subscribe
subscribe
How to use proot?
Hi, I'm trying to set up a chroot for dpb using proot, but it looks like I'm doing something wrong and nothing has been created in the chroot directory. According to proot man page the following command should be sufficient, but I got the following outputs and nothing happens in /build: 8< $ sudo ./proot -B /build Password: loguser: _pbuild fetchuser: _pfetch builduser: _pbuild PORTSDIR=/usr/ports DISTDIR=/usr/ports/distfiles WRKOBJDIR=/usr/ports/pobj LOCKDIR=/usr/ports/pobj/locks LOGDIR=/usr/ports/logs PACKAGE_REPOSITORY=/usr/ports/packages PLIST_REPOSITORY=/usr/ports/plist Couldn't find mountpoint for /build ??? Running locate: ok 8< It looks like it treats /build as a mountpoint, but what if I just need a local chroot? I wonder what is the correct way to use proot. Thanks! signature.asc Description: PGP signature
Re: What do you use to generate invoices on OpenBSD?
jeanfrancois writes: > Thanks for that insight on using LaTeX (from ports). If you look on CTAN there are several invoicing pacakges. https://ctan.org/topic/invoice Allan
Re: Disabling ACPI permanently
Hello Philip, This box has installed the newest BIOS firmware. Following your suggestion I sent a bug report to b...@openbsd.org https://marc.info/?l=openbsd-bugs&m=157747038309405&w=2 On Mon, 23 Dec 2019 08:25:13 -0800 Philip Guenther wrote: > On Mon, Dec 23, 2019 at 5:10 AM Radek wrote: > > > I'm trying to permanently disable acpi doing the following steps[1]. > > After the first reboot OS boots fine. > > After the second reboot acpi seems to be re-enabled at boot - I get [2]. > > What Am I doing wrong? > > > > First, you should also check whether there's a newer BIOS firmware for this > box, as there's a good chance Intel has fixed issues and issued a new one. > If so, installing that may totally resolve the issue. > > If not, or if upgrading the firmware doesn't resolve this, then you should > next send a bug report to b...@openbsd.org using sendbug. To get the most > data when you do so, disable _just_ the acpipci device (using boot -c) > instead of all of acpi and then run sendbug as root on that system. The > bug report will then include the data from the ACPI tables, so that the > driver can be fixed to deal with this. > > ... > > > acpipci0 at acpi0 PCI0panic: malloc: allocation too large, type = 33, size > > = 292057776136 > > > > > Philip Guenther -- Radek
Re: Fun play with egrep, sed and awk
On Fri, Dec 27, 2019 at 10:49 PM Guilherme Janczak wrote: > > On Thu, 26 Dec 2019 16:13:33 + > "goleo ." wrote: > > > I was wondering how much space distfiles on "ftp" take, so because > > I couldn't see that in my web browser clearly, I downloaded the page > > https://ftp.openbsd.org/pub/OpenBSD/distfiles/ as distfiles.txt > > With wget, you can download the HTML of a web page, and also recurse > into links within it. > > $ wget -r -l 0 -A '*.html' --no-parent -O everything.html > https://ftp.openbsd.org/pub/OpenBSD/distfiles/ > > This command recurses into an infinite number of links without going up > in the hierarchy and into the parent directory, downloads only other > .html files (from which more links can be acquired), and appends > everything to an "everything.html" file. > > After a few minutes running and just ~1.7MiB of HTML downloaded, it > tried to recurse into a lot of non-existing directories, so I cut it > short there. The figure may not be perfect. > > $ grep -E '[0-9]$' everything.html | sed 's|.* \([0-9]*\)$|\1|' | awk > '{sum+=$1} END{print sum / 1024 / 1024}' > 65629 > > > The sum of all filesizes, which are listed in kebibytes, divided by > 1024^2, to turn it into gibibytes, returns 65629 gibibytes or about > 65 tebibytes. > This number seems a little absurd, I'm not sure if I made a mistake. > It does not seem completely implausible either however, the tree > does have files dating all the way back to 1990. > https://ftp.openbsd.org/pub/OpenBSD/distfiles/ja-fonts/ Filesizes are listed just in bytes, that means your calculation shows 65629 megabytes. Still nice, I didn't know it's so easy to fetch contents of subdirectories :)
Re: Fun play with egrep, sed and awk
