Re: Determining if a package is installed (regardless of version)
On Wed, Mar 27, 2019 at 02:24:24AM +, Adam Steen wrote: > Hi All > > I need to determine if a package is installed, lets use autoconf as an example > > I can run "pkg_info -mqP" and get back list of packages, i.e. > > devel/autoconf/2.69 > shells/bash > sysutils/coreutils > x11/dmenu > x11/dstat > x11/dwm > . > . > . > devel/git,-main > devel/gmp,-main > sysutils/firmware/intel > sysutils/firmware/inteldrm > . > . > . > sysutils/firmware/uvideo > sysutils/firmware/vmm > > directly comparing "devel/autoconf" with "devel/autoconf/2.69", is it > possible to get pkg_info to report a package without any version or stem > information? > > using https://man.openbsd.org/pkg_info i couldn't find anything that jumps > out, i was hoping not to do any further post processing. > > Cheers > Adam There could be multiple ways of achieving the same result but I often use the following when scripting package installation: $ env PKG_PATH= pkg_info autoconf >/dev/null && echo installed
Re: authentication methods: how do they work?
Boris Epstein wrote: > Thanks. It makes sense to be able to select login methods under some > circumstances - but do I have an option of forcing the user to log in using > a predetermined set of methods (for instance, password and then a secure > key, or password and Yubkey, or password and SSL key)? If you want to require two methods, you have to specify a combined method, with an appropriate utility in /usr/libexec/auth. This is tricky because the API only allows for one challenge/response, not a series of them. (Unless I'm mistaken.)
Determining if a package is installed (regardless of version)
Hi All I need to determine if a package is installed, lets use autoconf as an example I can run "pkg_info -mqP" and get back list of packages, i.e. devel/autoconf/2.69 shells/bash sysutils/coreutils x11/dmenu x11/dstat x11/dwm . . . devel/git,-main devel/gmp,-main sysutils/firmware/intel sysutils/firmware/inteldrm . . . sysutils/firmware/uvideo sysutils/firmware/vmm directly comparing "devel/autoconf" with "devel/autoconf/2.69", is it possible to get pkg_info to report a package without any version or stem information? using https://man.openbsd.org/pkg_info i couldn't find anything that jumps out, i was hoping not to do any further post processing. Cheers Adam
Re: authentication methods: how do they work?
Thanks. It makes sense to be able to select login methods under some circumstances - but do I have an option of forcing the user to log in using a predetermined set of methods (for instance, password and then a secure key, or password and Yubkey, or password and SSL key)? On Tue, Mar 26, 2019 at 1:59 PM Todd C. Miller wrote: > On Tue, 26 Mar 2019 11:11:35 -0400, Daniel Jakots wrote: > > > On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein > > wrote: > > > > > Hello listmates, > > > > > > Let's say I have the following configured in my /etc/login.conf > > > > > > auth-defaults:auth=password,skey,yubikey > > > > > > Would that mean either password, or skey, or Yubikey, or should they > > > all be satisifed? > > > > Either. Then you can pick which is used when you run the software, for > > instance with sudo it's the -a flag. > > Also, for programs that take a username, you can usually append the > auth method after the username, separted with a colon. For example, > for ssh you can do things like: > > ssh myname:skey@somehost > > - todd >
Broadcom BCM4356, bwfm0: could not read io type
Hi, I took my working 6.5-BETA disk out of a ThinkPad X230i and pluggued it in a ThinkPad X260. The system boots ok and I can get an X session. But the wireless card doesn't seem to work. # dmesg bwfm0 at pci2 dev 0 function 0 "Broadcom BCM4356" rev 0x02: msi bwfm_pci_intr: handle MB data bwfm0: could not read io type bwfm0: could not read io type bwfm0: could not init # doas ifconfig bwfm0 scan bwfm0: flags=8803 mtu 1500 lladdr 00:00:00:00:00:00 index 1 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid "" ifconfig: SIOCG80211ALLNODES: Network is down # pcidump -v 4:0:0: Broadcom BCM4356 0x: Vendor ID: 14e4 Product ID: 43ec 0x0004: Command: 0006 Status: 0010 0x0008: Class: 02 Subclass: 80 Interface: 00 Revision: 02 0x002c: Subsystem Vendor ID: 17aa Product ID: 0777 The firmware was downloaded using fw_update. The BIOS has just been updated. bios0: vendor LENOVO version "R02ET70W (1.43 )" date 01/28/2019 bios0: LENOVO 20F5S1FH00 Is there something to do to have it working ? Or is this "Bad luck, switch to an Intel Wireless card" ? Thanks for help. PS: I can provide full dmesg & pcidump if required.
