Picking the nearest (not necessarily fastest) anoncvs server

[Dinesh Thirumurthy]

Hi,

> Just use cvs from a mirror outisde the US? You don't *need* to use
> github, github is a copy anyway and only cvs is authorative.
> 
>   -Otto

So was wondering which anoncvs server to pick?

After some text processing of traceroute outputs, we get ...

(server, rtt in ms, path info from geoip)

openbsd$ doas pkg_add GeoIP
openbsd$ ./do.sh
# no usa
 files.venture37.com 259.876 ok path in eu nl fr
  anoncvs.fr.openbsd.org 272.584 ok path in eu de fr
   mirror.osn.de 273.362 ok path in eu de
  anoncvs.eu.openbsd.org 285.433 ok path in eu se
anoncvs.comstyle.com 296.403 ok path in eu fr de ca
 openbsd.park.rambler.ru 298.014 ok path in eu ru
   ftp.hostserver.de 307.055 ok path in eu de fr de
  anoncvs.au.openbsd.org 324.136 ok path in au

# usa in path or destination
anoncvs1.usa.openbsd.org 247.272 !! path in us sg us
   anoncvs.obsd.esc7.net 257.454 !! path in eu us
 anoncvs.spacehopper.org 261.560 !! path in eu us es gb
anoncvs4.usa.openbsd.org 263.134 !! path in eu us
   mirror.planetunix.net 270.129 !! path in us
anoncvs2.usa.openbsd.org 278.932 !! path in eu us
  anoncvs.jp.openbsd.org 280.826 !! path in sg us sg us jp
 obsdacvs.cs.toronto.edu 286.313 !! path in us ca
 anoncvs.obsd.si 296.748 !! path in eu us eu us rs si
 anoncvs2.ca.openbsd.org 298.337 !! path in eu us ca
anoncvs3.usa.openbsd.org 301.577 !! path in eu us
 anoncvs1.ca.openbsd.org 305.934 !! path in eu us ca
mirror.litnet.lt 309.189 !! path in eu us eu us gb lt
openbsd$ ^D

Source: https://github.com/hakrtech/anoncvs.git

Have fun! Checkout paths to all anoncvs servers. 

No South American nor African servers. Or them along the paths. :-(

Interestingly if I choose a Canada server from India, it reaches 
Canada via USA. I am assuming crypto source should not transit through
USA. 

I observed GeoIP database has some bugs. It generates a few wrong
answers. It mentions a bunch of places as US. But other databases
mention it as Austria. 

Path from India to Japan is mentioned as India -> Singapore -> USA
Singapore -> USA -> Japan. That cant be right.

Kindly do not believe the path info too much. An approximation at best.

Thanks very much.

Regards,
Dinesh

Re: cvs2gitdump dumps core when trying process src

[Dinesh Thirumurthy]

Hi Edgar,

Thanks.

> Not sure if this would cause it or not, but is your /usr/local mounted with 
> wxallowed?

Yes. It is. 

$ mount | grep /usr/local
/dev/wd0h on /usr/local type ffs (local, nodev, wxallowed)

Regards,
Dinesh

Re: cvs2gitdump dumps core when trying process src

[edgar]

On Dec 23, 2017 4:02 PM, Dinesh Thirumurthy  
wrote:
>
> Hi Stuart and Everyone,
>
>
> > The conversion on github is done with cvs2gitdump. 
>
> git2cvsdump dumps core on latest current.
> I am stumped after some basic investigation.
>
> /usr/local/bin/cvs2gitdump dumps core.

