Re: OpenBSD/hppa 7.5: install kernel boots from cdrom, but not from disk on 715/50?

2024-05-05 Thread Alexander Bochmann 
...on 2024-05-05 20:32:55, Alexander Bochmann wrote:

 > but when trying to reboot from disk, the kernel hangs 
 > after "power0 at mainbus0: not available" 

7.4 looks the same, by the way.

Alex.

OpenBSD/hppa 7.5: install kernel boots from cdrom, but not from disk on 715/50?

2024-05-05 Thread Alexander Bochmann 
Hi,

I tried to install OpenBSD on an HP apollo 715/50 today:
The install kernel boots from CD and installs the system, 
but when trying to reboot from disk, the kernel hangs 
after "power0 at mainbus0: not available" (right before 
the cpu0 line).

Any idea what could be wrong here?

I verified that /bsd on disk is the identical to the one 
from CD (installer says "Relinking to create unique kernel... failed."
at the end).

I have a dmesg from the install kernel, and below that 
another one when booting from disk (the same happens when 
manually booting /bsd.rd instead of /bsd):

--- >>> cut >>> ---
>> OpenBSD/hppa CDBOOT 0.2
booting dk6a:/bsd.rd: 2707456+5047296+519168=0xff817c
SPID bits: 0x0, error = -2
pdc_coproc: 0xc0, 0xc0; model 9 rev 1
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2024 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 7.5 (RAMDISK) #933: Wed Mar 20 18:17:27 MDT 2024
dera...@hppa.openbsd.org:/usr/src/sys/arch/hppa/compile/RAMDISK
HP 9000/715/50 (Scorpio) PA-RISC 1.1a
real mem = 67108864 (64MB)
rsvd mem = 524288 (512KB)
avail mem = 53362688 (50MB)
random: boothowto does not indicate good seed
mainbus0 at root [flex fff8]
pdc0 at mainbus0
power0 at mainbus0: not available
cpu0 at mainbus0 offset ffbe000 irq 31: PCXT L1-A 50MHz, FPU PCXT (Rolex - 
CMOS-26B) rev 1
cpu0: 64K(32b/l) Icache, 64K(32b/l) wr-back Dcache, 120 coherent TLB, 16 BTLB
mem0 at mainbus0 offset ffbf000: viper rev 0, size 64MB
asp0 at mainbus0 offset 82f000: Scorpio rev 1, lan 1 scsi 7
gsc0 at asp0 irq 2
"Advanced audio (ext.)" at gsc0 (type a sv 7b mod 0 hv 70) offset 100 not 
configured
"Core Centronics" at gsc0 (type a sv 74 mod 0 hv 70) offset 824000 not 
configured
com1 at gsc0 offset 822000 irq 6: ns16550a, 16 byte fifo
com0 at gsc0 offset 823000 irq 5: ns16550a, 16 byte fifo
com0: console
hil0 at gsc0 offset 821000 irq 1
ie0 at gsc0 offset 826000 irq 8: i82596DX v0.0, address 08:00:09:78:25:c4
oosiop0 at gsc0 offset 825000 irq 9: NCR53C700 rev 0, 50MHz
scsibus0 at oosiop0: 8 targets, initiator 7
oosiop0: target 1 now using 8 bit asynchronous xfers
oosiop0: target 1 now using 8 bit asynchronous xfers
sd0 at scsibus0 targ 1 lun 0:  
serial.codesrc_SCSI2SD_2024050501_
sd0: 2048MB, 512 bytes/sector, 4194304 sectors
oosiop0: target 2 now using 8 bit asynchronous xfers
sd1 at scsibus0 targ 2 lun 0:  
serial.codesrc_SCSI2SD_2024050502_
sd1: 4096MB, 512 bytes/sector, 8388608 sectors
oosiop0: target 3 now using 8 bit asynchronous xfers
sd2 at scsibus0 targ 3 lun 0:  
serial.codesrc_SCSI2SD_2024050503_
sd2: 4096MB, 512 bytes/sector, 8388608 sectors
oosiop0: target 4 now using 8 bit asynchronous xfers
sd3 at scsibus0 targ 4 lun 0:  
serial.codesrc_SCSI2SD_2024050504_
sd3: 4736MB, 512 bytes/sector, 9700352 sectors
oosiop0: target 6 now using 8 bit synchronous xfers
oosiop0: target 6 now using 8 bit synchronous xfers
cd0 at scsibus0 targ 6 lun 0:  removable
sti0 at mainbus0 offset 400: rev 8.02;10, ID 0x27F1239240A00499
sti0: HPA1991AC16, 2048x1024 frame buffer, 1024x768x8 display
sti0: 8x16 font type 1, 16 bpc, charset 0-255
wsdisplay0 at sti0 mux 1
wsdisplay0: screen 0 added (std, vt100 emulation)
softraid0 at root
scsibus1 at softraid0: 256 targets
oosiop0: target 1 now using 8 bit asynchronous xfers
hilkbd0 at hil0 code 1: 109-key keyboard, layout 1f
wskbd0 at hilkbd0 mux 1
wskbd0: connecting to wsdisplay0
"Mouse" at hil0 id 68 code 2 not configured
oosiop0: target 2 now using 8 bit asynchronous xfers
oosiop0: target 3 now using 8 bit asynchronous xfers
oosiop0: target 4 now using 8 bit asynchronous xfers
bootpath: 2/0/1.6 class=1 flags=0 hpa=0xf0825000 spa=0x0 io=0x6b24
root on rd0a swap on rd0b dump on rd0b
clock: failed to fetch (-13)
WARNING: bad clock chip time
WARNING: CHECK AND RESET THE DATE!
erase ^?, werase ^W, kill ^U, intr ^C, status ^T

Welcome to the OpenBSD/hppa 7.5 installation program.
--- <<< cut <<< ---


Disk boot:

--- >>> cut >>> ---
>> OpenBSD/hppa BOOT 1.11
boot>
NOTE: random seed is being reused.
booting dk4a:/bsd: 5107712+1823748+650236 [284920+110+279184+258064]=0xff817c
SPID bits: 0x0, error = -2
WARNING: PDC_COPROC error -3, assuming 1.1 FPU
[ using 822812 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2024 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 7.5 (GENERIC) #946: Wed Mar 20 17:20:03 MDT 2024
dera...@hppa.openbsd.org:/usr/src/sys/arch/hppa/compile/GENERIC
HP 9000/715/50 (Scorpio) PA-RISC 1.1a
real mem = 67108864 (64MB)
rsvd mem = 524288 (512KB)
avail mem = 55631872 (53MB)
random: boothowto does not indicate good seed
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root [flex fff8]
pdc0 at mainbus0
power0 at mainbus0: not available
--- <<< cut <<< ---

Alex.

Re: ksh horizontal line scrolling

2024-02-10 Thread Alexander Arkhipov 
"Jeremy Baxter"  wrote:
> Hi all, I'm trying to disable the horizontal line scrolling feature in ksh,
> enabled through `set -o vi' or `set -o emacs'. ksh(1) says this about it:
> 
> In these editing modes, if a line is longer than the screen width (see
> the COLUMNS parameter), a `>', `+', or `<' character is displayed in
> the last column indicating that there are more characters after, before
> and after, or before the current position, respectively.  The line is
> scrolled horizontally as necessary.
> 
> Is it possible to completely disable this feature at the moment? Setting
> COLUMNS to a large number "disables" it for the most part but brings in
> other weird behaviours like massive gaps between lines when pressing
> ctrl-u and random newlines showing up when scrolling through history.

Hi, Jeremy,

The display() function in /usr/src/bin/ksh/vi.c goes something like
this:

static void
display(char *wb1, char *wb2, int leftside)
{
...
int  moreright;
...
moreright = 0;
...
if (col < winwidth) {
...
} else
moreright++;
...
/* Update the "more character". */

if (es->winleft > 0 && moreright)
/* POSIX says to use * for this but that is a globbing
 * character and may confuse people; + is more innocuous
 */
mc = '+';
else if (es->winleft > 0)
mc = '<';
else if (moreright)
mc = '>';
else
mc = ' ';
if (mc != morec) {
ed_mov_opt(pwidth + winwidth + 1, wb1);
x_putc(mc);
cur_col++;
morec = mc;
lastb = -1;
}
...
}

I assume, the logic is similar for the emacs mode. So, unless I missed
something, disabling both the vi and emacs modes is the only way to get
rid of the behaviour.

-- 
Alexander

Re: cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
...on 2024-01-27 17:46:07, Alexander Bochmann wrote:

 > Is this expected, or a result of some error I made during upgrades?

As it turns out, the error I made was not actually running
pkg_delete -a at any point, and misinterpreting the output 
of pkg_delete -an (which is why I didn't run the former)...

It seems now all the stray libraries are gone.

Sorry for the extended noise,

Alex.

Re: cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
...on 2024-01-27 19:58:45, Alexander Bochmann wrote:

 > I tried pkg_delete -a earlier today, but while it gave me a bunch 
 > of files that I think were from base (/usr/X11R6 mostly), it didn't 
 > turn up anything from /usr/local on this system.

It's been pointed out that this is impossible, and indeed 
what I was thinking of was actually pkg_check -F output...

Alex.

Re: cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
...on 2024-01-27 20:43:17, Jan Stary wrote:

 > That's definitely weird. Which packages own these files?
 > $ pkg_info -E /usr/local/lib/libvpx.so.8.0
 > $ doas pkg_check -Fq

pkg_info -E returns no output for any version but the latest, 
which is then (in this case - I just picked libvpx as an example 
from a long list of libs):

 > # pkg_info -E /usr/local/lib/libvpx.so.16.0
 > /usr/local/lib/libvpx.so.16.0: libvpx-1.13.1v0
 > libvpx-1.13.1v0 Google VP8/VP9 video codec

The only files mentioned by pkg_check -Fq in /usr/local 
are from stuff I built myself, outside of packages.
None of the outdated shared libs turn up.

 > > Usually I'm just running pkg_add -u to pull fresh versions of packages.
 > > And is there some "standard" way to get rid of the old versions? 
 > pkg_add generally replaces the old version with the new versions.

Yes, at least that's true for the binaries and manpages and such...

Alex.

Re: cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
...on 2024-01-27 20:01:55, Omar Polo wrote:

 > I think you're mixing up pkg_delete and sysclean.  sysclean will give
 > you a list of extra files that are not needed, while pkg_delete handles
 > packages.

Nope, I looked at both, and neither handles old shared libraries 
from upgraded packages in /usr/local.

I had a quick skim over the pkg* sources, and while my Perl is far 
too rusty to really understand what's going on, there's a comment 
in PkgAdd.pm that looks related:

 > sub delete_old_packages($set, $state)
 > {
 > [..]
 >  $set->cleanup_old_shared($state);
 >  # Here there should be code to handle old libs
 > }

Hrm.

I mean, it takes a couple of years of running pkg_add -u to 
turn into a problem, when your /usr/local is too small... ;)

Alex.

Re: cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
...on 2024-01-27 18:50:01, Nowarez Market wrote:

 > _Did_ you check sysclean for your own purpose ?

sysclean (also mentioned in a direct mail by someone else) 
doesn't seem to help in this case. While it gives me input 
for yet another cleanup task, none of the files mentioned 
in sysclean output on this system are from /usr/local

Alex.

Re: cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
...on 2024-01-27 19:35:18, Omar Polo wrote:

 > does pkg_delete -a help?  It should remove all the packages not needed,

I tried pkg_delete -a earlier today, but while it gave me a bunch 
of files that I think were from base (/usr/X11R6 mostly), it didn't 
turn up anything from /usr/local on this system.

Alex.

cleaning up /usr/local/lib after (many) upgrades?

2024-01-27 Thread Alexander Bochmann 
Hi -

I'm looking at one of my OpenBSD systems here that has been upgraded 
over a long time, and has /usr/local running out of space. 

It seems there's a lot of old versions of shared libraries in 
/usr/local/lib, like for example:

 > # ls -al /usr/local/lib/libvpx.so.*
 > -rw-r--r--  1 root  bin  1909442 Mar 27  2018 /usr/local/lib/libvpx.so.10.0
 > -rw-r--r--  1 root  bin  2047296 Oct 11  2018 /usr/local/lib/libvpx.so.11.0
 > -rw-r--r--  1 root  bin  3182104 Apr 19  2021 /usr/local/lib/libvpx.so.12.0
 > -rw-r--r--  1 root  bin  2049592 Sep 26  2021 /usr/local/lib/libvpx.so.13.0
 > -rw-r--r--  1 root  bin  2062112 Sep 29  2022 /usr/local/lib/libvpx.so.14.0
 > -rw-r--r--  1 root  bin  2057584 Mar 25  2023 /usr/local/lib/libvpx.so.15.0
 > -rw-r--r--  1 root  bin  2069504 Oct  6 00:20 /usr/local/lib/libvpx.so.16.0
 > -rw-r--r--  1 root  bin  1869707 Jul 26  2016 /usr/local/lib/libvpx.so.7.0
 > -rw-r--r--  1 root  bin  1909806 Oct  2  2017 /usr/local/lib/libvpx.so.8.0

Is this expected, or a result of some error I made during upgrades?
Usually I'm just running pkg_add -u to pull fresh versions of packages.

And is there some "standard" way to get rid of the old versions? 
I could probably compare whatever is there against the pkglocate 
database or check each file against pkglocate individually and parse 
the output or something, but I'd assume I'm not the first user to 
run into this?

Alex.

Re: time keeping fallback mechanics during reboot on octeon

2024-01-14 Thread Alexander Hall 
I don't have mine (EdgeRouter lite) running anymore, but IIRC, I had a cron job 
poking the root fs to"resolve" this.

Sth like "mkdir /bump && rmdir /bump && sync".

/Alexander

On January 12, 2024 2:35:47 PM GMT+01:00, Christian Gut  
wrote:
>Hi,
>
>Could somebody point me to documentation or tell me where OpenBSD gets the 
>time from, when the system has no RTC and ntpd is not working?
>
>I am using an EdgeRouter / octeon and at every reboot, the date/time gets 
>reset to the exact same date.
>
>I tried to read the source code of boot(9) and inittodr(9). I can see, that 
>there seems to be a fallback to some timestamp that comes from the filesystem. 
>Maybe when the root filesystem is mounted as of ffs_mountroot() for example. 
>But my understanding did not go so far to identify from which file, directory, 
>superblock or other filesystem metadata the information really comes from.
>
>It seems to me, that either my system is broken or something on octeon does 
>not work correctly for this fallback to happen correctly.
>
>Kind Regards,
>Christian
>

Hardware Available for Port Maintenance (Maryland, USA)

2023-07-17 Thread Alexander Jacocks

Re: newfs /usr/local

2023-06-19 Thread Alexander Hall 



On June 19, 2023 8:57:34 PM GMT+02:00, "Pau A.S." 
 wrote:
>Hello,
>
>I would like to newfs /usr/local
>
>I have copied the contents to a different partition as root.
>
>My guess is that I would have to bring up the system in single user mode.
>
>My problem is that when I do that, /usr/local does not exist because it has
>not been mounted.

Well, that's kind of the point with going into single user mode. You wouldn't 
want the filesystem mounted while newfs'ing the underlying device.

> I can however identify the UIID with fstab:
>
>afafa9bd7395733b.b none swap sw
>afafa9bd7395733b.a / ffs rw 1 1
>afafa9bd7395733b.h /home ffs rw,nodev,nosuid 1 2
>afafa9bd7395733b.d /tmp ffs rw,nodev,nosuid 1 2
>afafa9bd7395733b.f /usr ffs rw,nodev 1 2
>afafa9bd7395733b.l /usr/X11R6 ffs rw,nodev 1 2
>afafa9bd7395733b.g /usr/local ffs rw,wxallowed,nodev 1 2
>afafa9bd7395733b.e /var ffs rw,nodev,nosuid 1 2
>
>I can also see the name of the dev with df,
>
>Filesystem SizeUsed   Avail Capacity  Mounted on
>/dev/sd1a  988M787M152M84%/
>/dev/sd1h  393G349G   24.9G94%/home
>/dev/sd1d  989M   51.9M888M 6%/tmp
>/dev/sd1f  3.9G1.3G2.4G36%/usr
>/dev/sd1l  497M429M   43.2M91%/usr/X11R6
>/dev/sd1g 12.6G   10.7G1.3G90%/usr/local
>/dev/sd1e  249M118M119M50%/var
>
>My question is: Do I run this upon rebooting as single user?
>
>$ newfs afafa9bd7395733b.g

#, but yes. ;⁠)

>
>and then reboot and, as root,
>
>$ cp -pR /path-to-backup-copy/* /usr/local
>
>?

Assuming your paths are correct, that looks like it, yes.

However since you probably want to copy in single user mode, you could just

# newfs ...
# fsck -p
# mount -a
# 
# reboot (or just exit to go multiuser)

/Alexander

>
>Thanks

Re: OpenBSD on Thinkpad X13s ARM-based laptop

2023-06-02 Thread Alexander Hall 
Search the archives for "support of thinkpad arm". This was asked just this 
Tuesday.

/Alexander

On June 1, 2023 10:46:33 PM GMT+02:00, "Tito Mari Francis Escaño" 
 wrote:
>Hi everyone,
>Has anyone tried to install and run OpenBSD on ARM-based Thinkpad X13s?
>What are the challenges on making OpenBSD run on it?
>Thank you.

Re: obsd install initial boot process slowed down

2023-01-06 Thread Alexander Hall 
Hi Sylvain,

[Cc: tech@ removed. Do not cross post.]

While Nick and Stuart has assisted you with the question per se,
I'd like to point out a totally non-technical issue that at least
caused me a little confusion from the beginning:

On Wed, Jan 04, 2023 at 07:13:23AM +0100, Sylvain Saboua wrote:
> ...
> The initial boot process, right after I type the security
> key in, which displays cyphers aligning in between rotating
> semicolumns (I hope this is clear), is slow, on this install.

I believe the word you're looking for is not "cyphers", but rather
"digits". Assuming you're french, "chiffres" would also be a proper
translation for "cyphers" (or "ciphers"), but that refers to 
cryptographic methods, and not the digits [0-9].

Cheers,
Alexander

unveil(2) makes libboost_date_time-mt.so.21.0 loadable, but not libbz2.so.10.4?

2022-12-23 Thread Alexander Klimov 

Grüzi!

The ports already contain icinga2 which includes the `icinga2 console` 
feature:


$ icinga2 console
Icinga 2 (version: r2.13.5-1)
Type $help to view available commands.
<1> => 1 + 1
2.00
<2> =>

I'm building a (free) "icinga2 console as a service" via -long story
short- JS, websocket, FastCGI and forkpty(3).

To maximally sandbox each icinga2 console, I use pledge(2) and
unveil(2). Unfortunately pledge(2) requires not only
execpromises="stdio error", but also "rpath" for loading the libs. OK, I
can live with it as I can unveil(2) across execvpe(3). To unveil(2) only
as much as needed, I'm trying to unveil(2) only step-by-step until
success. I use ld error messages as signposts, i.e.:

Me: unveil("/usr/local/lib/icinga2/sbin/icinga2", "x"), unveil(0, 0)
execve: cannot load /usr/libexec/ld.so
Me: unveil("/usr/libexec/ld.so", "r")
ld.so: icinga2: can't load library 'libcurses.so.14.0'
Me: unveil("/usr/lib", "r")
ld.so: icinga2: can't load library 'libboost_date_time-mt.so.21.0'
Me: unveil("/usr/local/lib", "r")
ld.so: icinga2: can't load library 'libbz2.so.10.4'

That's interesting:

/usr/local/lib/libboost_date_time-mt.so.21.0 and
/usr/local/lib/libbz2.so.10.4 are in the same dir, but only one can be
loaded.