Re: Infinite spin when trying to burn a CD
On Tue, Mar 26, 2019 at 10:45:40PM +0100, J??r??me FRGACIC wrote: > Thanks for all your replies. > > > it means the optcode does alllow or prevent media removal it depends on > > the prevent bits in the cdb but you basically just have a 00 for allow > > or a 01 for prevent in the cdb. Anyway since sense already told you the > > request is illegal you have to figure out what came befor the removal > > request so you might get a clue in what state the hardware is still. > > Thanks for those informations. Unfortunetly, I don't have more > informations or error than those for the moment to determine what happen > exactly. > > > Have you tried cdrecord from ports? I haven't burnt a CD in awhile but last > > time I did I couldn't get cdio to work but cdrecord would. > > I've tried cdrecord too, but I have the same problem. More precisely, it > quits because it encounters an error, but the CD is still spining forever. > > I put the output of cdrecord at the end, just in case it can help, but > since it seems to be a hardware problem, I suppose there is no easy > solutions (except changing it, of course). ^^" > > Kind regards, > > > J??r??me > hi. i don;t think it's a hardware error - i have a cd/dvd writer that behaves in a similar fashion: cd0 at scsibus1 targ 1 lun 0: ATAPI 5/cdrom removable i can reproduce the errors you get if i try to write a cd on it. it's not something i really do, so i never bothered (though i also suspected a hardware error ;) jmc
Re: Infinite spin when trying to burn a CD
Thanks for all your replies. it means the optcode does alllow or prevent media removal it depends on the prevent bits in the cdb but you basically just have a 00 for allow or a 01 for prevent in the cdb. Anyway since sense already told you the request is illegal you have to figure out what came befor the removal request so you might get a clue in what state the hardware is still. Thanks for those informations. Unfortunetly, I don't have more informations or error than those for the moment to determine what happen exactly. Have you tried cdrecord from ports? I haven't burnt a CD in awhile but last time I did I couldn't get cdio to work but cdrecord would. I've tried cdrecord too, but I have the same problem. More precisely, it quits because it encounters an error, but the CD is still spining forever. I put the output of cdrecord at the end, just in case it can help, but since it seems to be a hardware problem, I suppose there is no easy solutions (except changing it, of course). ^^" Kind regards, Jérôme write track data: error after 552960 bytes cdrecord: A write error occured. cdrecord: Please properly read the error message above. cdrecord: Input/output error. test unit ready: scsi sendcmd: retryable error CDB: 00 00 00 00 00 00 status: 0x0 (GOOD STATUS) cmd finished after 0.000s timeout 40s cdrecord: Input/output error. flush cache: scsi sendcmd: retryable error CDB: 35 00 00 00 00 00 00 00 00 00 status: 0x0 (GOOD STATUS) cmd finished after 0.000s timeout 120s Trouble flushing the cache Writing time:5.115s Average write speed 860.1x. Fixating... cdrecord: Input/output error. close track/session: scsi sendcmd: retryable error CDB: 5B 00 02 00 00 00 00 00 00 00 status: 0x0 (GOOD STATUS) cmd finished after 0.009s timeout 480s cmd finished after 0.009s timeout 480s cdrecord: faio_wait_on_buffer for writer timed out. cdrecord: Input/output error. prevent/allow medium removal: scsi sendcmd: retryable error CDB: 1E 00 00 00 00 00 status: 0x0 (GOOD STATUS) cmd finished after 0.000s timeout 40s cdrecord: Cannot fixate disk. Fixating time: 466.776s cdrecord: Input/output error. prevent/allow medium removal: scsi sendcmd: retryable error CDB: 1E 00 00 00 00 00 status: 0x0 (GOOD STATUS) cmd finished after 0.000s timeout 40s cdrecord: fifo had 77 puts and 10 gets. cdrecord: fifo was 0 times empty and 2 times full, min fill was 89%.
