Re: 'not a valid hostname' error in 'bsd.rd' when using ,htaccess authorization
On Wed, Jul 20, 2022 at 9:09 AM Alexander Hall wrote: > > > [snip] > >The password '=ilovefreya=' has a leading and trailing '='. Tomorrow I > >will eliminate those '='s and see whether that helps. > > See > https://github.com/openbsd/src/blob/636cc85955243f5226db2246a74229481ad6bac2/distrib/miniroot/install.sub#L1838 > > It seems we do not allow "@" either at the moment... > > /Alexander > > Thank you, A pity I did not see your post earlier, In the installer, I had to page with lousy 'more(1)' to find that location. It is on line 1422 of 'install.sub' of the 7.1 bsd.rd. As reported in my other mail, adding "@" to the regex, as well as eliminating the "=" from the password solved it and I was able to install.
Re: 'not a valid hostname' error in 'bsd.rd' when using ,htaccess authorization
At about line 1422 of the install.sub the hostname is checked with a ksh specific pattern: cat -n install.sub | sed -ne '/?(http/p' 1422 ?(http?(s)://)+([A-Za-z0-9:.\[\]_-])) With sed(1) I added "@" to the pattern cat -n install.sub | sed -ne '/?(http/p' 1422 ?(http?(s)://)+([@A-Za-z0-9:.\[\]_-])) And now the the server name validates as OK: Location of sets? (disk http nfs or 'done') [http] HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] HTTP Server? (hostname, list#, 'done' or '?') [ wodan:ilovefreya@192.168.222.242] Server directory? [pub/OpenBSD/7.1/amd64] OpenBSD/7.1/amd64 Unable to connect using HTTPS; using HTTP instead. Select sets by entering a set name, a file name pattern or 'all'. De-select sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'. [X] bsd [X] man71.tgz [X] xfont71.tgz [X] bsd.rd [X] game71.tgz [X] xserv71.tgz [X] base71.tgz [X] xbase71.tgz [ ] site71.tgz [X] comp71.tgz [X] xshare71.tgz[X] site71-df-us.tgz Set name(s)? (or 'abort' or 'done') [done] -comp* -game* -x* site* done Get/Verify SHA256.sig 100% |**| 2144 00:00 So with the addition of '@' as well as using an user name and password that matches the regex pattern it works well. A happy camper On Wed, Jul 20, 2022 at 6:06 AM Adriaan wrote: > I am testing autoinstall for a VPS hosted in a datacenter. By using an > OpenBSD native VM on my desktop > I got all my issues with 'install.conf' and 'install.site' solved. > > To provide some access control I created an '.htaccess' file for my > local httpd server at 192.168.222.242 and > for my external webserver xyz.nl > > The retrieval of 'install.conf' as well as the autopartitioning > template are successful: > > Response file location? [http://192.168.222.10/install.conf] > https://wodan:=ilovefreya=@xyz.nl/install.conf > Fetching https://wodan:=ilovefreya=@xyz.nl/install.conf > Performing non-interactive install... > Terminal type? [vt220] vt220 > [snip] > > URL to autopartitioning template for disklabel? [none] > https://wodan:=ilovefreya=@xyz.nl/7.1/amd64/df-us-40gb.txt > Fetching https://wodan:=ilovefreya=@xyz.nl/7.1/amd64/df-us-40gb.txt > > So far so good > > However the installing of the sets fails with a 'not a valid hostname' > > Location of sets? (disk http nfs or 'done') [http] http > HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none > HTTP Server? (hostname, list#, 'done' or '?') [192.168.222.242] > wodan:=ilovefreya=@192.168.222.242 > 'wodan:=ilovefreya=@192.168.222.242' is not a valid hostname. > > The same error occurs when I want to install the custom site* sets > from my non-local xyz.nl server > > HTTP Server? (hostname, list#, 'done' or '?') [192.168.222.242] > wodan:=ilovefreya=@xyz.nl > 'wodan:=ilovefreya=@xyz.nl' is not a valid hostname. > > So using an username and password for .htaccess control is accepted by > bsd.rd for the 'install.conf' and > autopartioning template, while it errors out when dealing with the install > sets. > > The password '=ilovefreya=' has a leading and trailing '='. Tomorrow I > will eliminate those '='s and see whether that helps. > > Adriaan van Roosmalen >
'not a valid hostname' error in 'bsd.rd' when using ,htaccess authorization
I am testing autoinstall for a VPS hosted in a datacenter. By using an OpenBSD native VM on my desktop I got all my issues with 'install.conf' and 'install.site' solved. To provide some access control I created an '.htaccess' file for my local httpd server at 192.168.222.242 and for my external webserver xyz.nl The retrieval of 'install.conf' as well as the autopartitioning template are successful: Response file location? [http://192.168.222.10/install.conf] https://wodan:=ilovefreya=@xyz.nl/install.conf Fetching https://wodan:=ilovefreya=@xyz.nl/install.conf Performing non-interactive install... Terminal type? [vt220] vt220 [snip] URL to autopartitioning template for disklabel? [none] https://wodan:=ilovefreya=@xyz.nl/7.1/amd64/df-us-40gb.txt Fetching https://wodan:=ilovefreya=@xyz.nl/7.1/amd64/df-us-40gb.txt So far so good However the installing of the sets fails with a 'not a valid hostname' Location of sets? (disk http nfs or 'done') [http] http HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none HTTP Server? (hostname, list#, 'done' or '?') [192.168.222.242] wodan:=ilovefreya=@192.168.222.242 'wodan:=ilovefreya=@192.168.222.242' is not a valid hostname. The same error occurs when I want to install the custom site* sets from my non-local xyz.nl server HTTP Server? (hostname, list#, 'done' or '?') [192.168.222.242] wodan:=ilovefreya=@xyz.nl 'wodan:=ilovefreya=@xyz.nl' is not a valid hostname. So using an username and password for .htaccess control is accepted by bsd.rd for the 'install.conf' and autopartioning template, while it errors out when dealing with the install sets. The password '=ilovefreya=' has a leading and trailing '='. Tomorrow I will eliminate those '='s and see whether that helps. Adriaan van Roosmalen
Re: Old cd57.iso in snapshots for i386
This issue of having a cd57.iso, with an ancient bsd.rd from Jan 12, is still not resolved. The latest i386 snapshot still has a cd57.iso which has not been updated for about 6 weeks. From ftp.openbsd.org : 47367 Feb 22 03:30 INSTALL.i386 1725 Feb 23 02:26 SHA256 1888 Feb 23 02:26 SHA256.sig 52892964 Feb 22 03:24 base57.tgz 10596435 Feb 22 03:24 bsd 10628609 Feb 22 03:24 bsd.mp 6966469 Feb 22 03:30 bsd.rd 7081984 Jan 12 00:28 cd57.iso When booted with this cd57.iso the installer shows: OpenBSD 5.7-beta (RAMDISK_CD) #622: Mon Jan 12 00:24:58 MST 2015 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD The install proceeds without further issues. From the first boot: OpenBSD 5.7-beta (GENERIC) #718: Sun Feb 22 03:18:56 MST 2015 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC When I reboot this freshly installed system and select its ./bsd.rd to reinstall: OpenBSD 5.7-beta (RAMDISK_CD) #695: Sun Feb 22 03:29:08 MST 2015 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD Is todd@ building these snapshots? On Mon, Feb 16, 2015 at 6:02 AM, Adriaan misc.adri...@gmail.com wrote: Somehow an old cd57.iso file is listed in the latest snapshot(s) for i386. The following is from a rsync with the Dutch nluug.org mirror/ $ ls -l /home/www/snapshots/i386 total 438508 -rw-r--r-- 1 root wheel 47367 Feb 13 20:31 INSTALL.i386 -rw-r--r-- 1 root wheel 1725 Feb 13 20:39 SHA256 -rw-r--r-- 1 root wheel 1888 Feb 13 20:39 SHA256.sig -rw-r--r-- 1 root wheel 52880665 Feb 13 20:26 base57.tgz -rwxr-xr-x 1 root wheel 10596320 Feb 13 20:25 bsd -rwxr-xr-x 1 root wheel 10628494 Feb 13 20:25 bsd.mp -rwxr-xr-x 1 root wheel 6966477 Feb 13 20:31 bsd.rd -rw-r--r-- 1 root wheel 7081984 Jan 12 08:28 cd57.iso ^ -rw-r--r-- 1 root wheel 46082227 Feb 13 20:26 comp57.tgz -rw-r--r-- 1 root wheel 1474560 Feb 13 20:31 floppy57.fs -rw-r--r-- 1 root wheel 1489 Feb 13 20:39 index.txt -rw-r--r-- 1 root wheel 8983090 Feb 13 20:26 man57.tgz -r-xr-xr-x 1 root wheel 81076 Feb 13 20:14 pxeboot -rw-r--r-- 1 root wheel 15287238 Feb 13 20:11 xbase57.tgz -rw-r--r-- 1 root wheel 39929920 Feb 13 20:12 xfont57.tgz -rw-r--r-- 1 root wheel 19779738 Feb 13 20:12 xserv57.tgz -rw-r--r-- 1 root wheel 4519829 Feb 13 20:12 xshare57.tgz On ftp.openbsd.org/pub/OpenBSD/snapshots/i386/ the time for cd57.iso 00:28 hr This mounted cd57.iso using a vnode disk shows: /mnt/5.7/i386 $ ls -l total 13695 -r--r--r-- 1 root wheel 180 Jan 12 08:28 TRANS.TBL -rwxr--r-- 1 root wsrc 2048 Jan 12 08:28 boot.catalog -rwxr-xr-x 1 root wsrc 6935407 Jan 12 08:28 bsd.rd -rw-r--r-- 1 root wsrc 72852 Jan 12 08:28 cdboot -rw-r--r-- 1 root wsrc 2048 Jan 12 08:28 cdbr The checksum of this bsd.rd does not match with the one in SHA256: $ sha256 /mnt/5.7/i386/bsd.rd SHA256 (/mnt/5.7/i386/bsd.rd) = e826881e54c8b966321e68ba9c7d3f280fbc041d4c94f528eb62e5799cb8130 /home/www/snapshots/i386 $ grep cd57 SHA256 SHA256 (cd57.iso) = feff2dd5d5ab2f4eb23d79b61f5ab261f1d31be51d2247ef1dc416ee6f5ef437 Adriaan
Old cd57.iso in snapshots for i386
Somehow an old cd57.iso file is listed in the latest snapshot(s) for i386. The following is from a rsync with the Dutch nluug.org mirror/ $ ls -l /home/www/snapshots/i386 total 438508 -rw-r--r-- 1 root wheel 47367 Feb 13 20:31 INSTALL.i386 -rw-r--r-- 1 root wheel 1725 Feb 13 20:39 SHA256 -rw-r--r-- 1 root wheel 1888 Feb 13 20:39 SHA256.sig -rw-r--r-- 1 root wheel 52880665 Feb 13 20:26 base57.tgz -rwxr-xr-x 1 root wheel 10596320 Feb 13 20:25 bsd -rwxr-xr-x 1 root wheel 10628494 Feb 13 20:25 bsd.mp -rwxr-xr-x 1 root wheel 6966477 Feb 13 20:31 bsd.rd -rw-r--r-- 1 root wheel 7081984 Jan 12 08:28 cd57.iso ^ -rw-r--r-- 1 root wheel 46082227 Feb 13 20:26 comp57.tgz -rw-r--r-- 1 root wheel 1474560 Feb 13 20:31 floppy57.fs -rw-r--r-- 1 root wheel 1489 Feb 13 20:39 index.txt -rw-r--r-- 1 root wheel 8983090 Feb 13 20:26 man57.tgz -r-xr-xr-x 1 root wheel 81076 Feb 13 20:14 pxeboot -rw-r--r-- 1 root wheel 15287238 Feb 13 20:11 xbase57.tgz -rw-r--r-- 1 root wheel 39929920 Feb 13 20:12 xfont57.tgz -rw-r--r-- 1 root wheel 19779738 Feb 13 20:12 xserv57.tgz -rw-r--r-- 1 root wheel 4519829 Feb 13 20:12 xshare57.tgz On ftp.openbsd.org/pub/OpenBSD/snapshots/i386/ the time for cd57.iso 00:28 hr This mounted cd57.iso using a vnode disk shows: /mnt/5.7/i386 $ ls -l total 13695 -r--r--r-- 1 root wheel 180 Jan 12 08:28 TRANS.TBL -rwxr--r-- 1 root wsrc 2048 Jan 12 08:28 boot.catalog -rwxr-xr-x 1 root wsrc 6935407 Jan 12 08:28 bsd.rd -rw-r--r-- 1 root wsrc 72852 Jan 12 08:28 cdboot -rw-r--r-- 1 root wsrc 2048 Jan 12 08:28 cdbr The checksum of this bsd.rd does not match with the one in SHA256: $ sha256 /mnt/5.7/i386/bsd.rd SHA256 (/mnt/5.7/i386/bsd.rd) = e826881e54c8b966321e68ba9c7d3f280fbc041d4c94f528eb62e5799cb8130 /home/www/snapshots/i386 $ grep cd57 SHA256 SHA256 (cd57.iso) = feff2dd5d5ab2f4eb23d79b61f5ab261f1d31be51d2247ef1dc416ee6f5ef437 Adriaan
Re: Misc questionning about DNS
In https://kb.isc.org/article/AA-00874/0/Best-Practices-for-those-running-Recursive-Servers.html one of the recommendations is to separate the two roles: Do not combine authoritative and recursive nameserver functions -- have each function performed by separate server sets On Wed, Jan 14, 2015 at 4:10 AM, Nick Holland n...@holland-consulting.net wrote: On 01/13/15 16:26, sven falempin wrote: Dear OpenBSD users, Recently unbound made his way in base, pushing the complex bind/named out for our own good. I would like to internally and externally solve some domain names differently (so some service are accessible from inside and outside without some fancy NAT or worse), I found out 'some' call this setup a 'split-dns', often use for internal mail server. I also found out BIND got a feature for this and internet gossip Unbound doesn't support split-horizon DNS. It's primarily meant as a recursive and caching nameserver, and has only limited support for serving authoritative answers. Of course i imagine ran two unbound with two different IP address binding I feel like I am missing something. yes. you are stuck thinking like BIND. If I want to manage my domain , shall I use bind on the 'main' server ? no. :) You are designing around a BIND feature, then declaring other products unsuitable because they don't match the spec you designed around. Start with the basic rule: BIND's design is bad. Almost everything about it is wrong -- file formats, zone transfers, etc. Once you realize that, things get much easier. If you find an alternative lacks a feature of BIND, it's probably best you don't use that feature. Really. Read Dan Bernstein's writeups on DNS, in addition to the BIND fanboy stuff. Having managed a lot of DNS for a lot of domains for a few employers, I'm quite satisfied that Bernstein's much more right than wrong on DNS. There are two roles for DNS servers -- finding answers about a random domain, and providing answers about SPECIFIC domains. The first is sometimes called Resolvers, the second is sometimes called an authoritative server. BIND mushed those two roles together stupidly, and people have been stuck thinking like that for decades now. Separate them in your head. unbound is the resolver, nsd is the authoritative server. Want to find answers for your user's DNS queries? That's unbound, the resolver. That's the only thing users talk to. Resolution is pretty complicated, not the kind of code you want to trust too blindly. Want to answer authoritatively about a domain? That's the authoritative server...but you should never ask an authoritative server about anything other than what they are authoritative for. Authoritative servers are relatively simple -- you ask a question, they either have the answer right there ready to give you, or they don't, but it all boils down to question, a single lookup, respond. No need to talk elsewhere for info. Keep in mind, one computer can have LOTS of separate IP addresses to connect server processes to (don't forget you got all of 127.0.0.0/8!). You also have lots of ports you can connect services to, and on an OpenBSD box, you have PF which can direct traffic from exposed ports and IP addresses to internal ones. You seem to be uncomfortable with the idea of running multiple servers...why? Your box is quite capable of multi-tasking! You can also have one BIG cache on a resolving server, and a bunch of minimal resolvers that act as message routers to either the big caching resolver or authoritative servers. So...assuming you really want to put internal and external DNS on the same box (not a really good idea), you can put NSD with your internal info on 127.0.0.2, NSD with external info on 127.0.0.1, and unbound on your internal facing NIC, configured to refer your internally hosted domains to 127.0.0.2. External queries for your authoritative server get redirected to 127.0.0.1...and the outside world never touches your resolver. Why would you want the outside world touching your internal DNS servers anyway? Talk about an unneeded hole in the firewall. If you are doing enough with DNS that you need to host your own external authoritative server, you can justify a couple old computers for that. Otherwise, I'd suggest letting your registrar handle your dns for you. Design your network properly, it gets really easy -- all my internal systems are in the zone in.nickh.org, my local DNS resolver knows to pass *.in.nickh.org to my local authoritative server, the rest is resolved as normal. Nick.
