Is CVE-2019-5598 affecting openbsd
Hi All, I was wondering if CVE-2019-5598 is actually affecting openBSD. I'm asking as FreeBSD is usually several versions behind and this one might not affect PF in recent openBSD versions. Best Regards, Strahil Nikolov
Re: Is CVE-2019-5598 affecting openbsd
On June 19, 2019 8:23:59 AM GMT+03:00, Theo de Raadt wrote: >Strahil Nikolov wrote: > >> I was wondering if CVE-2019-5598 is actually affecting openBSD. I'm >> asking as FreeBSD is usually several versions behind and this one >> might not affect PF in recent openBSD versions. > >https://www.openbsd.org/errata63.html#p031_pficmp > >031: SECURITY FIX: March 22, 2019 All architectures >A state in pf could pass ICMP packets to a destination IP address >that did not match the state. > >https://www.openbsd.org/errata64.html#p015_pficmp > >015: SECURITY FIX: March 22, 2019 All architectures >A state in pf could pass ICMP packets to a destination IP address >that did not match the state. > >You probably had trouble connecting the dots because the original >report >was March 19, fixed on March 20, released as errata + syspatch on March >22. then we shipped the 6.5 release on May 1. > >So that means 6.5 shipped without the problem. > >FreeBSD finally release something on May 14. > >https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/031_pficmp.patch.sig > >You may also find it hard to believe it took two nearly months for them >to merge a fix from OpenBSD which applied with mininum fuzz, validate >it, and then ship it to users. Also, that was done without mentioning >that >the fix was taken from an OpenBSD repair job which got done within 24 >hours >of the initial report. Rah rah for themselves, I suppose. Hi Theo, Thanks for the reply. Yes , I really missed that. I'm on 6.5 , so I'm good. Good Job to all developers ! This speed is really impressive. Best Regards, Strahil Nikolov
Re: Qemu Agent assistance needed
I have installed qemu, as qemu-ga cannot be installed standalone. I qm trying to have snapshots without pausing the VM and to provide basic functionality from host. Best Regards, Strahil Niolov On April 29, 2019 11:00:42 AM GMT+03:00, Solene Rapenne wrote: >On Sun, Apr 28, 2019 at 11:10:14AM +0000, Strahil Nikolov wrote: >> Hi All, >> I am new to openBSD and I really like the idea. Sadly I do not have >> suitable hardware to run on , thus I use KVM and I would be happy if >> anyone hint me of a working solution for Qemu Guest Agent. >> Anything I dig up (via google searches) show up only suggestions , >but >> nothing more.In openBSD 6.4 I successfully installed qemu (and thus >> the agent), but I can't understand how to get the device needed for >> communication with the host up and running. >> As I mainly know linux - I know that we need a kernel module that to >> be loaded and with combination of udev rules - the devices is created >> on the necessary location and with the correct rights.According to >> many google findings - openBSD doesn't support any more loadable >> kernel module support. >> I have tried to figure it out by myself, but I cannot find the >> necessary module needed, nor how to load it in a proper manner. >> Any hint is well appreciated. >> Best Regards,Strahil Nikolov >> > >qemu on openbsd doesn't support any hardware acceleration, and the >available version is quite old. > >I'm not sure it is compatible with libvirt. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Qemu Agent assistance needed
Yes , but not only. I'm using oVirt - a KVM management tool and I can currently make a snapshot only by pausing the VM or by completely stopping it first. For now, it's not a big deal - as I'm still exploring openBSD , but who knows. Also the management interface cannot provide details about CPU and RAM usage , nor I cannot gracefully shut the VM down from the interface. The oVirt manager allows automatic evacuation of the VM, if it requires more memory/cpu than the host can currently providing (for a lab overcommitting is normal). I'm just looking to enable those fancy things that make our life easier. Best Regards, Strahil Nikolov On April 29, 2019 12:07:32 AM GMT+03:00, Tom Smyth wrote: >Hello Strahil, >what are you trying to achieve with the Qemu Guest Agent ? > >is it quiescing during backups .>? > > > > > > >On Sun, 28 Apr 2019 at 20:59, Kristjan Komloši > wrote: >> >> On Sun, 2019-04-28 at 11:10 +, Strahil Nikolov wrote: >> > Hi All, >> > I am new to openBSD and I really like the idea. Sadly I do not have >> > suitable hardware to run on , thus I use KVM and I would be happy >if >> > anyone hint me of a working solution for Qemu Guest Agent. >> > Anything I dig up (via google searches) show up only suggestions , >> > but nothing more.In openBSD 6.4 I successfully installed qemu (and >> > thus the agent), but I can't understand how to get the device >needed >> > for communication with the host up and running. >> > As I mainly know linux - I know that we need a kernel module that >to >> > be loaded and with combination of udev rules - the devices is >created >> > on the necessary location and with the correct rights.According to >> > many google findings - openBSD doesn't support any more loadable >> > kernel module support. >> > I have tried to figure it out by myself, but I cannot find the >> > necessary module needed, nor how to load it in a proper manner. >> > Any hint is well appreciated. >> > Best Regards,Strahil Nikolov >> >> Kernel modules don't exist under OpenBSD to ensure security, so don't >> go there. Communication with host is probably best done through the >> serial console. Take a look at the boot.conf(8) manpage. >> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Qemu Agent assistance needed
Great. What about CPU/RAM usage. Do you believe it will be possible to report it to the management layer ? If not - there will be no use of qemu-ga at all on openBSD. Best Regards, Strahil Nikolov On April 29, 2019 2:49:43 PM GMT+03:00, Stuart Henderson wrote: >On 2019-04-29, Strahil Nikolov wrote: >> Yes , but not only. >> I'm using oVirt - a KVM management tool and I can currently make a >snapshot only by pausing the VM or by completely stopping it first. >> For now, it's not a big deal - as I'm still exploring openBSD , but >who knows. >> Also the management interface cannot provide details about CPU and >RAM usage , nor I cannot gracefully shut the VM down from the >interface. >> The oVirt manager allows automatic evacuation of the VM, if it >requires more memory/cpu than the host can currently providing (for a >lab overcommitting is normal). >> >> I'm just looking to enable those fancy things that make our life >easier. > >qemu-ga needs a way to communicate with the kernel to tell it to stop >filesystem activity etc. OpenBSD doesn't support this.
