Re: Regarding Openbsd and zoom/hangouts etc

2021-08-02 Thread Antoine Jacoutot
Zoom works just fine. Again I use it on a daily basis for work on chromium and 
even screen sharing works great. 

—
Antoine

> On 2 Aug 2021, at 20:55, Jonathan Drews  wrote:
> 
> On Mon, Aug 02, 2021 at 07:04:47PM +0300, Riza Dindir wrote:
>> Hello,
>> 
>> I amthinking of using openbsd as my OS, and desktop, giving up windows,
>> after I am having trouble updating the system.
>> 
>> I have a question. Is it possible to use zoom, hangouts or other
>> conferencing/communication systems using the browser
>> (iridium/chrome/firefox, etc) on openbsd?
>> 
> Hi;
> 
> Zoom won't owrk on OpenBSD. You can go their test page and try it for
> yourself https://zoom.us/test  . Howvever jitsi works great.
> 
> Here are my notes on configuring audio and video on OpenBSD, so it
> willwork with jitsi. https://meet.jit.si/
> 
> The primary reference is:
> 
> https://www.openbsd.org/faq/faq13.html
> in addition to the man pages.
> To get audio and video working on OpenBSD:
> 
> Add yourself to group wheel in /etc/group. Do as root:
> # chmod g+rw /dev/video0
> or whatever your video device is. Find it in dmesg.
> 
> In  /etc/sysctl.conf (file is in /etc/examples) add:
> 
> kern.audio.record=1
> kern.video.record=1
> 
> Add the following lines to /etc/mixerctl.conf (mixerctl.conf
> is in /etc/examples).
> 
> # $OpenBSD: mixerctl.conf,v 1.1 2014/07/16 13:21:33 deraadt Exp $
> #
> # mixerctl(1) configurable parameters. See mixerctl.conf(5) for
> details.
> #
> 
> # output volume value for most audio cards
> # outputs.master=200
> record.enable=on
> 
> You'll have to experiment as your laptop may not have the same
> entries as my mixerctl.conf. Invariably they should begin with
> "record." Do # mixerctl -av  to find the settings
> 
> As an aid in getting your microphone to work use aucat (see man 1
> aucat).
> To do a test recoding do:
> $ aucat -o test.wav
> to play back the rscording, to see if your microphone is working do:
> $ aucat -i test.wav
> 
> I have used Jitsi several times from my OpenBSD T420 Laptop. The
> only difficulty was sharing my desktop. Firefox froze when doing
> that. My guess is that happens because of pledge. Video and audio
> worked great. Response times can be bad if you use Jitsi over WiFi.
> I switched to ethernet and my signal strength improved.
> 
> To adjust the volume of the microphone and speakers use cmixer.
> cmixer is in packages.
> 
> 
> Kind regards,
> Jonathan
> 



Re: Regarding Openbsd and zoom/hangouts etc

2021-08-02 Thread Antoine Jacoutot
Hi. 

Zoom works in chromium, I now use it on a daily basis. You need to enable audio 
and video record using sysctl, change /dev/video0 ownership to your user and 
activate web assembly in chromium (just a matter of exporting a variable which 
I don’t remember the name right now).

Cheers!

—
Antoine

> On 2 Aug 2021, at 18:23, Riza Dindir  wrote:
> 
> Hello,
> 
> I amthinking of using openbsd as my OS, and desktop, giving up windows,
> after I am having trouble updating the system.
> 
> I have a question. Is it possible to use zoom, hangouts or other
> conferencing/communication systems using the browser
> (iridium/chrome/firefox, etc) on openbsd?
> 
> Kind Regards,
> Riza Dindir



Re: terraform aws, got a problem I did not expect

2021-06-26 Thread Antoine Jacoutot
On Sat, Jun 26, 2021 at 07:06:38PM +0300, Gregory Edigarov wrote:
> Hello,
> 
> I remember that for earlier versions of terraform all providers were
> available as  OpenBSD packages/ports, that is now changed.
> 
> $ terraform init  
> Initializing the backend...
> 
> Initializing provider plugins...
> - Finding latest version of hashicorp/aws...
>   Error: Incompatible provider version
>   Provider registry.terraform.io/hashicorp/aws v3.47.0 does not have a
> package available for your current platform, openbsd_amd64.
>   Provider releases are separate from Terraform CLI releases, so not all
> providers are available for all platforms. Other versions of this
> provider may have   different platforms supported.
> 
> $ uname -a    
> OpenBSD lbld12.duckdns.org 6.9 GENERIC.MP#92 amd64
> 
> How am I supposed to get providers ? May be a community have  one that
> works under OpenBSD?
> Any advice?

Yeah I was made aware of this.
I could re-add the bazillion providers back to ports but it's a huge PITA to
maintain and it won't support multiple providers version.


-- 
Antoine



Re: sane-backends permission problems

2021-05-18 Thread Antoine Jacoutot
On Tue, May 18, 2021 at 10:42:22AM +0200, Antoine Jacoutot wrote:
> On Tue, May 18, 2021 at 10:39:34AM +0200, Antoine Jacoutot wrote:
> > On Mon, May 17, 2021 at 05:21:16PM -0400, Allan Streib wrote:
> > > Predrag Punosevac  writes:
> > > 
> > > > predrag@oko$ scanimage -L
> > > >
> > > > No scanners were identified. If you were expecting something different,
> > > > check that the scanner is plugged in, turned on and detected by the
> > > > sane-find-scanner tool (if appropriate). Please read the documentation
> > > > which came with this software (README, FAQ, manpages).
> > > 
> > > Had the same problem today. sane-find-scanner returned...
> > > 
> > > found USB scanner (vendor=0x04a9 [Canon], product=0x2206 [CanoScan], 
> > > chip=LM9832/3) at libusb:002:002
> > > 
> > > ...but scanimage -L found no scanners. This scanner uses the
> > > sane-plustek backend, so I added my user to the _saned group, and I had
> > > changed the ownership on (in my case) /dev/ugen0.* and /dev/usb2 per the
> > > sane-backends pkg-readme. Something else was wrong.
> > > 
> > > Running the the scanimage program under ktrace revealed:
> > > 
> > >   98418 scanimage NAMI  "/var/spool/lock/LCK..libusb:002:002"
> > >   98418 scanimage RET   open -1 errno 13 Permission denied
> > > 
> > > Looking at /ver/spool/lock, it appears that this lockfile should be
> > > created in the sane/ subdirectory instead?
> > > 
> > > $ ls -l /var/spool/lock/
> > > total 4
> > > drwxrwxr-x  2 root  _saned  512 May 17 16:12 sane
> > > 
> > > I don't see anything in /etc/sane.d/plustek.conf that implies that I can
> > > change the lockfile location, so not sure how to correct this?
> > 
> > That comes from libusb, not sane itself I think.
> 
> Scratch that.
> It is sane, I will have a look.

I've committed a fix.
Thanks.

