Re: GCC 2.95 mention in intro(3)
On Fri, Sep 13, 2013 at 01:03:01PM +1000, Brett Mahar wrote: Hi misc, I think the GCC 2.95 line is no longer relevant. This time I remember to: ok? yes, ok ;) jmc Brett. Index: src/share/man/man3/intro.3 === RCS file: /usr/cvsync/src/share/man/man3/intro.3,v retrieving revision 1.57 diff -u -p -u -r1.57 intro.3 --- src/share/man/man3/intro.310 Aug 2013 16:52:54 - 1.57 +++ src/share/man/man3/intro.313 Sep 2013 02:58:12 - @@ -397,7 +397,6 @@ See Note: users do not normally have to explicitly link with this library. .Pp .It libsupc++ Pq Fl lsupc++ -(non GCC 2.95 systems only) C++ core language support (exceptions, new, typeinfo). Note: users do not normally have to explicitly link with this library.
Re: X -configure segmentation fault
On Tue, Sep 10, 2013 at 10:18:43PM +, Heptas Torres wrote: I am trying to generate a starting xorg.conf file by running X -configure but get a segmentation fault error (output below). Any ideas what could go wrong? Have tried this both in a VMware guest and on real hardware but I get the same problems. dmesg is at the end. Hello, I got the same thing this evening on a Debian (jessie) box, but xorg.conf.new was created and seemed to work fine. X worked without it, but I was able to get a higher resolution by editing xorg.conf. Regards, Howard E. Ottawa
Re: 10GBit OpenBSD Firewall
* Andy a...@brandwatch.com [2013-09-02 15:55]: Also I'm very willing to beta test the new ALTQ code? I was chatting to Theo briefly a few weeks back and he said I should ask for the code but I cannot remember who in the team he said I should message for this? c'est moi. diff at http://bulabula.org/diffs/newqueue.diff manpage should make things clear. I'm not a coder but I'm happy to contribute as and where I can :) test test test for some background, check http://bulabula.org/papers/2012/eurobsdcon/ -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Which syscall is used for creating new process/thread on OpenBSD
Hi, [intro]This question was originally asked on StackOverflow, but so far I have not get a response.[/intro] In Linux, 'clone()' syscall is used for creating processes/threads. On OpenBSD using ktrace/kdump I determined that for process creation 'vfork()' syscall is used, and for thread creation - 'tfork()'. I have two questions: 1. Is my statement correct? 2. Shouldn't 'vfork()' and 'tfork()' finally use a single system call like 'clone()'? Thanks. -- Regards, niXman ___ Dual-target(32 64-bit) MinGW compilers for 32 and 64-bit Windows: http://sourceforge.net/projects/mingwbuilds/ ___ Another online IDE: http://liveworkspace.org/
Re: 10GBit OpenBSD Firewall
On Fri, Sep 13, 2013 at 12:02 AM, Henning Brauer lists-open...@bsws.dewrote: * Andy a...@brandwatch.com [2013-09-02 15:55]: Also I'm very willing to beta test the new ALTQ code? I was chatting to Theo briefly a few weeks back and he said I should ask for the code but I cannot remember who in the team he said I should message for this? c'est moi. diff at http://bulabula.org/diffs/newqueue.diff manpage should make things clear. I'm not a coder but I'm happy to contribute as and where I can :) test test test for some background, check http://bulabula.org/papers/2012/eurobsdcon/ Gosh darn you Henning and your gigantic bavarian slides! Gosh darn you to heck. Thanks for the code though... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: 10GBit OpenBSD Firewall
If you queue your http traffic, downloading those pics are not that bad on the links. ;) 2013/9/13 noah pugsley noah.pugs...@gmail.com On Fri, Sep 13, 2013 at 12:02 AM, Henning Brauer lists-open...@bsws.de wrote: * Andy a...@brandwatch.com [2013-09-02 15:55]: Also I'm very willing to beta test the new ALTQ code? I was chatting to Theo briefly a few weeks back and he said I should ask for the code but I cannot remember who in the team he said I should message for this? c'est moi. diff at http://bulabula.org/diffs/newqueue.diff manpage should make things clear. I'm not a coder but I'm happy to contribute as and where I can :) test test test for some background, check http://bulabula.org/papers/2012/eurobsdcon/ Gosh darn you Henning and your gigantic bavarian slides! Gosh darn you to heck. Thanks for the code though... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/ -- May the most significant bit of your life be positive.
