Suricata from packages

[Eric Zylstra]

OpenBSD 6.6 Generic.MP amd64
Stable.

I installed suricata using pkg_add.  Having trouble with starting it.

$ doas rcctl start suricata
…fails.  No informative fail message, though.

I’ve tried finding info in logs.  Nothing informative in suricata logs nor 
/var/log/messages.

$ doas /usr/local/bin/suricata -D
…succeeds.  It runs fine.  That is the same command in the /etc/rc.d/suricata.

Pointers?  Suggestions?  Specific details?

Thanks,

Eric Z

Re: Can't locate OpenBSD/Quirks.pm in @INC

[myml...@gmx.com]

On 1/17/20 7:25 PM, Jordan Geoghegan wrote:



On 2020-01-17 18:10, myml...@gmx.com wrote:

HI,


I downloaded the install66.fs snapshot today, 20200117, and did a fresh
install.  Even though I got the full install set, i used http from
ftp.openbsd.org as the install source.

Installation went fine but when I tried to install packages I get the
above error.

"# pkg_add -vn pftop
quirks-3.216 signed on 2020-01-17T19:15:00Z
quirks-3.216: ok
Can't load quirk: Can't locate OpenBSD/Quirks.pm in @INC (you may need
to install the OpenBSD::Quirks module) (@INC contains:
/usr/local/libdata/perl5/site_perl/amd64-openbsd
/usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd
/usr/libdata/perl5) at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 350.

pftop-0.7p19: ok
Merging manpages in /usr/local/man: /usr/local/man/man8/pftop.8
Extracted 252817 from 253475"


[snip]

I believe quirks gets automatically installed when you install your
first package.



AH HA, that seems to be the case.

 pkg_add -v pftop
quirks-3.216 signed on 2020-01-17T19:15:00Z
quirks-3.216: ok
pftop-0.7p19: ok
Extracted 252817 from 253475


I was just initially trying to see what would be installed without
actually installing.  I've run into issues before where the base system
packages and the userland stuff, if they aren't labeled the same date
have library issues.  I was trying to make sure i'd avoid that.


Thanks for the quick answer!

Re: Can't locate OpenBSD/Quirks.pm in @INC

[Jordan Geoghegan]

On 2020-01-17 18:10, myml...@gmx.com wrote:

HI,


I downloaded the install66.fs snapshot today, 20200117, and did a fresh
install.  Even though I got the full install set, i used http from
ftp.openbsd.org as the install source.

Installation went fine but when I tried to install packages I get the
above error.

"# pkg_add -vn pftop
quirks-3.216 signed on 2020-01-17T19:15:00Z
quirks-3.216: ok
Can't load quirk: Can't locate OpenBSD/Quirks.pm in @INC (you may need
to install the OpenBSD::Quirks module) (@INC contains:
/usr/local/libdata/perl5/site_perl/amd64-openbsd
/usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd
/usr/libdata/perl5) at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 350.

pftop-0.7p19: ok
Merging manpages in /usr/local/man: /usr/local/man/man8/pftop.8
Extracted 252817 from 253475"


[snip]

I believe quirks gets automatically installed when you install your 
first package.

Can't locate OpenBSD/Quirks.pm in @INC

[myml...@gmx.com]

HI,


I downloaded the install66.fs snapshot today, 20200117, and did a fresh
install.  Even though I got the full install set, i used http from
ftp.openbsd.org as the install source.

Installation went fine but when I tried to install packages I get the
above error.

"# pkg_add -vn pftop
quirks-3.216 signed on 2020-01-17T19:15:00Z
quirks-3.216: ok
Can't load quirk: Can't locate OpenBSD/Quirks.pm in @INC (you may need
to install the OpenBSD::Quirks module) (@INC contains:
/usr/local/libdata/perl5/site_perl/amd64-openbsd
/usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd
/usr/libdata/perl5) at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 350.

pftop-0.7p19: ok
Merging manpages in /usr/local/man: /usr/local/man/man8/pftop.8
Extracted 252817 from 253475"


Any ideas?


Thanks in advance.


system dmesg:


# dmesg
OpenBSD 6.6-current (RAMDISK_CD) #586: Thu Jan 16 14:00:02 MST 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 8487612416 (8094MB)
avail mem = 8226369536 (7845MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x8d318000 (86 entries)
bios0: vendor American Megatrends Inc. version "5.12" date 07/08/2019
bios0: Protectli FW6
acpi0 at bios0: ACPI 6.1
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT FIDT SSDT HPET SSDT SSDT
UEFI SSDT LPIT WSMT SSDT SSDT SSDT SSDT DBGP DBG2 DMAR BGRT ASF!
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz, 2395.13 MHz, 06-8e-09
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus -1 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus -1 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 1 (RP01)
acpiprt10 at acpi0: bus 2 (RP02)
acpiprt11 at acpi0: bus 3 (RP03)
acpiprt12 at acpi0: bus 4 (RP04)
acpiprt13 at acpi0: bus 5 (RP05)
acpiprt14 at acpi0: bus 6 (RP06)
acpiprt15 at acpi0: bus -1 (RP07)
acpiprt16 at acpi0: bus -1 (RP08)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiprt21 at acpi0: bus -1 (RP21)
acpiprt22 at acpi0: bus -1 (RP22)
acpiprt23 at acpi0: bus -1 (RP23)
acpiprt24 at acpi0: bus -1 (RP24)
acpiprt25 at acpi0: bus -1 (RP14)
acpiprt26 at acpi0: bus -1 (RP15)
acpiprt27 at acpi0: bus -1 (RP16)
acpiec0 at acpi0: not present
acpicpu at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0C0E" at acpi0 not configured
"INT33A1" at acpi0 not configured
"PNP0C0C" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
cpu0: using Skylake AVX MDS workaround
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 7G Host" rev 0x02
"Intel HD Graphics 620" rev 0x02 at pci0 dev 2 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x21: msi,
xHCI 1.0
usb0

