors... no
checking whether to enable curl debug memory tracking... no
checking whether to enable hiding of library internal symbols... yes
checking whether to enable c-ares for DNS lookups... no
checking whether to disable dependency on -lrt... (assumed no)
checking for path separator... :
checking for grep... (cached) /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ar... /usr/bin/ar
checking for a BSD-compatible install... 
/home/jirib/openbsd/pobj/curl-7.46.0-kerberos/bin/install -c 
checking for gcc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... (cached) o
checking whether we are using the GNU C compiler... (cached) yes
checking whether cc accepts -g... (cached) yes
checking for cc option to accept ISO C89... none needed
checking whether cc understands -c and -o together... yes
checking how to run the C preprocessor... cc -E
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... mkdir -p
checking for gawk... (cached) awk
checking whether make sets $(MAKE)... (cached) yes
checking for style of include used by make... GNU
checking dependency style of cc... gcc3
checking curl version... 7.46.0
checking build system type... x86_64-unknown-openbsd5.9
checking host system type... x86_64-unknown-openbsd5.9
checking for sys/types.h... (cached) yes
checking for stdint.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for grep that handles long lines and -e... (cached) /usr/bin/grep
checking for egrep... (cached) /usr/bin/egrep
checking for ANSI C header files... (cached) yes
checking for sys/types.h... (cached) yes
checking for sys/stat.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for memory.h... (cached) yes
checking for strings.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for stdint.h... (cached) yes
checking for unistd.h... (cached) yes
checking size of long... 8
checking size of void*... 8
checking for 64-bit curl_off_t data type... long
checking size of curl_off_t... 8
checking formatting string directive for curl_off_t... "ld"
checking formatting string directive for unsigned curl_off_t... "lu"
checking constant suffix string for curl_off_t... L
checking constant suffix string for unsigned curl_off_t... UL
checking if OS is AIX (to define _ALL_SOURCE)... no
checking if _THREAD_SAFE is already defined... no
checking if _THREAD_SAFE is actually 

subtitleeditor-0.52.1p1 core dumps with every 'quit'

[Jiri B]

I tried to open subtitleeditor and it core dumps with every 'quit' of
the application itself. (Not sure what's that warning about dbus, every other
app works OK.)

Any other info I should provide?

j.


$ subtitleeditor /mnt/Gomorra.La.Serie.1x03.iTA.5.1.HDTV.x264-NOiR.srt  

  

** (subtitleeditor:28837): WARNING **: Couldn't register with accessibility 
bus: Did not receive a reply. Possible causes include: the remote application 
did not send a reply, the message bus security policy blocked the reply, the 
reply timeout expired, or the network connection was broken.
Config::Config >  g

** (subtitleeditor:28837): CRITICAL **: bool Config::get_value_bool(const 
Glib::ustring&, const Glib::ustring&): assertion 'state' failed

** (subtitleeditor:28837): CRITICAL **: int Config::get_value_int(const 
Glib::ustring&, const Glib::ustring&): assertion 'state' failed

** (subtitleeditor:28837): CRITICAL **: int Config::get_value_int(const 
Glib::ustring&, const Glib::ustring&): assertion 'state' failed

** (subtitleeditor:28837): CRITICAL **: bool from_string(const Glib::ustring&, 
T&) [with T = bool]: assertion 'state' failed

** (subtitleeditor:28837): CRITICAL **: bool from_string(const Glib::ustring&, 
T&) [with T = bool]: assertion 'state' failed

** (subtitleeditor:28837): CRITICAL **: bool Config::get_value_bool(const 
Glib::ustring&, const Glib::ustring&): assertion 'state' failed
Segmentation fault (core dumped)

$ sysctl kern.version ; pkg_info | grep subtitleeditor
kern.version=OpenBSD 5.9-beta (GENERIC.MP) #1862: Thu Jan 21 18:48:14 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

