TOFU/cert pinning in libtls
I am currently implementing a simple C client for the gemini protocol[1]. All transactions are protected using TLS, with a catch: > Clients can validate TLS connections however they like (including not > at all) but the strongly RECOMMENDED approach is to implement a > lightweight "TOFU" certificate-pinning system which treats self-signed > certificates as first- class citizens. This greatly reduces TLS > overhead on the network (only one cert needs to be sent, not a whole > chain) and lowers the barrier to entry for setting up a Gemini site > (no need to pay a CA or setup a Let's Encrypt cron job, just make a > cert and go). My basic idea for the client is: - load a db of self-signed certs. - connect to host - if host cert is self signed - if not in db, prompt user and add to db - if in db, check fingerprint and warn user if they don't match. Browsing the manuals/source code, there doesn't seem to be an easy way to configure this. I don't want to have to use the OpenSSL API for this :(. P.S. Big shoutout to Bob for his tutorial[2], it's a great introduction to an awesome library! [1] https://gemini.circumlunar.space/docs/spec-spec.txt [2] https://github.com/bob-beck/libtls/blob/ -- Stephen Gregoratto
Prefered manpage idioms?
When I'm writing new manpages, I like to draw inspiration from the documentation of similar programs. The problem is that many manpages have different ways of saying the same thing, probably due to their authors and time period they were written in. So, I'd like to ask what your preferred choice is of the following common idioms I keep finding: 1. Manpage Is it: man page man-page manpage reference manual UNIX™ Programmers Manual ...on second thought, maybe not 2. Standard output Is it: Print to standard output/error tee(1) Print to the standard output/error cat(1), echo(1) Print to stdout/stderr bzcat(1) Bonus Round: Print to ... Write to ... Print on ... readlink(1) 3. Program arguments Is it: Argument echo(1) Operand printf(1), also echo(1)? -- Stephen Gregoratto PGP: 3FC6 3D0E 2801 C348 1C44 2D34 A80C 0F8E 8BAB EC8B
Re: Upgrade procedure (6.4 -> 6.5)
On 2019-05-02 11:46, Noth wrote: > I set up a script for sysclean: > > cat sysclean65.txt | while read line ; do rm -rf "${line}" ; done Nitpick, but this could be shortened to: xargs rm -rf < sysclean??.txt Just tested this on my server, so it should work fine. -- Stephen Gregoratto PGP: 3FC6 3D0E 2801 C348 1C44 2D34 A80C 0F8E 8BAB EC8B
Re: How to print nicely formatted man pages?
In my opinion I find the PostScript/PDF output from groff to be better than mandoc's, sorry Ingo :(. The font size and line spacing makes a better print, which makes sense considering that groff is a typesetting suite. The catch is that groff doesn't detect if eqn(1) or tbl(1) needs to be run for the man page, while mandoc does. You would need to use grog(1) for that. Here are some example pdf's for the 6.4 version of man(1): https://www.sgregoratto.me/paste/man-groff.1.pdf $ groff -mandoc -T pdf /usr/share/man/man1/man.1 alternatively... $ grog -T pdf --run /usr/share/man/man1/man.1 https://www.sgregoratto.me/paste/man-mandoc.1.pdf $ mandoc -T pdf /usr/share/man/man1/man.1 alternatively... $ man -T pdf 1 man You should replace 'pdf' with 'ps' if you are using a PostScript printer. It's up to you to decide which one looks better. -- Stephen Gregoratto
[UPDATE] sysutils/neofetch to 6.0.0
Neofetch has been updated to version 6.0.0. I've bumped the port number and removed the patches, as they were pulled from upstream. Index: sysutils/neofetch/Makefile === RCS file: /cvs/ports/sysutils/neofetch/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- sysutils/neofetch/Makefile 4 Sep 2018 20:41:42 - 1.3 +++ sysutils/neofetch/Makefile 9 Jan 2019 07:22:09 - @@ -2,11 +2,11 @@ COMMENT = system information tool written in bash CATEGORIES = sysutils misc -REVISION = 1 +REVISION = 0 GH_ACCOUNT = dylanaraps GH_PROJECT = neofetch -GH_TAGNAME = 5.0.0 +GH_TAGNAME = 6.0.0 MAINTAINER = Charlene Wendling Index: sysutils/neofetch/distinfo === RCS file: /cvs/ports/sysutils/neofetch/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- sysutils/neofetch/distinfo 18 Jul 2018 09:28:55 - 1.1.1.1 +++ sysutils/neofetch/distinfo 9 Jan 2019 