Re: speedup shutdown

[Joel Rees]

2015/09/22 3:21 "Quartz" :
>>
>> The two daemons you refer to, treat SIGHUP as a "please re-read your
>> configuration files and restart".  This is semi-common.  This happens to
>> also be the two daemons you are testing this with, causing some
confusino.
>
>> Not everything, but some things will still be running.
>
> It wasn't just syslogd and sshd, -HUP also doesn't shut down any of the
pflogd/dhclient/cron stuff either. The only process it actually stops is
sndiod, all the others restart on their own.
>
>
>> After running commands #1, #3 and #5; almost everything should be
>> killed.  Command #1 should take care of the vast majority of daemons
>> started at boot; #3 and #5 are to catch the ones that aren't.
>
> Well, -TERM stops every PID I typed in (the four I didn't being init, two
ksh's and ps itself), so I'm not sure where that leave me. I guess it's
some kind of timing thing or race condition?
>

I haven't tried this on openbsd, but I wrote a little tool for someone who
was fussing about debian taking too long to shut down:

http://joels-programming-fun.blogspot.jp/2014/08/this-is-demonstration-of-way-to.html

You'll want to tune some of it, probably, may not need to grep, may want to
change the timing. Just remember, writing to a file at shutdown will
interfere with the shutdown, especially if you use timing too fast to
finish one log entry before the next one starts. And you may want to
deliberately kill the process before the shutdown process does the final
sync.

And don't forget to remove things before you put the thing into production.

Joel Rees

Computer memory is just fancy paper,
CPUs just fancy pens.
All is a stream of text
flowing from the past into the future.

Re: ugen0 instead of urtwn0

[Thuban]

> Grab relevant
>
> src/sys/dev/usb/if_urtwn.c
> sys/dev/usb/usbdevs
>
> from CVS, than cd sys/dev/usb && make, than rebuild/install kernel
> as described in FAQ.
>
I rebuild and installed the kernel without any error, but still, the usb
stick isn't detected as urtwn.

What did I do wrong :

# cd /usr
# export CVSROOT=anon...@anoncvs.fr.openbsd.org:/cvs
# cvs -d$CVSROOT checkout -rOPENBSD_5_7 -P src
# cd //usr/src/sys/dev
# cvs -d$CVSROOT -bOPENBSD_5_8 get src/sys/dev/usbdevs
# cvs -d$CVSROOT -bOPENBSD_5_8 get src/sys/dev/if_urtwn.c
# # rebuild/install kernel

--
Thuban
PubKey : http://yeuxdelibad.net/Divers/thuban.pub

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: update/upgrade

[Chris Cappuccio]

Quartz [qua...@sneakertech.com] wrote:
> >If availability is critical you might consider redundancy with CARP/pfsync.
> 
> It looks like the M:tier thing is pretty close, my only concern is how long
> it'll last before the maintainers lose interest and the project gets
> abandoned.

Stuart already gave you the link for the infrastructure. If those guys stop
running it, you or anyone else can take up the torch. It's not rocket
science, dude. The project itself has left the door open for a competent
third party to take this role. One has done so, and released their entire
build infrastructure. Is there another finer point you need clarified?

Re: SR RAID5 rebuild/stability issue.

[Chris Cappuccio]

Karel Gardas [gard...@gmail.com] wrote:
> 
> Let me ask, should SR RAID5 survive such testing or is for example
> rebuilding with off-lined drive considered unsupported feature?
> 

It's new, considered experimental and not well tested.

In my initial testing with RAID5, it was so slow as to be unusable. The IOPS
too low and latency too high compared to soft RAID1, single drive, or hw
RAID 5. I didn't consider using it seriously. Now your testing shows a
more significant problem.

Are you working with someone to bring your RAID1 changes in tree? The
complete, understood improvements should be individually labeled
and committed, one by one.

Chris

Re: solved qemu tap

[Tuyosi Takesima]

mistake


cat /etc/hostname.bridge0

add vether0
add vio0 -> sis0
up


but vio0 also work  , why ?

and instlatin process ,
tiny-core boot > but i donot know how to
save .
tiny-core-plus cannot boot

again qemu is slow , so i hesitate to run debian or so .

Re: console color

[Miod Vallat]

> For local console I've googled and TERM=wsvt25 brings colors to emacs
> and vim for me on amd64.

wsvt25 (and wsvt43 and wsvt50) only are 8-color terminals, and that's
the best the kernels's console emulation code will provide; and this is
not going to change anytime soon. If you want 16 or 256 colors, run X.

Re: console color

[Karel Gardas]

For local console I've googled and TERM=wsvt25 brings colors to emacs
and vim for me on amd64.

On Mon, Sep 21, 2015 at 8:35 PM, Quartz  wrote:
> Can someone give be a brief rundown on how OpenBSD handles color on console?
> Commands like "echo -e '\033[32mfoo\033[0m'" produces dark green text as
> expected, but "echo -e '\033[92mfoo\033[0m'" comes out white instead of
> light green, and I can't seem to get vim to do syntax coloring at all (I've
> copied over configs that work on other machines, both t_Co=16 and t_Co=8,
> but everything always displays plain white). $TERM is the standard vt220. Am
> I doing something wrong, or does local console just have very limited color
> support?

solved qemu tap

[Tuyosi Takesima]

Hi all .

i manage to work qemu .
all i do by root user .