OpenBSD 6.6 Gnome Issue

[Michael G Workman]

I have several older Dell laptops and have been putting them to good use by
installing Linux and BSD Unix. I wanted to learn OpenBSD Unix so I
installed it on a Dell Vostro 1500 I have with 2Ghz Intel Dual Core
Processor, 2GB RAM, and 120GB Hard drive. I already did a DMESG for it. The
install was no problem at all, a USB install using the fs file, and the
default FVWM window manager works perfectly, but I was hoping to use Gnome
with OpenBSD, like I do with two other dell laptops. I have one with Fedora
Linux, and another with Kali Linux.

So I installed Gnome from the command line, as root using pkg_add, from the
NYC OpenBSD Mirror. Gnome version 3.2 was installed, I also made sure to
install all patches, before trying to install Gnome. And also installed
gnome-extras.

Then I disabled xenodm using rcctl command, and enabled multicast
messagebus avahi_daemon gdm, also with the rcctl command at the command
line, as root. Then I rebooted, Gnome appears to run, but anytime I open up
an application, all I get is a black screen, like in the photo, it is Gnome
initial setup that is blacked out, also terminals and text editors are the
same, all black. I was just curious if anyone had experienced the same
problems? I have a second Dell Vostro 1500 laptop with Fedora Linux, and
gnome works perfectly, same exact hardware as the OpenBSD dell laptop, also
I have Kali Linux on a Dell e6400 laptop, and Gnome runs perfectly on that
laptop also.


[image: Gnome_BlackSceenError_January17_2020.JPG]

*Michael G. Workman*
(321) 432-9295
michael.g.work...@gmail.com

Re: ksh complete_command for commands with "-" in name

[Uwe Werler]

On 18 Jan 00:27, Andreas Kusalananda Kähäri wrote:
> On Fri, Jan 17, 2020 at 10:41:30PM +, Uwe Werler wrote:
> > On 17 Jan 22:32, Ottavio Caruso wrote:
> > > On Fri, 17 Jan 2020 at 22:03, Uwe Werler  wrote:
> > > >
> > > > Hi misc,
> > > >
> > > > I use heavily the feature to set command completion in ksh. 
> > > > Unfortunately
> > > > this doesn't work for commands with "-" (like ssh-add, salt-call etc.) 
> > > > in
> > > > command name because the parameter name for the array is invalid.
> > > 
> > > I'm not sure if I'm getting what you're saying. I have a barebone
> > > plain-vanilla OpenBSD 6.6 installation and I have ksh as my login
> > > shell. I can do command and file completion with [TAB] on any commands
> > > with a hyphen (pkg-config, ssh-add, ssh-agent, ssh-keygen, ssh-keyscan
> > > and so on).
> > 
> > >From man 1 ksh:
> > 
> >  Custom completions may be configured by creating an array named
> >  ‘complete_command’, optionally suffixed with an argument number
> >  to complete only for a single argument.  So defining an array
> >  named ‘complete_kill’ provides possible completions for any
> >  argument to the kill(1) command, but ‘complete_kill_1’ only
> >  completes the first argument.  For example, the following 
> > command
> >  makes ksh offer a selection of signal names for the first
> >  argument to kill(1):
> > 
> >set -A complete_kill_1 -- -9 -HUP -INFO -KILL -TERM
> > 
> > This of course can't work for commands with a hyphen because the parameter 
> > name
> > of the array is then invalid.
> > 
> > Uwe
> 
> A somewhat ugly workaround would be to define aliases for the commands
> that you want te install these completions for.  The aliases would have
> no dashes in their names.
> 
>   alias ssh_add=ssh-add
>   set -A complete_ssh_add_1 -- -D -l -L -v

Yeah, that's what I came up with too.