Cannot determine prefetch area error with OpenBSD current autoinstall
failed. Continue anyway? = yes Unverified sets: site56.tgz. Continue without verification? = yes Checksum test for site56-andromache.tgz failed. Continue anyway? = yes Unverified sets: site56-andromache.tgz. Continue without verification? = yes Location of sets? = done === The dmesg of the bsd.rd install kernel: === OpenBSD/i386 BOOT 3.26 OpenBSD/i386 BOOT 3.26 addr 0x0 howto device hd0a tty com0 image/bsd.rd timeout 5 db_console unset boot booting hd0a:/bsd.rd: 6461096+422116 [72+240048+229877]=0x703518 entry point at 0x200120 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2014 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.6-current (RAMDISK_CD) #573: Sun Dec 14 20:08:49 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 335 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF real mem = 402190336 (383MB) avail mem = 387948544 (369MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/04/98, BIOS32 rev. 0 @ 0xfb2d0 apm0 at bios0: Power Management spec V1.2 pcibios0 at bios0: rev 2.1 @ 0xf/0xb74c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdd40/144 (7 entries) pcibios0: PCI Exclusive IRQs: 10 11 12 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x02 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage Pro rev 0x5c vga1: aperture needed wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MPC3032AT wd0: 16-sector PIO, LBA, 3093MB, 6335280 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 10 Intel 82371AB Power rev 0x02 at pci0 dev 7 function 3 not configured fxp0 at pci0 dev 12 function 0 Intel 8255x rev 0x05, i82558: irq 12, address 00:08:c7:49:e4:c0 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 11, address 00:10:4b:cd:24:ea exphy0 at xl0 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1 softraid0 at root scsibus0 at softraid0: 256 targets root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T Welcome to the OpenBSD/i386 5.6 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? A Available network interfaces are: fxp0 xl0. Which network interface should be used for the initial DHCP request? (or 'done') [fxp0] xl0 DHCPDISCOVER on xl0 - interval 3 DHCPOFFER from 192.168.222.10 (00:08:c7:05:ca:0b) DHCPREQUEST on xl0 to 255.255.255.255 DHCPACK from 192.168.222.10 (00:08:c7:05:ca:0b) bound to 192.168.222.243 -- renewal in 43200 seconds. Could not determine auto mode. Response file location? [http://192.168.222.10/install.conf] http://192.168.222.20/install.conf Fetching http://192.168.222.20/install.conf Performing non-interactive install... Terminal type? [vt220] vt220 System hostname? (short form, e.g. 'foo') andromache Adriaan
Re: What happened when 5.5 met my old reliable box
From the OpenBSD FAQ: At the boot loader prompt, enter boot *set tty com0* This will tell OpenBSD to use the first serial port (often called COM1 or COMA in PC documentation) as a serial console. The default baud rate is 9600. You set the speed higher by first typing stty com0 19200 This is documented in the boot.conf man page. On your workstation you can use tip(1) as terminal emulator. You can easily record the session to file by creating a .tiprc file: beautify record='LOGS/serial-log.txt' script verbose Create the LOGS directory, add yourself to the dialer group. With something liketip -v -19200 tty00 you can then start tip. If you have an USB-Serial converter you need to use ttyU0 as mentioned in ucom(4) On Tue, Dec 16, 2014 at 7:09 AM, Rod Whitworth glis...@witworx.com wrote: On Tue, 16 Dec 2014 00:16:52 -0500, Ted Unangst wrote: On Tue, Dec 16, 2014 at 16:05, Rod Whitworth wrote: I tried 5.5 - crashes there too. 5.4 and earlier work well. Clues? I love these low power skinny boxes in my rack and I'm betting that the problem exists in all the ones I have, but I cannot take the others down until I have one to swap in. 1. connect a serial cable or something to record output. I like the idea of getting chars ready to print but how do I get the data going to the rs232 port that is on all of these boxes (luckily!) ? I missed the class that taught that trick. 8-) 2. get a video camera. smartphone should be good enough. 3. brute force. build kernels from source from 5.4 onwards. the good news is this will only take about seven kernels to find the offending commit; the bad news is building old snapshot ramdisk kernels is quite a pain. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Cannot determine prefetch area error with OpenBSD current autoinstall
On Tue, Dec 16, 2014 at 7:35 AM, Ted Unangst t...@tedunangst.com wrote: On Tue, Dec 16, 2014 at 07:01, Adriaan wrote: OpenBSD 5.6-current (RAMDISK_CD) #573: Sun Dec 14 20:08:49 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD An initial interactive install was succesful. A next autonstall using bsd,rd gave a Cannot determine prefetch area after selecting the sets. this probably means there wasn't a partition with enough free space available. looks like you have a pretty small disk. Yes, the disk is 3GB but I only installed the minimum: $ df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 837M 44.4M750M 6%/ /dev/wd0e 323M 14.8M292M 5%/home /dev/wd0d 1.7G205M1.4G13%/usr During the install there is even more space, because then, the site56.tgz has not yet installed some packages, that are PKG_CACHEd in /home/packages. ls -l /home/packages ; du -h $_ total 30160 -rw-r--r-- 1 root wheel 3265288 Dec 16 07:19 alpine-2.11p3.tgz -rw-r--r-- 1 root wheel 3273159 Dec 16 07:19 aspell-0.60.6.1p1.tgz -rw-r--r-- 1 root wheel 125754 Dec 16 07:19 bzip2-1.0.6p1.tgz -rw-r--r-- 1 root wheel 5213261 Dec 16 07:19 gettext-0.19.3.tgz -rw-r--r-- 1 root wheel 1540225 Dec 16 07:18 libiconv-1.14p1.tgz -rw-r--r-- 1 root wheel 1374388 Dec 16 07:19 lynx-2.8.9pl1p0.tgz -rw-r--r-- 1 root wheel 7580 Dec 16 07:18 quirks-2.43.tgz -rw-r--r-- 1 root wheel 166936 Dec 16 07:19 unzip-6.0p5.tgz -rw-r--r-- 1 root wheel 320970 Dec 16 07:19 xz-5.0.7.tgz 14.7M /home/packages
Re: No address associated with PKG_PATH mirror
Works for me :) root@rel56[~] echo $PKG_PATH http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/ root@rel56[~] pkg_info -Q mosh mosh-1.2.4p1 root@rel56[~] dig ftp.nluug.nl ; DiG 9.4.2-P2 ftp.nluug.nl ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26971 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ftp.nluug.nl. IN A ;; ANSWER SECTION: ftp.nluug.nl. 63662 IN A 192.87.102.43 ftp.nluug.nl. 63662 IN A 192.87.102.42 ;; Query time: 2 msec ;; SERVER: 192.168.222.10#53(192.168.222.10) ;; WHEN: Fri Nov 21 04:01:08 2014 ;; MSG SIZE rcvd: 62 On Fri, Nov 21, 2014 at 3:13 AM, John Smith hufflep...@bsdmail.com wrote: Sent: Thursday, November 20, 2014 at 8:06 PM From: John Smith hufflep...@bsdmail.com To: misc@openbsd.org Subject: No address associated with PKG_PATH mirror Hello, I get the following error when using any of the pkg_* commands:$ echo $PKG_PATH http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/ $ pkg_info -Q mosh Error from http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/[http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/] ftp: ftp.nluug.nl: no address associated with namehttp:// ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/ is empty This seems to occur with any mirror I choose. I am able to access the directory via a web browser. Examining the logs in real-time with tcpdump doesn't reveal any blocks. Also, there are no errors written to /var/log/messages. Any ideas? Thanks (I apologize for the formatting. Here is the same message in plain text:) I get the following error when using any of the pkg_* commands: $ echo $PKG_PATH http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/ $ pkg_info -Q mosh Error from http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/ [http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/] ftp: ftp.nluug.nl: no address associated with name http://ftp.nluug.nl/pub/OpenBSD/5.6/packages/amd64/ is empty This seems to occur with any mirror I choose. I am able to access the directory via a web browser. Examining the logs in real-time with tcpdump doesn't reveal any blocks. Also, there are no errors written to /var/log/messages. Any ideas? Thanks
Re: upgrades no longer allow ftp for sets
On Wed, Mar 26, 2014 at 2:10 AM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? For more than 7 years, I have been using installation file sets as well as siteXX files on USB thumbdrives for installing and testing snapshots. So you don't need a lot of extra hardware at all. Adriaan
Re: Selecting new motherboards in the era of uefi
You are asking about a Sabertooth Z87, but according to a moderator of the FreeBSD forums, the Sabertooth Z77 can boot in legacy, non-UEFI mode. See https://forums.freebsd.org/showpost.php?p=228402postcount=5 On Fri, Aug 30, 2013 at 11:32 PM, STeve Andre' and...@msu.edu wrote: I'm shopping around for new server hardware. Unless someone has a reason to think of something else, I'm planing on a i7-4770K. The more interesting question is what motherboard to get. I have my eye on the Asus Sabertooth Z87, but I see that it talks of uefi. What I do not yet see, is whether the system can boot in a non- uefi mode or not. Given that the motherboard is at least a little OS agnostic, I have some hope that it will work. But I don't know, and in general I think it might be worth talking of strategies for motherboard selection given the size of the marketplace. I wonder if this might make a new section Thoughts? --STeve Andre'
Re: OpenBSD 5.1 - snapshot - bsd.mp only detects one CPU of dual-processor AOpen DX34 Plus board
On 2/14/12, Brynet bry...@gmail.com wrote: On Mon, Feb 13, 2012 at 11:34:59PM +0100, Adriaan wrote: ... OpenBSD 5.1 (GENERIC.MP) #187: Sat Feb 11 12:30:14 MST 2012 apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured .. I need the machine right now for testing my new Internet line, but in two or three days, I could install some older snapshots or 5.0 to find out about which time this regression occurred. Adriaan Hmm, your system doesn't have legacy MP tables. You'll need to use acpi to bootstrap the other processor. A year ago, with a 4.9 snapshot the acpi stuff on that box was configured, and both CPUs detected. OpenBSD 4.9 (GENERIC.MP) #785: Fri Feb 18 14:16:01 MST 2011 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium III (GenuineIntel 686-class) 857 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE real mem = 536375296 (511MB) avail mem = 517447680 (493MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/20/02, BIOS32 rev. 0 @ 0xf0230, SMBIOS rev. 2.3 @ 0xfa920 (44 entries) bios0: vendor AOpen version V4.0 R1.22EN date 02/20/2002 bios0: AOpen DX34 Plus acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC acpi0: wakeup devices PCI0(S1) KBC0(S1) PS2M(S1) UAR1(S1) UAR2(S1) USB0(S1) USB1(S1) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat 'disable apm' in config(8) or UKC. -Bryan. So how would you explain that? ;) Adriaan
OpenBSD 5.1 - snapshot - bsd.mp only detects one CPU of dual-processor AOpen DX34 Plus board
10), address 00:00:e2:2e:de:cf inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b The 4.9 sysctl hw: hw.machine=i386 hw.model=Intel Pentium III (GenuineIntel 686-class) hw.ncpu=2 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=wd0:1580bc6962d5b146,fd0: hw.diskcount=2 hw.cpuspeed=856 hw.vendor=AOpen hw.product=DX34 Plus hw.version=N/A hw.serialno=N/A hw.uuid=Not Set hw.physmem=536375296 hw.usermem=536297472 hw.ncpufound=2 I need the machine right now for testing my new Internet line, but in two or three days, I could install some older snapshots or 5.0 to find out about which time this regression occurred. Adriaan
Re: pf and includes
On Wed, Nov 30, 2011 at 9:22 AM, Peter Hallin peter.hal...@ldc.lu.se wrote:
Hello,
I have some issues with pf.conf and includes that perhaps someone could
shed some light on.
