Re: Scheduler hack for multi-threaded processes

2016-03-19 Thread Peter Piwowarski 
With this diff applied, Youtube videos (fullscreen and otherwise) work 
nearly perfectly for me, in Seamonkey and Chromium, on an eight-year-old 
Thinkpad T60p. CPU is a Core 2 Duo T7600@2.33ghz. Without the patch, it 
wasn't remotely usable in either browser. top(1) shows chrome at roughly 
20% CPU use, and seamonkey at 40%. Anecdotally, Youtube works better 
than it does on Linux, for this machine.

No RGB smoothing in freetype despite relevant config entries enabled

2016-03-19 Thread Aioi Yuuko 
I've been configuring my fonts, and RGB smoothing does not appear to 
work no matter in how many places I configure it.


I've done my homework and the closest posts to my issue that I found 
were the following:

https://marc.info/?l=openbsd-misc=130565999007881=2
https://marc.info/?l=openbsd-ports=129870303523612=2

Neither seemed to get a reply back in 2011. The post to misc does not 
quite describe the problem I'm having as I don't get RGB smoothing 
*anywhere*, neither in GTK programs nor simply Xft programs such as cwm, 
but it's sufficiently similar that I thought I would include it for 
reference.
The post to ports is closer: Just as mentioned there, I know for a fact 
my font configurations are being read, as I have hinting set to 
hintslight, and it produces a noticeable difference from the default 
(full) hinting. However, despite everything in place to enable RGB 
smoothing, it shows up nowhere.


I'm on -current, last fetched and upgraded 2016-03-16 around 07:00 UTC, 
though this issue has been ongoing since at least the snapshot from 7 
days prior.


listing of /etc/fonts/conf.d (all of these are symlinks to conf.avail):
10-scale-bitmap-fonts.conf
10-sub-pixel-rgb.conf
11-lcdfilter-default.conf
20-unhint-small-dejavu-sans-mono.conf
20-unhint-small-dejavu-sans.conf
20-unhint-small-dejavu-serif.conf
20-unhint-small-vera.conf
30-lucida-aliases.conf
30-urw-aliases.conf
31-cantarell.conf
40-nonlatin.conf
42-luxi-mono.conf
45-latin.conf
49-sansserif.conf
50-user.conf
51-local.conf
60-latin.conf
65-fonts-persian.conf
65-nonlatin.conf
69-unifont.conf
80-delicious.conf
90-synthetic.conf

Relevant portion of my ~/fonts.conf:

 
  rgb
 


 
  true
 


 
  hintslight
 


 
  true
 


 
  lcddefault
 


Relevant portion of my ~/.gtkrc-2.0:
gtk-xft-hinting = 1
gtk-xft-hintstyle = "hintslight"
gtk-xft-antialias = 1
gtk-xft-rgba = "rgb"

Relevant portion of my ~/.config/gtk-3.0/settings.ini:
gtk-xft-antialias=1
gtk-xft-hinting=1
gtk-xft-hintstyle=hintslight
gtk-xft-rgba=rgb

If any other files or command outputs are needed, I'm ready to provide them.

-yuuko

ipsec ipcomp howto - OpenBSD 5.7

2016-03-19 Thread Motty Cruz 
configuring ipsec.conf with ipcomp seem to be difficult then I thought. 
I enable ipcomp

# sysctl -a | grep ipcomp
net.inet.ipcomp.enable=1

ipcomp is enabled on both gateways. Here is ipsec.conf:

flow ipcomp from 10.10.10.0/24 to 10.10.2.0/24 \
   peer 192.168.1.57

ike esp from 10.10.10.0/24 to 10.10.2.0/24 \
peer 192.168.1.57 \
main auth hmac-sha2-256 enc 3des group modp1024 lifetime 86400 \
quick auth hmac-sha2-256 enc 3des lifetime 86400 \
psk f15490b4ebc2bfc41a9a009509c91ceb443547f6

my local LAN 10.10.10.0/24
remote LAN 10.10.2.0/24

# ipsecctl -s all
FLOWS:
flow esp in from 10.10.2.0/24 to 10.10.10.0/24 peer 192.168.1.57 type 
require
flow esp out from 10.10.10.0/24 to 10.10.2.0/24 peer 192.168.1.57 type 
require


SAD:
esp tunnel from 192.168.1.57 to 192.168.125.157 spi 0xc259f59d auth 
hmac-sha2-256 enc 3des-cbc
esp tunnel from 192.168.125.157 to 192.168.1.57 spi 0xe9b1976d auth 
hmac-sha2-256 enc 3des-cbc

#


any ideas? documentation man ipsec.conf has poor information about 
ipcomp, in my point of view.

Re: wireshark illegal instruction on older systems

2016-03-19 Thread Christian Weisgerber 
Peter Kay:

> Not wishing to be a dick about this, but what sort of notification is
> in place to stop time being wasted trying to run programs on
> incompatible CPUs?

None. The general policy is that packages must run on all CPUs
supported by the base system.

That said, we now do have a few ports that build with -march=i586
or -march=i686 on i386, because the software requires certain atomic
operations or such that are only available starting from these CPU
models.  The expectation is that this only concerns programs that
nobody would reasonably try to run on older CPUs anyway.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: Trying to move my httpd chroot

2016-03-19 Thread Rick Hanson 
On Wed, Mar 16, 2016 at 8:58 PM, Alan Corey  wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
> had to do it before.  So my /etc/httpd.conf looks like this:
>
> chroot "/usr/htdocs"

It's probably supposed to be

chroot "/usr"

Check out `man httpd.conf`.  Look at the descriptions for the `chroot`
and `root` settings.  It appears that both of these settings combine
to get you what you're looking for in this case.

> server "d530.my.domain" {
>   listen on * port 80
> }
>
> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
> find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
> in it but it can't find even index.html which does exist.  I've played
> with htdocs vs htdocs/.  If I comment out the chroot line it finds
> files in /var/www/htdocs.  My /usr is in a different MBR partition
> (actually an exended one) with 129 gigs free.
>
> Anybody tried to move their htdocs?  I didn't find anything by
> searching.  I wouldn't want to write something and put it out there
> for everybody to beat on.  I did read the PDF and man pages.
>
> Also I found that if I set httpd_flags to "-d -v" in
> /etc/rc.conf.local then booting  the machine seems to hang there.
> Permissions on the file look like:
> -rwxr--r--  1 www  daemon  4022 Jan 19  2015 index.html
>
> --
> Credit is the root of all evil.  - AB1JX

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread Nigel Taylor 
On 03/19/16 20:14, ML mail wrote:
> Sorry my previous post was sent unfinished. Here again and complete:
> 
> My bad, in my CVS example I had a mistake, here is the correct procedure I 
> used:
> 
> $ cd /usr
> $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
> $ cd /usr/ports/lang/ruby
> $ cvs up -r OPENBSD_5_8 1.9
> 
> But nothing happens I also tried from the same directory this command:
> 
> $ cvs up -r OPENBSD_5_8 lang/ruby/1.9
> 
> Then I just get:
> 
> 
> cvs [update aborted]: no such directory `lang/ruby'
> 
> So I am still doing something wrong here but what?
> 
> Regarding Snorby I patched its config/application.rb for the version checker 
> as suggested, this worked but unfortunately ruby core dumps when I run the 
> "bundle exec rake snorby:setup RAILS_ENV=production". By the way I am using 
> the ruby pacakge 2.0 here from OpenBSD.
> 
What I was saying is the change to config/application.rb shows the
current github should work with ruby 2.x, and had been using ruby 2.2 in
the past.