Re: ksh complete_command for commands with "-" in name

[Andreas Kusalananda Kähäri]

On Fri, Jan 17, 2020 at 10:41:30PM +, Uwe Werler wrote:
> On 17 Jan 22:32, Ottavio Caruso wrote:
> > On Fri, 17 Jan 2020 at 22:03, Uwe Werler  wrote:
> > >
> > > Hi misc,
> > >
> > > I use heavily the feature to set command completion in ksh. Unfortunately
> > > this doesn't work for commands with "-" (like ssh-add, salt-call etc.) in
> > > command name because the parameter name for the array is invalid.
> > 
> > I'm not sure if I'm getting what you're saying. I have a barebone
> > plain-vanilla OpenBSD 6.6 installation and I have ksh as my login
> > shell. I can do command and file completion with [TAB] on any commands
> > with a hyphen (pkg-config, ssh-add, ssh-agent, ssh-keygen, ssh-keyscan
> > and so on).
> 
> >From man 1 ksh:
> 
>  Custom completions may be configured by creating an array named
>  ‘complete_command’, optionally suffixed with an argument number
>  to complete only for a single argument.  So defining an array
>  named ‘complete_kill’ provides possible completions for any
>  argument to the kill(1) command, but ‘complete_kill_1’ only
>  completes the first argument.  For example, the following command
>  makes ksh offer a selection of signal names for the first
>  argument to kill(1):
> 
>set -A complete_kill_1 -- -9 -HUP -INFO -KILL -TERM
> 
> This of course can't work for commands with a hyphen because the parameter 
> name
> of the array is then invalid.
> 
> Uwe

A somewhat ugly workaround would be to define aliases for the commands
that you want te install these completions for.  The aliases would have
no dashes in their names.

alias ssh_add=ssh-add
set -A complete_ssh_add_1 -- -D -l -L -v

-- 
Andreas (Kusalananda) Kähäri
SciLifeLab, NBIS, ICM
Uppsala University, Sweden

.

Re: ksh complete_command for commands with "-" in name

[Uwe Werler]

On 17 Jan 22:32, Ottavio Caruso wrote:
> On Fri, 17 Jan 2020 at 22:03, Uwe Werler  wrote:
> >
> > Hi misc,
> >
> > I use heavily the feature to set command completion in ksh. Unfortunately
> > this doesn't work for commands with "-" (like ssh-add, salt-call etc.) in
> > command name because the parameter name for the array is invalid.
> 
> I'm not sure if I'm getting what you're saying. I have a barebone
> plain-vanilla OpenBSD 6.6 installation and I have ksh as my login
> shell. I can do command and file completion with [TAB] on any commands
> with a hyphen (pkg-config, ssh-add, ssh-agent, ssh-keygen, ssh-keyscan
> and so on).

>From man 1 ksh:

 Custom completions may be configured by creating an array named
 ‘complete_command’, optionally suffixed with an argument number
 to complete only for a single argument.  So defining an array
 named ‘complete_kill’ provides possible completions for any
 argument to the kill(1) command, but ‘complete_kill_1’ only
 completes the first argument.  For example, the following command
 makes ksh offer a selection of signal names for the first
 argument to kill(1):

   set -A complete_kill_1 -- -9 -HUP -INFO -KILL -TERM

This of course can't work for commands with a hyphen because the parameter name
of the array is then invalid.

Uwe

Re: ksh complete_command for commands with "-" in name

[Ottavio Caruso]

On Fri, 17 Jan 2020 at 22:03, Uwe Werler  wrote:
>
> Hi misc,
>
> I use heavily the feature to set command completion in ksh. Unfortunately 
> this doesn't work for commands with "-" (like ssh-add, salt-call etc.) in 
> command name because the parameter name for the array is invalid.

I'm not sure if I'm getting what you're saying. I have a barebone
plain-vanilla OpenBSD 6.6 installation and I have ksh as my login
shell. I can do command and file completion with [TAB] on any commands
with a hyphen (pkg-config, ssh-add, ssh-agent, ssh-keygen, ssh-keyscan
and so on).

-- 
Ottavio Caruso

ksh complete_command for commands with "-" in name

[Uwe Werler]

Hi misc,

I use heavily the feature to set command completion in ksh. Unfortunately this 
doesn't work for commands with "-" (like ssh-add, salt-call etc.) in command 
name because the parameter name for the array is invalid. Any idea to work 
around that or plans to allow at least "-" when parameter name starts with 
"complete_"? I'm not a developer and don't really understand the code for ksh :/

Thanks in advance.

Uwe

rad(8) and carp - anything I ought to know ?

[Rachel Roch]

Hi,

I'm sure many here have been down this road before me.  So to save me many 
hours of tears and frustration, I have a simple question.

Say I was hoping to use rad(8) in conjunction with carp, any tales from the 
battlefield (a.k.a. config tips, things to be aware of etc.).

Thanks !

Rachel

Re: How do I change the birth time of a file?