Has anyone an idea why? Btw. no unveil(2) at all works.

Best,
A/K

Re: Xterm copy-paste not happening on OpenBSD 7.1 i386.

2022-08-05 Thread Alexander Hall 



On August 5, 2022 8:32:25 AM GMT+02:00, Brian Durant 
 wrote:
>
>
>On Thu, 4 Aug 2022, Alexander Hall wrote:
>
>> 
>> 
>> On August 4, 2022 5:42:13 PM GMT+02:00, Brian Durant 
>>  wrote:
>> >
>> >
>> >On Thu, 4 Aug 2022, Lucas wrote:
>> >
>> >> Brian Durant  wrote:
>> >> > I have installed OpenBSD 7.1 i386 on my Lenovo T60 and am experiencing 
>> >> > a 
>> >> > couple of issues. The first is related to the following addition that I 
>> >> > made to my .Xdefaults file, which works with OpenBSD 7.1 amd64 
>> >> > installs, 
>> >> > but not with the OpenBSD 7.1 i386 install on my Lenovo T60:
>> >> > XTerm*VT100.Translations: #override\
>> >> >  Ctrl Shift  C: copy-selection(CLIPBOARD) \n\
>> >> >  Ctrl Shift  V: insert-selection(CLIPBOARD)
>> >> > Any ideas how to get copy and paste working in Xterm with an i386 
>> >> > install?
>> >> 
>> >> I don't know if it's relevant, but my Xdefaults looks like this
>> >> 
>> >> XTerm.VT100.translations:   #override \n\
>> >> Ctrl Alt C:copy-selection(CLIPBOARD) \n\
>> >> Ctrl Alt V:insert-selection(CLIPBOARD) \n\
>> >> [...other stuff...]
>> >> 
>> >> In particular, do note the "\n" after #override, which isn't present in
>> >> your snippet. This works fine for me.
>> >> 
>> >> Also, vi(1) is showing \xc2\xa0 before your lines, which I don't know
>> >> if it's product of your MUA or if it's actually part of the file (it's
>> >> a non-breaking space, aka  in XML/HTML), do double-check the
>> >> whitespaces in there.
>> >> 
>> >> -Lucas
>> >
>> >Thanks for the reply. Trying a different MUA. Not sure where the extra 
>> >characters that you mention crept in, however they weren't in the 
>> >.Xdefaults file as far as I could see. I added the extra "\n\" in the last 
>> >line as suggested, but weirdly this had no effect. Still no copy-paste in 
>> >i386.
>> 
>> It wasn't the last line that potentially lacked "\n\", it was the first one, 
>> "#override\n\".
>> 
>> I suspect paste actually might already work. Did you try copying from, say, 
>> Firefox, and then paste into an xterm?
>> 
>> I strongly believe this has nothing to do with the platform.
>> 
>> /Alexander
>
>Hmm. Thanks for the inspiration, but no, paste wasn't already working. I 
>have however, now got copy to work. Unfortunately, nothing I do seems to 
>sort paste out. Currently my snippet looks like this:
>xterm.VT100.translations:  #override \
>   Ctrl Shift  C: copy-selection(CLIPBOARD) \n\
>   Ctrl Shift  V: insert-selection(CLIPBOARD)
>
>The "n\" that you have in he first line shouldn't make a difference as it 
>is a comment "#", isn't it? What causes me some concern, is the apparent 
>lack of consistent behavior between architectures on this minor, but 
>irritating issue.

Every example from the xterm man page uses sth like:

  *VT100*translations: #override \n\

, and it makes sense, as # is not a comment in the resource file itself. So 
your resource value above effectively becomes

"#override  Ctrl Shift  C: copy-selection(CLIPBOARD) 
Ctrl Shift  V: insert-selection(CLIPBOARD)"

instead of

"#override 
 Ctrl Shift  C:copy-selection(CLIPBOARD) 
Ctrl Shift  V: insert-selection(CLIPBOARD)"

Also, while being at the edge of my confidence level here, generally

XTerm*VT100*translations:

With all them asterisks, usually kicks in better. YMMV though.

Also, I assume the proper xrdb commands are issued to set these resource values.

/Alexander

Re: Xterm copy-paste not happening on OpenBSD 7.1 i386.

2022-08-04 Thread Alexander Hall 



On August 4, 2022 5:42:13 PM GMT+02:00, Brian Durant 
 wrote:
>
>
>On Thu, 4 Aug 2022, Lucas wrote:
>
>> Brian Durant  wrote:
>> > I have installed OpenBSD 7.1 i386 on my Lenovo T60 and am experiencing a 
>> > couple of issues. The first is related to the following addition that I 
>> > made to my .Xdefaults file, which works with OpenBSD 7.1 amd64 installs, 
>> > but not with the OpenBSD 7.1 i386 install on my Lenovo T60:
>> > XTerm*VT100.Translations: #override\
>> >  Ctrl Shift  C: copy-selection(CLIPBOARD) \n\
>> >  Ctrl Shift  V: insert-selection(CLIPBOARD)
>> > Any ideas how to get copy and paste working in Xterm with an i386 install?
>> 
>> I don't know if it's relevant, but my Xdefaults looks like this
>> 
>> XTerm.VT100.translations:   #override \n\
>> Ctrl Alt C:copy-selection(CLIPBOARD) \n\
>> Ctrl Alt V:insert-selection(CLIPBOARD) \n\
>> [...other stuff...]
>> 
>> In particular, do note the "\n" after #override, which isn't present in
>> your snippet. This works fine for me.
>> 
>> Also, vi(1) is showing \xc2\xa0 before your lines, which I don't know
>> if it's product of your MUA or if it's actually part of the file (it's
>> a non-breaking space, aka  in XML/HTML), do double-check the
>> whitespaces in there.
>> 
>> -Lucas
>
>Thanks for the reply. Trying a different MUA. Not sure where the extra 
>characters that you mention crept in, however they weren't in the 
>.Xdefaults file as far as I could see. I added the extra "\n\" in the last 
>line as suggested, but weirdly this had no effect. Still no copy-paste in 
>i386.

It wasn't the last line that potentially lacked "\n\", it was the first one, 
"#override\n\".

I suspect paste actually might already work. Did you try copying from, say, 
Firefox, and then paste into an xterm?

I strongly believe this has nothing to do with the platform.

/Alexander

Re: Switching from tcsh to ksh and Aliases exportation

2022-07-30 Thread Alexander Hall 



On July 30, 2022 9:18:34 AM GMT+02:00, Federico Giannici  
wrote:
>For historical reasons I always used the tcsh shell for my personal uses. Now 
>I'd like to switch to the system sh (actually ksh), but I have a problem.
>
>Usually, on the servers I manage, I switch to root with "su -m", so I can 
>maintain my environment: path, prompt, aliases, etc.
>
>With tcsh it works perfectly, but if I use sh (ksh) all the aliases are lost 
>in the root environment.
>
>Is it expected this different behavior between tcsh and ksh?
>
>Is there a way to maintain the aliases when i do "su -m" with sh?
>
>Is there some kind of "exportation" of aliases? In the ksh man page it says 
>that the "-x" option of alias "sets the export attribute of an alias", but it 
>doesn't seem to have any effect. How is it supposed to work?

I doubt you're really exporting the aliases per se. More likely tcsh is 
sourcing your alias definitions from some file(s). Files like .profile, .login, 
.kshrc etc are sourced in different ways in different shells. For details, 
consult the ksh man page.

/Alexander

>
>Thanks.
>
>P.S.
>I'm talking about OpenBSD amd64 7.0 and 7.1.
>

Re: doas and args matching

2022-07-29 Thread Alexander Hall 



On July 28, 2022 9:06:51 PM GMT+02:00, Chris Narkiewicz  
wrote:
>On Thu, Jul 28, 2022 at 03:08:19PM +0200, Alexander Hall wrote:
>> Just leaving out the "args ..." from the config should accomplish that.
>
>It would allow the user  to set any wscons parameters, which is not optimal.
>
>But either += -= operators or custom shell script can do the job as well.

Yup, I was referring to using the (not quoted) lines I wrote a bit up in a 
custom script.

/Alexander

>
>Best regards,
>Chris Narkiewicz

Re: doas and args matching

2022-07-28 Thread Alexander Hall 



On July 28, 2022 5:09:54 AM GMT+02:00, Alexis  wrote:
>
>Alexander Hall  writes:
>
>> Better yet, the wrapper could be allowed with no argument restrictions
>> and just do
>> 
>>   wsconsctl "display.brightness=$1"
>> 
>> or even (maybe; untested)
>> 
>>   wsconsctl "display.brightness${1%%[!+-]*}=${1#[+-]}"
>> 
>> for moar fanziness.
>
>There's a good chance i'm misunderstanding, but doesn't this run into the same 
>issue? Namely, that (as far as i'm aware) it's not possible to specify that a 
>doas-permitted command be allowed to run with arbitrary arguments (or range of 
>arguments), rather than only the arguments specified in doas.conf?

Just leaving out the "args ..." from the config should accomplish that.

/Alexander

>
>
>Alexis.

Re: Blocking ARP packet for specific MAC

2022-07-27 Thread Alexander Hall 



On July 27, 2022 9:23:36 AM GMT+02:00, Cristian Danila  
wrote:
>[UPDATE]
>The only possible solution that I have found for now is that
>I have to create an vether interface, add it to the bridge and use
>the filtered vether interface as main. So I would deduce(but
>maybe I am wrong) that a single interface added to bridge
>cannot participate in this kind of filtering.

Indeed you are configuring the bridge between interfaces, not the interfaces 
themselves. The bridge was not between your vic0 interface and the mac address 
you're trying to block.

I was going to suggest the exact path you took, bridging a vether interface.

>I did not found some docs mentioning what is happening in a bridge
>configuration: if the filtered traffic is the one that is forwarded between
>interfaces by the bridge itself or the interface itself is doing filtering
>when it is marked as being part of a bridge.
>My concern with this new vether interface is that I am not sure
>yet how much overhead introduces in the process.

If you run some tests, do feel free to share the results.

/Alexander

>I will try to look into sourcecode maybe I will find something useful.
>
>On Tue, Jul 26, 2022, 15:10 Cristian Danila  wrote:
>>
>> Good day!
>> I've been having a headache for days(I still fight, no success yet)
>> in trying to find a way to block ARP for specific
>> MAC address(example 00:50:56:c0:00:08).
>> I want to see how I can achieve this on OpenBSD,
>> I would appreciate a technical answer or a hint/site/doc/book where
>> I can research more to expand my knowledge.
>> I've tried lot of combinations on config, many lookups over the
>> internet and I was not able to find an answer yet.
>>
>> This is what I've found and tried.
>>
>> OpenBSD can filter level 2 traffic only if the interface
>> is part of a BRIDGE.
>> By adding it to a bridge it put it in promiscuous mode so that it can
>> receive every packet sent on the network.
>>
>> So by having this requirement I have hostname.bridge0
>> ---hostname.vic0
>> inet autoconf
>> up
>> ---hostname.bridge0
>> #add my network card to bridge
>> add vic0
>> blocknonip vic0
>> rule block in on vic0
>> rule block out on vic0 src 00:50:56:c0:00:08
>> rule block out on vic0 dst 00:50:56:c0:00:08
>> up
>> ---
>> now I reboot and expect to see the packets blocked for 00:50:56:c0:00:08
>> However these are not blocked and here is the log:
>>
>> 00:50:56:c0:00:08 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
>> 192.168.121.131 tell 102.168.121.1
>> 00:50:56:c0:00:08 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
>> 192.168.121.131 tell 102.168.121.1
>> 00:0c:29:c3:d9:a7 00:50:56:c0:00:08 0806 60: arp reply 192.168.121.131
>> is-at 00:0c:29:c4:d9:a7
>>
>> So I see a success request/response for 00:50:56:c0:00:08
>> I would appreciate any help.
>>
>> Kind Regards,
>> Claudiu
>

Re: doas and args matching

2022-07-27 Thread Alexander Hall 



On July 26, 2022 1:48:24 PM GMT+02:00, Alexis  wrote:
>
>Chris Narkiewicz  writes:
>
>> Is it possible to match command arguments against an expression in
>> doas.conf?
>> 
>> I'd like to allow user to run wsconsctl display.brightness=<0-100> and
>> the only solution i found so far is to explicitly put all values in
>> doas.conf.
>
>Since no-one has yet offered any better suggestions: perhaps you could write a 
>wrapper script that can be called without arguments, and instead takes the 
>brightness value from stdin? E.g. something like:
>
>$ echo 50 | doas /usr/local/bin/my-wrapper
>
>where my-wrapper is something like:
>
>   #!/bin/ksh
>
>   IFS=
>   read -u VAL
>   wsconsctl display.brightness=${VAL}
>
>(Obviously the script should check that VAL is an appropriate value.)

Better yet, the wrapper could be allowed with no argument restrictions and just 
do

  wsconsctl "display.brightness=$1"

or even (maybe; untested)

  wsconsctl "display.brightness${1%%[!+-]*}=${1#[+-]}"

for moar fanziness.

/Alexander

>
>
>Alexis.
>

Re: 'not a valid hostname' error in 'bsd.rd' when using ,htaccess authorization

2022-07-20 Thread Alexander Hall 



On July 20, 2022 6:06:45 AM GMT+02:00, Adriaan  wrote:
>I am testing autoinstall for a VPS hosted in a datacenter. By using an
>OpenBSD native VM on my desktop
>I got all my issues with 'install.conf'  and 'install.site' solved.
>
>To provide some access control I created an '.htaccess' file for my
>local httpd server at 192.168.222.242 and
>for my external  webserver xyz.nl
>
>The retrieval of 'install.conf' as well as the autopartitioning
>template are successful:
>
>Response file location? [http://192.168.222.10/install.conf]
>https://wodan:=ilovefreya=@xyz.nl/install.conf
>Fetching https://wodan:=ilovefreya=@xyz.nl/install.conf
>Performing non-interactive install...
>Terminal type? [vt220] vt220
>[snip]
>
>URL to autopartitioning template for disklabel? [none]
>https://wodan:=ilovefreya=@xyz.nl/7.1/amd64/df-us-40gb.txt
>Fetching https://wodan:=ilovefreya=@xyz.nl/7.1/amd64/df-us-40gb.txt
>
>So far so good
>
>However the installing of the sets fails with a 'not a valid hostname'
>
>Location of sets? (disk http nfs or 'done') [http] http
>HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none
>HTTP Server? (hostname, list#, 'done' or '?') [192.168.222.242]
>wodan:=ilovefreya=@192.168.222.242
>'wodan:=ilovefreya=@192.168.222.242' is not a valid hostname.
>
>The same error occurs when I want to install the custom site* sets
>from my non-local xyz.nl server
>
>HTTP Server? (hostname, list#, 'done' or '?') [192.168.222.242]
>wodan:=ilovefreya=@xyz.nl
>'wodan:=ilovefreya=@xyz.nl' is not a valid hostname.
>
>So using an username and password for .htaccess control is accepted by
>bsd.rd for the 'install.conf' and
>autopartioning template, while it errors out when dealing with the install 
>sets.
>
>The password '=ilovefreya=' has a leading and trailing '='. Tomorrow I
>will eliminate those '='s and see whether that helps.

See 
https://github.com/openbsd/src/blob/636cc85955243f5226db2246a74229481ad6bac2/distrib/miniroot/install.sub#L1838

It seems we do not allow "@" either at the moment...

/Alexander

>
>Adriaan van Roosmalen
>

Re: Fanless amd64 sytem recommendations

2022-07-18 Thread Alexander Hall 
Hi Nick!

On July 11, 2022 7:33:30 PM GMT+02:00, Nick Holland 
 wrote:
>On 7/11/22 1:13 AM, B. Atticus Grobe wrote:
>> I've been running a Hewlett-Packard HP t620 Quad Core TC for a couple of
>> years now in that role, with the AMD GX-415GA SOC in it. It's the bigger
>> brother of that found in the APU systems.

>3) Rather than using a formal HP power pack, you can "fake it" with just
>about anything capable of putting out 12-20v and 0.75A or more.  High value
>(100k-300k) resistor added between center pin and +V on the computer
>overrides the "Is this an HP power pack?" test.  The higher the voltage, the
>lower the current draw.  Hint: the parts are tiny, the workspace is cramped,
>not a good way to learn to solder. :)

I happened to buy myself a stack of t730's (adding Intel i350-t4's to two of 
them), and I'm thinking about creating a common battery baked power supply for 
all of them instead of having one power pack each (with no battery).

Do you know if the t730's are also that forgiving about power input, or do you 
have any suggestions on nifty solutions to this? :-)

Cheers,
Alexander

Re: [RISC V] OpenBSD/riscv64 vs devterm R1 kit

2022-06-25 Thread Alexander . Shendi 
On Sat, Jun 25, 2022 at 11:32:00AM +, Mike Larkin wrote:
> On Fri, Jun 24, 2022 at 06:34:14PM +0200, Alexander Shendi wrote:
> > Hello @misc world,
> >
[...]
> It currently does not work with OpenBSD. It uses the Allwinner D1, which has
> DMA issues. Another thing that would need to be worked out is the panel
> output support.
>
> I was going to try and take a whack at these issues but I probably won't have
> time.

Thank you for the reply. What could I do to help?

Best Regards,

Alexander

[RISC V] OpenBSD/riscv64 vs devterm R1 kit

2022-06-24 Thread Alexander Shendi 
Hello @misc world,

I couldn't find any mailing list for the OpenBSD RISC V port, so I'm posting 
here. If there is a better place, please give directions. Also feel free to 
forward to anyone who may be interested or of help.

Does anyone have experience with the RISC-V devterm kit? Apparently it's quite 
easy to assemble.

Drawbacks:
* Slowish CPU
* CPU design not really open
* Apparently a bit awkward to use

Could it run OpenBSD/riscv64, or is only the HiFive board supported?

https://www.clockworkpi.com/product-page/devterm-kit-r01

I would volunteer to buy one or two for OpenBSD devs, but I don't know if they 
could be used for serious development work.

Many Thanks in advance,

Alexander
-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Re: ksh (and bash) dying with SIGPIPE when using echo builtin command

2022-06-11 Thread Alexander Hall 
On June 9, 2022 3:19:56 AM GMT+02:00, Philippe Meunier  
wrote:
>Hi,
>
>Try:
>
>$ mkfifo fifo
>$ while true; do /bin/echo  > fifo; echo -n "$? "; done
>
>then in another shell:
>
>$ tail -f fifo
>
>and everything works as expected.  Now repeatedly interrupt and restart
>this tail(1) command and from time to time you'll see that /bin/echo dies
>with status 141 because of a SIGPIPE signal.  My guess is that this happens
>when /bin/echo opens the FIFO and tail(1) then closes it (when it's
>interrupted) before /bin/echo has had the chance to do the write so the
>write then gets a SIGPIPE.  So far so good.
>
>Now replace /bin/echo with ksh's builtin echo command:
>
>$ while true; do echo  > fifo; echo -n "$? "; done
>
>and again repeatedly start / interrupt / restart the tail(1) command above.
>The builtin echo command is faster than /bin/echo so it might take a few
>more tries but sooner or later the builtin echo command gets a SIGPIPE and
>then ksh itself dies, which is... unexpected.
>
>I tried with bash and the behavior is the same as with ksh.
>
>I tried with zsh and I get "echo: write error: broken pipe" and zsh doesn't
>die, which is what I would have expected from ksh (and bash).

