AMDISK_CD kernel is a reduced kernel with only what is necessary to
install openbsd. radeondrm and amdgpu are NOT part of it, and it is
expected.
--
Sebastien Marie
> I missing something obvious?
did you installed xbase74 set ?
it seems that /usr/X11R6/lib/libfontconfig.so.13.1 and
/usr/X11R6/lib/libfreetype.so.30.3 are missing on your system, or at
least pkg_add(1) couldn't find them.
are the files present ?
thanks.
--
Sebastien Marie
instead of copying the file: this way you have package update for the
script for free.
--
Sebastien Marie
; 1 (on a running system, kern.securelevel = -1)
OR
- something related to the console (I suppose "having the tty of the current
process being the same than the console")
If you are connected to serial, but your console is on VGA, it might be related.
So you might need to set kern.securelevel to lower value ("sysctl
kern.securelevel=-1"
in /etc/rc.securelevel), or make your console on serial (with "set tty com0" on
bootloader).
Thanks.
--
Sebastien Marie
On Mon, Apr 10, 2023 at 06:21:03PM +0200, Martin Schröder wrote:
> Am Mo., 10. Apr. 2023 um 18:10 Uhr schrieb Sebastien Marie
> :
> > On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote:
> > > After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hou
atically linked in all programs).
Thanks.
--
Sebastien Marie
for each release: 7.1 and 7.2
are both major versions (with potential breaking changes between versions). Do
not assume that a binary targeting 7.2 will be able to run on 7.3. OpenBSD
isn't
like Linux.
Thanks.
--
Sebastien Marie
.so.6.1
loading: libX11.so.18.0 required by /usr/X11R6/lib/libXfixes.so.6.1
--
Sebastien Marie
pidly making assumptions
> based upon the documentation?
diff are accepted.
--
Sebastien Marie
On Wed, May 04, 2022 at 08:03:14AM -0600, Theo de Raadt wrote:
> Sebastien Marie wrote:
>
> > semarie@ spoke about integrating some elements inside the installer when he
> > was
> > about "clean _other things_". It isn't about "stepping back"
F CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Thanks.
--
Sebastien Marie
t;70% of the commits).
And I don't want to add more work on his side for that.
--
Sebastien Marie
ibs are still needed.
yes, it is a know drawback: if you compile locally a binary, sysclean will not
know that you still need some libraries...
I have few binaries in my $HOME for example, and I considere that sysclean
helps
to me rebuild them (because it breaks them when I remove old libc.so). Maybe
one
day I will create a (local) package for properly track them.
--
Sebastien Marie
On Sat, Apr 02, 2022 at 07:11:42AM +0200, Sebastien Marie wrote:
> On Fri, Apr 01, 2022 at 12:16:58PM -0600, Ashlen wrote:
> >
> > XMonad is recompiling and replacing itself with another XMonad process
> > because the current process is called "xmonad" but the com
and potentially before removing unused
libraries).
how do you recompile it ? your mail mentions ~/.config/xmonad/build. it is a
binary ? a script ? do you made it or it is a 'part' of xmonad ?
Thanks.
--
Sebastien Marie
you could also use another system to build a static binary, and copy
it on bsd.rd (via download or via usb drive).
you could also put your hard disk in another machine to mount and
repair it.
--
Sebastien Marie
he/she want to delete from
the two following lists:
# find / -type f | wc -l
109221
# sysclean | wc -l
28
(OpenBSD aarch64 upgraded from Nov 1 to Nov 28 snapshot).
Thanks.
--
Sebastien Marie
html. Very few files will broke your system
if present.
In the other side, removing files that are used will broke your system
(for example, if you compile a program yourself, it will use system
libraries like libc, libm...).
Thanks.
--
Sebastien Marie
list all files, even the one still used by packages. it could
result in not working packages.
`sysclean` (without option) is safer.
please note that the stage 'configure /etc/sysclean.ignore' is
important to exclude from the output configuration files (in /etc) you
manually created.
as a remainder, sysclean will only *LIST* files (it is pledged
read-only), and doesn't remove anything itself.
thanks.
--
Sebastien Marie
de you are using is restricted and can't be showed, please at
least show a ktrace output of the program run. At this point I am
still unsure that it is execve(2) which is causing pledge violation.
--
Sebastien Marie
command-line to "cleanup"
resolv.conf:
# sed -i -e '/ # resolvd: /d' /etc/resolv.conf
(and if you put it in /etc/rc.local, your host with resolvd will
recreate it at boot, and your host without resolvd will keep it
clean).
Thanks.
