Small patch for vnconfig/mount_vnd to return the first unused vnd device

Might be useful, particularly in scripting... Behaves like losetup. Index: sbin/mount_vnd/mount_vnd.c === RCS file: /cvs/src/sbin/mount_vnd/mount_vnd.c,v retrieving revision 1.20 diff -u -p -r1.20 mount_vnd.c ---

Re: pledge from command line

On 2017-04-27, Ted Unangst wrote: > Michael Hendricks wrote: >> I would like to have pledge on the command line so I can restrict an ad-hoc >> process during execution. For example: >> >> $ pledge "stdio" sed -e "s/foo/bar/g" output.txt >> >> I can't modify sed, for

Re: Bridged vether interfaces can't talk to each other (multiple routing tables)

In case someone finds this thread in the future, I would like to add that I have now received a possible solution to the problem out-of-band. The solution is to use pair(4): The following setup works for me, although it is a bit too convoluted: # cat /etc/hostname.pair0 up # cat

Re: pledge from command line

> Michael Hendricks wrote: > > I would like to have pledge on the command line so I can restrict an ad-hoc > > process during execution. For example: > > > > $ pledge "stdio" sed -e "s/foo/bar/g" output.txt > > > > I can't modify sed, for example, because I don't always want it pledged > > that

Re: pledge from command line

Michael Hendricks wrote: > I would like to have pledge on the command line so I can restrict an ad-hoc > process during execution. For example: > > $ pledge "stdio" sed -e "s/foo/bar/g" output.txt > > I can't modify sed, for example, because I don't always want it pledged > that tightly. Since

Re: pledge from command line

That is not possible. pledge only works on behalf of a process itself. In the simplest case, a call to pledge is done between the first part of a program "initialization" and the second part of a program "main loop". It serves no purpose if done earlier, and as you noted execve resets pledge,

pledge from command line

I would like to have pledge on the command line so I can restrict an ad-hoc process during execution. For example: $ pledge "stdio" sed -e "s/foo/bar/g" output.txt I can't modify sed, for example, because I don't always want it pledged that tightly. Since execve removes pledges, I can't see a

relayd splice timeout

Hi there, I was playing arround wit relayd just to get a feeling for it. So I started with relaying a ssh connection to a machine behind my gateway. But it seems there is some kind of config value I miss because after like 8 minutes the open ssh connection gets suddenly closed. Running

Re: torrent downloads

@Ted : Good to know, thanks for details. @Theo : I am not the OP of the torrent topic. The topic was from thuban. I have no need for a torrent but had only this ideas / doubts about it. Am 27. April 2017 18:43:29 MESZ schrieb Theo de Raadt : >> Christoph R. Murauer

Re: Problems installing on Dell R830

I think the bootloader is seeing more RAM than is actually there. Regions 0-15 are contiguous, except for a 256kB hole at 640kB, and total 2.25GB (2304MB) memory. Not sure about regions 16 & 17, but they're tiny (~13MB). Region 18 is exactly 510GB, so we have 2.25 + 510 = 512.25 GB, or 256MB

OpenBSD 6.1 - Song released

Great work ! Bryan Adams - Summer of 69 - Parody Long Life to Puffy Cheers

Re: torrent downloads

> Christoph R. Murauer wrote: > > True but let me be a littlebit paranoid. Would it not be possible to create > > a new .fs / .iso with new keys in /etc/signify/* and new SHA256 / .sig > > files to place bad content and distribute it using a torrent ? I came > > across this idea as I readed

Re: torrent downloads

Christoph R. Murauer wrote: > True but let me be a littlebit paranoid. Would it not be possible to create a > new .fs / .iso with new keys in /etc/signify/* and new SHA256 / .sig files to > place bad content and distribute it using a torrent ? I came across this idea > as I readed long time ago

Re: torrent downloads

True but let me be a littlebit paranoid. Would it not be possible to create a new .fs / .iso with new keys in /etc/signify/* and new SHA256 / .sig files to place bad content and distribute it using a torrent ? I came across this idea as I readed long time ago some ideas how goverments could

Re: torrent downloads

> yes, but unlike those distros the openbsd installers aren't measured in > gigabytes. > Of course, the point doesn't apply to miniroot* but to installxx.xx. It doesn't remove the problem of long download for some and servers bandwidth possible issue. Using miniroot* still requires to download

Re: torrent downloads

Christoph R. Murauer wrote: > Let's say, you provide a torrent for the .fs and .iso files. Who trusts a > SHA256.sig file from an unofficial torrent ? The whole point of signing the SHA256 is you don't have to trust the person who gives it to you.

Re: torrent downloads

Let's say, you provide a torrent for the .fs and .iso files. Who trusts a SHA256.sig file from an unofficial torrent ? If you look at the errata page, you see, that you have to patch the system to keep it up to date and, there are no official updates of the .fs and .iso files after a patch.