my situation
--

internet
|
router(dhcpd server)
|
sis0
openbsd



$ cat
/etc/hostname.tun0
link0
up

$ cat
/etc/hostname.vether0
inet inet 192.168.1.194 255.255.255.0 NONE


cat
/etc/hostname.bridge0
add vether0
add vio0
up




lo0: flags=8049 mtu 32768
priority: 0
groups: lo
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff00

sis0:
flags=8b43 mtu 1500
lladdr 00:0d:9d:83:1b:92
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.194 netmask 0xff00 broadcast 192.168.1.255
^^

enc0: flags=0<>
priority: 0
groups: enc
status: active

pflog0: flags=141 mtu 33192
priority: 0
groups: pflog

vether0: flags=8902 mtu 1500
lladdr fe:e1:ba:d0:9c:4b
priority: 0
groups: vether
media: Ethernet autoselect
status: active


tun0: flags=9943 mtu
1500
lladdr fe:e1:ba:d2:eb:15
priority: 0
groups: tun
status: active

bridge0: flags=41
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto
rstp
vether0 flags=3
port 6 ifpriority 0 ifcost 0
sis0 flags=3
port 1 ifpriority 0 ifcost 0
tun0 flags=3
port 8 ifpriority 0 ifcost 0



#qemu-image create Q.img 1G


step1) intall openbsd into qemu
 cat
qemu-1.bat
qemu-system-i386 \
-m 256M \
-net nic,vlan=1,model=e1000,macaddr=fe:e1:ba:d3:e7:11 \
-net tap,vlan=1 \
-boot d \
-cdrom /dev/rcd0c \
Q.img


and


2)run openbsd in qemu
 cat qemu-2.bat
qemu-system-i386 \
-m 256M \
-net nic,vlan=1,model=e1000,macaddr=fe:e1:ba:d3:e7:11 \
-net tap,vlan=1 \
Q.img

and qemu openbsd's addss is 192.168.1.223 .
^
so i ' ssh -l root 192.168.1.223'.

then ifconfig -a show
lo0: flags=8049 mtu 32768
priority: 0
groups: lo
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff00
em0: flags=8843 mtu 1500
lladdr fe:e1:ba:d3:e7:11
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.1.223 netmask 0xff00 broadcast 192.168.1.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141 mtu 33192
priority: 0
groups: pflog




linux may also run in openbsd's qemu.


on rental sever , it's dhcpd server give only one address ,
this method is not good .
does any one know how to do in only one adress ?


in mint linux , see
http://sakurapup.browserloadofcoolness.com/viewtopic.php?f=13&t=2955.
i run both puppy linux and openbsd on mint linux.
we make more information about defense by mutual attack .
but this site is japanese .
please use translaion site , for example google.

and qemu is slow , kvm is fast .
at present , it is comforatable to run 'openbsd qemu' in linux ,

-
regards

Re: console color

[Quartz]

OK, thanks. After some searching based on this info and some messing 
around, it looks like 'export TERM=ansi' and setting t_Co=8 will get me 
limited colors in vim without screwing anything up.

SR RAID5 rebuild/stability issue.

[Karel Gardas]

Hello,

due to work on SR RAID1 check summing support where I've touched SR
RAID internals (workunit scheduling) I'd like to test SR RAID5/6
functionality on snapshot and on my tree to see that I've not broken
the stuff while hacking it. My current problem is that I'm not able to
come with some testing which would not break RAID5 (I'm starting with
it) after several hours of execution while using snapshot. My test is
basically:
- on one console in loop
  mount raid to /raid
  rsync /usr/src/ to /raid
  compute sha1 sums of all files in /raid
  umount /raid
  mount /raid
  check sha1 -- if failure, fail the test, if not, just repeat
- on another console in loop
  - off line random drive
  - wait random time (up to minute)
  - rebuild raid with the offlined drive
  - wait random time (up to 2 minutes)
  - repeat

Now, the issue with this is that I get sha1 errors from time to time.
Usually in such case the problematic source file contain some garbage.
Since I do not yet have a machine dedicated to this testing, I'm using
for this thinkpad T500 with one drive. I just created 4 RAID slices in
OpenBSD partition. Last week I've been using vndX devices (and files),
but this way I even got to kernel panic (on snapshot) like this one:
http://openbsd-archive.7691.n7.nabble.com/panic-ffs-valloc-dup-alloc-td254738.html
-- so this weekend I've started testing with slices and so far not
panic, but still data corruption issue. Last snapshot I'm using for
testing is from last Sunday.

Let me ask, should SR RAID5 survive such testing or is for example
rebuilding with off-lined drive considered unsupported feature?

Thanks!
Karel

Re: Cheap hardware for router, perhaps fileserver?

[Chris Cappuccio]

Predrag Punosevac [punoseva...@gmail.com] wrote:
> 
> 1. I don't like diversity at home so OpenBSD would be the first choice.
> 4TB HDD are cheap enough and I could mirror (RAID 1) all my personal
> data on two of them. There are two options for mirroring. Either use
> softraid or get a cheap used Areca hardware RAID card of e-bay. Those
> cards according to man pages have excellent support on OpenBSD (they are
> true open hardware). Use one of inexpensive Celeron based motherboards
> (you can get them under $50). I would be curious what OpenBSD gurus have
> to say about their experience with Areca on OpenBSD and building a
> OpenBSD file server in general.
> 

There's just no reason to go for hardware RAID if all you want is RAID1.

Softraid RAID1 is fine, and even with the metadata it aligns the FFS to
4K blocks, no problem.

RAID5 is rather slow at the moment, I could see using a hardware controller
to supplement, but not for RAID1...

Chris

Re: console color

[Martin Brandenburg]

On Mon, 21 Sep 2015, Quartz wrote:

Can someone give be a brief rundown on how OpenBSD handles color on console? 
Commands like "echo -e '\033[32mfoo\033[0m'" produces dark green text as 
expected, but "echo -e '\033[92mfoo\033[0m'" comes out white instead of light 
green, and I can't seem to get vim to do syntax coloring at all (I've copied 
over configs that work on other machines, both t_Co=16 and t_Co=8, but 
everything always displays plain white). $TERM is the standard vt220. Am I 
doing something wrong, or does local console just have very limited color 
support?






