Re: what should i do with these package warnings
On 2020-07-07, Shadrock Uhuru wrote: > --zq6wrflkowr2tvwp > Content-Type: text/plain; charset=utf-8; format=flowed > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > > hi everyone > > Q1 > should i remove these Obsolete package ? these are nornal when a port has been removed. yes uninstall them. > Q2 > should i remove these missing dependencies ? > also the issue of "lib should exist, lib is not a directory", > all the indicated files are in /usr/local/lib, is /usr/local/lib a directory, or have you done something non-standard? > should there be a link between /lib and /usr.local/lib to get rid of > these warnings absolutely not > or should i just ignore these warnings as well ? these are not normal, try to figure out what caused them. > doas pkg_check > Packing-list sanity: ok > xca-2.3.0 has too many dependencies: gtk-update-icon-cache-3.24.20 > Remove missing dependencies: gtk-update-icon-cache-3.24.20 ? [y/N/a] n > apvlv-0.1.5pl0p3 has too many dependencies: desktop-file-utils-0.26 > Remove missing dependencies: desktop-file-utils-0.26 ? [y/N/a] n > Direct dependencies: ok > gettext-runtime-0.20.2: bogus reverse dependencies: libkfbapi-1.0p7 > gettext-runtime-0.20.2: bogus reverse dependencies: kdepimlibs-4.14.10p7 > gettext-runtime-0.20.2 has too many reverse dependencies: gnucash-3.10 > kdelibs-4.14.10p20 kdepimlibs-4.14.10p7 libkfbapi-1.0p7 > Remove missing reverse dependencies: gnucash-3.10 kdelibs-4.14.10p20 > kdepimlibs-4.14.10p7 libkfbapi-1.0p7 ? [y/N/a] n allow pkg_check to fix the problems. > Reverse dependencies: ok > Files from packages: ok > --- .libs-partial-evince-3.32.0p0-light.1 --- > lib should exist > lib is not a directory > lib/libevdocument3.so.0.2 should exist > lib/libevdocument3.so.0.2 is not a file > can't read lib/libevdocument3.so.0.2 > lib/libevview3.so.0.0 should exist > lib/libevview3.so.0.0 is not a file no idea what is going on with your system but something is messed up! > Q3 > why can i info gmucash but cannot install it ? > > doas pkg_info gnucash > Information for inst:gnucash-3.10 this is showing information from a package already installed on your system. > doas pkg_add gnucash > quirks-3.367 signed on 2020-06-23T19:37:37Z > Can't find gnucash maybe -vv will give a clue? what mirror?
Re: snapshot boot fails with error "entry point at 0x1001000"
Hi guys,
with the patch the kernel loads and doesn't stop at "entry point at
0x1001000". But the kernel stops with a "Stopped at
gfx_v9_0_wait_reg_mem+0x307: int $3"
So for my machine the patch is the right direction but not the solution
:( I've tried the boot with the current snapshot kernel.
Thanks and best regards,
Sven
On 7/6/20 6:32 AM, Kastus Shchuka wrote:
On Sat, Jul 04, 2020 at 11:09:54AM +, Michael Baehr wrote:
Kastus Shchuka wrote:
“I installed 2020-07-03 snapshot on ASRock J4105M system and I am not able to
boot it.
Boot stops at the line
entry point at 0x1001000
If I try bsd.rd kernel, it boots just fine. After this failure with snapshot I
installed 6.7-release, and it boots without any issues.”
I've experienced something similar, including the sensitivity to kernel size.
As best I can observe, the EFI bootloader is being handed a different block of
RAM than where the kernel is actually loaded (which is at a fixed address
defined in boot.c). Which block of memory gets returned, and whether boot
fails, seems to be dependent on the particular UEFI ROM/chipset. In my case,
debugging over serial, I observe a page fault while the kernel is still being
loaded into RAM.
“Are there any other solutions than compiling a custom smaller kernel?”
Patching efiboot.c as follows and recompiling bootia32/bootx64 resolved it for
me:
--- a/sys/arch/amd64/stand/efiboot/efiboot.c
+++ b/sys/arch/amd64/stand/efiboot/efiboot.c
@@ -303,9 +303,9 @@ efi_memprobe(void)
bios_memmap_t *bm;
EFI_STATUS status;
EFI_PHYSICAL_ADDRESS
-addr = 0x1000ULL; /* Below 256MB */
+addr = 0x100;
- status = EFI_CALL(BS->AllocatePages, AllocateMaxAddress, EfiLoaderData,
+ status = EFI_CALL(BS->AllocatePages, AllocateAddress, EfiLoaderData,
EFI_SIZE_TO_PAGES(KERN_LOADSPACE_SIZE), &addr);
if (status != EFI_SUCCESS)
panic("BS->AllocatePages()");
Let me know if that helps. I can't guarantee that this is actually what is
causing your issue but it worked for me.