Re: 10GBit OpenBSD Firewall
* noah pugsley noah.pugs...@gmail.com [2013-09-13 09:12]: Gosh darn you Henning and your gigantic bavarian slides! Gosh darn you to heck. I'm not barb... erm, bavarian. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: Which syscall is used for creating new process/thread on OpenBSD
On Fri, Sep 13, 2013 at 11:10, niXman wrote: On OpenBSD using ktrace/kdump I determined that for process creation 'vfork()' syscall is used, and for thread creation - 'tfork()'. I have two questions: 1. Is my statement correct? somewhat. fork() would be the syscall more likely to create a new process. and tfork() is actually spelled __tfork(). 2. Shouldn't 'vfork()' and 'tfork()' finally use a single system call like 'clone()'? No. Maybe the implementation for both will happen to call a function named fork1(), but that's not something you should worry about.
Re: Which syscall is used for creating new process/thread on OpenBSD
On Fri, 2013-09-13 at 11:10 +0400, niXman wrote: Hi, [intro]This question was originally asked on StackOverflow, but so far I have not get a response.[/intro] In Linux, 'clone()' syscall is used for creating processes/threads. On OpenBSD using ktrace/kdump I determined that for process creation 'vfork()' syscall is used, and for thread creation - 'tfork()'. I have two questions: 1. Is my statement correct? 2. Shouldn't 'vfork()' and 'tfork()' finally use a single system call like 'clone()'? You might want to read up on your POSIX standard.[1] Search in the System Interfaces volume (XSH). Thanks. [1] http://pubs.opengroup.org/onlinepubs/007904975/toc.htm
Re: Bootparamd
On Thu, Sep 12, 2013 at 08:17:56PM +, hru...@gmail.com wrote: Miod Vallat m...@online.fr wrote: Thanks for the good tips! I think the bootparams swap file information will be used correctly (I remember seeing a fix in this area some time ago). It doesn't hurt anyway to mention it in /etc/fstab with the nfsmntpt option. OK, both, swap and rootfs, again in /etc/fstab. I think my configuration is correct, because during booting I get the messages: nfs_boot: root on 10.0.0.1:/export/geode0/root nfs_boot: swap on 10.0.0.1:/export/geode0/swap But if I give the commando swapctl -l after booting, I see no mounted swap, unless I mention it in /etc/fstab. This will be fixed in 5.4: http://marc.info/?l=openbsd-cvsm=136621575806608w=2 Rodrigo. -- I'm not entirely sure you are real.
Re: sudo configuration !ttytickets?
On Thu, 12 Sep 2013 13:43:21 -0700, Todd C. Miller wrote: On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote: I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. It's quite simple really, the version of sudo in OpenBSD (a patched version of 1.7.2p8) predates the change use tty_tickets by default. I've always felt that tty_tickets gives a false sense of security, though it is somewhat improved in more recent sudo versions where the tty is determined via sysctl() rather than by ttyname(). - todd Hi, Am I right thinking that sudo in base is still vulnerable to CVE-2013-1776 for those who enable tty_tickets? BTW, I was thinking about the following use case: PermitRootLogin set to no, and a simple user who can only use public key SSH authentication. Defaults rootpw is set, too. Then, I'd use sudo when I'd need it (as it's suggested to use SUDO=/usr/bin/sudo for ports, etc.). Then, let's say someone manages to get the private key of my user (that's already a big problem of course, but it's an unprivileged user who can't sudo without providing root's password). If the attacker logs in while the timestamp timeout is still valid he can do whatever he wants with sudo without typing any password, right? So I could set tty_tickets, but if it can't be trusted too much, shouldn't su(1) be used instead for this use case? (or sudo with a 0 timestamp timeout, but then I'd rather use su.) I hope this question isn't too stupid, but I'd rather ask. Some parts of the FAQ suggest setting up sudo, but with no particular setup, and the one I was thinking about doesn't look good. Thanks.