Why? Is there some reference you can point at which suggests your expectations 
are valid?

Otherwise, 

   trap : PIPE

might help you out.

/Alexander

>
>So that looks to me like a bug in ksh (and bash).
>
>Cheers,
>
>Philippe
>
>

Re: Historical Reasons For Default NAT Source Port Modification

2022-05-16 Thread Alexander Bochmann 
...on 2022-05-16 17:57:06, Stuart Henderson wrote:

 > On 2022-05-16, Alexander Bochmann  wrote:
 > > I seem to remember firewall rules that allowed only udp/53 as _source_ 
 > > port 
 > > for DNS traffic.
 > Such rules often existed to cover replies, before the days
 > of stateful firewalls.

I admit this is rather useless trivia, but a copy of an old (1999)
ORA bookshelf CD with the DNS & BIND book has this:

 > BIND 4 name servers always send queries from port 53, the well-known port 
 > for DNS servers, to port 53. Resolvers, on the other hand, usually send 
 > queries from high-numbered ports (above 1023) to port 53. Though name 
 > servers clearly have to send their queries to the DNS port on a remote host, 
 > there's no reason they have to send the queries from the DNS port. And, 
 > wouldn't you know it, BIND 8 name servers don't send queries from port 53 by 
 > default. Instead, they send queries from high-numbered ports, same as 
 > resolvers do.
 > 
 > This can cause problems with packet filtering firewalls that have been 
 > configured to allow server-to-server traffic but not resolver-to-server 
 > traffic, because they typically expect server-to-server traffic to originate 
 > from port 53 and terminate at port 53.

Also some old NFS servers required that client traffic originated 
from ports < 1024 in order to "prove" that the client service 
was running with root privileges. I assume that some other stuff 
worked on that kind of heuristics too, but I don't remember about 
any good examples.

Alex.

Re: Historical Reasons For Default NAT Source Port Modification

2022-05-16 Thread Alexander Bochmann 
Hi,

...on 2022-05-16 13:23:31, Philipp Buehler wrote:

 > I cannot recall many applications from 20y ago that have been very keen
 > on sending from certain ports (besides IKE already mentioned by JJ).

I seem to remember firewall rules that allowed only udp/53 as _source_ port 
for DNS traffic.

Might have been more than 20 years ago.

Alex.

Re: No longer able to mount NFS shares

2022-04-11 Thread Alexander Hall 
Is reverse DNS properly working at all sides?

On April 7, 2022 1:17:00 AM GMT+02:00, Aric Gregson  wrote:
>Hello,
>
>I have several NFS mount points shared on my local network from a
>FreeNAS server running version 11.1-U7. My OBSD client computer is
>running 7.0 GENERIC#224 amd64. 
>
>For the past year or so it has been very slow to connect to the NFS
>server, so slow in fact that I use the '-b' option to fork to the
>background and stopped trying to mount at boot. About six months ago I
>moved our home network to an Ubiquiti set-up. Since then my OBSD client
>is even slower to connect. I have Macs running different levels of Mac
>OS that, while now take up to 15s to connect, all do connect. Also, a
>Raspberry Pi 4 server can connect quickly to the same shares. 
>
>Once connected, writes are fast and I do not lose connection. 
>
>For the last 48h I have not been able to connect from the OBSD client
>at all. I have restarted the server to no effect. All other clients on
>the network can connect to the NFS shares. 
>
>Example of what happens with the command:
>
>doas mount_nfs -T -i -b 192.168.1.21:mnt/XFree/backups/share
>/share 
>
>mount_nfs: bad MNT RPC: RPC: Timed out
>
>Any suggestions would be greatly appreciated. 
>
>Thanks, Aric
>
>
>OpenBSD 7.0 (GENERIC) #224: Thu Sep 30 14:13:34 MDT 2021
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>real mem = 17037697024 (16248MB)
>avail mem = 16505421824 (15740MB)
>random: boothowto does not indicate good seed
>mpath0 at root
>scsibus0 at mpath0: 256 targets
>mainbus0 at root
>bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7a696000 (62 entries)
>bios0: vendor LENOVO version "N1QET85W (1.60 )" date 08/30/2019
>bios0: LENOVO 20HDCTO1WW
>acpi0 at bios0: ACPI 5.0
>acpi0: sleep states S0 S3 S4 S5
>acpi0: tables DSDT FACP SSDT TPM2 UEFI SSDT SSDT HPET APIC MCFG ECDT
>SSDT SSDT BOOT BATB SLIC SSDT SSDT SSDT WSMT SSDT SSDT DBGP DBG2 MSDM
>DMAR ASF! FPDT UEFI acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4)
>HDAS(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP08(S4)
>RP09(S4) RP10(S4) RP11(S4) RP12(S4) RP13(S4) [...] acpitimer0 at acpi0:
>3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0
>addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor)
>cpu0: Intel(R) Core(TM) i7-7600U CPU @ 2.80GHz, 2687.58 MHz, 06-8e-09
>cpu0:
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0
>mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0:
>apic clock running at 24MHz cpu0: mwait min=64, max=64,
>C-substates=0.2.1.2.4.1.1.1, IBE cpu at mainbus0: not configured
>cpu at mainbus0: not configured
>cpu at mainbus0: not configured
>ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
>acpimcfg0 at acpi0
>acpimcfg0: addr 0xf000, bus 0-63
>acpiec0 at acpi0
>acpiprt0 at acpi0: bus 0 (PCI0)
>acpiprt1 at acpi0: bus 2 (RP01)
>acpiprt2 at acpi0: bus -1 (RP02)
>acpiprt3 at acpi0: bus -1 (RP03)
>acpiprt4 at acpi0: bus -1 (RP04)
>acpiprt5 at acpi0: bus -1 (RP05)
>acpiprt6 at acpi0: bus -1 (RP06)
>acpiprt7 at acpi0: bus 4 (RP07)
>acpiprt8 at acpi0: bus -1 (RP08)
>acpiprt9 at acpi0: bus 5 (RP09)
>acpiprt10 at acpi0: bus -1 (RP10)
>acpiprt11 at acpi0: bus 62 (RP11)
>acpiprt12 at acpi0: bus -1 (RP12)
>acpiprt13 at acpi0: bus -1 (RP13)
>acpiprt14 at acpi0: bus -1 (RP14)
>acpiprt15 at acpi0: bus -1 (RP15)
>acpiprt16 at acpi0: bus -1 (RP16)
>acpiprt17 at acpi0: bus -1 (RP17)
>acpiprt18 at acpi0: bus -1 (RP18)
>acpiprt19 at acpi0: bus -1 (RP19)
>acpiprt20 at acpi0: bus -1 (RP20)
>acpiprt21 at acpi0: bus -1 (RP21)
>acpiprt22 at acpi0: bus -1 (RP22)
>acpiprt23 at acpi0: bus -1 (RP23)
>acpiprt24 at acpi0: bus -1 (RP24)
>acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
>acpithinkpad0 at acpi0: version 2.0
>acpiac0 at acpi0: AC unit online
>acpibat0 at acpi0: BAT0 model "01AV421" serial  3690 type LiP oem "SMP"
>acpibat1 at acpi0: BAT1 model "01AV492" serial  4004 type LION oem "LGC"
>acpicmos0 at acpi0
>acpibtn0 at acpi0: SLPB
>"PNP0C14" at acpi0 not configured
>acpibtn1 at acpi0: LID_
>"PNP0C14" at acpi0 not configured
>"PNP0C14" at acpi0 not configured
>"PNP0C14" at acpi0 not configured
>tpm0 at acpi0 TPM_ addr 0xfed4/0x5000, device 0x104a rev 0x4e
>"USBC000" at acpi0 not configured
>acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
>C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHC_
>acpipwrres1 at acpi0: WRST
>acpipwrres2

Re: Problem configuring multiple wireguard tunnels

2022-02-15 Thread Alexander Hall 



On February 15, 2022 10:26:54 AM GMT+01:00, "Łukasz Moskała" 
 wrote:
>W dniu 15.02.2022 o 10:19, Carlos Lopez pisze:
>> 
>> 
>>> On 15 Feb 2022, at 10:16, Łukasz Moskała  wrote:
>>> 
>>> 
>>> 
>>> Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez  
>>> napisał/a:
>>>> Hi all,
>>>> 
>>>> I am trying to configure multiple Wireguard road-warriors config using 
>>>> this simple config in /etc/hostname.wg0
>>>> 
>>>> wgkey Ls1Os9/oE0kU5jJdFp1dLpzJhtL8WIzzJ/G+7bzSEZk=
>>>> wgport 8443
>>>> wgpeer 2XLLj0O6jdtx+BNCt90m2pEyJS/M2kh6WaskFTz+n1A= vgaip 10.55.55.2/32 
>>>> vgaip 10.55.55.3/32
>>>> inet 10.55.55.1/28
>>>> description "WireGuard Network"
>>>> up
>>>> 
>>>> but "sh /etc/netstart wg0” returns me always the following error:
>>>> 
>>>> ifconfig: vgaip: bad value
>>>> 
>>>> My host is OpenBSD 6.9 fully updated …. On the other side, is it possible 
>>>> to assign different wiper keys to every client?
>>>> 
>>>> Many thanks for your help
>>>> 
>>> 
>>> I think it's wgaip not vgaip
>>> -
>> 
>> Ouch!!! …. You are right Lukasz ….. Sorry for the noise ….
>> 
>> But regarding the question to use different keys for every wg client?
>> 
>
>I don't understand what you mean
>
>You specify wgkey once, there goes "server" private key
>You specify one wgpeer for one "client", each with diffrent public key.

There is also "wgpsk" for a pre-shared key, per client. If you are afraid 
someone will break the public keys.

/Alexander

Re: Is fw_update documentation outdated?

2021-12-31 Thread Alexander 
Hi Ingo,

On 2021/12/26 23:26, Ingo Schwarze wrote:
> Hi Alexander,
> 
> Alexander wrote on Sun, Dec 26, 2021 at 08:11:51PM +:
> > On 2021/12/25 18:02, Ingo Schwarze wrote:
> 
> >> The new fw_update shell script is not in CVS yet.
> >> 
> >> This command provides a clue that could lead you to suspect the above:
> >> 
> >>$ grep -m 1 OpenBSD $(which fw_update) 
> >>   #$OpenBSD$
> >> 
> >> That's a CVS tag which has not been processed by CVS yet.
> 
> > Just to keep the noise on the mailing list down in case I run into
> > something like this again at some point:
> > Is that tag the usual indicator of such uncommitted code
> 
> No, it is not usual.  In most cases of uncommitted patches that
> are being tested in snapshots, the patches change *.c files before
> compiling.  Compiled files in OpenBSD usually do not contain the CVS
> IDs of the source files used.  Some historical operating systems
> (and maybe even a few current systems, i'm not sure about that)
> did include SCCS or CVS tags into compiled files, and that's what
> the what(1) utility was designed for in the remote past:
> 
>$ what /usr/src/bin/cat/*.c
>   /usr/src/bin/cat/cat.c:
>   $OpenBSD: cat.c,v 1.32 2021/10/24 21:24:21 deraadt Exp $
>$ what /bin/cat
>   /bin/cat:
>$ 
> 
> On some other or older systems, "what /bin/cat" might also return the
> CVS ID(s).  But even that wouldn't really help for your purpose.
> In most cases, it would only be the ID of the latest commited
> revision; the patch being tested would typically change some lines
> of code, but it would usually not change the ID.
> 
> You only saw the unexpanded $OpenBSD$ ID in this case because it
> was a completely new uncommitted file intended for later commit,
> and because it was not a compiled file but a script where the
> source code gets installed directly.
> 
> In the rare cases where you do find such an unexpanded CVS ID, it's a
> medium strength indicator pointing to a possible uncommitted patch,
> but even then it's not 100% certain - there could be other, even more
> unusual reasons for seeing such a thing.
> 
> > or are there other things I should look for before asking here again?
> 
> In general, it can be quite hard to identify uncommitted changes,
> even for developers.  A generally working way to identify them 
> basically does not exist.  (And maintaining an official list would
> be a horrendous make-work project.)
> 
> Sometimes, compiling the tool that behaves strangely yourself
> from CVS -current sources and comparing behaviour to the same
> tool in the snapshot may help - if behaviour differs, that's
> a medium strength indicator of a possible uncommitted patch.
> Or, of course, you might have miscompiled it...
> Your specific example demonstrates that this suggestion does
> not always help: nothing to compile there, and you (rightly)
> failed to even find any sources...
> 
> For users, i think best practice is as follows:  if something does not
> work as you think it should, and if reviewing the manual pages, the
> FAQ, and searching through recent postings on tech@, bugs@, and misc@
> still leaves you wondering, then ask, providing as much much detail
> as you can: which exact OS version or snapshot, what exactly you did,
> what you expected, and what happened instead.  If the tool misbehaves
> in the snapshot but works when you compile it yourself from -current,
> say so.  In other words, your report was of very reasonable quality.
> Nobody will expect that you make a definitive statement like "this is a
> regression caused by an uncommitted patch in snapshots" in your report.

Thanks a lot. That's a very helpful explanation and I will keep that in
mind.
> 
> If it appears to misbehave, it's worth a report.  And if there
> is an uncommitted patch in snapshot, than hopefully at least one
> developer is watching closely.  After all, asking Theo to put a
> patch into snapshots for testing but then *not* watch the bugs@
> mailing list for reports that might be related would make very
> little sense!
> 
> Yours,
>   Ingo
> 
> P.S.
> Currently, it looks relatively unlikely that the new fw_update(8)
> is really going to loose the -n option; or else it might regrow
> it shortly after the initial commit.  No guarantee though.
> Best advice for users is to wait for the dust in this area to settle.

I will do that ;) Thank you for making an os that is actually so
reliable and well-designed that I'm not worried at all right now.

Best regards,
Alexander

Re: Is fw_update documentation outdated?

2021-12-26 Thread Alexander 
Thank you everyone for the helpful and detailed explanations!

On 2021/12/25 18:02, Ingo Schwarze wrote:
> The new fw_update shell script is not in CVS yet.
> 
> This command provides a clue that could lead you to suspect the above:
> 
>$ grep -m 1 OpenBSD $(which fw_update) 
>   #   $OpenBSD$
> 
> That's a CVS tag which has not been processed by CVS yet.
> 
Just to keep the noise on the mailing list down in case I run into
something like this again at some point:
Is that tag the usual indicator of such uncommitted code or are there
other things I should look for before asking here again?

Thanks again.

Best regards,
Alexander

Is fw_update documentation outdated?

2021-12-25 Thread Alexander 
Hi all,

I just wanted to check for new firmware versions:

$ fw_update -n
fw_update: unknown option -- -n
usage:  fw_update [-d | -D] [-av] [-p path] [driver | file ...]

This used to work and is still documented like this in

$ man 8 fw_update
[...]
 -n  Dry run.  Do not actually install or update any firmware
 and whether it appears to be required by a driver.
[...]
(also https://man.openbsd.org/fw_update)

But /usr/sbin/fw_update does not contain this option anymore and
consequently produces the error above.
This mismatch puzzles me a bit and I'm even more confused when looking
at https://cvsweb.openbsd.org/src/usr.sbin/fw_update/ which has been in
the attic for the last 6 years.

I'm guessing I'm just uninformed and don't understand CVSweb but I'd
like to learn, so:
Is the documentation for fw_update outdated?
Where do I actually find the version history of the fw_update that is
installed on my system in CVSweb?

My system:
$ head -1 /etc/motd
OpenBSD 7.0-current (GENERIC.MP) #200: Fri Dec 24 22:15:01 MST 2021

Thanks in advance.

Best regards,
Alexander

Re: libdmx removal incomplete?

2021-11-30 Thread Alexander 
On 2021/11/30  8:14, Stuart Henderson wrote:
> On 2021-11-29, Amit Kulkarni  wrote:
> > On Sun, Nov 28, 2021 at 5:17 PM Alexander  wrote:
> >> Just to gauge what to expect from this and whether I did this wrong:
> >> After configuring /etc/sysclean.ignore I get 3382 files of which 3274
> >> are in /usr/X11R6/lib/X11/fonts/. Are numbers this large to be expected?
> >
> > 3382 files is too large.
> 
> That seems about right for the removed font variants to me. You can't
> judge by the number of files, only the filenames.
> 
> *If* you don't compile your own software from outside ports/packages, the
> files under /usr listed in sysclean's default output (no -a flag) is good.
> I do review manually before rm'ing but I have *never* had it suggesT
> removing something under /usr that is required. Files outside /usr
> need more care.
> 
This is probably a stupid question but how do you review them manually?
I have a couple files that are manpages, that's easy. signify-keys, too.
There is some sgi stuff, also easy, retirement is known.
Same goes for switchd-related things.
But what about the rest? Assuming you don't just know everything about
those files already, do you find(1)/grep(1) through the source tree and
commit messages or is there a different way?

Best regards,
Alexander

Re: libdmx removal incomplete?

2021-11-30 Thread Alexander 
> Date: Mon, 29 Nov 2021 08:31:15 -0500
> From: Nick Holland 
> 
> On 11/28/21 6:17 PM, Alexander wrote:
> ...
> > Lastly: From your emails it seems to me that the use of sysclean after
> > upgrading is very much encouraged if not necessary. Then why is it not
> > included in base (especially when it's developed by OpenBSD developers)?
> > Or am I misunderstanding the requirements for inclusion of packages in
> > base?
> 
> VERY WRONG (as others have said).
> 
> I've been using OpenBSD since v2.4, I have never run a "clean up" tool of
> any kind.  I reinstall only when replacing hardware, the rest of the time,
> I run upgrades, I run snapshots and update frequently so I get a lot of
> old files piling up at times.  And they just don't matter.
> 
> Occasionally, I have manually deleted old libraries when I have
> run a system too long and an old HD starts getting tight on space
> 
> [...]
> 
> Using an automatic cleanup tool is far more likely to CAUSE problems
> than to fix problems.  I'm not saying they /often/ cause problems,
> but since old files laying around basically never cause problems other
> than a small amount of space, there's some risk and almost no gain.
> 
Thanks Nick. That makes sense to me and is/was already my approach.
I was mainly just curious to double-check with find(1) when I saw that
notice on current.html. I was not actively looking to free up space, as
me previously not even knowing that sysclean even exists might also
suggest ;)
But good to read another account on the OS's stability, thank you.
> 
> --
> 
> Date: Sun, 28 Nov 2021 22:58:38 -0700 (MST)
> From: Theo de Raadt 
> 
> >These files are still part of xshare70 set, and should not be
> >removed. There are part of xorgproto (xenocara/proto/xorgproto).
> >
> >> Lastly: From your emails it seems to me that the use of sysclean after
> >> upgrading is very much encouraged if not necessary. Then why is it not
> >> included in base (especially when it's developed by OpenBSD developers)?
> >> Or am I misunderstanding the requirements for inclusion of packages in
> >> base?
> 
>   ^^^
>   WRONG.  Deleting old files is DISCOURAGED -- because we do
>   not have tooling to discover if a user has built their own
>   private programs which require those files.  I am actually
>   getting a bit tired of (1) people overly worried about old
>   files (2) who don't recognize they can always reinstall and
>   (3) that we (OpenBSD) are not able to determine what to delete
>   any better than you the user.