--
Sebastien Marie
The first three have X509_STORE_get_by_subject (says nm(1)),
> but the newest one does not. So I believe X509_STORE_get_by_subject
> was recently dropped.
X509_STORE_get_by_subject was not dropped. It changed from function to
macro. There is no more symbol in object file for it, but it is still
usable in C source file.
Thanks.
--
Sebastien Marie
our source tree back to 7.0, you could use:
$ cd /usr/src && cvs update -A -r OPENBSD_7_0
-A : Reset any sticky tags/date/kopts (not sure if 100% necessary or not, but
doesn't hurt)
-r : Update using tag for 7.0 (the tag will become sticky)
Thanks.
--
Sebastien Marie
e
> local names the machines around the office (beside resolution).
you could use the following:
# route nameserver 127.0.0.1
it will tell resolvd(8) to use this particular nameserver.
Thanks.
--
Sebastien Marie
ptor 25 opened to a file on /tmp
inode=48 (unlinked), the file size is 279793 bytes.
--
Sebastien Marie
thout it being overwritten.
resolvd doesn't override resolv.conf. it only prepends nameserver
lines obtained from dhcpleased (via dhcpv4) or slaacd (via stateless
ipv6).
could you share your expected resolv.conf and the "overrided" one ?
thanks.
--
Sebastien Marie
ushing a newer version just because 'it is newer'.
We are not hostile to make changes, but at least please told us what
should be changed/adjusted and why it is important for your
use-case. And if it doesn't hurt us too, changes will be done: patches
are accepted.
Thanks.
--
Sebastien Marie
laying. A program which is
opening ONE device for playing AND recording couldn't work with this
trick (like firefox for example).
Thanks.
--
Sebastien Marie
;with_internet").
anchor "outgoing" out on internet received-on with_internet {
pass out label "outgoing"
match out set queue netq
match out received-on guess set queue guessq
}
I hope it helps, even if my network speeds isn't comparable to your :)
Thanks.
--
Sebastien Marie
be able
to process them correctly.
Thanks.
--
Sebastien Marie
able to provide a patch for all
architectures. Please comment if the direction is right or not.
Thanks.
--
Sebastien Marie
them:
# pkg_delete .libs-firefox-57 .libs-firefox-58 .libs-firefox-59
Thanks.
--
Sebastien Marie
601 childpid, status&0xFF);
602 }
213 is octal number (139, 0x8b) of exit code of child process.
As the status is &0xFF, I am not 100% sure, but usually an exit code
of 139 means that the process terminated due to receipt of signal 11,
and generated a coredump.
Do you have a dump.core file ? Can you extract the backtrace ?
Thanks.
--
Sebastien Marie
On Fri, Aug 28, 2020 at 09:27:10AM -0400, Daniel Jakots wrote:
> On Fri, 28 Aug 2020 08:32:59 +0200, Sebastien Marie
> wrote:
>
> > On Thu, Aug 27, 2020 at 03:27:58PM -0400, Daniel Jakots wrote:
> > > Hi,
> > >
> > > I'm chasing a weird beha
(I am not familiar
enough with pf(4) code to find the code which do the check).
Thanks.
--
Sebastien Marie
en 1-5 added (80x25, vt100 emulation)
The modesetting failed, but X11 could still work with mesa. It needs
machdep.allowaperture=2 (sysctl) to be set.
You should just add "machdep.allowaperture=2" line in /etc/sysctl.conf and
reboot (this sysctl setting requires to be set at boot-time).
Thanks.
--
Sebastien Marie
he man page is installed without binary.
Alternatively, by looking at the man page itself, you could guess things about
the tool:
NAME
tpmtool - GnuTLS TPM tool
[...]
Thanks.
--
Sebastien Marie
use user's uid to open the authorized_keys
file.
I assume the file permission of '/var/home/user/.ssh/authorized_keys' doesn't
allow 'user' to open it ?
Please note it could be a problem with permission of the file, or with one
directory in the path.
Thanks.
--
Sebastien Marie
Hi,
A fix has been commited.
Thanks for investigated the problem and provided a test case. It was very
useful to properly found the state corruption.
--
Sebastien Marie
On Wed, Jun 03, 2020 at 07:22:52PM +0200, Fabian Keil wrote:
> TJ wrote:
>
> > I'm migrating my system conf
e if your webcam works.
the commit seems relatively self contained (do not introduce too much changes),
and posterious commits seems to not rely on it, so I assume just reverting it
should works.
this way it would be know that it is this commit which introduces a regression,
and someone might figure why.
thanks.
--
Sebastien Marie
llow this list. So they
might already know.
Thanks.