Where I work, we use bridging firewalls with multiple tagged vlans
passing the bridges, and filtering is done on the vlan interfaces.
Normally we have around 10-20 vlans on each machine, and we have a LOT
of rules in pf.conf. To make configuration a little easier I'm beginning
to look at how to separate the vlans into multiple configs, one for each
vlan, and then include them all from pf.conf.
I would want to have all macros, options and rules for each vlan in a
separate file, but also i would like to use macros from one config in
rules in another file. To clarify what I'm getting at, here's an
example:
##
/etc/vlan500.conf:
DB=192.168.0.10/32
block log on vlan500
pass in quick on vlan500 from $Webserver to $DB port 3306
pass out on vlan500
##
/etc/vlan1000.conf:
Webserver=192.168.1.20/32
block log on vlan1000
pass in quick on vlan1000 from any to $Webserver port 80
pass out on vlan1000
##
/etc/pf.conf
include /etc/vlan500.conf
include /etc/vlan1000.conf
##
The above example would not work, as pfctl will look at the rules in
vlan500.conf before looking at the macros in vlan1000.conf and it will
throw an error that the $Webserver macro is not defined.
If I change the order of the includes in pf.conf, it will work, but of
course of I try to use macros from vlan1000.conf for rules in
vlan500.conf, the problem will arise again.
One way to solve it would be to put all the macros in, say,
/etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure
they are included before the rules in pf.conf, but that seems
inconvenient to me.
What is the common practice for using includes? Is there a way to get
pfctl to read ALL macros from ALL files before looking at the rules?
I would be happy to hear some suggestions.
Thanks, Peter
You could use a Makefile to concatenate a pf.conf from separate files.
This can give more flexibility than provided by include :
-
$ cat vlan500
#macroes
DB=192.168.0.10/32
Webserver=192.168.1.20/32
#macroes_end
# --- vlan500
block log on vlan500
pass in quick on vlan500 inet proto tcp from $Webserver to $DB port 3306
pass out on vlan500
$ cat vlan1000
#macroes
DB=192.168.0.10/32
#macroes_end
# --- vlan1000
block log on vlan1000
pass in quick on vlan1000 inet proto tcp from any to $Webserver port 80
pass out on vlan1000
$ cat Makefile
pf.conf: macroes_unique vlan500.conf vlan1000.conf
cat ${.ALLSRC} ${.TARGET}
vlan1000.conf: vlan1000
sed -e '/#macroes/,/#macroes_end/d' ${.ALLSRC} ${.TARGET}
vlan1000.mac: vlan1000
sed -ne '/#macroes/,/#macroes_end/p' ${.ALLSRC} ${.TARGET}
vlan500.conf: vlan500
sed -e '/#macroes/,/#macroes_end/d' ${.ALLSRC} ${.TARGET}
vlan500.mac: vlan500
sed -ne '/#macroes/,/#macroes_end/p' ${.ALLSRC} ${.TARGET}
macroes_unique: vlan500.mac vlan1000.mac
echo # Macro definitions ${.TARGET}
sort -u ${.ALLSRC} | sed -e '/#macroes/d' ${.TARGET}
clean:
rm -f *.conf *.mac macroes_unique
$ make clean
rm -f *.conf *.mac macroes_unique
$ make
sed -ne '/#macroes/,/#macroes_end/p' vlan500 vlan500.mac
sed -ne '/#macroes/,/#macroes_end/p' vlan1000 vlan1000.mac
echo # Macro definitions macroes_unique
sort -u vlan500.mac vlan1000.mac | sed -e '/#macroes/d' macroes_unique
sed -e '/#macroes/,/#macroes_end/d' vlan500 vlan500.conf
sed -e '/#macroes/,/#macroes_end/d' vlan1000 vlan1000.conf
cat macroes_unique vlan500.conf vlan1000.conf pf.conf
$ cat pf.conf
# Macro definitions
DB=192.168.0.10/32
Webserver=192.168.1.20/32
# --- vlan500
block log on vlan500
pass in quick on vlan500 inet proto tcp from $Webserver to $DB port 3306
pass out on vlan500
# --- vlan1000
block log on vlan1000
pass in quick on vlan1000 inet proto tcp from any to $Webserver port 80
pass out on vlan1000
---
So the Makefile collects macroes defined in the vlan500 and vlan1000
files and after eliminating any duplicates, stuffs them into the
macroes_unique file.
The vlan500 and vlan1000, after stripping the macroes, become
vlan500.conf and vlan1000.conf.
The pf.conf Makefile target then concatenates the macroes_unique
and the vlan*.conf files to the final pf.conf.
BTW http://www.freebsd.org/doc/en_US.ISO8859-1/books/pmake/index.html
has a nice HTML version of the BSD make documentation.
Adriaan
Re: RfC-1323-Test for pf/NAT-Installation
On Thu, Nov 10, 2011 at 11:53 PM, Tobias Crefeld t...@cataneo.eu wrote: Running a pair of OpenBSD-4.8-boxes as NAT-Firewall between public Internet and some Linux-webservers in a DMZ basically works fine so far. But this week a client enabled RFC-1323 and his http/https-access to our webservers didn't work any more and all he got was an ICMP-unreachable with un-NATed source-address. As a workaround he provisionally disabled this option. There is of course the other workaround to switch off tcp-windowsscaling, etc. on every box but I hope to find a configuration that it works through the NAT-box. I read some papers on OpenBSD's website but I'm still a bit confused about all those scrub- and state-control-rules (with and without renumbering), so it seems to be the right time for another testbed. Problem: How can I simulate an http/https-access with enabled RFC-1323-options? The issue of TCP window scaling for pf is well explained in the section Create TCP states on the initial SYN packet http://undeadly.org/cgi?action=articlesid=20060928081238 From my OpenBSD desktop using firefox : $ sudo pfctl -vvss all tcp 192.168.222.20:13929 - 74.125.79.19:443 ESTABLISHED:ESTABLISHED [2051800193 + 46464] wscale 0 [2773829936 + 16384] wscale 6 all tcp 192.168.222.20:28008 - 80.255.11.121:80 FIN_WAIT_2:FIN_WAIT_2 [2631730358 + 7808] wscale 0 [3474674542 + 16384] wscale 7 Adriaan
Re: can't raise screen resolution xorg.log
(doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1856x1392 (hsync out of range) [2454003.697] (II) intel(0): Not using default mode 928x696 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1856x1392 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 928x696 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1920x1440 (hsync out of range) [2454003.697] (II) intel(0): Not using default mode 960x720 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1920x1440 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 960x720 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 832x624 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 416x312 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1400x1050 (hsync out of range) [2454003.697] (II) intel(0): Not using default mode 700x525 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1400x1050 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 700x525 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 1920x1440 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 960x720 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 2048x1536 (hsync out of range) [2454003.697] (II) intel(0): Not using default mode 1024x768 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 2048x1536 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 1024x768 (doublescan mode not supported) [2454003.697] (II) intel(0): Not using default mode 2048x1536 (vrefresh out of range) [2454003.697] (II) intel(0): Not using default mode 1024x768 (doublescan mode not supported) [2454003.697] (II) intel(0): Printing probed modes for output VGA [2454003.697] (II) intel(0): Modeline 1024x768x I have two LCD monitors which don't report their sync rates through DDC. I had to get them from the manual. Some monitors show the horizontal sync and vertical refresh rates on the on-screen configuration information menu. Or maybe Windows will them. By adding/modifying the following two sections of xorg.conf I can get the maximum resolution: Section Monitor Identifier Monitor0 VendorName Monitor Vendor ModelNameMonitor Model HorizSync30-80 VertRefresh 58-75 EndSection Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 SubSection Display Viewport 0 0 Depth 24 Modes 1280x1024 1024x768 EndSubSection EndSection Adriaan
Re: PF.CONF - with DMZ and packet tagging example
On Mon, Nov 7, 2011 at 11:59 PM, Bentley, Dain dbent...@nas.edu wrote: I guess I should add quick to the following: block in on $ext from $RFC1918 to any block out on $ext from any to $RFC1918 block in on $ext from bastards From: Patrick Lamaiziere [patf...@davenulle.org] Sent: Monday, November 07, 2011 5:37 PM To: misc@openbsd.org; Bentley, Dain Subject: Re: PF.CONF - with DMZ and packet tagging example Le Mon, 7 Nov 2011 16:58:29 -0500, Bentley, Dain dbent...@nas.edu a icrit : Hello, block in on $ext from bastards #NAT INBOUND TO DMZ pass in on $ext proto tcp from any to any port $web_services rdr-to $webserver tag INET_TO_DMZ pass in on $ext proto tcp from any to any port $mail_services rdr-to $mailserver tag INET_TO_DMZ Looks not good, missing quick in the block rule? Regards. You should also consider the advice I gave in http://www.daemonforums.org/showthread.php?t=6483#post41274 Adriaan
Re: Tracking What it's changing in current
On Tue, Feb 15, 2011 at 5:53 PM, Orestes Leal R. l...@cubacatering.avianet.cu wrote: I need to see (with a tool or whatever) what changes have occured between current, let's say between current 4.9 from february 9 and current dated february 14. For future changes subcribe to the source-changes mailing list. For past changes see the mailing list archive of source-changes. See http://openbsd.org/mail.html
Re: Predictable network interface numbering
On Wed, Feb 2, 2011 at 3:00 PM, Jean H. Theoret ve...@rac.ca wrote: This one's got me stumped for a few days now... How is it possible to control the network interface numbering assignment order? Here's my specific case: the box has 2 on-board Ethernet interfaces and a 3rd one on a PCI-Express card. They come up as: re0: PCI-Express card re1: on-board interface #1 re2: on-board interface #2 A recent event had disabled the PCI card, and the remaining network interfaces ended up being reassigned (upon the next reboot, of course) as: re0: on-board interface #1 re1: on-board interface #2 Could this have been prevented by forcing network interface assignment to on-board interface _first_, then the PCI card? Or is there a way to bind network interface assignment to the adapter's MAC address as numbering hint? According to the guy who will bring his Consistent Network Device Naming to Fedora15 even numbering based on MAC address has it's weaknesses. See his comment to @not-a-fanboy dated January 26, 2011 at 10:13 am at http://domsch.com/blog/?p=455 It is not an answer to your question, I know ;)
Re: delete user in group script
On Tue, Dec 14, 2010 at 10:00 PM, Leonardo Rodrigues
leonardov...@gmail.com wrote:
Ok! Here goes my contribution to this thread!
