uvideo0: could not open VS pipe: INVAL + error: [drm:pid49266:intel_pipe_update_start] *ERROR* Potential atomic update failure on pipe A

2017-09-15 Thread MazoComp 
$ fswebcam
--- Opening /dev/video0...
Trying source module v4l2...
/dev/video0 opened.
No input was specified, using the first.
Adjusting resolution from 384x288 to 320x240.
Error starting stream.
VIDIOC_STREAMON: Invalid argument
Unable to use mmap. Using read instead.
--- Capturing frame...
Timed out waiting for frame!
No frames captured.
$ dmesg | grep video
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
uvideo0 at uhub0 port 6 configuration 1 interface 0 "Chicony Electronics 
Co.,Ltd. Lenovo EasyCamera" rev 2.00/95.60 addr 5
video0 at uvideo0
uvideo0: could not open VS pipe: INVAL
uvideo0: could not open VS pipe: INVAL
$ dmesg | grep error 
error: [drm:pid49266:intel_pipe_update_start] *ERROR* Potential atomic update 
failure on pipe A
$

I hope that is fixable, I'd like to use my built-in webcam for videocalls...
By the way, I think the only solution for this:
$ dmesg | grep 8188EE  
"Realtek 8188EE" rev 0x01 at pci3 dev 0 function 0 not configured
$ 
is smashing this built-in adapter with hammer.

Full dmesg + sysctl:
OpenBSD 6.2-beta (GENERIC.MP) #74: Tue Sep  5 23:38:55 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4192116736 (3997MB)
avail mem = 4058050560 (3870MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6f10 (68 entries)
bios0: vendor LENOVO version "E0CN47WW" date 03/23/2016
bios0: LENOVO 80QQ
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI ASF! BOOT LPIT MCFG SSDT UEFI ASPT HPET WDAT SSDT 
POAT APIC SSDT SSDT DBGP DMAR CSRT FPDT
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) 
GLAN(S4) EHC1(S3) EHC2(S4) XHC_(S3) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz, 1995.63 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 1995630480 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz, 1995.38 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz, 1995.38 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz, 1995.38 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 1 (RP01)
acpiprt5 at acpi0: bus -1 (RP02)
acpiprt6 at acpi0: bus 2 (RP03)
acpiprt7 at acpi0: bus 3 (RP04)
acpiprt8 at acpi0: bus -1 (RP05)
acpiprt9 at acpi0: bus -1 (RP06)
acpiprt10 at acpi0: bus -1 (RP07)
acpiprt11 at acpi0: bus -1 (RP08)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1

Re: OpenBSD's HTTPD troubles AGAIN - Can't find any man page that explains how to properly set up directory authentication.

2017-09-15 Thread Bryan Harris 
I got curious so I looked at the man page.  It seems to me one could 
authenticate a location i.e. folder/directory based on this part. 

> A location section may include most of the server configuration rules except 
> alias, connection,hsts, listen on, location, tcp and tls.

V/r,
Bryan 




Sent from my iPhone

> On Sep 15, 2017, at 6:08 PM, Wiremu Demchick  
> wrote:
> 
> You may find this helpful:
>   https://marc.info/?l=openbsd-arm=149507490119056=2
> 
>> On 9/16/17, tec...@protonmail.com  wrote:
>> Hello,
>> 
>> Can someone with knowledge of OpenBSD's HTTPD please tell me how to properly
>> set up a password protected directory and where you found ALL of the
>> information to do so.  I am really struggling to find enough information
>> within the man pages to even make it work corrctly.  I want to love the man
>> pages, I really do, but.. Yeah, you get the drift - frustration.
>> 
>> Thanks and regards.
>> 
> 
> [snip]
>

Re: OpenBSD's HTTPD troubles AGAIN - Can't find any man page that explains how to properly set up directory authentication.

2017-09-15 Thread Wiremu Demchick 
You may find this helpful:
   https://marc.info/?l=openbsd-arm=149507490119056=2

On 9/16/17, tec...@protonmail.com  wrote:
> Hello,
>
> Can someone with knowledge of OpenBSD's HTTPD please tell me how to properly
> set up a password protected directory and where you found ALL of the
> information to do so.  I am really struggling to find enough information
> within the man pages to even make it work corrctly.  I want to love the man
> pages, I really do, but.. Yeah, you get the drift - frustration.
>
> Thanks and regards.
>

[snip]