I tried this patch and was able to boot kernel from snapshot 2007-07-03 with
recompiled BOOTX64.EFI.
It fixes the problem with EFI memory mapping on ASRock J4105M motherboard.
I wonder what would it take for the patch to be accepted in -current?
Thanks,
Kastus
Re: nsd Will Not Start At Boot
--- Ian Darwin wrote: > Try doing it by the book, i.e., rcctl start nsd > If it fails silently, try rcctl -d start nsd Thanks for that. I haven't upgraded my OpenBSD boxes in some years, so I didn't know about it. I have nsd working now, serving up my local DNS names. Unbound is still not working. I have a hunch, but cannot find it in the man pages, that somehow they have to talk to each other. Is this true? I tried a very simple unbound.conf file, and it didn't work. The very simple config file was from https://nlnetlabs.nl/documentation/unbound/howto-setup/ -- server: interface: 0.0.0.0 interface: ::0 access-control: 192.168.0.0/16 allow access-control: ::1 allow verbosity: 1 -- On startup of nsd with "rcctl -d start nsd", it complains: error: connect (127.0.0.1@8952): Connection refused My /var/nsd/etc/nsd.conf file does not have @8952 in it anyplace. I haven't been able to figure out how to get DNS for other sites on the Internet. ping OpenBSD.org ping: no address associated with name Any ideas? Any help? What should I be reading?? Thanks, Ken Hendrickson CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving.
Issue with relayd and redirections
Hi All,
I am trying to move to relayd (OpenBSD 6.7) from HAproxy by keeping my
config to serve multiple domains in SSL passthrough but I'm having some
difficulties. If I correctly understand, according to the man page it
looks like that redirections are used for passthrough traffic and relays
for SSL acceleration/Layer 7 proxy.
Here my config with redirections:
ext_if = "172.16.101.35"
lab1_web1 = "172.16.101.31"
lab1_web2 = "172.16.101.32"
interval 3
log state changes
log connection
table {
$lab1_web1 retry 2
}
table {
$lab1_web2 retry 2
}
http protocol "http" {
return error
tcp { backlog 100, nodelay, sack, socket buffer 65536 }
match header log "Host"
match header log "X-Forwarded-For"
match header log "User-Agent"
match header log "Referer"
match url log
match request header set "X-Forwarded-For" \
value "$REMOTE_ADDR"
match request header set "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header "Host" value "test1.domain.com" \
forward to
match request header "Host" value "test2.domain.com" \
forward to
}
http protocol "https" {
return error
tcp { backlog 100, nodelay, sack, socket buffer 65536 }
match header log "Host"
match header log "X-Forwarded-For"
match header log "User-Agent"
match header log "Referer"
match url log
match request header set "X-Forwarded-For" \
value "$REMOTE_ADDR"
match request header set "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
pass request header "Host" value "test1.domain.com" \
forward to
pass request header "Host" value "test2.domain.com" \
forward to
tls keypair "test1.domain.com"
tls keypair "test2.domain.com"
}
redirect "http" {
listen on $ext_if port 80
forward to check http "/" code 200
forward to check http "/" code 200
sticky-address
}
redirect "https" {
listen on $ext_if port 443
forward to check http "/" code 200
forward to check http "/" code 200
sticky-address
}
Here when I use the relays instead of redirections in the config:
relay "http" {
listen on $ext_if port 80
protocol "http"
forward to check http "/" code 200
forward to check http "/" code 200
}
relay "https" {
listen on $ext_if port 443
protocol "https"
forward to check https "/" code 200
forward to check https "/" code 200
}
With relays I see relayd listening on port 80 and 443 and I'm able
to reach each individual backend server by pointing to the related
configured domain (just in http as I have not defined any local
certificates for https).
When using redirections, no listening ports are open (I guess due to
relayd using pf nat rules) and I'm unable to reach both backend
servers.
I have added the relayd anchor to pf.conf as following:
anchor "relayd/*"
set skip on lo
block return
pass
block return in on ! lo0 proto tcp to port 6000:6010
block return out log proto {tcp udp} user _pbuild
And here how pf lists what's in the anchor:
#pfctl -a relayd/* -s rules
anchor "http" all {
pass in quick on rdomain 0 inet proto tcp from any to 172.16.101.35 \
port = 80 flags S/SA keep state (tcp.established 600) rdr-to \
port 80 round-robin sticky-address
}
anchor "https" all {
}
I'm sure I'm doing something wrong here but I can't find where.