-- 
Antoine



Re: sane-backends permission problems

2021-05-18 Thread Antoine Jacoutot
On Tue, May 18, 2021 at 10:39:34AM +0200, Antoine Jacoutot wrote:
> On Mon, May 17, 2021 at 05:21:16PM -0400, Allan Streib wrote:
> > Predrag Punosevac  writes:
> > 
> > > predrag@oko$ scanimage -L
> > >
> > > No scanners were identified. If you were expecting something different,
> > > check that the scanner is plugged in, turned on and detected by the
> > > sane-find-scanner tool (if appropriate). Please read the documentation
> > > which came with this software (README, FAQ, manpages).
> > 
> > Had the same problem today. sane-find-scanner returned...
> > 
> > found USB scanner (vendor=0x04a9 [Canon], product=0x2206 [CanoScan], 
> > chip=LM9832/3) at libusb:002:002
> > 
> > ...but scanimage -L found no scanners. This scanner uses the
> > sane-plustek backend, so I added my user to the _saned group, and I had
> > changed the ownership on (in my case) /dev/ugen0.* and /dev/usb2 per the
> > sane-backends pkg-readme. Something else was wrong.
> > 
> > Running the the scanimage program under ktrace revealed:
> > 
> >   98418 scanimage NAMI  "/var/spool/lock/LCK..libusb:002:002"
> >   98418 scanimage RET   open -1 errno 13 Permission denied
> > 
> > Looking at /ver/spool/lock, it appears that this lockfile should be
> > created in the sane/ subdirectory instead?
> > 
> > $ ls -l /var/spool/lock/
> > total 4
> > drwxrwxr-x  2 root  _saned  512 May 17 16:12 sane
> > 
> > I don't see anything in /etc/sane.d/plustek.conf that implies that I can
> > change the lockfile location, so not sure how to correct this?
> 
> That comes from libusb, not sane itself I think.

Scratch that.
It is sane, I will have a look.

-- 
Antoine



Re: sane-backends permission problems

2021-05-18 Thread Antoine Jacoutot
On Mon, May 17, 2021 at 05:21:16PM -0400, Allan Streib wrote:
> Predrag Punosevac  writes:
> 
> > predrag@oko$ scanimage -L
> >
> > No scanners were identified. If you were expecting something different,
> > check that the scanner is plugged in, turned on and detected by the
> > sane-find-scanner tool (if appropriate). Please read the documentation
> > which came with this software (README, FAQ, manpages).
> 
> Had the same problem today. sane-find-scanner returned...
> 
> found USB scanner (vendor=0x04a9 [Canon], product=0x2206 [CanoScan], 
> chip=LM9832/3) at libusb:002:002
> 
> ...but scanimage -L found no scanners. This scanner uses the
> sane-plustek backend, so I added my user to the _saned group, and I had
> changed the ownership on (in my case) /dev/ugen0.* and /dev/usb2 per the
> sane-backends pkg-readme. Something else was wrong.
> 
> Running the the scanimage program under ktrace revealed:
> 
>   98418 scanimage NAMI  "/var/spool/lock/LCK..libusb:002:002"
>   98418 scanimage RET   open -1 errno 13 Permission denied
> 
> Looking at /ver/spool/lock, it appears that this lockfile should be
> created in the sane/ subdirectory instead?
> 
> $ ls -l /var/spool/lock/
> total 4
> drwxrwxr-x  2 root  _saned  512 May 17 16:12 sane
> 
> I don't see anything in /etc/sane.d/plustek.conf that implies that I can
> change the lockfile location, so not sure how to correct this?

That comes from libusb, not sane itself I think.

-- 
Antoine



Re: Injecting an environment variable in service

2021-03-17 Thread Antoine Jacoutot
On Wed, Mar 17, 2021 at 09:57:45AM +0100, Ruben Vestergaard wrote:
> Hi list,
> 
> Is there a general way of injecting an environment variable into an rc
> managed service? I need Smokeping to pick up the HTTPS_CA_FILE variable, but
> there seems to be no obvious way to set it.
> 
> I guess I could modify the system scripts, but is there a cleaner, obvious
> way I have missed?

Sure, you can create a login class that matches the rc.d script name and add the
env var in it.

e.g. login.conf entry

smokeping:\
:setenv=HTTPS_CA_FILE=foo:\
:tc=daemon:

FYI you have an example in the smokeping package README.

-- 
Antoine



Re: Issue updating spidermonkey

2020-10-22 Thread Antoine Jacoutot
On Wed, Oct 21, 2020 at 06:43:13PM -0400, Brennan Vincent wrote:
> 
> On 10/21/20 4:40 AM, Stuart Henderson wrote:
> > On 2020-10-21, Chris Bennett  wrote:
> > > On Tue, Oct 20, 2020 at 08:26:05PM -0400, Brennan Vincent wrote:
> > > > Updated yesterday from 6.7 to a snapshot, and now:
> > > > 
> > > > $ doas pkg_add -u
> > > doas pkg_add -u -Dsnap
> > > 
> > > You need to do some things different once you change to -current
> > > snapshots.
> > > Might also have to wait for -current packages to match the -current
> > > snapshot sometimes.
> > -Dsnap does nothing for most of the year. The only thing it's useful for is
> > pointing to the snapshots directory whdn you're running a kernel with no
> > -beta/-current suffix (i.e. a release, or snapshot in the short period in
> > the run-up to release).
> > 
> > > > quirks-3.458 signed on 2020-10-18T13:56:14Z
> > This shows that it is indeed looking at a snapshot directory not release.
> > 
> > > > Can't update spidermonkey-60.9.0v1->spidermonkey78-78.3.1v1: no update 
> > > > found
> > > > for spidermonkey-60.9.0v1
> > > > Can't install polkit-0.116p1->0.118: can't resolve 
> > > > spidermonkey78-78.3.1v1
> > > > 
> > > > Is this expected soon after updating? Do I just need to wait for some
> > > > inconsistency in the pkg repo to be resolved?
> > This could either be:
> > 
> > - a bug in some port
> > 
> > - a package source that does not have a consistent set of files from one
> > build (can happen when a mirror is updating)
> > 
> > First thing to do if this happens is check file dates in the mirror's
> > directory listing and see if they're consistent (no big jump between the
> > a* and z* files).
> 
> Will the URL to check look something like
> https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/ ?
> 
> I checked there; all the files were touched within a 10 minute period.
> 
> Issue is persisting.

Should be fixed in a current.
Wait a few days for new packages.