[Otto Moerbeek]

On Fri, Jan 17, 2020 at 12:49:09PM -0500, gwes wrote:

> On 1/17/20 4:20 AM, Otto Moerbeek wrote:
> > On Thu, Jan 16, 2020 at 09:20:58PM -0800, William Ahern wrote:
> > 
> > > On Thu, Jan 16, 2020 at 01:16:47PM +0100, Otto Moerbeek wrote:
> > > > On Thu, Jan 16, 2020 at 11:20:10AM +, gritzmann wrote:
> > > > 
> > > > > Hi,
> > > > > 
> > > > > How do I change the birth time of a file? `touch -acm -d "1980-01-01 
> > > > > 00:00:00" myfile` changes only the access, modify and change times.
> > > > > 
> > > > > `stat myfile` returns `10 215746 -rw-r--r-- 1 me me 0 0 "Jan  1 
> > > > > 00:00:00 1980" "Jan  1 00:00:00 1980" "Jan 16 13:00:33 2020" 16384 0 
> > > > > 0 myfile`
> > > > > 
> > > > > Thanks!
> > > > > 
> > > > > Sent with ProtonMail Secure Email.
> > > > > 
> > > > Change time != creation time. There is no such thing as creation time
> > > > in unix.
> > > Not in Unix, but with UFS2 FreeBSD added birth time, which is documented
> > > everywhere--including in source code--as being synonymous with "creation
> > > time". OpenBSD added the st_birthtime field to struct stat in 2004,
> > > 
> > >
> > > https://cvsweb.openbsd.org/src/sys/sys/stat.h?rev=1.14=text/x-cvsweb-markup
> > >
> > > https://github.com/openbsd/src/commit/cc2fc615c6e2dee87e5a3cd5a655a2ee5ef778c8
> > > 
> > > but as far as I can tell it's not set anywhere in the kernel.
> > > 
> > > FWIW, birth time has been adopted by ext4, ZFS, AFS, HAMMER2, and possibly
> > > other file systems, but only the *BSDs seem to have added st_birthtime in
> > > struct stat. On Linux it's stx_btime in struct statx, and as best I can 
> > > tell
> > > Solaris requires querying the A_CRTIME (creation time?) attribute using
> > > getattrat. None of this is particularly relevant to OpenBSD, and I don't
> > > mean to advocate, but after having done the leg work I feel like I should
> > > commit this to an archive for posterity...
> > > 
> > > > The change time (c_time in struct stat) cannot be explicitly set by
> > > > any API and is maintained by the kernel.
> > > As far as I can tell from the FreeBSD man page for utimes and friends, 
> > > this
> > > is likewise true for birth time.
> > > 
> > Thanks for this detailed extra info. I was vaguely aware that some
> > filesystem implementations have a creation time, but
> > 
> > - it is not in Posix and, even if *some* filesystems have it,
> > - there is no API to set it and no generally accepted API to get it.
> > 
> > -Otto
> > 
> If these times were intended to help backup programs determine whether
> a particular inode's content and attributes have changed since the last
> backup (as I added and used them for backup purposes under TOPS-10)
> then there must not be any way for any program to modify them. The kernel
> must only change them if it changes the file in such a way that a backup
> is out of date.
> 
> I suspect this is the reason for these fields. If not, they should be
> used for that purpose.
> 

m_time and c_time are enough for backup purposes. If any of them is
more recent than the latest backup time, the file (or its attributes)
have changed and should be included in the current backup.

-Otto

Re: running git server with "smart http" protocol

[Kent Watsen]

Regarding the rewrite rules below, `man git-http-backend` is instructive
...though it would be better if updated for OpenBSD's native `httpd`  ;)

K.


> 6) set /etc/httpd.conf
> 
>  server "default" {
>  listen on 0.0.0.0 port 80
> 
>  # these two rules are trying to match 
> https://git-scm.com/docs/git-http-backend 
> ,
>  # but I suspect that I botched them...
>  location match 
> "^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$" {
>request rewrite "/usr/local/libexec/git/git-http-backend/%1"
>  }
>  location match 
> "^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$" {
>request rewrite "/usr/local/libexec/git/git-http-backend/%1"
>  }
> 
>  location "/docs/*" { 
>  fastcgi {
>  socket "/run/slowcgi.sock"
>  param DOCUMENT_ROOT "/"
>  param GIT_HTTP_EXPORT_ALL ""
>  param GIT_PROJECT_ROOT "/git-repos"
>  param SCRIPT_FILENAME 
> "/usr/local/libexec/git/git-http-backend"
>  }
>  }
>  }

Re: How do I change the birth time of a file?

[gwes]

On 1/17/20 4:20 AM, Otto Moerbeek wrote:

On Thu, Jan 16, 2020 at 09:20:58PM -0800, William Ahern wrote:


On Thu, Jan 16, 2020 at 01:16:47PM +0100, Otto Moerbeek wrote:

On Thu, Jan 16, 2020 at 11:20:10AM +, gritzmann wrote:


Hi,

How do I change the birth time of a file? `touch -acm -d "1980-01-01 00:00:00" 
myfile` changes only the access, modify and change times.

`stat myfile` returns `10 215746 -rw-r--r-- 1 me me 0 0 "Jan  1 00:00:00 1980" "Jan  1 
00:00:00 1980" "Jan 16 13:00:33 2020" 16384 0 0 myfile`

Thanks!

Sent with ProtonMail Secure Email.


Change time != creation time. There is no such thing as creation time
in unix.