Not to just patch the single file, but use git to fetch the whole
current snorby from github

You could download and extract using this url

https://github.com/Snorby/snorby/archive/master.zip

or you use git clone



This is what I get using cvs, if using a different repository you might
add -d anon...@anoncvs.ca.openbsd.org:/cvs

$ pwd
/usr/ports/lang/ruby
$ cvs -R up -Pd -r OPENBSD_5_8 1.9
cvs update: Updating 1.9
U 1.9/Makefile
U 1.9/distinfo
cvs update: Updating 1.9/patches
U 1.9/patches/patch-common_mk
U 1.9/patches/patch-compile_c
U 1.9/patches/patch-configure
U 1.9/patches/patch-ext_dl_handle_c
U 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb
U 1.9/patches/patch-ext_tk_extconf_rb
U 1.9/patches/patch-lib_fileutils_rb
U 1.9/patches/patch-lib_rubygems_commands_install_command_rb
U 1.9/patches/patch-lib_rubygems_dependency_installer_rb
U 1.9/patches/patch-lib_rubygems_ext_builder_rb
U 1.9/patches/patch-lib_rubygems_specification_rb
U 1.9/patches/patch-test_openssl_test_ssl_rb
cvs update: Updating 1.9/pkg
U 1.9/pkg/DESCR-dbm
U 1.9/pkg/DESCR-gdbm
U 1.9/pkg/DESCR-main
U 1.9/pkg/DESCR-ri_docs
U 1.9/pkg/DESCR-tk
U 1.9/pkg/MESSAGE-main
U 1.9/pkg/PLIST-dbm
U 1.9/pkg/PLIST-gdbm
U 1.9/pkg/PLIST-main
U 1.9/pkg/PLIST-ri_docs
U 1.9/pkg/PLIST-tk
U 1.9/pkg/UNMESSAGE-main




Then to return things to normal

$ cvs -R up -PdA
cvs update: Updating .
M Makefile.inc
cvs update: Updating 1.8
cvs update: Updating 1.8/patches
cvs update: Updating 1.8/pkg
cvs update: Updating 1.9
cvs update: 1.9/Makefile is no longer in the repository
cvs update: 1.9/distinfo is no longer in the repository
cvs update: Updating 1.9/patches
cvs update: 1.9/patches/patch-common_mk is no longer in the repository
cvs update: 1.9/patches/patch-compile_c is no longer in the repository
cvs update: 1.9/patches/patch-configure is no longer in the repository
cvs update: 1.9/patches/patch-ext_dl_handle_c is no longer in the repository
cvs update: 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb is
no longer in the repository
cvs update: 1.9/patches/patch-ext_tk_extconf_rb is no longer in the
repository
cvs update: 1.9/patches/patch-lib_fileutils_rb is no longer in the
repository
cvs update: 1.9/patches/patch-lib_rubygems_commands_install_command_rb
is no longer in the repository
cvs update: 1.9/patches/patch-lib_rubygems_dependency_installer_rb is no
longer in the repository
cvs update: 1.9/patches/patch-lib_rubygems_ext_builder_rb is no longer
in the repository
cvs update: 1.9/patches/patch-lib_rubygems_specification_rb is no longer
in the repository
cvs update: 1.9/patches/patch-test_openssl_test_ssl_rb is no longer in
the repository
cvs update: Updating 1.9/pkg
cvs update: 1.9/pkg/DESCR-dbm is no longer in the repository
cvs update: 1.9/pkg/DESCR-gdbm is no longer in the repository
cvs update: 1.9/pkg/DESCR-main is no longer in the repository
cvs update: 1.9/pkg/DESCR-ri_docs is no longer in the repository
cvs update: 1.9/pkg/DESCR-tk is no longer in the repository
cvs update: 1.9/pkg/MESSAGE-main is no longer in the repository
cvs update: 1.9/pkg/PLIST-dbm is no longer in the repository
cvs update: 1.9/pkg/PLIST-gdbm is no longer in the repository
cvs update: 1.9/pkg/PLIST-main is no longer in the repository
cvs update: 1.9/pkg/PLIST-ri_docs is no longer in the repository
cvs update: 1.9/pkg/PLIST-tk is no longer in the repository
cvs update: 1.9/pkg/UNMESSAGE-main is no longer in the repository
cvs update: Updating 2.0
cvs update: Updating 2.0/patches
cvs update: Updating 2.0/pkg
cvs update: Updating 2.1
cvs update: Updating 2.1/patches
cvs update: Updating 2.1/pkg
cvs update: Updating 2.2
cvs update: Updating 2.2/patches
cvs update: Updating 2.2/pkg
cvs update: Updating 2.3
cvs update: Updating 2.3/patches
cvs update: Updating 2.3/pkg
cvs update: Updating files
cvs update: Updating patches
cvs update: Updating pkg

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread ML mail 
Sorry my previous post was sent unfinished. Here again and complete:

My bad, in my CVS example I had a mistake, here is the correct procedure I used:

$ cd /usr
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
$ cd /usr/ports/lang/ruby
$ cvs up -r OPENBSD_5_8 1.9

But nothing happens I also tried from the same directory this command:

$ cvs up -r OPENBSD_5_8 lang/ruby/1.9

Then I just get:


cvs [update aborted]: no such directory `lang/ruby'

So I am still doing something wrong here but what?

Regarding Snorby I patched its config/application.rb for the version checker as 
suggested, this worked but unfortunately ruby core dumps when I run the "bundle 
exec rake snorby:setup RAILS_ENV=production". By the way I am using the ruby 
pacakge 2.0 here from OpenBSD.



Regards
ML


On Saturday, March 19, 2016 9:10 PM, ML mail  wrote:
My bad, in my CVS example I had a mistake, here is the correct procedure I used:


$ cd /usr
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
$ cd /usr/ports/lang/ruby
$ cvs up -r OPENBSD_5_8 1.9


But nothing happens I also tried from the same directory this command:


$ cvs up -r OPENBSD_5_8 lang/ruby/1.9


Then I just get:





On Saturday, March 19, 2016 8:16 PM, Nigel Taylor  
wrote:
On 03/19/16 17:46, ML mail wrote:
> Hi Stuart,
> 
> Thanks for explaining. I now did the following
> 
> $ cd /usr
> $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
> $ cvs up -r OPENBSD_5_8 1.9
> 
That wasn't what you were instructed to do you have to
cd /usr/ports/lang/ruby

So you see the 1.8 2.1 sub directories, then your adding 1.9 or
from /usr/ports
cvs up -r OPENBSD_5_8 lang/ruby/1.9


You said snorby

Requirements

Snort
Ruby >= 1.9.2
Rails >= 3.0.0

Version check fix found on github

module Snorby

   # Check Ruby Version
-  unless RUBY_VERSION.match(/^2.2/)
+  unless RUBY_VERSION.starts_with?("2.") ||
RUBY_VERSION.starts_with?("1.9")
 puts "Snorby requires Ruby version 1.9.x"
 puts "We suggest using Ruby Version Manager (RVM) https://rvm.io/
to install the newest release"
 exit 1

My me it used to look for ruby 2.2 only when not found tells you it
wants 1.9.x has been changed to look for either 2.x or 1.9.x, still they
haven't fixed.

So why trying to use 1.9? Only the 3yr old version looks for 1.9, not
what's current in github.