Re: GMA500 drivers
> The idea was to take the crappy binary blobs from Debian and wrap that into > something decent. > Reading up on OpenBSD driver management however ... Whenever you try to wrap something crappy it still remains crappy and it still smells. Your point, if any, is weird.
Re: authentication methods: how do they work?
On Tue, 26 Mar 2019 11:11:35 -0400, Daniel Jakots wrote: > On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein > wrote: > > > Hello listmates, > > > > Let's say I have the following configured in my /etc/login.conf > > > > auth-defaults:auth=password,skey,yubikey > > > > Would that mean either password, or skey, or Yubikey, or should they > > all be satisifed? > > Either. Then you can pick which is used when you run the software, for > instance with sudo it's the -a flag. Also, for programs that take a username, you can usually append the auth method after the username, separted with a colon. For example, for ssh you can do things like: ssh myname:skey@somehost - todd
Re: Infinite spin when trying to burn a CD
On Mar 26, 2019 9:41 AM, Markus Rosjat wrote: > > Hi, > > might not to much help but > > Am 26.03.2019 um 14:57 schrieb Maurice McCarthy: > > I never looked at your dmesg earlier. These lines > > > > cd0(ahci0:2:0): Check Condition (error 0x70) on opcode 0x1e > > SENSE KEY: Illegal Request > > > > the opcode is for the cdb prevent allow media removal so I assume your > hardware got a problem with the cdb send by the software so it might be > in a state where it still wants to read/write stuff. > > if you really want to figure out what the sense code or the check > condition error means you have to read up sbc specification on t10.org i > guess > > > > suggest the Openbsd system finds something wrong with your hardware. > > I'm not clever enough to speculate further. Sorry. > > > > regards > -- > Markus Rosjat fon: +49 351 8107224 mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > Königsbrücker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before > you print it, think about your responsibility and commitment to the > ENVIRONMENT > Have you tried cdrecord from ports? I haven't burnt a CD in awhile but last time I did I couldn't get cdio to work but cdrecord would.
Re: authentication methods: how do they work?
On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein wrote: > Hello listmates, > > Let's say I have the following configured in my /etc/login.conf > > auth-defaults:auth=password,skey,yubikey > > Would that mean either password, or skey, or Yubikey, or should they > all be satisifed? Either. Then you can pick which is used when you run the software, for instance with sudo it's the -a flag. > Also, is there a way to specify that different > users have different requirements as far as authentication methods. I would use different login classes. Cheers, Daniel
Re: load balancing outgoing traffic with 4 uplinks
I just read some tutorials and (again) the "Book _great_ Book of PF" and simplified my pf.conf and still everthing works fine: int_if = "{ vlan32, vlan64 }" int_lan = "{ 10.10.10.0/24, 10.64.0.0/10}" table { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\ 203.0.113.0/24 } set block-policy drop #set loginterface egress set skip on lo0 match in all scrub (no-df random-id max-mss 1440) match out on pppoe from $int_lan nat-to (pppoe) # VOIP Prio match on vlan32 proto { tcp udp } to port { 5060 5064 } set prio 7 match on vlan32 proto udp from port 11780:12780 set prio 7 #Internal prio match on vlan32 set prio 5 block in quick on pppoe from to any block return out quick on pppoe from any to block in pass out on egress pass quick on vlan32 to vlan32:network pass quick on vlan64 to vlan64:network block return in on vlan from vlan64:network to vlan32:network #no guests to office block return in on vlan inet proto tcp from any to any port 25 #avoid spam out pass in on $int_if route-to { (pppoe0 pppoe0:network), (pppoe1 pppoe1:network) } least-states sticky-address pass in on egress inet proto icmp all pass in on pppoe0 