-- 
Antoine



Re: UNIX printing demystified

2020-10-21 Thread Antoine Jacoutot
On Tue, Oct 20, 2020 at 10:10:30PM -0400, Predrag Punosevac wrote:
> 
> Every now and then people post a "question" about printing to this
> mailng list which exposes their confusion. I am putting this email
> together so that anybody capable of searching through the mailing list
> can at least have terminology straight before asking for help.
> Information presented here is in the public domain and I make no claims
> of posting anything new.
> 
> 
> Table of Contents:
> 
> 1. Print spooling overview: LPD, LPRng, CUPS
> 2. Common network printing protocols: LPD, IPP, JetDirect
> 3. Printer driver. 
> 4. Input filters
> 5. ASCII and page description language PostScript(PS)
> 6. PostScript Printer Description (PPD) files 
> 7. Printer recommendations
> 8. Code contribution
> 
> 
> 1. What is a print spooling? Why is needed?
> 
> A print spooler is a program/daemon that accepts print jobs from a
> program or network. It typically consist of two programs: a print
> spooler daemon that sends jobs to a printer and a command to submit
> print jobs to the spooler daemon. In general spooler is not needed on
> an operating system that allows a single user to perform only one task
> at a time as long as that single user doesn't try to send multiple
> documents to the printer at the same time.
> 
> However, UNIX has been designed multitasking, multiuser computer
> operating systems. Imagine that my wife and I send two documents to a
> printer at the same time. Her documents gets there first and gets
> printed. My document losses the race and my job is rejected because the
> device is busy. I wait a few minutes and I sent my document again but
> this time my daughter outrace me and her document get printed and not
> mine. Now imagine the organization with hundreds of users and only a few
> printers. This is exactly why we need a spooler program/daemon which
> will listen for the incoming printing requests, stores them in a spool
> queue, and then sends them to a printer when it becomes available.
> 
> The original Berkeley spooling system is The Line Printer Daemon
> protocol/Line Printer Remote protocol (or LPD) and it is available on
> any default OpenBSD installation. LPD is super simple and writing a lpd
> daemon should not be a too difficult for an undergraduate CS student.
> For those of us who are old enough to remember legendary Richard Stevens
> 
> https://www.oreilly.com/library/view/advanced-programming-in/9780321638014/ch21.html
> 
> As the computer technology and printing proliferated among common folks
> like me some system admins felt the need to develop more complex
> queueing policies. People start hitting limitations of LPD and
> eventually Dr. Patrick Powell felt compel to rewrite a new spooler
> program/daemon which will be more capable of complex printing policies
> and easier to incorporate drivers and input filters (please see below)
> so the UNIX world got
> 
> LPRng
> 
> http://web.mit.edu/ops/services/print/Attic/src/doc/LPRng-HOWTO.html#toc2
> 
> as the project grew and never became truly financially viable eventually
> was replaced with newer and super complex spooling system called CUPS
> 
> https://www.cups.org/documentation.html
> 
> Now the true CUPS claim to fame is the support for the new Internet
> printing protocol (IPP).
> 
> 
> 2. What are network printing protocols?
> 
> From its inception UNIX was designed to a distributed computing
> environment. A bunch of developers will use dumb terminals to connect to
> the same computer and do some work. At the same time it became possible
> for printers to be first class citizens on the LAN. LPD is not just a
> spooling system it is also a network protocol spoken by the daemon
> itself but also spoken by any decent quality printer. The major
> limitation of LPD that is primarily single direction protocol.
> 
> As printer became more sophisticated and more like a computers than
> microcontroller boards it became obvious that one could ask the printer
> about the level of the toner or the state of key mechanical components
> (drum comes to mind). Thus we got IPP. Actually, we got more than that.
> Most so called workgroup printers come with a built in CUPS server. 
> 
> That is not it. Manufacturer came up with many different network
> protocols. I will mention the one I use JetDirect. From wikipedia page:
> AppSocket, also known as Port 9100, RAW, JetDirect, or Windows TCPmon is
> a protocol that was developed by Tektronix. It is considered as 'the
> simplest, fastest, and generally the most reliable network protocol used
> for printers
> 
> 
> 3. What are the printer drivers? Do I need them.
> 
> In "old good times" all printers were capable of printing raw ASCII
> code. You don't need any drivers to print raw ASCII text on most
> business grade printers. As printers became more sophisticated users
> wanted to print more complicated things like pictures as oppose to ASCII
> art. One of earliest examples of page description language was 

Re: rc.conf.local sorted?

2020-05-26 Thread Antoine Jacoutot
On Tue, May 26, 2020 at 05:16:44PM +0200, Why 42? The lists account. wrote:
> 
> On Mon, May 25, 2020 at 04:51:51PM +0200, Antoine Jacoutot wrote:
> > > ...
> > > It looks as if the file has been sorted e.g.
> > Did you use rcctl(8) ?
> 
> Hi Antoine,
> 
> You are correct, that does it. I checked the history and after the
> upgrade I had run rcctl to enable sensorsd. Just tested it again and
> running an rcctl enable or disable command causes all the lines of
> /etc/rc.conf.local to be alphabetically sorted.
> 
> That seems like a defect to me, what do you think?

That's what you get when mixing helper tools and manuals edits.
They can work together but only up to a certain point... and in this case,
comments don't fly.
As long as everything works functionnaly, then I'd say we're good and can live
with it.

-- 
Antoine



Re: rc.conf.local sorted?

2020-05-25 Thread Antoine Jacoutot
On Mon, May 25, 2020 at 03:22:11PM +0200, Why 42? The lists account. wrote:
> 
> Hi All,
> 
> After running sysupgrade to update from 6.6 (snapshot) to the newest
> version I noticed that the comments I added to /etc/rc.conf.local no
> longer made sense (if they ever did :)).
> 
> It looks as if the file has been sorted e.g.
> > ...
> > # Also increase the number of -b(uffer) frames so as to avoid "stutter" 
> > under high CPU load. Default (7680) + 1024. See: man sndiod
> > # Boot time messages:
> > # For NFS
> > # Prefer Postfix
> > # So this should expose raw device "rsnd/1" the "Burr-Brown from TI USB 
> > Audio CODEC" (aka "audio1" or "uaudio0") as subdevice: "cyrus"
> > # Sound subsystem: sndiod
> > # Tell syslog to write mark messages every 30 minutes
> > # audio1 at uaudio0
> > # uaudio0 at uhub3 port 1 configuration 1 interface 1 "Burr-Brown from TI 
> > USB Audio CODEC" rev 1.10/1.00 addr 7
> > # uaudio0: class v1, full-speed, sync, channels: 2 play, 2 rec, 3 ctls
> > lockd_flags=
> > mountd_flags=
> > nfsd_flags=-n 7 -t
> > pkg_scripts=messagebus postfix
> > portmap_flags=
> > sensorsd_flags=
> > smtpd_flags=NO
> > sndiod_flags="-b 8704 -f rsnd/1 -s cyrus"
> > ...
> 
> Is this normal? It doesn't seem like something I would have been likely
> to have done manually/accidentally.
> 
> Based on the file mtime it seems as if this happened at boot time, or
> perhaps at the time of the first boot after the sysupgrade.
> 
> Strangely sysupgrade itself doesn't have much to say about what it
> installed e.g. in messages log I just see:
> > sysupgrade: installed new /bsd.upgrade. Old kernel version: OpenBSD 
> > 6.6-current (GENERIC.MP) #55: Sun Mar 15 02:21:01 MDT 2020 
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> Per uname I am currently running: 6.7 GENERIC.MP#213 amd64
> 
> Just wondering if this is the expected behaviour ...

Did you use rcctl(8) ?

-- 
Antoine



Re: rc daemon_timeout

2020-04-23 Thread Antoine Jacoutot
On Thu, Apr 23, 2020 at 02:34:20PM +0200, Thomas de Grivel wrote:
> I tried changing the following line in /etc/rc.d/rc.subr but the
> actual timeout remains 30 sec (from 'time').
> > [ -z "${daemon_timeout}" ] && daemon_timeout=600

rm /var/run/rc.d/my_daemon

-- 
Antoine



Re: rc daemon_timeout

2020-04-23 Thread Antoine Jacoutot
On Thu, Apr 23, 2020 at 12:18:40PM +0100, Raf Czlonka wrote:
> On Thu, Apr 23, 2020 at 12:00:59PM BST, Thomas de Grivel wrote:
> > Hello,
> > 
> > I have some trouble starting up a daemon on OpenBSD 6.6 stable using rc :
> > 
> > in /etc/rc.d/my_daemon :
> > 
> > > #!/bin/ksh
> > >
> > > daemon="/home/my-user/start"
> > > daemon_user=my-user
> > > daemon_timeout=600
> > >
> > > . /etc/rc.d/rc.subr
> > >
> > > echo "daemon_timeout ${daemon_timeout}"
> > > rc_cmd $1
> > 
> > Then I run the following command :
> > 
> > > # time /etc/rc.d/my_daemon
> > > daemon_timeout 600
> > > seuldanslenoir_staging(timeout)
> > > 0m30.54s real 0m00.04s user 0m00.05s system
> > 
> > So the actual timeout is still 30 seconds which is the default in
> > /etc/rc.d/rc.subr
> > 
> > What did I do wrong ?
> 
> Order - move the source ('.) line to the top.