# $1=group
# $2=user
cd /etc
cat ./group \
| sed '/'$1'/ s/'$2'//' \
| sed '/'$1'/ s/,,/,/' \
| sed '/'$1'/ s/,$//' \
| sed '/'$1'/ s/:,/:/' group.new
mv /etc/group.new /etc/group
chown root.wheel /etc/group
chmod 644 /etc/group
exit 0
My take ;)
# -
FILE=/etc/group
FILE=group
install ${FILE} ${FILE}.orig
sed -e /$1/s/$2// \
-e /$1/s/,,/,/ \
-e /$1/s/,$// \
-e /$1/s/:,/:/ ${FILE}.orig ${FILE}
#
Adriaan
Re: siteXX.tgz and install.site behaviour questions
On Sun, Mar 21, 2010 at 12:39 AM, a b obsdmisc...@yahoo.co.uk wrote:
Hi,
Would appreciate it if someone could spare a few minutes to outline the
reasons for the following behaviour :
1/ Why does OpenBSD not chown files to
root ?
For example, in my test siteXX.tgz, I had a custom /etc/sudoers
file.
However because this file was created on a different machine as a
non-root user, on the OpenBSD box, it now has an abritary number reflecting
the user ID on the other machine. As a result sudo doesn't work ... ;-(
From the OpenBSD FAQ:
The siteXX.tgz file set is, like the other file sets, a gzip(1)
compressed tar(1) archive rooted in '/' and is un-tarred like the
other sets with the options xzphf.
The Fine Manual page for tar describes the -p option as:
Preserve user and group ID as well as file mode regardless of the
current umask(2)
So it just works like advertised ;)
To deal with the permission there are a few possibilities
Adjust the permissions, owner or group in the install.site script. Or
do this before tarring up the siteXX.tgz file.
Or because patch(1) does not alter permissions, use it in the
install.site script:
# -
echo --- patch script for: sudoers --- BEGIN
# --- edit the following line if needed
FILE=/etc/sudoers
#FILE=$( basename ${FILE} )
patch -b -p0 ${FILE} END_OF_PATCH
--- ORIG/sudoersMon Jan 18 18:29:13 2010
+++ NEW/sudoers Sun Jan 31 01:40:07 2010
@@ -38,7 +38,7 @@
# %wheel ALL=(ALL) SETENV: ALL
# Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL
+%wheel ALL=(ALL) NOPASSWD: SETENV: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
END_OF_PATCH
echo --- patch script for: sudoers --- END
# ---
Use install(1), or create the file in the install.site script
# --
FILE=/etc/sudoers
#FILE=$( basename ${FILE} )
MOD=u=r,g=r,o=
echo Creating ${FILE}
cat END ${FILE}
# put complete file here
END
chmod $MOD $FILE
# --
2/
Why does OpenBSD expect the install.site file to be already chmod 755 ?
I created this as a plain text file on another machine. I spent a long
time
trying to figure out why the script was not triggering, until I tried chmod
755 before gzip'ing and re-running the installer.
Because as explained above, the siteXX.tgz file is untarred using -p.
I use the following install.site script template, which sources the
actual postinstall script with the sh . sourcing command, here for
the gutenberg host.
#!/bin/sh
INSTALL_LOG=./var/log/install.report
install -m 660 /dev/null ${INSTALL_LOG}
. ./postinstall_gutenberg 21 | tee ${INSTALL_LOG}
cat END
$0 : done
END
This way you can monitor the install.site script actions and possible
errors on both the console and have it logged to the
/var/log/install.report file as well.
=Adriaan=
Re: How to make FTP work from the firewall system?
On Tue, Mar 16, 2010 at 4:49 AM, Dave Anderson d...@daveanderson.com wrote:
I'm configuring a notebook which will use PF to protect itself from the
environments in which I use it, and would like to have FTP 'just work'
on it -- whether it's from an explicit FTP command, from a browser, or
embedded in some other program or script. Unfortunatly there doesn't
seem to be any really good way to do this when a system is its own
firewall; the best tool I've found so far is 'ftpsesame', which
acknowledges a couple of significant problems (there's no guarantee that
the PF rules changes it makes will happen in time, and inspecting
packets 'on the fly' without a full TCP stack is errorprone).
I'd expect this to be a rather common desire; is there a good solution
that I've missed? Suggestions are very welcome.
For a local snapshot ftp server in my LAN, I use a table with
'approved' ftp servers and only allow passive ftp to these servers.
The table can be updated with pfctl if needed.
table ftp_sites {
ftp.openbsd.org
ftp.eu.openbsd.org
anga.funkfeuer.at
ftp.wu-wien.ac.at
ftp.nluug.nl
ftp5.usa.openbsd.org
ftp3.usa.openbsd.org
obsd.cec.mtu.edu
}
# -- sysctl
# net.inet.ip.porthifirst=49152
FTPfirst = 49152
# -- outgoing passive ftp
pass out quick on egress inet proto tcp from egress to ftp_sites \
port ftp
pass out quick on egress inet proto tcp from egress port = 1023
to ftp_sites port = $FTPfirst
For a less rigid approach you could define an anchor and in case you
want to do ftp, populate
the anchor with a variation of the the above rules:
pass out quick on egress inet proto tcp from egress to any \
port ftp
pass out quick on egress inet proto tcp from egress port = 1023
to any port = $FTPfirst
After finishing ftp you flush the rules from the anchor.
I know this is not exactly what you asked for ;)
Adriaan
Re: authlog messages
On Sun, Mar 14, 2010 at 3:10 PM, fqui nonez fquinon...@gmail.com wrote: 2010/3/13 fqui nonez fquinon...@gmail.com: hello i founded messages on authlog of a OBSD-4.6, i have not seen it before, and i was not able to find information at archives and google. Mar 9 02:20:25 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.main.ebayrtm.com IN , got type SOA Mar 9 02:47:32 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.uk.ebayrtm.com IN , got type SOA Mar 9 02:50:17 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.sg.ebayrtm.com IN , got type SOA Mar 9 02:52:03 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.au.ebayrtm.com IN , got type SOA Mar 9 02:53:27 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.ph.ebayrtm.com IN , got type SOA Mar 9 03:01:57 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.ph.ebayrtm.com IN , got type SOA Mar 9 03:09:55 OpenBSD kdeinit: gethostby*.getanswer: asked for srx.ca.ebayrtm.com IN , got type SOA Could someone please tell me what it means? I use konqueror and lynx as web browsers. It is a failing name lookup. Just like the following done with dig from the command line: $ dig +norecurse -t qw-we.com @m.root-servers.net ; DiG 9.4.2-P2 +norecurse -t qw-we.com @m.root-servers.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 59919 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 ;; QUESTION SECTION: ;qw-we.com. IN ;; AUTHORITY SECTION: com.172800 IN NS k.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net. 172800 IN A 192.5.6.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 m.gtld-servers.net. 172800 IN A 192.55.83.30 a.gtld-servers.net. 172800 IN 2001:503:a83e::2:30 ;; Query time: 33 msec ;; SERVER: 202.12.27.33#53(202.12.27.33) ;; WHEN: Sun Mar 14 15:35:47 2010 ;; MSG SIZE rcvd: 487 $ dig +norecurse -t qw-we.com @192.5.6.30 ; DiG 9.4.2-P2 +norecurse -t qw-we.com @192.5.6.30 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26083 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;qw-we.com. IN ;; AUTHORITY SECTION: com.900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1268577348 1800 900 604800 86400 ;; Query time: 139 msec ;; SERVER: 192.5.6.30#53(192.5.6.30) ;; WHEN: Sun Mar 14 15:35:59 2010 ;; MSG SIZE rcvd: 100 We ask for an record, but don't really get an answer, just a SOA authoritiy section. Adriaan
usb(3) to usb(4) migration issue at http://www.openbsd.org/cgi-bin/man.cgi
The following URL which is supposed to show the usb(4) man page still shows the old usb(3) man page: http://www.openbsd.org/cgi-bin/man.cgi?query=usbsektion=4apropos=0manpath=OpenBSD+Currentarch= I know it is release time and that everybody is extremely busy :) Adriaan
Re: SNAP March 7 cksum?
| 2950471 Nov 29 15:02 xshare46.tgz 3 SHA256-vienna : Files SHA256 and SHA256-vienna differ For the over 6000 snapshot packages, only the unique dates are compared: Unique dates from Unique dates from ./NOW/latest_pkg:| ./NOW/latest_pkg-nluug: ====== 1 11-21 11:34 | 1 11-21 18:34 2 11-21 11:35 | 2 11-21 18:35 3 11-21 11:36 | 3 11-21 18:36 4 11-21 11:37 | 4 11-21 18:37 5 11-21 11:38 | 5 11-21 18:38 6 11-21 11:39 | 6 11-21 18:39 7 11-21 11:40 | 7 11-21 18:40 8 11-21 11:41 | 8 11-21 18:41 9 11-21 11:42 | 9 11-21 18:42 10 11-21 11:43 | 10 11-21 18:43 11 11-28 04:05 | 11 11-27 11:05 ====== Last entry:Last entry: 11-28 04:05 index.txt 456441| 11-27 11:05 index.txt 456441 All files with last date: All files with last date: 11-28 04:05 | 11-27 11:05 ====== 11-28 04:05 index.txt 456441 | 11-27 11:05 index.txt 456441 ====== The documentation of these scripts are at http://siralas.nl/OBSDsnapshot-tracking.html The scripts and the installation Makefile at http://siralas.nl/OBSDsnapshot_tracking-1.05.tgz Have fun ;) Adriaan
Re: Dump levels ?