Re: Upgrade procedure (6.4 -> 6.5)
On May 4, 2019 10:11:07 AM GMT+03:00, Nick Holland wrote: >On 5/3/19 2:32 PM, Strahil Nikolov wrote: >> On May 3, 2019 10:49:55 PM GMT+03:00, Nick Holland >> wrote: >>> On 5/2/19 1:52 AM, Consus wrote: >>>> Hi, >>>> >>>> I've upgraded my systems from 6.4 to 6.5 without a glitch, but I >>>> see that /etc/networks and some other files (like malloc.conf.5) >>>> are >>> still >>>> present, although there is no use for them in the new release. >>>> >>>> Is there a reason why these files are not listed in "FIles to >>> remove"? >>>> Is there a way to track them? It's not like something gonna >>>> break, >>> but >>>> old configuration files (and manual pages) lying around can make >>>> someone's life harder during the debug session. >>> >>> There is no promise that an upgraded machine will be file-for-file >>> identical to a fresh install. Here is the list of problems this >>> might cause you, as you can see, it's a long list and quite >>> horrible: >>> >>> * If you use the same hw for 20 years, you might run out of disk >>> space? >>> >>> Ok, not very long and not very horrible. >>> >>> You are trying to solve a non-problem. And sometimes, 'specially >>> on an upgraded machine, it's great to see how things WERE when the >>> machine was set up. If you really care, go ahead, delete stuff. >>> >>> Nick. >> >> Hi All, >> >> As I linux guy (my experience in openBSD can be easily measured in >> days) I can share the view of less experienced user that was planing >> to upgrade from 6.4 to 6.5 and that eneded with a full reinstall. >> >> I tried to update a VM (stock setup) with a 10 GB disk from 6.4 to >> 6.5 and thus it seemed that booting from the 6.5 DVD will do the >> trick. Sadly the installer never checked the avalable space , but >> just started to do it's stuff until reporting that not enough space >> is available. > >The installer didn't check. Neither did you. Let's blame the >installer. Well, O can't presict how big are the new tars's size -yet the updater shoulddo that. If my /usr is too small - it should make the calculation for me and refuse to update. How do you estinate how much space do you need for the update ? Get the iso and extract each archive to predict that ? Nah let's blame the newbie. >Ok, sure, might be nice, but when there are a snootload of different >platforms with radically different size binaries, it's not trivial. Well, if it's done in linux , its doable in openBSD. >But >feel free to send in a patch. Test on two or three different >platforms, >first, though, please. I would, if I find some time... which is currently my most precious resource. >And ... considering the number of times I've seen and heard about Linux >systems hose themselves with upgrades, I question your implication. >Major Linux upgrade? Most people I know just say "Screw it. Rebuild, >reload". Linux might have the edge on incremental upgrades, but >eventually, you are going to need to move to the more current >release...and then OpenBSD starts looking REALLY GOOD. Maybe you haven't used RHEL or SUSE - they both support major upgrade (Red Hat released the tool for migration from 6 to 7. Check the release notes for RHEL 7.5) >10g disk? When I first started working with OpenBSD, that was really >big. But then, I had to manually partition the disk. 20 years later, >10G is tiny. The installer auto-partioner is really intended for >bigger >disks. Yeah, you are in "Special Case" territory, which isn't a good >spot to be as a new user. If I'm so special, then where was the warning of the installer in the first place? Just a short notice like 'You have a very small disk and upgrades might not be supported!' would be enough to keep my mouth shut. Still, there was no such warning in the first place. >> Why did the installer allow installation despite the available space >> is low ( even windows checks available space :) )??? > >The average windows user doesn't know what the units of storage mean. Yet, we are not windows users :) Are we ? openBSD is great, but it needs some improvement s and that's what I was trying to imply here, not to criticize. >> Why should the end-user delete old unnecessary/problematic files ? > >That's my question. What's the big deal? On a modern disk, just >ignore >them. They won't be a problem until long after your rotate out the hw. >Problem is, you used a 2001 vintage size disk. You should have rotated >tha
Code of Conduct location
Hello All, can someone point me to the link of the OpenBSD code of Conduct ? It seems that I can't find it even with the help of google. Best Regards, Strahil Nikolov
Qemu Agent assistance needed
Hi All, I am new to openBSD and I really like the idea. Sadly I do not have suitable hardware to run on , thus I use KVM and I would be happy if anyone hint me of a working solution for Qemu Guest Agent. Anything I dig up (via google searches) show up only suggestions , but nothing more.In openBSD 6.4 I successfully installed qemu (and thus the agent), but I can't understand how to get the device needed for communication with the host up and running. As I mainly know linux - I know that we need a kernel module that to be loaded and with combination of udev rules - the devices is created on the necessary location and with the correct rights.According to many google findings - openBSD doesn't support any more loadable kernel module support. I have tried to figure it out by myself, but I cannot find the necessary module needed, nor how to load it in a proper manner. Any hint is well appreciated. Best Regards,Strahil Nikolov
Re: Code of Conduct location
Well, the link gives enough info. Did anyone test the html to plaintext reformat option? Sadly my phone apps do not support plain text (maybe someone can recoomend one for Android). I've asked about Code of Conduct , as I didn't want to step someone on his toes :) . I'm always trying to be polite , despite the attitude of the opposite side. Best Regards, Strahil Nikolov В неделя, 28 април 2019 г., 6:29:53 ч. Гринуич-4, Anders Andersson написа: On Sun, Apr 28, 2019 at 10:04 AM Martijn van Duren wrote: > > You mean something like this the following? > https://www.openbsd.org/mail.html > > martijn@ This one sadly seems to be lacking from every code of conduct: "Respect differences in opinion and philosophy".
Re: Upgrade procedure (6.4 -> 6.5)
On May 3, 2019 10:49:55 PM GMT+03:00, Nick Holland wrote: >On 5/2/19 1:52 AM, Consus wrote: >> Hi, >> >> I've upgraded my systems from 6.4 to 6.5 without a glitch, but I see >> that /etc/networks and some other files (like malloc.conf.5) are >still >> present, although there is no use for them in the new release. >> >> Is there a reason why these files are not listed in "FIles to >remove"? >> Is there a way to track them? It's not like something gonna break, >but >> old configuration files (and manual pages) lying around can make >> someone's life harder during the debug session. > >There is no promise that an upgraded machine will be file-for-file >identical to a fresh install. Here is the list of problems this might >cause you, as you can see, it's a long list and quite horrible: > >* If you use the same hw for 20 years, you might run out of disk space? > >Ok, not very long and not very horrible. > >You are trying to solve a non-problem. And sometimes, 'specially on an >upgraded machine, it's great to see how things WERE when the machine >was >set up. If you really care, go ahead, delete stuff. > >Nick. Hi All, As I linux guy (my experience in openBSD can be easily measured in days) I can share the view of less experienced user that was planing to upgrade from 6.4 to 6.5 and that eneded with a full reinstall. I tried to update a VM (stock setup) with a 10 GB disk from 6.4 to 6.5 and thus it seemed that booting from the 6.5 DVD will do the trick. Sadly the installer never checked the avalable space , but just started to do it's stuff until reporting that not enough space is available. Why did the installer allow installation despite the available space is low ( even windows checks available space :) )??? Why should the end-user delete old unnecessary/problematic files ? Usually we do have package management system to take care of that (or at least to rename those files in case we really need them). For me, system upgrade is a very complicated and error prone procedure. P.S.: No offence here, just sharing my thoughts. Best Regards, Strahil Nikolov
Re: What is you motivational to use OpenBSD
I'm a "linux guy" who wants a little bit more security... I'm still learning openBSD, but I like the project's idea to build software with security in mind.Also, PF seems pretty good and I'm willing to learn it and if possible to deploy a CARP-ed cluster. Sadly, I am still hesitant to try the gui... yet, there are a lot of stuff this BSD can be used for - from a firewall/router to a full blown Laptop distro. And Of course, I love the documentation. Best Regards, Strahil Nikolov >I first started using it around version 4.3. I was trying BSD's after >using Linux for a bit, and tried FreeBSD first. > >But OpenBSD was the only one that supported my laptop's WiFi card. And >getting everything running was much less of a hassle. > >It's the best BSD for getting a fine workstation up quickly. > >My Thinkpad T60 running OpenBSD got me through college just fine. > >It's the first operating system that I was able to do lots of cool >sysadmin stuff because of how simple it is. > >And also the first operating system I found that was easier to find >answers in the manual, and not through Google. > >Also the OS that inspired me to learn C programming. > >OpenBSD is the best BSD, and getting better every release.