Hmm no, don't do that.

What is the output of 'rcctl get my_daemon timeout'

-- 
Antoine



Re: Start system daemon after postgresql/mysql database from packages using rc.conf.local

2020-04-22 Thread Antoine Jacoutot
On Wed, Apr 22, 2020 at 12:31:09PM +, Martin wrote:
> I need to change system daemon (smptd) start order during system boot to have 
> it connected to a database which started from package scripts 
> /etc/rc.conf.local.
> 
> Now /etc/rc.conf is untouched, database runs from /etc/rc.conf.local
> pkg_scripts="postgresql"
> smtpd starts first from rc.conf and crash because no database loaded from 
> rc.conf.local script to fetch users.
> 
> Please suggest any workaround.

Start it from rc.local ?

-- 
Antoine



Re: Zoom meeting via chromium web app

2020-03-28 Thread Antoine Jacoutot
On Sat, Mar 28, 2020 at 10:00:28AM +0100, Alessandro De Laurenzis wrote:
> Greetings,
> 
> I'm trying to use the Zoom meeting platform in OpenBSD through the Chromium
> web app (-current, very recent snapshot, Chromium 80.0.3987.149, amd64).
> 
> When I click on the app icon, a new browser window opens and the sign-in web
> page appears, but soon after the browser is killed:
> 
> Mar 28 09:52:43 theseus /bsd: chrome(36809): pledge sysctl 2: 6 2
> Mar 28 09:52:43 theseus /bsd: chrome[36809]: pledge "", syscall 202
> 
> Starting chrome with --disable-unveil doesn't help (same error).
> 
> Anybody did succeed in using this (or a similar) platform?

You can use --no-sandbox.
But Zoom will not work anyway, at least for me it doesn't recognize my audio
nor my camera.
I use Windows for video conf.

-- 
Antoine



Re: CUPS sudden refuses to print after previously working fine

2020-02-28 Thread Antoine Jacoutot
On Fri, Feb 28, 2020 at 08:28:52AM +, Anthony Campbell wrote:
>  I have a networked Brother-HL5350DN printer which has worked fine
>  with CUPS for over a year. Two days ago it suddenly refused to
>  print on my desktop running -current I reconfigured the printer
>  several times without effect.
> 
> I then set up CUPS on a laptop running -release. It also failed. In
> both cases the printer appears on screen and I can queue jobs for
> printing as normal but they don't print. The printer itself is
> working normally from my wife's computer. I cam ping the printer
> without difficulty.
> 
> I turned on debug and found this:
> [Job 30] Unable to locate printer \"BRN001BA92DB44A\"
> 
> I'm mystified. Whenever I've set up the printer in CUPS previously
> it has always worked. The only clue I found was on Arch Linux where
> they talk about needing to set up avahi jn such cases, but I don't
> know if that is relevant here.
> 
> Any ideas gratefully received.

Can you share your configuration?
If it's a network printer, it could be that cups is trying to connect to your
printer using avahi which doesn't work on OpenBSD.  You must make sure you
configure your printer using hostname or IP.

-- 
Antoine



Re: syspatch(8) return values?

2020-02-10 Thread Antoine Jacoutot
On Mon, Feb 10, 2020 at 12:12:12PM -0500, Allan Streib wrote:
> Antoine Jacoutot  writes:
> 
> > "patches waiting, but didn't do anything" might be interesting (i.e
> > patches are available); dunno...
> 
> syspatch -c

?

-- 
Antoine



Re: syspatch(8) return values?

2020-02-08 Thread Antoine Jacoutot
On Fri, Jan 31, 2020 at 09:03:59AM -0600, Adam Thompson wrote:
> There's no mention of what syspatch(8) returns, in the manpage.
> 
> I can prove quickly enough that it exits(0) when there's nothing to do, but
> I'm more interested in knowing (for automation purposes) what the return
> values are in other circumstances, and all my systems are already up to
> date.  Before standing up yet another system, I figured I'd ask here.
> 
> I can think of four scenarios syspatch(8) perhaps ought to distinguish, at
> least I'm interested in these 4 outcomes:
>   1. nothing to do
>   2. patches waiting, but didn't do anthing
>   3. patches applied
>   4. something went wrong
> 
> Can I reliably tell based on $? or do I have to parse the output?

Most likely parse, yes.

"patches waiting, but didn't do anything" might be interesting (i.e patches are
available); dunno...

-- 
Antoine



Re: Can't locate OpenBSD/Quirks.pm in @INC

2020-01-19 Thread Antoine Jacoutot
On Sun, Jan 19, 2020 at 12:19:31PM +0100, Marc Espie wrote:
> On Sat, Jan 18, 2020 at 01:41:20PM +0100, Antoine Jacoutot wrote:
> > On Fri, Jan 17, 2020 at 07:46:23PM -0700, myml...@gmx.com wrote:
> > > 
> > > On 1/17/20 7:25 PM, Jordan Geoghegan wrote:
> > > > 
> > > > 
> > > > On 2020-01-17 18:10, myml...@gmx.com wrote:
> > > > > HI,
> > > > > 
> > > > > 
> > > > > I downloaded the install66.fs snapshot today, 20200117, and did a 
> > > > > fresh
> > > > > install.  Even though I got the full install set, i used http from
> > > > > ftp.openbsd.org as the install source.
> > > > > 
> > > > > Installation went fine but when I tried to install packages I get the
> > > > > above error.
> > > > > 
> > > > > "# pkg_add -vn pftop
> > > > > quirks-3.216 signed on 2020-01-17T19:15:00Z
> > > > > quirks-3.216: ok
> > > > > Can't load quirk: Can't locate OpenBSD/Quirks.pm in @INC (you may need
> > > > > to install the OpenBSD::Quirks module) (@INC contains:
> > > > > /usr/local/libdata/perl5/site_perl/amd64-openbsd
> > > > > /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd
> > > > > /usr/libdata/perl5) at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 
> > > > > 350.
> > > > > 
> > > > > pftop-0.7p19: ok
> > > > > Merging manpages in /usr/local/man: /usr/local/man/man8/pftop.8
> > > > > Extracted 252817 from 253475"
> > > > > 
> > > > [snip]
> > > > 
> > > > I believe quirks gets automatically installed when you install your
> > > > first package.
> > > 
> > > 
> > > AH HA, that seems to be the case.
> > > 
> > >  pkg_add -v pftop
> > > quirks-3.216 signed on 2020-01-17T19:15:00Z
> > > quirks-3.216: ok
> > > pftop-0.7p19: ok
> > > Extracted 252817 from 253475
> > > 
> > > 
> > > I was just initially trying to see what would be installed without
> > > actually installing.  I've run into issues before where the base system
> > > packages and the userland stuff, if they aren't labeled the same date
> > > have library issues.  I was trying to make sure i'd avoid that.
> > > 
> > > 
> > > Thanks for the quick answer!
> >  
> > That is still a pkg_add bug though...
> 
> Thinking some more about it, I'm not sure about the right solution.
> - I can easily suppress the quirks warning if -n is given.