subtitleeditor-0.52.1p1 GTK+ subtitles editor

~~~
#0  0x03a7719dcb76 in ?? ()
No symbol table info available.
#1  0x03a79dc12685 in VideoPlayerManagement::remove_menu_audio_track 
(this=0x3a6dce984c0) at videoplayermanagement.cc:594
__FUNCTION__ = "remove_menu_audio_track"
#2  0x03a79dc1033f in VideoPlayerManagement::deactivate 
(this=0x3a6dce984c0) at videoplayermanagement.cc:439
__FUNCTION__ = "deactivate"
ui = {pCppObject_ = 0x3a6e36ba2c0}
#3  0x03a79dc0b6b6 in VideoPlayerManagement::~VideoPlayerManagement 
(this=0x3a6dce984c0, __in_chrg=) at videoplayermanagement.cc:44
No locals.
#4  0x03a79dc0b712 in VideoPlayerManagement::~VideoPlayerManagement 
(this=0x3a6dce984c0, __in_chrg=) at videoplayermanagement.cc:45
No locals.
#5  0x03a760dd0159 in ExtensionInfo::~ExtensionInfo (this=0x3a6fa327680, 
__in_chrg=) at extensioninfo.cc:48
No locals.
#6  0x03a760dd0ac1 in ExtensionManager::destroy_extensions 
(this=0x3a7612d3000 ) at 
extensionmanager.cc:106
it = {_M_node = 0x3a6cf65a5c0}
__FUNCTION__ = "destroy_extensions"
list = { 
>> = {_M_impl = { >> = 
{<__gnu_cxx::new_allocator >> = {}, }, _M_node = {_M_next = 0x3a76d65fce0, _M_prev = 
0x3a7228036a0}}}, }
#7  0x03a4b3d35feb in Application::~Application (this=0x3a758808a00, 
__in_chrg=, __vtt_parm=) at gui/application.cc:134
path_se_accelmap = {static npos = 18446744073709551615, string_ = 
{static npos = , _M_dataplus = { = 
{<__gnu_cxx::new_allocator> = {}, }, _M_p 
= 0x3a79449ed18 "/home/jirib/.config/subtitleeditor/default/accelmap"}}}
#8  0x03a4b3d3610c in Application::~Application (this=0x3a758808a00, 
__in_chrg=, __vtt_parm=) at gui/application.cc:135
No locals.
#9  0x03a4b3d468b1 in main (argc=1, argv=0x7f7c71b8) at main.cc:109
kit = 
options = { = {}, files = 
{> = {_M_impl 
= { = {<__gnu_cxx::new_allocator> 
= {}, }, _M_start = 0x3a6eac5f660, _M_finish = 
0x3a6eac5f668, _M_end_of_storage = 0x3a6eac5f668}}, }, 
files_list = {> = {_M_impl = { = 
{<__gnu_cxx::new_allocator> = {}, }, _M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}}, }, profile = {static npos = 18446744073709551615, string_ = {static npos 
= , _M_dataplus = { = 
{<__gnu_cxx::new_allocator> = {}, }, _M_p 
= 0x3a76bb47838  ""}}}, encoding = 
{static npos = 18446744073709551615, string_ = {static npos = , 
_M_dataplus = { = {<__gnu_cxx::new_allocator> = 
{}, }, _M_p = 0x3a76bb47838 
 ""}}}, video = {static npos = 
18446744073709551615, string_ = {static npos = , _M_dataplus = 
{ = {<__gnu_cxx::new_allocator> = {}, }, _M_p = 0x3a76bb47838 
 ""}}}, waveform = {static npos = 
18446744073709551615, string_ = {static 

Re: py-qt5 - something wrong with pre-configure condition

[Jiri B]

On Sun, Feb 07, 2016 at 01:55:24PM +, Stuart Henderson wrote:
> On 2016/02/07 07:16, Jiri B wrote:
> > IMO there's something wrong with 'pre-configure' block in py-qt5, I've
> > discovered it while working on python3 flavor (install part fails as
> > it is working with python2 syntax [except IOError, e...]).
> 
> That was just copied from py-qt4, it probably won't work for py3 there
> either, as you can see none of these ports support py3 as-is.
> 
> As things stand, it's just expected that py2 works.

Thanks. I have solved it for myself for now like this:

$ sed -n '/^pre-configure/,$p' Makefile 
pre-configure:
.if ${FLAVOR:Mpython3}
rm -fr ${WRKSRC}/pyuic/uic/port_v2
.else