proto tcp from any to (pppoe0) port ssh > > 1. Somtimes the traffic is not even distributed between the uplinks. > > My guess is this is due to the source-hash method which > > - when I understand correctly - distributes traffic per IP and not per > > connection. > > When I use [round-robin | least-state] sticky-address i´ve problems with > my > > VoIP. > > An maybe some guests have problems with "secure" web apps* too. > > Anybody an Idea how to do prober loadbalancing with almost only https > > traffic? > > The only way you're likely to do better is to tunnel the traffic > to another machine on decent bandwidth using a multilink protocol > that knows how to deal with this - mlvpn comes to mind (it's in > packages). > I gues a clean and simple solution here would be a "Provider Independent" IPv6 Range and mulit-path routing or I´m missing something with this concept? > > 2. I tried to custumize this rules to also include vlan[3|4] to the > > load-balancing. > > 2.1. use egress-group instead of the pppoe-group for nat-to: > > > > match out on egress from $int_lan nat-to (egress) source-hash > > > > 2.2. add vlan[3|4] to the route-to rule: > > > > pass in on $int_if route-to { (pppoe0 pppoe0:network), (pppoe1 > > pppoe1:network),\ > > (vlan3 vlan3:network), (vlan4 vlan4:network) } source-hash > > > > But it didn´t work: No internet connection from vlan32 and vlan64 > > It's been a long time since I had to do this but at least you'll need to > nat on each pppoe interface individually to the correct address for that > interface. e.g. "match out on pppoe0 from ... nat-to (pppoe0)" > > What you are doing now will rewrite the address to *one* of the egress > interface addresses. Which will only be correct if the packet is being > sent out of the interface with that address. > > > 3. ping with the -I flag is strange. > > To see if my uplinks are working I used to: > > # ping -I [assigend or static IP] 8.8.8.8 > > somtimes it works for an IP and doens´t for another like: > > #ping -I [my static IP] 8.8.8.8 works > > #ping -I [my static IP] 1.1.1.1 doesn´t work > > #ping 1.1.1.1 works > > > > #ping -I [dynamic IP] 8.8.8.8 doesn´t work > > #ping -I [dynamic IP] 1.1.1.1 works > > #ping 8.8.8.8 works > > I never came up with a satisfying way to do this. Dirty method is to > find some specific "always on" addresses and direct one to one isp, > another to another isp, etc, and ping those .. > > There's another method of diverting traffic over multiple ISPs, > using multiple route tables + rdomains, but the selector in PF is a > bit simpler, to achieve balancing you can use the "probability" > modifier, but there's no stickiness so you are likely to have the > problem with voip and banks etc. > I just need that for testing purpose and was not sure if I do something wrong with the ping command. But doesn´t seem so. But it seems, that this issue is related to my ssh-connecting issue. I tried to connect from somwhere else. It didn't work directly, but going through my openbsd.amsterdam-vm worked... kind of strange. So basically, I'm again into getting up the pppoe connection for uplink 3 and 4 within the OpenBSD box and hope that loadbalancing works when extending the pf-rules with this two (pppoe2, pppoe3) interfaces. Thanks again Stuart and everybody else. Thomas
Re: openbgpd; strip private ASNs from bgp updates
On Tue, Mar 26, 2019 at 02:54:38PM +0100, open...@kene.nu wrote: > Hello, > > Is there a way to make openbgpd strip private ASNs from updates it > sends to certain neighbors? > I am using openbgpd on my edge routers and distribute routes generated > internally to the rest of the world. However, the internal routers use > private ASNs and this is obviously frowned upon by my peering > partners. > > I can of course have network statements on my edge routers but that > assumes the prefixes will always be reachable via said edge router, > something I can never be certain of. I would rather the updates rely > on the prefix actually being announced from the source. > Perhaps with transparent-as ?