The DEC VT220 terminal did not support color. That's why color works when 
you echo control codes and not through vim. Vim reads $TERM and decides 
not to use color.


Set $TERM up to something that supports color if you want color.

-- Martin

Re: console color

[Miod Vallat]

> Can someone give be a brief rundown on how OpenBSD handles color on console?

It depends upon the terminal emulation being used. OpenBSD provides both
a `sun' terminal emulation, which is the default on sparc and sparc64
(use either TERM=sun for faithful behavioul or TERM=rcons-color for the
colour extensions), and a `vt220' terminal emulation, which is a subset
of the VT220 command set, with some xterm control sequences recognized
(use either TERM=vt220 or one of the wsvtXX matching your number of
rows).

The SGR (ESC [ * m) sequences recognized by the vt220 emulation are 0
(reset), 1 (bold), 4 (underline), 5 (blink), 7 (reverse video), 30-37
(select fg color), and 40-47 (select bg color) [in fact, a few VT300
sequences are also recognized but they don't matter here]. There is no
support for more than 8 color code using 90-97 and 100-107.

Also, keep in mind that, depending upon the actual video hardware being
used, the hardware may not be able to output what the escape sequences
are requesting. Not all hardware supports blinking or underline, for
example.

Re: EDID checksum is invalid

[Austin Gilbert]

> On Sep 17, 2015, at 11:51 AM, Raimo Niskanen  
> wrote:
> 
> Hello misc@
> 
> I just installed OpenBSD 5.8 from CD (i386) on an MSI MS 9A19, and it all
> went well, but when I put it in the server rack on the KVM it started to
> produce lots of error messages about "EDID checksum is invalid".  The error
> repeats almost once every minute.
> 

I found the same error message in my logs also. 

I'm running 5.7 release installed from CD. It appears to also be related to the 
use of a USB/HDMI KVM, as the log message was not present immediately after 
installation but is present after the KVM was hooked up.

console color

[Quartz]

Can someone give be a brief rundown on how OpenBSD handles color on 
console? Commands like "echo -e '\033[32mfoo\033[0m'" produces dark 
green text as expected, but "echo -e '\033[92mfoo\033[0m'" comes out 
white instead of light green, and I can't seem to get vim to do syntax 
coloring at all (I've copied over configs that work on other machines, 
both t_Co=16 and t_Co=8, but everything always displays plain white). 
$TERM is the standard vt220. Am I doing something wrong, or does local 
console just have very limited color support?

Re: speedup shutdown

[Quartz]

The two daemons you refer to, treat SIGHUP as a "please re-read your
configuration files and restart". This is semi-common. This happens to
also be the two daemons you are testing this with, causing some
confusino.



Not everything, but some things will still be running.


It wasn't just syslogd and sshd, -HUP also doesn't shut down any of the
pflogd/dhclient/cron stuff either. The only process it actually stops is
sndiod, all the others restart on their own.



After running commands #1, #3 and #5; almost everything should be
killed. Command #1 should take care of the vast majority of daemons
started at boot; #3 and #5 are to catch the ones that aren't.


Well, -TERM stops every PID I typed in (the four I didn't being init,
two ksh's and ps itself), so I'm not sure where that leave me. I guess
it's some kind of timing thing or race condition?


Also, FWIW, tapping the power button at this point yields a two second 
delay before it does anything (down from the previous ten). Not sure if 
that's useful information or not.

Re: speedup shutdown

[Quartz]

The two daemons you refer to, treat SIGHUP as a "please re-read your
configuration files and restart".  This is semi-common.  This happens to
also be the two daemons you are testing this with, causing some confusino.



Not everything, but some things will still be running.


It wasn't just syslogd and sshd, -HUP also doesn't shut down any of the 
pflogd/dhclient/cron stuff either. The only process it actually stops is 
sndiod, all the others restart on their own.




After running commands #1, #3 and #5; almost everything should be
killed.  Command #1 should take care of the vast majority of daemons
started at boot; #3 and #5 are to catch the ones that aren't.


Well, -TERM stops every PID I typed in (the four I didn't being init, 
two ksh's and ps itself), so I'm not sure where that leave me. I guess 
it's some kind of timing thing or race condition?

Re: speedup shutdown

[Peter Hessler]

On 2015 Sep 21 (Mon) at 09:37:11 -0400 (-0400), Quartz wrote:
:>>I took that to mean:
:>>
:>>1) run (presumably as root) 'time sh /etc/rc shutdown'
:>>2) check 'ps -aux' to see what's still running
:>>3) 'kill -HUP [PID]' for each of the remaining processes
:>>4) check 'ps -aux' again
:>>5) 'kill -TERM [PID]' for each of the remaining processes
:>>6) check 'ps -aux' again
:>
:>Yes.  Perhaps it isn't clear that I would *expect* stuff to still be
:>running at step 4, and thus for shutdown like this to take at least 5
:>seconds.
:
:>If the next step, the one you didn't describe the results of, killing
:>daemons with SIGTERM,
:
:OK, maybe this is where the communication gap is. Sending HUP to sshd and
:syslogd and everything was effectively a no-op since they'd all just
:immediately restart. I looped between (3) and (4) for a bit then gave up. I
:assumed I was doing something wrong when by this point the state of the
:system was identical to (0).
:

The two daemons you refer to, treat SIGHUP as a "please re-read your
configuration files and restart".  This is semi-common.  This happens to
also be the two daemons you are testing this with, causing some confusino.

Almost all signals can be caught and the default behaviour is changed.
Check the man page for signal(3) for some more information.