Re: Impossible to remove a broken package on 6.5.
On September 6, 2019 6:46:32 PM GMT+03:00, m...@jtm.cx wrote: >On Fri, Sep 06, 2019 at 07:13:21AM -0700, Chris Cappuccio wrote: >> Angelo Rossi [angelo.rossi.home...@gmail.com] wrote: >> > >> > # pkg_delete -v kicad >> > Can't locate object method "updateset_with_new" via package >> > "OpenBSD::PkgDelete::State" at >/usr/libdata/perl5/OpenBSD/Dependencies.pm >> > line 309. >> > >> >> Your /usr/libdata/perl5/OpenBSD directory is corrupted, this should >exist >> in /usr/libdata/perl5/OpenBSD/PkgAdd.pm >> >> Your upgrade seems to have failed >> > >The upgrade probably didn't fail. I ran into the exact same issue with >kicad-20100505p11; The package is available in 6.4, but was removed >and marked broken in 6.5 due to an issue with python-wx. I think the >error message Angelo Rossi quoted is simply an issue with `pkg_delete`. >Pkg_delete doesn't know what to do with a package that isn't available >anymore. > >I didn't know what to do here either. I just let the broken kicad >package >float around on my machine :). I tried to take a stab at fixing it, >but my knowledge of pkg_add internals is limited. Have you checked if anything in pkg_check(8) can help you ? Source: https://www.openbsd.org/faq/faq15.html Best Regards, Strahil Nikolov
Re: OpenBSD Project
On July 21, 2019 6:05:28 AM GMT+03:00, bkfuth wrote: > > >I have used OpenBSD, for years, in my computer security classes. I find >it best suited for these classes. The governance has never been an >issue. If you know what you are doing the OpenBSD community is a good >one.Stephen KolarsSent via the Samsung Galaxy Note® 4, an AT 4G LTE >smartphone > > Original message >From: Ingo Schwarze >Date: 7/20/19 21:44 (GMT-06:00) >To: freen...@gmail.com >Cc: misc@openbsd.org >Subject: Re: OpenBSD Project > >Hi,Avstin Kim wrote:> My question is, how is the OpenBSD Project >governance structured;There is no formal structure and no >"governance".In day to day business, code owners in parts of the system >decidewhat is done (for example, espie@ in pkg_add(1), myself in >mandoc(1),claudio@ in OpenBGPD, gilles@ in OpenSMTPd, jsing@ and beck@ >inLibreSSL, tj@ redgarding the website, and so on; in some areas,more >than one person owns the code, sometimes up to a handful).In general, >the people deciding ask themselves which is the besttechnical solution, >and if there is consensus among developers, itis done.In the rare cases >of serious disagreement that cannot be resolvedconsensually, or cannot >be resolved without excessive delay ordiscussion, deraadt@ reserves the >right to make a final decision,but that does not happen often.There is >no core team and certainly, there are never any elections.There are no >written rules whatsoever, and no introduction of anywritten rules is >planned for the future. The OpenBSD foundationhas absolutely no say >about any aspect of the OpenBSD project.None of all this is documented >anywhere because it doesn't matterfor users of the system.If your >choice of operating system depends on any kind of formalitiesrather >than on technical quality, OpenBSD is not the project youare looking >for.Yours, Ingo I can only add that ,from all the mailing lists I'm subscribed , misc@openbsd is the most active mailing list. This means alot for me, and I suspect for anyone else using openBSD. Best Regards, Strahil Nikolov
syspatch -c (amd64) ftp: connect: Permission denied
Hello Community, it seems that syspatch and pkg_add are having an issue with 'ftp: connect: Permission denied'. System is 6.5 and access via ftp (based on my automatic syspatch script) has seized on 03 Nov 2019. /etc/installurl is pointing to https://cdn.openbsd.org/pub/OpenBSD/ Is syspatch working for you ? Thanks in advance. Best Regards, Strahil Nikolov
Re: syspatch -c (amd64) ftp: connect: Permission denied
On November 14, 2019 11:04:15 AM GMT+02:00, Dimitrios Moustos wrote: >Hello Strahil, > >I get this very often when pf does not allow traffic out. >First check that pf allows traffic out. > >Hope it helps, Dimitrios > >On Wed, Nov 13, 2019 at 10:51:45PM +, Strahil Nikolov wrote: >> Hello Community, >> >> it seems that syspatch and pkg_add are having an issue with 'ftp: >connect: Permission denied'. >> System is 6.5 and access via ftp (based on my automatic syspatch >script) has seized on 03 Nov 2019. >> /etc/installurl is pointing to https://cdn.openbsd.org/pub/OpenBSD/ >> >> Is syspatch working for you ? >> >> >> Thanks in advance. >> >> Best Regards, >> Strahil Nikolov >> Thanks Dimitrios, I will check it out as this is my 'PF' learning lab... I might have messed the stuff last time. Best Regards, Strahil Nikolov
Raspberry Pi question
Hello Misc, did anyone try to install openBSD on Raspberry Pi 4B ? I know it's not supported , but maybe it does work :) Best Regards, Strahil Nikolov
Re: Recovering corrupted encrypted partition
On February 1, 2020 2:20:12 AM GMT+02:00, Jan Stary wrote: >On Jan 31 18:25:45, int1...@airmail.cc wrote: >> Hello, >> Recently my 6.6-stable machine lost power while on, which aparently >> corrupted a softraid crypto partition (not a boot partition) that was >> mounted. Trying to decrypt it with the same bioctl command i usually >> use fails with the error: >> softraid0: invalid metadata format > >What bioctl command is that? > >> After searching all over the mailing list archives, I couldn't find a >> solution that didn't destroy data. Some people suggested zeroing the >> first megabyte and reconfiguring the disklabel, but I'm not sure if >that >> would overwrite my existing data. > >Recreate the softraid crypto partition >and restore the data from backups. No matter you try - first step is to create a disk clone via 'dd' and use that for your tries to recover -> even if the clone is dead - it's just a copy. Then you will have the freedom to test different stuff. The first question that comes to my mind is where bioctl stores data about the 'crypto' (what offset) , so you can use a backup one in your command. Yet, I've never done crypto on openBSD - just LUKS on Linux. Best Regards, Strahil Nikolov
Re: Resource temporarily unavailable: have to recompile?