Re: Infinite spin when trying to burn a CD
sorry it might got a bit confusing Am 26.03.2019 um 15:41 schrieb Markus Rosjat: cd0(ahci0:2:0): Check Condition (error 0x70) on opcode 0x1e SENSE KEY: Illegal Request the opcode is for the cdb prevent allow media removal so I assume your hardware got a problem with the cdb send by the software so it might be in a state where it still wants to read/write stuff. it means the optcode does alllow or prevent media removal it depends on the prevent bits in the cdb but you basically just have a 00 for allow or a 01 for prevent in the cdb. Anyway since sense already told you the request is illegal you have to figure out what came befor the removal request so you might get a clue in what state the hardware is still. -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Infinite spin when trying to burn a CD
Hi, might not to much help but Am 26.03.2019 um 14:57 schrieb Maurice McCarthy: I never looked at your dmesg earlier. These lines cd0(ahci0:2:0): Check Condition (error 0x70) on opcode 0x1e SENSE KEY: Illegal Request the opcode is for the cdb prevent allow media removal so I assume your hardware got a problem with the cdb send by the software so it might be in a state where it still wants to read/write stuff. if you really want to figure out what the sense code or the check condition error means you have to read up sbc specification on t10.org i guess suggest the Openbsd system finds something wrong with your hardware. I'm not clever enough to speculate further. Sorry. regards -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: video decoding and playback in OpenBSD
On Mon, Mar 25, 2019 at 7:46 PM Alexandre Ratchov wrote: > This surprises me, your CPU doesn't seem that slow. I decided to do more tests after your opinion and I had a nice surprise too. My desktop with video VGA and DP outputs is connected to an 1680x1050 display, with VGA and DVI inputs only. My TV is 1920x1080 and it has HDMI inputs only. A DP to HDMI passive cable arrived yesterday and I was able to do test on the TV. Youtube plays 1080 fine in chromium when connected to TV: less than 1% frame drops, max 38% cpu load for chromium in top. This is not happening when I connect the desktop to the display ( VGA or DP-DVI adapter): almost 10% frame drop and aprox. 89% cpu load. My thinking is CPU is used a lot to do that crop from 1920x1080 to 1680x1050. > I'd suggest to check where is spent most of the CPU time, in mpv or in > Xorg? You could try different mpv "-vo" options, there are machines > where "-vo x11" is faster than the default one. If I use mpv to play youtube link, the results on TV and display are the same or better, looking like youtube in chromium on TV. Using -vo x11 is using almost 55% on cpu and I get mpv complaints in console about performance. Is there a way to replace HTML player from chromium with mpv and play the stream inside the chromium page on OpenBSD? Thank you.
authentication methods: how do they work?
Hello listmates, Let's say I have the following configured in my /etc/login.conf auth-defaults:auth=password,skey,yubikey Would that mean either password, or skey, or Yubikey, or should they all be satisifed? Also, is there a way to specify that different users have different requirements as far as authentication methods. Thanks. Boris.
Re: Infinite spin when trying to burn a CD
I never looked at your dmesg earlier. These lines cd0(ahci0:2:0): Check Condition (error 0x70) on opcode 0x1e SENSE KEY: Illegal Request suggest the Openbsd system finds something wrong with your hardware. I'm not clever enough to speculate further. Sorry.