On Thu, Feb 18, 2010 at 11:21 PM, Jean-Francois jfsimon1...@gmail.com wrote: [snip] My dump level 1 dumps all the files again. How to let it dump based on the lower level ? I did as follows : sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.0 /var/www/htdocs/ sudo dump -0ua -f /mnt/tera/backup/2010.02.18_www.1 /var/www/htdocs/ You did two level 0 dumps, so what else you expect ?;)
Re: MFM disk geometry
On Tue, Feb 2, 2010 at 12:19 PM, Daniel Malament b...@anonix.net wrote: I think my first course of action would be to use DOS, or possibly OS/2, to override the disk geometry, unless the disk has data on it that can only be accessed from OpenBSD. Yes, I know it's intellectually more fun to get OpenBSD to do it, but for a one off with little practical future use I think I'd use something else. DOS, OS/2 and OpenBSD can of course all be booted from floppy, thus avoiding any early initialisation nastiness. I'm not sure what you're describing here. Also, accessing the data from DOS still leaves the problem of moving it. Or perhaps I didn't make it sufficiently clear that the goal was to copy the data off the drive... You can install the Microsoft Network Client software for DOS. I still have it on a 386 box and used to use it to connect to an OpenBSD samba box. Download from ftp://ftp.microsoft.com/bussys/Clients/MSCLIENT the DSK3-1.EXE and DSK3-2.EXE files. Run these self extracting executables in a temp dir, and read the README. IIRC there is a setup program, which is a little bit confusing, and you have to edit protocol.ini and another *ini file. And you need a driver for your NIC. NIC's from that time came with a floppy with drivers for Microsoft Client or Lan Manager. Adriaan Adriaan IIRC these are self extracting
Re: Disk architecture during install
On Tue, Feb 2, 2010 at 10:38 PM, Jean-Francois jfsimon1...@gmail.com wrote: Hi All, I am looking for a way to easily identify the various names given by OpenBSD to the disks before install, in order to be able to correctly make the slides and mount points during an install on a complicated system with several hard disks. Falling back to (S)hell during install process in a first step, second step identifying hardware : interfaces and hard disk. For the first, ifconfig, for the latter, I don't know. Follow the OpenBSD faq for setting up a serial console. If you then run cu or tip within an xterm you can easily scroll up and down through the dmesg. =Adriaan=
Re: IPSEC: bad checksum
On Fri, Jan 22, 2010 at 9:58 AM, Toni Mueller openbsd-m...@oeko.net wrote: Hi, On Thu, 21.01.2010 at 21:48:01 +, Christian Weisgerber na...@mips.inka.de wrote: Toni Mueller openbsd-m...@oeko.net wrote: today I see tons of these on a 4.6-stable/amd64 machine (sample): 17:21:00.848135 esp 1.1.1.1 2.2.2.2 spi 0x54d46678 seq 132642 len 84 (DF) (ttl 64, id 49897, len 104, bad cksum 0! differs by 8b3c) This looks like outgoing packets on an interface that does IPv4 header checksumming in hardware. tcpdump sees the packets before the checksum is actually filled in. This has nothing to do with IPsec. thanks for the explanation. I didn't think of it, but it's a bge(4) interface. From bge(4) The bge driver supports IPv4 IP, TCP, and UDP checksum offload for re- ceive, IP checksum offload for transmit, VLAN tag insertion and strip- ping, as well as a 256-bit multicast hash filter. The BCM5723, BCM5754, BCM5755, BCM5761, BCM5764, BCM5784, BCM5785, BCM5787 and BCM577x0 chips also support IPv6 receive TCP/UDP checksum offload. A netstat -ss will show if it is used. You will see entries like 6575 input datagrams checksum-processed by hardware 5765 output datagrams checksum-processed by hardware =Adriaan=
Re: Output from at job
2010/1/6 Thanasis thana...@asyr.hopto.org: When we get a message like the following, is there a way to see _what_ was in that job? Your at job on hostname /var/cron/atjobs/1262799360.c produced the following output: /bin/ksh: stdin[3]: no closing quote The answer is can be found in the man page for at(1) $ at -c 1262799360.c You can check the error before submitting with: $ sh -nv myatjobfile Adriaan
Re: Packet forwarding performance
On Mon, Nov 2, 2009 at 4:45 PM, Bartosz KuE:ma bartosz.ku...@gmail.com wrote: [snip] I did system tuning according to https://calomel.org/network_performance.html (changed send and recevspace to 256144 and several more minor improvements) but without effect. How can I improve packet forwarding speed? Or I just reached upper limit of packet forwarding for this machine? Changing send and recvspace on a router has no effect, except unnecessary taking away memory space. When my ADSL line was upgraded to 896 up /7296 down the only thing to speed up ftp download speed on my workstation was to adjust net.inet.tcp.recvspace to 65536. On my old Pentium II router, I did not have to change anything, those settings are still the default: net.inet.tcp.recvspace=16384 net.inet.tcp.sendspace=16384 [snip] Adriaan
Re: European orders
On Wed, Mar 25, 2009 at 1:16 AM, Floor Terra flo...@gmail.com wrote: On Wed, Mar 25, 2009 at 12:34 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: Do you have any advice for those who allready ordered? Or should we contact the distributor? Sorry, but I don't know that yet. B We'll see, I suppose. Wim called me 20 minutes ago and explained the situation to me. If you have any questions just mail him or give him a call. Why doesn''t Wim explain the situation here. Less work isn't it. ;) =Adriaan= European shipping slave (together with Felix@) of OBSD 4.0
Re: ftp from script
SNAP/xshare44.tgz 23 quit 24 -- Do you want to start 'ftp' with this '.netrc' ? (Y/N) Y =Adriaan=
Re: The New Secure Operating System
On Tue, Dec 9, 2008 at 6:51 PM, bofh [EMAIL PROTECTED] wrote: On Tue, Dec 9, 2008 at 10:14 AM, Sunnz [EMAIL PROTECTED] wrote: The secure operating system standard will never be the same now that a National Security Agency-certified OS has gone commercial, but few mainstream enterprises today need an airtight OS tuned to run on fighter jets. And many organizations aren't properly securing their existing commercial OSes, anyway, security experts say. Oh my god. Let me migrate everything to this new secure OS immediately! Yea, you should run this new secure OS under Xen or Vmware for even more security ;) =Adriaan=
Re: DNS Server behind Router
On Sun, Nov 16, 2008 at 7:25 AM, Vivek Ayer [EMAIL PROTECTED] wrote: Need some help with DNS queries behind a router. I set up a DNS server in my network and it responds when I'm within my network. I tried nslookup from localhost on the dns server and also from the LAN and it works just find, but when I use the public IP of the router for the network, which should forward the port to the DNS server, it says unexpected reply from 192.168.1.101, expected from the (public IP, which I won't display in this email). Does that mean the port forwarding is working? I am not sure whether you really did direct that query over the internet to the public IP or from your local LAN. Initiating a DNS query from a local LAN box to the public IP will not get redirected. See http://openbsd.org/faq/pf/rdr.html#reflect for the explanation. =Adriaan=
Re: Being a shell provider - good business?
On Sun, Sep 14, 2008 at 9:34 AM, Art Vandelay [EMAIL PROTECTED] wrote: Hello. My friend thinks that being a shell provider for IRC bots and bouncers is very good business. How do I convince him it's not? You could ask the guy who is offering OpenBSD shell access at http://silenceisdefeat.org ;) Adriaan
Re: shell not reading login script
On Thu, Aug 21, 2008 at 3:30 AM, Joel Rees [EMAIL PROTECTED] wrote: I was thinking I wanted to set CVSROOT and PKG_PATH in my login scripts, but the login scripts seem to be ignored. $ tail -1 /etc/passwd admin:*:1000:1000:Big Shot:/home/admin:/bin/sh (User names changed to protect the guilty.) Added markers to each of .profile, login and .cshrc: PROFMARKER=.profile [snip] etc. But none of the markers show up in a printenv, whether I simply start a new xterm, or go to the trouble of logging out and back in. Read about the -ls' option in the xterm man page.
Re: OT: Dissertation ideas for my degree
On Wed, Jun 18, 2008 at 11:15 PM, Edd Barrett [EMAIL PROTECTED] wrote: Hi, As it seems my last two project ideas for my degree have fallen through, I wonder if anyone here has any ideas for software projects which are: a) Useful b) Conceptually new Ideas need not be OpenBSD based, but it's a bonus if it is. Usually a project consists of a software build and a write up. Write an OpenBSD bsd.rd equivalent for FreeBSD ;)
Re: Help: OpenBSD 4.2 setup VPN gateway for mobile users
On Fri, May 23, 2008 at 3:56 PM, Chiah Tong Kiat [EMAIL PROTECTED] wrote: thanks for the tip. I'll have a look at OpenVPN. You can find some configuration examples for OpenVPN at http://daemonforums.org/showthread.php?t=527 Adriaan
Re: ASUS P5B-VM SE and 3 sata drives, GURU need help ...
On Nov 12, 2007 9:21 PM, Rover [EMAIL PROTECTED] wrote: I have a problem initializing SATA HDDs in OpenBDS, please help: ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly as hd0+*, hd1+, hd2, cd0. When I finished installing the OS I could see only wd0 and wd1 (160MB and 500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs connected to this one, 500+500, 500+160 and etc), and wd2 is always unavailable no matter how and what I dob What else should I try? :,( -- You could start by posting the full dmesg output, so people can see what kind of hardware you have and which version of OpenBSD. =Adriaan=
Re: Is install42.iso lagging behind cd42.iso and individual packages?
On 9/29/07, Martin Gignac [EMAIL PROTECTED] wrote: Hi, Yesterday evening I downloaded the install42.iso, cd42.iso and all *.tgz packages from the i386 snapshots directory on the ftp.openbsd.org website. All files had a timestamp of Sept. 24. I then ran them through MD5 to make sure they matched the expected checksum. This morning I performed two OpenBSD installs on two VMware machines; one using the install42.iso image and the included *.tgz packages, and one using cd42.iso and the individual packages (which I made available via a local HTTP server). Once this was done I compared the dmesg output of both installs and noticed that the install42.iso machine's kernel date is Sept. 13 while the cd42.iso machine's kernel date is Sept. 24. A quick check of the MD5s of the *.tgz packages in the install42.iso file show that they are different from the packages on the FTP site? So I'm just wondering: in the i386 snaphots directory, do the *.tgz packages in the install42.iso file typically lag behind the individual packages available on the FTP site? Is the way to get the most recent binaries (from -CURRENT) of OpenBSD to use individual packages and *not* the install42.iso? For the installation file sets you can use the download script from http://www.bsdforums.org/forums/showthread.php?s=threadid=22727 Besides using these sets to create your own ISO you alternatively can use them in the environment friendly USB-mediazine method as described in http://www.bsdforums.org/forums/showthread.php?t=50433 =Adriaan=
Re: Is AMD64 page out of date about W^X?
On 9/21/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: [snip] EM64T is supposed to run on AMD64... and it appears that the Intel chips do support the NXE bit since around 2005. Can anyone confirm that the newer ia32e chips (made after early 2005) are actually supporting W^X? It seems that just because NXE is shown in the dmesg wouldn't necessarily mean that OpenBSD would then use it. [snip] You can lookup support for the Execution Disable Bit for your processor at http://processorfinder.intel.com/Default.aspx For example http://processorfinder.intel.com/details.aspx?sSpec=SL99W =Adriaan=
Re: SMP
On 9/14/07, Cyrus [EMAIL PROTECTED] wrote: Im currently running openbsd 4.1 on my server, Proliant 8500. This server is SMP with 4x 700MHz PIII proc. Im just wondering, is it using all four cpu's? or do I have to configure the system to utilize SMP? [snip] You will have to use the bsd,mp kernel. The mp stands for multi-processor. One simple way to use this kernel is to put the following line in /etc/boot.conf set image /bsd.mp And reboot the system =Adriaan=
Re: help needed with laptop hdd
On 9/10/07, Henning Brauer [EMAIL PROTECTED] wrote: Hi, unfortunately the harddisk in my X40 died. And even worse, I just learned that the disk in the X40 is kind of special. It is a 1.8 hard disk that does NOT use the ZIF connector (these are somewhat common) but the same 44pin connector 2.5 disks use. 1.8 disks with that connector have only ever been made by Hitachi. I have looked for a disk up and down all day without success. So, if anyone is able to kind-of quickly get me a Hitachi HTC426060G9AT00, that would be most welcome and would allow me to hack when I am at home again ;( I am in Hamburg/Germany, btw. [snip] My financial situation does not allow me to get you one :-( But after some googling I found one. According to http://computers.pricegrabber.com/hard-drives/m/10437456/ the price is USD 399.-- for a 60GB disk. =Adriaan=
You can vote for OpenBSD and/or open documentation support for Lenovo/Thinkpads
See http://lenovoblogs.com/insidethebox/?p=98 =Adriaan=
Re: partioning for multiple OS's
On 9/4/07, stan [EMAIL PROTECTED] wrote: I have a new laptop. It came with Vista on it. I used gpartd to resize those partions, and added Ubuntu. Now I want to add OpenBSD, and FreeBSD. I'd like to do OpenBSD next. When I boot the 4.1 CD, I get to the partioning step, and I am confused. Since I can't figure out how to capture the screen imafe from a machine booted off of the CD. I'll show you what Linux's cfdisk shows. NameFlags Part Type FS Type [Label]Size (MB) -- sda1Primary Unknown (27) 10479.01 sda2BootPrimary FAT16[] 31453.48 sda3Primary Linux ReiserFS3.54 sda5Logical Linux swap / Solaris 3997.49 Logical Free Space74109.78 How can I acomplish this? The MBR has only 4 slots for partitions. If you only would use primary partitions you can have maximum 4 of these. You also can have a single extended partition, combined with 0 to 3 primary partitions. You cannot have multiple extended partitions. If you need to run Linux, it would be best to create 2 logical partitions within the extended partition for Linux. One logical for the Linux system and the other for Linxu swap. That would free up the current primary ReiserFS.partition. While Linux can boot from a logical partitions inside an extended one, the BSDs only can boot from a primary partition. So besides Linux you could install 3 other operating systems that need a primary partition. A possible complication would be a suspend-to-RAM partition which possible would take away one, only leaving you with only 2 primaries. I never owned a laptop, nor did I use suspend-to-RAM so I leave that issue to others ;) =Adriaan=
Re: Centralized ports collection server
On 9/4/07, John Nietzsche [EMAIL PROTECTED] wrote: Dear gentleman, i would like to set a single box in my network to keep syncronized to the ports collection infra structure. My ideia is to export the directory /usr/ports to all my local connected machines. So, there would be no need to sync them all. I would like to be able to build the utilities/lib/etc once and be able to install them every machine with the same hardware/OS version. Is that possible? How show be my /etc/exports control configuration file? An alternative would be to use one box to create binary packages from ports. Copy or link the packages to one directory which you make available to the clients by NFS, scp or ftp. You now can install the binary packages on the clients by setting their PKG_PATH to that directory of the building machine. =Adriaan=
Re: Radeon X1300 mobile + WXGA - out of luck?