Re: sudo configuration !ttytickets?
On 09/13/13 06:44, Donovan Watteau wrote: On Thu, 12 Sep 2013 13:43:21 -0700, Todd C. Miller wrote: On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote: I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. It's quite simple really, the version of sudo in OpenBSD (a patched version of 1.7.2p8) predates the change use tty_tickets by default. I've always felt that tty_tickets gives a false sense of security, though it is somewhat improved in more recent sudo versions where the tty is determined via sysctl() rather than by ttyname(). - todd Hi, Am I right thinking that sudo in base is still vulnerable to CVE-2013-1776 for those who enable tty_tickets? BTW, I was thinking about the following use case: PermitRootLogin set to no, and a simple user who can only use public key SSH authentication. Defaults rootpw is set, too. Then, I'd use sudo when I'd need it (as it's suggested to use SUDO=/usr/bin/sudo for ports, etc.). Then, let's say someone manages to get the private key of my user (that's already a big problem of course, but it's an unprivileged user who can't sudo without providing root's password). non-root access to a machine is quite useful by itself, don't forget that. They may not be able to alter your machine, but it is still a useful tool to an attacker. If the attacker logs in while the timestamp timeout is still valid he can do whatever he wants with sudo without typing any password, right? So I could set tty_tickets, but if it can't be trusted too much, shouldn't su(1) be used instead for this use case? (or sudo with a 0 timestamp timeout, but then I'd rather use su.) I hope this question isn't too stupid, but I'd rather ask. Some parts of the FAQ suggest setting up sudo, but with no particular setup, and the one I was thinking about doesn't look good. Thanks. Your goal should probably be to be keeping inappropriate users out of your system; making things clumsy after they are in is not really the point, and could lead to poor administration. There is a reason there are options -- there is no one right answer for all uses. Look at your realistic threats, and decide what measure of risks and benefits you want. su wins in simplicity, but does mandate a shared password. If you are the only admin, that's not an issue. Nick.
Re: sudo configuration !ttytickets?
On 09/13/13, Nick Holland wrote: On 09/13/13 06:44, Donovan Watteau wrote: Hi, Am I right thinking that sudo in base is still vulnerable to CVE-2013-1776 for those who enable tty_tickets? BTW, I was thinking about the following use case: PermitRootLogin set to no, and a simple user who can only use public key SSH authentication. Defaults rootpw is set, too. Then, I'd use sudo when I'd need it (as it's suggested to use SUDO=/usr/bin/sudo for ports, etc.). Then, let's say someone manages to get the private key of my user (that's already a big problem of course, but it's an unprivileged user who can't sudo without providing root's password). non-root access to a machine is quite useful by itself, don't forget that. They may not be able to alter your machine, but it is still a useful tool to an attacker. If the attacker logs in while the timestamp timeout is still valid he can do whatever he wants with sudo without typing any password, right? So I could set tty_tickets, but if it can't be trusted too much, shouldn't su(1) be used instead for this use case? (or sudo with a 0 timestamp timeout, but then I'd rather use su.) I hope this question isn't too stupid, but I'd rather ask. Some parts of the FAQ suggest setting up sudo, but with no particular setup, and the one I was thinking about doesn't look good. Thanks. Your goal should probably be to be keeping inappropriate users out of your system; making things clumsy after they are in is not really the point, and could lead to poor administration. I was just trying to follow the mindset of not assuming that things will not fail, and instead building things so that if there's any problem it has less impact. Of course, a stolen private key is probably too much of an enormous fail in the first place. There is a reason there are options -- there is no one right answer for all uses. Look at your realistic threats, and decide what measure of risks and benefits you want. su wins in simplicity, but does mandate a shared password. If you are the only admin, that's not an issue. All right, so I think su better suits my use case. Thank you very much.
res_init() and 0.0.0.0
Hi, Could someone help me debug this following program on OBSD? #include sys/types.h #include sys/socket.h #include netinet/in.h #include arpa/inet.h #include arpa/nameser.h #include resolv.h main() { int i; res_init(); printf(Number of NS in resolv.conf is %d\n, _res.nscount); for (i=0; i _res.nscount; i++) { printf(NS %d is %s\n, i, inet_ntoa(_res.nsaddr_list[i].sin_addr)); } } on linux I get the NS addresses correct on OBSD I get 0.0.0.0 for all name servers defined in /etc/resolv.conf is there something I'm missing? Thanx G ps. This is for debugging an old program that fails to resolv on OBSD while it does on linux.