rm -fr ${WRKSRC}/pyuic/uic/port_v3
.endif


post-install:
mv ${WRKINST}${TRUEPREFIX}/bin/pylupdate5 
${WRKINST}${TRUEPREFIX}/bin/pylupdate5${MODPY_BIN_SUFFIX}
mv ${WRKINST}${TRUEPREFIX}/bin/pyrcc5 
${WRKINST}${TRUEPREFIX}/bin/pyrcc5${MODPY_BIN_SUFFIX}
mv ${WRKINST}${TRUEPREFIX}/bin/pyuic5 
${WRKINST}${TRUEPREFIX}/bin/pyuic5${MODPY_BIN_SUFFIX}
${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py ${WRKINST}/${MODPY_SITEPKG}
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/${MODPY_PY_PREFIX}qt5
cp -R ${WRKSRC}/doc/* ${PREFIX}/share/doc/${MODPY_PY_PREFIX}qt5
chown -R ${SHAREOWN}:${SHAREGRP} 
${PREFIX}/share/doc/${MODPY_PY_PREFIX}qt5/*

.include 

But... There's 'share/sip' subdir :/ Fedora packages it only for
python2 and IIUC we don't have MODPY_COMMENT-like trick for python3
(thus to make python3 flavor to ignore it).

In PLIST I changed:

+@bin bin/pylupdate5${MODPY_BIN_SUFFIX}
+@bin bin/pyrcc5${MODPY_BIN_SUFFIX}
+bin/pyuic5${MODPY_BIN_SUFFIX}

plus commented out with MODPY_COMMENT '${MODPY_PYCACHE}/' lines.

I tried to open PanConvert (an QT5 GUI for pandoc converter) and it
opens the main windows.

j.

libvirt pulls wireshark

[Jiri B]

We need to explicitly disable pulling of wireshark inside libvirt port
or if not, libvirt port should has subpackage (as Fedora[1] does) for
wireshark dissector plugin (IMO not much used on OpenBSD).

j.

[1] https://pkgs.fedoraproject.org/cgit/rpms/libvirt.git/tree/libvirt.spec

...
configure: wireshark_dissector: yes (CFLAGS='-I/usr/local/include/wireshark' 
LIBS='-L/usr/local/lib -lwireshark')
...
configure: Wireshark dissector: yes
...
mkdir -p wireshark/src/libvirt
cd wireshark/src && \
LIBVIRT_VERSION=1.3.1 \
  /usr/bin/perl 
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/tools/wireshark/util/genxdrstub.pl
 \
  
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/src/remote/remote_protocol.x
 
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/src/remote/qemu_protocol.x 
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/src/remote/lxc_protocol.x 
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/src/rpc/virkeepaliveprotocol.x
Use of uninitialized value in subroutine entry at 
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/tools/wireshark/util/genxdrstub.pl
 line 580.
Cannot open file /libvirt/remote.h: No such file or directory at 
/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/tools/wireshark/util/genxdrstub.pl
 line 581.
Makefile:3200: recipe for target 'wireshark/src/libvirt/protocol.h' failed
gmake[3]: *** [wireshark/src/libvirt/protocol.h] Error 2
gmake[3]: Leaving directory 
'/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/tools'
Makefile:2105: recipe for target 'all' failed
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory 
'/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1/tools'
Makefile:2004: recipe for target 'all-recursive' failed
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory 
'/home/jirib/openbsd/pobj/libvirt-1.3.1/libvirt-1.3.1'
Makefile:1899: recipe for target 'all' failed
gmake: *** [all] Error 2
*** Error 2 in . 
(/home/jirib/cvs/openbsd-ports/infrastructure/mk/bsd.port.mk:2773 
'/home/jirib/openbsd/pobj/libvirt-1.3.1/.build_done')
*** Error 1 in /usr/ports/sysutils/libvirt 
(/home/jirib/cvs/openbsd-ports/infrastructure/mk/bsd.port.mk:2495 'all')