Thanks for making this very clear, makes sense that you can't deal with
every weird non-standard installation. I hadn't thought of that before.
But again not worried here, I was just a bit surprised when I stumbled
over those original *dmx* files.
As for reinstalling: Sure, I'm not really worried about my system, my
(tested) backup scheme is working beautifully and reinstalling takes
about as long as brewing a cup of coffee. But I would always like to
avoid it when possible, especially when I can learn something about my
system and how it works/is designed in the process.

Best regards,
Alexander

Re: libdmx removal incomplete?

2021-11-30 Thread Alexander 
On 2021/11/29  6:45, Sebastien Marie wrote:
> On Sun, Nov 28, 2021 at 11:17:01PM +0000, Alexander wrote:
> > 
> > Just to gauge what to expect from this and whether I did this wrong:
> > After configuring /etc/sysclean.ignore I get 3382 files of which 3274
> > are in /usr/X11R6/lib/X11/fonts/. Are numbers this large to be expected?
> 
> There are a bunch of files from /usr/X11R6/lib/X11/fonts/ which were
> removed. On Sept 3, 3274 files were removed.
> 
> https://github.com/openbsd/xenocara/commit/65ebc3c6dcf6461818fcc3917f443b4ab5b1ce1c
> 
> So it is expected if your install was done before Sept 3, and your
> current version is after Sept 3.

That is the case, the install was a 6.9 continuing in -current.
The diff you pointed to actually turns out to account for the majority
of the files listed. So that cuts down the output significantly already.
> 
> > Also: The above mentioned dmx files are not listed. Does that mean my
> > assumption that they are related to the removed libdmx is false or did I
> > screw something else up?
> 
> $ pkg_locate dmx | grep X11R6
> xshare70:/usr/X11R6/include/X11/extensions/dmx.h
> xshare70:/usr/X11R6/include/X11/extensions/dmxproto.h
> xshare70:/usr/X11R6/lib/pkgconfig/dmxproto.pc
> 
> These files are still part of xshare70 set, and should not be
> removed. There are part of xorgproto (xenocara/proto/xorgproto).

Thanks a lot, this really confused me.
> 
> > Lastly: From your emails it seems to me that the use of sysclean after
> > upgrading is very much encouraged if not necessary. Then why is it not
> > included in base (especially when it's developed by OpenBSD developers)?
> > Or am I misunderstanding the requirements for inclusion of packages in
> > base?
> 
> If removal of files is required, it is explicitly mentioned in
> upgradeXX.html or current.html. Very few files will broke your system
> if present.
> 
> In the other side, removing files that are used will broke your system
> (for example, if you compile a program yourself, it will use system
> libraries like libc, libm...).
> 
Thanks for the explanation, that makes sense.

Best regards,
Alexander

Re: libdmx removal incomplete?

2021-11-28 Thread Alexander 
Hi,
thanks to both of you.

On 2021/11/26  6:51, Sebastien Marie wrote:
> On Thu, Nov 25, 2021 at 06:16:11PM -0600, Amit Kulkarni wrote:
> > > I'm aware that I'm pretty late with this, still I'd like to ask in case
> > > this is not completely irrelevant.
> > >
> > > The last entry on https://www.openbsd.org/faq/current.html before
> > > 'Roll current' was the libdmx removal:
> > > https://cvsweb.openbsd.org/www/faq/current.html?rev=1.1077
> > >
> > > After the suggested 'rm -f' commands there are still some files around
> > > on my system that to me seem to be related:
> > >
> > > $ find /usr/X11R6/ -iname *dmx*
> > > /usr/X11R6/lib/pkgconfig/dmxproto.pc
> > > /usr/X11R6/include/X11/extensions/dmx.h
> > > /usr/X11R6/include/X11/extensions/dmxproto.h
> > >
> > > dmx.h and dmxproto.h for example reference the deleted dmxext.h
> > > Does that mean this libdmx removal is incomplete or am I just
> > > misunderstanding something?
> > > Thanks in advance.
> > 
> > 
> > try to install sysclean, configure /etc/sysclean.ignore
> > 
> > and do a 'doas sysclean -a', all these files will be gone then.
> > 
> 
> removing files based on `sysclean -a` output might be dangerous. it
> will list all files, even the one still used by packages. it could
> result in not working packages.
> 
> `sysclean` (without option) is safer.
> 
> please note that the stage 'configure /etc/sysclean.ignore' is
> important to exclude from the output configuration files (in /etc) you
> manually created.

Just to gauge what to expect from this and whether I did this wrong:
After configuring /etc/sysclean.ignore I get 3382 files of which 3274
are in /usr/X11R6/lib/X11/fonts/. Are numbers this large to be expected?

Also: The above mentioned dmx files are not listed. Does that mean my
assumption that they are related to the removed libdmx is false or did I
screw something else up?

Lastly: From your emails it seems to me that the use of sysclean after
upgrading is very much encouraged if not necessary. Then why is it not
included in base (especially when it's developed by OpenBSD developers)?
Or am I misunderstanding the requirements for inclusion of packages in
base?

Best regards,
Alexander

libdmx removal incomplete?

2021-11-25 Thread Alexander 

Hi,

I'm aware that I'm pretty late with this, still I'd like to ask in case
this is not completely irrelevant.

The last entry on https://www.openbsd.org/faq/current.html before
'Roll current' was the libdmx removal:
https://cvsweb.openbsd.org/www/faq/current.html?rev=1.1077

After the suggested 'rm -f' commands there are still some files around
on my system that to me seem to be related:

$ find /usr/X11R6/ -iname *dmx*
/usr/X11R6/lib/pkgconfig/dmxproto.pc
/usr/X11R6/include/X11/extensions/dmx.h
/usr/X11R6/include/X11/extensions/dmxproto.h

dmx.h and dmxproto.h for example reference the deleted dmxext.h
Does that mean this libdmx removal is incomplete or am I just
misunderstanding something?
Thanks in advance.

Best regards,
Alexander

softraid crypto header backup

2021-11-25 Thread Alexander 
Hi,

I did an encrypted install as per
https://www.openbsd.org/faq/faq14.html#softraidFDE

>From previously using linux with FDE I remember the recommendation to
afterwards run something along the lines of

cryptsetup luksHeaderBackup /dev/nvme0n1p3 --header-backup-file 

to recover in case the header gets corrupted somehow.
Neither the manpages softraid(4), bioctl(8) nor a google search mention
anything like that. Is there a reason why this wouldn't be necessary on
OpenBSD or did I just not read the documentation thoroughly enough?
Thanks in advance.

Best regards,
Alexander

Re: Why is tmpfs not working on OpenBSD?

2021-09-07 Thread Alexander Hall 
Unless you explicitly want tmpfs, there's "mfs" for ram based temporary 
filesystems.

/Alexander

On September 5, 2021 9:59:26 AM GMT+02:00, iio7  wrote:
># mount -t tmpfs tmpfs /home/foo/tmp/
>mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported
>
>Sent with [ProtonMail](https://protonmail.com/) Secure Email.

Re: Accessing LAN behind gateway from Road Warrior on wg(4) based tunnel

2021-09-01 Thread Alexander Hall 
On Fri, Aug 27, 2021 at 03:03:36PM +0200, Erling Westenvik wrote:
> Hello all,
> I have successfully set up a wg(4) based VPN tunnel from my laptop
> (current) to my home/office gateway (6.9) but have problems
> understanding how to access the LAN behind the gateway.
> 
> [Laptop]
> - wg0 (10.0.0.42)
> - egress (trunk0 {em0 iwn0} dhcp)
> [Internet]
> [Gateway]
> - egress (em0 dhcp)
> - wg0 (10.0.0.1)
> - bridge0 {em1, (vether0 192.168.3.1 dhcpd)}
> [LAN]
> - various 192.168.3.0/24
> 
> I can ping/ssh between wg(4) endpoints (10.0.0.1 to 10.0.0.42 and vica
> versa) and also from LAN clients (192.168.3.0/24) to gateway wg(4)
> endpoint (10.0.0.1), but the laptop (10.0.0.42) can only reach the
> gateway (10.0.0.1).
> 
> Is it as easy as defining some routes? If so, where? There's a ton of
> more or less relevant and/or updated howto's out there but I have not
> found anyone dealing with a similar scenario. Any hints are appreciated.

Routes:

laptop: route add 192.168.3/24 10.0.0.1
"various 192.168.3.0/24": route add 10.0.0.42 192.168.3.1

(The latter is probably already the case if 192.168.3.1 is the default gw)

Alternatively, NAT the traffic from 10.0.0.42 onto the 192.168.3/24 network
Something like this late in the pf rules on Gateway:
match out on em1 from any received-on wg0 nat-to (em1)

/Alexander

> 
> (My wg(4) setup is based on:
> https://www.tumfatig.net/20201202/a-mesh-vpn-using-openbsd-and-wireguard/)
> 
> Best regards,
> 
> Erling
>

Re: lighttpd vs. libressl on 6.9?

2021-08-27 Thread Alexander Bochmann 
Hi Ben -

thanks for replying :)

...on Mon, Aug 23, 2021 at 09:48:16AM -0400, b...@0x1bi.net wrote:

 > Try compiling lighthttpd by hand from the ports tree with
 > debug flags and run it with ktrace to see what's happening.

I fear that might be more effort than I'm able to invest right now, 
given that the problem occurs rather rarely (about once a month 
maybe), and I don't currently have a way to reproduce it other than 
by waiting for some random client that triggers the error.

I have changed my historic (*cough*) lighttpd TLS configuration 
to support only "modern" encryption, which might have the side effect 
of just not permitting any problematic combinations. I'll just wait 
if it happens again now before I take any other action.

 > I'd recommend switching to the builtin httpd if the problem
 > persists.

Yeah, unfortunately my configuration has a ton of rules, and 
I'm not too keen on rewriting all that. 

(I had one reply on the Fediverse from someone who had seen the 
same effect, just much more often, but they switched to a different 
web server and didn't look for a root cause either.)

Alex.

lighttpd vs. libressl on 6.9?

2021-08-22 Thread Alexander Bochmann 
Hi -

I've been running lighttpd from ports as web server on one of my 
OpenBSD systems for years, with no problems. Ever since upgrading to 
6.9, it's been crashing every few weeks, and the last lines in the 
lighttpd error log are something like this each time:

 > mod_openssl.c.3095) SSL: 1 error:06FFF064:digital envelope 
 > routines:CRYPTO_internal:bad decrypt
 > mod_openssl.c.3095) SSL: 1 error:1404C119:SSL routines:ST_OK:decryption 
 > failed or bad record mac

Is there any known incompatibility between lighttpd-1.4.59 and the version 
of LibreSSL in OpenBSD 6.9? 

Alex.

Re: sed(1) and line number 0

2021-08-14 Thread Alexander Hall 
One ugly take on these cases is adding an extra line at the beginning of the 
input.

| sed 1p |

And then change that 0 to 1.

Not pretty but does the job.

/Alexander

On August 14, 2021 10:46:53 AM GMT+02:00, Philippe Meunier 
 wrote:
>Michael Hekeler wrote:
>>Your first address is 0?
>>What do you expect from a line number 0?
>
>On OpenBSD I would have expected an error.
>
>>You can do:
>>sed '/^test$/d' OR
>
>That deletes all the '^test$' lines regardless of where they are in the input.
>
>>sed 1d OR
>
>That deletes the first line of input.
>
>The nice thing about GNU's '0,/^test$/d' is that it deletes all the lines
>from the beginning of the input up to and including the first '^test$',
>whether that first ^test$' is the first line of the input or not.
>
>I guess the way to do something like this on OpenBSD would be to switch
>from sed to awk.  Anyway...
>
>Best,
>
>Philippe
>
>

Re: WireGuard, keepalive time doubled?

2021-04-15 Thread Alexander Hall 
On Wed, Apr 14, 2021 at 01:14:47PM +0200, Jan Johansson wrote:
> Hello!
> 
> I was experimenting with wireguard keepalive and noticed that
> keepalive packets seems to be sent on double the time that I have
> set which I find a bit unintuitive.
> 

...

> 
> Is this to be expected or am I missing something?
> 
> Both sides run OpenBSD 6.8 amd64 if that affects anything.

Just a random thought; are you running on actual hardware or testing
with some sort of virtualization involved? VMM and friends are known
to sometimes double delays...

/Alexander

Re: Git Daemon rc Script Not Stopping

2021-01-06 Thread Alexander Hall 
It was merely a hunch. Thinking of it, I believe there is some magic to cope 
with that.

Never mind my likely red herring.

/Alexander

On January 6, 2021 3:49:46 PM GMT+01:00, ben  wrote:
>>Without looking too far, check what pgrep gives.  My first suspicion is
>>the initial space in your 'daemon_flags'.
>
>Why does daemon_flags not permit spaces? rc.subr(8) has no information on
>including or lack of whitespace in daemon_flags.

Re: Git Daemon rc Script Not Stopping

2021-01-05 Thread Alexander Hall 
On Tue, Jan 05, 2021 at 03:19:29PM -0500, ben wrote:
> >The original version of this script installed by the port contains
> >rc_reload=NO and also uses a very different pexp.
> 
> I checked out the original rc script, and it works. Why didn't my pexp var 
> work
> for the script? The term should match the process, and yet the daemon was 
> still
> running?

Without looking too far, check what pgrep gives.  My first suspicion is
the initial space in your 'daemon_flags'.

Also, what Stefan said.

/Alexander

Re: Reinstall to upgrade

2020-11-26 Thread Alexander Hall 



On November 26, 2020 10:23:33 AM GMT+01:00, Stuart Henderson 
 wrote:
>On 2020/11/25 23:56, Alexander Hall wrote:
>> 
>> 
>> On November 25, 2020 11:09:02 PM GMT+01:00, Stuart Henderson
> wrote:
>> >On 2020-11-25, Manuel Giraud  wrote:
>> >> I have one (somewhat) related question left: is possible to
>capture
>> >the
>> >> output of pkg_delete -an in a file? I tried the following (without
>> >> luck):
>> >>$ pkg_delete -an > /tmp/foo
>> >
>> >Here you redirect stdout from the process to /tmp/foo
>> >
>> >>$ pkg_delete -an > /tmp/foo 2>&1
>> >
>> >And here you redirect stdout from the process to /tmp/foo, and then
>> >stderr to stdout.
>> >
>> >What you need is:
>> >
>> > $ pkg_delete -an 2>&1 > /tmp/foo
>> >
>> >- redirect stderr to stdout, then redirect stdout (which now
>includes
>> >stderr) to /tmp/foo.
>> 
>> I think you're wrong. I hope I'm not.
>
>Ah yes, you are right, I had it exactly the wrong way round.

There's no doubt in my mind you do know these things. :-)

What you described would apply if there was a pipe in between though, so that 
could be how you fooled yourself;

$ pkg_delete -an 2>&1 | cat > /tmp/foo

/Alexander

Re: Reinstall to upgrade

2020-11-25 Thread Alexander Hall 



On November 25, 2020 11:09:02 PM GMT+01:00, Stuart Henderson 
 wrote:
>On 2020-11-25, Manuel Giraud  wrote:
>> I have one (somewhat) related question left: is possible to capture
>the
>> output of pkg_delete -an in a file? I tried the following (without
>> luck):
>>$ pkg_delete -an > /tmp/foo
>
>Here you redirect stdout from the process to /tmp/foo
>
>>$ pkg_delete -an > /tmp/foo 2>&1
>
>And here you redirect stdout from the process to /tmp/foo, and then
>stderr to stdout.
>
>What you need is:
>
> $ pkg_delete -an 2>&1 > /tmp/foo
>
>- redirect stderr to stdout, then redirect stdout (which now includes
>stderr) to /tmp/foo.

I think you're wrong. I hope I'm not.

Is it rather possibly so that pkg_delete handles output to a TTY different than 
to a non-TTY?

/Alexander

Re: Potential ksh bug?

2020-11-17 Thread Alexander Hall 



On November 17, 2020 5:04:19 AM GMT+01:00, Jordan Geoghegan 
 wrote:
>Hello,
>
>I'm not sure if this is a bug, or if it's just a pdksh thing, but I 
>stumbled upon some interesting behaviour when I was tinkering around 
>with quoting and using a poor mans array:
>
>test=$(cat <<'__EOT'
># I'll choose not to close this quote
>other_stuff
>__EOT
>)
>
>echo "$test"
>
>
>When I run this command on ash, dash, yash, bash, zsh or ksh93 I get
>the 
>following output:
>
># I'll choose not to close this quote
>other_stuff
>
>But when I run it on ksh from base or any pdksh derivative it throws an
>
>error about an unclosed quote:
>
>test.sh[8]: no closing quote

I believe this is a known shortcoming of how ksh determines the scope of the 
$(...).

/Alexander

>
>This snippet works on every POSIX-y shell in the ports tree, and fails 
>on every pdksh variant I tried, including on NetBSD and DragonflyBSD as
>
>well.  I don't have the requisite esoteric knowledge regarding pdksh's 
>internal quoting logic, so I'm hoping one of the gurus here can 
>determine whether this is a bug or if I'm just doing something
>annoying.
>
>Any insight that can be provided would be much appreciated.
>
>Regards,
>
>Jordan

Re: ssh X forwarding and google-chrome

2020-07-02 Thread Alexander Bochmann 
...on Thu, Jul 02, 2020 at 05:33:20PM +0300, Gregory Edigarov wrote:

 > "ssh -Y  google-chrome" just shows an empty and blank window, no
 > menu, no address bar.
 > May be there is some command line flags I am not aware of?

You could try google-chome --disable-gpu, though I don't know if that 
still works.

Alex.

Re: IPv6 Neighbor Discovery Issue

2020-03-30 Thread Alexander Mischke 
Dear Fernando,


I tried it the way you recommended, but it still doesn't work.
I have created a network diagram and the ouzput of "route -n show -inet6"

(Two separate files).

They can be found here (my private Nextcloud):



https://cloud.mischke.it/nextcloud/index.php/s/ZnHrHMMgrofZdiF

Best regards,

Alex

IPv6 Neighbor Discovery Issue

2020-03-26 Thread Alexander Mischke 
Hello,


I am currently facing the following problem:

I have a server with two interfaces:

- em1 (Outbound / facing the Internet)
- em0 (Internal use / LAN)
  (additionally: vlan1000 - parentdev is em0)

The server runs OpenBSD 6.6-stable with the latest
syspatches installed and rebooted to the patched kernel.


I assigned one address of the /56 my provider gave me
to em1. Let's say it looks like this (obfuscated):


Prefix = 2a02:::cc00::/56
Gateway (provider) = 2a02:::cc00::1


I assigned to em1:

2a02:::cc00::2/56


### /etc/hostname.em1 ###

inet6 2a02:::cc00::2 56
!route add -inet6 default 2a02:::cc00::1
-soii

---


This far, everything works (inbound and outbound IPv6 connectivity).