:Just to be doubly clear, is it expected behavior that at (4) everything will
:still be running?
:

Not everything, but some things will still be running.


:(In the mean time, I'll try continuing on through (6) anyway and see what
:happens).
:

After running commands #1, #3 and #5; almost everything should be
killed.  Command #1 should take care of the vast majority of daemons
started at boot; #3 and #5 are to catch the ones that aren't.  


-- 
If you keep anything long enough, you can throw it away.

Re: update/upgrade

[Amit Kulkarni]

On Mon, Sep 21, 2015 at 8:57 AM, Marcus MERIGHI 
wrote:

> qua...@sneakertech.com (Quartz), 2015.09.21 (Mon) 02:43 (CEST):
> > >As it was already stated in @misc,
> >
> > I don't think I got that message. (?)
> >
> > >mtier is probably as safe as relying on
> > >openbsd code.
> >
> > I'm not worried so much about safety in the sense of compromised code,
> but
> > rather the practicalities of setting up a workflow that depends on
> something
> > that can disappear at any time without notice. Their website has zero
> > information about them as a company or who (if any) of them are also
> OpenBSD
> > devs or what. It also looks like they only started a couple years ago.
>
> openup
> # Author: Antoine Jacoutot 
>
> OpenBSD commit stats ajacoutot@
> http://www.oxide.org/cvs/ajacoutot.html
>
> e.g.
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr
>
> Bye, Marcus
>
> > !DSPAM:55ff540b42247974415012!
>
>
In addition, a couple of other committers (robert@, jasper@) also work or
used to work for mtier. Mtier supports the OpenBSD project in many other
ways too.

Re: Suspend Hangs ThinkPad T450s

[Aaron Poffenberger]

On 09/20/15 17:07, Mark Kettenis wrote:

From: Aaron Poffenberger 
Date: Sun, 20 Sep 2015 16:39:54 -0500

Another issue I noted in the ThinkPad dmesg. Pulling out as separate
request for reference sake.

Suspending now hangs system
   - X11 disables correctly and screen goes dark
   - Light on power switch begins to blink
   - Screen comes back on at one of the consoles
   - Can hear fans begin to spin up
   - Keyboard unresponsive
   - Have to force reboot

This was not a problem with build from 2015-09-16.


Just committed a fix for this.

Sorry about the delay; I was a little busy making your video work better ;).



I installed from last-night's snapshot. Suspend/resume now work again.

Thanks!

Re: Booting Live openbsd image on fat32 media

[Joseph Crivello]

Actually Windows won't allow you to create more than one partition on a USB 
device only if it has the "removable disk" flag set. Some USB mass storage 
devices don't have this flag set (from the factory), and if it's not set you 
can partition it normally.

It is also possible to flash many makes and models of USB flash drives with the 
flash chip manufacturer's tools (which are often easy to find online).

Sent from my iPhone

> On Sep 21, 2015, at 8:45 AM, Nick Holland  wrote:
> 
>> On 09/21/15 08:54, Mohammad BadieZadegan wrote:
>> OK, It's true,
>> But spliting the memstick into 2 partition causes more questions:
>> 1.What tools can do that best?
> 
> sadly, Windows is kinda stupid about this.  It sees a USB device and
> wants to use the whole thing, it won't let you subpartition the device
> (ok, haven't tested this extensively on 7+).
> 
> So...you will need to create your partitions with OpenBSD.  Boot off a
> bsd.rd, install, and at the fdisk step, choose "edit", create your
> Windows and OpenBSD partition, finish the OpenBSD install.
> 
> THE WINDOWS PARTITION MUST BE FIRST, both numerically and on the disk.
> Windows treats USB (and other removable?) storage differently than
> SATA/IDE/SCSI/SAS storage.
> 
>> 2.What is the size of partitions?
> 
> "as big as you need".  What do you want to do?
> 1G is an easy to do install. 512M is kinda snug.  256M is possible
> (baseXX.tgz and kernel only!), but difficult, I recently found out. 2+G
> gives more room for apps and data.
> 
>> 3.How can write OpenBSD memstick image on the last partition?
> 
> regular install!
> 
> Quite a few years ago, I helped an electronic artist make some "talking
> donation sculptures" -- stick money in the thing, and it would "reward"
> you with a witty response.  We used 1G CF cards on some small desktop
> machines.  Iirc, I partitioned them about 50/50 FAT and OpenBSD.  The
> sound files were stored on the FAT partition, so Joe Average Computer
> User could add/remove/change the sound files simply by yanking the card
> out of the computer and putting it a USB reader, changing what they
> wished to change, and put it back, reboot and done (and probably wonder
> where the rest of the programs were :)
> 
> I've also made USB sticks which are both OpenBSD systems AND useful for
> moving files around between Windows or other FFS-challenged systems.
> 
> Nick.
> 
>> On Mon, Sep 21, 2015 at 4:12 PM, Dmitrij D. Czarkoff 
>> wrote:
>> 
>>> Mohammad BadieZadegan said:
 How put OpenBSD image on it that don't curropt its file system or booting
 OpenBSD?
>>> 
>>> The easiest way is to split your drive in two partitions: first one
>>> should be FAT32 if you want it so, and the last one should be OpenBSD
>>> slice.
>>> 
>>> Windows and most consumer devices' firmwares don't read partition table
>>> on USB flash devices, so these systems won't notice your OpenBSD
>>> partition, but it will be bootable.
>>> 
>>> --
>>> Dmitrij D. Czarkoff

Re: update/upgrade

[Adam Thompson]

On 09/20/2015 10:26 PM, Quartz wrote:
It looks like the M:tier thing is pretty close, my only concern is how 
long it'll last before the maintainers lose interest and the project 
gets abandoned.


Handling updates/upgrades in OpenBSD has always been one of the more 
difficult parts for ordinary users.