> 
> but after running the last command there is simply no output and the 1.9 
> directory has not been downloaded from CVS. Am I missing something? Btw I am 
> running OpenBSD 5.9 (snapshots).
> 
> Regards
> ML
> 
> On Saturday, March 19, 2016 10:05 AM, Stuart Henderson  
> wrote:
> On 2016-03-18, ML mail  wrote:
>> You mean I should just take the ports.tar.gz file of OpenBSD 5.8 and compile 
>> ruby 1.9 from there? 
>>
>>
>> I don't really know where is this CVS attic that you mention. 
> 
> This is probably the best way (which includes the security fix in -stable):
> 
> $ cd /usr/ports/lang/ruby
> $ cvs up -r OPENBSD_5_8 1.9
> U 1.9/Makefile
> U 1.9/distinfo
> U 1.9/patches/patch-common_mk
> U 1.9/patches/patch-compile_c
> U 1.9/patches/patch-configure
> U 1.9/patches/patch-ext_dl_handle_c
> U 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb
> U 1.9/patches/patch-ext_tk_extconf_rb
> U 1.9/patches/patch-lib_fileutils_rb
> U 1.9/patches/patch-lib_rubygems_commands_install_command_rb
> U 1.9/patches/patch-lib_rubygems_dependency_installer_rb
> U 1.9/patches/patch-lib_rubygems_ext_builder_rb
> U 1.9/patches/patch-lib_rubygems_specification_rb
> U 1.9/patches/patch-test_openssl_test_ssl_rb
> U 1.9/pkg/DESCR-dbm
> U 1.9/pkg/DESCR-gdbm
> U 1.9/pkg/DESCR-main
> U 1.9/pkg/DESCR-ri_docs
> U 1.9/pkg/DESCR-tk
> U 1.9/pkg/MESSAGE-main
> U 1.9/pkg/PLIST-dbm
> U 1.9/pkg/PLIST-gdbm
> U 1.9/pkg/PLIST-main
> U 1.9/pkg/PLIST-ri_docs
> U 1.9/pkg/PLIST-tk
> U 1.9/pkg/UNMESSAGE-main

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread ML mail 
My bad, in my CVS example I had a mistake, here is the correct procedure I used:


$ cd /usr
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
$ cd /usr/ports/lang/ruby
$ cvs up -r OPENBSD_5_8 1.9


But nothing happens I also tried from the same directory this command:


$ cvs up -r OPENBSD_5_8 lang/ruby/1.9


Then I just get:




On Saturday, March 19, 2016 8:16 PM, Nigel Taylor  
wrote:
On 03/19/16 17:46, ML mail wrote:
> Hi Stuart,
> 
> Thanks for explaining. I now did the following
> 
> $ cd /usr
> $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
> $ cvs up -r OPENBSD_5_8 1.9
> 
That wasn't what you were instructed to do you have to
cd /usr/ports/lang/ruby

So you see the 1.8 2.1 sub directories, then your adding 1.9 or
from /usr/ports
cvs up -r OPENBSD_5_8 lang/ruby/1.9


You said snorby

Requirements

Snort
Ruby >= 1.9.2
Rails >= 3.0.0

Version check fix found on github

module Snorby

   # Check Ruby Version
-  unless RUBY_VERSION.match(/^2.2/)
+  unless RUBY_VERSION.starts_with?("2.") ||
RUBY_VERSION.starts_with?("1.9")
 puts "Snorby requires Ruby version 1.9.x"
 puts "We suggest using Ruby Version Manager (RVM) https://rvm.io/
to install the newest release"
 exit 1

My me it used to look for ruby 2.2 only when not found tells you it
wants 1.9.x has been changed to look for either 2.x or 1.9.x, still they
haven't fixed.

So why trying to use 1.9? Only the 3yr old version looks for 1.9, not
what's current in github.


> 
> but after running the last command there is simply no output and the 1.9 
> directory has not been downloaded from CVS. Am I missing something? Btw I am 
> running OpenBSD 5.9 (snapshots).
> 
> Regards
> ML
> 
> On Saturday, March 19, 2016 10:05 AM, Stuart Henderson  
> wrote:
> On 2016-03-18, ML mail  wrote:
>> You mean I should just take the ports.tar.gz file of OpenBSD 5.8 and compile 
>> ruby 1.9 from there? 
>>
>>
>> I don't really know where is this CVS attic that you mention. 
> 
> This is probably the best way (which includes the security fix in -stable):
> 
> $ cd /usr/ports/lang/ruby
> $ cvs up -r OPENBSD_5_8 1.9
> U 1.9/Makefile
> U 1.9/distinfo
> U 1.9/patches/patch-common_mk
> U 1.9/patches/patch-compile_c
> U 1.9/patches/patch-configure
> U 1.9/patches/patch-ext_dl_handle_c
> U 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb
> U 1.9/patches/patch-ext_tk_extconf_rb
> U 1.9/patches/patch-lib_fileutils_rb
> U 1.9/patches/patch-lib_rubygems_commands_install_command_rb
> U 1.9/patches/patch-lib_rubygems_dependency_installer_rb
> U 1.9/patches/patch-lib_rubygems_ext_builder_rb
> U 1.9/patches/patch-lib_rubygems_specification_rb
> U 1.9/patches/patch-test_openssl_test_ssl_rb
> U 1.9/pkg/DESCR-dbm
> U 1.9/pkg/DESCR-gdbm
> U 1.9/pkg/DESCR-main
> U 1.9/pkg/DESCR-ri_docs
> U 1.9/pkg/DESCR-tk
> U 1.9/pkg/MESSAGE-main
> U 1.9/pkg/PLIST-dbm
> U 1.9/pkg/PLIST-gdbm
> U 1.9/pkg/PLIST-main
> U 1.9/pkg/PLIST-ri_docs
> U 1.9/pkg/PLIST-tk
> U 1.9/pkg/UNMESSAGE-main

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread Nigel Taylor 
On 03/19/16 17:46, ML mail wrote:
> Hi Stuart,
> 
> Thanks for explaining. I now did the following
> 
> $ cd /usr
> $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
> $ cvs up -r OPENBSD_5_8 1.9
> 
That wasn't what you were instructed to do you have to
cd /usr/ports/lang/ruby

So you see the 1.8 2.1 sub directories, then your adding 1.9 or
from /usr/ports
cvs up -r OPENBSD_5_8 lang/ruby/1.9


You said snorby

Requirements

Snort
Ruby >= 1.9.2
Rails >= 3.0.0

Version check fix found on github

 module Snorby

   # Check Ruby Version
-  unless RUBY_VERSION.match(/^2.2/)
+  unless RUBY_VERSION.starts_with?("2.") ||
RUBY_VERSION.starts_with?("1.9")
 puts "Snorby requires Ruby version 1.9.x"
 puts "We suggest using Ruby Version Manager (RVM) https://rvm.io/
to install the newest release"
 exit 1

My me it used to look for ruby 2.2 only when not found tells you it
wants 1.9.x has been changed to look for either 2.x or 1.9.x, still they
haven't fixed.

So why trying to use 1.9? Only the 3yr old version looks for 1.9, not
what's current in github.

> 
> but after running the last command there is simply no output and the 1.9 
> directory has not been downloaded from CVS. Am I missing something? Btw I am 
> running OpenBSD 5.9 (snapshots).
> 
> Regards
> ML
> 
> On Saturday, March 19, 2016 10:05 AM, Stuart Henderson  
> wrote:
> On 2016-03-18, ML mail  wrote:
>> You mean I should just take the ports.tar.gz file of OpenBSD 5.8 and compile 
>> ruby 1.9 from there? 
>>
>>
>> I don't really know where is this CVS attic that you mention. 
> 
> This is probably the best way (which includes the security fix in -stable):
> 
> $ cd /usr/ports/lang/ruby
> $ cvs up -r OPENBSD_5_8 1.9
> U 1.9/Makefile
> U 1.9/distinfo
> U 1.9/patches/patch-common_mk
> U 1.9/patches/patch-compile_c
> U 1.9/patches/patch-configure
> U 1.9/patches/patch-ext_dl_handle_c
> U 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb
> U 1.9/patches/patch-ext_tk_extconf_rb
> U 1.9/patches/patch-lib_fileutils_rb
> U 1.9/patches/patch-lib_rubygems_commands_install_command_rb
> U 1.9/patches/patch-lib_rubygems_dependency_installer_rb
> U 1.9/patches/patch-lib_rubygems_ext_builder_rb
> U 1.9/patches/patch-lib_rubygems_specification_rb
> U 1.9/patches/patch-test_openssl_test_ssl_rb
> U 1.9/pkg/DESCR-dbm
> U 1.9/pkg/DESCR-gdbm
> U 1.9/pkg/DESCR-main
> U 1.9/pkg/DESCR-ri_docs
> U 1.9/pkg/DESCR-tk
> U 1.9/pkg/MESSAGE-main
> U 1.9/pkg/PLIST-dbm
> U 1.9/pkg/PLIST-gdbm
> U 1.9/pkg/PLIST-main
> U 1.9/pkg/PLIST-ri_docs
> U 1.9/pkg/PLIST-tk
> U 1.9/pkg/UNMESSAGE-main

Kernel panic while fiddling with route add/delete

2016-03-19 Thread DarkSoul 
Hello list,

I was testing out a beta IPv6 service over PPPoE that our ISP is
developping,
and playing around with kernel PPPoE.