In the next step I took a /64 from that range and assigned an address to
the vlan1000 interface:


2a02:::ccff:dead::1


### /etc/hostname.em0 ###

up

---

### /etc/hostname.vlan1000 ###

inet 10.20.30.40 255.255.255.0 vnetid 1000 parent em0
inet6 2a02:::ccff:dead::1 64

---


This worked "somehow" (e.g. for a short period of time)
"Worked" means: This address was reachable from the outside world
and vice versa.

After it stopped working I did a reboot and then it worked again
(for a limited amount of time)


All i can see (from tcpdump) is that the provider gateway sends NDP
solicitations, asking for 2a02:::ccff:dead::1
But no replies are appearing.

The same behaviour occurs independently from either

- pf disabled
or
- allowing anything IPv6 related (icmp-v6 etc.)


I already enabled net.inet6.icmp6.nd6_debug but nothing shows up in
dmesg.



Has anyone encountered this as well and/or has hints on
how to solve this?


Thank you very much for your time.


Best regards,

Alex

Support for ath10k QCA988x devices

2020-01-28 Thread Alexander Merritt 
Hello,

I am curious if there is any info on support for the wireless chipset Qualcomm 
Atheros QCA988x in the ath10k drivers. These devices are sold by PCEngines. 
Prior discussions I found on this list:

On 2014-04-17 Thom Lauret wrote
> 802.11n is not yet supported in OpenBSD.

On 2015-09-23 Stuart Henderson wrote
> > http://www.pcengines.ch/wle600vx.htm
> 
> This is a QCA9882 from the 802.11ac range, on Linux this uses the
> Ath10k driver. Not yet supported on OpenBSD.

On 2017-04-12 Stefan Sperling wrote
> ath10k devices are not supported. They need a new driver because Atheros
> has changed the driver<->hardware interface with this generation of devices.

Is there any update? A brief look in the source code and manual did not show 
anything.

What effort is required to implement a new driver, as Stefan mentions? Port 
something from another BSD? From Linux? Start from scratch?

My motivation is to build a wireless router supporting 802.11ac (with OpenBSD 
if possible). Compex WLE600VX and WLE900VX support 867Mbps and 1300Mbps, 
respectively, according to their data sheets.

I am not bound to this chipset, if there are alternatives which do work.

-Alex

Re: APU2 fails to boot on OpenBSD 6.6-current #521

2019-12-13 Thread Alexander Pluhar 

> Just upgraded my APU2 to the latest -current and it seems to hang on the disk.
> It was fine running on -current #512.

I encountered this problem on 6.6 stable with the latest syspatches installed 
after
updating the APU firmware[1] to 4.11.0.1.

It worked again after downgrading to 4.10.0.3.

[1] https://pcengines.github.io


smime.p7s
Description: S/MIME cryptographic signature

Re: [iked] differentiating policies by dstid

2019-07-23 Thread Alexander Mischke 
Hello Tobias,
thanks a lot, that solved the question for me (at least on the server :) ).

Using ASN1 ids iked detects the matching policy. However, it then uses RFC7427 
for auth (SIG), but the Windows 10 clients use RSA_SIG. This causes a mismatch 
and the connection can't be established. (Yet, Windows 10 is lacking support 
for aforementioned RFC).

So, I have to find another way, but thank you very much.

Best regards,

Alex

Re: [iked] differentiating policies by dstid

2019-07-15 Thread Alexander Mischke 
Hello Tobias,
thank you very much for your reply.
Below is the output of ipsecctl -s all
and the verbose output of iked
#
When the first client connects:
(1.2.3.4 is the servers public IP, 5.6.7.8 is the public IP of the DSL modem)
FLOWS:
flow esp in from 10.75.0.0/16 to 10.21.0.0/16 peer 5.6.7.8 type use
flow esp in from 10.75.0.0/16 to 172.22.1.0/24 peer 5.6.7.8 type use
flow esp in from 10.75.0.0/16 to 192.168.0.0/16 peer 5.6.7.8 type use
flow esp out from 10.21.0.0/16 to 10.75.0.0/16 peer 5.6.7.8 type require
flow esp out from 172.22.1.0/24 to 10.75.0.0/16 peer 5.6.7.8 type require
flow esp out from 192.168.0.0/16 to 10.75.0.0/16 peer 5.6.7.8 type require
flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x5c684cc6 enc aes-256-gcm
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x6e88e50f enc aes-256-gcm
Now, when the second client connects:
FLOWS:
flow esp in from 10.75.0.0/16 to 10.21.0.0/16 peer 5.6.7.8 type use
flow esp in from 10.75.0.0/16 to 172.22.1.0/24 peer 5.6.7.8 type use
flow esp in from 10.75.0.0/16 to 192.168.0.0/16 peer 5.6.7.8 type use
flow esp out from 10.21.0.0/16 to 10.75.0.0/16 peer 5.6.7.8 type require
flow esp out from 172.22.1.0/24 to 10.75.0.0/16 peer 5.6.7.8 type require
flow esp out from 192.168.0.0/16 to 10.75.0.0/16 peer 5.6.7.8 type require
flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x7e6472b8 enc aes-256-gcm
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x8dd119e5 enc aes-256-gcm
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0xb4a852b3 enc aes-256-gcm
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0xb558afcc enc aes-256-gcm
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0xc6147a48 enc aes-256-gcm
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0xefc8b43d enc aes-256-gcm
Additionally I found out that the connection only works
when the public key of the client certificates lies under
/etc/iked/pubkeys/fqdn/

(Where  is the common name in the client certificate)
#

The complete log (iked -dvv) of both events

#
Jul 15 11:06:43 server iked[77044]: set_policy_auth_method: using rsa for peer 
/etc/iked/pubkeys/fqdn/client1.example.com
Jul 15 11:06:43 server iked[77044]: set_policy: found pubkey for 
/etc/iked/pubkeys/fqdn/client1.example.com
Jul 15 11:06:43 server iked[77044]: set_policy: could not find pubkey for 
/etc/iked/pubkeys/fqdn/client2.example.com 
Jul 15 11:06:43 server iked[77044]: set_policy_auth_method: using rfc7427 for 
peer /etc/iked/pubkeys/fqdn/client2.example.com 
Jul 15 11:06:43 server iked[77044]: /etc/iked.conf: loaded 2 configuration rules
Jul 15 11:06:43 server iked[77044]: ca_privkey_serialize: type RSA_KEY length 
1192
Jul 15 11:06:43 server iked[77044]: ca_pubkey_serialize: type RSA_KEY length 270
Jul 15 11:06:43 server iked[36135]: ca_privkey_to_method: type RSA_KEY method 
RSA_SIG
Jul 15 11:06:43 server iked[12701]: config_getpolicy: received policy
Jul 15 11:06:43 server iked[36135]: ca_getkey: received private key type 
RSA_KEY length 1192
Jul 15 11:06:43 server iked[36135]: ca_getkey: received public key type RSA_KEY 
length 270
Jul 15 11:06:43 server iked[36135]: ca_dispatch_parent: config reset
Jul 15 11:06:43 server iked[12701]: config_getpolicy: received policy
Jul 15 11:06:43 server iked[12701]: config_getpfkey: received pfkey fd 3
Jul 15 11:06:43 server iked[12701]: config_getcompile: compilation done
Jul 15 11:06:43 server iked[12701]: config_getsocket: received socket fd 4
Jul 15 11:06:43 server iked[12701]: config_getsocket: received socket fd 5
Jul 15 11:06:43 server iked[12701]: config_getsocket: received socket fd 6
Jul 15 11:06:43 server iked[12701]: config_getsocket: received socket fd 7
Jul 15 11:06:43 server iked[12701]: config_getmobike: mobike
Jul 15 11:06:43 server iked[36135]: ca_reload: loaded ca file ca.crt
Jul 15 11:06:43 server iked[36135]: ca_reload: loaded crl file ca.crl
Jul 15 11:06:43 server iked[36135]: ca_reload: /C=DE/ST=Lower 
Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=VPN CA 2019/emailAddress=r...@openbsd.org
Jul 15 11:06:43 server iked[36135]: ca_reload: loaded 1 ca certificate
Jul 15 11:06:43 server iked[36135]: ca_reload: loaded cert file 1.2.3.4.crt
Jul 15 11:06:43 server iked[36135]: ca_validate_cert: /C=DE/ST=Lower 
Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=1.2.3.4/emailAddress=r...@openbsd.org ok
Jul 15 11:06:43 server iked[36135]: ca_reload: local cert type X509_CERT
Jul 15 11:06:43 server iked[36135]: config_getocsp: ocsp_url none
Jul 15 11:06:43 server iked[12701]: ikev2_dispatch_cert: updated local CERTREQ 
type X509_CERT length 20
Jul 15 11:06:43 server iked[12701]: ikev2_dispatch_cert: updated local CERTREQ 
type X509_CERT length 20
Jul 15 11:06:45 server iked[12701]: ikev2_recv: IKE_SA_INIT request from 
initiator 5.6.7.8:500 to 1.2.3.4:500 policy 'clientA' id 0, 544 bytes
Jul 15 11:06:45 server iked[12701]: ikev2_recv: ispi 0x34e559c5289dff7c rspi 
0x
Jul 15

[iked] differentiating policies by dstid

2019-07-12 Thread Alexander Mischke 
Hello,
I am currently setting up an Internet facing OpenBSD IPsec (IKEv2) gateway 
(with a public IP - no NAT).
The box is running OpenBSD 6.4.

This is supposed to be a roadwarrior setup with multiple Windows 10 Clients. 
Authentication is done via client certificates (= Machine Certificates issued 
by my CA - used ikectl for this).

I can connect fine using a single client, however using more than one client 
breaks the connection for clientA while clientB is able to connect. I've been 
testing this with two clients behind the SAME DSL modem, so to the server they 
both appear to be comeing from the same IP.

(SInce i am using NAT-T the server sees different ports on the remote side and 
thus correctly installs the flows with different SPIs)

==> I also used the registry setting to force usage of NAT-T since this seems 
to be a common bummer
(see 
https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows)
The virtual address range used by the clients is 10.75.0.0/16
I try to hand out static virtual IPs to the clients:

clientA = 10.75.2.25
clientB = 10.75.2.26

In my understanding "dstid" should help me selecting the right policy, but iked 
always uses the first policy, although the CN of the presented client 
certificate doesn't match.

So to me it _seems_ the policy is selected by the "local" and "remote" peer 
settings and the "dstid" has no part in this?
This is my config (substituted my public IP with "1.2.3.4")

set mobike

ikev2 'clientA' quick passive ipcomp esp 
 from 172.22.1.0/24 to 10.75.0.0/16 
 from 10.21.0.0/16 to 10.75.0.0/16 
 from 192.168.0.0/16 to 10.75.0.0/16 
 peer 0.0.0.0/0 local 1.2.3.4 
 ikesa enc aes-256 group modp2048 
 childsa enc aes-256-gcm group modp2048 
 srcid 1.2.3.4 dstid "client1.example.com" 
 ikelifetime 480m 
 lifetime 60m 
 config address 10.75.2.25 
 config netmask 255.255.255.252 
 config name-server 10.21.0.1 
 config name-server 10.21.0.2 
 config name-server 10.21.0.4 
 config protected-subnet 0.0.0.0/0 
 tag "$name-$id"
ikev2 'clientB' quick passive ipcomp esp 
 from 172.22.1.0/24 to 10.75.0.0/16 
 from 10.21.0.0/16 to 10.75.0.0/16 
 from 192.168.0.0/16 to 10.75.0.0/16 
 peer 0.0.0.0/0 local 1.2.3.4 
 ikesa enc aes-256 group modp2048 
 childsa enc aes-256-gcm group modp2048 
 srcid 1.2.3.4 dstid "client2.example.com" 
 ikelifetime 480m 
 lifetime 60m 
 config address 10.75.2.26 
 config netmask 255.255.255.252 
 config name-server 10.21.0.1 
 config name-server 10.21.0.2 
 config name-server 10.21.0.4 
 config protected-subnet 0.0.0.0/0 
 tag "$name-$id"

Best regards,

Alex

Re: does 'xset(1) dpms 20' activate xidle(1) after 20sec?

2018-11-28 Thread Alexander Hall 
On Wed, Nov 28, 2018 at 10:56:13AM +0100, Marcus MERIGHI wrote:
> j...@openbsd.org (joshua stein), 2018.11.27 (Tue) 18:12 (CET):
> > On Tue, 27 Nov 2018 at 14:32:50 +0100, Marcus Merighi wrote:
> > > does 'xset(1) dpms 20' activate xidle(1) after 20 seconds?
> > > 
> > > How to repeat:
> > > 
> > > $ xset dpms 20
> > > $ xidle -timeout 180 &
> > > 
> > > With this I am locked out after 20 seconds, not 180.
> > 
> > The DPMS event activates the X screensaver which generates an X 
> > event that xidle is listening for.  xidle then runs its specified 
> > program (or defaults to xlock).
> 
> Thanks for confirming and the explanation of the cause!
> 
> I know you are having piles of experience with OpenBSD on all sorts of
> fancy hardware... what do you do for dimming the display and locking?

This is what I use to give myself a three second grace period between the 
screen going blank and the lock kicking in. The scroll lock led was for 
fun and cosmetics.

$ egrep '^xidle|^xlock' .Xresources  
xidle.*.timeout: 300
xidle.*.delay: 9
xlock.*.lockdelay: 3
xlock.*.startCmd: xset dpms 3; sleep 3; xset led named "Scroll Lock"
xlock.*.endCmd: xset -dpms; xset -led named "Scroll Lock"

I start xidle in my ~.xsession

/Alesxander

Re: Clarification about mfs/tmpfs on /tmp

2018-10-09 Thread Alexander Hall 



On October 9, 2018 6:17:05 PM GMT+02:00, r...@tutanota.com wrote:
>I recall having to do this as well (in fact, as mentioned earlier
>in this thread):
>
>> doas chmod 777 /tmp
>
>If I understood Stuart Henderson correctly, then
>
>> This one is easy, simply set the appropriate permissions
>> on the directory where you mount the mfs.
>
>implies that irrespective of what is mounted at /location,
>the permissions are inherited from /location. But in the "mfs
>at /tmp"scenario, this thesis is contradicted, as (e.g.)
>
> /dev/sd0f /tmp ffs rw,nodev,nosuid 1 2
>
>will yield the desired 777 permissions on /tmp, whereas
>
> swap /tmp mfs rw,noexec,nodev,nosuid,-s=512m 0 0
>
>will require manual adjustment via chmod.
>
>So it appears that I have not quite understood this final part.
>Would anyone be kind enough to elaborate on this?
>What is the difference in inheriting permissions when mounting
>an mfs instance vs. (e.g.) an ffs filesystem?

When you create and mount an mfs, its root node will "inherit" (or copy) the 
permissions of the mount point.

When you mount an ffs filesystem, it already has an existing root node from the 
time it was newfs'd, which will not be modified based on the underlying mount 
point.

On a sidenote, 777 is not the proper permissions for /tmp.

/Alexander

Re: Resize keydisk (softraid) partition...

2018-09-07 Thread Alexander Hall 



On September 7, 2018 12:16:03 PM GMT+02:00, "Zbyszek Żółkiewski" 
 wrote:
>Hi,
>
>So i did something stupid: during creation of keydisk
>(https://www.openbsd.org/faq/faq14.html#softraid), i was in hurry and I
>allocated whole 14GB partition a for keydisk…
>Now i would like to shrink it somehow, what’s the best and safest way
>to do it… ?

I'd take a disk with some unpartitioned space, create a small(er) RAID 
partition, and dd as much as possible of the 14GB keydisk into it. Then test if 
the new keydisk works.

/Alexander 

>
>_
>Zbyszek Żółkiewski

Connecting to L2TP over IPsec VPN on OpenBSD 6.1 with Ubuntu 16.04

2018-09-07 Thread Alexander Skwar 
Hello

We use a L2TP over IPsec VPN running on OpenBSD 6.1, which was setup
by prior sysadmins. They are no longer at the company.

Now a user running Ubuntu 16.04 + Gnome tries to connect to the VPN.
The VPN client (on Linux side) was configured with NetworkManager.

The connection fails. In /var/log/daemon log on the openbsd system,
there's then (also on https://pastebin.com/xyS6UMsn):

Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected AES_CBC
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1536, expected MODP_1024
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024
Sep  7 09:46:41 apu isakmpd[69488]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024
Sep  7 09:46:41 apu isakmpd[69488]: message_negotiate_sa: no
compatible proposal found
Sep  7 09:46:41 apu isakmpd[69488]: dropped message from 212.25.17.146
port 57092 due to notification type NO_PROPOSAL_CHOSEN

Connections from Android, iOS and Mac work just fine. That's the
first linux user trying to connect.

The ipsec.conf (https://pastebin.com/3gmQR0iN) is:

vpn_ext="redacted"

ike passive esp transport \
proto udp from { $vpn_ext } to any port 1701 \
main auth "hmac-sha" enc "aes" group modp1024 \
quick auth "hmac-sha" enc "aes" \
psk "redacted"

ike passive esp transport \
proto udp from { $vpn_ext } to any port 1701 \
main auth "hmac-sha" enc "3des" group modp1024 \
quick auth "hmac-sha" enc "3des" \
psk "redacted"

ike passive esp transport \
proto udp from { $vpn_ext } to any port 1701 \
main auth "hmac-sha" enc "3des" group modp1024 \
quick auth "hmac-sha" enc "aes" \
psk "redacted"

(vpn_ext and psk are of course not "redacted" in reality.)

Well, uhm, anyone got an idea about what might be the cause of
this issue?

Thanks a lot,

Alexander

Re: serial for softraid devices

2018-09-04 Thread Alexander Hall 
On Tue, Sep 04, 2018 at 03:04:15PM +, Jiri B. wrote:
> Hi,
> 
> I have couple of softraid devices available in a box and when I do upgrade
> I always have to check and not to make mistake which softraid device
> I want to use as root disk.

FWIW, the upgrade won't proceed until you pick a disk that has something 
like a root file system on it.  There is a fair chance that you can find 
the proper disk by just pressing enter a number of times, unless you 
have multiple root filesystems (as I assume could be the case with 
diskless setups).