Having said that, Antoine &c. have developed a great service.

As to "lose interest", I think you're missing the fact that m:Tier is a 
company, not just another open-source project.  They've been around for 
over seven (7) years already.  If they were going to simply "lose 
interest", I think they'd have done so long ago.  They do have a regular 
website, at www.mtier.org, that fills in all the gaps you were talking 
about in a previous post.


You can also *pay* for a subscription, which I would assume - barring 
utter insanity on the part of every employee there - would go a long way 
towards ensuring they stick around.  (Per a previous conversation with 
them, you don't have to buy a subscription for every single machine 
you're updating - but confirm that with them before basing any plans on 
that.)


-Adam

Re: ugen0 instead of urtwn0

[Alexey Suslikov]

Thuban  yeuxdelibad.net> writes:

> * Fred  crowsons.com> le [21-09-2015 11:50:27 +0100]:
> > You could back port the relevant changes to 5.7 and build a new kernel
> > following the information in http://www.openbsd.org/faq/faq5.html
> >
> > -current is currently ahead of 5.8 which will be released on the 18
> October.
> 
> Thanks for the answer.
> I never back ported on openbsd before. Where can I find any relevant
> documentation do do this before building the kernel?

Grab relevant

src/sys/dev/usb/if_urtwn.c
sys/dev/usb/usbdevs

from CVS, than cd sys/dev/usb && make, than rebuild/install kernel
as described in FAQ.

Re: update/upgrade

[Marcus MERIGHI]

qua...@sneakertech.com (Quartz), 2015.09.21 (Mon) 02:43 (CEST):
> >As it was already stated in @misc,
> 
> I don't think I got that message. (?)
>
> >mtier is probably as safe as relying on
> >openbsd code.
> 
> I'm not worried so much about safety in the sense of compromised code, but
> rather the practicalities of setting up a workflow that depends on something
> that can disappear at any time without notice. Their website has zero
> information about them as a company or who (if any) of them are also OpenBSD
> devs or what. It also looks like they only started a couple years ago.

openup
# Author: Antoine Jacoutot 

OpenBSD commit stats ajacoutot@
http://www.oxide.org/cvs/ajacoutot.html

e.g.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr

Bye, Marcus

> !DSPAM:55ff540b42247974415012!

Re: Booting Live openbsd image on fat32 media

[Nick Holland]

On 09/21/15 08:54, Mohammad BadieZadegan wrote:
> OK, It's true,
> But spliting the memstick into 2 partition causes more questions:
> 1.What tools can do that best?

sadly, Windows is kinda stupid about this.  It sees a USB device and
wants to use the whole thing, it won't let you subpartition the device
(ok, haven't tested this extensively on 7+).

So...you will need to create your partitions with OpenBSD.  Boot off a
bsd.rd, install, and at the fdisk step, choose "edit", create your
Windows and OpenBSD partition, finish the OpenBSD install.

THE WINDOWS PARTITION MUST BE FIRST, both numerically and on the disk.
Windows treats USB (and other removable?) storage differently than
SATA/IDE/SCSI/SAS storage.

> 2.What is the size of partitions?

"as big as you need".  What do you want to do?
1G is an easy to do install. 512M is kinda snug.  256M is possible
(baseXX.tgz and kernel only!), but difficult, I recently found out. 2+G
gives more room for apps and data.

> 3.How can write OpenBSD memstick image on the last partition?

regular install!

Quite a few years ago, I helped an electronic artist make some "talking
donation sculptures" -- stick money in the thing, and it would "reward"
you with a witty response.  We used 1G CF cards on some small desktop
machines.  Iirc, I partitioned them about 50/50 FAT and OpenBSD.  The
sound files were stored on the FAT partition, so Joe Average Computer
User could add/remove/change the sound files simply by yanking the card
out of the computer and putting it a USB reader, changing what they
wished to change, and put it back, reboot and done (and probably wonder
where the rest of the programs were :)

I've also made USB sticks which are both OpenBSD systems AND useful for
moving files around between Windows or other FFS-challenged systems.

Nick.

> On Mon, Sep 21, 2015 at 4:12 PM, Dmitrij D. Czarkoff 
> wrote:
> 
>> Mohammad BadieZadegan said:
>> > How put OpenBSD image on it that don't curropt its file system or booting
>> > OpenBSD?
>>
>> The easiest way is to split your drive in two partitions: first one
>> should be FAT32 if you want it so, and the last one should be OpenBSD
>> slice.
>>
>> Windows and most consumer devices' firmwares don't read partition table
>> on USB flash devices, so these systems won't notice your OpenBSD
>> partition, but it will be bootable.
>>
>> --
>> Dmitrij D. Czarkoff

Re: speedup shutdown

[Quartz]

I took that to mean:

1) run (presumably as root) 'time sh /etc/rc shutdown'
2) check 'ps -aux' to see what's still running
3) 'kill -HUP [PID]' for each of the remaining processes
4) check 'ps -aux' again
5) 'kill -TERM [PID]' for each of the remaining processes
6) check 'ps -aux' again


Yes.  Perhaps it isn't clear that I would *expect* stuff to still be
running at step 4, and thus for shutdown like this to take at least 5
seconds.



If the next step, the one you didn't describe the results of, killing
daemons with SIGTERM,


OK, maybe this is where the communication gap is. Sending HUP to sshd 
and syslogd and everything was effectively a no-op since they'd all just 
immediately restart. I looped between (3) and (4) for a bit then gave 
up. I assumed I was doing something wrong when by this point the state 
of the system was identical to (0).


Just to be doubly clear, is it expected behavior that at (4) everything 
will still be running?


(In the mean time, I'll try continuing on through (6) anyway and see 
what happens).