Re: res_init() and 0.0.0.0
On Fri, Sep 13, 2013 at 03:01:45PM +0300, Kapetanakis Giannis wrote: Hi, Could someone help me debug this following program on OBSD? #include sys/types.h #include sys/socket.h #include netinet/in.h #include arpa/inet.h #include arpa/nameser.h #include resolv.h main() { int i; res_init(); printf(Number of NS in resolv.conf is %d\n, _res.nscount); for (i=0; i _res.nscount; i++) { printf(NS %d is %s\n, i, inet_ntoa(_res.nsaddr_list[i].sin_addr)); } } on linux I get the NS addresses correct on OBSD I get 0.0.0.0 for all name servers defined in /etc/resolv.conf is there something I'm missing? Thanx G ps. This is for debugging an old program that fails to resolv on OBSD while it does on linux. Groping into _res is not a wise thing. The OpenBSD async resolver only has minimal support for that. ASR_DEBUG=1 ./a.out Will probably get you the debug info you want. -Otto
install5x.iso
I am curious - given that OpenBSD ships each RELEASE with X , but applications like Firefox will not work without installing another DE, like XFCE; why not ship OpenBSD with the basic X, but with the necessary libraries to allow FireFox to run and other applications like R to output graphics? Also why not go ahead and ship with Firefox? The disk would still be within the size of a standard CD.
Re: res_init() and 0.0.0.0
On 13/09/13 16:34, Otto Moerbeek wrote: Groping into _res is not a wise thing. The OpenBSD async resolver only has minimal support for that. ASR_DEBUG=1 ./a.out Will probably get you the debug info you want. -Otto Thanks for the reply. As I said this is for debugging a legacy program... ASR_DEBUG=1 ./a.out shows - ASR CONFIG --- CONF FILE /etc/resolv.conf DOMAIN example.com SEARCH example.com. OPTIONS options: RECURSE DEFNAMES DNSRCH ndots: 1 family: inet4 inet6 NAMESERVERS timeout=5 retry=4 192.168.0.1:53 192.168.0.2:53 HOSTFILE /etc/hosts LOOKUP fb the program uses the following: sendto(resfd, msg, len, 0, (struct sockaddr *) (_res.nsaddr_list[i]), sizeof(struct sockaddr)) instead of sending requests to 192.168.0.1 it sends them to 127.0.0.1 (from tcpdump) any further help/hints would be appreciated. G
Re: res_init() and 0.0.0.0
On Fri, Sep 13, 2013 at 05:30:50PM +0300, Kapetanakis Giannis wrote: On 13/09/13 16:34, Otto Moerbeek wrote: Groping into _res is not a wise thing. The OpenBSD async resolver only has minimal support for that. ASR_DEBUG=1 ./a.out Will probably get you the debug info you want. -Otto Thanks for the reply. As I said this is for debugging a legacy program... ASR_DEBUG=1 ./a.out shows - ASR CONFIG --- CONF FILE /etc/resolv.conf DOMAIN example.com SEARCH example.com. OPTIONS options: RECURSE DEFNAMES DNSRCH ndots: 1 family: inet4 inet6 NAMESERVERS timeout=5 retry=4 192.168.0.1:53 192.168.0.2:53 HOSTFILE /etc/hosts LOOKUP fb the program uses the following: sendto(resfd, msg, len, 0, (struct sockaddr *) (_res.nsaddr_list[i]), sizeof(struct sockaddr)) instead of sending requests to 192.168.0.1 it sends them to 127.0.0.1 (from tcpdump) any further help/hints would be appreciated. G Well, don't use _res bu use the results of e.g. gethostbyname(); -Otto
Re: res_init() and 0.0.0.0
On 13/09/13 17:36, Otto Moerbeek wrote: the program uses the following: sendto(resfd, msg, len, 0, (struct sockaddr *) (_res.nsaddr_list[i]), sizeof(struct sockaddr)) instead of sending requests to 192.168.0.1 it sends them to 127.0.0.1 (from tcpdump) any further help/hints would be appreciated. G Well, don't use _res bu use the results of e.g. gethostbyname(); -Otto Well that would break the async resolver of the program and I guess it would also make it slow since we're talking about many connections/sec Furthermore, it's not my code and this interface is used a lot in the program to alter it in such a way. G
Re: install5x.iso