--
Sebastien Marie
r
me, I had problem with this method too: when my sata disk is plugged in sata
connector it is showed with 512 bytes/sector, whereas with USB/SATA connector it
showed with 4096 bytes/sector and so disklabel is incoherent.
I hope it helps.
--
Sebastien Marie
ne, and next doing a upgrade will
run the right command, so it is the more simple approch.
Thanks.
--
Sebastien Marie
s way you could use cupsd (using ugen) with a GENERIC kernel.
see https://marc.info/?l=openbsd-tech=151618565000531=2 for details
Thanks.
--
Sebastien Marie
-opts should do the trick.
depending your need (block or allow):
block return proto igmp to 224/4 allow-opts
or
pass proto igmp to 224/4 allow-opts
Please note it is untested.
Thanks.
--
Sebastien Marie
rts
$ sqlite3 /usr/local/share/sqlports
sqlite> select fullpkgpath from distfiles where value like 'linux-4.20%';
sysutils/dtb
--
Sebastien Marie
he second swap with priority 0 (as configured in fstab(5))
- rc(8) via rc.local changes the boot disk swap with priority 1
- system will run with two swaps:
- second swap, priority 0, so used first
- boot disk swap, priority 1, used if second swap is full or by kernel for
dumping kernel core
I hope it helps.
--
Sebastien Marie
r sent/received on the network should
be considered compromised.
Just don't do that.
Thanks.
--
Sebastien Marie
nwid GUEST chan 6 bssid dc:08:56:15:be:14 -44dBm wpakey
wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
inet 192.168.1.107 netmask 0xff00 broadcast 192.168.1.255
Is it expected ? I did I miss something with Michael MIC failure ?
Thanks.
--
Sebastien Marie
t to look at exported MALLOC_OPTIONS environment
variable.
Thanks.
--
Sebastien Marie
authname 'redacted' authkey 'redacted' up
>mtu 1492
>llprio 0
>dest 0.0.0.1
>!/sbin/route add default -ifp pppoe0 0.0.0.1
so, could you check the configuration file of hostname.vlan2 is really
applied on the running system ?
else, could you send the whole output of ifconfig ? (but feel free to
remove pppoe0 authentification information).
thanks.
--
Sebastien Marie
ames/adventure/io.c
> cc -o setup /usr/src/games/adventure/setup.c
> ./setup /usr/src/games/adventure/glorkz > data.c
> Abort trap (core dumped)
please check your dmesg. I am expecting some pledge failure regarding
recent vm.malloc_conf sysctl.
rebuild a new kernel, *reboot*, and next launch your make build.
thanks.
--
Sebastien Marie
&&
239 !strcmp([strlen(kshname) - 3], "/sh"))) {
240 Flag(FSH) = 1;
241 version_param = "SH_VERSION";
242 }
243
--
Sebastien Marie
in /etc/resolv.conf?
No.
rad(8) has support for sending rdns information, but currently nothing
in base has support to get resolv.conf configured with such information.
thanks.
--
Sebastien Marie
ort response is: no.
The long one is that currently `tls no-verify' applies only for
smarthost configuration (`relay' with `host url', when tls is implied).
smtpd(8) should complains if you try the syntax you mentioned with:
tls no-verify may not be specified without host on a dispatcher
Thanks
--
Sebastien Marie
st FFI is a bit a shame: it is a *copy* of C headers, written
and maintained in Rust language. It is good for crosscompilation (as
Rust know how to build stuff without any C headers), but it is awful to
maintain and keep up-to-date.
--
Sebastien Marie
tem (it is updated weekly).
so pkg_locate bsd.rd searchs if a file "bsd.rd" exists in some port
(installed or not); whereas locate bsd.rd searchs if a file "bsd.rd"
exists in current filesystem.
--
Sebastien Marie
xorg.db
>
> Not having /bsd and /bsd.rd seems really strange.
>
hum ? for me, it is the opposite.
pkg_check looks at {src,xorg}.db and PKG_DB for the list of expected
files. But these files aren't in these lists, so it reports them as "not
found" in the list of expected files.
For /bsd{,.rd} it is normal: the files don't come with usual sets but
are copied "as it".
--
Sebastien Marie
provide fake
SHA256.sig and/or fake public key on the ISO. So there is no gain to
provide such material as people will think "it is safe" whereas it is
not.
Thanks.
--
Sebastien Marie
e
package you have, in case your mirror is lagging a bit and still provide
an "old" version (with old ABI, if it is the problem as it seems).
Thanks.