The problem is that you may get a different output compared to if quirks was
instaled (e.g. cve).

> - but then, quirks is kind-of part of pkg_add proper, so maybe it would be
> more appropriate to install quirks anyway.   This is a bit unexpected, though.

It would be unexpected yes.
Maybe quirks has become too quirky and we need a better solution?

-- 
Antoine



Re: Suricata from packages

2020-01-18 Thread Antoine Jacoutot
On Fri, Jan 17, 2020 at 11:24:22PM -0600, Eric Zylstra wrote:
> OpenBSD 6.6 Generic.MP amd64
> Stable.
> 
> I installed suricata using pkg_add.  Having trouble with starting it.
> 
> $ doas rcctl start suricata
> …fails.  No informative fail message, though.

Run rcctl in debug mode.


> 
> I’ve tried finding info in logs.  Nothing informative in suricata logs nor 
> /var/log/messages.
> 
> $ doas /usr/local/bin/suricata -D
> …succeeds.  It runs fine.  That is the same command in the /etc/rc.d/suricata.
> 
> Pointers?  Suggestions?  Specific details?
> 
> Thanks,
> 
> Eric Z
> 

-- 
Antoine



Re: Can't locate OpenBSD/Quirks.pm in @INC

2020-01-18 Thread Antoine Jacoutot
On Fri, Jan 17, 2020 at 07:46:23PM -0700, myml...@gmx.com wrote:
> 
> On 1/17/20 7:25 PM, Jordan Geoghegan wrote:
> > 
> > 
> > On 2020-01-17 18:10, myml...@gmx.com wrote:
> > > HI,
> > > 
> > > 
> > > I downloaded the install66.fs snapshot today, 20200117, and did a fresh
> > > install.  Even though I got the full install set, i used http from
> > > ftp.openbsd.org as the install source.
> > > 
> > > Installation went fine but when I tried to install packages I get the
> > > above error.
> > > 
> > > "# pkg_add -vn pftop
> > > quirks-3.216 signed on 2020-01-17T19:15:00Z
> > > quirks-3.216: ok
> > > Can't load quirk: Can't locate OpenBSD/Quirks.pm in @INC (you may need
> > > to install the OpenBSD::Quirks module) (@INC contains:
> > > /usr/local/libdata/perl5/site_perl/amd64-openbsd
> > > /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd
> > > /usr/libdata/perl5) at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 350.
> > > 
> > > pftop-0.7p19: ok
> > > Merging manpages in /usr/local/man: /usr/local/man/man8/pftop.8
> > > Extracted 252817 from 253475"
> > > 
> > [snip]
> > 
> > I believe quirks gets automatically installed when you install your
> > first package.
> 
> 
> AH HA, that seems to be the case.
> 
>  pkg_add -v pftop
> quirks-3.216 signed on 2020-01-17T19:15:00Z
> quirks-3.216: ok
> pftop-0.7p19: ok
> Extracted 252817 from 253475
> 
> 
> I was just initially trying to see what would be installed without
> actually installing.  I've run into issues before where the base system
> packages and the userland stuff, if they aren't labeled the same date
> have library issues.  I was trying to make sure i'd avoid that.
> 
> 
> Thanks for the quick answer!
 
That is still a pkg_add bug though...

-- 
Antoine



Re: automounter (amd) local file system issue

2020-01-12 Thread Antoine Jacoutot
Sounds like something is keeping your fs busy. Could be gio-kqueue, do you have 
glib2 installed?


—
Antoine

> On 13 Jan 2020, at 06:01, Nick Holland  wrote:
> 
> Hiya.
> 
> I'd like to use amd(8) to automatically mount and dismount local file
> systems.  The file systems in question are big, lots of complicated
> links, lots of files, and take a while to fsck if the power goes out
> unexpectedly, and are used relatively rarely (maybe an hour a day).
> Sounds like a perfect job for amd(8)!
> 
> The file systems in question are mounted to /v/1 and /v/2
> 
> I've got the following set up:
> 
>  $ cat /etc/rc.conf.local
>  amd_flags=-l syslog -x all -c 10 -w 10
>  lockd_flags=
>  portmap_flags=
> 
>  $ cat /etc/amd/master   
>  /v  amd.v
> 
>  $ cat /etc/amd/amd.v   
>  1   type:=ufs;dev:=/dev/sd2i
>  2   type:=ufs;dev:=/dev/sd2j
> 
> 
> ANDit works!
> 
> start the system up, I get this:
> 
>  $ df
>  Filesystem  512-blocks  Used Avail Capacity  Mounted on
>  /dev/sd2a  101167620381275728421%/
>  /dev/sd2h 1031983648   9803800 0%/home
>  /dev/sd2f  413682820   3929968 0%/tmp
>  /dev/sd2d  8264188   2369920   548106030%/usr
>  /dev/sd2e  2065116  2104   1959760 0%/usr/local
>  /dev/sd2g  4136828 64920   3865068 2%/var
>  amd:365830 0 0   100%/v
> 
>  $ ls /v/1/
> [...expected output from files and directories on that file system...]
> 
>  $ df
>  Filesystem  1K-blocks  Used Avail Capacity  Mounted on
>  /dev/sd2a  505838 8360239694617%/
>  /dev/sd2h 515991824   4901900 0%/home
>  /dev/sd2f 206841410   1964984 0%/tmp
>  /dev/sd2d 4132094   1280264   264522633%/usr
>  /dev/sd2e 1032558  1052979880 0%/usr/local
>  /dev/sd2g 2068414 32572   1932422 2%/var
>  amd:92953   0 0 0   100%/v
>  /dev/sd2i   2106117872 298739480 170207250415%/tmp_mnt/dbu/v/1
> 
> Success!!
> well...no.  Seems it never umounts the amd file systems.  And that is
> basically the point of this exercise -- to increase the odds that a FS
> isn't mounted when the power goes out.
> 
> Am I doing something wrong?  Do I have inaccurate expectations of
> what amd(8) does with local file systems? 
> 
> Nick.
> 
> OpenBSD 6.6-current (GENERIC.MP) #599: Sat Jan 11 18:52:00 MST 2020
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 2038652928 (1944MB)
> avail mem = 1964462080 (1873MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebd30 (52 entries)
> bios0: vendor American Megatrends Inc. version "1020" date 12/15/2014
> bios0: PowerSpec V400
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT MSDM MCFG LPIT SLIC HPET SSDT SSDT SSDT UEFI
> acpi0: wakeup devices XHC1(S3) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PWRB(S0)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Pentium(R) CPU J2900 @ 2.41GHz, 2417.12 MHz, 06-37-08
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 83MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Pentium(R) CPU J2900 @ 2.41GHz, 2416.67 MHz, 06-37-08
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Pentium(R) CPU J2900 @ 2.41GHz, 2416.69 MHz, 06-37-08
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: 