On 8/25/07, Joachim Schipper [EMAIL PROTECTED] wrote: Hello, I just got a laptop (Acer Aspire 5100 `series') with a Radeon video card (X1300) and a WXGA screen - 1200x800. It was a good deal, but the ATI video card had me worried. Am I correct in thinking that there is no way to get X to display 1200x800, other than: - convincing Acer to get the BIOS fixed - convincing ATI to release docs or a proper free driver - switching to another OS (Linux has a proprietary driver from ATI, and Windows of course works fine)? I'm perfectly fine with no hardware acceleration, but getting the proper aspect ratio would be nice. I'll have to make do with `vesa' at 1200x1024 otherwise - which is okay, but not as nice as I was hoping. [snip] (II) VESA(0): Supported additional Video Mode: (II) VESA(0): clock: 68.9 MHz Image Size: 331 x 207 mm (II) VESA(0): h_active: 1280 h_sync: 1301 h_sync_end 1333 h_blank_end 1408 h_border: 0 (II) VESA(0): v_active: 800 v_sync: 804 v_sync_end 808 v_blanking: 816 v_border: 0 Have you tried to create a Modeline with the Supported additional Video Mode info. as described in http://www.x.org/wiki/FAQVideoModes#head-d174fd476064edf62ed05d71d8a91b3dc4307324 ? =Adriaan=
Re: Soekris 4801-60 max 2mbit
On 8/25/07, Attilla de Groot [EMAIL PROTECTED] wrote: Hi, I have a Soekris 4801-60 with a standard OpenBSD 4.1 install (generic kernel). I'm using it as a firewall/router with some nat. The problem is I'm not able to get more then 2mbit throughput. Also on the soekris itself with wget for example. I've tried to disable qos, disable pf, reboot etc. nothing of the solved the problem. And I'm wondering what I'm doing wrong. I don't think the load has anything to do with it: load averages: 0.18, 0.11, 0.09 00:15:41 24 processes: 23 idle, 1 on processor CPU states: 0.2% user, 0.0% nice, 0.3% system, 0.2% interrupt, 99.4% idle Memory: Real: 32M/64M act/tot Free: 182M Swap: 0K/0K used/tot I've also attached my pf configuration, but since I also disabled pf completely the problem isn't there. Check the output of 'ifconfig' for the correct speed and duplex setting. During a ftp transfer check the output of 'systat vmstat' for a live view of the interrupt rate of the NICs. and other resources. Review the output of 'netstat -s' for possible errors/retransmissions etc. =Adriaan=
amd64 snapshot: md5 mismatch install42.iso
A md5 -c MD5 fails for install42.iso $ md5 -c MD5 [snip](MD5) comp42.tgz: OK (MD5) etc42.tgz: OK (MD5) floppy42.fs: OK md5: cannot open game42.tgz: No such file or directory (MD5) game42.tgz: FAILED (MD5) install42.iso: FAILED (MD5) man42.tgz: OK (MD5) misc42.tgz: OK [snip] $ grep install MD5 MD5 (install42.iso) = 5ce43911c72c3a75090b0e89c95f914e $ md5 $ md5 install42.iso MD5 (install42.iso) = 36226a0a10074e4da7ac3d4e73dd7a91 I burned a CDRW with this iso anyway, because the MD5 of the filesets on the CD matched the ones on the ftp site. The CD installs and boots fine on my amd64 box. From the system installed with this ISO: $ dmesg | head -4 OpenBSD 4.2 (RAMDISK_CD) #1235: Fri Aug 10 02:16:23 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 1072230400 (1022MB) avail mem = 1031131136 (983MB) The installation filesets on the CD: $ ls -l /mnt/4.2/amd64/ total 456239 -rw-r--r-- 1 root wheel 79895 Aug 10 10:33 INSTALL.amd64 -r--r--r-- 1 root wheel 847 Aug 10 14:33 TRANS.TBL -rw-r--r-- 1 root wheel 46864679 Aug 10 10:25 base42.tgz -rwxr--r-- 1 root wsrc 2048 Aug 10 14:33 boot.catalog -rwxr-xr-x 1 root wheel 6530715 Aug 10 10:33 bsd -rwxr-xr-x 1 root wheel 6644296 Aug 10 10:33 bsd.mp -rwxr-xr-x 1 root wheel 5767441 Aug 10 10:33 bsd.rd -r-xr-xr-x 1 root wheel 42588 Aug 10 10:33 cdboot -r-xr-xr-x 1 root wheel 2048 Aug 10 10:33 cdbr -rw-r--r-- 1 root wheel 90921068 Aug 10 10:31 comp42.tgz -rw-r--r-- 1 root wheel 1239465 Aug 10 10:31 etc42.tgz -rw-r--r-- 1 root wheel 2701983 Aug 10 10:32 game42.tgz -rw-r--r-- 1 root wheel 7656399 Aug 10 10:32 man42.tgz -rw-r--r-- 1 root wheel 2292911 Aug 10 10:33 misc42.tgz -rw-r--r-- 1 root wheel 13408252 Aug 9 22:53 xbase42.tgz -rw-r--r-- 1 root wheel 78235 Aug 9 22:53 xetc42.tgz -rw-r--r-- 1 root wheel 35580412 Aug 9 22:53 xfont42.tgz -rw-r--r-- 1 root wheel 11237189 Aug 9 22:53 xserv42.tgz -rw-r--r-- 1 root wheel 2548608 Aug 9 22:53 xshare42.tgz =Adriaan=
Re: searching packages? pkg_grep?
On 8/9/07, John N. Brahy [EMAIL PROTECTED] wrote: If I don't have ports installed, is there a way to do a search of all the available package names to find one I'm looking for? Something like a pkg_grep... I use this ..netrc (see man ftp) file to retrieve a listing of snapshot packages --- machine ftp.stacken.kth.se login anonymous password [EMAIL PROTECTED] macdef init prompt off epsv4 off preserve on get /pub/OpenBSD/snapshots/i386/MD5 MD5-stacken ls /pub/OpenBSD/snapshots/i386/ | cut -b30- latest-stacken ls /pub/OpenBSD/snapshots/packages/i386/ | cut -b30- latest-pkg-stacken quit The file latest-pkg-stacken is then easy to search =Adriaan=
Re: Anchor File Consolidation
On 8/4/07, Daniel Melameth [EMAIL PROTECTED] wrote: I keep my anchor rules in separate files and load them as needed, but I'd like to get away from this anchor file sprawl. I understand I can move all these anchors into pf.conf inline, but doing so causes all of them to be loaded at startup and this doesn't meet my needs. Perhaps I'm missing something, but, outside of simply tweaking rc to flush the anchors after pf.conf is loaded, is there a way for me to keep all my anchors in pf.conf inline, but only have individual anchors load when I want them to? Is there a better way to achieve what I want? You could make (pun intended) each anchor a target in a Makefile. =Adriaan=
Re: ftp-proxy vs FTP over SSL
On 8/3/07, Die Gestalt [EMAIL PROTECTED] wrote: You mean with or without ftp-proxy? On 8/3/07, soulshepard [EMAIL PROTECTED] wrote: is there any other way of getting ftp+ssl to pass normally on a bsd box? [snip] A way to pass sslized ftp has been suggested in http://www.bsdforums.org/forums/showthread.php?t=51153 =Adriaan=
Re: Missing x*42.tgz installation file sets from i386 binary snapshots
On 8/1/07, Heinrich Rebehn [EMAIL PROTECTED] wrote: [snip] With the dependency of some packages on the expat XML parser f in xbase42.tgz, you really cannot some install somel binary snaphots packages when xbase42.tgz isn't there [snip] Aaahhh! That's why i cannot install bash under snapshot! I just found that ftp.openbsd.org now has X installation file sets for i386 11982111 Aug 01 16:20 xbase42.tgz 75594 Aug 01 16:20 xetc42.tgz 35579300 Aug 01 16:20 xfont42.tgz 10350952 Aug 01 16:20 xserv42.tgz 2547349 Aug 01 16:20 xshare42.tgz There are also new packages dated July 31. So you can install bash ;) =Adriaan=
Missing x*42.tgz installation file sets from i386 binary snapshots
There are no X installation file sets for i386 snapshots. From ftp.openbsd.org . - 100767 Jul 31 14:03 INSTALL.i386 22354 Jul 31 14:03 INSTALL.linux 1019 Jul 31 14:03 MD5 42575374 Jul 31 14:03 base42.tgz 6208870 Jul 31 14:03 bsd 6258748 Jul 31 14:03 bsd.mp 5064469 Jul 31 14:03 bsd.rd 5181440 Jul 31 14:03 cd42.iso 44404 Jul 31 14:03 cdboot 2048 Jul 31 14:03 cdbr 3012608 Jul 31 14:03 cdemu42.iso 2949120 Jul 31 14:03 cdrom42.fs 78810553 Jul 31 14:03 comp42.tgz 1240527 Jul 31 14:03 etc42.tgz 1474560 Jul 31 14:03 floppy42.fs 1474560 Jul 31 14:03 floppyB42.fs 1474560 Jul 31 14:03 floppyC42.fs 2608726 Jul 31 14:03 game42.tgz 203 Jul 26 04:05 index.txt 7660968 Jul 31 14:03 man42.tgz 2292928 Jul 31 14:03 misc42.tgz 52928 Jul 31 14:03 pxeboot There are X file sets for amd64: 79894 Jul 31 14:03 INSTALL.amd64 804 Jul 31 14:03 MD5 [snip] 2292863 Jul 31 14:03 misc42.tgz 52916 Jul 31 14:03 pxeboot 13392534 Jul 26 09:06 xbase42.tgz 78273 Jul 26 09:06 xetc42.tgz 35579383 Jul 26 09:06 xfont42.tgz 11237299 Jul 26 09:06 xserv42.tgz 2547144 Jul 26 09:06 xshare42.tgz --- For sparc and sparc64, the situation is similar, the 64 bits arch has X file sets, while the 32 bit arch has not ;) =Adriaan=
Re: Missing x*42.tgz installation file sets from i386 binary snapshots
On 8/1/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Adriaan [EMAIL PROTECTED] writes: There are no X installation file sets for i386 snapshots. Don't slashdot it just yet. I think we can be reasonably sure that even on i386, OpenBSD 4.2 will ship with installable X binaries. For one reason or the other the x* parts did not get built or at least did not make it onto the FTP servers. I'd wait a few days and enjoy the new, improved ones when they do appear. I regulary test binary snapshots and packages. I just wanted to report something like I did with http://marc.info/?l=openbsd-miscm=118550373919943w=2 .Just wondered if they could be related, or whether it was a mirroring issue. With the dependency of some packages on the expat XML parser f in xbase42.tgz, you really cannot some install somel binary snaphots packages when xbase42.tgz isn't there =Adriaan=
Re: Missing x*42.tgz installation file sets from i386 binary snapshots
On 8/1/07, vladas [EMAIL PROTECTED] wrote: On 8/1/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: vladas [EMAIL PROTECTED] writes: Did you try AnonCVS? Works (around 30th) for me. cvs works, but if you build the system yourself, you're not actually testing snapshots anymore. I think that's what OP wanted to do. Install snapshots fresh, report if there's breakage. Point taken. My bad. Correct, I wanted to test the latest snapshot and some packages ;). And sometimes there are modifications in snapshots that should be tested. From http://marc.info/?l=openbsd-miscm=118056376719177w=2 The most recent i386 snapshot contains 45 modified files which are not yet commited. So compiling from checked out souirce, wouldl never test these not yet committed experimental features. [snip] =Adriaan=
Re: amd64 snapshot 4.1 - 4.2 issues
On 7/27/07, Bob Beck [EMAIL PROTECTED] wrote: This has been corrected and new snaps are being built. -Bob * Adriaan [EMAIL PROTECTED] [2007-07-26 20:39]: The MD5 file of the latest amd64 snapshot contains md5 fingerprints for 4.1 as well as 4.2 versions: [snip MD5 (comp41.tgz) = 68eeb7c497ca46abe79884345ffc841a MD5 (comp42.tgz) = 76f893abf942d7f7cfb66dc611452669 MD5 (etc41.tgz) = e27e0fab14860c1ff85e9a1577fe556c MD5 (etc42.tgz) = 079a6570ac546bab5e0764637fcfe2d4 MD5 (floppy41.fs) = edf9344e54c76825e359b2ea7451da82 MD5 (floppy42.fs) = 4b77ea4557b1948731d8daecad8c60e1 [snip] An install using the floppy42.fs image, where the sets are have to be retrieved from a local ftp server fails to see the *42.tgz install file sets [snip] Thanks, the new snapshot installs fine now OpenBSD 4.2-beta (GENERIC) #1148: Fri Jul 27 10:40:10 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC =Adriaan=
Re: X11 install packages?