Re: Compiling packages gives me cannot run C compiled programs error

2017-09-15 Thread Jeremie Courreges-Anglas 
On Fri, Sep 15 2017, Lea Chescotta  wrote:
> I'm trying to build Firefox from the -release ports tree in a -stable system, 
> and python, a dependency, is giving me the following error:
>
> configure: error: cannot run C compiled programs.
>
> Searching about the error in the net, i have found this mailing list
> archive
> http://openbsd-archive.7691.n7.nabble.com/lang-python-2-7-configure-error-td307559.html
> where its having the exact same issue with the same package (i'm
> installing python 2.7.13, dependency of firefox-esr). In that url it
> says:
>
> "I see this same error when I try to build python without having
> WRKOBJDIR on a filesystem with the wxallowed mount option.
> To build ports that need to be marked with WXNEEDED, you need to have
> WRKOBJDIR (usually /usr/ports/pobj) on a filesystem mounted with
> wxallowed."
>
> But i couldn't find a guide in the FAQ about enabling that setting in the 
> filesystem. I have the following mount points:
> /dev/sd0a on / type ffs (local)
> /dev/sd0k on /home type ffs (local, nodev, nosuid)
> /dev/sd0d on /tmp type ffs (local, nodev, nosuid)
> /dev/sd0f on /usr type ffs (local, nodev)
> /dev/sd0g on /usr/X11R6 type ffs (local, nodev)
> /dev/sd0h on /usr/local type ffs (local, nodev, wxallowed)
> /dev/sd0j on /usr/obj type ffs (local, nodev, nosuid)
> /dev/sd0i on /usr/src type ffs (local, nodev, nosuid)
> /dev/sd0e on /var type ffs (local, nodev, nosuid)
>
> So as i understand i need to add the wxallowed setting in the following lines 
> to being able to compile ports in /usr/ports, right?
> /dev/sd0f on /usr type ffs (local, nodev)
> /dev/sd0j on /usr/obj type ffs (local, nodev, nosuid)
> /dev/sd0i on /usr/src type ffs (local, nodev, nosuid)
>
> My /etc/doas.conf file:
> permit nopass keepenv :wsrc
> permit nopass keepenv :wheel
>
> My /etc/mk.conf file:
> SUDO=/usr/bin/doas
> WRKOBJDIR=/usr/obj/ports
> DISTDIR=/usr/distfiles
> PACKAGE_REPOSITORY=/usr/packages
>
> I checked out the ports tree with this command:
> $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs checkout -rOPENBSD_6_1 -P ports
>
> How can i modify the mount points to add the wxallowed setting so that i can 
> compile ports in /usr/ports?

If /usr/ports/pobj is on the same partition as /, you need to mount /
with the wxallowed flag.  Not really a good idea, I would create
a separate partition for /usr/ports/pobj* and mount that with the
wxallowed flag.

* also for /usr/ports, but that's not the issue here

> Thanks in advance
>


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

OpenBSD's HTTPD troubles AGAIN - Can't find any man page that explains how to properly set up directory authentication.

2017-09-15 Thread tec...@protonmail.com 
Hello,

Can someone with knowledge of OpenBSD's HTTPD please tell me how to properly 
set up a password protected directory and where you found ALL of the 
information to do so.  I am really struggling to find enough information within 
the man pages to even make it work corrctly.  I want to love the man pages, I 
really do, but.. Yeah, you get the drift - frustration.

Thanks and regards.



p.s. Here is everything I've tried so far which doesn't 
work...

# I found this authentication stuff a year ago some place, no idea where the 
person got these instructions from but I'm sure they said it was meant for the 
new httpd in OpenBSD.  Looks like Apache stuff to me? That right? Anyway, it 
works kinda, except a never ending loop of putting user/password in through the 
browser and no access - GARBAGE.

$ cat /var/www/htdocs/download/htpasswd
AuthType Basic
AuthName "Restricted Access"
# This is relative to the chroot but my chroot is disabled so place absolute 
path
AuthUserFile /var/www/htpasswd
Require user admin

$ chown www /var/www/htdocs/download/htpasswd
$ chmod 640 /var/www/htdocs/download/htpasswd

# Create the username:hashed pass:
$ htpasswd /var/www/htpasswd admin

$ chmod 640 /var/www/htpasswd

# This is placed within my httpd.conf :
authenticate with htpasswd

# Reload all changed to httpd.conf
rcctl reload httpd.conf

# Test access
-> Never ending authentication screen, password and/or user is always wrong

Compiling packages gives me cannot run C compiled programs error

2017-09-15 Thread Lea Chescotta 
I'm trying to build Firefox from the -release ports tree in a -stable system, 
and python, a dependency, is giving me the following error:

configure: error: cannot run C compiled programs.

Searching about the error in the net, i have found this mailing list archive 
http://openbsd-archive.7691.n7.nabble.com/lang-python-2-7-configure-error-td307559.html
 where its having the exact same issue with the same package (i'm installing 
python 2.7.13, dependency of firefox-esr). In that url it says:

"I see this same error when I try to build python without having
WRKOBJDIR on a filesystem with the wxallowed mount option.
To build ports that need to be marked with WXNEEDED, you need to have
WRKOBJDIR (usually /usr/ports/pobj) on a filesystem mounted with
wxallowed."

But i couldn't find a guide in the FAQ about enabling that setting in the 
filesystem. I have the following mount points:
/dev/sd0a on / type ffs (local)
/dev/sd0k on /home type ffs (local, nodev, nosuid)
/dev/sd0d on /tmp type ffs (local, nodev, nosuid)
/dev/sd0f on /usr type ffs (local, nodev)
/dev/sd0g on /usr/X11R6 type ffs (local, nodev)
/dev/sd0h on /usr/local type ffs (local, nodev, wxallowed)
/dev/sd0j on /usr/obj type ffs (local, nodev, nosuid)
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid)
/dev/sd0e on /var type ffs (local, nodev, nosuid)

So as i understand i need to add the wxallowed setting in the following lines 
to being able to compile ports in /usr/ports, right?
/dev/sd0f on /usr type ffs (local, nodev)
/dev/sd0j on /usr/obj type ffs (local, nodev, nosuid)
/dev/sd0i on /usr/src type ffs (local, nodev, nosuid)

My /etc/doas.conf file:
permit nopass keepenv :wsrc
permit nopass keepenv :wheel

My /etc/mk.conf file:
SUDO=/usr/bin/doas
WRKOBJDIR=/usr/obj/ports
DISTDIR=/usr/distfiles
PACKAGE_REPOSITORY=/usr/packages

I checked out the ports tree with this command:
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs checkout -rOPENBSD_6_1 -P ports

How can i modify the mount points to add the wxallowed setting so that i can 
compile ports in /usr/ports?