See is_rootdisk() in /usr/src/distrib/miniroot/install.sub:

$ sed '/^is_rootdisk/,/^}$/!d' /usr/src/distrib/miniroot/install.sub


is_rootdisk() {
local _d=$1 _rc=1

(
make_dev $_d
if disklabel $_d | grep -q '^  a: .*4\.2BSD ' &&
mount -t ffs -r /dev/${_d}a /mnt; then
ls -d /mnt/{bin,dev,etc,home,mnt,root,sbin,tmp,usr,var}
_rc=$?
umount -f /mnt
fi
rm -f /dev/{r,}$_d?
return $_rc
    ) >/dev/null 2>&1
}

/Alexander

> If OpenBSD would have serial for softraid device I would just need to remember
> the serial for my root disk.
> 
> This is similar output what install.sub's diskinfo() returns in installer:
> 
> # bioctl softraid0 | awk '$NF == "RAID1" { cmd=sprintf("bioctl -q 
> %s",$(NF-1)); system(cmd); }'   
> sd5: , serial (unknown)
> sd6: , serial (unknown)
> sd7: , serial (unknown)
> sd8: , serial (unknown)
> sd9: , serial (unknown)
> 
> Is it because bd_serial is not implemented for softraid devices?
> 
> $ ag bd_serial /usr/src/sys/ 
> /usr/src/sys/dev/ic/ami.c
> 2037:   strlcpy(bd->bd_serial, ser, sizeof(bd->bd_serial));
> 2268:   bzero(>bd_serial, sizeof(bd->bd_serial));
> 2287:   strlcpy(bd->bd_serial, ser,
> 2288:   sizeof(bd->bd_serial));
> 
> /usr/src/sys/dev/ic/ciss.c
> 1068:   bd->bd_serial[0] = '\0';
> 1090:   strlcpy(bd->bd_serial, pdid->serial,
> 1091:   sizeof(bd->bd_serial));
> 
> /usr/src/sys/dev/ic/mpi.c
> 3386:   /* bd_serial[32]; */
> 
> /usr/src/sys/dev/pci/arc.c
> 2256:   strlcpy(bd->bd_serial, serial, sizeof(bd->bd_serial));
> 
> /usr/src/sys/dev/pci/mpii.c
> 3596:   scsi_strvis(bd->bd_serial, ppg->serial, sizeof(ppg->serial));
> 
> /usr/src/sys/dev/biovar.h
> 111:charbd_serial[32];  /* serial number */
> 
> Jiri
>

Re: Add $daemon_nice to rc.subr

2018-09-04 Thread Alexander Hall 
On Tue, Sep 04, 2018 at 10:53:17AM +0200, Thomas de Grivel wrote:
> why ? well all interactive process get a quarter range nice priority
> advance compared to all daemon tasks, at least for a laptop
> environment it really makes sense. sndiod and ntpd are unaffected by
> this change.
> 
> you're right to criticize in that I did not document my code, the
> point of this new variable is that an amendment to daemon priority is
> no more than putting one line in /etc/rc.conf.local eg.
> sshd_nice=1

Yes, it would be simpler. However:

- The functionality already exists, if somewhat more cumbersome
- For the majority of users, it's not needed.
- Antoine wasn't convinced.

That said, if you want your desktop swift, maybe just set priority 10 in 
the overall daemon class itself in login.conf?

(And do you really run that CPU intense daemons on your laptop?)

> 
> or in the rc.d/ file
> daemon_nice=whatever
> 
> why, because it is a whole lot more readable and usable than
> inheriting a whole new login class just to change one parameter, but
> if you don't like it nobody foces you huh ?

Skip the tone.

/Alexander

> 
> Le mar. 4 sept. 2018 à 07:57, Alexandre Ratchov  a écrit :
> >
> > On Tue, Sep 04, 2018 at 04:58:53AM +0200, Thomas de Grivel wrote:
> > >
> > > And I still feel the default nice priority of 10 is rather a good
> > > idea.
> >
> > why?
> 
> 
> 
> -- 
>  Thomas de Grivel
>  http://b.lowh.net/billitch/
>

Re: network connectivity problem (ifconfig, arp, ...)

2018-09-03 Thread Alexander Hall 
On Mon, Sep 03, 2018 at 10:58:49PM +0200, Vincent wrote:
> Hello stefan,
> 
> Hum... it could be similar situations. 
> 
> I've found an article combining the "join" and the trunk: 
> https://dataswamp.org/~solene/2018-08-30-openbsd-trunk.html

For me, it's as simple as this:

==> /etc/hostname.em0 <==
up

==> /etc/hostname.iwn0 <==
join wirelessnet wpakey foo
join anothernet wpakey bar
up

==> /etc/hostname.trunk0 <==
trunkproto failover
trunkport em0
trunkport iwn0
# You could hardcode a mac address here at will
#lladdr aa:bb:cc:dd:ee:ff
dhcp

/Alexander

> 
> I'll do same setup and will see
> 
> Thanks. 
> 
> V.
> 
> 
> 
> 
> 
> 
> 
> On 3 September 2018 20:26:27 CEST, Stefan Sperling  wrote:
> >On Mon, Sep 03, 2018 at 07:46:09PM +0200, vincent delft wrote:
> >> Hello,
> >> 
> >> I'm running -current and enjoy the new "join" feature of hostname.if.
> >> 
> >> Nevertheless, I have sometime issues to have an  internet connection.
> >> 
> >> The context:
> >> I have wifi and cable possibilities to connect the same network.
> >Normaly I
> >> prefer the network connection, so at my desk I plug the cable and use
> >it.
> >> But in some cases, I disconnect my laptop and use the wifi
> >connection.
> >> 
> >> Problem:
> >> The wifi is well connected to my nwid, but the connectivity is not
> >working
> >> (cannot ping my main firewall to connect internet).
> >> I think the problem is linked to wrong arp table (cfr here under)
> >> 
> >> Why the arp entry for my firewall remains "expired" so long (could be
> >more
> >> than 10 minuntes) ?
> >> Why a "doas arp -ad" does not remove this bad fw entry from the table
> >?
> >> What could I do to solve the issue without rebooting the laptop ? (If
> >I
> >> reboot the laptop, this solve the problem).
> >> 
> >> 
> >> 
> >> e5450:~$ arp -a
> >> Host Ethernet AddressNetif Expire
> >> Flags
> >> fw   (incomplete)  em0
> >expired
> >> 192.168.3.15 10:02:b5:83:40:41iwm0
> >permanent l
> >> 192.168.3.16 f8:ca:b8:50:84:15 em0
> >permanent l
> >
> >Didn't we already discuss the same question back in July?
> >https://marc.info/?l=openbsd-misc=153220020618146=2
> >
> >Again, try trunk(4).
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Base httpd and addons like OpenSMTPD extras in ports?

2018-08-27 Thread Alexander Hall 



On August 28, 2018 5:17:11 AM GMT+02:00, Chris Bennett 
 wrote:
>On Tue, Aug 28, 2018 at 03:08:46AM +, jungle Boogie wrote:
>> Chris,
>> 
>> What are httpd add-ons?
>
>Umm, base http did not have rewrites before, now it does.
>That could have been does as an addon instead.

I'm really not sure what you're suggesting. More stuff in base, or less?

httpd lives and is developed in the OpenBSD source tree. Do you suggest adding 
some add-on hook and whatnot API would be to simplify it?

>
>Chris

Re: SuperMicro A2SDi-4C-HLN4F

2018-08-26 Thread Alexander Hall 



On August 25, 2018 1:59:55 PM GMT+02:00, Rupert Gallagher  
wrote:
> wrote:
>
>> This vendor addresses hardware & firmware faults like the other
>enterprise vendors, they DON'T past year two. BIOS and BMC firmwares
>are not updated after this even with the long term lifetime products,
>you are on your own!
>
>On bios and ipmi updates, you can download and apply them yourself. For
>advanced bios updates, there is a licence you can purchase, as you do
>with Dell and HP.
>
>On warranty, they are in line with the industry standards:
>
>https://www.supermicro.com/support/Warranty/
>
>On open source, they work with the community, well enough to have a
>cetified list of compatible systems:
>
>https://www.supermicro.com/support/faqs/os.cfm
>
>When you are in business, you do not want to go back to the drawing
>board each time. You need a platform where to build your own services.
>If you have to develop disk and keyboard drivers, and you are told off
>from the support mailing list, then the OS is worth nothing to you.

- That there is no current support, does not mean there will never be.
- misc@ is not a support mailing list. In fact, there is none. That does not, 
however, mean that you can't get help from there. 

>OpenBSD is not ready for enterprise.

By some definition of "for enterprise", sure.

/Alexander 

>
>Your faithfull troll.

Re: sshfs permission problem

2018-08-03 Thread Alexander Hall 



On August 3, 2018 3:44:07 PM GMT+02:00, Rudolf Sykora  
wrote:
>On 3 August 2018 at 15:30, Maurice McCarthy 
>wrote:
>> On 03/08/2018, Rudolf Sykora  wrote:
>>> doas sshfs syk...@pc109.fzu.cz: /home/ruda/mnt/fzu -o uid=1000 -o
>gid=1000
>>
>> Leave out the 'doas' ?
>
>Afaik, no, you can't.
>Any mounting on OpenBSD seems to need root privileges.

Yes it does. I seldom use sshfs myself, but last time I tried, some weeks ago, 
I experienced the same situating. I solved my problem another way and assumed I 
had something badly set up.

Please do send a proper bug report. Not sure if the issue is in base or the 
port though.

/Alexander

Re: Keeping clear out of history

2018-07-31 Thread Alexander Hall 



On July 31, 2018 9:09:05 AM GMT+02:00, Solene Rapenne  wrote:
>Ken M  wrote:
>> OK, so confession 1, I am a long time bash user
>> confession 2 all of my ksh experience is on solaris
>> 
>> However in a when in Rome moment I am realizing how much I like ksh
>in openbsd,
>> but one minor thing. I don't like how much clear ends up in my
>history file. So
>> I am wondering what I can do to suppress a command going to history.
>> 
>> 
>> Lets put my .profile here for reference
>> 
>> # $OpenBSD: dot.profile,v 1.5 2018/02/02 02:29:54 yasuoka Exp $
>> #
>> # sh/ksh initialization
>> 
>> . /etc/ksh.kshrc
>> 
>>
>PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:$HOME/.local/bin
>> PS1="[\u@\h: \W]$ "
>> HISTFILE=$HOME/.ksh_history
>> HISTSIZE=1000
>> export PATH HOME TERM PS1 HISTFILE HISTSIZE
>> 
>> # For now clearing out clear from history when starting
>> sed -i '/^clear$/d' $HISTFILE
>> 
>> bind -m '^L'=clear'^J'
>> # I wish this worked
>> # bind -m '^L'=clear'^J';sed -i '$d' $HISTFILE
>> 
>> alias ll='ls -l'
>> alias la='ls -la'
>> alias watch='gnuwatch'
>> 
>> 
>> As you can see I tried adding the ; sed after my bind, I also tried
>it with &&
>> sed and that did not work. Both of course remove the sed from history
>and not
>> the clear. I guess I could remove the 2nd to last line. But before I
>go that sed
>> route is there a cleaner way to prevent a command from going to the
>HISTFILE?
>> 
>> Ken
>
>you can use HISTCONTROL=ignoredups so you would have only one entry for
>"clear"
>in your history

That, or

  HISTCONTROL=ignorespace

and prefix your clear with a space. 

Another obvious candidate is

  bind ^L=clear-screen

which however I believe is still only available in -current.

/Alexander

Re: Viewport for man.openbsd.org -- readability on phones

2018-05-18 Thread Alexander Hall 


On May 18, 2018 4:09:58 AM GMT+02:00, Ken M <k...@mack-z.com> wrote:
>In all honesty I wasn't thinking of the suggestion as a cautious one
>because of
>bloat. I think bootstrap minified and compressed is like 20k. I mean
>how big is
>the entire man page collection?

Well, bloat isn't only measured in bits and bytes either. 

/Alexander 

>
>I was more hesitant to make the suggestion because if there was ever a
>community
>that en masse browsed with js disabled I would think it would be this
>one.
>
>Ken
>
>On Fri, May 18, 2018 at 03:08:25AM +0200, Ingo Schwarze wrote:
>> Hi Ken,
>> 
>> Ken M wrote on Thu, May 17, 2018 at 08:50:53PM -0400:
>> 
>> > I will probably have to duck and run
>> > for suggesting javascript as the answer here...
>> 
>> Precisely.  :)
>> 
>> > But for the most part the modern industry standard to make pages
>> > scale well across many devices and screen orientations is to use
>> > a responsive design library, most notably bootstrap.
>> 
>> We are talking about a simplistic one-column layout here,
>> and avoiding that kind of bloat (in particular javascript)
>> is among the top four design goals, together with support
>> for hyperlinks, support for semantic annotations, and avoiding
>> gratuitous presentational differences when compared to terminal
>> output (just to avoid misunderstandings, not every difference
>> is gratuitous: for example, terminals naturally use fixed-width
>> fonts, HTML naturally uses proportional fonts).
>> 
>> But no, javascript is an even worse suggestion than the
>> original idea of "meta viewport".
>> 
>> Yours,
>>   Ingo

Re: SoftRAID disk size

2018-05-01 Thread Alexander Hall 
On Tue, May 01, 2018 at 02:36:49PM +0200, Håkon Robbestad Gylterud wrote:
> Hi,
> 
> I have two 5TB disks, which I want to set up as mirrored using RAID 1
> through softraid(4). But after attaching the disk using bioctl(8), the
> disk appears with 2TB, not 5TB.

I can imagine you have some old softraid metadata lying around. Did you
try to wipe any existing metadata from the RAID partitions before
attaching it?

# dd if=/dev/zero of=/dev/rwd0A bs=1m count=10
# dd if=/dev/zero of=/dev/rwd0B bs=1m count=10

should be more than enough. Spelling mistakes are intentional.

I DO NOT RECOMMEND THIS if you already have some stuff on there which
you care about.

# bioctl -C force ...

could also help.

/Alexander


> 
> How can I get the correct size for the softraid device?
> 
> The disks are wd0 and wd2, and disklabel shows:
> 
> # /dev/rwd0c:
> type: ESDI
> disk: ESDI/IDE disk
> label: TOSHIBA HDWE150
> duid: f76030f4c8b1cf43
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 608001
> total sectors: 9767541168
> boundstart: 64
> boundend: 9767541168
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize   cpg]
>   a:   9767541104   64RAID
>   c:   97675411680  unused
> 
> # /dev/rwd2c:
> type: ESDI
> disk: ESDI/IDE disk
> label: TOSHIBA HDWE150
> duid: 635ad6956b23ea1d
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 608001
> total sectors: 9767541168
> boundstart: 64
> boundend: 9767541168
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize   cpg]
>   a:   9767541104   64RAID
>   c:   97675411680  unused
> 
> 
> But when I attach using:
> 
> # bioctl -c 1 -l /dev/wd0a,/dev/wd2a softraid0
> softraid0: RAID 1 volume attached as sd0
> 
> dmesg shows:
> 
> sd0 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 1, 006> SCSI2 0/direct fixed
> sd0: 2097148MB, 512 bytes/sector, 4294961093 sectors
> 
> Thanks in advance to any pointers in the right direction.
> 
> Best regards,
>  —Håkon
> 
> 
>

Re: repeated set of messages about usb mouse

2018-05-01 Thread Alexander Hall 
On Mon, Apr 30, 2018 at 01:07:00PM +, Rudolf Sykora wrote:
> Hello misc,
> 
> I am (on 6.3, amd64) repeatedly getting these messages every now and then:

Not knowning about the exact details, I know we had issues (in RHEL6) at
work with some mice continually detaching and attaching. I believe it
might have been part of some power-saving idea, but I wasn't the one
investigating it. For now, we just try to avoid those mice since,
although they don't misbehave in function, the spam is rather annoying,
in particular when working on the console.

/Alexander

> 
> ---
> uhub4 at uhub3 port 5 configuration 1 interface 0 "Genesys Logic USB2.0
> Hub" rev 2.00/88.32 addr 3
> uhidev1 at uhub4 port 1 configuration 1 interface 0 "Logitech USB Optical
> Mouse" rev 2.00/72.00 addr 4
> uhidev1: iclass 3/1
> ums1 at uhidev1: 3 buttons, Z dir
> wsmouse1 at ums1 mux 0
> uhidev2 at uhub4 port 2 configuration 1 interface 0 "Logitech USB Keyboard"
> rev 1.10/64.00 addr 5
> uhidev2: iclass 3/1
> ukbd0 at uhidev2: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> wskbd1: connecting to wsdisplay0
> uhidev3 at uhub4 port 2 configuration 1 interface 1 "Logitech USB Keyboard"
> rev 1.10/64.00 addr 5
> uhidev3: iclass 3/0, 3 report ids
> uhid12 at uhidev3 reportid 1: input=1, output=0, feature=0
> uhid13 at uhidev3 reportid 2: input=1, output=0, feature=0
> uhid14 at uhidev3 reportid 3: input=3, output=0, feature=0
> wsmouse1 detached
> ums1 detached
> uhidev1 detached
> wskbd1: disconnecting from wsdisplay0
> wskbd1 detached
> ukbd0 detached
> uhidev2 detached
> uhid12 detached
> uhid13 detached
> uhid14 detached
> uhidev3 detached
> uhub4 detached
> ---
> 
> (And I am not plugging it in and out...)
> 
> The mouse otherwise works just fine.
> 
> Is anything wrong?
> 
> Thank you
> Ruda
>

Re: Fwd: Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument

2018-03-11 Thread Alexander Hall 

Stefan Wollny wrote:


Am 11.03.2018 um 01:13 schrieb Alexander Hall:

On March 9, 2018 12:55:31 AM GMT+01:00, Stefan Wollny<stefan.wol...@web.de>  
wrote:

Am 09.03.2018 um 00:09 schrieb Stefan Wollny:

Am 08.03.2018 um 23:25 schrieb Stefan Wollny:

Am 08.03.2018 um 22:11 schrieb Stefan Wollny:


Am 08.03.2018 um 17:44 schrieb Stefan Wollny:

Gesendet von meinem BlackBerry 10-Smartphone.
   Originalnachricht
Von: Kevin Chadwick
Gesendet: Donnerstag, 8. März 2018 17:28
An:misc@openbsd.org
Betreff: Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument

On Thu, 8 Mar 2018 14:47:43 +0100



Has anyone a clue what might have happend and how to solve the

issue?

I searched the net but didn't find any substantial infos on this.

As

the error happends with all three USB-keys I have this is

unlikely to

be cause of the trouble.

The bootloader normally lists the disks that the bios sees

beforehand

e.g.

disk: hd0+ hd1+ sr0*

OpenBSD/amd64 BOOT 3.34

Perhaps they have been moved around?


I tried

boot hd1a:/bsd

but got the same message.

I can enter # fsck -fy hd0a but ‎this just gets me a prompt

without any action. BTW: This is a SSD.

OK - back at home I downloaded install63.iso and burned a CD which

does

start. Choosing "(U)pgrade" I am presented with "Available disks

are:

sd0 sd1" - but both are "not a valid root disk". Back to the shell

I

tried fdisk but I get "fdisk: sd0: No such file or directory"

Could this be an issue with the bootloader or is it the encryption

of

softraid0 that hinders the upgrade?


tb@ provided another valuable hint:
I can start the boot-process with 'boot sr0a:/bsd' but this ends with

a

panic:

...
softraid0 at root
scsibus4 at softraid0:256 targets
panic: root device (...) not found
Stopped at db_enter+0x5:    popq    %rbp
     TID    PID    UID    PRFLAGS    PFLAGS    CPU COMMAND
*    0        0        0    0X1        0X200    OK    swapper
...


OK . final remarks for tonight:

I can start 'boot sr0a:/bsd.rd' but trying to upgrade is the same
dead-end road - "sd0 is not a valid root device".

'fdisk sd0' shows the expected '*' before the partition number.

It might help to see the actual output.


'disklabel sd0' shows the expected fstype "RAID" 'for sd0a.

It would certainly help to see the output here. Does it span the *entire* disk, 
from 0 to the end?


Doing 'bioctl -c C -l /dev/sd0a' says "KDF hint has invalid size".

'installboot -nv sd0a' misses '/usr/mdec/biosboot' - there is only
'/usr/mdec/mbr'.