In general I really like and appreciate all that is done by developers with OpenBSD. The OS is stable and it works well, and shipping it with X already functional is a big help, especially on older boxes. Because to compile xorg with this old sparc box under FreeBSD was taking 24 hours and it still was not done. On Fri, Sep 13, 2013 at 11:19 AM, Gregor Best g...@ring0.de wrote: On Fri, Sep 13, 2013 at 10:06:10AM -0400, Richard Thornton wrote: I am curious - given that OpenBSD ships each RELEASE with X , but applications like Firefox will not work without installing another DE, [...] That is not true. I ran Firefox and Chrome on a clean OpenBSD 4.9 installation when it was released and I have been able to since then, and I find it hard to believe it was different before. [...] XFCE; why not ship OpenBSD with the basic X, but with the necessary libraries to allow FireFox to run and other applications like R to output graphics? Also why not go ahead and ship with Firefox? The disk would still be within the size of a standard CD. [...] Installing Firefox with pkg_add adds the required libraries automatically. If it does not, that's a bug in the port that should be reported. Adding Firefox to the base system would be a very bad idea. It is a huge load of code that needs to be maintained and not everyone uses Firefox. What if I want Chrome instead? Add that to base? What about dillo? netsurf? Why not add OpenOffice while we are at it? -- Gregor Best
Re: res_init() and 0.0.0.0
On Fri, Sep 13, 2013 at 05:57:41PM +0300, Kapetanakis Giannis wrote: On 13/09/13 17:36, Otto Moerbeek wrote: the program uses the following: sendto(resfd, msg, len, 0, (struct sockaddr *) (_res.nsaddr_list[i]), sizeof(struct sockaddr)) instead of sending requests to 192.168.0.1 it sends them to 127.0.0.1 (from tcpdump) any further help/hints would be appreciated. G Well, don't use _res bu use the results of e.g. gethostbyname(); -Otto Well that would break the async resolver of the program and I guess it would also make it slow since we're talking about many connections/sec Furthermore, it's not my code and this interface is used a lot in the program to alter it in such a way. G You could try to inittialize nsaddr_list from ac in res_init() The code can be found in /usr/src/lib/libc/asr/res_init.c -Otto
Re: install5x.iso
On Fri, Sep 13, 2013 at 10:06:10AM -0400, Richard Thornton wrote: I am curious - given that OpenBSD ships each RELEASE with X , but applications like Firefox will not work without installing another DE, [...] That is not true. I ran Firefox and Chrome on a clean OpenBSD 4.9 installation when it was released and I have been able to since then, and I find it hard to believe it was different before. [...] XFCE; why not ship OpenBSD with the basic X, but with the necessary libraries to allow FireFox to run and other applications like R to output graphics? Also why not go ahead and ship with Firefox? The disk would still be within the size of a standard CD. [...] Installing Firefox with pkg_add adds the required libraries automatically. If it does not, that's a bug in the port that should be reported. Adding Firefox to the base system would be a very bad idea. It is a huge load of code that needs to be maintained and not everyone uses Firefox. What if I want Chrome instead? Add that to base? What about dillo? netsurf? Why not add OpenOffice while we are at it? -- Gregor Best
Re: GCC 2.95 mention in intro(3)
-Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Brett Mahar Sent: Thursday, September 12, 2013 9:03 PM To: misc@openbsd.org Subject: GCC 2.95 mention in intro(3) I think the GCC 2.95 line is no longer relevant. I'm not sure if it matters here, but the VAX port of OpenBSD still uses GCC 2.95. Jim
Re: GCC 2.95 mention in intro(3)
On Friday, September 13, 2013 18:06 CEST, Jim MacKenzie j...@photojim.ca wrote: -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Brett Mahar Sent: Thursday, September 12, 2013 9:03 PM To: misc@openbsd.org Subject: GCC 2.95 mention in intro(3) I think the GCC 2.95 line is no longer relevant. I'm not sure if it matters here, but the VAX port of OpenBSD still uses GCC 2.95. not in -current anymore. Sebastian Jim
Re: GCC 2.95 mention in intro(3)
On Fri, Sep 13, 2013 at 6:06 PM, Jim MacKenzie j...@photojim.ca wrote: -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Brett Mahar Sent: Thursday, September 12, 2013 9:03 PM To: misc@openbsd.org Subject: GCC 2.95 mention in intro(3) I think the GCC 2.95 line is no longer relevant. I'm not sure if it matters here, but the VAX port of OpenBSD still uses GCC 2.95. No more.