Thanks in advance

Re: TCP Window Scaling

2017-09-15 Thread Stuart Henderson 
On 2017/09/15 19:45, Andreas Krüger wrote:
> I see that. But it still does not answer the question why the option to set 
> them through sysctl was removed. Why would you suddenly not be allowed to set 
> the max size with sysctl, what is the reason behind that choice taken in the 
> 4.9 release.

Before then it was a fixed size buffer. Whatever you set the sysctl to,
it was static and didn't rise. After then it was auto tuning so that
connections that could make use of increased buffer sizes could do so,
but without blowing out kernel memory use excessively.

> 
> > Den 15. sep. 2017 kl. 13.34 skrev Stuart Henderson :
> > 
> >> On 2017-09-14, Chris Cappuccio  wrote:
> >> -w1M works for me
> >> -
> >> Andreas Kr??ger [a...@patientsky.com] wrote:
> >>> I do manage to read the manual, but let me clarify this. I am not
> >>> allowed to set a buffer larger than 256KB with iperf:
> >>> 
> >>> $ uname -a
> >>> OpenBSD odn1-fw-odn1-01 6.0 GENERIC.MP#0 amd64

With a hostname like this it sounds like a firewall. Are you aware that
this only affects connections to/from the machine itself? It has no effect
on forwarded connections.

> > 6.0 is limited to 256K, 6.1 and newer allow up to 2MB, and by default
> > it will auto tune.
> > 
> > As well as iperf -w, here's how to hardcode it on a few other programs:
> > 
> > httpd/relayd "socket buffer"
> > tcpbench -S
> > rsync --sockopts=SO_SNDBUF=xxx,SO_RCVBUF=yyy
> > 
> > You might be interested to watch "netstat -Bn -p tcp" if you're playing
> > with this..
> > 
> >

Re: TCP Window Scaling

2017-09-15 Thread Andreas Krüger 
I see that. But it still does not answer the question why the option to set 
them through sysctl was removed. Why would you suddenly not be allowed to set 
the max size with sysctl, what is the reason behind that choice taken in the 
4.9 release.

> Den 15. sep. 2017 kl. 13.34 skrev Stuart Henderson :
> 
>> On 2017-09-14, Chris Cappuccio  wrote:
>> -w1M works for me
>> -
>> Andreas Kr??ger [a...@patientsky.com] wrote:
>>> I do manage to read the manual, but let me clarify this. I am not
>>> allowed to set a buffer larger than 256KB with iperf:
>>> 
>>> $ uname -a
>>> OpenBSD odn1-fw-odn1-01 6.0 GENERIC.MP#0 amd64
> 
> 6.0 is limited to 256K, 6.1 and newer allow up to 2MB, and by default
> it will auto tune.
> 
> As well as iperf -w, here's how to hardcode it on a few other programs:
> 
> httpd/relayd "socket buffer"
> tcpbench -S
> rsync --sockopts=SO_SNDBUF=xxx,SO_RCVBUF=yyy
> 
> You might be interested to watch "netstat -Bn -p tcp" if you're playing
> with this..
> 
>

Re: [diff] A few typos in www/faq

2017-09-15 Thread Lubos Boucek 
Sorry for that, I'll try to figure it out until next time.

-- 

Lubos


2017-09-15 19:32 GMT+02:00 Theo Buehler :

> On Fri, Sep 15, 2017 at 05:16:15PM +, Lubos Boucek wrote:
> > Hello,
> >
> > I've found a few typos in www/faq, diff below.
>
> Fixed, thanks!
>
> Unfortunately, your patch was mangled, so I had to make the changes
> manually. I think it's because you have some kind of wrapping of long
> lines enabled.
>
>


-- 
Lubos Boucek

Re: [diff] A few typos in www/faq

2017-09-15 Thread Theo Buehler 
On Fri, Sep 15, 2017 at 05:16:15PM +, Lubos Boucek wrote:
> Hello,
> 
> I've found a few typos in www/faq, diff below.

Fixed, thanks!

Unfortunately, your patch was mangled, so I had to make the changes
manually. I think it's because you have some kind of wrapping of long
lines enabled.

[diff] A few typos in www/faq

2017-09-15 Thread Lubos Boucek 
Hello,

I've found a few typos in www/faq, diff below.

Regards,

Lubos Boucek


Index: current.html
===
RCS file: /cvs/www/faq/current.html,v
retrieving revision 1.852
diff -u -p -r1.852 current.html
--- current.html 13 Sep 2017 13:32:04 - 1.852
+++ current.html 15 Sep 2017 16:55:22 -
@@ -478,7 +478,7 @@ for i in lpq lpr lprm; do alias $i=/usr/
 2017/09/13 - [ports] Zarafa replaced with Kopano

 Zarafa was replaced with Kopano and a manual update of configuration files
-is neeeded.
+is needed.
 Please read the Kopano
 https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/mail/kopano/core/pkg/README-main?rev=1.1content-type=text/plain
">
 pkg-readme as well as the official
Index: upgrade61.html
===
RCS file: /cvs/www/faq/upgrade61.html,v
retrieving revision 1.19
diff -u -p -r1.19 upgrade61.html
--- upgrade61.html 26 Jun 2017 17:18:58 - 1.19
+++ upgrade61.html 15 Sep 2017 16:55:22 -
@@ -401,7 +401,7 @@ Remove the unused sound device nodes:
   The www/nginx port has been converted to use subpackages with
dynamic
   modules, instead of using flavors.
   If you previously were using a flavored version of nginx, or the mail or
-  stream modules, you need to install the apropriate subpackage(s).
+  stream modules, you need to install the appropriate subpackage(s).
   You also need to modify your nginx configuration to use
load_module
   for each dynamic module you want to load.