Not in Unix, but with UFS2 FreeBSD added birth time, which is documented
everywhere--including in source code--as being synonymous with "creation
time". OpenBSD added the st_birthtime field to struct stat in 2004,

   
https://cvsweb.openbsd.org/src/sys/sys/stat.h?rev=1.14=text/x-cvsweb-markup
   
https://github.com/openbsd/src/commit/cc2fc615c6e2dee87e5a3cd5a655a2ee5ef778c8

but as far as I can tell it's not set anywhere in the kernel.

FWIW, birth time has been adopted by ext4, ZFS, AFS, HAMMER2, and possibly
other file systems, but only the *BSDs seem to have added st_birthtime in
struct stat. On Linux it's stx_btime in struct statx, and as best I can tell
Solaris requires querying the A_CRTIME (creation time?) attribute using
getattrat. None of this is particularly relevant to OpenBSD, and I don't
mean to advocate, but after having done the leg work I feel like I should
commit this to an archive for posterity...


The change time (c_time in struct stat) cannot be explicitly set by
any API and is maintained by the kernel.

As far as I can tell from the FreeBSD man page for utimes and friends, this
is likewise true for birth time.


Thanks for this detailed extra info. I was vaguely aware that some
filesystem implementations have a creation time, but

- it is not in Posix and, even if *some* filesystems have it,
- there is no API to set it and no generally accepted API to get it.

-Otto


If these times were intended to help backup programs determine whether
a particular inode's content and attributes have changed since the last
backup (as I added and used them for backup purposes under TOPS-10)
then there must not be any way for any program to modify them. The kernel
must only change them if it changes the file in such a way that a backup
is out of date.

I suspect this is the reason for these fields. If not, they should be
used for that purpose.

running git server with "smart http" protocol

[Kent Watsen]

TL;DR;  The current issue is this error:

error: cannot run upload-pack: No such file or directory


Steps:

1) OpenBSD 6.5 fresh install

2) pkg_add git

3) make /var/www/dev/null

   # mkdir dev
   # mknod dev/null c 2 2
   # chmod 666 dev/null

4) put `git-http-backend` into jail

   # for f in `ldd /usr/local/libexec/git/git-http-backend | grep '/usr/' | 
grep -v ':' | awk '{print $7}'`; do
 d=`dirname $f | sed 's#^/##'`
 mkdir -p $d
 cp $f $d
  done

5) put `git-upload-pack` into jail

   # for f in `ldd /usr/local/libexec/git/git-upload-pack  | grep '/usr/' | 
grep -v ':' | awk '{print $7}'`; do
 d=`dirname $f | sed 's#^/##'`
 mkdir -p $d
 cp $f $d
  done

6) set /etc/httpd.conf

  server "default" {
  listen on 0.0.0.0 port 80

  # these two rules are trying to match 
https://git-scm.com/docs/git-http-backend 
,
  # but I suspect that I botched them...
  location match 
"^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$" {
request rewrite "/usr/local/libexec/git/git-http-backend/%1"
  }
  location match 
"^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$" {
request rewrite "/usr/local/libexec/git/git-http-backend/%1"
  }

  location "/docs/*" { 
  fastcgi {
  socket "/run/slowcgi.sock"
  param DOCUMENT_ROOT "/"
  param GIT_HTTP_EXPORT_ALL ""
  param GIT_PROJECT_ROOT "/git-repos"
  param SCRIPT_FILENAME 
"/usr/local/libexec/git/git-http-backend"
  }
  }
  }

7) create "docs" repo:

  # mkdir git-repos
  # git init --bare git-repos/docs
  # cd git-repos/docs/; git update-server-info; cd -

8) In one window:

  # httpd -d -vv

9) In another window:

  # slowcgi -d

10) In a 3rd window:

  # git clone http://127.0.0.1/docs 
  Cloning into 'docs'...
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

11) Observe output in the `httpd` window:

  error: cannot run upload-pack: No such file or directory

  default 127.0.0.1 - - [17/Jan/2020:11:36:35 -0500] "GET 
/docs/info/refs?service=git-upload-pack HTTP/1.1" 200 0
  server default, client 1 (1 active), 127.0.0.1:47830 -> 127.0.0.1, closed

Notables here:

# ls -l git-repos/docs/info/refs

 
-rw-r--r--  1 root  daemon  0 Jan 17 11:50 git-repos/docs/info/refs

# file git-repos/docs/info/refs   
git-repos/docs/info/refs: empty

(but, from experience, I know that this is a text file, not something 
that might take an HTTP query parameter)

12) Observe output in the `slowcgi` window:

  slowcgi: inflight incremented, now 1  
   
  slowcgi: version: 1   
   
  slowcgi: type:1   
   
  slowcgi: requestId:   1  
  slowcgi: contentLength:   8   
  slowcgi: paddingLength:   0   

   
  slowcgi: reserved:0
  slowcgi: role 1
  slowcgi: flags0
  slowcgi: version: 1
  slowcgi: type:4
  slowcgi: requestId:   1
  slowcgi: contentLength:   729
  slowcgi: paddingLength:   0   

   
  slowcgi: reserved:0
  slowcgi: env[0], PATH_INFO=/docs/info/refs
  slowcgi: env[1], SCRIPT_NAME=
  slowcgi: env[2], SCRIPT_FILENAME=/
  slowcgi: env[3], QUERY_STRING=service=git-upload-pack
  slowcgi: env[4], DOCUMENT_ROOT=/htdocs
  slowcgi: env[5], DOCUMENT_URI=/docs/info/refs
  slowcgi: env[6], GATEWAY_INTERFACE=CGI/1.1

   
  slowcgi: env[7], HTTP_ACCEPT=*/*
  slowcgi: env[8], HTTP_ACCEPT_ENCODING=deflate, gzip
  slowcgi: env[9], HTTP_HOST=127.0.0.1
  slowcgi: env[10], 

OpenIKED VPN to have whole client's system traffic routed over VPN interface

[morgan.loner]

Hi there!