Not sure if this would cause it or not, but is your /usr/local mounted with 
wxallowed?
>
> Repeated it with latest cvs2gitdump at
> https://github.com/yasuoka/cvs2gitdump/blob/master/cvs2gitdump.py
>
> That also failed. 
> Looked into stacktrace, some problem at rcsparse. So tried installing 
>
> pkg_add -vvv py-rcsparse
>
> It said I am ok. No change in py-rcsparse-20151027.
>
> What I did:
>
> mkdir x
> cd x
> cvs -qd anon...@anoncvs.jp.openbsd.org:/cvs checkout -P src
> mv src src0 # save a copy for later use
> cp -r src0 src1 # use a copy of the repo
> pkg_add -vvv cvs2gitdump 
> # follow instructions given in source also at
> https://github.com/yasuoka/cvs2gitdump/blob/master/cvs2gitdump.py
> git init --bare git1.git
> cvs2gitdump -k OpenBSD -e openbsd.org /home/user/x/src1 > openbsd.dump
> # will dump core or rather dumps core for me.
> # running generic kernel on virtual box of current
>
> session and stack trace below.
> Some issues in rcscheckout()
> But most likely some configuration or user error.
>
> Any pointers?
>
> Thank you.
>
> Those which to see the session output separately, it is at 
>
> https://github.com/hakrtech/issues/blob/master/001-x.txt
>
> Regards,
> Dinesh
>
>
> Script started on Sun Dec 24 08:17:47 2017
> openbsd$ pwd
> /home/dt/x
> openbsd$ ls -l
> total 48
> -rwxr-xr-x   1 dt  dt  20899 Dec 24 08:00 cvs2gitdump.py
> drwxr-xr-x  17 dt  dt 512 Dec 24 08:09 src1
> -rw-r--r--   1 dt  dt    0 Dec 24 08:17 x.out
> openbsd$ git init --bare /home/dt/x/git1.git
> Initialized empty Git repository in /home/dt/x/git1.git/
> openbsd$ type cvs2gitdump
> cvs2gitdump is /usr/local/bin/cvs2gitdump
> openbsd$ cvs2gitdump -k OpenBSD -e openbsd.org /home/dt/x/src1 >
> openbsd.dump
> ** walk cvs tree
> Segmentation fault (core dumped)
> openbsd$ ls -l
> total 16536
> -rwxr-xr-x   1 dt  dt 20899 Dec 24 08:00 cvs2gitdump.py
> drwxr-xr-x   7 dt  dt    512 Dec 24 08:19 git1.git
> -rw-r--r--   1 dt  dt  0 Dec 24 08:20 openbsd.dump
> -rw---   1 dt  dt  8414024 Dec 24 08:20 python2.7.core
> drwxr-xr-x  17 dt  dt    512 Dec 24 08:09 src1
> -rw-r--r--   1 dt  dt    577 Dec 24 08:20 x.out
> openbsd$ gdb python2.7 python2.7.core
> GNU gdb 6.3
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
> This GDB was configured as "amd64-unknown-openbsd6.2"...
> (no debugging symbols found)
>
> Core was generated by `python2.7'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/lib/libpthread.so.25.1...done.
> Loaded symbols for /usr/lib/libpthread.so.25.1
> Loaded symbols for /usr/local/bin/python2.7
> Reading symbols from /usr/local/lib/libpython2.7.so.0.0...done.
> Loaded symbols for /usr/local/lib/libpython2.7.so.0.0
> Symbols already loaded for /usr/lib/libpthread.so.25.1
> Reading symbols from /usr/lib/libutil.so.13.0...done.
> Loaded symbols for /usr/lib/libutil.so.13.0
> Reading symbols from /usr/lib/libm.so.10.0...done.
> Loaded symbols for /usr/lib/libm.so.10.0
> Reading symbols from /usr/lib/libc.so.92.1...done.
> Loaded symbols for /usr/lib/libc.so.92.1
> Reading symbols from /usr/libexec/ld.so...done.
> Loaded symbols for /usr/libexec/ld.so
> Reading symbols
> from /usr/local/lib/python2.7/lib-dynload/_locale.so...done.
> Loaded symbols for /usr/local/lib/python2.7/lib-dynload/_locale.so
> Reading symbols from /usr/local/lib/libintl.so.6.0...done.
> Loaded symbols for /usr/local/lib/libintl.so.6.0
> Reading symbols from /usr/local/lib/libiconv.so.6.0...done.
> Loaded symbols for /usr/local/lib/libiconv.so.6.0
> Reading symbols
> from /usr/local/lib/python2.7/site-packages/rcsparse.so...done.
> Loaded symbols for /usr/local/lib/python2.7/site-packages/rcsparse.so
> Reading symbols
> from /usr/local/lib/python2.7/lib-dynload/strop.so...done.
> Loaded symbols for /usr/local/lib/python2.7/lib-dynload/strop.so
> Reading symbols
> from /usr/local/lib/python2.7/lib-dynload/time.so...done.
> Loaded symbols for /usr/local/lib/python2.7/lib-dynload/time.so
> Reading symbols
> from /usr/local/lib/python2.7/lib-dynload/select.so...done.
> Loaded symbols for /usr/local/lib/python2.7/lib-dynload/select.so
> Reading symbols
> from /usr/local/lib/python2.7/lib-dynload/fcntl.so...done.
> Loaded symbols for /usr/local/lib/python2.7/lib-dynload/fcntl.so
> Reading symbols
> from /usr/local/lib/python2.7/lib-dynload/_struct.so...done.
> Loaded symbols for 

cvs2gitdump dumps core when trying process src

[Dinesh Thirumurthy]

Hi Stuart and Everyone,


> The conversion on github is done with cvs2gitdump. 

git2cvsdump dumps core on latest current.
I am stumped after some basic investigation.

/usr/local/bin/cvs2gitdump dumps core.

Repeated it with latest cvs2gitdump at
https://github.com/yasuoka/cvs2gitdump/blob/master/cvs2gitdump.py

That also failed. 
Looked into stacktrace, some problem at rcsparse. So tried installing 

pkg_add -vvv py-rcsparse

It said I am ok. No change in py-rcsparse-20151027.

What I did:

mkdir x
cd x
cvs -qd anon...@anoncvs.jp.openbsd.org:/cvs checkout -P src
mv src src0 # save a copy for later use
cp -r src0 src1 # use a copy of the repo
pkg_add -vvv cvs2gitdump 
# follow instructions given in source also at
https://github.com/yasuoka/cvs2gitdump/blob/master/cvs2gitdump.py
git init --bare git1.git
cvs2gitdump -k OpenBSD -e openbsd.org /home/user/x/src1 > openbsd.dump
# will dump core or rather dumps core for me.
# running generic kernel on virtual box of current

session and stack trace below.
Some issues in rcscheckout()
But most likely some configuration or user error.

Any pointers?

Thank you.

Those which to see the session output separately, it is at 

https://github.com/hakrtech/issues/blob/master/001-x.txt

Regards,
Dinesh


Script started on Sun Dec 24 08:17:47 2017
openbsd$ pwd
/home/dt/x
openbsd$ ls -l
total 48
-rwxr-xr-x   1 dt  dt  20899 Dec 24 08:00 cvs2gitdump.py
drwxr-xr-x  17 dt  dt512 Dec 24 08:09 src1
-rw-r--r--   1 dt  dt  0 Dec 24 08:17 x.out
openbsd$ git init --bare /home/dt/x/git1.git
Initialized empty Git repository in /home/dt/x/git1.git/
openbsd$ type cvs2gitdump
cvs2gitdump is /usr/local/bin/cvs2gitdump
openbsd$ cvs2gitdump -k OpenBSD -e openbsd.org /home/dt/x/src1 >
openbsd.dump
** walk cvs tree
Segmentation fault (core dumped)
openbsd$ ls -l
total 16536
-rwxr-xr-x   1 dt  dt20899 Dec 24 08:00 cvs2gitdump.py
drwxr-xr-x   7 dt  dt  512 Dec 24 08:19 git1.git
-rw-r--r--   1 dt  dt0 Dec 24 08:20 openbsd.dump
-rw---   1 dt  dt  8414024 Dec 24 08:20 python2.7.core
drwxr-xr-x  17 dt  dt  512 Dec 24 08:09 src1
-rw-r--r--   1 dt  dt  577 Dec 24 08:20 x.out
openbsd$ gdb python2.7 python2.7.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "amd64-unknown-openbsd6.2"...
(no debugging symbols found)