@@ -438,7 +438,7 @@ Remove the unused sound device nodes:
   tomcat.
   www/tomcat/v8 has been updated to 8.5, which now enforces a
default
   umask of 027 (previously, unless other changes were made, 022 would be
used).
-  This behavour can be controlled by setting the UMASK environment
variable.
+  This behavior can be controlled by setting the UMASK environment
variable.
   If using the rc.d script and the previous behaviour is required, the
following
   can be added to /etc/login.conf:

Index: ports/guide.html
===
RCS file: /cvs/www/faq/ports/guide.html,v
retrieving revision 1.73
diff -u -p -r1.73 guide.html
--- ports/guide.html 8 Aug 2017 15:48:56 - 1.73
+++ ports/guide.html 15 Sep 2017 16:55:22 -
@@ -1399,7 +1399,7 @@ On OpenBSD, https://man.openbsd
 non-deterministic random numbers by default.
 Any specified seed value is ignored by the associated seed function, and
 arc4random is used instead.
-If the determinstic (i.e: repeatable) behavior must be preserved, use the
+If the deterministic (i.e: repeatable) behavior must be preserved, use the
 OpenBSD extensions:
 srand_deterministic, srandom_deterministic,
 srand48_deterministic, seed48_deterministic
@@ -1600,7 +1600,7 @@ definition through the TERMCAP
 
 Signal semantics are tricky, and vary from one system to another.
 Use sigaction to ensure a specific semantics, along with other
system
-calls referenced in the correspondin  man page.
+calls referenced in the corresponding man page.
 

 Additional Information

Re: cron and desktop-computers

2017-09-15 Thread Janne Johansson 
2017-09-15 14:48 GMT+02:00 Niels Kobschaetzki :

> Hi,
>
> today I wondered if I need anacron on my laptop. cron(8) states in the man
> page in the section "Daylight Saving Time and other time changes":
> "If time has moved forward, those jobs that would have run in the interval
> that has been skipped will be run immediately."
>
> Does that mean anacron is not needed and for example @daily-jobs will be
> executed on boot if the machine was off or in standby. Or other jobs that
> are scheduled while the machine is in standby/turned off?
>
>
I think "moved forward" wasn't meant to cover "I turned my machine off",
but rather "the admin or ntpd bumped the block by such an amount that
seconds would have been skipped".


-- 
May the most significant bit of your life be positive.

cron and desktop-computers

2017-09-15 Thread Niels Kobschaetzki 
Hi,

today I wondered if I need anacron on my laptop. cron(8) states in the man page 
in the section "Daylight Saving Time and other time changes":
"If time has moved forward, those jobs that would have run in the interval that 
has been skipped will be run immediately."

Does that mean anacron is not needed and for example @daily-jobs will be 
executed on boot if the machine was off or in standby. Or other jobs that are 
scheduled while the machine is in standby/turned off?

Niels

Re: httpd.conf - access denied error whilst trying to auto index a location

2017-09-15 Thread tec...@protonmail.com 
Ok, I got it to work.  Strangely, it required closing my browser down and 
starting it again. I can't think why that would have caused an 'Access Denied' 
error but it's gone now.  Who knows.

> On September 15, 2017 4:06:37 AM GMT+02:00, "tec...@protonmail.com" 
>  wrote:
>>Hello,
>>
>>I"m using 6.1 + all updates (system and packages)
>>
>>I am trying to list a particular directory exactly as shown within the
>>https://www.jp.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf
>>presentation:
>>
>>location "/download/*" {
>>directory auto index
>>log style combined
>>}
>>
>>This just results in an error from the browser - "Access Denied". I
>>have checked the permissions of the "download" directory, even given
>>them permissions of 777 just to see if I can get this to work but nope.
>
> 1. I"m not convinced this will Target the directory itself
> 2. Did you check the permissions on all intermediate directories?
>
> /Alexander
>
>> Same error.
>>
>>My http.conf file:
>>
>>ext_addr="192.168.1.2"
>>
>>types { include "/usr/share/misc/mime.types" }
>>
>>chroot "/"
>>logdir "/var/www/logs"
>>
>>server "default" {
>>
>> listen on $ext_addr port 80
>>
>> location "*.php" {
>> fastcgi socket "/var/www/run/php-fpm.sock"
>> }
>>
>> location "/phpMyAdmin*" {
>> root { "/var/www/htdocs/phpMyAdmin", strip 1 }
>> }
>>
>> location "/download/*" {
>> directory auto index
>> log style combined
>> }
>>
>> root "/var/www/htdocs/"
>>
>> directory index "index.php"
>>
>> location "*/db_structure.xml" { block }
>> location "*/.ht*" { block }
>> location "*/README" { block }
>> location "*/data*" { block }
>> location "*/config*" { block }
>> location "*/*.php.*" { block }
>>
>>}
>>
>># ls -alht /var/www/htdocs/download
>>total 12
>>drwxr-xr-x 5 root daemon 512B Sep 15 03:49 ..
>>drwxrwxrwx 2 root daemon 512B Sep 15 03:07 .
>>-rwxr-xr-x 1 root daemon 8B Sep 15 03:07 notes.txt
>>
>># cat /var/www/logs
>>default 192.168.1.3 - - [15/Sep/2017:03:51:21 +0200] "GET /download/
>>HTTP/1.1" 403 0
>>
>>Everything else runs smoothly on my server, but I cannot get a listing
>>of the files for some reason when I go to 192.168.1.2/download. I can
>>access the notes.txt file though through the browser at
>>http://192.168.1.2/download/notes.txt
>>
>>I just can"t figure it out, restarted the server so many times and now
>>I"ve given up and looking to see if anyone knows what the problem could
>>be. More than likely I"m doing something silly here. Before someone
>>points out that I have disabled the chroot, yes I know.. and I have
>>done this for a very specific reason so please don"t even bother asking
>>me reasons why I have done this, okay? Okay.
>>
>>Any help will be massively appreciated, thanks for reading!