The question is how to set default route for all client's (OBSD 6.4 road 
warrior) traffic inside IPsec using the same egress.

1. I think VPN traffic should be routed only to em0 1.2.3.4 GW 1.2.3.1 with 
DHCP assigned "clean" IP or IP behind ISPs NAT by setting globally $vpn_if = 
em0 in PF and use standard IPsec rules for it like:

...
# isakmpd(8) itself to remote
pass in on $vpn_if inet proto udp from any to ($vpn_if) port {isakmp, 
ipsec-nat-t}
pass out on $vpn_if inet proto udp from ($vpn_if) to any port {isakmp, 
ipsec-nat-t} keep state

# ESP encapsulated IPsec traffic on $vpn_if
pass in on $vpn_if inet proto esp from any to ($vpn_if)
pass out on $vpn_if inet proto esp from ($vpn_if) to any keep state set queue 
ipsec_wan

# IP-in-IP traffic between gateways on enc(4) interface
pass in on enc0 inet proto ipencap from any to ($vpn_if) keep state (if-bound)
pass out on enc0 inet proto ipencap from ($vpn_if) to any keep state (if-bound)

# unencrypted traffic filtering on enc(4) interface
pass in on enc0 inet from 0.0.0.0/0 to 10.0.190.0/24 keep state (if-bound)
pass out on enc0 inet from 10.0.190.0/24 to 0.0.0.0/0 keep state (if-bound)
...

2. But all the client's system traffic from all the internal services and local 
LAN's should be routed to
virtual vether0 10.0.190.1 GW 10.0.190.1 by setting $ext_if = vehter0 in PF's 
global settings and leave
all the working PF rules previously configured untouched as shown below:

...
match out on $ext_if from {lo0, $lans} to any nat-to $ext_if:0
pass out quick on $ext_if inet proto tcp from $ext_if to any port {http, https} 
flags S/SA modulate state $webSTO
pass out quick on $ext_if inet proto udp from $ext_if to any keep state $bulkSTO
...

So network's map should looks like:

 ServerRoad warrior OBSD client
Remote   4.3.2.2vio0   em0 1.2.3.4 DHCP by ISP can be under NAT 
or "clean" IP
gateway  4.3.2.1 GW vio0  <=VPN==  vether0 10.0.190.1 255.255.255.0 virtual VPN 
subnet

I can't make it working using default route to send/receive whole client's 
traffic inside VPN tunnel for some reason.

Am I right with my assumption to make two default routes in client's routing 
table with upper priority for
vether0 and route-to and reply-to PF directives to connect VPN tru em0 default 
route?

Any samples, working configurations or advises will be highly appreciated.

$ ipsecctl -sa
FLOWS:
flow ipcomp in proto udp from 0.0.0.0/0 to 10.0.190.0/24 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type use
flow esp in proto ipencap from 4.3.2.2 to 1.2.3.4 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type use
flow esp in proto ipcomp from 4.3.2.2 to 1.2.3.4 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type use
flow esp out proto ipencap from 1.2.3.4 to 4.3.2.2 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type require
flow esp out proto ipcomp from 1.2.3.4 to 4.3.2.2 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type require
flow ipcomp out proto udp from 10.0.190.0/24 to 0.0.0.0/0 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type require
flow esp out from ::/0 to ::/0 type deny

SAD:
ipcomp tunnel from 1.2.3.4 to 4.3.2.2 spi 0x43ee comp deflate
ipcomp tunnel from 4.3.2.2 to 1.2.3.4 spi 0x5ff0 comp deflate
esp transport from 1.2.3.5 to 4.3.2.2 spi 0x486b9b22 auth sha1 enc aes-256
esp transport from 4.3.2.2 to 1.2.3.4 spi 0xfb978ef5 auth sha1 enc aes-256

$ netstat -r (before changing vether0 routing priority)
Routing tables

Internet:
Destination GatewayFlags  Refs  UseMtu  Prio   Iface
default 1.2.3.4UGS111234   -8  em0
default 10.0.190.1 UGS0 5678   -9  vether0
...

$ cat /etc/hostname.vether0
up
10.0.190.1 255.255.255.0
!route add -priority 7 default 10.0.190.1

$ sh /etc/netstart vether0

$ netstat -r (after changing vether0 routing priority)
Routing tables

Internet:
Destination  Gateway Flags   Refs   UseMtu  Prio   Iface
default  10.0.190.1  UGS 0  5678   -7  vether0
default  1.2.3.4 UGS 11 1234   -8  em0
...