Core was generated by `python2.7'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.25.1...done.
Loaded symbols for /usr/lib/libpthread.so.25.1
Loaded symbols for /usr/local/bin/python2.7
Reading symbols from /usr/local/lib/libpython2.7.so.0.0...done.
Loaded symbols for /usr/local/lib/libpython2.7.so.0.0
Symbols already loaded for /usr/lib/libpthread.so.25.1
Reading symbols from /usr/lib/libutil.so.13.0...done.
Loaded symbols for /usr/lib/libutil.so.13.0
Reading symbols from /usr/lib/libm.so.10.0...done.
Loaded symbols for /usr/lib/libm.so.10.0
Reading symbols from /usr/lib/libc.so.92.1...done.
Loaded symbols for /usr/lib/libc.so.92.1
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/_locale.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/_locale.so
Reading symbols from /usr/local/lib/libintl.so.6.0...done.
Loaded symbols for /usr/local/lib/libintl.so.6.0
Reading symbols from /usr/local/lib/libiconv.so.6.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.6.0
Reading symbols
from /usr/local/lib/python2.7/site-packages/rcsparse.so...done.
Loaded symbols for /usr/local/lib/python2.7/site-packages/rcsparse.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/strop.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/strop.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/time.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/time.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/select.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/select.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/fcntl.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/fcntl.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/_struct.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/_struct.so
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/binascii.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/binascii.so
Reading symbols from /usr/lib/libz.so.5.0...done.
Loaded symbols for /usr/lib/libz.so.5.0
Reading symbols
from /usr/local/lib/python2.7/lib-dynload/cStringIO.so...done.
Loaded symbols for /usr/local/lib/python2.7/lib-dynload/cStringIO.so
Reading 

Re: PCEngines APU2 Wifi router issues

[Steve Williams]

On 22/12/2017 7:00 PM, Carlos Cardenas wrote:

George  wrote:


On Thu, 21 Dec 2017 21:25:44 -0800
Carlos Cardenas  wrote:


George  wrote:


Hi guys,

I got the apu2b4 to build a wifi router with an Intel Dual Band
Wireless AC 7260 wifi module. The module firmware was loaded by
fw_update at first boot and connecting to my existing AP works but
when

I try to set it up as an access point with:

ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid
MySSID wpakey MyKey

I get in ifconfig iwm0
...
status: no network
...

and associating/connecting from my Linux laptop does not work... I
am not even seeing the AP with this "MySSID" in the scan listing.
Any suggestions or ideas as to what might be wrong are welcome.

TIA
George


George,

iwm(4) is not capable for access point usage.

Check out https://www.openbsd.org/faq/faq6.html#Wireless for a list.

+--+
Carlos

Sorry but now I have another question I live in Canada and the
PCEngines website points to one reseller here and they seem to not have
the right card:

https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/

any idea where I can get one preferably in Canada.

Thanks in advance.
George

They had the WLE200NX listed on the page:
https://corpshadow.biz/bizstore/compex/dualband-80211n-mimo-2x2-minipcie.html

If you don't like that card, you can always pick something up on ebay.

+--+
Carlos


Hi,

I have one of those cards (WLE200NX ) in my APU.  Be aware that OpenBSD 
drivers don't give very fast performance for it.  Lots about it in the 
email list archives.


Mine shows up (OpenBSD 6.1) as:

   athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5 int 16
   athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:1b:b3:68


Cheers,
Steve Williams

Re: New default setup for touchpads in X

[Matthias Schmidt]

* Matthias Schmidt wrote:
> Hi Ulf,
> 
> * Ulf Brosziewski wrote:
> > If you're following -current, or if you upgrade your system with the
> > next or a future snapshot, please note that the default setup for
> > touchpads in X will change.
> 
> Finally, I found the time to switch from Synaptics to the ws driver.
> Running current from Dec 23 here.
> 
> mouse.type=synaptics
> mouse.rawmode=0
> mouse.scale=1266,5676,1096,4758,0,45,68
> mouse.tp.tapping=0
> mouse.tp.scaling=0.160
> mouse.tp.swapsides=0
> mouse.tp.disable=0
> mouse1.type=ps2
> 
> Using a Thinkpad T450s here.  So far, I tested two-finger scrolling and
> the usual touchpad actions.  I noticed two things:
> 
> 1. The pointer speed seems a bit slow for me.  Can I somehow
> increase the speed?

Ignore this.  While I looked at the man page I overlooked the misc@
posting.

Cheers

Matthias

Re: New default setup for touchpads in X

[Matthias Schmidt]

Hi Ulf,

* Ulf Brosziewski wrote:
> If you're following -current, or if you upgrade your system with the
> next or a future snapshot, please note that the default setup for
> touchpads in X will change.

Finally, I found the time to switch from Synaptics to the ws driver.
Running current from Dec 23 here.

mouse.type=synaptics
mouse.rawmode=0
mouse.scale=1266,5676,1096,4758,0,45,68
mouse.tp.tapping=0
mouse.tp.scaling=0.160
mouse.tp.swapsides=0
mouse.tp.disable=0
mouse1.type=ps2

Using a Thinkpad T450s here.  So far, I tested two-finger scrolling and
the usual touchpad actions.  I noticed two things:

1. The pointer speed seems a bit slow for me.  Can I somehow
increase the speed?
2. Two-finger scrolling takes more 'activation energy' compared to the
Synaptic driver.  With the latter I only needed to lightly scroll over
the touchpad to trigger scrolling.  With ws I need to push the fingers
harder on the trackpad.  Example: With ws I need 7 scroll actions to
scroll down the entire "Install FAQ" article.  With synaptics I only
need 4 scroll actions.