My configuration is as follows :
- pppoe0 for IPv4 internet
- gif0 for IPv6 internet (Hurricane Electric tunnel)
- pppoe1 for test IPv6 internet (and only IPv6)

It was kind of tricky since I played with route add/delete in succession,
along with destroying and rebuilding the interface (with /etc/netstart)
in order to find out what configuration could work :
- automatic ?
- static ? (By giving my own alias definition)

I was also testing what IPv6 routes would work as a default route :
  route add -inet6 default -ifp pppoe1 
With ADDR being fe80:: or ff02::1%pppoe1, and such.
(Some site even suggested ::0.0.0.1 but I think there is no way this
could work since this translates to ::1 ultimately)

I also tested adding dummy IPv4 configuration lines like :
inet 0.0.0.0 255.255.255.255 NONE
dest 0.0.0.1

At one point, when trying out the above, "sh /etc/netstart pppoe1" just
hanged on me,
and upon rebooting, dmesg contained the following :
panic: kernel diagnostic assertion "(t->rn_flags & RNF_ROOT) == 0"
failed: file "../../../../net/radix.c", line 294

Since I was caught off-guard, I had no serial console lined up to catch
the full trace.
I'm just posting this in hopes this rings a bell to anyone.

Sorry for not having more info,
I will try to reproduce it and post further findings.

--
Stephane LAPIE, EPITA SRS, Promo 2005
"Even when they have digital readouts, I can't understand them."
--MegaTokyo

relayd - prefork option seems to be ignored

2016-03-19 Thread Tobias Feldhaus 
According to relayd.conf(5) the prefork option should spawn the defined
number of processes to handle relayed connections - the default is 3.

I've tried setting it to 5, 10, and 12 on OpenBSD 5.8 - but it seems
like it is getting ignored, as ps(1) always shows me 3 relay processes,
which is the default number:

USER PIDCOMMAND
root 17010  relayd: parent (relayd)
_relayd   3243  relayd: pfe (relayd)
_relayd  16594  relayd: hce (relayd)
_relayd   4279  relayd: ca (relayd)
_relayd  28332  relayd: ca (relayd)
_relayd   4436  relayd: ca (relayd)
_relayd  24605  relayd: relay (relayd)
_relayd  19110  relayd: relay (relayd)
_relayd  15295  relayd: relay (relayd)

Am I missing something?

###
# relayd.conf

ip4_244 = "xx.xx.xx.244"
ip4_245 = "xx.xx.xx.245"

tracker5 = "10.5.3.34"
tracker6 = "10.5.3.42"
tracker7 = "10.5.3.50"
table  { $tracker5, $tracker6, $tracker7 }

prefork 10

http protocol https {
  tcp { nodelay, sack, socket buffer 65536, backlog 128 }

  match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
  match request header append "X-Forwarded-By" \
  value "$SERVER_ADDR:$SERVER_PORT"
  match header set "Keep-Alive" value "$TIMEOUT"

  pass
  tls { no tlsv1.0, ciphers "HIGH:!aNULL" }
  tls session cache disable
}

relay wwwssl {
  listen on $ip4_244 port 443 tls
  listen on $ip4_245 port 443 tls
  protocol "https"
  forward to  port 8083 mode roundrobin check tcp
  session timeout 60
}

relay www {
  listen on $ip4_244 port 80
  listen on $ip4_245 port 80
  forward to  port 8083 mode roundrobin check tcp
}

Surf2 first feedback

2016-03-19 Thread Alessandro DE LAURENZIS 
Hello Dmitrij,

Sorry for my direct approach, but I know you're involved into Surf2
webkit2 porting (even upstream), so I would like to give you a
preliminary feedback (during these days I finally had a bit of spare
time and applied all my patches to the new branch):

1) PLUMB is not working; I use a script to manage "mailto:; protocol
(AFAICT, xdg-open open_generic function is buggy or not intended for
this purpose):

[snip]
#define PLUMB(u) {\
.v = (char *[]){ "/bin/sh", "-c", \
 "protocol-handler \"$0\"", u, NULL \
} \
}
[snip]


[snip]
#!/bin/sh

# File: protocol-handler
# Purpose:  Handles some specific protocols different from "http://;,
#   "https://;, "file://", "about:"
# Author:   A. DE LAURENZIS

if [ $# -ne 1 ]; then
echo "Usage: protocol-handler "
exit 1
fi

PROT=$(echo "$1" | egrep -o "^[a-z0-9]+:/{0,2}")
URI=$(echo "$1" | sed "s|$PROT||")

case "$PROT" in
mailto*)
xterm -e mutt "$URI"
;;
*)
echo "Unknown protocol $PROT"
exit 2
;;
esac
exit 0
[snip]

but when I click on an e-mail address, the browser reports the following
message:

URL cannot be shown


2) I use the script in [1] for link hinting (of course, it is in
~/.surf/script.js and it's the only one); but pressing the Alt key, that
should highlight the link numbers, nothing happens.

Needless to say, both things are pretty functional in Surf (with
webkit1).

Just my 2 cents.

All the best


[1]: http://surf.suckless.org/files/easy_links

-- 
Alessandro DE LAURENZIS
[mailto:sandro.delauren...@gmail.com]
LinkedIn: http://it.linkedin.com/in/delaurenzis

Re: Trying to move my httpd chroot

2016-03-19 Thread Alan Corey 
Bingo.  /usr does it.  One clue I guess was that it was logging into
/usr/logs.  With Apache at least the chroot dir wasn't the same as the
document root.  And you don't want the logs dir readable through the
httpd.  So essentially there's htdocs and logs inside of what you
specify as a chroot dir.

On 3/16/16, Rick Hanson  wrote:
> On Wed, Mar 16, 2016 at 8:58 PM, Alan Corey  wrote:
>> I don't have enough room in / to have my htdocs there so I want to
>> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
>> had to do it before.  So my /etc/httpd.conf looks like this:
>>
>> chroot "/usr/htdocs"
>
> It's probably supposed to be
>
> chroot "/usr"
>
> Check out `man httpd.conf`.  Look at the descriptions for the `chroot`
> and `root` settings.  It appears that both of these settings combine
> to get you what you're looking for in this case.
>
>> server "d530.my.domain" {
>>   listen on * port 80
>> }
>>
>> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
>> find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
>> in it but it can't find even index.html which does exist.  I've played
>> with htdocs vs htdocs/.  If I comment out the chroot line it finds
>> files in /var/www/htdocs.  My /usr is in a different MBR partition
>> (actually an exended one) with 129 gigs free.
>>
>> Anybody tried to move their htdocs?  I didn't find anything by
>> searching.  I wouldn't want to write something and put it out there
>> for everybody to beat on.  I did read the PDF and man pages.
>>
>> Also I found that if I set httpd_flags to "-d -v" in
>> /etc/rc.conf.local then booting  the machine seems to hang there.
>> Permissions on the file look like:
>> -rwxr--r--  1 www  daemon  4022 Jan 19  2015 index.html
>>
>> --
>> Credit is the root of all evil.  - AB1JX
>


-- 
Credit is the root of all evil.  - AB1JX

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread ML mail 
Hi Stuart,

Thanks for explaining. I now did the following

$ cd /usr
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P ports
$ cvs up -r OPENBSD_5_8 1.9


but after running the last command there is simply no output and the 1.9 
directory has not been downloaded from CVS. Am I missing something? Btw I am 
running OpenBSD 5.9 (snapshots).