c 0 >int 18, version 1.0, legacy support >> ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 >int 17 >> usb1 at ehci0: USB revision 2.0 >> uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev >2.00/1.00 addr 1 >> ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 >int 18, version 1.0, legacy support >> ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 >int 17 >> usb2 at ehci1: USB revision 2.0 >> uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev >2.00/1.00 addr 1 >> piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x16: >polling >> iic0 at piixpm0 >> spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM >> spdmem1 at iic0 addr 0x51: 8GB DDR3 SDRAM PC3-12800 SO-DIMM >> azalia1 at pci0 dev 20 function 2 "AMD Hudson-2 HD Audio" rev 0x01: >msi >> azalia1: codecs: Realtek ALC269 >> audio0 at azalia1 >> pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11 >> ppb0 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40 >> pci1 at ppb0 bus 1 >> sdhc0 at pci0 dev 20 function 7 "AMD Hudson-2 SD Host Controller" rev >0x00: apic 0 int 16 >> sdhc0: SDHC 2.0, 50 MHz base clock >> sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma >> ppb1 at pci0 dev 21 function 0 "AMD Hudson-2 PCIE" rev 0x00 >> pci2 at ppb1 bus 2 >> ppb2 at pci0 dev 21 function 2 "AMD Hudson-2 PCIE" rev 0x00 >> pci3 at ppb2 bus 3 >> re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G >(0x4c00), msi, address 1c:b7:2c:22:fb:c9 >> rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0 >> pchb4 at pci0 dev 24 function 0 "AMD AMD64 15h Link Cfg" rev 0x00 >> pchb5 at pci0 dev 24 function 1 "AMD AMD64 15h Address Map" rev 0x00 >> pchb6 at pci0 dev 24 function 2 "AMD AMD64 15h DRAM Cfg" rev 0x00 >> pchb7 at pci0 dev 24 function 3 "AMD AMD64 15h Misc Cfg" rev 0x00 >> pchb8 at pci0 dev 24 function 4 "AMD AMD64 15h CPU Power" rev 0x00 >> pchb9 at pci0 dev 24 function 5 "AMD AMD64 15h Misc Cfg" rev 0x00 >> usb3 at ohci0: USB revision 1.0 >> uhub3 at usb3 configuration 1 interface 0 "AMD OHCI root hub" rev >1.00/1.00 addr 1 >> usb4 at ohci1: USB revision 1.0 >> uhub4 at usb4 configuration 1 interface 0 "AMD OHCI root hub" rev >1.00/1.00 addr 1 >> isa0 at pcib0 >> isadma0 at isa0 >> pckbc0 at isa0 port 0x60/5 irq 1 irq 12 >> pckbd0 at pckbc0 (kbd slot) >> wskbd0 at pckbd0: console keyboard >> pcppi0 at isa0 port 0x61 >> spkr0 at pcppi0 >> vmm0 at mainbus0: SVM/RVI >> efifb at mainbus0 not configured >> uhidev0 at uhub0 port 3 configuration 1 interface 0 "KINESIS >FREESTYLE KB800 KB800 Kinesis Freestyle" rev 1.10/1.22 addr 2 >> uhidev0: iclass 3/1 >> ukbd0 at uhidev0: 8 variable keys, 6 key codes >> wskbd1 at ukbd0 mux 1 >> uhidev1 at uhub0 port 3 configuration 1 interface 1 "KINESIS >FREESTYLE KB800 KB800 Kinesis Freestyle" rev 1.10/1.22 addr 2 >> uhidev1: iclass 3/0, 3 report ids >> uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0 >> uhid1 at uhidev1 reportid 3: input=2, output=0, feature=0 >> uhub5 at uhub1 port 1 configuration 1 interface 0 "GenesysLogic >USB2.0 Hub" rev 2.00/92.24 addr 2 >> uhub5: device problem, disabling port 1 >> uhidev2 at uhub5 port 3 configuration 1 interface 0 "Logitech USB >Receiver" rev 2.00/12.07 addr 3 >> uhidev2: iclass 3/1 >> ukbd1 at uhidev2: 8 variable keys, 6 key codes >> wskbd2 at ukbd1 mux 1 >> uhidev3 at uhub5 port 3 configuration 1 interface 1 "Logitech USB >Receiver" rev 2.00/12.07 addr 3 >> uhidev3: iclass 3/1, 8 report ids >> ums0 at uhidev3 reportid 2: 16 buttons, Z and W dir >> wsmouse0 at ums0 mux 0 >> uhid2 at uhidev3 reportid 3: input=4, output=0, feature=0 >> uhid3 at uhidev3 reportid 4: input=1, output=0, feature=0 >> uhid4 at uhidev3 reportid 8: input=1, output=0, feature=0 >> uhidev4 at uhub5 port 3 configuration 1 interface 2 "Logitech USB >Receiver" rev 2.00/12.07 addr 3 >> uhidev4: iclass 3/0, 33 report ids >> uhid5 at uhidev4 reportid 16: input=6, output=6, feature=0 >> uhid6 at uhidev4 reportid 17: input=19, output=19, feature=0 >> uhid7 at uhidev4 reportid 32: input=14, output=14, feature=0 >> uhid8 at uhidev4 reportid 33: input=31, output=31, feature=0 >> uvideo0 at uhub2 port 4 configuration 1 interface 0 "Chicony >Electronics USB2.0 VGA UVC WebCam" rev 2.00/99.16 addr 2 >> video0 at uvideo0 >> vscsi0 at root >> scsibus2 at vscsi0: 256 targets >> softraid0 at root >> scsibus3 at softraid0: 256 targets >> sd1 at scsibus3 targ 1 lun 0: SCSI2 >0/direct fixed >> sd1: 953868MB, 512 bytes/sector, 1953523553 sectors >> root on sd1a (6759d2c493c65bb1.a) swap on sd1b dump on sd1b >> initializing kernel modesetting (KAVERI 0x1002:0x130D 0x1043:0x17FD). >> radeondrm0: 1366x768, 32bpp >> wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using >wskbd0 >> wskbd1: connecting to wsdisplay0 >> wskbd2: connecting to wsdisplay0 >> wsdisplay0: screen 1-5 added (std, vt100 emulation) >> uhidev5 at uhub0 port 4 configuration 1 interface 0 "vendor 0x >USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 >> uhidev5: iclass 3/1, 1 report id >> ums1 at uhidev5 reportid 1: 3 buttons, Z dir >> wsmouse1 at ums1 mux 0 >> wsmouse1 detached >> ums1 detached >> uhidev5 detached >> uhidev5 at uhub0 port 4 configuration 1 interface 0 "vendor 0x >USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 >> uhidev5: iclass 3/1, 1 report id >> ums1 at uhidev5 reportid 1: 3 buttons, Z dir >> wsmouse1 at ums1 mux 0 >> wsmouse1 detached >> ums1 detached >> uhidev5 detached >> uhidev5 at uhub0 port 4 configuration 1 interface 0 "vendor 0x >USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 >> uhidev5: iclass 3/1, 1 report id >> ums1 at uhidev5 reportid 1: 3 buttons, Z dir >> wsmouse1 at ums1 mux 0 >> iridium[2535]: pledge "rpath", syscall 5 >> iridium[32155]: pledge "rpath", syscall 5 >> iridium[15840]: pledge "rpath", syscall 5 >> wsmouse1 detached >> ums1 detached >> uhidev5 detached >> uhidev5 at uhub0 port 4 configuration 1 interface 0 "vendor 0x >USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 >> uhidev5: iclass 3/1, 1 report id >> ums1 at uhidev5 reportid 1: 3 buttons, Z dir >> wsmouse1 at ums1 mux 0 >> wsmouse1 detached >> ums1 detached >> uhidev5 detached >> uhidev5 at uhub0 port 4 configuration 1 interface 0 "vendor 0x >USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 >> uhidev5: iclass 3/1, 1 report id >> ums1 at uhidev5 reportid 1: 3 buttons, Z dir >> wsmouse1 at ums1 mux 0 >> wsmouse1 detached >> ums1 detached >> uhidev5 detached >> uhidev5 at uhub0 port 4 configuration 1 interface 0 "vendor 0x >USB OPTICAL MOUSE" rev 1.10/1.00 addr 3 >> uhidev5: iclass 3/1, 1 report id >> ums1 at uhidev5 reportid 1: 3 buttons, Z dir >> wsmouse1 at ums1 mux 0 >> wsmouse1 detached >> ums1 detached >> uhidev5 detached >> iridium[36082]: pledge "rpath", syscall 5 >> iridium[58077]: pledge "rpath", syscall 5 >> iridium[16854]: pledge "rpath", syscall 5 >> uhidev5 at u Hi Luke, Have you tried to reuse ssh connections. In linux you can use something like this: ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h-%p ControlPersist 600 I guess it's still valid for openBSD. Best Regards, Strahil Nikolov