Re: OpenBSD Errata: December 11th, 2019 (ldso)

2019-12-14 Thread Antoine Jacoutot
On Sun, Dec 15, 2019 at 09:07:50AM +1000, Stuart Longland wrote:
> On 15/12/19 9:04 am, Antoine Jacoutot wrote:
> > On Sun, Dec 15, 2019 at 08:43:02AM +1000, Stuart Longland wrote:
> >> On 14/12/19 7:49 pm, Frank Beuth wrote:
> >>> OpenBSD doesn't have unit tests (or if they are, they're not in the main
> >>> source tree). How does the project ensure that such wonderfully quick
> >>> fixes don't introduce new bugs?
> >>
> >> I think what helps too is the KISS approach taken in the design of the
> >> software… I think a concept that the Linux community is sadly losing
> >> sight of.
> >>
> >> Simple code is much easier to patch, review and maintain.
> > 
> > Which should not be an excuse for a lacking test suite...
> 
> Well, off you go then. :-)  Get those butterflies¹ flapping.
> 
> The other nice thing about OpenBSD is the source code is right there, so
> writing unit tests around that should be comparatively trivial.

Absolutely.
Eagerly waiting for your contrib.

-- 
Antoine



Re: OpenBSD Errata: December 11th, 2019 (ldso)

2019-12-14 Thread Antoine Jacoutot
On Sun, Dec 15, 2019 at 08:43:02AM +1000, Stuart Longland wrote:
> On 14/12/19 7:49 pm, Frank Beuth wrote:
> > OpenBSD doesn't have unit tests (or if they are, they're not in the main
> > source tree). How does the project ensure that such wonderfully quick
> > fixes don't introduce new bugs?
> 
> I think what helps too is the KISS approach taken in the design of the
> software… I think a concept that the Linux community is sadly losing
> sight of.
> 
> Simple code is much easier to patch, review and maintain.

Which should not be an excuse for a lacking test suite...

-- 
Antoine



Re: Skype alternatives for OpenBSD

2019-11-02 Thread Antoine Jacoutot
On Sat, Nov 02, 2019 at 10:35:36PM +0100, Jonathan Drews wrote:
> Is there an alternative to Skype that runs on OpenBSD? I looked in 
> http://openports.se/
> and didn't see anything. I want to take online classes nad need a video
> conferencingsoftware. --Kind regards,Jonathan 

It depends what you need for your online classes.
Regular video should "just work".

For anything else (real video conferencing), use something else; interactive
real time audio / video is crap; it doesn't work in the real world.

-- 
Antoine



Re: Tools for writers

2019-11-02 Thread Antoine Jacoutot
On Sat, Nov 02, 2019 at 03:04:34PM -0400, STeve Andre' wrote:
> 
> 
> On 2019-11-02 11:00, Oliver Leaver-Smith wrote:
> > Hello,
> > 
> > What tools do people find useful for writing on OpenBSD? By writing I mean 
> > long form such as novels and technical books, including plot and character 
> > development, outlining, and formatting for publishing (not all the same 
> > application necessarily)
> > 
> > I have found a number which boast Linux support, but not really anything 
> > that stands out which supports OpenBSD (aside from the obvious LaTeX et al.)
> > 
> > Mich appreciated
> > 
> >   ~ols
> > --
> > Oliver Leaver-Smith
> > +44(0)114-360-1337
> > TZ=Europe/London
> > 
> 
> /usr/bin/vi

You obviously never wrote a book.
At least not with the requirements OP asked for.

-- 
Antoine



Re: How can I remove sets installed by sysupgrade?

2019-09-17 Thread Antoine Jacoutot
On Tue, Sep 17, 2019 at 09:01:47AM +0100, cho...@jtan.com wrote:
> Marc Espie writes:
> > I'm a bit surprised nobody looked at instrumenting what sets are actually
> > installed on a machine during install/manual upgrade and cloning that 
> > into sysupgrade to avoid this kind of surprise...
> 
> I mentioned the possibility wrt. syspatch but it was rejected in favour
> of expecting users to run a default system or, in effect, become
> developers. Not a stance I entirely agree with but which nevertheless
> has its merits.

syspatch(8) tries to skip uninstalled sets.

-- 
Antoine



Re: Autostart of ssh-agent in root's .profile prevents startup

2019-07-05 Thread Antoine Jacoutot
On Fri, Jul 05, 2019 at 08:52:55AM +0200, Rosselur Rossen wrote:
> Hi!
> 
> I have the following added to root's .profile:
> 
> --snip--
>   env=~/.ssh/agent.env
>   agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }
>   agent_start () {
>   (umask 077; ssh-agent >| "$env")
>   . "$env" >| /dev/null ; }
>   agent_load_env
>   # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent
> not running
>   agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)
>   if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
>   agent_start
>   ssh-add
>   elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
>   ssh-add
>   fi
>   unset env
> --snip--
> 
> OpenBSD 6.4 amd64.
> When I reboot the machine, it asks for my id_rsa password during
> system startup, which prevents most services from starting. Eventually
> all the password prompts time out and I am able to log in on the
> console, but most services including sshd have failed to start.
> The desired behaviour would be for the id_rsa password prompt to
> appear only when I am actually interactively logging in, and not
> during system boot.
> Is there any way I could achieve this for the root account? What am I
> doing wrong (apart from interactively logging in as root, I am well
> aware)?

Hi.

Does this help?

Index: rc.subr
===
RCS file: /cvs/src/etc/rc.d/rc.subr,v
retrieving revision 1.131
diff -u -p -r1.131 rc.subr
--- rc.subr 21 Mar 2019 15:10:27 -  1.131
+++ rc.subr 5 Jul 2019 18:10:34 -
@@ -319,6 +319,6 @@ unset _rcflags _rcrtable _rcuser _rctime
 # the shell will strip the quotes from daemon_flags when starting a daemon;
 # make sure pexp matches the process (i.e. doesn't include the quotes)
 pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
-rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
+rcexec="env -i HOME=/tmp su -m -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
 [ "${daemon_rtable}" -eq "$(id -R)" ] ||
rcexec="route -T ${daemon_rtable} exec ${rcexec}"