On 7/28/07, Subcommander l0r3zz [EMAIL PROTECTED] wrote: Noticed that the X11 install packages are no longer being built for i386 on a daily basis. I noticed the binary snapshot X installation file sets are absent from the snapshots during the last few days. Do you mean those? But X snapshot file sets were not being built daily. There have been some minor issues with the transition from 4.1-current to 4.2-beta. Maybe the i386 X snapshot file sets suffer the same fate ;) [snip] =Adriaan=
amd64 snapshot 4.1 - 4.2 issues
dev 0 function 0 ATI Radeon 9200 PRO rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) re0 at pci0 dev 13 function 0 Realtek 8169SC rev 0x10: RTL8169/8110SCd (0x1800), irq 10, address 00:19:db:47:b0:4c rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: WDC WD3200AAKS-22SBA0 wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: channel 0 disabled (no drives) pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 11 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 11 VIA VT6202 USB rev 0x86 at pci0 dev 16 function 4 not configured VIA VT8237 ISA rev 0x00 at pci0 dev 17 function 0 not configured VIA VT8233 AC97 rev 0x60 at pci0 dev 17 function 5 not configured pchb6 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb7 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb8 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb9 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 usb0 at uhci0: USB revision 1.0 uhub0 at usb0: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci2: USB revision 1.0 uhub2 at usb2: VIA UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci3: USB revision 1.0 uhub3 at usb3: VIA UHCI root hub, rev 1.00/1.00, addr 1 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 rd0: fixed, 4096 blocks dkcsum: wd0 matches BIOS drive 0x80 root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T (I)nstall, (U)pgrade or (S)hell? i Welcome to the OpenBSD/amd64 4.1 install program. -- =Adriaan=
Re: Disk encryption
On 7/15/07, Richard Storm [EMAIL PROTECTED] wrote: I am very interested in full disk encryption too. I guess it comes slowly, since there now is mount_vnd in -current, maybe could make use of it. If you find out something, give me know :) http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto =Adriaan=
Re: DNS issues
On 7/15/07, Braden Mailloux [EMAIL PROTECTED] wrote: Dear Readers; #Default block policy block log all You have a nice block log all policy. How about using the debugging capabilities of this policy? Run tcpdump on the pflog0 interface to see the blocked packets. tcpdump -eni pflog0. Unless you have a routing issue, this will give you all the clues you need. =Adriaan=
Re: DNS issues
On 7/15/07, Braden Mailloux [EMAIL PROTECTED] wrote: Dear Readers; I've been using the log feature of pf and have found that, when attempting to access my webserver via dns, that pf does not block any traffic. I also added a log to my block in quick from urpf-failed and that has returned no hits in the log. The time that I had a similar issue, where tcpdump on pflog0 didn't show anything, turned out to be a routing issue. I had a authoritative-only nameserver in a DMZ and forgot to set it's default route to the IP address of the DMZ NIC of the OBSD firewall. It didn't know how to route ihe replies to the outside and hence nothing showed up on pflog0. tcpdump is not limited to pflog0, you also can run it on a normal interface. ;) SSH in on the nameserver and run tcpdump on it's NIC tcpdump -ni fxp0 port domain Check if you see a DNS request coming in =Adriaan=
Re: DNS issues
On 7/15/07, Braden Mailloux [EMAIL PROTECTED] wrote: Adriaan wrote: On 7/15/07, Braden Mailloux [EMAIL PROTECTED] wrote: Dear Readers; I've been using the log feature of pf and have found that, when attempting to access my webserver via dns, that pf does not block any traffic. I also added a log to my block in quick from urpf-failed and that has returned no hits in the log. The time that I had a similar issue, where tcpdump on pflog0 didn't show anything, turned out to be a routing issue. I had a authoritative-only nameserver in a DMZ and forgot to set it's default route to the IP address of the DMZ NIC of the OBSD firewall. It didn't know how to route ihe replies to the outside and hence nothing showed up on pflog0. tcpdump is not limited to pflog0, you also can run it on a normal interface. ;) SSH in on the nameserver and run tcpdump on it's NIC tcpdump -ni fxp0 port domain Check if you see a DNS request coming in =Adriaan= Dear Readers; My nameserver's default route is set to the ip address of the DMZ nic. Also, when attempting to access my webserver via DNS from another site, no DNS queries came through to my server while monitoring the dump information on rl0 (my nameserver's nic). Does tcpdump on the external NIC of your OpenBSD firewall show any DNS requests coming in? Doing a A record seach for www.theamericanbray.com at http://www.squish.net/dnscheck/ gives the following result: 50.0% of queries will end in failure at 64.142.102.9 (a.ns.theamericanbray.com) - query timed out 50.0% of queries will end in failure at 64.142.102.10 (b.ns.theamericanbray.com) - query timed out Keep in mind that you have to perform test from the outside as described in http://openbsd.unixtech.be/faq/pf/rdr.html#reflect Did you do the tests suggested in the section Checking addresses of your computers of http://cr.yp.to/djbdns/run-server.html ? =Adriaan=
Re: print filter?
On 7/14/07, Douglas Allan Tutty [EMAIL PROTECTED] wrote: I'm wondering what the OBSD people generally use for print filtering. I have an old IBM PC Graphics printer (dot-matrix) attached to my debian box but everyone there seems to use CUPS. I could just as easily connect the printer to my OBSD box. The last time I used this printer to print postscript was a few years ago. It was connected to a debian box running LPRng but debian's gs did't have a driver that would work. I ended up using foomatic and gs-esp with the ML 320 driver. foomatic and cups seems like going overboard for something so simple. So what do OBSD people use? Have a look at apsfilter. Simple to install as a pre-compiled binary package. apsfilter needs ghostscript as well as a2ps. There one small thing you may have to fix. a reference to gawk in the SETUP script. I just changed it to /usr/bin/awk. =Adriaan=
Re: PF problems with many connections.
On 7/13/07, TuxR [EMAIL PROTECTED] wrote:
Hello.
I trying to use OpenBSD under high load and have problems with PF.
When there is very many connections to server in some point other
connections just failes.
I try to use simple test application that creates 1000 connections to
server for 1000 iteration. Maximum number I have observed with pf was
'12' but with 'pfctl -d' all cycle successfully works ('1000').
I try to use following simple test application:
Also I have looked the same when testing 'ab' from apache2
distribution. 'ab -c 100 -n 100' : maximum 9 iteration with pf enabled
and 100 without.
There is instant connection closing if keep state is enabled. When
keep state is disabled there is following behaviour: in some moment
the program is waiting for reply but do not get it and connection also
close because timeout.
I have looked no problems in tcpdump reports. Also no blocked packets
was in pflog0 interface ('block log all' rule)
I am sure that states limit is not exceed. Now I have
set limit states50
set limit src-nodes 5
set limit frags 32000
And `pfctl -si` have normal values.
'antispoof' and 'scrub' options are not affected. 'set optimization'
make more bad.
I looked the same behaviour in real use: when there is many
connection, in some point they just closed.
Any help will be appropriated. Many thanks.
P.S. Sorry for my bad english.
Study the execellent 3 part series of OpenBSD developer at
http://undeadly.org/cgi?action=articlesid=20060927091645mode=expanded
If after following his advice, your firewall still does not perform
adequately come back here with a posting of:
1) dmesg to see what kind of hardware you are using
2) vmstat -i output to show the interrupt rate of the NICs
Using 'systat vmstat will give you a 'live' view of the interrupt
rate and other resources
3) netstat -m output to see the mbuf stats
4) your pf.conf
Others may have additional suggestions of course ;)
=Adriaan=
Re: 'netstat: invalid address (30000) ??? on 4.1-current i386 binary snapshot
On 6/28/07, Otto Moerbeek [EMAIL PROTECTED] wrote: On Thu, 28 Jun 2007, Adriaan wrote: On a freshly installed binary snapshot netstat -an -f inet6 shows netstat: invalid address (3) ??? thanks for the report, we can reproduce and are looking into this -Otto [snip] I reinstalled a couple of binary snapshot starting from May 30th. Of the ones I still have, the last one without this error is # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #235: Sun Jun 3 17:29:47 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121368576 (115MB) # netstat -and-f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN tcp6 0 0 *.37 *.*LISTEN tcp6 0 0 *.13 *.*LISTEN tcp6 0 0 *.113 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* --- The first one showing this error is: # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #257: Fri Jun 8 14:18:54 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121364480 (115MB) # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN tcp6 0 0 *.37 *.*LISTEN tcp6 0 0 *.13 *.*LISTEN tcp6 0 0 *.113 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* netstat: invalid address (3) ??? That limits the time frame to about 5 days. IIn case you need more info, the serial console log of these installs is at http://siralas.nl/serial.log-netstat3error.txt =Adriaan==
Re: 'netstat: invalid address (30000) ??? on 4.1-current i386 binary snapshot
On 7/3/07, Adriaan [EMAIL PROTECTED] wrote: On 6/28/07, Otto Moerbeek [EMAIL PROTECTED] wrote: On Thu, 28 Jun 2007, Adriaan wrote: On a freshly installed binary snapshot netstat -an -f inet6 shows netstat: invalid address (3) ??? thanks for the report, we can reproduce and are looking into this -Otto [snip] I reinstalled a couple of binary snapshot starting from May 30th. Of the ones I still have, the last one without this error is # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #235: Sun Jun 3 17:29:47 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121368576 (115MB) # netstat -and-f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN tcp6 0 0 *.37 *.*LISTEN tcp6 0 0 *.13 *.*LISTEN tcp6 0 0 *.113 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* --- The first one showing this error is: # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #257: Fri Jun 8 14:18:54 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121364480 (115MB) # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN tcp6 0 0 *.37 *.*LISTEN tcp6 0 0 *.13 *.*LISTEN tcp6 0 0 *.113 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* netstat: invalid address (3) ??? That limits the time frame to about 5 days. IIn case you need more info, the serial console log of these installs is at http://siralas.nl/serial.log-netstat3error.txt The issue disappeared from the latest snapshot ;) $ dmesg | head -6 OpenBSD 4.1-current (GENERIC) #315: Mon Jul 2 13:24:20 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121819136 (116MB) $ netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.515 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* $ =Adriaan=
Re: Formatting MS-DOS drive
On 7/1/07, Matthew Szudzik [EMAIL PROTECTED] wrote: I have a usb flash drive that I wish to reformat as an MS-DOS (FAT) file system. How do I do that on OpenBSD? I want the drive to be formatted in the same manner that a Windows machine or Macintosh might format an MS-DOS file system. So clearly, I don't want to use disklabel, since OpenBSD disklabels are only intended to be read by OpenBSD. I know that fsck_msdos can repair MS-DOS file systems, but I want to create an MS-DOS file system (or possibly overwrite an existing MS-DOS file system), rather than repair one. What about fdisk? The default MBR template for fdisk is again doing something very OpenBSD-specific, but maybe I could use some other template instead? For interactive MBR edits you can use fdisk -e sd0 You probably want to use 0C for FAT32 with long file name support. fdisk sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured Disk: sd0 geometry: 38154/64/32 [78140160 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] *0: 0C0 1 32 - 38154 23 32 [ 63:78140097 ] Win95 FAT32L 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused 3: 000 0 0 -0 0 0 [ 0: 0 ] unused Then use disklabel sd0 to check whether OpenBSD has automagically created a virtual disklabel i . Then use /dev/rsd0i as device name for the newfs. =Adriaan=
'netstat: invalid address (30000) ??? on 4.1-current i386 binary snapshot
On a freshly installed binary snapshot netstat -an -f inet6 shows netstat: invalid address (3) ??? - # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN netstat: invalid address (3) ??? - # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #311: Wed Jun 27 02:31:47 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121819136 (116MB) --- The same message was also on the snapshot of : # dmesg | head -6 OpenBSD 4.1-current (GENERIC) #302: Wed Jun 20 09:30:00 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 268 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX real mem = 133791744 (127MB) avail mem = 121823232 (116MB) - # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN tcp6 0 0 *.37 *.*LISTEN tcp6 0 0 *.13 *.*LISTEN tcp6 0 0 *.113 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 ::1.512*.* netstat: invalid address (3) ??? - I edited the /etc/ssh/sshd_config file to disable sshd from LISTENing on IPv6. After reverting to the original sshd_config file and rebooting, the error message still persists - # netstat -an -f inet6 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp6 0 0 ::1.587*.*LISTEN tcp6 0 0 ::1.25 *.*LISTEN tcp6 0 0 *.22 *.*LISTEN netstat: invalid address (3) ??? --- Of the X installation file sets I only installed xbase41.tgz because of the expat libs needed by some binary packages. =Adriaan=
'new disklabel disk size different 4096 != 3800' messages in i386 snapshot install
--- # Inside MBR partition 3: type A6 start 63 size 12594897 # /dev/rwd0c: type: ESDI disk: ESDI/IDE disk label: FUJITSU MPB3064A flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 784 total sectors: 12594960 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 12514635 80325 4.2BSD 2048 163841 # Cyl 5 - 783 b: 8026263swap # Cyl 0*- 4 c: 12594960 0 unused 0 0 # Cyl 0 - 783 =Adriaan=
Re: libexpat confusion
On 6/12/07, Joachim Schipper [EMAIL PROTECTED] wrote:
On Tue, Jun 12, 2007 at 02:23:06PM +0200, Jaap Versteegh wrote:
Furthermore, I don't want to install X and surely apr-util doesn't need
to depend on it.
it does, because it uses expat, and that's where expat comes from in
-current.