Re: automounter (amd) local file system issue
x0 - 0x9 >>> 0x10 - 0x7fff >>> 0xd0717000 - 0x >>> "DMA0F28" at acpi0 not configured >>> acpibtn0 at acpi0: PWRB >>> acpibtn1 at acpi0: SLPB >>> "INT33BD" at acpi0 not configured >>> "PNP0C0B" at acpi0 not configured >>> acpivideo0 at acpi0: GFX0 >>> acpivout0 at acpivideo0: DD1F >>> cpu0: using VERW MDS workaround >>> cpu0: Enhanced SpeedStep 2417 MHz: speeds: 2408, 2407, 2324, 2241, >2158, 2075, 1992, 1909, 1826, 1743, 1660, 1577, 1494, 1411, 1328 MHz >>> pci0 at mainbus0 bus 0 >>> pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x0e >>> inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x0e >>> drm0 at inteldrm0 >>> inteldrm0: msi >>> ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0e: >msi, AHCI 1.3 >>> ahci0: port 0: 3.0Gb/s >>> ahci0: port 1: 3.0Gb/s >>> scsibus1 at ahci0: 32 targets >>> sd0 at scsibus1 targ 0 lun 0: >naa.5000cca261cc252e >>> sd0: 7630885MB, 512 bytes/sector, 15628053168 sectors >>> sd1 at scsibus1 targ 1 lun 0: >naa.5000cca3b7c55b78 >>> sd1: 7630885MB, 512 bytes/sector, 15628053168 sectors >>> xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x0e: >msi, xHCI 1.0 >>> usb0 at xhci0: USB revision 3.0 >>> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev >3.00/1.00 addr 1 >>> "Intel Bay Trail TXE" rev 0x0e at pci0 dev 26 function 0 not >configured >>> azalia0 at pci0 dev 27 function 0 "Intel Bay Trail HD Audio" rev >0x0e: msi >>> azalia0: codecs: VIA/0x4760, Intel/0x2882, using VIA/0x4760 >>> audio0 at azalia0 >>> ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x0e: msi >>> pci1 at ppb0 bus 1 >>> ppb1 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0e: msi >>> pci2 at ppb1 bus 2 >>> ppb2 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x0e: msi >>> pci3 at ppb2 bus 3 >>> re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G >(0x4c00), msi, address b8:ae:ed:34:f1:a7 >>> rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0 >>> pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x0e >>> ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x0e: >apic 1 int 18 >>> iic0 at ichiic0 >>> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 SO-DIMM >>> isa0 at pcib0 >>> isadma0 at isa0 >>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12 >>> pckbd0 at pckbc0 (kbd slot) >>> wskbd0 at pckbd0: console keyboard >>> pcppi0 at isa0 port 0x61 >>> spkr0 at pcppi0 >>> it0 at isa0 port 0x2e/2: IT8728F rev 2, EC port 0xa40 >>> vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation) >>> efifb at mainbus0 not configured >>> uhub1 at uhub0 port 2 configuration 1 interface 0 "Genesys Logic >USB2.0 Hub" rev 2.00/32.98 addr 2 >>> vscsi0 at root >>> scsibus2 at vscsi0: 256 targets >>> softraid0 at root >>> scsibus3 at softraid0: 256 targets >>> sd2 at scsibus3 targ 1 lun 0: >>> sd2: 7577604MB, 512 bytes/sector, 15518933033 sectors >>> root on sd2a (ec7ef108fc3d18e6.a) swap on sd2b dump on sd2b >>> drm:pid0:connector_bad_edid *WARNING* HDMI-A-2: EDID is invalid: >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>>[00] ZERO 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> inteldrm0: 1024x768, 32bpp >>> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using >wskbd0 >>> wsdisplay0: screen 1-5 added (std, vt100 emulation) >>> >> Hi Nick, Can you test removing '-w 10' from the daemon's flags in order to test with the default 2min timeout. I have a vague feeling that 10 seconds is way too short... Best Regards, Strahil Nikolov
Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System
On January 1, 2020 2:14:03 PM GMT+02:00, Frank Beuth wrote: >On Wed, Jan 01, 2020 at 10:29:53AM +, e...@isdaq.com wrote: >>> But I don't want deeper point to get missed -- which is that if eecd >>> doesn't like the idea of regulating what the programmer can do, then >the >>> programmer has to have the skills to safely write unsafe code. >> >>no you're belying the point: the good programmer regulates himself >>while you >>want to police everything and everyone else to compensate for your own >>shortcomings > >I don't think I suggested anywhere that I want to police anyone else. I >largely agree with what you write with respect to self-regulation. >However, I'm not sure that ranting about it on misc@ is the most >effective way to make positive progress in the desired direction. I have never imagined the day when so much spam will cover this mailing list. Don't we have 's...@openbsd.org' for that purpose ? If not, now is the time to consider creating one. Anyway, perl is not my favourite - but at least it does the job in a predictable manner. Best Regards, Strahil Nikolov
Re: Raspberry Pi question
В неделя, 22 декември 2019 г., 20:15:20 ч. Гринуич+2, Stuart Longland написа: On 23/12/19 4:03 am, Strahil Nikolov wrote: > did anyone try to install openBSD on Raspberry Pi 4B ? > I know it's not supported , but maybe it does work :) >Or maybe not as it's a very different SoC. >Core might be an ARM, but it'll have its peripherals in different places >to that of the Pi 3 and an OS kernel won't be smart enough to figure >that out without being told. >-- >Stuart Longland (aka Redhatter, VK4MSL) >I haven't lost my mind... > ...it's backed up on a tape somewhere. Hi Stuart, thanks for the reply. So far I have been using only x86_64 and everything was "ready to go",and I have never thought about that. Any ideas if Pi 4B will be supported, or I should stick with Linux. Best Regards, Strahil Nikolov
Re: Wine for OpenBSD?