-- 
Antoine



Re: Correct pexp variable for a shell script

2019-06-29 Thread Antoine Jacoutot
On Sat, Jun 22, 2019 at 02:14:12PM -0400, Jacob Adams wrote:
> 
> On 6/22/19 12:43 PM, Antoine Jacoutot wrote:
> > On Sat, Jun 22, 2019 at 10:42:39AM -0400, Jacob Adams wrote:
> >> On 6/22/19 7:05 AM, Antoine Jacoutot wrote:
> >>> On Fri, Jun 21, 2019 at 03:57:41PM -0400, Jacob Adams wrote:
> >>>> I've got a shell script I'd like to run as a system service. Due to the
> >>>> 16 character limitation on pgrep and the -x flag that rc.subr passes to
> >>>> check by default, I can't get check or stop to work correctly. The
> >>>> problem is that the process name looks like "/bin/sh
> >>>> /usr/local/bin/script.sh" which, even if passed to pgrep, won't match
> >>>> when -x is used.
> >>>>
> >>>> My rc.d script currently looks like this:
> >>>>
> >>> Hi.
> >>>
> >>> That should not be an issue, that's why pexp is used for.
> >>> But without more context it's hard to know how to help you.
> >>>
> >>> I can match sh scripts without issue:
> >>> $ pgrep -xf "/bin/sh /etc/gdm/Xsession /usr/local/bin/gnome-session"
> >>> 77289
> >>>
> >>> Are you sure your entire process line is "bin/sh /usr/local/bin/authmail"?
> >>> We don't run into the 16 chars  limitation when using -xf
> >>
> >> Here's what I was seeing that led me to that conclusion:
> >>
> >> rukey$ ps aux | grep authmail
> >> root 51889  0.0  0.1   724   568 p0- Ip    Fri12AM    0:00.01
> >> /bin/sh /usr/local/bin/authmail
> >> jacob    25510  0.0  0.2   272   892 p0  S+p   10:36AM    0:00.01 grep
> >> authmail
> >> rukey$ pgrep -f /bin/sh /usr/local/bin/authmail
> >> 51889
> >> rukey$ pgrep -xf /bin/sh /usr/local/bin/authmail
> >>
> >>
> >> However, I didn't think to quote it. that seems to fix it:
> >>
> >> rukey$ pgrep -xf "/bin/sh /usr/local/bin/authmail"
> >> 51889
> >>
> >> It appears that rc.subr uses quotes, but:
> >>
> >> rukey# pgrep -xf "/bin/sh /usr/local/bin/authmail"
> >> 51889
> >> rukey# rcctl check authmail
> >> authmail(failed)
> >> rukey#
> >>
> >> Any idea what could be going wrong here?
> > Dunno, run rcctl in debug mode.
> 
> 
> rukey# ps ux | grep authmail
> root 93772  0.0  0.2   272   892 p0  S+p    2:10PM    0:00.01 grep
> authmail
> rukey# rcctl -d start authmail
> doing _rc_parse_conf
> doing _rc_quirks
> authmail_flags empty, using default ><
> doing _rc_parse_conf /var/run/rc.d/authmail
> doing _rc_quirks
> doing rc_check
> authmail
> doing rc_start
> doing _rc_wait start
> doing rc_check
> doing rc_check

Can you share you /var/run/rc.d/authmail file please.

-- 
Antoine



Re: Correct pexp variable for a shell script

2019-06-22 Thread Antoine Jacoutot
On Sat, Jun 22, 2019 at 10:42:39AM -0400, Jacob Adams wrote:
> 
> On 6/22/19 7:05 AM, Antoine Jacoutot wrote:
> > On Fri, Jun 21, 2019 at 03:57:41PM -0400, Jacob Adams wrote:
> >> I've got a shell script I'd like to run as a system service. Due to the
> >> 16 character limitation on pgrep and the -x flag that rc.subr passes to
> >> check by default, I can't get check or stop to work correctly. The
> >> problem is that the process name looks like "/bin/sh
> >> /usr/local/bin/script.sh" which, even if passed to pgrep, won't match
> >> when -x is used.
> >>
> >> My rc.d script currently looks like this:
> >>
> > Hi.
> >
> > That should not be an issue, that's why pexp is used for.
> > But without more context it's hard to know how to help you.
> >
> > I can match sh scripts without issue:
> > $ pgrep -xf "/bin/sh /etc/gdm/Xsession /usr/local/bin/gnome-session"
> > 77289
> >
> > Are you sure your entire process line is "bin/sh /usr/local/bin/authmail"?
> > We don't run into the 16 chars  limitation when using -xf
> 
> 
> Here's what I was seeing that led me to that conclusion:
> 
> rukey$ ps aux | grep authmail
> root 51889  0.0  0.1   724   568 p0- Ip    Fri12AM    0:00.01
> /bin/sh /usr/local/bin/authmail
> jacob    25510  0.0  0.2   272   892 p0  S+p   10:36AM    0:00.01 grep
> authmail
> rukey$ pgrep -f /bin/sh /usr/local/bin/authmail
> 51889
> rukey$ pgrep -xf /bin/sh /usr/local/bin/authmail
> 
> 
> However, I didn't think to quote it. that seems to fix it:
> 
> rukey$ pgrep -xf "/bin/sh /usr/local/bin/authmail"
> 51889
> 
> It appears that rc.subr uses quotes, but:
> 
> rukey# pgrep -xf "/bin/sh /usr/local/bin/authmail"
> 51889
> rukey# rcctl check authmail
> authmail(failed)
> rukey#
> 
> Any idea what could be going wrong here?

Dunno, run rcctl in debug mode.

-- 
Antoine



Re: Correct pexp variable for a shell script

2019-06-22 Thread Antoine Jacoutot
On Fri, Jun 21, 2019 at 03:57:41PM -0400, Jacob Adams wrote:
> I've got a shell script I'd like to run as a system service. Due to the
> 16 character limitation on pgrep and the -x flag that rc.subr passes to
> check by default, I can't get check or stop to work correctly. The
> problem is that the process name looks like "/bin/sh
> /usr/local/bin/script.sh" which, even if passed to pgrep, won't match
> when -x is used.
> 
> My rc.d script currently looks like this:
> 

Hi.

That should not be an issue, that's why pexp is used for.
But without more context it's hard to know how to help you.

I can match sh scripts without issue:
$ pgrep -xf "/bin/sh /etc/gdm/Xsession /usr/local/bin/gnome-session"
77289

Are you sure your entire process line is "bin/sh /usr/local/bin/authmail"?
We don't run into the 16 chars  limitation when using -xf


> #!/bin/ksh
> 
> AUTHMAIL="/usr/local/bin/authmail"
> daemon=${AUTHMAIL}
> daemon_timeout=1
> 
> . /etc/rc.d/rc.subr
> 
> rc_reload=NO
> rc_bg=YES
> pexp="/bin/sh ${AUTHMAIL}"
> 
> rc_cmd $1
> 
> Do I have any other options, or do I just need to override rc_check to
> remove -x?
> 
> 