Re: httpd.conf - access denied error whilst trying to auto index a location

2017-09-15 Thread tec...@protonmail.com 
The permissions on directories are fine.  I have achieved this before with no 
problems, but it was on 5.7 / 5.8 / 5.9.

Is this a bug introduced by changing the chroot? I mean I'm following the 
creators own slides on this, except for the fact I have disabled the chroot in 
mines.

Thanks for reading.

> On September 15, 2017 4:06:37 AM GMT+02:00, "tec...@protonmail.com" 
>  wrote:
>>Hello,
>>
>>I"m using 6.1 + all updates (system and packages)
>>
>>I am trying to list a particular directory exactly as shown within the
>>https://www.jp.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf
>>presentation:
>>
>>location "/download/*" {
>>directory auto index
>>log style combined
>>}
>>
>>This just results in an error from the browser - "Access Denied". I
>>have checked the permissions of the "download" directory, even given
>>them permissions of 777 just to see if I can get this to work but nope.
>
> 1. I"m not convinced this will Target the directory itself
> 2. Did you check the permissions on all intermediate directories?
>
> /Alexander
>
>> Same error.
>>
>>My http.conf file:
>>
>>ext_addr="192.168.1.2"
>>
>>types { include "/usr/share/misc/mime.types" }
>>
>>chroot "/"
>>logdir "/var/www/logs"
>>
>>server "default" {
>>
>> listen on $ext_addr port 80
>>
>> location "*.php" {
>> fastcgi socket "/var/www/run/php-fpm.sock"
>> }
>>
>> location "/phpMyAdmin*" {
>> root { "/var/www/htdocs/phpMyAdmin", strip 1 }
>> }
>>
>> location "/download/*" {
>> directory auto index
>> log style combined
>> }
>>
>> root "/var/www/htdocs/"
>>
>> directory index "index.php"
>>
>> location "*/db_structure.xml" { block }
>> location "*/.ht*" { block }
>> location "*/README" { block }
>> location "*/data*" { block }
>> location "*/config*" { block }
>> location "*/*.php.*" { block }
>>
>>}
>>
>># ls -alht /var/www/htdocs/download
>>total 12
>>drwxr-xr-x 5 root daemon 512B Sep 15 03:49 ..
>>drwxrwxrwx 2 root daemon 512B Sep 15 03:07 .
>>-rwxr-xr-x 1 root daemon 8B Sep 15 03:07 notes.txt
>>
>># cat /var/www/logs
>>default 192.168.1.3 - - [15/Sep/2017:03:51:21 +0200] "GET /download/
>>HTTP/1.1" 403 0
>>
>>Everything else runs smoothly on my server, but I cannot get a listing
>>of the files for some reason when I go to 192.168.1.2/download. I can
>>access the notes.txt file though through the browser at
>>http://192.168.1.2/download/notes.txt
>>
>>I just can"t figure it out, restarted the server so many times and now
>>I"ve given up and looking to see if anyone knows what the problem could
>>be. More than likely I"m doing something silly here. Before someone
>>points out that I have disabled the chroot, yes I know.. and I have
>>done this for a very specific reason so please don"t even bother asking
>>me reasons why I have done this, okay? Okay.
>>
>>Any help will be massively appreciated, thanks for reading!

Re: TCP Window Scaling

2017-09-15 Thread Stuart Henderson 
On 2017-09-14, Chris Cappuccio  wrote:
> -w1M works for me
> -
> Andreas Kr??ger [a...@patientsky.com] wrote:
>> I do manage to read the manual, but let me clarify this. I am not
>> allowed to set a buffer larger than 256KB with iperf:
>> 
>> $ uname -a
>> OpenBSD odn1-fw-odn1-01 6.0 GENERIC.MP#0 amd64

6.0 is limited to 256K, 6.1 and newer allow up to 2MB, and by default
it will auto tune.

As well as iperf -w, here's how to hardcode it on a few other programs:

httpd/relayd "socket buffer"
tcpbench -S
rsync --sockopts=SO_SNDBUF=xxx,SO_RCVBUF=yyy

You might be interested to watch "netstat -Bn -p tcp" if you're playing
with this..

Re: Time management under QEMU-KVM

2017-09-15 Thread Joel Wirāmu Pauling 
As I said i've been using tlsdate to set time initially before running ntpd
- this resolves most of the aforementioned issues and quite often being out
of reach of public time-servers due to network restrictions.

On 15 September 2017 at 23:23, Stuart Henderson  wrote:

> On 2017-09-15, Maksym Sheremet  wrote:
> > On Thu, 14 Sep 2017 23:46:14 +1200
> > Joel Wirāmu Pauling  wrote:
> >
> >> Run NTPd on the hypervisor and NTP client In VM. Run ntpdate at boot
> before
> >> starting NTPd on the client to ensure the stepping is not too far off
> >> first.
> >
> > What is the reason to run ntpdate on boot? The "-s" flag of ntpd(8) sets
> time immediately at startup.
>
> It's rdate, not ntpdate, on OpenBSD.
>
> ntpd -s works as long as either A) the clock isn't too far off, or B) you
> don't use the default "constraints from" option.
>
>
>

Re: Time management under QEMU-KVM

2017-09-15 Thread Stuart Henderson 
On 2017-09-15, Maksym Sheremet  wrote:
> On Thu, 14 Sep 2017 23:46:14 +1200
> Joel Wirāmu Pauling  wrote:
>
>> Run NTPd on the hypervisor and NTP client In VM. Run ntpdate at boot before
>> starting NTPd on the client to ensure the stepping is not too far off
>> first.
>
> What is the reason to run ntpdate on boot? The "-s" flag of ntpd(8) sets time 
> immediately at startup.