That explains the need for the 'depend' from the point of view of the
apr-util Makefile developer.
From an overall or user perspective, the need for any package that uses the
expat xml parser to depend on the xbase package, is still entirely unclear.
For one: this dependency was never neccessary in the past. Shouldn't expat
not just go into /usr/lib ?
Well, OpenBSD's dual system for dealing with software ('base' and
'ports') could be criticized, but unless you want to do that, there is
no more sensible way to do this. The alternative would be to require
someone to install a port before installing X, which makes even less
sense.
Really, this is a non-problem. Just install the whole base system,
including at least xbase, and be done with it.
I follow current by installing binary snapshots and pre-compiled packages.
fetchmail also depends on expat.
Because I don't want the complete xbase41.tgz I just extract the expat libs
and put them in a site41-hostname.tgz
#!/bin/sh
VERSION=41
HOST=diogenes
TARBALL=site${VERSION}-${HOST}.tgz
tar xvzpf xbase41.tgz -C /tmp \*expat\*
tar cvzf $TARBALL -C /tmp usr
tar tvzf $TARBALL
---
During the snapshot install this file gets selected automatically.
Snippet from the install:
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, file name pattern or 'all'. Selected
sets are labelled '[X]'.
[X] bsd
[X] bsd.rd
[ ] bsd.mp
[X] base41.tgz
[X] etc41.tgz
[X] misc41.tgz
[X] comp41.tgz
[X] man41.tgz
[ ] xbase41.tgz
[ ] xetc41.tgz
[ ] xshare41.tgz
[ ] xfont41.tgz
[ ] xserv41.tgz
[X] site41-diogenes.tgz
=Adriaan=
Re: Linux Compat Query
On 5/29/07, Edd Barrett [EMAIL PROTECTED] wrote: We are using a xerces-c with g++ OpenBSD has a port/package of Sablotron, a XML parser in C. Or you may have better luck with the FreeBSD or NetBSD port/package of xerces-c. =Adriaan=
Re: Request: Dedicated OpenBSD (root) Server for a company...
On 2/23/07, Sebastian Rother [EMAIL PROTECTED] wrote: Hello everybody, I`m asking this for a friend who wanna set up a company and needs a dedicated Webserver (wich does run OpenBSD of course..). It`s kinda hard to find companies wich do provide such services OR do even just reply (or reply in a accaptable amount of time (wich is NOT 14days and more..)). So if anybody is working for such a company or knows such a company please do read this public request and do let me know. Wanted: My friend is looking for a Server wich has nearly those specifications: - Celeron 2.8ghz (or better of course) - 1GB RAM - 80GB HDD space - OpenBSD 4.0 as OS! (or Linux rescue-system wich allows him to install it) - No fBSD,, no nBSD... OPENBSD... it is CLEARLY a demand! So the Hardware must be supported 100% by OpenBSD - ~200-400gb Traffic - Serval IPs - Tech. contact who do know what they do (!= STRATO for example..) -- Propably the possibility to get special offers - Configurations for other servers - More/less Bandwith on demand to accaptable prices He would be able to pay ~100-150 USD, by Creditcard of his company. Also it would be great if the connection (speed, peering) would be good and not as lousy as at the most providers My friend did send out a request to m5hosting because I told him this company is what he`s looking for. Unfortunaly m5hosting did replied after more then 14 days and now he`s again waiting already for 72 hours and more. This is simply unaccaptable and it is a shame (yeah, sorry) that the company is listed at a openbsd website. I think there`s no need to explain that this is unaccaptable if you wanna open a business and propably do already have customers... It just SUCKS (sorry Mike...) So I would be happy to get such offers or offers with different configurations. if you`re working for such a company this is propably your chance ot get not just one customer. Also m5hosting is allowed to provide a offer. They just would have to write or answer a mail IN TIME (less then 72hrs...). He needs to make some business and not to play a waiting game... [snip] Search the fine misc mailing archives for tthe thread titled OpenBSD dedicated hosting, it started on September 17, 2006 ;) ==Adriaan==
Re: No buffer space available with a lot of queueing
On 1/31/07, Bret Lambert [EMAIL PROTECTED] wrote: [snip] Running and tuning OpenBSD network servers in a production environment: http://www.openbsd.org/papers/tuning-openbsd.ps may have the info you're looking for. IIRC Theo said he would throw Henning in the ocean for that paper ;) =Adriaan=
Re: nullconsole?
On 1/17/07, Martin Hedenfalk [EMAIL PROTECTED] wrote: Hello list, Is there a nullconsole in OpenBSD, similar to the nullconsole in FreeBSD? I have a WRAP box where I need to use the serial port to interface an external device. I don't want the default console on the serial port, because any kernel console messages would disturb the communication. Comment out the line in /etc/syslog.conf that sends stuff to /dev/console. On my 4.0-current box that isthe default BTW # Uncomment this line to send important messages to the system # console: be aware that this could create lots of output. #*.err;auth.notice;authpriv.none;kern.debug;mail.crit /dev/console ==Adriaan==
Re: Groklaw artical about the BSD license
On 1/16/07, Jean-Daniel Beaubien [EMAIL PROTECTED] wrote: Groklaw has an article about some misconceptions of the BSD license http://www.groklaw.net/article.php?story=20070114093427179 I am curious what people on this list (with the proper knowledge) think about the correctnessof the article. I think most people will disagree with the article and agree with this slashdot post http://bsd.slashdot.org/comments.pl?sid=216988cid=17617988 Adriaan
Re: Soekris network problems - 48 hour deadline
On 10/14/06, Richard P. Koett [EMAIL PROTECTED] wrote: I'm having throughput problems using a Soekris net4801 as a firewall running OpenBSD 3.9. This is replacing a SonicWALL device that was working fine from the user's perspective. (I want to replace it because, among other things, I abhor SonicWALL's licensing). I won't post a dmesg unless requested because I think this platform is pretty well known. Hosts on the internal network are able to access the Internet but report that access seems slow. Some operations fail consistently. For example, users can send and receive e-mail e-mails but can't send e-mail with attachments larger than about 20K. I ran a browser-based ADSL speed test from an internal host and found download speeds to be quite good but upload tests fail to complete. I found a few similar problems in the archives but the posted solutions haven't worked for me. I can't see that pf is blocking anything I want passed. At the moment I am running a stripped down pf.conf as follows: # DECLARATIONS: Ext_If=sis0 Int_If=sis1 DMZ_If=sis2 Int_Net=192.168.5.0/24 # OPTIONS: set loginterface $Ext_If # NAT / REDIRECTION: nat on $Ext_If from $Int_Net to any - ($Ext_If) rdr on $Ext_If inet proto tcp from any to ($Ext_If) port 3391 \ - 192.168.5.1 port 3391 rdr on $Ext_If inet proto tcp from any to ($Ext_If) port 3392 \ - 192.168.5.2 port 3392 I think I can rule out things like speed and duplex problems between the Soekris and the local switch because the problem only affects outbound traffic. I tried a few scrub options to no avail but may not have been doing the right thing. I would really appreciate any suggestions on how to troubleshoot this. If I can't get this resolved by Monday morning I'm going to take some heat. Do netstat -in, netstat -s or netstat -ss give any clues?
Re: Letter to OLPC
On 10/5/06, Theo de Raadt [EMAIL PROTECTED] wrote: I have decided to make public this letter which I sent to the OLPC (One Laptop Per Child group, which is strongly associated with Red Hat. [snip] See Jim Gettys defense at http://www.gettysfamily.org/wordpress/?p=27 =Adriaan=
Re: OpenBSD dedicated hosting
On 9/17/06, Gilles Chehade [EMAIL PROTECTED] wrote: Hi misc@, I am looking for companies that provide OpenBSD-powered dedicated hosting. Currently, I am being hosted by a french company which turned out to be as incompetent as can be, and I am willing to switch as soon as possible (preferably before the 25th of September). [snip] The search at http://calyx.com/about/ shows powered by OpenBSD. Their Dutch website http://www.calyx.net/index.php?option=com_contenttask=viewid=17Itemid=46 shows OpenBSD sysjails as one ot their options for using a virtual server I never used calyx myself, just happen to use their OpenBSD ftp mirror once in a while ;) 220 ftp.calyx.nl FTP server (Version 6.6/OpenBSD) ready. Name (ftp.calyx.nl:adriaan): Adriaan
Re: Low priority or real coders
On 9/14/06, steve szmidt [EMAIL PROTECTED] wrote: * Out of date vi, harder to navigate and use, poor visual feedback. Use an .exrc file set number set ruler set verbose set showmode set showmatch set shiftwidth=4
Re: REPOST: console on 3.9-current question
On 4/25/06, J.D. Bronson [EMAIL PROTECTED] wrote: I was surprised that no one replied on this list about this issue...so I wanted to repost it ONE time. Someone out there must also be seeing this and if its normal..I would like to know...(and if its normal..why) REPOST: After further testing, its not only the console, but also over SSH. (on the same LAN segment) - so that would eliminate a few possibilities. I noticed this awhile back on 3.9-current and it is still there in the latest snapshot I tried (4/22)...I am hoping someone has seen this.. I installed from the snapshot and didnt customize a thing. When the machine is done loading (IBM rack server)...I simply logged in (as root at the moment). I am not running serial or headless. I have a normal monitor/keyboard (PS2) plugged in. When I type at the console to begin to setup the machine, the characters do not follow me in real time as I type. Its like I am on an overseas long distance 300 baud dialup line. There is quite a delay and sometimes I can type several words and then a few seconds later - they show up. This does not happen on the same machine if I install 3.8. I have (4) identical machines (make/model/ram/cpu/hard drives) and they all work fine with 3.8 - it is only past 3.8 that I noticed this. Any thoughts? -JD From http://openbsd.unixtech.be/report.html: [quote] Current version problem reports If your problem is with the current source tree rather than a release or stable tree, 1. Test the problem at least twice, with source updated a few days apart. [endquote] Or try a new current snapshot.. You now even have the choice between non-PAE and very-close-to-PAE ones ;) ==Adriaan==
PAE and Non-PAE current snapshots
For those who havent' noticed ;) From ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/ man39.tgz 7360 KB 04/24/0616:16:00 misc39.tgz 2228 KB 04/24/0616:16:00 non-pae 04/24/0617:54:00 pxeboot 50 KB 04/24/0616:16:00 xbase39.tgz 10318 KB04/24/0612:29:00 ==Adriaan==
Re: pf.conf(5) buglet wrt logging
On 12/10/05, Tamas TEVESZ [EMAIL PROTECTED] wrote: [snip] , what's the correct syntax for logging in a nat(/binat/rdr) rule? nat on pcn0 from 192.168.1.0/24 to any - (pcn0) works fine, nat log on pcn... gives a syntax error). if the diff below is correct, how can one log nats/rdrs/binats as they happen? [snip] I interpret it that you need a pass before the log ;) man pf.conf of 3.8 current --- rdr-rule = [ no ] rdr [ pass [ log [ ( logopts ) ] ] ] [ on ifspec ] [ af ] end --- With the pass it gives no syntax errors. EXT_NIC = fxp0 rdr pass log on $EXT_NIC inet proto tcp from ! self to $EXT_NIC port tag IN_OK - $EXT_NIC port ssh pfctl -s nat rdr pass log on fxp0 inet proto tcp from ! 127.0.0.1 to 192.168.222.69 port = tag IN_OK - 192.168.222.69 port 22 rdr pass log on fxp0 inet proto tcp from ! 192.168.222.69 to 192.168.222.69 port = tag IN_OK - 192.168.222.69 port 22 =Adriaan=
Re: looking for reliable USB printer
On 10/1/05, Marc Espie [EMAIL PROTECTED] wrote: Just wanted to know what people currently use for an usb printer under OpenBSD. I'm looking for rather cheap hardware that's currently sold in europe as brand new, and guaranteed to work (through experience) by people... Last year I bought a HP Deskjet 3820, but I don't think it is really a current model anymore. It has USB as well as a parallel port Because I don't use color I take advantage of the PCL support of the printer and simply configure it as a Laserjet. I use apsfilter . With hpijs it also prints color. =Adriaan=