On Thu, 26 Dec 2019 16:13:33 + "goleo ." wrote: > I was wondering how much space distfiles on "ftp" take, so because > I couldn't see that in my web browser clearly, I downloaded the page > https://ftp.openbsd.org/pub/OpenBSD/distfiles/ as distfiles.txt With wget, you can download the HTML of a web page, and also recurse into links within it. $ wget -r -l 0 -A '*.html' --no-parent -O everything.html https://ftp.openbsd.org/pub/OpenBSD/distfiles/ This command recurses into an infinite number of links without going up in the hierarchy and into the parent directory, downloads only other .html files (from which more links can be acquired), and appends everything to an "everything.html" file. After a few minutes running and just ~1.7MiB of HTML downloaded, it tried to recurse into a lot of non-existing directories, so I cut it short there. The figure may not be perfect. $ grep -E '[0-9]$' everything.html | sed 's|.* \([0-9]*\)$|\1|' | awk '{sum+=$1} END{print sum / 1024 / 1024}' 65629 The sum of all filesizes, which are listed in kebibytes, divided by 1024^2, to turn it into gibibytes, returns 65629 gibibytes or about 65 tebibytes. This number seems a little absurd, I'm not sure if I made a mistake. It does not seem completely implausible either however, the tree does have files dating all the way back to 1990. https://ftp.openbsd.org/pub/OpenBSD/distfiles/ja-fonts/
Re: No WAF detected - Solved
Hi, WAF is detected when certain methods are filtered in relayd. Thanks, Kihaguru. On Monday, December 9, 2019, Kihaguru Gathura wrote: > > > Hi, > A message form assessors and further tests below. > > > > > I have configured relayd to serve a single url that accepts no parameters. This url is blocked by relayd with error 403 Forbidden if anything is appended to its end. > I would expect WAF detection in such a test case but this has not happened. > what other means are malicious payloads being delivered in this case? > > Thanks and regards, > Kihaguru > > > > > # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ > # > # Relay and protocol > # > http protocol httpp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > } > > relay httpr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8080 > protocol httpp > > # Forward to the original target host > forward to destination > } > > http protocol httpsp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > > tls keypair example.net > } > > relay httpsr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8443 tls > protocol httpsp > > # Forward to the original target host > forward with tls to destination > } > --- > > On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson wrote: >> >> On 2019/12/05 00:17, Kihaguru Gathura wrote: >> > >> > >> > >> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura wrote: >> > >> > >> > >> > >> Which is a better way to implement a WAF on OpenBSD using the base utilities? >> > > >> > > relayd configured in certain ways might be considered as a WAF. >> > >> > >> > All methods and all other security headers and path filters are coded in the web >> > application which had always been detected as a custom WAF until two weeks ago. >> > >> > I have now included relayd and a re-test passes all other requirements but does not detect >> > a WAF (please find sample configurations and test report below). >> > >> > Any hint highly appreciated >> >> I think you will need to talk to your assessors and ask what they're looking for. >> >
Re: OpenBSD and ext2fs (ext3)
On Fri, Dec 27, 2019 at 04:44:46PM +0100, Stefan Sperling wrote: On Fri, Dec 27, 2019 at 03:56:00PM +0100, Thomas de Grivel wrote: Hello, I have a few ext3 drives from an old gentoo which mount fine but do not fsck (something about the first alternate superblock not matching values) they mount and fsck fine under linux. OpenBSD ext3 support is limited and read-only. I wouldn't expect fsck to work since fixing errors requires writing to the filesystem. In my experience, ext3 support is fragile, but not limited to read-only access. Had to save some big files on a 10-year old HDD that I used with Gentoo, and it worked mostly fine. Except for a panic, reported at https://marc.info/?l=openbsd-bugs&m=157634364811892. Also, fixing an ext3 filesystem in OpenBSD is handled by the Linux fsck utilities compiled for OpenBSD as the "e2fsprogs" package. This worked beautifully for me after the crash. As far as I can tell, this need not be correlated to the ext2 support in the kernel.
Re: OpenBSD and ext2fs (ext3)
On Fri, Dec 27, 2019 at 03:56:00PM +0100, Thomas de Grivel wrote: > Hello, > > I have a few ext3 drives from an old gentoo which mount fine but do > not fsck (something about the first alternate superblock not matching > values) they mount and fsck fine under linux. OpenBSD ext3 support is limited and read-only. I wouldn't expect fsck to work since fixing errors requires writing to the filesystem. > The only exception being a 4Tb drive which panics when mounting the > ext3 partition. > > Is this expected or should I investigate further ? Yes. Panics are not expected, though not unheard of with corrupt filesystems or not well-tested filesystem code.