It's rdate, not ntpdate, on OpenBSD.

ntpd -s works as long as either A) the clock isn't too far off, or B) you
don't use the default "constraints from" option.

Re: softraid crypto seem really slower than plain ffs

2017-09-15 Thread Hiltjo Posthuma 
On Fri, Sep 15, 2017 at 12:24:32PM +0200, Joel Carnat wrote:
> Hi,
> 
> Initially comparing I/O speed between FreeBSD/ZFS/GELI and
> OpenBSD/FFS/CRYPTO, I noticed that there were a huge difference between
> plain and encrypted filesystem using OpenBSD. I ran the test on a 1
> vCore/1GB RAM Vultr VPS, running OpenBSD 6.2-beta. I had / configured in
> plain FFS and /home encrypted using bioctl(8). Then I ran a few `dd` and
> `bonnie++`
> 
> According to those tests, writing FFS/CRYPTO is about 10 times slower than
> FFS/PLAIN.
> For the record, using the same `dd` on FreeBSD, ZFS with GELI is only 2
> times slower than plain ZFS.
> Furthemore, comparing FreeBSD/ZFS/PLAIN and OpenBSD/FFS/PLAIN, the speed is
> about the same.
> Finally, it seems reading OpenBSD/FFS/PLAIN and OpenBSD/FFS/CRYPTO is done
> at the same speed.
> 
> Is this expected to have so much difference between FFS/PLAIN and FFS/CRYPTO
> when writing data?
> 
> TIA,
>   Jo
> 
> PS: here's my test data.
> 
> # sysctl kern.version hw.machine hw.model hw.ncpu hw.physmem
> kern.version=OpenBSD 6.2-beta (GENERIC) #91: Wed Sep 13 22:05:17 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> 
> hw.machine=amd64
> hw.model=Virtual CPU a7769a6388d5
> hw.ncpu=1
> hw.physmem=1056817152
> 
> # disklabel sd0
> # /dev/rsd0c:
> type: SCSI
> disk: SCSI disk
> label: Block Device
> duid: 69939b6a66c3879a
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 3263
> total sectors: 52428800
> boundstart: 64
> boundend: 52420095
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize   cpg]
>   a: 16739680 35680384  4.2BSD   2048 16384 12958 # /
>   b:  4208966   64swap# none
>   c: 524288000  unused
>   d: 31471335  4209030RAID
> 
> # disklabel sd1
> # /dev/rsd1c:
> type: SCSI
> disk: SCSI disk
> label: SR CRYPTO
> duid: 4179a9e67beb3d4e
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 1958
> total sectors: 31470807
> boundstart: 64
> boundend: 31455270
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize   cpg]
>   c: 314708070  unused
>   e:   273024   64  4.2BSD   2048 16384  2133 # /etc
>   h: 31182176   273088  4.2BSD   2048 16384 12958 # /home
> 
> # mount
> /dev/sd0a on / type ffs (local, wxallowed)
> /dev/sd1e on /etc type ffs (local, softdep)
> /dev/sd1h on /home type ffs (local, nodev, nosuid)
> 
> # df -h
> Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/sd0a  7.9G915M6.6G12%/
> /dev/sd1e  131M4.9M120M 4%/etc
> /dev/sd1h 14.6G2.0K   13.9G 0%/home
> 
> # sync && time dd if=/dev/zero of=/TEST bs=512 count=300 && sync
> 300+0 records in
> 300+0 records out
> 153600 bytes transferred in 8.567 secs (179278802 bytes/sec)
> 0m08.61s real 0m00.29s user 0m07.70s system
> 
> # sync && time dd if=/dev/zero of=/home/TEST bs=512 count=300 && sync
> 300+0 records in
> 300+0 records out
> 153600 bytes transferred in 20.875 secs (73580525 bytes/sec)
> 0m20.88s real 0m00.42s user 0m05.54s system
> 
> # sync && time dd if=/dev/zero of=/TEST bs=4k count=30 && sync
> 30+0 records in
> 30+0 records out
> 122880 bytes transferred in 4.151 secs (296024071 bytes/sec)
> 0m04.19s real 0m00.04s user 0m04.01s system
> 
> # sync && time dd if=/dev/zero of=/home/TEST bs=4k count=30 && sync
> 30+0 records in
> 30+0 records out
> 122880 bytes transferred in 22.872 secs (53723676 bytes/sec)
> 0m22.95s real 0m00.06s user 0m01.89s system
> 

NOTE: a block size is 1024 bytes, so the counts are incorrect in the conversion.

the count should be 375000: 4096/512=8, 30/8=375000.

my write numbers are:
run 1

+ dd if=/dev/zero of=/home/TEST bs=512 count=240
240+0 records in
240+0 records out
122880 bytes transferred in 8.616 secs (142611817 bytes/sec)
0m09.33s real 0m00.20s user 0m09.05s system

+ dd if=/dev/zero of=/home/TEST bs=4k count=30
30+0 records in
30+0 records out
122880 bytes transferred in 5.591 secs (219749191 bytes/sec)
0m05.59s real 0m00.02s user 0m05.46s system

4k, 8k, 16k, 32k and 64k are comparable on my machine.


run 2

+ dd if=/dev/zero of=/home/TEST bs=512 count=240
240+0 records in
240+0 records out
122880 bytes transferred in 8.748 secs (140451506 bytes/sec)
0m09.24s real 0m00.26s user 0m08.87s system