Cheers

Matthias

Re: remastering as a live disk

[Nick Holland]

On 12/23/17 00:23, Philip Mundhenk wrote:
> Are there any tools for cloning an OpenBSD installation as a live
> disk, like the ones in the in the Debian (Respin;  Remastersys) and
> Mandrake (Makecd?) families of Gnu/Linuxes? Or any reasonably
> painless way of making a customized OpenBSD live disk?

Live CD?  Do people still do that?  There are ways, not worth the
trouble.  Sheesh.  CDROMs are so ... 1990s, apparently.

Live USB?  Sure.  Just (get this) INSTALL TO A USB DRIVE! (what a
surprise, huh?).  Just a normal install.  Really.  When it asks what
drive to install on, point it to your USB drive.

Ok, ok, people love to twist knobs to say they DID SOMETHING unique and
special, so here are a few tips:
* Don't bother to install compXX.tgz.  It's slow to install on a flash
drive, and you are unlikely to be compiling anything.
* Create lots of "/etc/hostname.xx0" files (or hard link them all) for
every NIC you are likely to encounter.  contents of the file: "dhcp"
* noatime and softdeps are not just your friend, but just about required
on a flash drive (/etc/fstab)
* Encrypting your flash drive is a good idea.  I lose mine all the time.
 Bad to lose your ssh keys or whatever it is you are trying to carry
around with you, worse to have someone else find them (bioctl).
* change the code in /boot from saying ">> OpenBSD/amd64 BOOT 3.33" to
"HaHa! your machine is now infected with a virus", and "boot>" to
"you're screwed>".  Or "UR Skrewd>" to make it look more authentic.  At
least when you lose your flash drive, you will get a good laugh knowing
what will happen when someone finds it and wonders what's on it!  (and
cool thing is, since they will probably try to boot it on a Windows
machine...and they are prone to stupidly sticking things in their
computer, the message is very possibly right!) (man release)
* A small MFS /tmp might be a really good idea if your apps use it.
(mount_mfs)
* Put an FAT partition at the beginning of the disk, that way it's still
handy to move files around...double duty!  You will probably have to
partition it on OpenBSD, last I looked, Windows doesn't believe there is
any reason to partition removable media (heh), but it will use just FAT
partitions if they exist "somehow". (fdisk, newfs_msdos)
* If you really use this a lot, maybe invest in a USB SSD rather than
USB Flash drive.

Nick.

Re: Simple scripts to rebuild your OpenBSD src and xenocara and cut an ISO.

[Dinesh Thirumurthy]

Hi Thomas,

> The OpenBSD homepage describes a preferred license. It's the first link on
> https://www.openbsd.org/policy.html

 Thanks very much. Licensed it OpenBSD style. :-)

https://github.com/hakrtech/reladm/blob/master/LICENSE

 with a basic README

https://github.com/hakrtech/reladm/blob/master/README

 A droplet of an indirect contribution the OpenBSD Project. 
My first contribution to OpenBSD community. Hopefully not last.

 If any one wants to review it, improve it, kindly feel free. And
connect with me on github.com. I am hakrdinesh. 

 Thanks again.

Regards,
Dinesh

Re: Is it okay to clone OpenBSD from GitHub from India?

[Dinesh Thirumurthy]

Stuart,


> The conversion on github is done with cvs2gitdump.

  Thanks very much. I will try this. 

> For git-cvs here's a snip from the mail I wrote Uwe back in 2015:
> 
>   << When an update is committed to a file that was previously imported,
>   the import is shown again in "git log". It looks like it happens for the
>   first commit after import. >>

  Okay. Thanks. I hope to understand it better when I do it  myself. 
 
  I am looking to create a git repo outside USA/Canada for to serve a
whole bunch of people downstream.

 I do not expect users/students/teachers to have great connectivity, 
Disconnected operation is important for me/my users.

 I believe if students start tracking OpenBSD current and keep
recompiling OpenBSD nightly, they will feel pumped and probably do more
coding, look around the various parts of it, and then I will be able to
reach out to a whole set of graduates who will become proficient C
programmers, using 1 UNIX-like OS (OpenBSD here). Better still, they are
programming on a solid production grade OS.

 I am seeing that effect on myself and my intern. :-)

 You always end up liking something if you have built/assembled it or
have been a part of building it. I recently came to know that is called
the IKEA Effect [https://en.wikipedia.org/wiki/IKEA_effect].
 
 I think OpenBSD, git, a git hosting server(TBD) and VirtualBox will be
good combination.

 Thanks again for your help. 

Regards,
Dinesh

Re: Simple scripts to rebuild your OpenBSD src and xenocara and cut an ISO.

[frohw...@ymail.com]

Hi Dinesh,

The OpenBSD homepage describes a preferred license. It's the first link on

https://www.openbsd.org/policy.html

Thomas

On December 23, 2017 4:56:51 AM PST, Dinesh Thirumurthy 
 wrote:
>Hi,
>
>If anyone wants to try to very simple way to compile your OpenBSD box,
>(man release rocks), but that might be a daunting for a person
>just getting into the UNIX/OpenBSD world. 
>
>So, I wrote some syntactic sugar which makes it very easy:
>
>doas mkkern.sh # compile kernel
>doas mkbase.sh # compile base
>doas mkxeno.sh # compile xenocara
>doas mkrel.sh  # cut an iso
>
>You can get it from:
>https://github.com/hakrtech/reladm.git
>
>Usage Instructions at:
>
>https://github.com/hakrtech/src/wiki/Home
>
>I would also like to give back by appropriately OpenBSD
>style/philosophy
>licensing it. I have not figured that out yet. Hopefully soon. BSD2,3,4
>vs MIT vs ... 
>
>Thanks. Have fun!
>
>Regards,
>Dinesh

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: bug tracking system for OpenBSD

[Kapetanakis Giannis]

On 23/12/17 12:24, Stuart Henderson wrote:

Forwarded? No way! Same for bugs@ as tech@. It needs manual work to
triage, identify what is a bug, follow up with the reporter to make
sure the report is accurate and has enough information to be useful.
Same whatever the entry point is. If reporters can add bugs to it
directly, they need to go into a triage queue and *not* appear in the
main system until that's done.