07:22:09 - @@ -1,2 +1,2 @@ -SHA256 (neofetch-5.0.0.tar.gz) = Kk9IU7+DuIoDeZTbxTqQyL1XCPXuszkvVtTknEnZlbM= -SIZE (neofetch-5.0.0.tar.gz) = 110526 +SHA256 (neofetch-6.0.0.tar.gz) = Jkp2iVYbtJj5fxAjGVm92PfIc2cbrC/7Zg3ppYY7HHY= +SIZE (neofetch-6.0.0.tar.gz) = 115538 Index: sysutils/neofetch/patches/patch-neofetch === RCS file: sysutils/neofetch/patches/patch-neofetch diff -N sysutils/neofetch/patches/patch-neofetch --- sysutils/neofetch/patches/patch-neofetch4 Sep 2018 20:41:42 - 1.2 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,96 +0,0 @@ -$OpenBSD: patch-neofetch,v 1.2 2018/09/04 20:41:42 bcallah Exp $ - -Battery fixes. Add support for amphour and charging status. -From upstream 71df4ffd3b20abaf21c260c5a109793d579dfa11 - -Fix WM detection, add disk and vmm(4) support -From upstream e07f545c26a47151236af3a3bc73acae62d87922 - -Index: neofetch neofetch.orig -+++ neofetch -@@ -1137,6 +1137,7 @@ get_model() { - - case "$model" in - "Standard PC"*) model="KVM/QEMU (${model})" ;; -+"OpenBSD"*) model="vmm (${model})" ;; - esac - } - -@@ -1474,8 +1475,13 @@ get_wm() { - # If function was run, stop here. - ((wm_run == 1)) && return - -+case "$uname" in -+*"OpenBSD"*)ps_flags=(x -c) ;; -+*) ps_flags=(-e) ;; -+esac -+ - if [[ "$WAYLAND_DISPLAY" ]]; then --wm="$(ps -e | grep -m 1 -o -F \ -+wm="$(ps "${ps_flags[@]}" | grep -m 1 -o -F \ --e "arcan" \ --e "asc" \ --e "clayland" \ -@@ -1512,11 +1518,11 @@ get_wm() { - - # Window Maker does not set _NET_WM_NAME - [[ "$wm" =~ "WINDOWMAKER" ]] && wm="wmaker" -- - # Fallback for non-EWMH WMs. - [[ -z "$wm" ]] && \ --wm="$(ps -e | grep -m 1 -o -F \ -+wm="$(ps "${ps_flags[@]}" | grep -m 1 -o -F \ --e "catwm" \ -+ -e "fvwm" \ --e "dwm" \ --e "2bwm" \ --e "monsterwm" \ -@@ -3084,9 +3090,20 @@ get_disk() { - - # Create an array called 'disks' where each element is a separate line from - # df's output. We then unset the first element which removes the column titles. --IFS=$'\n' read -d "" -ra disks <<< "$(df "${df_flags[@]}" "${disk_show[@]:-/}")" --unset "disks[0]" -- -+if [[ "$uname" == "OpenBSD" ]]; then -+# On OpenBSD you can't use df against a /dev/... unless being root or -+# in the 'operator' group. Making a separate disks array creation. -+df_flags=(-h) -+# building an AWK regexp -+disk_re="${disk_show[*]:-/}" -+disk_re="${disk_re// /\|}" -+disk_re="^(${disk_re//\//\\\/})\$" -+IFS=$'\n' read -d "" -ra disks <<< "$(df "${df_flags[@]}" | \ -+awk -v disk_re="$disk_re" '(NR > 1) && ($1 ~ disk_re || $6 ~ disk_re)')" -+else -+IFS=$'\n' read -d "" -ra disks <<< "$(df "${df_flags[@]}" "${disk_show[@]:-/}")" -+unset "disks[0]" -+fi - # Stop here if 'df' fails to print disk info. - [[ -z "${disks[*]}" ]] && { - err "Disk: df failed to print the disks, make sure the disk_show array is set properly." -@@ -3179,12 +3196,19 @@ get_battery() { - ;; - - "OpenBSD"* | "Bitrig"*) --battery0full="$(sysctl -n hw.sensors.acpibat0.watthour0)" --battery0full="${battery0full/ Wh*}" -+battery0full="$(sysctl -n hw.sensors.acpibat0.watthour0\ -+hw.sensors.acpibat0.amphour0)" -+battery0full="${battery0full%% *}" - --battery0now="$(sysctl -n hw.sensors.acpibat0
Re: Help with LibreSSL manpages
Thanks for your response Ingo. I think I'll start with the missing functions and go through them by order of length. I'll try and peruse through the ports and check for any examples. Speaking of functions: I'm trying to generate a list of each function, the source file it's defined in and the corresponding line number, similar to the format of `grep -n`. Is there a way to force ctags to output in some tabular format that can be AWK'd? The -x option isn't cutting it for me. -- Stephen Gregoratto
Help with LibreSSL manpages
Hello, I've recently been getting into (re)writing my manpages using mdoc(7), and came across Ingo's talk about mandoc/LibreSSL [1]. In it he mentioned that there are still some functions to document and many pages need a couple of goes over (specifically openssl(1)). Now I've never developed for Open/LibreSSL, and have an OK knowledge of C, but I do have a bit of free time over Christmas and would be happy to help out in any way. Would I need to fully grok the code before I could write the docs? [1] https://www.openbsd.org/papers/eurobsdcon2018-mandoc.pdf -- Stephen Gregoratto