+ dd if=/dev/zero of=/home/TEST bs=4k count=30
30+0 records in
30+0 records out
122880 bytes transferred in 5.140 secs (239049708 bytes/sec)
0m05.87s real 0m00.03s user 0m05.74s

Re: Time management under QEMU-KVM

2017-09-15 Thread Joel Wirāmu Pauling 
That works too -

On 15 September 2017 at 21:28, Maksym Sheremet 
wrote:

> On Thu, 14 Sep 2017 23:46:14 +1200
> Joel Wirāmu Pauling  wrote:
>
> > Run NTPd on the hypervisor and NTP client In VM. Run ntpdate at boot
> before
> > starting NTPd on the client to ensure the stepping is not too far off
> > first.
>
> What is the reason to run ntpdate on boot? The "-s" flag of ntpd(8) sets
> time immediately at startup.
>
> >
> > On 14 Sep. 2017 11:35 pm, "Aaron Marcher"  wrote:
> >
> > Hi all,
> >
> > I have a weird problem on my OpenBSD server. It is a virtualized guest
> > under QEMU-KVM. Apperently time management is completely off. With HPET
> and
> > normal HW-clock the command "time sleep 1" shows a little bit more than a
> > second after a fresh boot. After a few hours the result is about 10
> > seconds. Additionally the clock drifts slowly. The problem is on OpenBSD
> > 6.1 with all syspatches applied.
> > Does anybody know how to fix the problem?
> > Thank you very much in advance!
> >
> > Regards,
> > Aaron Marcher
> >
>
>

softraid crypto seem really slower than plain ffs

2017-09-15 Thread Joel Carnat 

Hi,

Initially comparing I/O speed between FreeBSD/ZFS/GELI and 
OpenBSD/FFS/CRYPTO, I noticed that there were a huge difference between 
plain and encrypted filesystem using OpenBSD. I ran the test on a 1 
vCore/1GB RAM Vultr VPS, running OpenBSD 6.2-beta. I had / configured in 
plain FFS and /home encrypted using bioctl(8). Then I ran a few `dd` and 
`bonnie++`


According to those tests, writing FFS/CRYPTO is about 10 times slower 
than FFS/PLAIN.
For the record, using the same `dd` on FreeBSD, ZFS with GELI is only 2 
times slower than plain ZFS.
Furthemore, comparing FreeBSD/ZFS/PLAIN and OpenBSD/FFS/PLAIN, the speed 
is about the same.
Finally, it seems reading OpenBSD/FFS/PLAIN and OpenBSD/FFS/CRYPTO is 
done at the same speed.


Is this expected to have so much difference between FFS/PLAIN and 
FFS/CRYPTO when writing data?


TIA,
  Jo

PS: here's my test data.

# sysctl kern.version hw.machine hw.model hw.ncpu hw.physmem
kern.version=OpenBSD 6.2-beta (GENERIC) #91: Wed Sep 13 22:05:17 MDT 
2017

dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC

hw.machine=amd64
hw.model=Virtual CPU a7769a6388d5
hw.ncpu=1
hw.physmem=1056817152

# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: Block Device
duid: 69939b6a66c3879a
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 3263
total sectors: 52428800
boundstart: 64
boundend: 52420095
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a: 16739680 35680384  4.2BSD   2048 16384 12958 # /
  b:  4208966   64swap# none
  c: 524288000  unused
  d: 31471335  4209030RAID

# disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: SR CRYPTO
duid: 4179a9e67beb3d4e
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 1958
total sectors: 31470807
boundstart: 64
boundend: 31455270
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  c: 314708070  unused
  e:   273024   64  4.2BSD   2048 16384  2133 # /etc
  h: 31182176   273088  4.2BSD   2048 16384 12958 # 
/home


# mount
/dev/sd0a on / type ffs (local, wxallowed)
/dev/sd1e on /etc type ffs (local, softdep)
/dev/sd1h on /home type ffs (local, nodev, nosuid)

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/sd0a  7.9G915M6.6G12%/
/dev/sd1e  131M4.9M120M 4%/etc
/dev/sd1h 14.6G2.0K   13.9G 0%/home

# sync && time dd if=/dev/zero of=/TEST bs=512 count=300 && sync
300+0 records in
300+0 records out
153600 bytes transferred in 8.567 secs (179278802 bytes/sec)
0m08.61s real 0m00.29s user 0m07.70s system

# sync && time dd if=/dev/zero of=/home/TEST bs=512 count=300 && 
sync

300+0 records in
300+0 records out
153600 bytes transferred in 20.875 secs (73580525 bytes/sec)
0m20.88s real 0m00.42s user 0m05.54s system

# sync && time dd if=/dev/zero of=/TEST bs=4k count=30 && sync
30+0 records in
30+0 records out
122880 bytes transferred in 4.151 secs (296024071 bytes/sec)
0m04.19s real 0m00.04s user 0m04.01s system

# sync && time dd if=/dev/zero of=/home/TEST bs=4k count=30 && sync
30+0 records in
30+0 records out
122880 bytes transferred in 22.872 secs (53723676 bytes/sec)
0m22.95s real 0m00.06s user 0m01.89s system

# sync && time dd if=/dev/zero of=/TEST bs=8k count=15 && sync
15+0 records in
15+0 records out
122880 bytes transferred in 4.088 secs (300571699 bytes/sec)
0m04.12s real 0m00.05s user 0m03.93s system

# sync && time dd if=/dev/zero of=/home/TEST bs=8k count=15 && sync
15+0 records in
15+0 records out
122880 bytes transferred in 21.418 secs (57372236 bytes/sec)
0m21.48s real 0m00.05s user 0m01.72s system