Re: GCC 2.95 mention in intro(3)
-Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of David Coppa Sent: Friday, September 13, 2013 10:14 AM To: Jim MacKenzie Cc: misc Subject: Re: GCC 2.95 mention in intro(3) I think the GCC 2.95 line is no longer relevant. I'm not sure if it matters here, but the VAX port of OpenBSD still uses GCC 2.95. No more. My 5.3 VAXstation 4000/60 system still uses 2.95. Yes, still have a VAX. Maybe this is changing in 5.4. Jim
Re: GCC 2.95 mention in intro(3)
On 13/09/13 1:13 PM, Jim MacKenzie wrote: -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of David Coppa Sent: Friday, September 13, 2013 10:14 AM To: Jim MacKenzie Cc: misc Subject: Re: GCC 2.95 mention in intro(3) I think the GCC 2.95 line is no longer relevant. I'm not sure if it matters here, but the VAX port of OpenBSD still uses GCC 2.95. No more. My 5.3 VAXstation 4000/60 system still uses 2.95. Yes, still have a VAX. Maybe this is changing in 5.4. Yes, 5.3 is old ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: install5x.iso
How much memory and disk does your SPARC have? You might want to consider a lighter weight browser like midori or netsurf - I've not bother powering up my old SPARC boxes for about five years - and I always ran them headless, so my advice is a bit out of date ;~) hth Fred On 13 Sep 2013 16:40, Richard Thornton thornton.rich...@gmail.com wrote: In general I really like and appreciate all that is done by developers with OpenBSD. The OS is stable and it works well, and shipping it with X already functional is a big help, especially on older boxes. Because to compile xorg with this old sparc box under FreeBSD was taking 24 hours and it still was not done. On Fri, Sep 13, 2013 at 11:19 AM, Gregor Best g...@ring0.de wrote: On Fri, Sep 13, 2013 at 10:06:10AM -0400, Richard Thornton wrote: I am curious - given that OpenBSD ships each RELEASE with X , but applications like Firefox will not work without installing another DE, [...] That is not true. I ran Firefox and Chrome on a clean OpenBSD 4.9 installation when it was released and I have been able to since then, and I find it hard to believe it was different before. [...] XFCE; why not ship OpenBSD with the basic X, but with the necessary libraries to allow FireFox to run and other applications like R to output graphics? Also why not go ahead and ship with Firefox? The disk would still be within the size of a standard CD. [...] Installing Firefox with pkg_add adds the required libraries automatically. If it does not, that's a bug in the port that should be reported. Adding Firefox to the base system would be a very bad idea. It is a huge load of code that needs to be maintained and not everyone uses Firefox. What if I want Chrome instead? Add that to base? What about dillo? netsurf? Why not add OpenOffice while we are at it? -- Gregor Best
easy-rsa script for OpenVPN issue
Deal All, I am trying to set up OpenVPN server at my work on the freshly installed OpenBSD machine using a 5.4 snapshot from July 30 (i386) and the ports tree fetched the same day. We must use OpenVPN so I am not interested in alternatives. After spending several hours I made no progress as I am completely stamped with the behavior of easy-rsa script. After editing /usr/local/share/easy-rsa/vars file and making vars executable I am getting exactly the output from this thread http://www.daemonforums.org/showthread.php?t=7473 I tried all the things from the tread short of editing openssl-1.0.0.cnf by hand but I still get the same output which indicates that environmental variables which are supposed to be sourced with ./vars have not being set up. I do not know what to make out of the fact that OpenBSD is being shipped with openssl version is openssl-1.0.1c. On the related note I observed that openvpn directory in /etc is not created (I used ports as disclosed at the beginning of this message) during the port installation. Is that expected behavior? It also looks like there is no other version of of easy-rsa or openssl-1.0.0.cnf file shipped with OpenVPN for that matter. I appreciate any help with this. Most Kind Regards, Predrag Punosevac