The idea of a bug tracking system is to spread the work and help
people remember things. It should *reduce* work done by devs because
they no longer have to drag even the most basic information out
of a reporter and figure out whether it's a bug or user error
or a support request in disguise.

If it means *extra* work for devs, it's not going to work.




I still don't agree with you about maintaining both @tech/@bugs in 
correlation with a web interface (bugtracking).

Not a gain, just extra trouble.

What happens in other places is that if a mail comes that looks like a 
possible ticket (not resolvable by mail), someone replies and says 
"please open bug report in https://...;

so we can track it.

However you 're right with the last paragraph above and it's something I 
haven't thought before.
More people might get involved and eventually this might get some work 
out of the devs.


G

Re: Is it okay to clone OpenBSD from GitHub from India?

[Stuart Henderson]

On 2017-12-23, Dinesh Thirumurthy  wrote:
> Stephan,
>
> Thank you.
>
>> Note that openbsd's github conversion is not considered stable yet.
>
> I was using github.com because it is (ahem) more palatable. :-)
> So, it should be a hit with students. 
>
>> Which means all commit hashes could change at any time. Regardless
>> of the crypto export issue, I would not rely on it for very important
>> tasks until it is declared stable.
>
> Okay. I fine with that.
>
>> If you really want it in git format without legal trouble, you could
>> create your own git conversion with e.g. git-cvs ('pkg_add git-cvs').
>
> Thanks very much. I was trying to get in touch with Bob Beck to figure
> this out.
>
> Regards,
> Dinsh
>
>
>

The conversion on github is done with cvs2gitdump. After testing all of
the conversion tools I could find, this was the one which had the fewest
problems with OpenBSD's slightly broken rcs files. (In particular,
anything which tries to convert branches is very likely to break).

For git-cvs here's a snip from the mail I wrote Uwe back in 2015:

  << When an update is committed to a file that was previously imported,
  the import is shown again in "git log". It looks like it happens for the
  first commit after import. >>

Re: rdomain/rtable

[Sebastian Benoit]

Paul B. Henson(hen...@acm.org) on 2017.12.19 17:54:48 -0800:
> I've got a box with an LTE cellular modem in it whose purpose is to provide
> a backup connection to the Internet if the hardwire service goes down. It's
> running OSPF to connect to the rest of the network, and the only time any
> traffic should go over the cellular link (which is slower and bandwidth
> capped) is if the hardwire interconnection is down, including ideally
> traffic generated from the system itself.
> 
> I have that part working, by adding in a local static default route to the
> cellular gateway with less priority than the OSPF default route. However,
> for testing purposes, I'd like to be able to poke out the cellular link on
> an as-needed basis without having to switch the entire box over to using it.
> Virtual routing tables looked perfect for this purpose, as I could just
> spawn a single process with a different default route, we do something
> similar with network name spaces under Linux.
> 
> However, I can't quite get it to work. What I'd really like is to be able to
> make a copy of the current system routing table, then change one thing about
> it. However, a new rdomain shows up with no routes or interfaces in the
> routing table. I can add the new default route pointing out the cellular
> link, and get traffic to go out there. 

When you create a new routing domain, for example by adding an interface to
a routing domain (e.g. ifconfig umb0 rdomain 10), you create a new routing
table 10. It will be empty until you add an address on umb0 or, for example
add your default route.

This routing table will be used to forward packets that are "in that routing
domain" (the packet is marked with the rdomain or rather the rtable it will
use). How does the packet get marked?

Three ways:

* with pf, as you have discovered. As the manpage documents, the
mark needs to be set before route lookup is done.

* when a paket comes in on an interface in rdomain 10, it will stay in
rdomain 10 (unless pf changes it).

* a packet is generated on the local machine by a process that "is in that
routing domain". I.e. processes are also marked with a rdomain.

To start a process in a specific rdomain (10), use "route -T 10 exec
command", for example

  route -T 10 exec ping -n ip

or even

  route -T 10 exec ksh

Processes spawned by that shell will inherit the rdomain.

Note that i used -n in the ping example. DNS resolving using the resolvers
in resolv.conf might not work, as long as those resolvers are not reachable
in rdomain 10.

Hope this helps ...

> But I haven't sorted out how to make
> all the traffic for my internal network still go through the internal link
> rather than get sent out the default route. While ideally all the OSPF
> routes would propagate to the other routing domain I tried just adding a
> static to the /16 for our internal address space:
> 
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio
> Iface
> default24.x.x.x  UGS06 - 8 umb0
> 10.0/1610.128.0.21UGS00 - 8 em0
> 
> That doesn't work; the documentation says you need to get pf to pass packets
> across routing domains. However, it says:
> 
> rtable number
> Used to select an alternate routing table for the routing lookup.
> Only effective before the route lookup happened, i.e. when
> filtering inbound.
> 
> Unfortunately, for traffic originating from the system itself, there isn't
> really an "inbound" interface? So I'm not sure what pf rule would make this
> work. Is it just not possible, or am I missing something?
> 
> Thanks much.
> 

-- 

Re: relayd stops processing traffic intermittently

[Claudio Jeker]

On Sat, Dec 23, 2017 at 02:04:19PM +0100, Mischa Peters wrote:
> 
> > On 23 Dec 2017, at 13:08, Claudio Jeker  wrote:
> > 
> >> On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
> >> Hi All,
> >> 
> >> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
> >> (GENERIC.MP#305) as well, for some reason relayd stops processing traffic 
> >> and starts flooding the log file with the following message:
> >> 
> >> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
> >> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
> >> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
> >> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
> >> [snip]
> >> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
> >> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
> >> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
> >> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
> >> ...etc...
> >> 
> >> Restarting the daemon "fixes" the problem.
> >> Not sure how to trouble shoot this but I am able to reproduce this 
> >> consistently by pointing SSLLabs towards relayd.
> >> Would be great to get some pointers.
> >> 
> > 
> > I have seen this as well on our production systems. This is a problem in
> > the privsep part of the TLS code. I could not do more testing yet but my
> > assumption is that a new option / feature is freaking this code out.
> 
> Anything I can do or collect to give you more information? 