--
Sebastien Marie
(done using pkg_ad -u)
was from Jan 20:
$ grep pftop /var/log/messages
Dec 30 10:10:58 alf pkg_add: Added pftop-0.7p16->0.7p16
Jan 20 11:20:49 alf pkg_add: Added pftop-0.7p16->0.7p16
Feb 15 06:40:54 alf pkg_delete: Removed pftop-0.7p16
Feb 15 06:41:03 alf pkg_add: Added pftop-0.7p16
Thanks.
--
Sebastien Marie
Please note I don't use heavily: it is only for testing purpose for now.
Depending the tryton modules you need, py-cached_property could be
missing from ports. But I have packaged it and it lives in mystuff/ for
now, but I could propose it to import.
--
Sebastien Marie
diffing for changes and snapshots have
uncommited changes.
It is why I asked for dmesg and previous working snap.
--
Sebastien Marie
e of your previous
version too.
thanks.
--
Sebastien Marie
cks explicitly targets Tor proxy, I think it don't bother.
> Otherwise torsocks could wrap the pledge() function to weaken the pledge.
> It's easy to do but far less appealing.
In fact, I started in this direction... so if you want a working diff to
add "getpw" in pledge(2) promise, it is available.
but removing getpw calls if far better.
Thanks.
--
Sebastien Marie
HTTP proxy listener which forward its
traffic to SOCKS upstream server. Polipo is a program of this kind (see
socksParentProxy="localhost:9050" and socksProxyType=socks5 parameters
on polipo config file).
--
Sebastien Marie
On Sun, Nov 19, 2017 at 10:19:05PM -0800, Paul B. Henson wrote:
> On Mon, Nov 20, 2017 at 06:50:30AM +0100, Sebastien Marie wrote:
>
> > For me, there is currently no way to ask config(8) to alter the right
> > file in /usr/share/relink/kernel to "ship" the mo
rated KARL kernels.
So currently, you have to choose between:
- modifying /bsd with config(8) and don't benefice of KARL
- have KARL and using a default kernel
- makes your changes in /usr/src/sys, build and install a new no-GENERIC
kernel (and do it at each upgrade)
Thanks.
--
Sebastien Marie
root program to
open and put in memory the content of /etc/spwd.db when password access
was not strictly required.
Maybe it could be revisited.
--
Sebastien Marie
why I asked if the pledge is too tight on cpio.
I agree that it could be disappointing. but cpio is pledged, so it
couldn't open /etc/spwd.db, because we considered this operation as
a privilegied operation.
in order to backup this file, you need another tool. someone already
mentioned dump(8) as example.
thanks.
--
Sebastien Marie
On Sun, Jun 11, 2017 at 06:48:07PM +0200, Sebastien Marie wrote:
>
> Please at least post a dmesg
sorry, I just saw you posted it in your first message.
--
Sebastien Marie
> Noone said snapshots would always work for everyone all the time.
> >
>
> I won't answer to that. See above.
>
Hi Lars,
I think you miss the point of using snapshots: helping the project and
permit progress for everybody.
Please at least post a dmesg: developers will at least
ve a block log just before would permit you to check if pf is
blocking some other thing "by default" using tcpdump -i pflog0 -n.
--
Sebastien Marie
X with -keepPriv)
- makes X server to crash
(playing with LibreOffice and CSV ?)
- look at /var/crash and profit
--
Sebastien Marie
ecated.
But I seems to me that /etc/installurl should be present in your system
too. The installer adds it on upgrade (but maybe only if you uses an
http mirror for sets - I didn't checked the exact conditions).
Thanks.
--
Sebastien Marie
er change their
> mind.
>
If you want to disable core dump for a program, you could (should ?)
configure your RLIMIT_CORE to 0.
$ ulimit -c 0
$ firefox
--
Sebastien Marie
ecoded (of type int, unless a width modifier has been
specified) and the second being a decoding directive string.
...
Thanks.
--
Sebastien Marie
the effective current value (datasize-cur) with:
ksh$ ulimit -d # value in kbytes
786432
Or read the value configured in login.conf:
$ getcap -f /etc/login.conf -s datasize-cur default staff
default: 768M
staff: 1536M
For obtain your current login-class:
$ id -c
default
Thanks.
--
Sebastien Marie
443
see pf.conf(5) and https://www.openbsd.org/faq/pf/rdr.html
--
Sebastien Marie
nbsd.org/faq/upgrade55.html#time_t
But generally, an old binary (from release X) is able to run on a new
kernel (from release X+1), but nothing more could be expected: old
things are cleaned, so an old binary could be able to run or not (it
just depends if relying on old API/ABI with kernel - syscalls, struct
size...).