~~~
Index: Makefile
===
RCS file: /cvs/ports/sysutils/libvirt/Makefile,v
retrieving revision 1.46
diff -u -p -r1.46 Makefile
--- Makefile17 Jan 2016 14:25:12 -  1.46
+++ Makefile7 Feb 2016 23:05:05 -
@ -3,7 +3,7 @@
 COMMENT=   tool/library for managing platform virtualization
 
 DISTNAME=  libvirt-1.3.1
-REVISION=  0
+REVISION=  1
 CATEGORIES=sysutils devel
 
 SHARED_LIBS += virt-qemu 0.4 # 1003.0
@ -49,6 +49,7 @@ CONFIGURE_ARGS+=  ${CONFIGURE_SHARED} \
--without-netcf \
--without-network \
--without-login-shell \
+   --without-wireshark-dissector \
 # OpenBSD can't act as a virtualization host, so no need for libvirtd.
 # If support is added, subtitute /var/lib/{xen,virt,libvirt,...} with /var/db
 CONFIGURE_ARGS+=   --without-libvirtd
~~~

Re: [NEW] ovirt-engine-cli and its deps

[Jiri B]

On Wed, Feb 03, 2016 at 09:40:04AM -0500, Jiri B wrote:
> new ovirt-engine-cli port in attachment, it's CLI for oVirt
> Engine (or Red Hat Enterprise Virtualization Manager).
> 
> I'm using it daily and I can maintain ovirt-engine-cli
> and py-ovirt-engine-sdk.

New tarballs in attachment, I had error in MASTER_SITES
which I didn't discover as I had distfiles already donwloaded.

Diffs are waiting for upstream acceptance.

j.







py-ply.tar.gz
Description: application/tar-gz


py-kitchen.tar.gz
Description: application/tar-gz


py-ovirt-engine-sdk.tar.gz
Description: application/tar-gz


ovirt-engine-cli.tar.gz
Description: application/tar-gz

rpm-3.0.6p7 core dumps while installing a rpm

[Jiri B]

Hi,

rpm core dumps when "installing" a rpm[1]:

rpm-3.0.6p7
kern.version=OpenBSD 5.9-beta (GENERIC.MP) #1862: Thu Jan 21 18:48:14 MST 2016

Steps to reproduce:
* mkdir -p /tmp/rpm/var/lib/rpm
* rpm -ivv --ignoreos --ignorearch --nodeps --dbpath /var/lib/rpm --root 
/tmp/rpm /tmp/ovirt-release36.rpm

j.

#0  0x0a22c6ae489a in thrkill () at :2
No locals.
#1  0x0a22c6adff59 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
mask = 4294967263
sa = {__sigaction_u = {__sa_handler = 0xe, __sa_sigaction = 0xe}, 
sa_mask = 3334369443, sa_flags = 2594}
#2  0x0a22c6ac2299 in wrterror (msg=0xa22c6beb398 "use after free", 
p=0xa22efb484a0) at /usr/src/lib/libc/stdlib/malloc.c:283
iov = {{iov_base = 0xa209d985ae0 <__progname_storage>, iov_len = 3}, 
{iov_base = 0x7f7ea990, iov_len = 10}, {iov_base = 0xa22c6beb3a7, iov_len = 
7}, {iov_base = 0xa22c6bec2b0, iov_len = 8}, {iov_base = 0xa22c6beb398, iov_len 
= 14}, {iov_base = 0x7f7ea970, iov_len = 14}, {iov_base = 0xa22c6be70a3, 
iov_len = 1}}
pidbuf = "(9436) in \000\235 \n\000\000,\024\360\306"
buf = " 0xa22efb484a0\000\271,\024\360\306"
saved_errno = 2
#3  0x0a22c6ac386c in validate_junk (p=) at 
/usr/src/lib/libc/stdlib/malloc.c:1235
r = 
pool = 
byte = 0
sz = 11144478476442
#4  ofree (p=0xa22efb484a0) at /usr/src/lib/libc/stdlib/malloc.c:1306
i = 9
pool = 0xa22f30846c0
r = 
sz = 
#5  0x0a22c6ac390e in free (ptr=0xa2399bc59c0) at 
/usr/src/lib/libc/stdlib/malloc.c:1340
saved_errno = 2
#6  0x0a209d52c3ed in headerFree (h=0xa22fc192700) at 
/home/jirib/openbsd/pobj/rpm-3.0.6/rpm-3.0.6/lib/header.c:985
i = 3
#7  0x0a209d524525 in alFree (al=0xa22ab554918) at 
/home/jirib/openbsd/pobj/rpm-3.0.6/rpm-3.0.6/lib/depends.c:111
i = 0
r = 0xa
#8  0x0a209d52643d in rpmtransFree (rpmdep=0xa22ab554900) at 
/home/jirib/openbsd/pobj/rpm-3.0.6/rpm-3.0.6/lib/depends.c:718
addedPackages = 0xa22ab554918
availablePackages = 0xa22ab554948
#9  0x0a209d542cd0 in rpmInstall (rootdir=0xa2399bc55b0 "/tmp/rpm", 
fileArgv=0xa22c38cde80, transFlags=0, interfaceFlags=4, probFilter=3, 
relocations=0x0) at 
/home/jirib/openbsd/pobj/rpm-3.0.6/rpm-3.0.6/lib/rpminstall.c:390
db = 0xa2391a84c80
fd = 0xa235b2e3a00
i = 1
mode = 514
rc = -1
major = 3
pkgURL = 0xa237b836ce0
tmppkgURL = 0xa237b836de0
fileURL = 0xa237b836ce8
numPkgs = 1
numTmpPkgs = 0
numRPMS = 1
numSRPMS = 0
numFailed = 1
h = 0xa22fc192700
isSource = 0
rpmdep = 0xa22ab554900