# time dd if=/TEST of=/dev/null
240+0 records in
240+0 records out
122880 bytes transferred in 12.327 secs (99677812 bytes/sec)
0m12.33s real 0m00.39s user 0m03.62s system

# time dd if=/home/TEST of=/dev/null
240+0 records in
240+0 records out
122880 bytes transferred in 12.802 secs (95979204 bytes/sec)
0m12.80s real 0m00.29s user 0m02.87s system

# time dd if=/TEST of=/dev/null bs=512
240+0 records in
240+0 records out
122880 bytes transferred in 12.888 secs (95337724 bytes/sec)
0m12.89s real 0m00.29s user 0m03.41s system

# time dd if=/home/TEST of=/dev/null bs=512
240+0 records in
240+0 records out
122880 bytes transferred in 13.951 secs (88076531 bytes/sec)
0m13.95s real 0m00.24s user 0m02.61s system

# time dd if=/TEST of=/dev/null bs=4k
30+0 records in
30+0 records out
122880

Re: Time management under QEMU-KVM

2017-09-15 Thread Maksym Sheremet 
On Thu, 14 Sep 2017 23:46:14 +1200
Joel Wirāmu Pauling  wrote:

> Run NTPd on the hypervisor and NTP client In VM. Run ntpdate at boot before
> starting NTPd on the client to ensure the stepping is not too far off
> first.

What is the reason to run ntpdate on boot? The "-s" flag of ntpd(8) sets time 
immediately at startup.

> 
> On 14 Sep. 2017 11:35 pm, "Aaron Marcher"  wrote:
> 
> Hi all,
> 
> I have a weird problem on my OpenBSD server. It is a virtualized guest
> under QEMU-KVM. Apperently time management is completely off. With HPET and
> normal HW-clock the command "time sleep 1" shows a little bit more than a
> second after a fresh boot. After a few hours the result is about 10
> seconds. Additionally the clock drifts slowly. The problem is on OpenBSD
> 6.1 with all syspatches applied.
> Does anybody know how to fix the problem?
> Thank you very much in advance!
> 
> Regards,
> Aaron Marcher
>

Re: Time management under QEMU-KVM

2017-09-15 Thread Maksym Sheremet 
Is ntpd daemon running on the guest?
# rcctl check ntpd

Are there any error messages for ntpd in /var/log/daemon?


On Thu, 14 Sep 2017 13:34:10 +0200
Aaron Marcher  wrote:

> Hi all,
> 
> I have a weird problem on my OpenBSD server. It is a virtualized guest 
> under QEMU-KVM. Apperently time management is completely off. With HPET 
> and normal HW-clock the command "time sleep 1" shows a little bit more 
> than a second after a fresh boot. After a few hours the result is about 
> 10 seconds. Additionally the clock drifts slowly. The problem is on 
> OpenBSD 6.1 with all syspatches applied.
> Does anybody know how to fix the problem?
> Thank you very much in advance!
> 
> Regards,
> Aaron Marcher
>

Re: httpd.conf - access denied error whilst trying to auto index a location

2017-09-15 Thread Alexander Hall 


On September 15, 2017 4:06:37 AM GMT+02:00, "tec...@protonmail.com" 
 wrote:
>Hello,
>
>I'm using 6.1 + all updates (system and packages)
>
>I am trying to list a particular directory exactly as shown within the
>https://www.jp.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf
>presentation:
>
>location "/download/*" {
>directory auto index
>log style combined
>}
>
>This just results in an error from the browser - 'Access Denied'.  I
>have checked the permissions of the 'download' directory, even given
>them permissions of 777 just to see if I can get this to work but nope.

1. I'm not convinced this will Target the directory itself
2. Did you check the permissions on all intermediate directories? 

/Alexander 

> Same error.
>
>My http.conf file:
>
>ext_addr="192.168.1.2"
>
>types { include "/usr/share/misc/mime.types" }
>
>chroot "/"
>logdir "/var/www/logs"
>
>server "default" {
>
>listen on $ext_addr port 80
>
>location "*.php" {
>fastcgi socket "/var/www/run/php-fpm.sock"
>}
>
>location "/phpMyAdmin*" {
>root { "/var/www/htdocs/phpMyAdmin", strip 1 }
>}
>
>location "/download/*" {
>directory auto index
>log style combined
>}
>
>root "/var/www/htdocs/"
>
>directory index "index.php"
>
>location "*/db_structure.xml" { block }
>location "*/.ht*" { block }
>location "*/README"   { block }
>location "*/data*"   { block }
>location "*/config*" { block }
>location "*/*.php.*" { block }
>
>}
>
># ls -alht /var/www/htdocs/download
>total 12
>drwxr-xr-x  5 root  daemon   512B Sep 15 03:49 ..
>drwxrwxrwx  2 root  daemon   512B Sep 15 03:07 .
>-rwxr-xr-x  1 root  daemon 8B Sep 15 03:07 notes.txt
>
># cat /var/www/logs
>default 192.168.1.3 - - [15/Sep/2017:03:51:21 +0200] "GET /download/
>HTTP/1.1" 403 0
>
>Everything else runs smoothly on my server, but I cannot get a listing
>of the files for some reason when I go to 192.168.1.2/download.  I can
>access the notes.txt file though through the browser at
>http://192.168.1.2/download/notes.txt
>
>I just can't figure it out, restarted the server so many times and now
>I've given up and looking to see if anyone knows what the problem could
>be.  More than likely I'm doing something silly here.  Before someone
>points out that I have disabled the chroot, yes I know.. and I have
>done this for a very specific reason so please don't even bother asking
>me reasons why I have done this, okay? Okay.
>
>Any help will be massively appreciated, thanks for reading!