--
Sebastien Marie
gt;
check your /etc/pf.conf if it contains a line like:
set skip on lo
(it is in default pf.conf file), and remove it.
pf(4) will not skip lo group, so lo0 will be filtered.
--
Sebastien Marie
ng a conditional use of SOCK_DNS on the
socket(2) call, and as it is in library part (under src/usr.sbin/bind/lib/isc),
it would mean an invasive change in API.
--
Sebastien Marie
mitigation. By using pledge with
"dns", you ensure the program could reach network only on limited way.
As dig has also "rpath", it means a bug in dig could makes the program
to be able to exflitrate file contents. With "dns", the exfiltration is
more complex (but not impossible I agree: pledge is only a mitigation).
Thanks.
--
Sebastien Marie
> the ftp-proxy
> pass out quick on $int_if inet proto tcp from $int_add to
> $ftp_internal_address
> Thank you
>
There is a typo in man page (I will send a diff if nobody commit it
before):
the user is _ftp_proxy (and not _ftp-proxy).
Please try with that.
--
Sebastien Marie
uot; in the last rule
So it is related to the user.
>From ftp-proxy(8) man page:
ftp-proxy chroots to "/var/empty" and changes to user
"_ftp-proxy" to drop privileges.
> Does someone knows why ?
you should allow the "_ftp-proxy" user, and not the "proxy" user to make
it works as expecting.
thanks.
--
Sebastien Marie
ing it a "supported" method. I know I use only a
trick.
--
Sebastien Marie
al
> reversion
> of src/lib/libcrypto/x509/x509_vfy.c r1.54). Thanks for the report.
>
I could confirm that x509_vfy.c r1.54 makes it works again.
--
Sebastien Marie
ay (and more secure in this context) is to use ssh(1). But
note it needs additionnal configuration. ssh(1) will allocate a new
pty(4) device for the user.
# tty
/dev/ttypa
# ssh user@localhost
Last login: ...
OpenBSD 6.0-current ...
...
$ tty
/dev/ttypb
Regards.
--
Sebastien Marie
on hotplugd(8) as I didn't
check deeply the code path in kernel.
As previously noted, sysutils/toad has specific code part for dealing
with cdrom insertion.
For sysutils/hotplug-diskmount, I dunno.
--
Sebastien Marie
thub.com/ajacoutot/toad/blob/master/toadd.c for source
code of the polling daemon.
--
Sebastien Marie
ed to put your /auto_upgrade.conf file inside it.
There is no official method or tool for doing that, but it is possible:
see http://marc.info/?l=openbsd-misc=141552533922277=2 for a
possible way.
If I recall correctly, other examples exists in misc@.
Regards.
--
Sebastien Marie
ated by default.
You could check that with:
# ls -l /dev/rsd3c
I think you create a new (regular) file /dev/rsd3c in / partition (and
so filling / partition).
To make sd3 device:
# cd /dev && ./MAKEDEV sd3
--
Sebastien Marie
ll be "changed"
to access to the variable.
I hope it helps.
--
Sebastien Marie
lse (calling
mprotect(2)).
you should add "stdio" promise (it is rare that it isn't needed).
the other possibility is to terminate your program with _exit(2) syscall
(but there are differencies from exit(3) function: atexit(3) functions
aren't called, streams aren't flushed, open streams aren't closed...)
--
Sebastien Marie
ccording to [1] I need to use some option about uid. But which ones?
>
- read/write permissions on /dev/fuse0
- mount point owned by the user
--
Sebastien Marie
look at dhclient.conf(5) man page for more information.
supersede option option-value;
Use option-value for the given option, regardless of the value
supplied by the server.
I hope it helps.
--
Sebastien Marie
ng
whitepaths in pledge). And as tsort is used during building... "paf".
You should be able to recompile and reinstall tsort, before rerun your
make build.
Something like:
cd /usr/src/usr.bin/tsort && make clean && make obj && make depend && make &&
doas make install
Thanks.
--
Sebastien Marie
sbin/pwd_mkdb.
Sorry for the inconvenience.
--
Sebastien Marie
e: text/html\n\n";
I think you want:
print "Content-Type: text/html\n\n";
> print "hello world";
> ---
--
Sebastien Marie
On Tue, Oct 20, 2015 at 11:09:58AM +0200, Kim Zeitler wrote:
> Hello
>
> On 10/19/15 19:58, Sebastien Marie wrote:
> >
> >RELEASE 5.8 returns ENOSYS ("Function not implemented") on tame(2) call
> >(which is the old name for pledge, so with the same syscall num
1 - 100 of 114 matches
Mail list logo