$ cat /etc/iked.conf
# client side config
gw_ip = "em0"
ikev2 "pki-client" active ipcomp esp proto udp \
from 10.0.190.0/24 to 0.0.0.0/0 \
peer 4.3.2.2 \
srcid client.vpn dstid srv.vpn \
tag "IKED" \
tap "enc0"

$ cat /etc/iked.conf
# server side config
gw_ip = "vio0"
ikev2 "pki-server" passive ipcomp esp proto udp \
local $gw_ip peer any \
srcid srv.vpn \
tag "$name-$id" \
tap "enc0"

$ cat /etc/pf.conf
# server PF configuration

icmp_type = "{echoreq, timex, paramprob, unreach code needfrag}"

table  persist

sshSTO = "(max 5, source-track rule, max-src-states 10, max-src-nodes 16, \
max-src-conn-rate 3/30, tcp.established 3600, overload  flush 
global)"

set skip on lo
set skip on enc0
set reassemble yes
set block-policy return
set log interface egress

match in all scrub (no-df random-id max-mss 1440)
match out 

OpenIKED VPN to have whole client's system traffic routed over VPN interface

[Morgan]

Hi there!

The question is how to set default route for all client's (OBSD 6.4 road 
warrior) traffic inside IPsec using the same egress.

1. I think VPN traffic should be routed only to em0 1.2.3.4 GW 1.2.3.1 with 
DHCP assigned "clean" IP or IP
behind ISPs NAT by setting globally $vpn_if = em0 in PF and use standard IPsec 
rules for it like:

...
# isakmpd(8) itself to remote
pass in on $vpn_if inet proto udp from any to ($vpn_if) port {isakmp, 
ipsec-nat-t}
pass out on $vpn_if inet proto udp from ($vpn_if) to any port {isakmp, 
ipsec-nat-t} keep state

# ESP encapsulated IPsec traffic on $vpn_if
pass in on $vpn_if inet proto esp from any to ($vpn_if)
pass out on $vpn_if inet proto esp from ($vpn_if) to any keep state set queue 
ipsec_wan

# IP-in-IP traffic between gateways on enc(4) interface
pass in on enc0 inet proto ipencap from any to ($vpn_if) keep state (if-bound)
pass out on enc0 inet proto ipencap from ($vpn_if) to any keep state (if-bound)

# unencrypted traffic filtering on enc(4) interface
pass in on enc0 inet from 0.0.0.0/0 to 10.0.190.0/24 keep state (if-bound)
pass out on enc0 inet from 10.0.190.0/24 to 0.0.0.0/0 keep state (if-bound)
...

2. But all the client's system traffic from all the internal services and local 
LAN's should be routed to
virtual vether0 10.0.190.1 GW 10.0.190.1 by setting $ext_if = vehter0 in PF's 
global settings and leave
all the working PF rules previously configured untouched as shown below:

...
match out on $ext_if from {lo0, $lans} to any nat-to $ext_if:0
pass out quick on $ext_if inet proto tcp from $ext_if to any port {http, https} 
flags S/SA modulate state $webSTO
pass out quick on $ext_if inet proto udp from $ext_if to any keep state $bulkSTO
...

So network's map should looks like:

 Server        Road warrior OBSD client
Remote   4.3.2.2    vio0   em0      1.2.3.4 DHCP by ISP can be under 
NAT or "clean" IP
gateway  4.3.2.1 GW vio0  <=VPN==  vether0 10.0.190.1 255.255.255.0 virtual VPN 
subnet

I can't make it working using default route to send/receive whole client's 
traffic inside VPN tunnel for some reason.

Am I right with my assumption to make two default routes in client's routing 
table with upper priority for
vether0 and route-to and reply-to PF directives to connect VPN tru em0 default 
route?

Any samples, working configurations or advises will be highly appreciated.

$ ipsecctl -sa
FLOWS:
flow ipcomp in proto udp from 0.0.0.0/0 to 10.0.190.0/24 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type use
flow esp in proto ipencap from 4.3.2.2 to 1.2.3.4 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type use
flow esp in proto ipcomp from 4.3.2.2 to 1.2.3.4 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type use
flow esp out proto ipencap from 1.2.3.4 to 4.3.2.2 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type require
flow esp out proto ipcomp from 1.2.3.4 to 4.3.2.2 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type require
flow ipcomp out proto udp from 10.0.190.0/24 to 0.0.0.0/0 peer 4.3.2.2 srcid 
FQDN/client.vpn dstid FQDN/srv.vpn type require
flow esp out from ::/0 to ::/0 type deny

SAD:
ipcomp tunnel from 1.2.3.4 to 4.3.2.2 spi 0x43ee comp deflate
ipcomp tunnel from 4.3.2.2 to 1.2.3.4 spi 0x5ff0 comp deflate
esp transport from 1.2.3.5 to 4.3.2.2 spi 0x486b9b22 auth sha1 enc aes-256
esp transport from 4.3.2.2 to 1.2.3.4 spi 0xfb978ef5 auth sha1 enc aes-256

$ netstat -r (before changing vether0 routing priority)
Routing tables

Internet:
Destination GatewayFlags  Refs  UseMtu  Prio   Iface
default 1.2.3.4UGS111234   -8  em0
default 10.0.190.1 UGS0 5678   -9  vether0
...