Re: obsd 6.1

On Thu, Apr 27, 2017 at 11:28:33AM -0300, Friedrich Locke wrote: > Hi folks, > > i wonder if there is an obsd 6.1 cd set to order ? > If not, when will it be released ? > > Thanks. > Related: https://marc.info/?l=openbsd-misc=149232307018311=2

obsd 6.1

Hi folks, i wonder if there is an obsd 6.1 cd set to order ? If not, when will it be released ? Thanks.

Re: torrent downloads

- On Apr 27, 2017, at 2:07 PM, Nicolas Schmidt schmi...@mathematik.hu-berlin.de wrote: > Many distros sport torrents: NetBSD, Debian, and Ubuntu to name some. > Rationale > behind this is simple: torrents download with ridiculous speed if they are > popular enough. To be fair, popular

Re: torrent downloads

yes, but unlike those distros the openbsd installers aren't measured in gigabytes. The site mentioned by OP (http://openbsd.somedomain.net) is up to date, and has the torrents mentioned. it just seems, nobody cares. On 2017 Apr 27 (Thu) at 15:07:38 +0200 (+0200), Nicolas Schmidt wrote: :Many

Re: torrent downloads

ISO is burned down to the CD you buy. To install you really just need to PXE. > 27 apr. 2017 kl. 13:55 skrev Thuban : > > Hello, > I was wondering if there is any particular reason explaining why there > is no torrent file to retrieve OpenBSD *.fs and *.iso. > > I've

Re: torrent downloads

Many distros sport torrents: NetBSD, Debian, and Ubuntu to name some. Rationale behind this is simple: torrents download with ridiculous speed if they are popular enough. Best, Nicolas > Am 27.04.2017 um 14:36 schrieb Markus Rosjat : > > Hi, > > I think it's kinda pointless

Re: acme-client(1) and http_proxy

On 2017-04-26, Predrag Punosevac wrote: > Adam Thompson wrote: > >> I stand by my statement that just buying a cheap SSL cert will, for >> anything other than the simple case of an online, directly-connected, >> webserver, be cheaper than the labour required to obtain a

Re: Arch and vmd

On 2017-04-26, Reyk Floeter wrote: > On Wed, Apr 26, 2017 at 11:15:57AM -0700, Mike Larkin wrote: >> On Wed, Apr 26, 2017 at 06:47:17PM +0200, Karl Pettersson wrote: >> > Arch Linux works well as a vmd guest. Some notes about my experiences >> > installing the system: >> > >>

Re: torrent downloads

Hi, I think it's kinda pointless to have a torrent for this. You got enough good mirrors to download from anyway. And nowadays it's not a biggy to download a iso or so of somewhat 200mb. and yes I'm the proud owner of some awesome puffy shirts too (if someone is concerned about the download

Re: torrent downloads

On April 27, 2017 7:55:42 AM EDT, Thuban wrote: >Hello, >I was wondering if there is any particular reason explaining why there >is no torrent file to retrieve OpenBSD *.fs and *.iso. > >I've been looking on the list and only found this site that doesn't >seems up to date

torrent downloads

Hello, I was wondering if there is any particular reason explaining why there is no torrent file to retrieve OpenBSD *.fs and *.iso. I've been looking on the list and only found this site that doesn't seems up to date [1]. If the reason is a lack of human ressources, I think I can handle it.

OpenLDAP and filesystem permission

Hi there, I basically want to know if its okay to set permission on a file or directory for a LDAP user even if there is no local user on this machine. Hope someone understand what I mean, background is setting up a mailserver with usermanagement over LDAP. The naive way for me would be

Re: tinc on openBSD?

On Thu, Apr 27, 2017 at 07:51:18AM +0200, Harald Dunkel wrote: > Hi folks, > > AFAICS tinc is included in the packages for 6.1, but surely > that doesn't mean its safe to use without looking. > > Are there security concerns against running tinc on an OpenBSD > gateway as an alternative to IPsec

Re: tinc on openBSD?

On 27. Apr 7:51:18, Harald Dunkel wrote: > Hi folks, > > AFAICS tinc is included in the packages for 6.1, but surely > that doesn't mean its safe to use without looking. > > Are there security concerns against running tinc on an OpenBSD > gateway as an alternative to IPsec and openvpn in a +50

Re: tinc on openBSD?

> Are there security concerns against running tinc on an OpenBSD > gateway as an alternative to IPsec and openvpn in a +50 road > warriors setup? What is your impression of this tool in daily > usage? Which VPN solution would you prefer? I'm using tinc 1.1pre14 (not the port) with hostname.if in

Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt

On Sun, Apr 16, 2017 at 09:17:44AM +, Paul Chakravarti wrote: > Hello, > > I am trying out vmm on 6.1 and can setup/boot vm etc. however when I try to > download a large file using SSL I consistenetly get the following error: > > > SSL read error: read failed: error:06FFF064:digital envelope