Re: install5x.iso
I gave up on Firefox and Chrome on my low memory older laptops, found midori, and using it everywhere now. It has exactly what I need and no more. On Fri, Sep 13, 2013 at 10:21 AM, Fred Crowson fred.crow...@gmail.comwrote: How much memory and disk does your SPARC have? You might want to consider a lighter weight browser like midori or netsurf - I've not bother powering up my old SPARC boxes for about five years - and I always ran them headless, so my advice is a bit out of date ;~) hth Fred On 13 Sep 2013 16:40, Richard Thornton thornton.rich...@gmail.com wrote: In general I really like and appreciate all that is done by developers with OpenBSD. The OS is stable and it works well, and shipping it with X already functional is a big help, especially on older boxes. Because to compile xorg with this old sparc box under FreeBSD was taking 24 hours and it still was not done. On Fri, Sep 13, 2013 at 11:19 AM, Gregor Best g...@ring0.de wrote: On Fri, Sep 13, 2013 at 10:06:10AM -0400, Richard Thornton wrote: I am curious - given that OpenBSD ships each RELEASE with X , but applications like Firefox will not work without installing another DE, [...] That is not true. I ran Firefox and Chrome on a clean OpenBSD 4.9 installation when it was released and I have been able to since then, and I find it hard to believe it was different before. [...] XFCE; why not ship OpenBSD with the basic X, but with the necessary libraries to allow FireFox to run and other applications like R to output graphics? Also why not go ahead and ship with Firefox? The disk would still be within the size of a standard CD. [...] Installing Firefox with pkg_add adds the required libraries automatically. If it does not, that's a bug in the port that should be reported. Adding Firefox to the base system would be a very bad idea. It is a huge load of code that needs to be maintained and not everyone uses Firefox. What if I want Chrome instead? Add that to base? What about dillo? netsurf? Why not add OpenOffice while we are at it? -- Gregor Best
Re: easy-rsa script for OpenVPN issue
On 13.09.2013 14:14, Predrag Punosevac wrote: Deal All, I am trying to set up OpenVPN server at my work on the freshly installed OpenBSD machine using a 5.4 snapshot from July 30 (i386) and the ports tree fetched the same day. We must use OpenVPN so I am not interested in alternatives. After spending several hours I made no progress as I am completely stamped with the behavior of easy-rsa script. After editing /usr/local/share/easy-rsa/vars file and making vars executable I am getting exactly the output from this thread http://www.daemonforums.org/showthread.php?t=7473 I tried all the things from the tread short of editing openssl-1.0.0.cnf by hand but I still get the same output which indicates that environmental variables which are supposed to be sourced with ./vars have not being set up. I do not know what to make out of the fact that OpenBSD is being shipped with openssl version is openssl-1.0.1c. On the related note I observed that openvpn directory in /etc is not created (I used ports as disclosed at the beginning of this message) during the port installation. Is that expected behavior? It also looks like there is no other version of of easy-rsa or openssl-1.0.0.cnf file shipped with OpenVPN for that matter. I appreciate any help with this. Most Kind Regards, Predrag Punosevac I took a clue from a private e-mail I got from one of you and installed bash shell. After source-ing vars with bash$ source ./vars and running other scripts in bash I was relieved of all my troubles. I am not sure if an installation message is appropriate but hopefully I am the last person who lost 5 productive hours due to bashism. Most Kind Regards, Predrag P.S. whichopensslcnf script is fully functional and you do not have to edit export KEY_CONFIG line. If you decide to use absolute path to openssl-1.0.0.cnf make sure you adjust quotations marks appropriately.