numConflicts = 286385781
stopInstall = 0
notifyFlags = 20
dbIsOpen = 1
sourceURL = 0x7f7eab10
defaultReloc = 0x0
#10 0x0a209d50d37b in main (argc=10, argv=0x7f7eaee8) at 
/home/jirib/openbsd/pobj/rpm-3.0.6/rpm-3.0.6/rpm.c:1395
bigMode = MODE_INSTALL
qva = 0xa209d97d000 
ba = 0xa209d97d020 
QVSource = RPMQV_PACKAGE
arg = -1
installFlags = 0
uninstallFlags = 0
interfaceFlags = 4
gotDbpath = 1
verifyFlags = -86208
checksigFlags = 0
timeCheck = 0
addSign = 0
specFile = 0x7f7eaf40 "q\260\376\377\177\177"
tce = 0xe675574635ab 
passPhrase = 0xa209d665798 ""
cookie = 0x0
optArg = 0xa237b836770 "/var/lib/rpm"
pipeChild = 0
pkg = 0x8 
errString = 0x0
optCon = 0xa236f598800
infoCommand = {0xa209d667f3b "--info", 0x0}
installCommand = {0xa209d667f42 "--install", 0x0}
ec = 0
status = -1177988376
p = {0, 0}
relocations = 0x0
numRelocations = 0
sigTag = 2594
upgrade = 0
freshen = 0
probFilter = 3

[1] http://resources.ovirt.org/pub/yum-repo/ovirt-release36.rpm

[NEW] ovirt-engine-cli and its deps

[Jiri B]

Hi,

new ovirt-engine-cli port in attachment, it's CLI for oVirt
Engine (or Red Hat Enterprise Virtualization Manager).

I'm using it daily and I can maintain ovirt-engine-cli
and py-ovirt-engine-sdk.

j.


ovirt-engine-cli.tar.gz
Description: application/tar-gz


py-kitchen.tar.gz
Description: application/tar-gz


py-ovirt-engine-sdk.tar.gz
Description: application/tar-gz


py-ply.tar.gz
Description: application/tar-gz

Re: Secure deletion tool SRM

[Jiri B]

On Wed, Jan 27, 2016 at 12:54:21PM -0800, Notofsoundmind . wrote:
> This utility is readily compilable on OpenBSD.
> 
> http://sourceforge.net/projects/srm/

rm -P foo ?

j.

Re: pledge tor

[Jiri B]

On Tue, Jan 19, 2016 at 02:35:24PM +, Stuart Henderson wrote:
> They aren't being careful (see typo in connection_edge.c:1616).
> Given the hostile environment this code is run in, do you really
> want it having the ability to modify pf rules if attacked?

Reported, see https://trac.torproject.org/projects/tor/ticket/18100

Thx!

j.

security/jailkit - a diff for more relax on openbsd

[Jiri B]

Hi,

jailkit doesn't like 'daemon' as group on chroots, that's what
we have for /var/www.

What about this?

https://savannah.nongnu.org/bugs/index.php?46930

--- jk_lib.py.orig  Tue Jan 19 11:21:16 2016
+++ jk_lib.py   Tue Jan 19 11:32:16 2016
@ -65,18 +65,9 @@ def path_is_safe(path, failquiet=0):
if (failquiet == 0):
sys.stderr.write('ERROR: cannot lstat() '+path+'\n')
return -1
-   if (sys.platform[-3:] == 'bsd'):
-   # on freebsd root is in group wheel
-   if (statbuf[stat.ST_UID] != 0 or statbuf[stat.ST_GID] != 
grp.getgrnam('wheel').gr_gid):
-   sys.stderr.write('ERROR: '+path+' is not owned by 
root:wheel!\n')
-   return -3
-   else:
-   if (statbuf[stat.ST_UID] != 0 or statbuf[stat.ST_GID] != 0):
-   sys.stderr.write('ERROR: '+path+' is not owned by 
root:root!\n')
-   return -3
-   if ((statbuf[stat.ST_MODE] & stat.S_IWOTH or statbuf[stat.ST_MODE] & 
stat.S_IWGRP)and not stat.S_ISLNK(statbuf[stat.ST_MODE])):
-   sys.stderr.write('ERROR: '+path+' is writable by group or 
others!')
-   return -4
+   if (statbuf[stat.ST_UID] != 0 or (statbuf[stat.ST_GID] & 022 ) != 0):
+   sys.stderr.write('ERROR: '+path+' is not owned by root or bad 
mode!\n')
+   return -3
if (not stat.S_ISDIR(statbuf[stat.ST_MODE])):
if (stat.S_ISLNK(statbuf[stat.ST_MODE])):
# Fedora has moved /sbin /lib and /bin into /usr

(It would be also nice if it would do symlinks in chrooted /usr for libs
in /usr/local/lib or /usr/X11R6/lib but that would be probably overkill.)

j.

Re: pledge in ports

[Jiri B]

On Sat, Jan 16, 2016 at 12:36:49PM +, Stuart Henderson wrote:
> archivers/p7zip
> archivers/xz (see cvs log for the previous failed experiment)
> mail/mutt
> misc/memcached
> net/arp-scan
> net/avahi
> net/bwm-ng or some other bandwidth monitor
> net/curl
> net/cvsync
> net/ladvd and/or net/lldpd
> net/mosh