Regards
ML

On Saturday, March 19, 2016 10:05 AM, Stuart Henderson  
wrote:
On 2016-03-18, ML mail  wrote:
> You mean I should just take the ports.tar.gz file of OpenBSD 5.8 and compile 
> ruby 1.9 from there? 
>
>
> I don't really know where is this CVS attic that you mention. 

This is probably the best way (which includes the security fix in -stable):

$ cd /usr/ports/lang/ruby
$ cvs up -r OPENBSD_5_8 1.9
U 1.9/Makefile
U 1.9/distinfo
U 1.9/patches/patch-common_mk
U 1.9/patches/patch-compile_c
U 1.9/patches/patch-configure
U 1.9/patches/patch-ext_dl_handle_c
U 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb
U 1.9/patches/patch-ext_tk_extconf_rb
U 1.9/patches/patch-lib_fileutils_rb
U 1.9/patches/patch-lib_rubygems_commands_install_command_rb
U 1.9/patches/patch-lib_rubygems_dependency_installer_rb
U 1.9/patches/patch-lib_rubygems_ext_builder_rb
U 1.9/patches/patch-lib_rubygems_specification_rb
U 1.9/patches/patch-test_openssl_test_ssl_rb
U 1.9/pkg/DESCR-dbm
U 1.9/pkg/DESCR-gdbm
U 1.9/pkg/DESCR-main
U 1.9/pkg/DESCR-ri_docs
U 1.9/pkg/DESCR-tk
U 1.9/pkg/MESSAGE-main
U 1.9/pkg/PLIST-dbm
U 1.9/pkg/PLIST-gdbm
U 1.9/pkg/PLIST-main
U 1.9/pkg/PLIST-ri_docs
U 1.9/pkg/PLIST-tk
U 1.9/pkg/UNMESSAGE-main

OpenNTP features

2016-03-19 Thread Gabor Juhasz 
Hi All,

In our IoT project we have to select an NTPd for our embedded device
in order it can have accurate time.
It uses 3G/4G mobile net. Of course the net is expensive so we have to
reduce the
network usage. Currently we have 2 candidates : OpenNTPd and Chrony.

In OpenNTP (5.7p4)  we are missing some features and we are looking
for some solutions
or workarounds to provide them. Do you have any idea how to do it with
OpenNTPd :

* Maxchange
Maximum allowed offset corrected on a clock update. If the delta is
bigger ntpd exists.

* Polltime
maxpoll /minpoll : setting the minimum/maximum polling interval

* Offline mode
You tell the ntpd that network is not available. So it will not keep
trying to connect to ntp servers.

Kind regards,
Gabor Juhasz

Trying to move my httpd chroot

2016-03-19 Thread Alan Corey 
I don't have enough room in / to have my htdocs there so I want to
move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
had to do it before.  So my /etc/httpd.conf looks like this:

chroot "/usr/htdocs"

server "d530.my.domain" {
  listen on * port 80
}

And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
in it but it can't find even index.html which does exist.  I've played
with htdocs vs htdocs/.  If I comment out the chroot line it finds
files in /var/www/htdocs.  My /usr is in a different MBR partition
(actually an exended one) with 129 gigs free.

Anybody tried to move their htdocs?  I didn't find anything by
searching.  I wouldn't want to write something and put it out there
for everybody to beat on.  I did read the PDF and man pages.

Also I found that if I set httpd_flags to "-d -v" in
/etc/rc.conf.local then booting  the machine seems to hang there.
Permissions on the file look like:
-rwxr--r--  1 www  daemon  4022 Jan 19  2015 index.html

-- 
Credit is the root of all evil.  - AB1JX

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread Michael McConville 
ML mail wrote:
> I just noticed that there is no Ruby version 1.9.3 package anymore in
> OpenBSD 5.9 (snapshots) although there is still version 1.8.7... Any
> ideas why? or was it simply forgotten?

https://marc.info/?t=14402593751=1=2

In the future, marc.info and your search engine of choice are good means
of answering such questions.

Re: ipsec ipcomp howto - OpenBSD 5.7

2016-03-19 Thread Matt Schwartz 
ipcomp has not been implemented in ipsec/isakmpd. I've gotten it to work
quite well with iked. iked is the key management daemon for IKEv2.

On Thu, Mar 17, 2016 at 6:00 PM, Motty Cruz wrote:

> configuring ipsec.conf with ipcomp seem to be difficult then I thought. I
> enable ipcomp
> # sysctl -a | grep ipcomp
> net.inet.ipcomp.enable=1
>
> ipcomp is enabled on both gateways. Here is ipsec.conf:
>
> flow ipcomp from 10.10.10.0/24 to 10.10.2.0/24 \
>peer 192.168.1.57
>
> ike esp from 10.10.10.0/24 to 10.10.2.0/24 \
> peer 192.168.1.57 \
> main auth hmac-sha2-256 enc 3des group modp1024 lifetime 86400 \
> quick auth hmac-sha2-256 enc 3des lifetime 86400 \
> psk f15490b4ebc2bfc41a9a009509c91ceb443547f6
>
> my local LAN 10.10.10.0/24
> remote LAN 10.10.2.0/24
>
> # ipsecctl -s all
> FLOWS:
> flow esp in from 10.10.2.0/24 to 10.10.10.0/24 peer 192.168.1.57 type
> require
> flow esp out from 10.10.10.0/24 to 10.10.2.0/24 peer 192.168.1.57 type
> require
>
> SAD:
> esp tunnel from 192.168.1.57 to 192.168.125.157 spi 0xc259f59d auth
> hmac-sha2-256 enc 3des-cbc
> esp tunnel from 192.168.125.157 to 192.168.1.57 spi 0xe9b1976d auth
> hmac-sha2-256 enc 3des-cbc
> #
>
>
> any ideas? documentation man ipsec.conf has poor information about ipcomp,
> in my point of view.

Re: wireshark illegal instruction on older systems

2016-03-19 Thread Stuart Henderson 
On 2016/03/16 13:42, Peter Kay wrote:
> It's not an AVX instruction, as Wireshark runs on a Core2Duo pre Sandy
> Bridge when AVX arrived.
> 
> I agree that it looks too heavy for a P2, and last time I ran it under
> *nix it would have been the gtk version, I was surprised at all the
> dependencies it pulled in.
> 
> This issue is only likely to get worse, is it wise to do a CPU check,
> and refuse to install some packages?

Sorry I read your mail too quickly and missed the "pentium ii" mention,
I have a diff on ports@ to disable various cpu features that Qt5 had
autodetected which should help this.

Re: Trying to move my httpd chroot

2016-03-19 Thread hans 
On Mar 16 22:04:19, alan01...@gmail.com wrote:
> Bingo.  /usr does it.  One clue I guess was that it was logging into
> /usr/logs.  With Apache at least the chroot dir wasn't the same as the
> document root.

With default httpd, it also isn't.

> And you don't want the logs dir readable through the
> httpd.  So essentially there's htdocs and logs inside of what you
> specify as a chroot dir.