On April 12, 2020 10:24:09 AM GMT+03:00, slackwaree wrote: >You don't want wine anyway. That is the shining example of badly >written software which sucked 15 years ago the same way it does today. >They tried to make it better with cedega, crossover office and what not >and failed miserably. All you could get out of it is to run basic apps >like notepad or calc even those with tons of bugs like borders, frames >missing, broken fonts, crashes etc. They claimed it can run game X,Y,Z >but who cares about it when Windows can run all games perfectly. This >is ain't the 90's man everyone can afford to have 2-3 or more PCs at >home and with all these virtualization supports like vmware, virtualbox >around which just runs perfectly windows applications in windows I even >ask the question why is wine still exist, probably it's someones pet >project who don't want to let it go... > > > >‐‐‐ Original Message ‐‐‐ >On Saturday, April 11, 2020 12:15 PM, Nikita Stepanov > wrote: > >> Wine for OpenBSD? Nah... Some people (like me) doesn't want to have windows at all. Sadly, karma is a b**ch and now I got a Win VM :) Yet, you won't need windows just to run a single app occasionally. I don't claim that wine is great, but it is useful . For me porting WINE to the BSD family is not worth it and utterly useless. On the other side ZFS is a more reasonable approach and if anyone asks - I think that openBSD can securely host VMs and in such use - ZFS or LVM can be quite useful. Best Regards, Strahil Nikolov
Re: boot drive hide and seek on new notebook
On April 29, 2020 12:06:02 PM GMT+03:00, "f.holop" wrote: >Chris Bennett - Tue, 28 April 2020 at 23:03:32 >> Some BIOS's require you to select legacy boot and legacy boot before >> UEFI in order to boot off of a USB. Also might need to turn off boot >> security option, too. >> >> A lot of BIOS's suck nowadays. Who woulda thought that examining the >> BIOS would become a purchasing decision? > >couple of points i did not go into (but i plan to make a longer >writeup): > >1. legacy boot is NOT an option in this BIOS. the ASUS knowledge >base site says this option was removed for any Coffee Lake or later >CPU, >so it's not coming back. For me this is an issue only because my old >notebook cannot boot UEFI, and this new one cannot boot legacy :D >so i cannot share the usb key between them. > >2. secure boot MUST be disabled. no way to boot a usb key otherwise >without mucking with platform keys or such. In this particular (full >GUI) BIOS with a "dumb mode" and an "advanced mode", there is no >"disable secure boot" option and the installed secure keys must be >NUKED >for secure boot to be disabled. > >I agree that BIOS is very important, but it's impossible to use it as a >purchasing decision. It is never indicated in the tech specs, and i >havent bought a notebook in a shop where i MIGHT be allowed to enter >the >bios in more than a decade. Even then, an update might change anything >in a flash of an eye. > > >Besides sharing information in my email I was kind of asking if maybe >the boot program needs some changes to be able to detect the boot drive >even without entering the BIOS (which seems to initialize something >that >makes the detection work as it is). > >To reiterate: if the boot order is changed in BIOS and saved, at >startup >the USB key boots up, but sees only itself. If I enter the BIOS and >use >the boot order menu there to select the usb key, it boots up and sees >the internal drive as well. > >-f Have you tried to edit the windows boot loader and somehow boot the openBSD? I have done that approach ages ago where grub was on second disk and I made windows boot loader (legacy mode) to boot from the next disk and then grub kicked in. Of course , you can try the opposite - somehow openBSD to boot the windows :) Best Regards, Strahil Nikolov
Re: More than 16 partitions
On April 23, 2020 10:46:44 PM GMT+03:00, Theo de Raadt wrote: >You need to stop making this mailing list just about you. > >STFU. > > > wrote: > >> "Martin Schröder" wrote: >> > Am Do., 23. Apr. 2020 um 21:31 Uhr schrieb : >> >> No problem. Would it be too crude a suggestion that we go back to >the >> >> content now...? >> > >> > You didn't provide any patch. >> >> That is entirely correct. >> >> --zeurkous. >> >> -- >> Friggin' Machines! >> Some of these e-mails were useful others not... So, can I setup openBSD labels on x86_64 without legacy/GPT partition first ? And who the hell needs more than 16 partitions ? Why not we just port ZFS from FreeBSD, or LVM from Linux and get over it ? P.S.: The last one was not a real question, but I would like to hear if anyone has attempted to port any of these 2 . Best Regards, Strahil Nikolov
Re: More than 16 partitions
On April 25, 2020 4:09:53 AM GMT+03:00, Theo de Raadt wrote: >Allan Streib wrote: > >> Theo de Raadt writes: >> >> > OpenBSD has apparently become popular amongst people who can't >think >> > and connect "real world constraints" and "reality" with "no >alternative >> > decision was possible". This is very common amongst people who >won't >> > lift their finger. >> >> I'm not the one complaining about the 16 partition limit, and I'm not >> asking for anything to change. I've only said I think it's something >> that is the way it is because of the design decisions made on the >basis >> of "reality" at the time, and which probably didn't contemplate the >day >> when everyone would have multi-terabyte hard drives and that people >> might want more than 16 partitions. I stand corrected on that >> speculation if I'm wrong. > >Reality hasn't changed. A sector is still 512 bytes, and >disklabel has to fit in it. > >You are not LISTENING. Does this mean that with a sector of 4096 (modern HDDs/SSDs) and a patch - we can have larger disklabel ? Best Regards, Strahil Nikolov
Re: lost pf state - disappeared before expiration?
On May 18, 2020 1:58:49 AM GMT+03:00, "Paul B. Henson" wrote:
>I'm trying to set a longer timeout on a udp state, and for some reason
>it
>seems to be disappearing before the expiration 8-/.
>
>There are 3 rules involved:
>
>pass in quick on vlan110 proto udp from any to port = 9430 tag VOIP_UDP
>keep state (udp.multiple 360)
>
>pass out quick on $ext_if proto udp tagged VOIP_UDP keep state
>(udp.multiple 360)
>
>match out on $ext_if from 10.128.0.0/16 nat-to { $ext_vip }
>sticky-address
>
>I turned on pf debugging, when the connection is created I see:
>
>
>May 17 15:36:39 lisa /bsd: pf: key search, in on vlan110: UDP wire: (0)
>10.128.110.73:9430 198.148.6.55:9430
>May 17 15:36:39 lisa /bsd: pf: key setup: UDP wire: (0)
>10.128.110.73:9430 198.148.6.55:9430 stack: (0) -
>May 17 15:36:39 lisa /bsd: pf: key search, out on em2: UDP wire: (0)
>198.148.6.55:9430 10.128.110.73:9430
>May 17 15:36:39 lisa /bsd: pf: key setup: UDP wire: (0)
>198.148.6.55:9430 96.251.22.157:63529 stack: (0) 198.148.6.55:9430
>10.128.110.73:9430
>
>and there are state entries:
>
>all udp 198.148.6.55:9430 <- 10.128.110.73:9430 MULTIPLE:MULTIPLE
>age 00:02:21, expires in 00:05:00, 29:29 pkts, 14166:18501 bytes, rule
>63
>all udp 96.251.22.157:55205 (10.128.110.73:9430) -> 198.148.6.55:9430
>MULTIPLE:MULTIPLE
>age 00:02:21, expires in 00:05:00, 29:29 pkts, 14166:18501 bytes, rule
>48, source-track
>
>However, right after the 5 minute mark the states disappear. The last
>pf log
>entries are;
>
>May 17 15:38:47 lisa /bsd: pf: key search, in on vlan110: UDP wire: (0)
>10.128.110.73:9430 198.148.6.55:9430
>May 17 15:38:47 lisa /bsd: pf: key search, out on em2: UDP wire: (0)
>198.148.6.55:9430 10.128.110.73:9430
>
>I was hoping to see something about expiration in the pf debug logs but
>this is all that appears to be available.
>
>Any idea why these states would go away when there is 5 minutes left
>before the expiration?
>
>Thanks much...