Re: Booting Live openbsd image on fat32 media

[Dmitrij D. Czarkoff]

Mohammad BadieZadegan said:
> 1.What tools can do that best?

OpenBSD installation medium can do all but formatting FAT32 partition.
You can do that from system you'll install on the second partition.

> 2.What is the size of partitions?

Depends on your needs.  Most likely you'd want to mount your FAT32
partition somewhere under you user's home directory, so basically you
can take the numbers from FAQ and adopt them to your needs.

> 3.How can write OpenBSD memstick image on the last partition?

Best way to do it is just to use stock openbsd installer.  If you don't
like this approach for some reason, you may dd your flash drive to a
file, use some virtualization software to install everything you want
there and dd the image back.

There is a choice of tools for these tasks for all major operating
systems, and there is a lot of documentation, blog posts, howto articles
and other sources of information on this topic, you so shouldn't have
problems with finding out details.

-- 
Dmitrij D. Czarkoff

Re: Booting Live openbsd image on fat32 media

[Jiri B]

There is no official live image for openbsd. There's
install image which runs in ramdisk but this is not usual
livecd-like environment.

Thus, install onto disk - usb flash media. There's no
difference between usb flash and usual disk install.

Read docs, FAQ as it is obvious you have limited knowledge
how things work.

j.

Re: Booting Live openbsd image on fat32 media

[Mohammad BadieZadegan]

OK, It's true,
But spliting the memstick into 2 partition causes more questions:
1.What tools can do that best?
2.What is the size of partitions?
3.How can write OpenBSD memstick image on the last partition?

On Mon, Sep 21, 2015 at 4:12 PM, Dmitrij D. Czarkoff 
wrote:

> Mohammad BadieZadegan said:
> > How put OpenBSD image on it that don't curropt its file system or booting
> > OpenBSD?
>
> The easiest way is to split your drive in two partitions: first one
> should be FAT32 if you want it so, and the last one should be OpenBSD
> slice.
>
> Windows and most consumer devices' firmwares don't read partition table
> on USB flash devices, so these systems won't notice your OpenBSD
> partition, but it will be bootable.
>
> --
> Dmitrij D. Czarkoff

Re: Booting Live openbsd image on fat32 media

[Dmitrij D. Czarkoff]

Mohammad BadieZadegan said:
> How put OpenBSD image on it that don't curropt its file system or booting
> OpenBSD?

The easiest way is to split your drive in two partitions: first one
should be FAT32 if you want it so, and the last one should be OpenBSD
slice.

Windows and most consumer devices' firmwares don't read partition table
on USB flash devices, so these systems won't notice your OpenBSD
partition, but it will be bootable.

-- 
Dmitrij D. Czarkoff

Re: mini itx from intel

[Stuart Henderson]

On 2015-09-20, ludovic coues  wrote:
> 2015-09-20 14:50 GMT+02:00 frantisek holop :
>> does anyone happen to have any of these?
>> http://www.intel.com/content/www/us/en/nuc/nuc-comparison.html
>>
>> plz send dmesg if possible.
>
> Here is a dmesg for my DN2820FYKH

No DRM on the DN2820FYKH (Bay Trail celeron), and pxeboot is broken (but
can be worked-around, see bugs@), otherwise it works well. X is a bit slow
but still pretty usable unless you want GNOME or kde4. However there is
very little stock of these any more (bunch of clear-out price reductions
about a month ago).

If you want working DRM *now*, try to track down a Haswell i3/i5 based
one, but they are relatively expensive compared to the newer ones, and
there is not that much stock of these around either. Newer ones you'll
have to wait for DRM.

Apropos of Subject:, they aren't mini-itx, quite a lot smaller.

FWIW if the MAC addresses are anything to go by, they're made by ECS
(Elitegroup).

Booting Live openbsd image on fat32 media

[Mohammad BadieZadegan]

Hi everybody
I like using OpenBSD on every situation but need to booting OpenBSD image
on my FAT32 media.
In other words I have USB Flash (32GB) memstick that its file system is
FAT32 and I want to install a boot manager (Like GRUB or Grub4DOS) and then
How put OpenBSD image on it that don't curropt its file system or booting
OpenBSD?

Re: update/upgrade

[Stuart Henderson]

On 2015-09-20, Quartz  wrote:
>> https://stable.mtier.org/
>
> A cli update program that applies binary patches is pretty much perfect, 
> but I'm not sure we want to rely on a 3rd party for that service. (And I 
> know that a built-in update program is probably never going to happen).
>
>

You don't need to use mtier-produced binpatches, the framework to generate them
is also available

http://opensource.mtier.org/binpatchng.html

Re: ugen0 instead of urtwn0

[Thuban]

* Fred  le [21-09-2015 11:50:27 +0100]:
> On 09/21/15 11:01, Thuban wrote:
> >* Thuban  le [21-09-2015 11:14:22 +0200]:
> >>usbdevs returns WNA 1000Mv2 Netgear listed here [0]
> >>
> >>But the device is detected as ugen.
> >
> >My bad, it seemd to be fixed in 5.8 [0].
> >
> >Except waiting for 5.8 or unsing -current, I guess there is no other
> >solution to usr this usb stick?
> >
> >[0] : http://www.openbsd.org/plus.html
>
> You could back port the relevant changes to 5.7 and build a new kernel
> following the information in http://www.openbsd.org/faq/faq5.html
>
> -current is currently ahead of 5.8 which will be released on the 18
October.

Thanks for the answer.
I never back ported on openbsd before. Where can I find any relevant
documentation do do this before building the kernel?