My goal to use SSL passthrough is to leverage the use of SNI and not
generate additional certificates on the load balancer, but using the
already implemented ones on the backend servers.
Thank you!
Re: nsd Will Not Start At Boot
On 2020-07-07 15:28, ken.hendrick...@l3harris.com wrote: ... > Unbound is still not working. > > I have a hunch, but cannot find it in the man pages, > that somehow they have to talk to each other. Is this true? depends on what you want them to do. A DNS resolver and an authoritative DNS server are two different things. You may want your resolver to talk to your server for some applications, other times, no. I.e., exactly like two people in a room. Maybe they have NEED to talk, maybe they shouldn't talk to each other. Getting the job done properly depends on picking the right model. :) > I tried a very simple unbound.conf file, and it didn't work. > The very simple config file was from [snip] The unbound config file that ships with OpenBSD Just Works as a stand-alone resolver listening on localhost. Start there. THEN make your changes you need. > Any ideas? Any help? What should I be reading?? Unfortunately, the classic texts on DNS usually are based on ISC BIND, which horribly munges the roles of authoritative DNS and DNS resolver into one unified application, so going from there to separated functions is difficult. I learned the separated model from Dan Bernstein's website, but in looking it over, unfortunately, it is very much based on his DJBDNS package, which is brilliant, but unmaintained for the last 15+ years and no longer compatible with many modern Internet "features" everyone expects today, and uses its own file formats, which were great, but not a standard way to communicate DNS info. http://cr.yp.to/djbdns/separation.html Still...most of his points are valid, and he's worth a read. Everyone's favorite error: Your DNS resolver has to bind to an IP address. Your authoritative DNS server has to bind to an IP address. They both listen on port 53 (UDP and TCP). You can't connect both your server and your resolver to the same IP address. Won't work. First gets it, second gets a port in use error. But remember -- extra external IP addresses on your server are easily added, and your machine has a huge number of potential localhost addresses (127.0.0.0/8) for internal use. Between those and PF, you can pretty well make any kind of magic I've ever thought of. Nick.
Re: nsd Will Not Start At Boot
Hi, I realise binding to 0.0.0.0 is akin to binding to INADDR_ANY, but could you try binding to each interface address that you want seperately? Such as: interface: 192.168.1.2 interface: 127.0.0.1 interface: ::1 interface: 2003:XXX::XXX and then try again. Cross-check that they are bound to these IP's with fstat -p and netstat. I'm by no means an nsd expert, in fact I program my own DNS server and thus don't need to know much about other authoritative dns servers. Maybe this will help you. (I apologize for the formatting of this mail, I deleted this one out of my mutt). Regards, -peter On 2020-07-07 21:28, ken.hendrick...@l3harris.com wrote: -- server: interface: 0.0.0.0 interface: ::0 access-control: 192.168.0.0/16 allow access-control: ::1 allow verbosity: 1 --
AMDGPU Bug
Hi, I'm still getting the issue from earlier where X freezes entirely and I can't get it to work, though I've got no clue what's triggering it now, there seem to be no *regular* outputs to /var/log/messages with the crash. However, I was trying to trigger the bug earlier so I could hopefully provide more information, and I got a the same VM_L2_PROTECTION_FAULT_STATUS as before, but now with an added "[drm] *ERROR* Failed to initialize parser -88!". Here I tried running blender to put some load on the GPU. I say new because I was able to fix this bug by restarting X, and my display got real buggy though I was able to still move the cursor, although not interact with it. I can send a picture of the display if that's helpful, though it seemed to just have random pixels all over the screen. Below is the error that got kicked out when doing this, though I can't see any difference from last time. drm:pid27591:gmc_v9_0_process_interrupt *ERROR* [gfxhub0] retry page fault (src_id:0 ring:0 vmid:3 pasid:32820, for process pid 0 thread gnome-shell pid 37788) drm:pid27591:gmc_v9_0_process_interrupt *ERROR* in page starting at address 0x800108a64000 from client 27 drm:pid27591:gmc_v9_0_process_interrupt *ERROR* VM_L2_PROTECTION_FAULT_STATUS:0x003C0041 drm:pid27591:gmc_v9_0_process_interrupt *ERROR* MORE_FAULTS: 0x1 drm:pid27591:gmc_v9_0_process_interrupt *ERROR* WALKER_ERROR: 0x0 drm:pid27591:gmc_v9_0_process_interrupt *ERROR* PERMISSION_FAULTS: 0x4 drm:pid27591:gmc_v9_0_process_interrupt *ERROR* MAPPING_ERROR: 0x0 drm:pid27591:gmc_v9_0_process_interrupt *ERROR* RW: 0x1 Let me know if there's any other info I can give that would help! :)