Yes.

Re: wireshark illegal instruction on older systems

2016-03-19 Thread Vadim Zhukov 
2016-03-15 21:33 GMT+03:00 Stuart Henderson :
> On 2016-03-15, Peter Kay  wrote:
>> It's a MOVSD SSE instruction. Tshark is ok. I can cope with that or tcpdump
>> if need be, but here's the output :
>
> I think this variant of MOVSD might be AVX?
>
>> Starting program: /usr/local/bin/wireshark
>> warning: Lowest section in /usr/local/lib/libicudata.so.9.0 is .hash at
>> 0154
>>
>> Program received signal SIGILL, Illegal instruction.
>> 0x06d685fb in _GLOBAL__sub_I_qguiapplication.cpp () from
>> /usr/local/lib/qt5/./libQt5Gui.so.1.1
>
> Looks like it's in Qt5 then. Wireshark still has the "legacy" gtk GUI
> (it's in a subpackage), you could try that instead for now.
>
> Looks like Qt autodetects at build time, we probably want to configure
> on i386 with no-avx, no-avx2, no-sse4.1, no-sse4.2, maybe no-ssse3.
> (SSE2 is probably reasonable to expect for Qt5 apps, it's present on
> Netburst, Pentium-M, Atom, C7 etc. which seems a sane cut-off point
> for heavy GUI apps).

Yeah. I've patched qmake files, but missed those bits. Modern amd64
makes you blind sometimes. :(

--
  WBR,
  Vadim Zhukov

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread ML mail 
I know it's EOL but Snorby (https://github.com/Snorby/snorby) for example only 
works with Ruby 1.9.3.

And by the way Ruby 1.8.7 is EOL since even longer (2013) but it is still in 
the packages of OpenBSD...


On Friday, March 18, 2016 6:24 PM, Joe Kowalski  wrote:
On Friday, March 18, 2016 5:20:26 PM ML mail wrote:

> Hi,
> 
> I just noticed that there is no Ruby version 1.9.3 package anymore in
> OpenBSD 5.9 (snapshots) although there is still version 1.8.7... Any ideas
> why? or was it simply forgotten?
> 
> Regards
> ML

Ruby 1.9 has been end of life for quite a while.
https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/
-- 
Joe Kowalski
BendTel
541-323-9116
jo...@bendtel.com

Re: cannot allocate memory

2016-03-19 Thread Otto Moerbeek 
On Sat, Mar 19, 2016 at 03:09:13AM +0700, Roman Gorelov wrote:

> I have strange issues. I installed go port and figured out that go
> compiler and executables produced by it require 770 MB of datasize.
> I bumped datasize-max and datasize-cur of login class `default' to
> 771 MB. Then programs being run as another user stopped working with
> `cannot allocate memory' error, while there's clearly plenty of
> memory. E.g. useradd -m a7sl4 ; doas -u a7sl4 mpv "$x". Then reboot,
> cannot login as usual user to xdm. Login(1)s on ttys didn't even run.
> Logged in as root to xdm, changed login class of user to `staff', and
> then only relogged as usual user. I don't really know what is going
> on and appreciate any help.

Looks like you got your units wrong in login.conf, at least in the
default login class.

-Otto


> 
> ps auxw
> 
> USER   PID %CPU %MEM   VSZ   RSS TT  STAT  STARTED   TIME COMMAND
> _x11  2566 21.8  1.5 13536 15856 ??  Rs 2:51AM1:39.99 
> /usr/X11R6/bin/X :0 vt05 -auth /etc/X11/xdm/authdir/authfiles/A:0
> root 1  0.0  0.0   480   480 ??  Ss 2:51AM0:01.15 /sbin/init
> root  3899  0.0  0.0   628   396 ??  Is 2:51AM0:00.04 dhclient: 
> alc0 [priv] (dhclient)
> _dhcp14600  0.0  0.0   744   484 ??  Is 2:51AM0:00.01 dhclient: 
> alc0 (dhclient)
> _syslogd 28193  0.0  0.1   944  1296 ??  S  2:51AM0:00.05 
> /usr/sbin/syslogd
> root 15932  0.0  0.1   944  1160 ??  Is 2:51AM0:00.02 syslogd: 
> [priv] (syslogd)
> root 20610  0.0  0.1   624   552 ??  Is 2:51AM0:00.04 pflogd: 
> [priv] (pflogd)
> _pflogd  31696  0.0  0.0   688   364 ??  S  2:51AM0:00.05 pflogd: 
> [running] -s 160 -i pflog0 -f /var/log/pflog (pflogd)
> root  2681  0.0  0.1   660  1316 ??  I [priv] (ntpd)
> _ntp  1120  0.0  0.2  1380  2512 ??  S< 2:51AM0:00.15 ntpd: ntp 
> engine (ntpd)
> _ntp  5306  0.0  0.1   928  1320 ??  I  2:51AM0:00.02 ntpd: dns 
> engine (ntpd)
> _smtpq   30513  0.0  0.2  1444  1992 ??  I  2:51AM0:00.02 smtpd: 
> queue (smtpd)
> root 30736  0.0  0.2  1460  1904 ??  Is 2:51AM0:00.03 smtpd: 
> [priv] (smtpd)
> _smtpd   17934  0.0  0.2  1320  1888 ??  I  2:51AM0:00.02 smtpd: 
> lookup (smtpd)
> _smtpd   16021  0.0  0.2  1380  2280 ??  I  2:51AM0:00.01 smtpd: pony 
> express (smtpd)
> _smtpd   12548  0.0  0.2  1244  1748 ??  I  2:51AM0:00.01 smtpd: 
> klondike (smtpd)
> _smtpd8725  0.0  0.2  1176  1736 ??  I  2:51AM0:00.02 smtpd: 
> scheduler (smtpd)
> _smtpd   31670  0.0  0.2  1448  1988 ??  I  2:51AM0:00.02 smtpd: 
> control (smtpd)
> _sndio   15485  0.0  0.1   368   524 ??  I /usr/bin/sndiod -c 0:3
> _transmission  7888  0.0  0.2  1544  2364 ??  Ss 2:51AM0:00.58 
> /usr/local/bin/transmission-daemon (transmission-dae)
> root  8430  0.0  0.1   356   776 ??  Ss 2:51AM0:00.04 
> /usr/sbin/apmd -A
> root   398  0.0  0.1   356   784 ??  Is 2:51AM0:00.03 
> /usr/sbin/hotplugd
> root 14252  0.0  0.1   660  1084 ??  Is 2:51AM0:00.02 
> /usr/sbin/cron
> root 24072  0.0  0.2   548  1660 ??  Is 2:51AM0:00.23 
> /usr/X11R6/bin/xdm
> root  3450  0.0  0.1  2320  1188 ??  I  2:51AM0:00.31 X: [priv] 
> (Xorg)
> root 16612  0.0  0.5  1332  5516 ??  Is 2:51AM0:00.60 xdm: :0 
> (xdm)
> u 3291  0.0  0.1   644   632 ??  Is 2:51AM0:00.02 /bin/sh 
> /etc/X11/xdm/Xsession
> u   65  0.0  0.1   644   624 ??  I  2:51AM0:00.03 /bin/sh 
> /home/u/.xsession
> u10190  0.0  0.5  1096  4828 ??  S  2:51AM0:00.31 cwm
> u15624  0.0  0.5  1584  5300 ??  Ss 2:52AM0:01.46 st
> u 6913  0.1  0.2  1160  2160 ??  Ss 2:52AM0:02.80 tmux: 
> server (/tmp/tmux-1000/default) (tmux)
> root 15233  0.0  0.0   632   504 ??  S  2:59AM0:00.00 /sbin/init
> root  9263  0.0  0.0   620   500 ??  S  2:59AM0:00.00 /sbin/init
> root  3639  0.0  0.0   620   496 ??  S  2:59AM0:00.00 /sbin/init
> root 30257  0.0  0.0   620   496 ??  S  2:59AM0:00.00 /sbin/init
> root  6873  0.0  0.0   632   504 ??  S  2:59AM0:00.00 /sbin/init
> u 1482  0.0  0.1   648   672 p0  Is 2:52AM0:00.13 /bin/ksh
> u17821  0.0  0.2   744  1588 p0  I+ 2:52AM0:00.04 tmux: 
> client (/tmp/tmux-1000/default) (tmux)
> u23676  0.0  0.1   652   688 p1  Ss 2:59AM0:00.05 -ksh (ksh)
> u 1353  0.0  0.0   392   376 p1  R+ 2:59AM0:00.00 ps -auxw
> u28398  0.0  0.1   652   696 p2  Is 2:53AM0:00.03 -ksh (ksh)
> u20896  0.0  0.5  2256  5272 p2  I+ 2:53AM0:00.34 mutt
> u24336  0.0  0.1   628   624 p2  I+ 2:54AM0:00.02 sh -c vi 
> '/tmp/mutt-f-1000-20896-2086274160382066302'
> u22876  0.0  0.3  1408  2692 p2  S+ 2:54AM0:00.18 vi 
> /tmp/mutt-f-1000-20896-2086274160382066302
> 
> vmstat
>