Regards
--
Thuban
PubKey : http://yeuxdelibad.net/Divers/thuban.pub

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: multiple headphone sockets and sndiod on Lenovo M83/Tiny-in-One 23

[mark hellewell]

On 20 September 2015 at 17:36, Alexandre Ratchov  wrote:
> hi,
>
> Support for USB controllers and hubs is still incomplete. Basically
> in the following cases isochronous transfers (used by audio devices)
> don't work.
>
> - ehci controllers with hubs between a usb-1.1 device and the
>   controller doesn't work (bug causes packet corruption). It
>   somewhat works if there's only one device on the hub and no
>   full-duplex is used.
>
> - xhci doesn't work at all for audio.
>
> according to your dmesg:
>
> uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
> uhub3 at uhub0 port 10 "GenesysLogic USB2.0 Hub" rev 2.00/48.46 addr 5
> uhub4 at uhub3 port 4 "Genesys Logic USB2.0 Hub" rev 2.00/32.98 addr 6
> uaudio0 at uhub4 port 3 configuration 1 interface 0 "CONEXANT
>
> the device is attached to xhci.
>
> So try to find a port of the ehci root hub, if you can't then try
> at least to find a port connected to ehci and disable full-duplex
> (add "-m play" before "-f rsnd/1"). Possibly disable xhci (try
> "boot -c" on the boot prompt), in which case it will show as ehci.

Hi,

Thanks for the suggestions.  No luck finding a port connected to ehci root
hub so I think I'll just run the unit outside of the screen dock and use the
built in audio for now.

Thanks again,
Mark

> -- Alexandre

Re: ugen0 instead of urtwn0

[Fred]

On 09/21/15 11:01, Thuban wrote:

* Thuban  le [21-09-2015 11:14:22 +0200]:

usbdevs returns WNA 1000Mv2 Netgear listed here [0]

But the device is detected as ugen.


My bad, it seemd to be fixed in 5.8 [0].

Except waiting for 5.8 or unsing -current, I guess there is no other
solution to usr this usb stick?

[0] : http://www.openbsd.org/plus.html


You could back port the relevant changes to 5.7 and build a new kernel 
following the information in http://www.openbsd.org/faq/faq5.html


-current is currently ahead of 5.8 which will be released on the 18 October.

hth

Fred

Yubikey

[bofh]

If you use a non-Neo yubikey and firmware prior to 2.4, you're vulnerable -
physical access = stolen private key in less than half an hour.

https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2014/02/04/paper_yubikey_sca.pdf

pfkey_sa_last_used: message: No such process

[Kim Zeitler]

Hi

I'm currently trying to set up a OpenIKED GW running 5.7-stable with a 
proprietary fw/VPN hosted at one of our clients.


Seemingly worked so far ipsecctl shows flows and SADs. I was able to 
ping a machine on the 'other-side' but this stopped without apparent reason.


Diving deeper into the logs and running iked in foreground gave me two 
messages

'pfkey_sa_last_used: message: No such process'
 and
'ikev2_init_ike_sa: "h" is already active'

I would greatly appreciate any help with this one.

# ipsecctl -s all
FLOWS:
flow esp in from 192.168.80.120 to 172.16.10.0/24 peer 217.6.6.6 srcid 
IPV4/80.1.1.1 dstid IPV4/217.6.6.6 type use
flow esp out from 172.16.10.0/24 to 192.168.80.120 peer 217.6.6.6 srcid 
IPV4/80.1.1.1 dstid IPV4/217.6.6.6 type require
flow esp in from 192.168.106.0/24 to 192.168.3.30 peer 217.6.6.6 srcid 
IPV4/80.1.1.1 dstid IPV4/217.6.6.6 type use
flow esp out from 192.168.3.30 to 192.168.106.0/24 peer 217.6.6.6 srcid 
IPV4/80.1.1.1 dstid IPV4/217.6.6.6 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 192.168.32.2 to 217.6.6.6 spi 0x2360324c auth 
hmac-sha2-256 enc aes-256
esp tunnel from 217.6.6.6 to 192.168.32.2 spi 0xa6537a08 auth 
hmac-sha2-256 enc aes-256



#iked -dvv
...
ikev2_sa_tag:  (0)
ikev2_childsa_negotiate: proposal 2
ikev2_childsa_negotiate: key material length 128
ikev2_prfplus: T1 with 16 bytes
ikev2_prfplus: T2 with 16 bytes
ikev2_prfplus: T3 with 16 bytes
ikev2_prfplus: T4 with 16 bytes
ikev2_prfplus: T5 with 16 bytes
ikev2_prfplus: T6 with 16 bytes
ikev2_prfplus: T7 with 16 bytes
ikev2_prfplus: T8 with 16 bytes
ikev2_prfplus: Tn with 128 bytes
pfkey_sa_add: add spi 0x2360324c
pfkey_sa: udpencap port 4500
ikev2_childsa_enable: loaded CHILD SA spi 0x2360324c
pfkey_sa_add: update spi 0xa6537a08
pfkey_sa: udpencap port 4500
ikev2_childsa_enable: loaded CHILD SA spi 0xa6537a08
ikev2_childsa_enable: loaded flow 0x151839b73800
ikev2_childsa_enable: loaded flow 0x15180aa49400
ikev2_childsa_enable: loaded flow 0x151839b73c00
ikev2_childsa_enable: loaded flow 0x151839b73000
sa_state: VALID -> ESTABLISHED from 217.6.6.6:4500 to 192.168.32.2:4500 
policy 'h'

config_free_proposals: free 0x15180bc69880
ikev2_recv: INFORMATIONAL request from responder 217.6.6.6:4500 to 
192.168.32.2:4500 policy 'h' id 0, 80 bytes

ikev2_recv: ispi 0xd6e43c6448fe0750 rspi 0x7f77a74b12244234
ikev2_init_recv: unknown SA
ikev2_init_ike_sa: "h" is already active
-- last line repeated several times --
...