Short googling shows me:
In the case of protocols without "start" and "end" packets, PF simply keeps
track of how long it has been since a matching packet has gone through. If the
timeout is reached, the state is cleared. The timeout values can be set in the
options section of the pf.conf file.
What is your conf having as a timeout ?
Best Regards,
Strahil Nikolov
openBSD on chromebook ASUS c202sa-ys02
Hello Community, did anyone manage to install openBSD on a ASUS c202sa-ys02 chromebook ? What about any other chromebook? If yes, would you share some thoughts/warning/recommendations ? Thanks in advance. Best Regards, Strahil Nikolov
No watchdog detected (IT8613)
Hello All, can someone tell me if the watchdog in IT8613 Super IO chip is supported. I'm trying to setup a router with openBSD 6.7 (stable) and I would love to have the watchdog up and running, yet I can't see the watchdog in dmesg(see below). When I activate the watchdog in bios, the system is reset on timer expiry - so it is definitely working. Best Regards, Strahil Nikolov OpenBSD 6.7 (GENERIC.MP) #5: Tue Jul 21 13:50:07 MDT 2020 r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8491597824 (8098MB) avail mem = 8221622272 (7840MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xa4ef3000 (81 entries) bios0: vendor American Megatrends Inc. version "5.011" date 12/21/2018 bios0: INTEL Corporation CRESCENTBAY acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT ASF! SSDT SSDT SSDT DMAR acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) SIO1(S3) PS2M(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.51 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz, 06-3d-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz, 06-3d-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus 7 (RP02) acpiprt6 at acpi0: bus 8 (RP03) acpiprt7 at acpi0: bus 9 (RP04) acpiprt8 at acpi0: bus -1 (RP05) acpiprt9 at acpi0: bus -1 (RP06) acpiprt10 at acpi0: bus -1 (RP07) acpiprt11 at acpi0: bus -1 (RP08) acpiec0 at acpi0: not present acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: WRST acpipwrres4 at a
Re: Logging in/out on console while logged in in X removes hardware acceleration
Hi All, can somwone explain me why all login sessions use /dev/drm0 and not /dev/drm1 or something like that ? Best Regards, Strahil Nikolov На 2 август 2020 г. 18:22:23 GMT+03:00, li...@wrant.com написа: >Fri, 31 Jul 2020 17:36:53 +0200 Nils Reuße >> Hi Theo, >> >> thank you for your reply. Well then, I guess I just stop switching >> around between different login sessions ;) >> >> Nils >> >> >> Am 31.07.2020 um 16:08 schrieb Theo de Raadt: >> > I'm not sure what can be done about it. >> > >> > /etc/fbtab's first role is to give access to subsystems, but it's >> > second more important role is to *take them away* later. >> > >> > Unfortunately there is nothing "keeping state" about previous >access >> > conditions, as well it is quite unclear if reverting to previous >access >> > conditions would be a safe choice. >> > > >Hi Nils, > >Or use own tooling to reset desired permissions when you're in X again, >try to see if your window manager accepts bindings and use it instead..
Re: Logging in/out on console while logged in in X removes hardware acceleration
Thanks for the reply. In the first place, I was wondering if creation of /dev/drm1 (same major and minor) is even possible. In Linux I can create as many devices I need pointing to the same major & minor numbers (for example creating a /dev/null for a chroot jail). If the logic is the same, then each login can create a separate device and later just remove it on logout. Yet, from security perspective it could be a bad solution ... Best Regards, Strahil Nikolov На 2 август 2020 г. 23:42:08 GMT+03:00, Mihai Popescu написа: >> can somwone explain me ... > >I guess one can, but it must be from old unix days. Things got changed >and >mixed, but they are considered ordinary now, so ordinary that even a >basic >newbie unix book skips them entirely. >I am curious even now what is the link among shell, terminal, console, >tty. >Even the newbies list is closed. > >All this will not hinder OpenBSD development, so use it as it is and >try to >grab some answers from internet, good or bad ones it is to you to >check.
Re: OpenBSD Readonly File System
And if the FS is mounted rw, do you have the issue ? Best Regards, Strahil Nikolov На 11 юли 2020 г. 10:22:53 GMT+03:00, Vertigo Altair написа: > Hello Again, >I followed Stuart's recommendations, > >in fstab, / has read-write permissions; >also, I mounted /dev as ramdisk, ( I executed "MAKEDEV all" in >/dev_src >directory for once) > >vertigo# cat /etc/fstab >5e045fec2af2ab03.b none swap sw >5e045fec2af2ab03.a / ffs rw 1 1 > 5e045fec2af2ab03.e /mydir ffs rw 1 1 >5e045fec2af2ab03.d /usr ffs ro,wxallowed,nodev 1 2 >swap /dev mfs rw,async,noatime,nosuid,dev,-s32M,-i8,-P/dev_src 0 0 > >and I'm updating / as readonly in rc.local; > >vertigo# cat /etc/rc.local >mount -fur / > >Everything is OK right now. However, when I try to run radiusd, I'm >getting >"failed to opening /dev/null: permission denied" error. >All configs, and files related with radiusd are in read-write /mydir >directory. >I tried to change the permission for /dev/ as 776 and /dev/null as 777 >but >this didn't work. > >vertigo# /usr/local/sbin/radiusd -X -d /mydir/etc/raddb >FreeRADIUS Version 3.0.21 >Copyright (C) 1999-2019 The FreeRADIUS server project and contributors >There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A >PARTICULAR PURPOSE >You may redistribute copies of FreeRADIUS under the terms of the >GNU General Public License >For more information about these matters, see the file named COPYRIGHT >Starting - reading configuration files ... >including dictionary file /usr/local/share/freeradius/dictionary >including dictionary file /usr/local/share/freeradius/dictionary.dhcp >including dictionary file /usr/local/share/freeradius/dictionary.vqp >including dictionary file /mydir/etc/raddb/dictionary >including configuration file /mydir/etc/raddb/radiusd.conf >including configuration file /mydir/etc/raddb/proxy.conf >including configuration file /mydir/etc/raddb/clients.conf >including files in directory /mydir/etc/raddb/mods-enabled/ >including configuration file /mydir/etc/raddb/mods-enabled/always >including configuration file /mydir/etc/raddb/mods-enabled/attr_filter >including configuration file /mydir/etc/raddb/mods-enabled/cache_eap >including configuration file /mydir/etc/raddb/mods-enabled/chap >including configuration file /mydir/etc/raddb/mods-enabled/date >including configuration file /mydir/etc/raddb/mods-enabled/detail >including configuration file /mydir/etc/raddb/mods-enabled/detail.log >including configuration file /mydir/etc/raddb/mods-enabled/digest >including configuration file >/mydir/etc/raddb/mods-enabled/dynamic_clients >including configuration file /mydir/etc/raddb/mods-enabled/eap >including configuration file /mydir/etc/raddb/mods-enabled/echo >including configuration file /mydir/etc/raddb/mods-enabled/exec >including configuration file /mydir/etc/raddb/mods-enabled/expiration >including configuration file /mydir/etc/raddb/mods-enabled/expr >including