Re: Trying to move my httpd chroot

2016-03-19 Thread Kevin Chadwick 
> Your webserver should NOT be in /.
> Your /usr should not have 129G free.
> Your web server should not be in /usr.

In case your thinking does it matter beyond doing things correctly! What
sprang to my mind immediately is that those partitions won't have
things like nosuid,noexec settable without breaking things. Not to
mention a rogue web server may do extra damage like filling the
filesystem up may prevent upgrades etc. etc..

Partitioning on OpenBSD is a lot saner than on 'modern' Linux where too
much stuff now goes in /usr (now /!!), systemd cross links are one
insanity.

-- 

KISSIS - Keep It Simple So It's Securable

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread Joe Kowalski 
On Friday, March 18, 2016 5:20:26 PM ML mail wrote:
> Hi,
> 
> I just noticed that there is no Ruby version 1.9.3 package anymore in
> OpenBSD 5.9 (snapshots) although there is still version 1.8.7... Any ideas
> why? or was it simply forgotten?
> 
> Regards
> ML

Ruby 1.9 has been end of life for quite a while.
https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/
-- 
Joe Kowalski
BendTel
541-323-9116
jo...@bendtel.com

Re: segfault with stripped lib, works fine when non-stripped

2016-03-19 Thread Boudewijn Dijkstra 

Op Mon, 04 Jan 2016 22:54:24 +0100 schreef Jeremie Le Hen :

Yeah... when you read that subject you probably had this weird gaze ô_Ò
like I did when I came to that conclusion.

I've been experiencing segfaults in milter-greylist [...]
 So after some more tinkering I came to the following
conclusion: if I run strip(1) on /usr/local/lib/libbind/libbind.so.5.0
to remove the debugging symbols, then it will crash with the stacktrace
below.

Has anyone of you seen such a behavior in the past?

#0  0x1cc53e386d40 in memcpy (dst0=0x1cc5c48b7000, src0=Variable "src0"

is not available.

) at /usr/src/lib/libc/string/memcpy.c:94
#1  0x1cc4f4d496d8 in __res_vinit () from

/usr/local/lib/libbind/libbind.so.5.0

#2  0x1cc4f4d48bda in __res_ninit () from

/usr/local/lib/libbind/libbind.so.5.0

#3  0x1cc50b181905 in SPF_dns_resolv_lookup

(spf_dns_server=0x1cc5c48ab780, domain=0x1cc55122c1d0 "mydomain.org",
rr_type=ns_t_spf, should_cache=1) at spf_dns_resolv.c:261

[...]


I had the same stack trace with a simple test application
(http://www.libspf2.org/docs/html/ ). Except that my memcpy showed src=0,
len=16.  OpenBSD 5.8 i386 with stock libs (from packages). The prebuilt tools
(in /usr/local/libexec/libspf2/) ran fine. My Makefile had:
LDADD+= -lspf2

Segfaults disappeared when I changed that to:
LDADD+= -lbind -lspf2

So yeah, looks like conflicts between symbols.


--
(Remove the obvious prefix to reply privately.)
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Re: Trying to move my httpd chroot

2016-03-19 Thread Craig Skinner 
Hi Alan,

On 2016-03-16 Wed 20:58 PM |, Alan Corey wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.

Re-install (5.8) with a better partitioning layout:

$ mount -d /var/www
exec: mount_ffs -o rw -o nodev -o nosuid -o noexec -o softdep -o noatime 
/dev/[something] /var/www

Cheers!
-- 
You're at the end of the road again.

Re: Trying to move my httpd chroot

2016-03-19 Thread Nick Holland 
On 03/16/16 20:58, Alan Corey wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7.   No problem I thought, I've
> had to do it before.  So my /etc/httpd.conf looks like this:
> 
> chroot "/usr/htdocs"

hint: the default is /var/www.  NOT /var/www/htdocs.

> 
> server "d530.my.domain" {
>   listen on * port 80
> }
> 
> And I get logging into /usr/htdocs/logs but httpd doesn''t seem to
> find files in /usr/htdocs.  I get a 404 error that says OpenBSD httpd
> in it but it can't find even index.html which does exist.

actually, it doesn't.  man httpd.conf
 chroot directory
 Set the chroot(2) directory.  If not specified, it
 defaults to /var/www, the home directory of the www user.
...
 directory
 Set the document root of the server.  The directory is a
 pathname within the chroot(2) root directory of httpd.
 If not specified, it defaults to /htdocs.

You are trying to serve /usr/htdocs/htdocs/index.html, and that is a
good 404.

I verified that I could chroot to my /tmp dir and serve a file out of
/tmp/htdocs/ with no problem.

> I've played
> with htdocs vs htdocs/.  If I comment out the chroot line it finds
> files in /var/www/htdocs.  My /usr is in a different MBR partition
> (actually an exended one) with 129 gigs free.

and this is also wrong.
Your webserver should NOT be in /.
Your /usr should not have 129G free.
Your web server should not be in /usr.
You really need to be reloading that system with a less insane
partitioning plan.  Then you don't have to worry about moving the
chroot.  It can be done.  But don't.  Just don't.  Not for this reason.
 You need to upgrade soon anyway.  Good time to rebuild properly.

Nick.

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread Stuart Henderson 
On 2016-03-18, ML mail  wrote:
> You mean I should just take the ports.tar.gz file of OpenBSD 5.8 and compile 
> ruby 1.9 from there? 
>
>
> I don't really know where is this CVS attic that you mention. 