> net/ngrep
> net/openvpn
> net/rsync (N.B. setsockopt)
> net/scamper
> net/tcptraceroute (or even better, TCP support in traceroute(1) instead;
>   I have a start at a diff but never got checksums to work properly)
> net/wireshark (dumpcap should be fairly easy as it uses libcap on linux.
>   main program would be nicer as this runs the dangerous dissectors).
> print/cups
> security/clamav
> textproc/mupdf
> textproc/xpdf  (maybe other pdf viewers - zathura etc)
> www/lynx
> www/nginx  (at least until they add dlopen module support..)
> x11/dbus
> x11/rxvt-unicode

Could you consider Tor please?

j.

Re: [UPDATE] textproc/pdfgrep

[Jiri B]

On Fri, Jan 15, 2016 at 10:04:36AM +0100, Reinhold Straub wrote:
> Hi,
> 
> pdfgrep has a testsuite based on devel/dejagnu now. Unfortunately, some 
> patches are necessary to make tests work on OpenBSD.
> 
> I put pledge(2) calls into the source code, too.

So where are patches? Did you forget to cvs add it?

j.

Re: pledge(2) for the i3 window manager

[Jiri B]

On Mon, Dec 21, 2015 at 03:34:43PM -0500, dan mclaughlin wrote:
> yes they are huge beasts, but they can still be forced into cages. half my
> posts seem to refer to back to this, but.. you can try:
> 
> 'isolating untrusted programs in ssh chroot jails'
> https://marc.info/?l=openbsd-misc=142676615612510=2
> 
> i run my browser and pdf viewers in them. i make sure too that my pdf/djvu
> viewers don't have net access either using pf. i try to leverage most of
> the mitigation facilities available in base (though so far i haven't yet
> seriously experimented with systrace).
> 
> Mr. Coppa previously reported that he managed it with firefox. i mention
> the programs i could and couldn't jail in the post.

I don't understand why do you switch topic from pledge()
to chroots...

j.

Re: pledge(2) for the i3 window manager

[Jiri B]

Respect for your work but I'm asking myself - what is
the attack vector?

IMO pdf viewers, browsers and similar apps would have
much bigger sense to pledge(). Unfortunatelly they are
huge beasts :/

j.

Re: calibre error

[Jiri B]

On Tue, Nov 24, 2015 at 04:33:45PM +0100, misc nick wrote:
> > https://github.com/kovidgoyal/calibre/commit/72d47ba9377d70e786bf3d93b323544188c894
> > 
> 
> The quick and dirty fix worked. Thank you!
> 
> > Another problem you might run into with epub is if there's no cover and
> > calibre tries to generate one; if you run into this it's fixed with the
> > ImageMagick update but that isn't suitable for -stable; at least using
> > the command-line ebook-convert tool you can add --no-default-epub-cover
> > to the command line to work around this.

Not sure what's your input format but pandoc can convert
to epub as well. Although there's no port for pandoc yet.
I built it manually and it works fine.

j.

FW: [ipxe-devel] [OpenBSD]: Error: unknown pseudo-op: `.reloc' + ld:arch/i386/scripts/i386.lds:97: syntax error]

[Jiri B]

Originally sent to ipxe-devel@ but if anybody would like to help
I would appreciate it.

IPXE source: https://github.com/ipxe/ipxe

- Forwarded message from Jiri B <ji...@devio.us> -

Date: Mon, 23 Nov 2015 18:49:51 -0500
From: Jiri B <ji...@devio.us>
To: ipxe-de...@lists.ipxe.org
Subject: [ipxe-devel] [OpenBSD]: Error: unknown pseudo-op: `.reloc' + 
ld:arch/i386/scripts/i386.lds:97: syntax error
User-Agent: Mutt/1.5.23 (2014-03-12)

Hi,

I gave ipxe another try on OpenBSD - as it updated their binutils to 2.17,
which should solve some older issues and which > 2.16 as described at ipxe
website[1]. But it fails again. Here's my data, requested on #ipxe.

(FYI, I don't have any working ipxe as something changes on OpenBSD and
previously working code fails on compressing bins, which should probably
be working on newer code but this fails earlier as stated in this mail.)

Thanks.

Jiri

[1] http://ipxe.org/download

Issue 1 - Error: unknown pseudo-op: `.reloc'