Your tip with SSLLabs is hopefully good enough to produce it at will.
I will try to fix this in the next days. Keep you posted.

-- 
:wq Claudio

Re: relayd stops processing traffic intermittently

[Mischa Peters]

> On 23 Dec 2017, at 13:08, Claudio Jeker  wrote:
> 
>> On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
>> Hi All,
>> 
>> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
>> (GENERIC.MP#305) as well, for some reason relayd stops processing traffic 
>> and starts flooding the log file with the following message:
>> 
>> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>> [snip]
>> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>> ...etc...
>> 
>> Restarting the daemon "fixes" the problem.
>> Not sure how to trouble shoot this but I am able to reproduce this 
>> consistently by pointing SSLLabs towards relayd.
>> Would be great to get some pointers.
>> 
> 
> I have seen this as well on our production systems. This is a problem in
> the privsep part of the TLS code. I could not do more testing yet but my
> assumption is that a new option / feature is freaking this code out.

Anything I can do or collect to give you more information? 

Mischa

Simple scripts to rebuild your OpenBSD src and xenocara and cut an ISO.

[Dinesh Thirumurthy]

Hi,

If anyone wants to try to very simple way to compile your OpenBSD box,
(man release rocks), but that might be a daunting for a person
just getting into the UNIX/OpenBSD world. 

So, I wrote some syntactic sugar which makes it very easy:

doas mkkern.sh # compile kernel
doas mkbase.sh # compile base
doas mkxeno.sh # compile xenocara
doas mkrel.sh  # cut an iso

You can get it from:
https://github.com/hakrtech/reladm.git

Usage Instructions at:

https://github.com/hakrtech/src/wiki/Home

I would also like to give back by appropriately OpenBSD style/philosophy
licensing it. I have not figured that out yet. Hopefully soon. BSD2,3,4
vs MIT vs ... 

Thanks. Have fun!

Regards,
Dinesh

Re: Is it okay to clone OpenBSD from GitHub from India?

[Dinesh Thirumurthy]

Stephan,

Thank you.

> Note that openbsd's github conversion is not considered stable yet.

I was using github.com because it is (ahem) more palatable. :-)
So, it should be a hit with students. 

> Which means all commit hashes could change at any time. Regardless
> of the crypto export issue, I would not rely on it for very important
> tasks until it is declared stable.

Okay. I fine with that.

> If you really want it in git format without legal trouble, you could
> create your own git conversion with e.g. git-cvs ('pkg_add git-cvs').

Thanks very much. I was trying to get in touch with Bob Beck to figure
this out.

Regards,
Dinsh

Re: Is it okay to clone OpenBSD from GitHub from India?

[Stefan Sperling]

On Sat, Dec 23, 2017 at 05:19:54PM +0530, Dinesh Thirumurthy wrote:
> 
> > Just use cvs from a mirror outisde the US? You don't *need* to use
> > github, github is a copy anyway and only cvs is authorative.
> > 
> > -Otto
> 
> Otto,
> 
> Thanks. 
> 
> I was trying to distribute a tweaked OpenBSD to teachers and students in
> India, so they could compile  kernel, base, and xenocara very easily.
> Not that it is difficult now. But just made it easier. I was using
> github.com as my distribution platform from a forked OpenBSD. Now I need
> to find another way to distribute it. 
> 
> Regards,
> Dinesh
> 
> 

Note that openbsd's github conversion is not considered stable yet.
Which means all commit hashes could change at any time. Regardless
of the crypto export issue, I would not rely on it for very important
tasks until it is declared stable.

If you really want it in git format without legal trouble, you could
create your own git conversion with e.g. git-cvs ('pkg_add git-cvs').

Re: relayd stops processing traffic intermittently

[Claudio Jeker]

On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
> Hi All,
> 
> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
> (GENERIC.MP#305) as well, for some reason relayd stops processing traffic and 
> starts flooding the log file with the following message:
> 
> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
> [snip]
> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
> ...etc...
> 
> Restarting the daemon "fixes" the problem.
> Not sure how to trouble shoot this but I am able to reproduce this 
> consistently by pointing SSLLabs towards relayd.
> Would be great to get some pointers.
> 

I have seen this as well on our production systems. This is a problem in
the privsep part of the TLS code. I could not do more testing yet but my
assumption is that a new option / feature is freaking this code out.