openbgpd; strip private ASNs from bgp updates
Hello, Is there a way to make openbgpd strip private ASNs from updates it sends to certain neighbors? I am using openbgpd on my edge routers and distribute routes generated internally to the rest of the world. However, the internal routers use private ASNs and this is obviously frowned upon by my peering partners. I can of course have network statements on my edge routers but that assumes the prefixes will always be reachable via said edge router, something I can never be certain of. I would rather the updates rely on the prefix actually being announced from the source. Regards Oscar
Re: GMA500 drivers
> On 26 Mar 2019, at 13:30, Jonathan Gray wrote: > > > There is no suitably licensed driver to port. And no documentation to > write one from scratch. > I’m not looking to make this an upstream thing. The idea was to take the crappy binary blobs from Debian and wrap that into something decent. Reading up on OpenBSD driver management however, this seems (outside of reverse engineering) frankly impossible.
Re: httpd acme-client renew multiple domains
Hi Mischa, if you like some python i got a small script for multiple domain cert renew on my github. I hope its ok to post the link here https://github.com/rosjat/scripts/blob/master/shell/OpenBSD/acme_renew its nothing fancy and you can modify it for your need or may make it better :) regards -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: video decoding and playback in OpenBSD
On Mon, Mar 25, 2019 at 06:05:58PM +0200, Mihai Popescu wrote: Hello, I am trying to find some hardware for an OpenBSD multimedia computer. I plan to attach it on a HDMI TV and play youtube on it, 1080p@30fps or more. No 4K involved. My thinking is to go for an AMD A8-6500 processor, but I am not sure if this is enough.Right now I am using and AMD Athlon II X2 B26 which drops some frames on youtube 1080p. I've read that ffmpeg, mpv and chromium do not use GPU in any way for decoding in OpenBSD. I could not afford to go for performance hardware like Intel Core I7-4770, so if you please could you make some suggestion about what you run as a minimum requirements? Am I on the right track thinking that more powerful CPUs will speed up decoding? Your AMD Athlon II X2 should play 1080p @30 fps on YouTube with no dropped frames. I know because I have a slightly slower X2 processor, the green edition at 2800MHz. I suspect the dropped frames are caused by your browser disabling some acceleration for your video card. Do you use the integrated graphics of your motherboard? I do and that gave me similar issues. But it's possible to force-enable the acceleration in Firefox, with little issues (freezes sometimes for a few seconds with 6.4 and even got a couple of X.org crashes over the last months, hoping for a better outcome with the updated drivers in 6.5, as 6.3 was smooth). On Chromium-based browsers I don't think there's a way to force enable 3D acceleration for these old chipsets. There's a flag that used to work, but not any more. An alternative is to play YouTube videos with mpv using the GL output, which should be the default (not x11, not xv). That works out of the box for my setup. As a general rule for these old chipsets, the decoding is not GPU-accelerated, it's the screen rendering that needs the acceleration. In Linux I had the option for accelerated H264 decoding too in mplayer/mpv (with VDPAU?), but I still preferred software decoding, as it gives more flexibility (eg. for deinterlacing). On a related note, try this in the MPV config file to prevent sound skips when listening to radio: ao=sndio. For 5.1 videos you might also want: audio-channels=downmix. FFMPEG's ffplay is an alternative to try, for radio listening I use: ffplay -loglevel quiet -autoexit -nodisp.
Re: Documentation request: wscons API
On Tue, Mar 26, 2019 at 10:04:02AM +0100, Martin Husemann wrote: > On Tue, Mar 26, 2019 at 10:51:35AM +0200, Leonid Bobrov wrote: > > Hi, dear NetBSD and OpenBSD communities. > > > > I need to work with wscons, but I don't want to guess by examples > > how to work with it, can you please provide documentation for its > > API? > > Please avoid such cross-postings. Also you did not ask very concrete, > so probably expected answer: > > man 9 wscons > Oh, I miss that one in OpenBSD, thank you. And sorry for cross-postings, I was sure it's worth to send to multiple lists. > Martin
Documentation request: wscons API
Hi, dear NetBSD and OpenBSD communities. I need to work with wscons, but I don't want to guess by examples how to work with it, can you please provide documentation for its API?