$ cat /etc/hostname.vether0
up
10.0.190.1 255.255.255.0
!route add -priority 7 default 10.0.190.1

$ sh /etc/netstart vether0

$ netstat -r (after changing vether0 routing priority)
Routing tables

Internet:
Destination  Gateway Flags   Refs   UseMtu  Prio   Iface
default  10.0.190.1  UGS 0  5678   -7  vether0
default  1.2.3.4 UGS 11 1234   -8  em0
...

$ cat /etc/iked.conf
# client side config
gw_ip = "em0"
ikev2 "pki-client" active ipcomp esp proto udp \
from 10.0.190.0/24 to 0.0.0.0/0 \
peer 4.3.2.2 \
srcid client.vpn dstid srv.vpn \
tag "IKED" \
tap "enc0"

$ cat /etc/iked.conf
# server side config
gw_ip = "vio0"
ikev2 "pki-server" passive ipcomp esp proto udp \
local $gw_ip peer any \
srcid srv.vpn \
tag "$name-$id" \
tap "enc0"

$ cat /etc/pf.conf
# server PF configuration

icmp_type = "{echoreq, timex, paramprob, unreach code needfrag}"

table  persist

sshSTO = "(max 5, source-track rule, max-src-states 10, max-src-nodes 16, \
max-src-conn-rate 3/30, tcp.established 3600, overload  flush 
global)"

set skip on lo
set skip on enc0
set reassemble yes
set block-policy return
set log interface egress

match in all scrub (no-df random-id max-mss 1440)
match 

Re: displayport - hdmi audio

[sysmerge]

Oh...i got it, thank you, kind sir.


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
четверг, 16 января 2020 г., 18:46, Peter Hessler  написано:

> OpenBSD does not support HDMI audio at this time.
>
> On 2020 Jan 15 (Wed) at 16:16:24 + (+), sysmerge wrote:
> :Hello thee, im trying to connect my TV to Thinkpad x220 via displayport - 
> hdmi, but sound is only working on notebook not on TV.
> :I tried some tricks from audio faq from site but no result. Problem is i 
> have kinda low knowledge in audio related stuff in OpenBSD, cuz audio just 
> works fine from the box on my laptop itself.
>
> ---
>
> I do not fear computers. I fear the lack of them.
> -- Isaac Asimov

Re: How do I change the birth time of a file?

[Otto Moerbeek]

On Thu, Jan 16, 2020 at 09:20:58PM -0800, William Ahern wrote:

> On Thu, Jan 16, 2020 at 01:16:47PM +0100, Otto Moerbeek wrote:
> > On Thu, Jan 16, 2020 at 11:20:10AM +, gritzmann wrote:
> > 
> > > Hi,
> > > 
> > > How do I change the birth time of a file? `touch -acm -d "1980-01-01 
> > > 00:00:00" myfile` changes only the access, modify and change times.
> > > 
> > > `stat myfile` returns `10 215746 -rw-r--r-- 1 me me 0 0 "Jan  1 00:00:00 
> > > 1980" "Jan  1 00:00:00 1980" "Jan 16 13:00:33 2020" 16384 0 0 myfile`
> > > 
> > > Thanks!
> > > 
> > > Sent with ProtonMail Secure Email.
> > > 
> > 
> > Change time != creation time. There is no such thing as creation time
> > in unix.
> 
> Not in Unix, but with UFS2 FreeBSD added birth time, which is documented
> everywhere--including in source code--as being synonymous with "creation
> time". OpenBSD added the st_birthtime field to struct stat in 2004,
> 
>   
> https://cvsweb.openbsd.org/src/sys/sys/stat.h?rev=1.14=text/x-cvsweb-markup
>   
> https://github.com/openbsd/src/commit/cc2fc615c6e2dee87e5a3cd5a655a2ee5ef778c8
> 
> but as far as I can tell it's not set anywhere in the kernel.
> 
> FWIW, birth time has been adopted by ext4, ZFS, AFS, HAMMER2, and possibly
> other file systems, but only the *BSDs seem to have added st_birthtime in
> struct stat. On Linux it's stx_btime in struct statx, and as best I can tell
> Solaris requires querying the A_CRTIME (creation time?) attribute using
> getattrat. None of this is particularly relevant to OpenBSD, and I don't
> mean to advocate, but after having done the leg work I feel like I should
> commit this to an archive for posterity...
> 
> > The change time (c_time in struct stat) cannot be explicitly set by
> > any API and is maintained by the kernel.
> 
> As far as I can tell from the FreeBSD man page for utimes and friends, this
> is likewise true for birth time.
> 

Thanks for this detailed extra info. I was vaguely aware that some
filesystem implementations have a creation time, but

- it is not in Posix and, even if *some* filesystems have it,
- there is no API to set it and no generally accepted API to get it.

-Otto