-- 
:wq Claudio


> Anonymised config below:
> # relayd.conf
> local_v4 = "xxx"
> local_v6 = "xxx"
> table  { 127.0.0.1 }
> 
> www1_addr_v4 = "xxx"
> www1_addr_v6 = "xxx"
> table  { xxx }
> 
> www3_addr_v4 = "xxx"
> www3_addr_v6 = "xxx"
> table  { xxx }
> 
> cust1_addr_v4 = "xxx"
> cust1_addr_v6 = "xxx"
> 
> cust2_addr_v4 = "xxx"
> cust3_addr_v4 = "xxx"
> cust4_addr_v4 = "xxx"
> table  { xxx }
> table  { xxx }
> table  { xxx }
> 
> cust5_addr_v4 = "xxx"
> table  { xxx }
> 
> http protocol httpfilter_default {
> match request header remove "Proxy"
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" value 
> "$SERVER_ADDR:$SERVER_PORT"
> match response header set "Server" value "Sever"
> match response header set "X-Powered-By" value "Power"
> tcp { no splice }
> }
> http protocol httpsfilter_default {
> match request header remove "Proxy"
> match request header set "X-ClientIP" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" value 
> "$SERVER_ADDR:$SERVER_PORT"
> match response header set "Strict-Transport-Security" value 
> "max-age=31536000"
> match response header set "Server" value "Sever"
> match response header set "X-Powered-By" value "Power"
> match request quick header "Host" value "images.webcam.nl" forward to 
> 
> tcp { no splice }
> tls { no client-renegotiation }
> }
> 
> http protocol httpfilter {
> match request header remove "Proxy"
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" value 
> "$SERVER_ADDR:$SERVER_PORT"
> match response header set "Content-Security-Policy" value 
> "default-src high5.nl; script-src https://high5.nl http://www.w3.org/; 
> style-src 'self' 'unsafe-inline'; img-src 'self'"
> match response header set "Server" value "Sever"
> match response header set "X-Powered-By" value "Power"
> match response header set "X-Frame-Options" value "SAMEORIGIN"
> match response header set "X-Xss-Protection" value "1; mode=block"
> match response header set "X-Content-Type-Options" value "nosniff"
> match request quick header "Host" value "*xxx*" forward to 
> match request quick header "Host" value "*xxx*" forward to 
> tcp { no splice }
> }
> http protocol httpsfilter {
> return error
> match request header remove "Proxy"
> match request header set "X-ClientIP" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" value 
> "$SERVER_ADDR:$SERVER_PORT"
> match response header set "Strict-Transport-Security" value 
> "max-age=31536000"
> match response header set "Content-Security-Policy" value 
> "default-src high5.nl; script-src https://high5.nl http://www.w3.org/; 
> style-src 'self' 'unsafe-inline'; img-src 'self'"
> match response header set "Server" value "Sever"
> match response header set "X-Powered-By" value "Power"
> match response header set "X-Frame-Options" value "SAMEORIGIN"
> match response header set "X-Xss-Protection" value "1; mode=block"
> match response header set "X-Content-Type-Options" value "nosniff"
> tcp { no splice }
> tls { no client-renegotiation }
> }
> relay default {
> listen on $local_v4 port 80
> listen on $local_v6 port 80
> protocol httpfilter_default
> 

relayd stops processing traffic intermittently

[Mischa]

Hi All,

Since OpenBSD 6.2, just confirmed this in the latest snapshot (GENERIC.MP#305) 
as well, for some reason relayd stops processing traffic and starts flooding 
the log file with the following message:

Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
[snip]
Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
...etc...

Restarting the daemon "fixes" the problem.
Not sure how to trouble shoot this but I am able to reproduce this consistently 
by pointing SSLLabs towards relayd.
Would be great to get some pointers.

Anonymised config below:
# relayd.conf
local_v4 = "xxx"
local_v6 = "xxx"
table  { 127.0.0.1 }

www1_addr_v4 = "xxx"
www1_addr_v6 = "xxx"
table  { xxx }

www3_addr_v4 = "xxx"
www3_addr_v6 = "xxx"
table  { xxx }

cust1_addr_v4 = "xxx"
cust1_addr_v6 = "xxx"

cust2_addr_v4 = "xxx"
cust3_addr_v4 = "xxx"
cust4_addr_v4 = "xxx"
table  { xxx }
table  { xxx }
table  { xxx }

cust5_addr_v4 = "xxx"
table  { xxx }

http protocol httpfilter_default {
match request header remove "Proxy"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value 
"$SERVER_ADDR:$SERVER_PORT"
match response header set "Server" value "Sever"
match response header set "X-Powered-By" value "Power"
tcp { no splice }
}
http protocol httpsfilter_default {
match request header remove "Proxy"
match request header set "X-ClientIP" value "$REMOTE_ADDR"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value 
"$SERVER_ADDR:$SERVER_PORT"
match response header set "Strict-Transport-Security" value 
"max-age=31536000"
match response header set "Server" value "Sever"
match response header set "X-Powered-By" value "Power"
match request quick header "Host" value "images.webcam.nl" forward to 

tcp { no splice }
tls { no client-renegotiation }
}

http protocol httpfilter {
match request header remove "Proxy"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value 
"$SERVER_ADDR:$SERVER_PORT"
match response header set "Content-Security-Policy" value "default-src 
high5.nl; script-src https://high5.nl http://www.w3.org/; style-src 'self' 
'unsafe-inline'; img-src 'self'"
match response header set "Server" value "Sever"
match response header set "X-Powered-By" value "Power"
match response header set "X-Frame-Options" value "SAMEORIGIN"
match response header set "X-Xss-Protection" value "1; mode=block"
match response header set "X-Content-Type-Options" value "nosniff"
match request quick header "Host" value "*xxx*" forward to 
match request quick header "Host" value "*xxx*" forward to 
tcp { no splice }
}
http protocol httpsfilter {
return error
match request header remove "Proxy"
match request header set "X-ClientIP" value "$REMOTE_ADDR"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value 
"$SERVER_ADDR:$SERVER_PORT"
match response header set "Strict-Transport-Security" value 
"max-age=31536000"
match response header set "Content-Security-Policy" value "default-src 
high5.nl; script-src https://high5.nl http://www.w3.org/; style-src 'self' 
'unsafe-inline'; img-src 'self'"
match response header set "Server" value "Sever"
match response header set "X-Powered-By" value "Power"
match response header set "X-Frame-Options" value "SAMEORIGIN"
match response header set "X-Xss-Protection" value "1; mode=block"
match response header set "X-Content-Type-Options" value "nosniff"
tcp { no splice }
tls { no client-renegotiation }
}
relay default {
listen on $local_v4 port 80
listen on $local_v6 port 80
protocol httpfilter_default
forward to  port 8080
}
relay default_redirect {
listen on $cust2_addr_v4 port 80
listen on $cust3_addr_v4 port 80
listen on $cust4_addr_v4 port 80
listen on $cust5_addr_v4 port 80
listen on $cust1_addr_v4 port 80
listen on $cust1_addr_v6 port 80
protocol httpfilter_default
forward to  port 8081
}
relay default_redirect_tls {
listen on $cust4_addr_v4 port 443 tls
protocol httpsfilter_default
forward to  port 8081
}
relay www1 {

Re: Is it okay to clone OpenBSD from GitHub from India?