~~~
cc  -DARCH=i386 -DPLATFORM=pcbios -march=i386 -fomit-frame-pointer 
-fstrength-reduce -falign-jumps=1 -falign-loops=1 -falign-functions=1 
-mpreferred-stack-boundary=2 -mregparm=3 -mrtd -freg-struct-return -m32 
-fshort-wchar -Ui386 -Ulinux -DNVALGRIND -Iinclude -I. -Iarch/x86/include 
-Iarch/i386/include -Iarch/i386/include/pcbios -Os -g -ffreestanding -Wall -W 
-Wformat-nonliteral  -fno-stack-protector -fno-dwarf2-cfi-asm -fno-exceptions  
-fno-unwind-tables -fno-asynchronous-unwind-tables -Wno-address -fno-PIE -nopie 
 -ffunction-sections -fdata-sections -include include/compiler.h   
-DOBJECT=fault -c core/fault.c -o bin/fault.o
cc  -DARCH=i386 -DPLATFORM=pcbios -march=i386 -fomit-frame-pointer 
-fstrength-reduce -falign-jumps=1 -falign-loops=1 -falign-functions=1 
-mpreferred-stack-boundary=2 -mregparm=3 -mrtd -freg-struct-return -m32 
-fshort-wchar -Ui386 -Ulinux -DNVALGRIND -Iinclude -I. -Iarch/x86/include 
-Iarch/i386/include -Iarch/i386/include/pcbios -Os -g -ffreestanding -Wall -W 
-Wformat-nonliteral  -fno-stack-protector -fno-dwarf2-cfi-asm -fno-exceptions  
-fno-unwind-tables -fno-asynchronous-unwind-tables -Wno-address -fno-PIE -nopie 
 -ffunction-sections -fdata-sections -include include/compiler.h   -DOBJECT=fc 
-c net/fc.c -o bin/fc.o
/tmp//ccGCB8Um.s: Assembler messages:
/tmp//ccGCB8Um.s:6: Error: unknown pseudo-op: `.reloc'
Makefile.housekeeping:850: recipe for target 'bin/fc.o' failed
gmake: *** [bin/fc.o] Error 1
~~~

$ git bisect good
fbc4ba4b4ed13cc86cb8fdea0bac6c3be0164ed5 is the first bad commit
commit fbc4ba4b4ed13cc86cb8fdea0bac6c3be0164ed5
Author: Michael Brown <mc...@ipxe.org>
Date:   Wed Mar 4 18:48:19 2015 +

[build] Fix the REQUIRE_SYMBOL mechanism

At some point in the past few years, binutils became more aggressive
at removing unused symbols.  To function as a symbol requirement, a
relocation record must now be in a section marked with @progbits and
must not be in a section which gets discarded during the link (either
via --gc-sections or via /DISCARD/).

Update REQUIRE_SYMBOL() to generate relocation records meeting these
criteria.  To minimise the impact upon the final binary size, we use
existing symbols (specified via the REQUIRING_SYMBOL() macro) as the
relocation targets where possible.  We use R_386_NONE or R_X86_64_NONE
relocation types to prevent any actual unwanted relocation taking
place.  Where no suitable symbol exists for REQUIRING_SYMBOL() (such
as in config.c), the macro PROVIDE_REQUIRING_SYMBOL() can be used to
generate a one-byte-long symbol to act as the relocation target.

If there are versions of binutils for which this approach fails, then
the fallback will probably involve killing off REQUEST_SYMBOL(),
redefining REQUIRE_SYMBOL() to use the current definition of
REQUEST_SYMBOL(), and postprocessing the linked ELF file with
something along the lines of "nm -u | wc -l" to check that there are
no undefined symbols remaining.

Signed-off-by: Michael Brown <mc...@ipxe.org>

:04 04 158adde6df79c5f376074616d834c72112ed5988 
140aa989cb6f9ea5dd7c22a19d338f28d64ee08c M  src


Issue 2 - ld:arch/i386/scripts/i386.lds:97: syntax error