/var/log/daemon
...
Sep 21 11:38:46 h iked[8231]: pfkey_sa_last_used: message: No such process
Sep 21 11:39:46 h last message repeated 2 times
...

#cat /etc/iked.conf
...
ikev2 "h" active esp \
from $k_dev to $h_server \
from $postgres_server to $h_dev \
peer $h_gw \
ikesa auth hmac-sha2-256 \
enc aes-256 \
group modp1536 \
childsa auth hmac-sha2-256 \
enc aes-256 \
group modp1536 \
srcid '80.154.4.243' \
ikelifetime 28800 \
lifetime 28800 \
psk ""

#cat /etc/pf.conf
...
block return# block stateless traffic

pass proto udp to port $ipsec_types

pass in on $ext_if proto esp from $h_gw
pass out on $ext_if proto esp to $h_gw

pass in on $ipsec_if proto ipencap from $h_gw keep state (if-bound)
pass out on $ipsec_if proto ipencap to $h_gw keep state (if-bound)

pass proto tcp from $k_dev to $h_server port $test_ports
pass proto tcp from $h_server port $test_ports to $k_dev
pass proto tcp from $h_dev to $h_postgres port postgresql
pass proto tcp from $h_postgres port postgresql to $h_dev
pass proto tcp from $k to (self) port ssh
pass proto tcp from 192.168.32.1 to (self) port ssh

pass inet proto icmp icmp-type $icmp_types
...

--
Cheers
Kim

Re: ugen0 instead of urtwn0

[Thuban]

* Thuban  le [21-09-2015 11:14:22 +0200]:
> usbdevs returns WNA 1000Mv2 Netgear listed here [0]
>
> But the device is detected as ugen.

My bad, it seemd to be fixed in 5.8 [0].

Except waiting for 5.8 or unsing -current, I guess there is no other
solution to usr this usb stick?

[0] : http://www.openbsd.org/plus.html

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

ugen0 instead of urtwn0

[Thuban]

Hi,
I have a usb wifi dongle supposed to work with urtwn firmware.
usbdevs returns WNA 1000Mv2 Netgear listed here [0]

But the device is detected as ugen.

How can I fix this?

Regards.

[0] :
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/urtwn.4?query=urt
wn&sec=4

--
Thuban
PubKey : http://yeuxdelibad.net/Divers/thuban.pub

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OT: Exists some problem with dnscrypt-proxy package?

[C. L. Martinez]

On Mon, Sep 21, 2015 at 1:28 AM, frederick w. soucy  wrote:
> On 2015.09.20, C.L. Martinez wrote:
>> Hi all,
>>
>>  I have installed an openbsd 5.7 VM today to do some tests with pf rules.
>> One of the components to I need to enable in this gateway is
>> unbound+dnscrypt-proxy.
>>
>>  I have configured forwarding in unbound.conf:
>>
>>  forward-zone:
>> name: "."
>> forward-addr: 127.0.0.1@4553
>>
>>  And I have started dnscypt-proxy with the following arguments:
>>
>> -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
>> /var/run/dnscrypt-proxy.pid
>>
>>  Output:
>>
>> 32032 ??  Is  0:00.00 /usr/sbin/ftp-proxy -m 25
>> 32411 ??  Is  0:00.00 /usr/local/sbin/dnscrypt-proxy -d
>> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
>> /var/run/dnscrypt-proxy.pid
>>  5667 ??  I   0:00.03 /usr/local/sbin/dnscrypt-proxy -d
>> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
>> /var/run/dnscrypt-proxy.pid
>>  1256 ??  Is  0:00.00 /usr/sbin/cron
>> 17818 ??  Ss  0:00.12 sshd: root@ttyp0 (sshd)
>>   527 ??  Is  0:00.05 unbound -c /var/unbound/etc/unbound.conf
>> 30164 p0  Ss  0:00.02 -ksh (ksh)
>>  7382 p0  R+  0:00.00 ps -xa
>> 16881 C0  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC0
>>  3047 C1  Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC1
>>
>>  And it doesn't works. But if I change unbound's forward section to:
>>
>> forward-zone:
>> name: "."
>> #forward-addr: 127.0.0.1@4553
>> forward-addr: 8.8.8.8
>>
>>  Works ok. Removing all forward seciton, unbound works ok also. Then, I am
>> doing something wrong but I don't know which.
>>
>>  Any idea??
>>
>>  Thanks.
>
> i was having problems with dnscrypt.eu-nl today, could ping its ip but
> not get any dns resolution so i just switched to dnscrypt.eu-dk and
> everything is working again ymmv

Ok, it seems there is some problem with servers. This morning,
dnscrypt.eu-dk works, but not dnscrypt.eu-nl.

Uhmm ... I will try to update dnscrypt-resolvers.csv file to tests
more servers ...

Many thanks to all for your help.

Re: update/upgrade

[Jay Patel]

If you are looking for one liner for snapshots :

http://bsdguru.in/3/any-tutorial-for-installing-snap-on-openbsd-5-8

and for stable m:tier is best.



On Mon, Sep 21, 2015 at 8:56 AM, Quartz  wrote:

> If availability is critical you might consider redundancy with CARP/pfsync.
>>
>
> It's not critical enough to be worth dealing that. Going down for like 15
> minutes is fine, but most of a day is not.
>
> In a perfect world we're looking for an update mechanism similar in speed
> and ease to other OSs where you can run a one liner on the live system
> which automatically downloads and installs a few files and reboots. I'm
> trying to get as close to that as possible without having to create and
> maintain a whole home-grown custom procedure.
>
> It looks like the M:tier thing is pretty close, my only concern is how
> long it'll last before the maintainers lose interest and the project gets
> abandoned.