While the 'upgrade' started from 'boot sr0a:/bsd.rd' does not see 'sd0'
the 'install' process started from the CD actually does.

"sd0 is not a valid root device" does not say it does not *see* the device. It says 
"sd0 is not a valid root device", which is totally correct, as it only holds some raid 
metadata and the corresponding encrypted data.

If sd0(a) is a single RAID partition, and sd1 holds the key, your root disk 
should appear as sd2 (or whatever the next unused sdN is).

So, if "sd0 is not a valid root device" and "sd1 is not a valid root device", 
what gives for sd2?

Please provide as much output as possible from the process. Your interpretation 
of it is far less helpful in understanding the problem at hand.

Sincerely,
Alexander

Hi Alexander,

thank you so much for the time you took to look at my posts and to 
reply.I type everything from the screen:


At boot time the system reports:

Using drive 0, partition 3.
Loading..
probing: pc0 mem[630k 3250M 7M 246M 452K 12798M a20=on]
disk: hd0+ hd1+ sr0


I'd say something is strange here already. sr0 should have an asterisk 
after it. I cannot find the relevant man page to tell you (or me) why, 
though. :-d



 >> OpenBSD/amd64 BOOT 3.34
open(hd0a:/etc/boot.conf): Invalid argument
boot>
cannot open hd0a:/etc/random.seed: Invalid argument
booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
  failed(22). will try /bsd
boot>
cannot open hd0a:/etc/random.seed: Invalid argument
booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
  failed(22). will try /bsd
Turning timeout off.
boot>


As said, neither hd0 nor hd1 should be bootable. The assembled sr0 
should be.




At this point the system stops the process but is still reachable:

boot> ls
stat(hd0a:/.): Invalid argument
boot> boot hd1a:/bsd
cannot open hd1a:/etc/random.seed: Invalid argument
booting hd1a:/bsd: open hd1a:/bsd: Invalid argument
  failed(22). will try /bsd
boot>

Starting /bsd from sr0a is possible but the result is the kernel crash I 
already reported.
BUT: I can start bsd.rd!!! By this I was able to post the dmesg (for 
your convenience again at the end).


boot> boot sr0a:/bsd.rd
[ ... ]
Welcome to the OpenBSD/amd64 6.3 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?

If I choose to (U)pgrade neither sd0 nor sd1 are recognized as valid 
root disks:


Not su

Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument

2018-03-10 Thread Alexander Hall 


On March 9, 2018 12:55:31 AM GMT+01:00, Stefan Wollny <stefan.wol...@web.de> 
wrote:
>Am 09.03.2018 um 00:09 schrieb Stefan Wollny:
>> Am 08.03.2018 um 23:25 schrieb Stefan Wollny:
>>> Am 08.03.2018 um 22:11 schrieb Stefan Wollny:
>>>
>>>> Am 08.03.2018 um 17:44 schrieb Stefan Wollny:
>>>>> Gesendet von meinem BlackBerry 10-Smartphone.
>>>>>   Originalnachricht  
>>>>> Von: Kevin Chadwick
>>>>> Gesendet: Donnerstag, 8. März 2018 17:28
>>>>> An: misc@openbsd.org
>>>>> Betreff: Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
>>>>>
>>>>> On Thu, 8 Mar 2018 14:47:43 +0100
>>>>>
>>>>>
>>>>>> Has anyone a clue what might have happend and how to solve the
>issue?
>>>>>> I searched the net but didn't find any substantial infos on this.
>As
>>>>>> the error happends with all three USB-keys I have this is
>unlikely to
>>>>>> be cause of the trouble.
>>>>> The bootloader normally lists the disks that the bios sees
>beforehand
>>>>> e.g.
>>>>>
>>>>> disk: hd0+ hd1+ sr0*
>>>>>>> OpenBSD/amd64 BOOT 3.34
>>>>> Perhaps they have been moved around?
>>>>>
>>>>>
>>>>> I tried
>>>>>
>>>>> boot hd1a:/bsd
>>>>>
>>>>> but got the same message.
>>>>>
>>>>> I can enter # fsck -fy hd0a but ‎this just gets me a prompt
>without any action. BTW: This is a SSD.
>>>>>
>>>> OK - back at home I downloaded install63.iso and burned a CD which
>does
>>>> start. Choosing "(U)pgrade" I am presented with "Available disks
>are:
>>>> sd0 sd1" - but both are "not a valid root disk". Back to the shell
>I
>>>> tried fdisk but I get "fdisk: sd0: No such file or directory"
>>>>
>>>> Could this be an issue with the bootloader or is it the encryption
>of
>>>> softraid0 that hinders the upgrade?
>>>>
>> tb@ provided another valuable hint:
>> I can start the boot-process with 'boot sr0a:/bsd' but this ends with
>a
>> panic:
>>
>> ...
>> softraid0 at root
>> scsibus4 at softraid0:256 targets
>> panic: root device (...) not found
>> Stopped at db_enter+0x5:    popq    %rbp
>>     TID    PID    UID    PRFLAGS    PFLAGS    CPU COMMAND
>> *    0        0        0    0X1        0X200    OK    swapper
>> ...
>>
>OK . final remarks for tonight:
>
>I can start 'boot sr0a:/bsd.rd' but trying to upgrade is the same
>dead-end road - "sd0 is not a valid root device".
>
>'fdisk sd0' shows the expected '*' before the partition number.

It might help to see the actual output. 

>
>'disklabel sd0' shows the expected fstype "RAID" 'for sd0a.

It would certainly help to see the output here. Does it span the *entire* disk, 
from 0 to the end? 

>
>Doing 'bioctl -c C -l /dev/sd0a' says "KDF hint has invalid size".
>
>'installboot -nv sd0a' misses '/usr/mdec/biosboot' - there is only
>'/usr/mdec/mbr'.
>
>While the 'upgrade' started from 'boot sr0a:/bsd.rd' does not see 'sd0'
>the 'install' process started from the CD actually does.

"sd0 is not a valid root device" does not say it does not *see* the device. It 
says "sd0 is not a valid root device", which is totally correct, as it only 
holds some raid metadata and the corresponding encrypted data.

If sd0(a) is a single RAID partition, and sd1 holds the key, your root disk 
should appear as sd2 (or whatever the next unused sdN is).

So, if "sd0 is not a valid root device" and "sd1 is not a valid root device", 
what gives for sd2?

Please provide as much output as possible from the process. Your interpretation 
of it is far less helpful in understanding the problem at hand. 

Sincerely, 
Alexander 

>
>Sigh - I need some sleep...

Re: root autologin?

2018-02-06 Thread Alexander Hall 


On February 6, 2018 7:57:36 PM GMT+01:00, Mohammad BadieZadegan 
<mbzade...@gmail.com> wrote:
>I have not X and I want to resolve my problem with command prompt only.
>Isn't possible?

There's plenty of ways to achieve that. But unless you manage to explain why 
you think that would be a good thing, few people will help you, if even then. 

Here's one:

> boot -s

/Alexander

>
>On Tue, Feb 6, 2018 at 9:06 PM, Michael Hekeler <mich...@hekeler.com>
>wrote:
>
>> > A better approach is to to autologin an user in X and
>> > use doas(1)
>> > I think xenodm(1) has an "autologin" option...
>> >
>> >
>>
>> But why would one do that? What problem do you like to solve?
>>
>>

Re: Re-compute bsd checksum

2018-01-16 Thread Alexander Hall 


On January 16, 2018 9:35:56 PM GMT+01:00, Sterling Archer  
wrote:
>On Tue, Jan 16, 2018 at 9:08 PM, Thuban  wrote:
>> I disabled `ulpt` in the kernel using `config` to use an USB-printer.
>>
>> Now, at reboot, I see "kernel relinking failed" message.
>> How to recreate the new checksum? I can't igure out where to find
>this
>> information.
>>
>> Any advice?
>>
>> Regards.
>>
>> --
>> thuban
>
>sha256 /bsd > /var/db/kernel.SHA256

While that might be a technically correct answer, I don't think the 
consequences are being considered. Think about why the situation occurs in the 
first place.

Re: Hotplug USB teethering using an Android phone

2018-01-15 Thread Alexander Hall 


On January 15, 2018 9:10:12 AM GMT+01:00, "Jean-Michel Pouré" <j...@poure.com> 
wrote:
>
>Dear all,
>
>First, I would like to thank you all for the hard work over OpenBSD
>over the years. 
>
>My question is about USB teethering using an Android phone. I would
>like to mount urdnis0 and dhcp interface as soon as the phone is
>connected.
>
>urdnis is configured as follows:
>
>$cat /etc/hostname.urndis0 
>up
>dhcp
>
>hotplugd is running as follows:
>
>$cat /etc/hotplug/attach   
>  
>#!/bin/sh 
> 
>DEVCLASS=$1 
>DEVNAME=$2 
> 
>case $DEVCLASS in 
>3) 
># network devices; requires hostname.$DEVNAME 
>sh /etc/netstart $DEVNAME 
>;; 
>esac
>
>Do you know why dhcpclient is not triggered over phone usb connection?

Maybe

# chmod +x /etc/hotplug/attach

If not, try

logger "attach $*" or somesuch in the script, to see if it is run at all.

/Alexander

Re: AuthorizedKeyCommand ldap

2017-12-11 Thread Alexander Hall 

On 12/11/17 23:49, Dan Becker wrote:

I am reading a blog proposing to use the AuthorizedKeyCommand to hook into
another authentication mechanism  by calling a shell script

https://blog.heckel.xyz/2015/05/04/openssh-authorizedkeyscommand-with-fingerprint/

Do I have a valid concern in thinking this might not be a prudent method of
authentication ?


AFAICT, he is using AuthorizedKeyCommand exactly as intended, generating 
authorized_keys entries on demand.


What are you concerned about?

/Alexander

Re: FAQ14: Growing disk partitions: fdisk

2017-11-03 Thread Alexander Hall 


On November 3, 2017 8:41:20 AM GMT+01:00, Otto Moerbeek <o...@drijf.net> wrote:
>On Fri, Nov 03, 2017 at 08:07:37AM +0100, Stephane HUC "PengouinBSD"
>wrote:
>
>> 
>> Le 11/03/17 à 07:27, Otto Moerbeek a écrit :
>> (...)
>> > 
>> > My guess is that if you use duids in fstab then you should call it
>by
>> > that name withc fsck (which uses fstab). Alternatively, specify the
>> > mount point.
>> > 
>> >-Otto
>> > 
>> > 
>> 
>> Interesting point of view, but:
>> 
>> 1/ I've not change the writing of the fstab file. It is the fact of
>the
>> installer OpenBSD.
>> 
>> 2/ Normally, fsck uses fstab. But, as i wrote in my first message, it
>> seems it not doing it.
>> 
>> > # fsck sd0d
>> > fsck: sd0d: unknown special file or file system.
>
>It does use fstab, but it cannot find sd0d in fstab.
>
>> 
>> 3/ By using duids, how i call fsck?
>
>fsck ef1ea0f909e0b8d8.d
>
>> 
>> # fsck /tmp
>> 
>> ???
>
>That line didn't show properly in my mal client.
>
>> 
>> 4/ And, yes, calling fsck as:
>> 
>> # fsck /dev/sd0d
>> 
>> seems run correctly!
>
>Yes, because if a full path is given, fsck uses that without
>needing to consult fstab.

Is there some reason why one can it or is not convert fsck to use opendev()?

/Alexander

>
>> 
>> => But then why is it written in the FAQ this below, since it doesn't
>> seem to work? (at least with stable amd64 OpenBSD)
>> 
>> "Before the partition can be mounted again, its integrity must be
>> checked with fsck(8):
>> 
>> # fsck sd0h
>> "
>
>That's an error in the FAQ. It has been fixed now,
>
>   -Otto

Re: Resize partitions?

2017-10-04 Thread Alexander Hall 


On October 4, 2017 6:58:52 PM GMT+02:00, Niels Kobschaetzki 
<ni...@kobschaetzki.net> wrote:
 
> /.../ And I
>don't know OpenBSD enough to know how "dangerous" it is to use
>"pkg_delete -a". I used similar functions with linux-distributions and
>they wanted to remove a tool like git because nothing depended on it.

It will here too but only if you didn't explicitly install said package. You 
can also mark already installed packages as "explicitly installed" using the 
fine pkg_* tools.

$ pkg_delete -n -a

will probably give you a nice hint, too. 

>Btw. I like the approach of dnf of Fedora which will not only uninstall
>a package but also all its dependencies that aren't used by other
>packages.

Thus, an implicit "pkg_delete -a" with no questions asked?

/Alexander

Re: boot> does not "time out" after failed PXE boot

2017-10-03 Thread Alexander Hall 
Unless I'm mistaken, Claus refers to things that happen prior to the boot 
prompt appearing the first time. Once the boot prompt does up, I'd expect at 
least one attempt. 

Claus, do you by any chance have anything fancy in /etc/boot.conf?

/Alexander 

On October 2, 2017 8:30:29 PM GMT+02:00, Theo de Raadt <dera...@openbsd.org> 
wrote:
>Only one boot attempt occurs, whether network or disk.
>
>It is expected behaviour.
>
>> After a failed/aborted PXE boot (e.g., hitting a key or no network)
>> a laptop is "hanging" at the (OpenBSD 6.2 snapshot)
>> >boot
>> prompt which normally (AFAICT) times out and just boots after a few
>> seconds (from disk); it boots fine after hitting "Return".
>> 
>> Can someone please clarify if this is known/expected behaviour or
>> a problem with the software or the hardware?
>> 
>> dmesg from the laptop (running a recent snapshot)
>> 
>> OpenBSD 6.2 (GENERIC.MP) #123: Sat Sep 30 22:51:56 MDT 2017
>>
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 8495951872 (8102MB)
>> avail mem = 8231452672 (7850MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2440 (67 entries)
>> bios0: vendor Dell Inc. version "A12" date 05/09/2012
>> bios0: Dell Inc. Latitude E6510
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP APIC TCPA MCFG HPET BOOT SLIC SSDT
>> acpi0: wakeup devices AGP_(S4) P0P1(S4) HDEF(S4) PXSX(S4) RP01(S4)
>PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4)
>PXSX(S4) RP07(S4) PXSX(S4) [...]
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2660.43 MHz
>> cpu0:
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: TSC frequency 2660428950 Hz
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 132MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
>> cpu1 at mainbus0: apid 4 (application processor)
>> cpu1: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
>> cpu1:
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 2, package 0
>> cpu2 at mainbus0: apid 1 (application processor)
>> cpu2: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
>> cpu2:
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
>> cpu2: 256KB 64b/line 8-way L2 cache
>> cpu2: smt 1, core 0, package 0
>> cpu3 at mainbus0: apid 5 (application processor)
>> cpu3: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
>> cpu3:
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
>> cpu3: 256KB 64b/line 8-way L2 cache
>> cpu3: smt 1, core 2, package 0
>> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
>> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus -1 (AGP_)
>> acpiprt2 at acpi0: bus 10 (P0P1)
>> acpiprt3 at acpi0: bus 1 (RP01)
>> acpiprt4 at acpi0: bus -1 (RP02)
>> acpiprt5 at acpi0: bus 2 (RP03)
>> acpiprt6 at acpi0: bus 4 (RP04)
>> acpiprt7 at acpi0: bus -1 (RP05)
>> acpiprt8 at acpi0: bus -1 (RP07)
>> acpiprt9 at acpi0: bus -1 (RP08)
>> acpiprt10 at acpi0: bus -1 (PEG3)
>> acpiprt11 at acpi0: bus -1 (PEG5)
>> acpiec0 at acpi0
>> acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205
>mwait.3@0x10), C1(1000@3 mwait.1), PSS
>> acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205
>mwait.3@0x10

Re: httpd.conf - access denied error whilst trying to auto index a location

2017-09-15 Thread Alexander Hall 


On September 15, 2017 4:06:37 AM GMT+02:00, "tec...@protonmail.com" 
<tec...@protonmail.com> wrote:
>Hello,
>
>I'm using 6.1 + all updates (system and packages)
>
>I am trying to list a particular directory exactly as shown within the
>https://www.jp.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf
>presentation:
>
>location "/download/*" {
>directory auto index
>log style combined
>}
>
>This just results in an error from the browser - 'Access Denied'.  I
>have checked the permissions of the 'download' directory, even given
>them permissions of 777 just to see if I can get this to work but nope.

1. I'm not convinced this will Target the directory itself
2. Did you check the permissions on all intermediate directories? 

/Alexander 

> Same error.
>
>My http.conf file:
>
>ext_addr="192.168.1.2"
>
>types { include "/usr/share/misc/mime.types" }
>
>chroot "/"
>logdir "/var/www/logs"
>
>server "default" {
>
>listen on $ext_addr port 80
>
>location "*.php" {
>fastcgi socket "/var/www/run/php-fpm.sock"
>}
>
>location "/phpMyAdmin*" {
>root { "/var/www/htdocs/phpMyAdmin", strip 1 }
>}
>
>location "/download/*" {
>directory auto index
>log style combined
>}
>
>root "/var/www/htdocs/"
>
>directory index "index.php"
>
>location "*/db_structure.xml" { block }
>location "*/.ht*" { block }
>location "*/README"   { block }
>location "*/data*"   { block }
>location "*/config*" { block }
>location "*/*.php.*" { block }
>
>}
>
># ls -alht /var/www/htdocs/download
>total 12
>drwxr-xr-x  5 root  daemon   512B Sep 15 03:49 ..
>drwxrwxrwx  2 root  daemon   512B Sep 15 03:07 .
>-rwxr-xr-x  1 root  daemon 8B Sep 15 03:07 notes.txt
>
># cat /var/www/logs
>default 192.168.1.3 - - [15/Sep/2017:03:51:21 +0200] "GET /download/
>HTTP/1.1" 403 0
>
>Everything else runs smoothly on my server, but I cannot get a listing
>of the files for some reason when I go to 192.168.1.2/download.  I can
>access the notes.txt file though through the browser at
>http://192.168.1.2/download/notes.txt
>
>I just can't figure it out, restarted the server so many times and now
>I've given up and looking to see if anyone knows what the problem could
>be.  More than likely I'm doing something silly here.  Before someone
>points out that I have disabled the chroot, yes I know.. and I have
>done this for a very specific reason so please don't even bother asking
>me reasons why I have done this, okay? Okay.
>
>Any help will be massively appreciated, thanks for reading!