~~~
gcc  -Wall -W -Wformat-nonliteral -O2 -g -o util/zbin util/zbin.c
cc  -DARCH=i386 -DPLATFORM=pcbios -march=i386 -fomit-frame-pointer 
-fstrength-reduce -falign-jumps=1 -falign-loops=1 -falign-functions=1 
-mpreferred-stack-boundary=2 -mregparm=3 -mrtd -freg-struct-return -m32 
-fshort-wchar -Ui386 -Ulinux -DNVALGRIND -Iinclude -I. -Iarch/x86/include 
-Iarch/i386/include -Iarch/i386/include/pcbios -Os -g -ffreestanding -Wall -W 
-Wformat-nonliteral  -fno-stack-protector -fno-dwarf2-cfi-asm -fno-exceptions  
-fno-unwind-tables -fno-asynchronous-unwind-tables -Wno-address -fno-PIE -nopie 
 -ffunction-sect

Re: calibre error

[Jiri B]

On Sun, Nov 22, 2015 at 07:10:22AM +0100, misc nick wrote:
> I'm using the calibre package on OpenBSD 5.8/amd64 release.
> 
> When i try to convert anything to epub i get this:
> 
> calibre 1.48  isfrozen: False is64bit: True
> OpenBSD-5.8-amd64-64bit OpenBSD ('64bit', '')
> ('OpenBSD', '5.8', 'GENERIC.MP#1236')
> Python 2.7.10
> Linux: ('', '', '')
> Traceback (most recent call last):
>   File "/usr/local/lib/calibre/calibre/gui2/actions/convert.py", line 156, in 
> convert_ebook
> self.do_convert(book_ids, bulk=bulk)
>   File "/usr/local/lib/calibre/calibre/gui2/actions/convert.py", line 173, in 
> do_convert
> self.gui.library_view.model().db, book_ids, 
> out_format=prefs['output_format'])
>   File "/usr/local/lib/calibre/calibre/gui2/tools.py", line 41, in 
> convert_single_ebook
> d = SingleConfig(parent, db, book_id, None, out_format)
>   File "/usr/local/lib/calibre/calibre/gui2/convert/single.py", line 151, in 
> __init__
> self.setup_pipeline()
>   File "/usr/local/lib/calibre/calibre/gui2/convert/single.py", line 201, in 
> setup_pipeline
> self.mw = widget_factory(MetadataWidget)
>   File "/usr/local/lib/calibre/calibre/gui2/convert/single.py", line 199, in 
> widget_factory
> self.plumber.get_option_help, self.db, self.book_id)
>   File "/usr/local/lib/calibre/calibre/gui2/convert/metadata.py", line 55, in 
> __init__
> Widget.__init__(self, parent, ['prefer_metadata_cover'])
>   File "/usr/local/lib/calibre/calibre/gui2/convert/__init__.py", line 61, in 
> __init__
> self.setupUi(self)
>   File "/usr/local/lib/calibre/calibre/gui2/convert/metadata_ui.py", line 63, 
> in setupUi
> self.cover = ImageView(self.groupBox_4)
>   File "/usr/local/lib/calibre/calibre/gui2/widgets.py", line 292, in __init__
> self._pixmap = QPixmap(self)
> TypeError: QPixmap(): argument 1 has unexpected type 'ImageView'

No idea but I would recomment not to spend time
on this ancient calibre version but instead to try
to update the port itself. But iirc we need py-qt5,
poppler-qt5 and maybe something else.

j.