configuration file /mydir/etc/raddb/mods-enabled/files >including configuration file /mydir/etc/raddb/mods-enabled/linelog >including configuration file /mydir/etc/raddb/mods-enabled/logintime >including configuration file /mydir/etc/raddb/mods-enabled/mschap >including configuration file /mydir/etc/raddb/mods-enabled/ntlm_auth >including configuration file /mydir/etc/raddb/mods-enabled/pap >including configuration file /mydir/etc/raddb/mods-enabled/passwd >including configuration file /mydir/etc/raddb/mods-enabled/preprocess >including configuration file /mydir/etc/raddb/mods-enabled/radutmp >including configuration file /mydir/etc/raddb/mods-enabled/realm >including configuration file /mydir/etc/raddb/mods-enabled/replicate >including configuration file /mydir/etc/raddb/mods-enabled/soh >including configuration file /mydir/etc/raddb/mods-enabled/sradutmp >including configuration file /mydir/etc/raddb/mods-enabled/unix >including configuration file /mydir/etc/raddb/mods-enabled/unpack >including configuration file /mydir/etc/raddb/mods-enabled/utf8 >including files in directory /mydir/etc/raddb/policy.d/ >including configuration file /mydir/etc/raddb/policy.d/abfab-tr >including configuration file /mydir/etc/raddb/policy.d/accounting >including configuration file /mydir/etc/raddb/policy.d/canonicalization >including configuration file /mydir/etc/raddb/policy.d/control >including configuration file /mydir/etc/raddb/policy.d/cui >including configuration file /mydir/etc/raddb/policy.d/debug >including configuration file /mydir/etc/raddb/policy.d/dhcp >including configuration file /mydir/etc/raddb/policy.d/eap >including configuration file /mydir/etc/raddb/policy.d/filter >including configuration file >/mydir/etc/raddb/policy.d/moonshot-targeted-ids &g
Re: OpenBSD Readonly File System
I always thought that 'sync' mount option is enough to avoid corruption of the FS. Am I just "fooling" myself ? Best Regards, Strahil Nikolov На 10 юни 2020 г. 7:46:48 GMT+03:00, Dirk Coetzee написа: >I have been in a similar situation of power being unreliable and no >UPS, so I sympathize. > >This is how I have achieved RO filesystem (default partitions) > >1. Add to /etc/fstab > swap /dev mfs rw,-P=/dev,-s=32m 0 0 > >2. Create RO Script > #!/bin/sh > > UP=$(( $(date +%s) - $(sysctl -n kern.boottime) )) ## Date in >Seconds subtracted from OS boot time > > if [ $UP -lt 3600 ]; then ## > If less than 1 hour - >leave system as is. No modification of FS. You can add crontab for this >script to run every hour. > exit 1 > else > mount -uvr / > mount -uvr /usr > mount -uvr /usr/X11R6 > mount -uvr /usr/local > mount -uvr /usr/obj > mount -uvr /usr/src > fi > > exit 1 > > >Obviously this is a last resort. Default partitions, etc should remain >as devs intended. The Developers also assume a work (RW) filesystem. > >I have a RW script that I run before doing sysupgrade / syspatch etc. >Also make the Filesystems RW before rebooting. > > > > >-Original Message- >From: owner-m...@openbsd.org On Behalf Of Joe >Barnett >Sent: Wednesday, 10 June 2020 8:02 AM >To: Vertigo Altair >Cc: Misc >Subject: Re: OpenBSD Readonly File System > >On 2020-06-09 00:59, Vertigo Altair wrote: >> Hi Misc, >> I have a firewall device and I'm using OpenBSD on it. There is an >> electricity problem where the device runs. Therefore, I have to run >> the "fsck -y" command regularly at startup due to the electricity >problem. >> To >> overcome this, I want to use readonly file system. >> I know there are some projects like "resflash", but I want to do >that >> manually. > >I have hacked and slashed my way to this kind of configuration for my >firewall/gateway and a few other machines -- and with what appears to >be good results. Please understand this is almost certainly not >supported by the project. I have outlined this at the following URL: > >https://www.mr72.com/readonlyfs.html > >I hope this helps. Any feedback will be greatly appreciated. > >Good luck! > >Joe > >> My partitions like this; >> >> vertigo# df -h >> Filesystem SizeUsed Avail Capacity Mounted on >> /dev/sd0a 3.9G489M3.2G13%/ >> /dev/sd0g 91.8G1.0G 86.2G 1%/mypartition >> /dev/sd0d 989M 12.0K940M 0%/tmp >> /dev/sd0f 3.9G1.7G2.0G46%/usr >> /dev/sd0e 3.9G 46.9M3.6G 1%/var >> >> I want to / and /usr as readonly, I updated /etc/fstab and I made / >> and /usr readonly; >> >> vertigo# cat /etc/fstab >> ec347fefe8d05509.b none swap sw >> ec347fefe8d05509.a / ffs ro 1 1 >> ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2 >> ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2 ec347fefe8d05509.f >> /usr ffs ro,wxallowed,nodev 1 2 ec347fefe8d05509.e /var ffs >> rw,nodev,nosuid 1 2 >> >> >> On startup following errors comming from /etc/rc; I think errors >about >> /etc/motd are not so important, but are the errors coming from >> /etc/tty* >> can cause any problems? If my method is not correct, what is the best > >> way to do this? >> >>>> OpenBSD/amd64 BOOTX64 3.50 >> boot> >> booting hd0a:/bsd: 12957000+2753552+327712+0+708608 >> [807408+128+1024872+749630]=0x1271a18 >> entry point at 0x1001000 >> [ using 2583064 bytes of bsd ELF symbol table ] Copyright (c) 1982, >> 1986, 1989, 1991, 1993 >> The Regents of the University of California. All rights >> reserved. >> Copyright (c) 1995-2020 OpenBSD. All rights reserved. >> https://www.OpenBSD.org >> >> OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun 4 09:55:08 MDT 2020 >> >> >r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GEN >> ERIC.MP >> real mem = 4151607296 (3959MB) >> avail mem = 4013170688 (3827MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries) >> bios0: vendor American Megatrends Inc. version "BAR3NA05" date >> 07/23/2018 >> bios0: NF533 NF533 >> acpi0 at bios0: ACPI 5.0 >> acpi0: sleep states S0 S3 S4 S
Re: OpenBSD Readonly File System
In Linux, the kernel can force flushing the disk cache (which also can be disabled ) via fsync() call . That feature is called 'write barrier'. As I'm not a developer, I never read that portion of the source of openBSD , so I got no idea if similar logic can be used in openBSD. Does 'softdep' represents the behaviour of 'write barriers' in Linux ? Best Regards, Strahil Nikolov На 13 юни 2020 г. 19:56:18 GMT+03:00, "Todd C. Miller" написа: >On Sat, 13 Jun 2020 12:12:05 -0400, Nick Holland wrote: > >> On 2020-06-11 12:07, Strahil Nikolov wrote: >> > I always thought that 'sync' mount option is enough to avoid >> > corruption of the FS. Am I just "fooling" myself ? >> >> As "sync" is the default...yes, I think you are. > >Actually, by default only metadata is written synchronously. The >"sync" mount option causes data to be written synchronously too. >Of course, the disk *itself* has a cache so even with synchronous >writes you can't be sure the data has actually made it to the platter. > >So yes, I agree that sync mounts are not really enough to help here. >You are probably correct that softdep is better for this kind of >thing since it does a better job of keeping the filesystem in a >consistent state, at the cost of missing data when there is an >unclean shutdown. In theory, the on-device cache can still cause >issues when you lose power though. > > - todd