This is probably the best way (which includes the security fix in -stable):

$ cd /usr/ports/lang/ruby
$ cvs up -r OPENBSD_5_8 1.9
U 1.9/Makefile
U 1.9/distinfo
U 1.9/patches/patch-common_mk
U 1.9/patches/patch-compile_c
U 1.9/patches/patch-configure
U 1.9/patches/patch-ext_dl_handle_c
U 1.9/patches/patch-ext_openssl_lib_openssl_ssl-internal_rb
U 1.9/patches/patch-ext_tk_extconf_rb
U 1.9/patches/patch-lib_fileutils_rb
U 1.9/patches/patch-lib_rubygems_commands_install_command_rb
U 1.9/patches/patch-lib_rubygems_dependency_installer_rb
U 1.9/patches/patch-lib_rubygems_ext_builder_rb
U 1.9/patches/patch-lib_rubygems_specification_rb
U 1.9/patches/patch-test_openssl_test_ssl_rb
U 1.9/pkg/DESCR-dbm
U 1.9/pkg/DESCR-gdbm
U 1.9/pkg/DESCR-main
U 1.9/pkg/DESCR-ri_docs
U 1.9/pkg/DESCR-tk
U 1.9/pkg/MESSAGE-main
U 1.9/pkg/PLIST-dbm
U 1.9/pkg/PLIST-gdbm
U 1.9/pkg/PLIST-main
U 1.9/pkg/PLIST-ri_docs
U 1.9/pkg/PLIST-tk
U 1.9/pkg/UNMESSAGE-main

Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing

2016-03-19 Thread ML mail 
Thanks for the info. I have now started to compile Ruby 1.9.3 on OpenBSD 5.9 
but face the following errors:

BUILD FAILED (OpenBSD 5.9 using ruby-build 20160228-5-g522f3ba)

Inspect or clean up the working tree at /tmp/ruby-build.20160318182812.50827
Results logged to /tmp/ruby-build.20160318182812.50827.log

Last 10 log lines:
linking shared-object -test-/string/string.so
compiling wait_for_single_fd.c
installing default wait_for_single_fd libraries
linking shared-object -test-/wait_for_single_fd/wait_for_single_fd.so
compiling bigdecimal.c
cp: cannot overwrite directory ../../.ext/common/bigdecimal with non-directory 
../.././ext/bigdecimal/lib/bigdecimal/newton.rb
*** Error 1 in ext/bigdecimal (Makefile:178 
'../../.ext/common/bigdecimal/newton.rb': @ cp 
../.././ext/bigdecimal/lib/bigdecimal/newton.rb )
*** Error 1 in target '../../.ext/common/bigdecimal/newton.rb'
*** Error 2 in . (exts.mk:64 'ext/bigdecimal/all')
*** Error 2 in /tmp/ruby-build.20160318182812.50827/ruby-1.9.3-p484 
(Makefile:569 'build-ext')

Any ideas?




On Friday, March 18, 2016 6:37 PM, Michael McConville  wrote:
ML mail wrote:

> I just noticed that there is no Ruby version 1.9.3 package anymore in
> OpenBSD 5.9 (snapshots) although there is still version 1.8.7... Any
> ideas why? or was it simply forgotten?

https://marc.info/?t=14402593751=1=2

In the future, marc.info and your search engine of choice are good means
of answering such questions.

Re: wireshark illegal instruction on older systems

2016-03-19 Thread Peter Kay 
It's not an AVX instruction, as Wireshark runs on a Core2Duo pre Sandy
Bridge when AVX arrived.

I agree that it looks too heavy for a P2, and last time I ran it under
*nix it would have been the gtk version, I was surprised at all the
dependencies it pulled in.

This issue is only likely to get worse, is it wise to do a CPU check,
and refuse to install some packages?

PK

On 16/03/2016, Vadim Zhukov  wrote:
> 2016-03-15 21:33 GMT+03:00 Stuart Henderson :
>> On 2016-03-15, Peter Kay  wrote:
>>> It's a MOVSD SSE instruction. Tshark is ok. I can cope with that or
>>> tcpdump
>>> if need be, but here's the output :
>>
>> I think this variant of MOVSD might be AVX?
>>
>>> Starting program: /usr/local/bin/wireshark
>>> warning: Lowest section in /usr/local/lib/libicudata.so.9.0 is .hash at
>>> 0154
>>>
>>> Program received signal SIGILL, Illegal instruction.
>>> 0x06d685fb in _GLOBAL__sub_I_qguiapplication.cpp () from
>>> /usr/local/lib/qt5/./libQt5Gui.so.1.1
>>
>> Looks like it's in Qt5 then. Wireshark still has the "legacy" gtk GUI
>> (it's in a subpackage), you could try that instead for now.
>>
>> Looks like Qt autodetects at build time, we probably want to configure
>> on i386 with no-avx, no-avx2, no-sse4.1, no-sse4.2, maybe no-ssse3.
>> (SSE2 is probably reasonable to expect for Qt5 apps, it's present on
>> Netburst, Pentium-M, Atom, C7 etc. which seems a sane cut-off point
>> for heavy GUI apps).
>
> Yeah. I've patched qmake files, but missed those bits. Modern amd64
> makes you blind sometimes. :(
>
> --
>   WBR,
>   Vadim Zhukov

Re: relayd - prefork option seems to be ignored

2016-03-19 Thread Tobias Feldhaus 
Yes. Ordering is important *D'oh*:

Putting prefork before the table  definition fixed the issue.

On Wed, Mar 16, 2016 at 2:02 PM, Tobias Feldhaus 
wrote:

> According to relayd.conf(5) the prefork option should spawn the defined
> number of processes to handle relayed connections - the default is 3.
>
> I've tried setting it to 5, 10, and 12 on OpenBSD 5.8 - but it seems
> like it is getting ignored, as ps(1) always shows me 3 relay processes,
> which is the default number:
>
> USER PIDCOMMAND
> root 17010  relayd: parent (relayd)
> _relayd   3243  relayd: pfe (relayd)
> _relayd  16594  relayd: hce (relayd)
> _relayd   4279  relayd: ca (relayd)
> _relayd  28332  relayd: ca (relayd)
> _relayd   4436  relayd: ca (relayd)
> _relayd  24605  relayd: relay (relayd)
> _relayd  19110  relayd: relay (relayd)
> _relayd  15295  relayd: relay (relayd)
>
> Am I missing something?
>
> ###
> # relayd.conf
>
> ip4_244 = "xx.xx.xx.244"
> ip4_245 = "xx.xx.xx.245"
>
> tracker5 = "10.5.3.34"
> tracker6 = "10.5.3.42"
> tracker7 = "10.5.3.50"
> table  { $tracker5, $tracker6, $tracker7 }
>
> prefork 10
>
> http protocol https {
>   tcp { nodelay, sack, socket buffer 65536, backlog 128 }
>
>   match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
>   match request header append "X-Forwarded-By" \
>   value "$SERVER_ADDR:$SERVER_PORT"
>   match header set "Keep-Alive" value "$TIMEOUT"
>
>   pass
>   tls { no tlsv1.0, ciphers "HIGH:!aNULL" }
>   tls session cache disable
> }
>
> relay wwwssl {
>   listen on $ip4_244 port 443 tls
>   listen on $ip4_245 port 443 tls
>   protocol "https"
>   forward to  port 8083 mode roundrobin check tcp
>   session timeout 60
> }
>
> relay www {
>   listen on $ip4_244 port 80
>   listen on $ip4_245 port 80
>   forward to  port 8083 mode roundrobin check tcp
> }
>



--
*Tobias Feldhaus | Data Engineer*

Wooga GmbH | Saarbrücker Str. 38 | D-10405 Berlin
Place of business: Berlin
Registered at the local court Berlin-Charlottenburg, HRB 117846 B
Managing Directors: Jens Begemann, Philipp Möser, Jan Miczaika

Re: OpenNTP features

2016-03-19 Thread lists 
Wed, 16 Mar 2016 13:23:08 +0200 Gabor Juhasz 
> In our IoT project we have to select an NTPd for our embedded device
> in order it can have accurate time.

Relatively correct time within specified tolerance, not accurate.

> It uses 3G/4G mobile net. Of course the net is expensive so we have to
> reduce the network usage. Currently we have 2 candidates : OpenNTPd and

Sync to a local time server over some inexpensive wireless then.

> In OpenNTP (5.7p4)  we are missing some features and we are looking

The features you mentioned are your wrapper environment responsibility.

Re: cannot allocate memory

2016-03-19 Thread Roman Gorelov 
Solved, thank you. I was imprudent.