[Dinesh Thirumurthy]

> Just use cvs from a mirror outisde the US? You don't *need* to use
> github, github is a copy anyway and only cvs is authorative.
> 
>   -Otto

Otto,

Thanks. 

I was trying to distribute a tweaked OpenBSD to teachers and students in
India, so they could compile  kernel, base, and xenocara very easily.
Not that it is difficult now. But just made it easier. I was using
github.com as my distribution platform from a forked OpenBSD. Now I need
to find another way to distribute it. 

Regards,
Dinesh

Re: Is it okay to clone OpenBSD from GitHub from India?

[Otto Moerbeek]

On Sat, Dec 23, 2017 at 04:24:22PM +0530, Dinesh Thirumurthy wrote:

> >From https://www.openbsd.org/cvsync.html
> 
> " IMPORTANT NOTE: There are a few issues relating to cryptographic
> software that everyone should be aware of:
> ...
> However, if you are outside the USA or Canada, you should not fetch
> the cryptographic sections of the OpenBSD sources from a CVSync server
> located in the USA. The files in question are...
> src/kerberosIV/*
> src/kerberosV/*
> src/lib/libdes/*
> src/lib/libc/crypt/crypt.c
> src/lib/libc/crypt/morecrypt.c
> src/sys/crypto
> src/sys/netinet
> src/usr.sbin/afs/src/rxkad/*
> 
> Because of the USA ITAR munitions list, crypto software may only be
> exported to Canada from the USA."
> 
> generalising cvsync server to any version control software server, we
> get:
> 
> "if you are outside the USA or Canada, you should not fetch the
> cryptographic sections of the OpenBSD sources from **any
> version control software** server located in the USA"
> 
> That would include github.com
> 
> so is using the combination (OpenBSD, GitHub, India) uncool (gulp
> illegal)?
> 
> If illegal, this kind of sucks for me and my intern.
> 
> May be someone experienced in these matters could confirm/deny?
> 
> Thanks,
> Dinesh

Just use cvs from a mirror outisde the US? You don't *need* to use
github, github is a copy anyway and only cvs is authorative.

-Otto

Re: Is it okay to clone OpenBSD from GitHub from India?

[Dinesh Thirumurthy]

>From https://www.openbsd.org/cvsync.html

" IMPORTANT NOTE: There are a few issues relating to cryptographic
software that everyone should be aware of:
...
However, if you are outside the USA or Canada, you should not fetch
the cryptographic sections of the OpenBSD sources from a CVSync server
located in the USA. The files in question are...
src/kerberosIV/*
src/kerberosV/*
src/lib/libdes/*
src/lib/libc/crypt/crypt.c
src/lib/libc/crypt/morecrypt.c
src/sys/crypto
src/sys/netinet
src/usr.sbin/afs/src/rxkad/*

Because of the USA ITAR munitions list, crypto software may only be
exported to Canada from the USA."

generalising cvsync server to any version control software server, we
get:

"if you are outside the USA or Canada, you should not fetch the
cryptographic sections of the OpenBSD sources from **any
version control software** server located in the USA"

That would include github.com

so is using the combination (OpenBSD, GitHub, India) uncool (gulp
illegal)?

If illegal, this kind of sucks for me and my intern.

May be someone experienced in these matters could confirm/deny?

Thanks,
Dinesh

Re: bug tracking system for OpenBSD

[Stuart Henderson]

On 2017-12-22, Kapetanakis Giannis  wrote:
> But to be fair with the OP it all depends on dev's (mainly)
> willingness to track/respond/close tickets.
> 
> I say devs because these are the people who commit fixes of bugs and
> so they should monitor/update this system as well. It's extra work for
> them instead of developing... and I understand that.

I'm sure that often devs will do this, but sometimes not (maybe they'll
forget, maybe they'll fix something without noticing that it relates to
a ticket, etc). It needs someone to take responsibility for maintaining
the database, if it's left *only* up to the developer fixing a problem
you're just going to end up with the gnats database and hundreds (or was
it thousands) of tickets in limbo again.

> I don't see a reason @tech should be forwarded to this ticket system.

Forwarded? No way! Same for bugs@ as tech@. It needs manual work to
triage, identify what is a bug, follow up with the reporter to make
sure the report is accurate and has enough information to be useful.
Same whatever the entry point is. If reporters can add bugs to it
directly, they need to go into a triage queue and *not* appear in the
main system until that's done.

The idea of a bug tracking system is to spread the work and help
people remember things. It should *reduce* work done by devs because
they no longer have to drag even the most basic information out
of a reporter and figure out whether it's a bug or user error
or a support request in disguise.

If it means *extra* work for devs, it's not going to work.

Re: remastering as a live disk

[Maurice McCarthy]

On 23/12/17 00:23, Philip Mundhenk wrote:
> Are there any tools for cloning an OpenBSD installation as a live disk, like 
> the ones in the in the Debian (Respin;  Remastersys) and Mandrake (Makecd?) 
> families of Gnu/Linuxes? Or any reasonably painless way of making a 
> customized OpenBSD live disk?
> 
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
> Because the Constitution must not be allowed to become "a literary fiction."

Try fuguita.org

remastering as a live disk

[Philip Mundhenk]

Are there any tools for cloning an OpenBSD installation as a live disk, like 
the ones in the in the Debian (Respin;  Remastersys) and Mandrake (Makecd?) 
families of Gnu/Linuxes? Or any reasonably painless way of making a customized 
OpenBSD live disk?

Sent with [ProtonMail](https://protonmail.com) Secure Email.
Because the Constitution must not be allowed to become "a literary fiction."