Re: Clarification on ksh(1) nohup mechanism

2017-08-28 Thread Alexander Hall 


On August 27, 2017 6:28:12 PM GMT+02:00, Alessandro DE LAURENZIS 
<jus...@atlantide.t28.net> wrote:
>Folks,
>
>On Sat 12/08/2017 18:36, Alessandro DE LAURENZIS wrote:
>>Dear misc@ readers,
>>
>>I'm lost with the subject... From the man page I see that, differently
>
>>from standard ksh, OpenBSD implementation by default do *not* send 
>>SIGHUP signals to child processes when a SIGHUP is received by the 
>>parent shell and that this mechanism can be changed through:
>>
>>set +o nohup
>>
>>So far, so good; now:
>>
>>[snip]
>>
>>$ sleep 30 &
>>[1] 46318
>>$ pgrep -fl sleep
>>46318 sleep 30
>>
>>$ pgrep -fl sleep
>>46318 sleep 30
>>[snip]
>>
>>As expected, the sleep process is still there. But:
>>
>>[snip]
>>
>>set +o nohup
>>$ sleep 30 &
>>[1] 83071
>>$ pgrep -fl sleep
>>83071 sleep 30
>>
>>$ pgrep -fl sleep
>>83071 sleep 30
>>[snip]
>>
>>Even after having cleared the shell option, the process is not killed.
>>
>>Just in case, I also tried with:
>>
>>set -o nohup
>>
>>observing the same behavior.
>
>I've discussed this topic off-list with anton@, and the conclusion of 
>his analysis is that the "set +o nohup" correct behaviour requires a
>ksh 
>login shell.
>
>I confirm that, firing e.g. "ksh -l" from bash, child processes 
>correctly receive a SIGHUP at ksh's closing; instead, firing just "ksh"
>
>shows the unexpected behaviour I described above.
>
>Now, I doubt that signal handlers should be influenced by the
>login/non-login assumption, or at least that's not documented... I hope
>
>one of the developers will have a look.

From ksh(1):

"Note that for non-interactive shells, the trap handler cannot be changed for 
signals that were ignored when the shell started."

I bet this is what bites you.

/Alexander 

>
>All the best

Re: Random boot seed cron job for unclean shutdowns?

2017-08-04 Thread Alexander Hall 


On August 4, 2017 9:03:17 PM GMT+02:00, Kevin Chadwick <m8il1i...@gmail.com> 
wrote:
>
>I've noticed disk checks on a colleagues system many times and will ask
>why on Monday and advise that whilst OpenBSD is rock solid it should
>still be shutdown gracefully.
>
>I am sure this has already been considered but I shall ask anyway just
>in case. Despite running RO root systems in some cases I am now
>wondering if a Cron job to update the random boot seed every ? minutes
>might be a good idea to limit the chance of random boot seed re-use?

Not entirely sure what you're asking, but please realize that a new seed is 
generated already on bootup. Not sure a periodic update would add any 
substantial value. 

/Alexander

Re: Supporting OpenBSD

2017-08-04 Thread Alexander Hall 


On August 2, 2017 10:03:13 AM GMT+02:00, Mike Burns 
<mike+open...@mike-burns.com> wrote:
>On 2017-08-02 13.21.44 +0930, Radoslav Mirza wrote:
>> Are there any resources that point to where I can begin to help with
>> the project?
>
>- Use OpenBSD to get your work done. When something breaks, fix it and
>  send in a patch. When something is sub par, improve it and send in
>  that patch.

This. And the rest. But, really. This.

/Alexander

>- Join #openbsd-daily on irc.freenode.net to get a walkthrough of how
>  code is written for the project.
>- Follow tech@. When someone sends a patch asking for an OK, try
>  applying it to make sure it works as intended.
>- Follow bugs@.
>- Donate hardware: https://www.openbsd.org/want.html
>- Donate money: https://www.openbsd.org/donations.html

Re: starting cwm and terminal font

2017-07-31 Thread Alexander Hall 


On July 31, 2017 8:37:07 AM GMT+02:00, jungle boogie <jungleboog...@gmail.com> 
wrote:
>Thus said Jungle Boogie on Sun, 30 Jul 2017 16:06:06 -0700
>> Hello,
>> 
>> 
>> I have some cwm questions for you folks.
>> 
>> cwm is launching, but it's not setting my background to gray.
>> I thought I made the change correctly.
>> 
>> $ cat .xsession
>> 
>> 
>> /usr/X11R6/bin/cwm
>> xsetroot -solid grey &
>> oclock -geometry 75x75-0-0 &
>> 
>
>I've learned much from all these posts - thank you all!
>
>Now using .Xdefaults:
>XTerm*faceName: Momo:style=Regular:size=9
>XTerm.vt100.saveLines: 1000
>XTerm.vt100.scrollBar: true
>XTerm.vt100.scrollbar.width: 8
>XTerm*selectToClipboard:true
>
>Also some color stuff below. Is everything above accurate to use with 
>openbsd?
>
>My xinitrc:
>$ cat .xinitrc 
> 
> 
>
>xsetroot -solid gray40 (does the 40 actually do anything? I've seen a 
>few examples with numbers after it)
>#xclock -d -geometry 180x30-0-0
>exec cwm
>
>
>I have the digit xclock commented out, because when it was enabled, it 
>seem to have locked the system. Any hints?

Add an & at the end of the command to background it.

/Alexander 
>
>My cwmrc:
>$ cat .cwmrc 
> 
> 
>
>command firefox /usr/local/bin/firefox
>fontname "Courier:pixelsize=12:style=Regular"
>
>
>So it's coming along and I'm liking it!
>
>I have links installed as the browser (and firefox as you see above).
>Is links a favorite low resources browser with you folks?
>
>Thanks for all the responses so far!

Re: starting cwm and terminal font

2017-07-30 Thread Alexander Hall 


On July 31, 2017 1:06:06 AM GMT+02:00, jungle boogie <jungleboog...@gmail.com> 
wrote:
>Hello,
>
>
>I have some cwm questions for you folks.
>
>cwm is launching, but it's not setting my background to gray.
>I thought I made the change correctly.
>
>$ cat .xsession 
> 
> 
>
>/usr/X11R6/bin/cwm

Shell waits here for cwm to terminate. Only after you exit cwm ("log out"), 

>xsetroot -solid grey &
>oclock -geometry 75x75-0-0 &

these happens.

I'd start them before the window manager.

/Alexander 

>
>The clock is also not showing up.
>
>I've also put it in here:
>$ cat .xinitrc 
> 
> 
>
>oclock -geometry 75x75-0-0 &
>xsetroot -solid grey &
>/usr/X11R6/bin/cwm
>
>Does it need to go in the .cwmrc?
>$ cat .cwmrc 
> 
> 
>
>command firefox /usr/local/bin/firefox
>#fontname "sans-serif:pixelsize=14:bold"
>fontname "Courier:pixelsize=14:style=Regular"
>
>Is there a way to change the console font to something a little larger?
>fontname seems to change for menus only.
>
>Thanks!

Re: vmctl: connect: /var/run/vmd.sock: No such file or directory

2017-07-23 Thread Alexander Hall 


On July 22, 2017 8:42:48 PM GMT+02:00, G <gp...@mailbox.org> wrote:
>thanks! it worked!


It could be of public interest exactly *what* worked. Hardware change? BIOS 
settings?

/Alexander

>On 07/22/17 20:54, Josh Grosse wrote:
>> On Sat, Jul 22, 2017 at 08:38:56PM +0300, G wrote:
>>> I get the following messages
>>>
>>> # vmd -vd
>>> vmd: /dev/vmm: Operation not supported by device
>>  
>> The vmm(4) driver requires hardware virtualization features, and if
>you
>> have the right hardware, may require you to enable them in your BIOS.
>> Your dmesg(8) will note if the kernel can load the vmm() driver. For 
>> example, mine shows:
>> 
>>  vmm0 at mainbus0: VMX/EPT
>>

Re: Openbsd6.1 as firewall can access the internet but the LAN behind it cannot

2017-06-21 Thread Alexander Hall 


On June 21, 2017 6:01:10 PM GMT+02:00, Josh Grosse <j...@jggimi.net> wrote:
>On 2017-06-21 11:36, lu jian wrote:
>> Hi
>> 
>> I have an i386 machine with two network interfaces, one of which
>> connect to the uplink ISP via pppoe, the other connects to the WAN
>> port of a wireless router to which all LAN machines and cell phones
>> connect (via wifi).
>> 
>> The problem is that this i386 machine (which I intend as a firewall)
>> can access the internet, but all LAN machines cannot.
>> 
>> Hint: my wireless router can obtain dhcp address from the i386
>machine.
>> 
>> These two network interfaces on the i386 are bge0 and fxp0.
>> 
>> 1) Configuration for fxp0:
>> # cat /etc/hostname.fxp0
>> up
>> # cat /etc/hostname.pppoe0
>> inet 0.0.0.0 255.255.255.255 NONE \
>>pppoedev fxp0 authproto chap \
>>authname 'account' authkey '123' up
>>  dest 0.0.0.1
>> 
>> !/sbin/route add default -if pppoe0 0.0.0.1
>> 
>> 2) Configuration for bge0:
>> # cat /etc/hostname.bge0
>>inet 192.168.0.1 255.255.255.0 192.168.0.255
>
>This is a subnet within RFC 1918 - a private network, not
>directly routea-able on the Internet.
>
>You must add Network Address Translation (NAT) to your PF configuration
>
>in order
>to access the Internet from that subnet.
>
>See the NAT section of the PF User's Guide.
>
>http://www.openbsd.org/faq/pf/nat.html

That, and we didn't see the dhcpd.conf.

/Alexander

Re: Gestão de Contratos - Elaboração e Administração

2017-06-21 Thread Alexander Hall 
I call it spam, which occasionally slips through. Not much point in blocking 
and I doubt the sender is a subscriber.

Business as usual, nothing to see here.

/Alexander 

On June 21, 2017 7:09:57 PM GMT+02:00, Rui Ribeiro <ruyrybe...@gmail.com> wrote:
>Please delete this spammer. This is publicity in my mother tongue.
>
>2017-06-21 15:30 GMT+01:00 Fabio Pereira
><fabio.barb...@multicursos.com.br>:
>
>>

Re: Can I use OpenBSD as a desktop system?

2017-06-11 Thread Alexander Hall 



>With a name like SOUL_OF_ROOT_CANAL I wonder what he is trying to

FWIW, that's not the name he's been using.

So far he hasn't proven to be anything but an ass though.

Cheers, Alexander

Re: siteXX.tgz with /home/user/.ssh/authorized_keys results in empty file

2017-05-30 Thread Alexander Hall 


On May 30, 2017 3:37:05 AM GMT+02:00, Theo Buehler  wrote:
>From: Theo Buehler 
>Cc: 
>Bcc: 
>Subject: Fwd: siteXX.tgz with /home/user/.ssh/authorized_keys results
>in empty
> file
>Reply-To: 
>In-Reply-To:
>
>
>On Mon, May 29, 2017 at 07:16:06PM -0400, trondd wrote:
>> On Mon, May 29, 2017 5:47 pm, Erling Westenvik wrote:
>> > What is going on? Why is the process extracting siteXX.tgz
>> > treating /mnt/home/user/.ssh different than /mnt/root/.ssh?
>
>[...]
>
>> My guess is this is an install.  The installer seems to unpack the
>sets
>> first.  Including the site taball.  Then, if you created a new user,
>> copies the /etc/skel/ files over, overwriting your authorized_keys
>file. 
>> You'll need to use install.site or /etc/rc.firsttime
>> 
>> Root is different because root's files are part of the distribution
>sets.
>
>Populating the $ADMIN's $_home with some files from siteXX.tgz looks
>like a legitimate use case to me, especially for authorized_keys, but
>also for the dotfiles in /etc/skel.
>
>How about not overwriting already existing files?
>
>Index: install.sub
>===
>RCS file: /var/cvs/src/distrib/miniroot/install.sub,v
>retrieving revision 1.1011
>diff -u -p -r1.1011 install.sub
>--- install.sub28 May 2017 09:24:56 -  1.1011
>+++ install.sub30 May 2017 00:18:16 -
>@@ -2919,7 +2919,7 @@ do_install(){
> 
>   _home=/mnt$_home
>   mkdir -p $_home
>-  (cd /mnt/etc/skel; cp -pR . $_home)
>+  (cd /mnt/etc/skel; pax -rw -k -pe . $_home)

If that's what it does, I'm all for it. 

>   (umask 077 && sed "s,^To: root\$,To: ${ADMIN_NAME} <${ADMIN}>," 
> \
>   /mnt/var/mail/root >/mnt/var/mail/$ADMIN )
>   chown -R 1000:1000 $_home /mnt/var/mail/$ADMIN

Re: Difficulties with the sh manual page

2017-05-25 Thread Alexander Hall 


On May 25, 2017 9:47:08 AM GMT+02:00, Theo Buehler <t...@math.ethz.ch> wrote:
>On Thu, May 25, 2017 at 09:03:43AM +0200, Otto Moerbeek wrote:
>> On Wed, May 24, 2017 at 04:27:06PM -0400, Choose a display name
>wrote:
>> 
>> > I don't quite understand the description of the PPID in the sh
>manual.
>> > 
>> > >PPID The shell's parent process ID. Subshells have the same
>> > > PPID as the parent of the current shell.
>> > 
>> > PPID is the shell's parent's pid, okay (by the way, shouldn't the
>> > second "'s" be added?). But, according to the next sentence,
>subshells
>> > have the same value in their PPIDs as the current shell's parent
>have
>> > in its PPID. Is it correct?
>> 
>> Yes,
>http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18
>
>I think the point is that the current phrasing in sh(1) is incorrect.
>POSIX says this:
>
>   In a subshell [...], PPID shall be set to the same value as that
>   of the parent of the current shell.
>
>and sh(1) says this:
>
>   Subshells have the same PPID as the parent of the current shell.
>
>I think either we should say something more explicit like
>
>   The PPID in a subshell is the PID of the parent of the current
>   shell.

Is a bit unclear if this is what's intended. I wonder if it's rather so that 
the PPID of a subshell is the same as its parents PPID, such that at any level 
of subshells, PPID remains the PID of the process spawning the initial shell. 

/Alexander 

>
>or we drop "the parent of":
>
>Index: sh.1
>===
>RCS file: /var/cvs/src/bin/ksh/sh.1,v
>retrieving revision 1.141
>diff -u -p -r1.141 sh.1
>--- sh.1   16 Mar 2017 20:06:37 -  1.141
>+++ sh.1   25 May 2017 07:31:53 -
>@@ -2091,7 +2091,7 @@ Enable POSIX mode
> The shell's parent process ID.
> Subshells have the same
> .Ev PPID
>-as the parent of the current shell.
>+as the current shell.
> .It Ev PS1
> User prompt displayed every time an interactive shell
> is ready to read a command.

Re: Adding default IPv6 route fails on 6.1

2017-04-12 Thread Alexander Bochmann 
...on Wed, Apr 12, 2017 at 11:12:28AM +0200, Sterling Archer wrote:
 > On Wed, Apr 12, 2017 at 9:59 AM, Dimitris Papastamos  wrote:
 > > Try this instead:
 > > !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
 > That did the trick, dhcpcd is receiving router advertisments from
 > my ISP now. Thanks, Dimitris.

On that note - there's several cloud VM providers out there 
who assign a IPv6 network to customer VMs and then expect that 
fe80::1 is used as default gateway.

In those cases, an interface tag is required too, as the 
system will usually have at least one other link-local 
network on the lo0 interface (that's not new in 6.1)... 

So, depending on the interface name, something like this works:

 > # fgrep fe80 /etc/mygate
 > fe80::1%vio0

Alex.

Re: Topics for revised PF and networking tutorial

2017-04-10 Thread Alexander Hall 
On April 11, 2017 5:54:31 AM GMT+02:00, Ingo Schwarze <schwa...@usta.de>
wrote:
>bytevolc...@safe-mail.net wrote on Tue, Apr 11, 2017 at 10:30:35AM
>+1000:
>
>> Another issue with the man pages is that there is extremely limited
>> indexing.
>
>That isn't true on OpenBSD.  It still is true on most Linux
>distributions, and even on FreeBSD by default, but at least FreeBSD
>has an option to enable OpenBSD-quality indexing.  It also isn't
>true on NetBSD, though there, it works in a completely different
>way than here (no semantic indexing, but flat full-text search).
>
>> $ apropos -i EXDEV
>> apropos: nothing appropriate
>
>  schwarze@isnote $ apropos Er=EXDEV
>  intro, errno(2) - introduction to system calls and error numbers
>  link, linkat(2) - make hard link to a file
>  rename, renameat(2) - change the name of a file

I was convinced Ingo would set things straight here. :-)

Since I suck at markup, I think it's worth mentioning using "any=EXDEV" for
the search expression, which works out fine for this case. For details, please
consult the fine manual. It's totally worth it.

/Alexander

>
>> Either I am doing something wrong here, or the indexing is junk.
>
>The former.  You failed to read manual pages.
>The apropos utility does not have a -i option,
>but it does support searching for error numbers,
>as documented in apropos(1).
>
>The indexing is NOT junk.

Re: Sony Vaio VPCSA

2017-03-29 Thread Alexander Hall 
On Thu, Mar 30, 2017 at 02:15:04AM +0800, Farty Breath wrote:
> Many thanks all for your replies,
> 
> Apologies for not including dmesg output, it's attached now for
> install60.fs and install61.fs on the Sony VPCSA.  Thanks Stuart for
> the link.

Except...

> [demime 1.01d removed an attachment of type application/octet-stream which 
> had a name of dmesg_SonyVPCSA_6.1]
> 
> [demime 1.01d removed an attachment of type application/octet-stream which 
> had a name of dmesg_SonyVPCSA_6.0]

meaning misc@ does not accept attachments. Send dmesg inline.

/Alexander

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-15 Thread Alexander Bochmann 
...on Wed, Mar 15, 2017 at 10:29:25AM -0400, Jiri B wrote:

 > >  > bios0: vendor SeaBIOS version 
 > > "debian/1.7.5-1-0-g506b58d-dirty-20140812_231322-gandalf" date 04/01/2014
 > >  > bios0: QEMU Standard PC (i440FX + PIIX, 1996)
 > it doesn't say anything about qemu-kvm version :/

Nope, but:

 > >  > sd0 at scsibus2 targ 0 lun 0:  SCSI3 
 > > 0/direct fixed

That sais "2.1", and that's actually the version of the qemu-kvm 
package in Debian jessie.

The qemu harddisk in your dmesg reports "2.5", so I'm probably 
wrong and you're actually on a newer qemu version than my VM.

Alex.

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-15 Thread Alexander Bochmann 
Hi,

...on Mon, Mar 13, 2017 at 11:26:42AM -0400, Jiri B wrote:

 > it seems virtio-scsi is not working correctly in OpenBSD, I gave it
 > a try today and OpenBSD VM was killed with:
 >   2017-03-13T15:29:00.814657Z qemu-kvm: wrong size for virtio-scsi headers
 > on EL7 with qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.
 > I found a bug stating it is OpenBSD's fault
 >   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768517

Hrm - I've been running a OpenBSD 6.0-stable VM with a hosting 
provider that seems to be using qemu-kvm for half a year, and 
have yet to run into that problem. I don't have any information 
about their platform except that their SeaBIOS identifies as debian:

 > bios0: vendor SeaBIOS version 
 > "debian/1.7.5-1-0-g506b58d-dirty-20140812_231322-gandalf" date 04/01/2014
 > bios0: QEMU Standard PC (i440FX + PIIX, 1996)
 [..]
 > virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00
 > vioscsi0 at virtio1: qsize 128
 > scsibus2 at vioscsi0: 255 targets
 > probe(vioscsi0:0:0): Check Condition (error 0) on opcode 0x0
 > sd0 at scsibus2 targ 0 lun 0:  SCSI3 0/direct 
 > fixed
 > sd0: 61440MB, 512 bytes/sector, 125829120 sectors, thin
 > virtio1: msix shared

Maybe it is actually a Linux bug that has been fixed by everyone 
except Red Hat in their undead backports kernel?

Alex.

  1   2   3   4   5   6   7   8   9   10   >