OpenBSD and ext2fs (ext3)
Hello, I have a few ext3 drives from an old gentoo which mount fine but do not fsck (something about the first alternate superblock not matching values) they mount and fsck fine under linux. The only exception being a 4Tb drive which panics when mounting the ext3 partition. Is this expected or should I investigate further ? -- Thomas de Grivel kmx.io
Re: Advices on AD implementation with OpenBSD
Hello! fm+obsd+misc+l...@phosphorusnetworks.com (Fabio Martins), 2019.12.26 (Thu) 20:26 (CET): > I am drawing a scenario to replace the Windows 2003 Server with OpenBSD, > acting as AD/DC and firewall. There is a need to share folders and AFAIK this is the current status of samba AD/DC on OpenBSD: "This update doesn't include lmdb support (now the default upstream); and doesn't fix the AD DC support in the samba daemon either." https://marc.info/?l=openbsd-ports&m=157019016817459 There have been updates (and downgrades) since then, but nothing indicates that AD/DC works. Have not tried myself in a lng time. Marcus > printers, restrict access to folders based on logins, and no GPO are > needed at all. > > Is it possible with the current samba+winbind? Anyone has done it before? > > Thanks for 6.6! > > -- > Fabio Martins > http://www.nabundapode.com.br/
Re: relayd(8) Tables and pfctl -T
On 2019-12-26, Thomas Huber wrote: > I just tried to get a little deeper into load-balancing and try > to use relayd(8) in a dynamic (translate to microservices) environment > where I´l like to add and remove hosts on the fly. > After some reading I thought I should use tables for this purpose. > > relayctl(8) only allows to enable or disable complete tables but not > to alter a table. > > So I checked out > > 'pfctl -t -T add ' > > which should do exactly what I want. That manipulates tables in PF not in relayd. > But unfortunatelly the tables (to relay or redirect) are not > present in 'pfctl -s Table' relayd *uses* PF tables for redirect (but not relay). They are added under PF "anchors". See the list of relayd's anchors with pfctl -sA -a relayd. See the list of tables attached to an anchor with pfctl -sT -a relayd/RDR_someanchor. See table contents with pfctl -a RDR_someanchor -t RDR_sometable -Ts. But changing PF tables doesn't feed back to relayd. It won't start doing health checks for added hosts, etc. > I just hava a small setup to play, no real hosts or serverices attached > but before growing bigger I wanted to ask here if this should be > possible how I try it or another idea how to alter realyd(8) tables > without updating relay.conf(5) and reload. You need to update the config and reload. This is probably easier if you use a short file containing just the table definition and use "include". If you want something with more dynamic runtime configuration, haproxy is in ports, runs ok on OpenBSD and maybe a better fit. relayd has lower overhead in cases where packets are sent unmodified (it uses SO_SPLICE for simple TCP relays to hand-off packet shuffling to the kernel; haproxy can do this on Linux using splice(2) on Linux but doesn't use SO_SPLICE) but that's irrelevant in other cases (e.g. if the load-balancer terminates TLS connections) and might otherwise be a better fit for microservices.
Re: relayd(8) Tables and pfctl -T
On Thu, 26 Dec 2019 at 17:39, Marcus MERIGHI wrote: > Hello Thomas, > > miracu...@gmail.com (Thomas Huber), 2019.12.26 (Thu) 16:42 (CET): > > I just tried to get a little deeper into load-balancing and try > > to use relayd(8) in a dynamic (translate to microservices) environment > > where I´l like to add and remove hosts on the fly. > > After some reading I thought I should use tables for this purpose. > > > > relayctl(8) only allows to enable or disable complete tables but not > > to alter a table. > > But relayctl(8) lets you disable hosts of a table? > > $ relayctl show hosts > $ relayctl host disable 3 > Thanks, Marcus. > > You cannot add/remove/change, though. > > hm, okay Basically it should be possible with hashicorps consule-template: https://github.com/hashicorp/consul-template but that´s not realy an elegnat way. > Marcus > > > So I checked out > > > > 'pfctl -t -T add ' > > > > which should do exactly what I want. > > > > But unfortunatelly the tables (to relay or redirect) are not > > present in 'pfctl -s Table' > > > > I just hava a small setup to play, no real hosts or serverices attached > > but before growing bigger I wanted to ask here if this should be > > possible how I try it or another idea how to alter realyd(8) tables > > without updating relay.conf(5) and reload. > > > > thanks > > --mirac >
Re: Fun play with egrep, sed and awk
On 2019-12-26, goleo . wrote: > I was wondering how much space distfiles on "ftp" take, so because > I couldn't see that in my web browser clearly, I downloaded the page > https://ftp.openbsd.org/pub/OpenBSD/distfiles/ as distfiles.txt btw, there are files in subdirectories as well (another 35GB or so). They are fetched with dpb(1)'s -F flag and old files are cleaned every so often woth clean-old-distfiles(1) - the manuals are in base but the actual programs are in the ports tree - so the total space depends on how long old distfiles are kept when they're no longer used by a port. > $ egrep '[0-9]$' distfiles.txt | sed 's|.* \([0-9]*\)$|\1|' | awk '{ > sum += $1 / 10 } END { print sum "G" }' > 54.8126G > > Most of space is taken by distfiles which are at least 100 MB big: > > $ egrep '[0-9]{9}$' distfiles.txt | sed 's|.* \([0-9]*\)$|\1|' | awk > '{ sum += $1 / 10 } END { print sum "G" }' > 34.5359G For more fun and efficiency, combine the egrep/sed commands into awk :)