-- 
Antoine



Re: Duplicity & /etc/daily.local

2019-05-21 Thread Antoine Jacoutot
On Mon, May 20, 2019 at 11:50:13PM +0200, Noth wrote:
> Hi misc@,
> 
> 
>   I'm trying to run daily backups to a sftp server for various VMs and
> devices on my network, and want to use /etc/daily.local for this. I'm
> calling this script from the daily.local file:
> 
> env 'GNUPG="/usr/local/bin/gpg" PASSPHRASE="mypassword"'
> /root/duplicity-hostname.sh
> 
> but unfortunately duplicity can't find gnupg and errors out with this error
> message:
> 
> Traceback (innermost last):
>   File "/usr/local/bin/duplicity", line 1562, in 
> with_tempdir(main)
>   File "/usr/local/bin/duplicity", line 1548, in with_tempdir
> fn()
>   File "/usr/local/bin/duplicity", line 1387, in main
> action = commandline.ProcessCommandLine(sys.argv[1:])
>   File "/usr/local/lib/python2.7/site-packages/duplicity/commandline.py", 
> line 1088, in ProcessCommandLine
> globals.gpg_profile = gpg.GPGProfile()
>   File "/usr/local/lib/python2.7/site-packages/duplicity/gpg.py", line 92, in 
> __init__
> self.gpg_version = self.get_gpg_version(globals.gpg_binary)
>   File "/usr/local/lib/python2.7/site-packages/duplicity/gpg.py", line 107, 
> in get_gpg_version
> res = gnupg.run(["--version"], create_fhs=["stdout"])
>   File "/usr/local/lib/python2.7/site-packages/duplicity/gpginterface.py", 
> line 374, in run
> create_fhs, attach_fhs)
>   File "/usr/local/lib/python2.7/site-packages/duplicity/gpginterface.py", 
> line 423, in _attach_fork_exec
> self._as_child(process, gnupg_commands, args)
>   File "/usr/local/lib/python2.7/site-packages/duplicity/gpginterface.py", 
> line 462, in _as_child
> os.execvp(command[0], command)
>   File "/usr/local/lib/python2.7/os.py", line 346, in execvp
> _execvpe(file, args)
>   File "/usr/local/lib/python2.7/os.py", line 382, in _execvpe
> func(fullname, *argrest)
>  OSError: [Errno 2] No such file or directory
> 
> GPGError: failed to determine gnupg version of None from
> 
> 
> duplicity-hostname.sh content:
> 
> #!/bin/ksh
> PASSPHRASE=mypassword
> /usr/local/bin/duplicity incremental /var sftp://user@backuphost:/hostname/var
> /usr/local/bin/duplicity incremental /etc sftp://user@backuphost:/hostname/etc
> /usr/local/bin/duplicity incremental /root 
> sftp://user@backuphost:/hostname/root
> 
> Can daily.local even handle this or is the environment too limited?

daily.local is run by cron which sets:
PATH=/bin:/sbin:/usr/bin:/usr/sbin

Try setting this in your script:
PATH=${PATH}:/usr/local/bin

-- 
Antoine



Re: When will be created a great desktop experience for OpenBSD?

2019-05-13 Thread Antoine Jacoutot
On Mon, May 13, 2019 at 02:04:13PM -0400, Nathan Hartman wrote:
> On Mon, May 13, 2019 at 1:26 PM Steve Litt 
> wrote:
> 
> > As I travel this earth I continue to be amazed at peoples' fascination
> > with tiny fonts. Perhaps that's to pack more stuff on the screen. But
> > then they go on to make the text low contrast in the name of "pretty",
> > thereby locking out those who can't correct to 20/20. And just to rub
> > salt in the wounds, they always make their tiny black background
> > terminals transparent, so random noise can confuse further.
> >
> > SteveT
> 
> 
> I am similarly amazed.
> 
> User interfaces have gotten progressively
> worse over the last 15 years and the trend
> continues.

Nowadays, computer interfaces are designed for people who don't know nor care
about computers.
Different times...

-- 
Antoine



Re: ulpt vs kernel relinking

2019-05-10 Thread Antoine Jacoutot
On Thu, May 09, 2019 at 11:41:17PM -0600, Theo de Raadt wrote:
> config -e is incompatible with the KARL relinking sequence.
> 
> For now, we consider KARL more valuable than config -e usage
> patterns.
> 
> We've thought about this but for now we don't have a clever
> solution to solve this.

Usual disclaimer, you're on your own etc...
You can probably do something like this in /etc/rc.shutdown:

printf 'disable ulpt\nq\n' | config -ef /bsd
sha256 /bsd >/var/db/kernel.SHA256


> Thuban  wrote:
> 
> > Hi,
> > I have a printer that require ulpt to be disabled
> > as mentionned in /usr/local/share/doc/pkg-readmes/cups. And it works.
> > 
> > # config -fe /bsd
> > disable ulpt
> > quit
> > 
> > After a reboot, I can notice : 
> > 
> > reorder_kernel: kernel relinking failed; see 
> > /usr/share/relink/kernel/GENERIC.MP/relink.log
> > 
> > Ok, so I run, as mentioned in the above file : 
> > 
> > sha256 -h /var/db/kernel.SHA256 /bsd
> > 
> > However, at next reboot, ulpt is reenabled.
> > 
> > How can I still have KARL and use my printer ?
> > 
> > 
> > -- 
> > thuban
> > 
> 

-- 
Antoine



Re: Leveldb in 6.4

2019-03-21 Thread Antoine Jacoutot
On Thu, Mar 21, 2019 at 03:54:25PM +0100, Flipchan wrote:
> Hey all,
> 
> Has anyone been able to install leveldb on 6.4 with header files ?
> 
> 
> i have installed it with pkg_add
> # pkg_info -Q leveldb
> leveldb-1.20 (installed)
> 
> but it will not include:
> 
>  fatal error: 'leveldb/db.h' file not found
>  #include "leveldb/db.h"
> ^~
>  7 warnings and 1 error generated.
>  error: command 'cc' failed with exit status 1

You probably need to pass CPPFLAGS (-I/usr/local/include) to your build.

-- 
Antoine



Re: cannot install iozone

2019-03-15 Thread Antoine Jacoutot
On Fri, Mar 15, 2019 at 09:17:32AM +0300, Максим wrote:
> Hello.
> I cannot install iozone though it is shown using command pkglocate
> $ pkglocate iozone
> iozone-3.465:benchmarks/iozone:/usr/local/bin/iozone
> iozone-3.465:benchmarks/iozone:/usr/local/man/man1/iozone.1
> 
> $ pkg_info -Q iozone
> shows nothing
> 
> $ doas pkg_add -i iozone
> quirks-3.107 signed on 2019-03-14T12:02:09Z
> Can't find iozone
> 
> I don't understand what wrong with that package is.
> OpenBSD 6.5 GENERIC.MP#758 amd64

$ cd /usr/ports/benchmarks/iozone/ && make show=PERMIT_PACKAGE_FTP
incomplete/bad license

-- 
Antoine



Re: french amd64 snapshot packages mirrors not synced

2019-02-17 Thread Antoine Jacoutot
On Sun, Feb 17, 2019 at 07:52:12AM +0100, Fred. GALUSIK wrote:
> Hi,
> 
> In case nobody noticed, french mirrors are stucked on January, the 31.
> 
> http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/
> http://ftp2.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/
> 
> While many have synced a couple of times since. Last one is on February, the
> 15 :
> https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/
> https://ftp.spline.de/pub/OpenBSD/snapshots/packages/amd64/

Thanks, syncing should resume soon.
This was due to a stuck job that filled the disk.

-- 
Antoine



Re: Keepassx without gtk

2019-02-04 Thread Antoine Jacoutot
On Mon, Feb 04, 2019 at 03:04:14PM +0300, Isimsiz wrote:
> Thank you for ur reply!
> I have gtk-update-icon-cache already installed  ( for feh ) but keepassx 
> installation keep
> installing gtk+ :

That comes from qt4, not keepassx.
qr4 -> gstreamer-plugins-base -> gvfs -> gcr -> gtk+3


> # pkg_add -n keepassx
> quirks-3.88 signed on 2019-01-31T11:46:10Z
> keepassx-2.0.3p5:libgpg-error-1.35: ok
> keepassx-2.0.3p5:libgcrypt-1.8.4p0: ok
> keepassx-2.0.3p5:icu4c-63.1: ok
> keepassx-2.0.3p5:libogg-1.3.3: ok
> keepassx-2.0.3p5:libvorbis-1.3.6: ok
> keepassx-2.0.3p5:iso-codes-3.77p1: ok
> keepassx-2.0.3p5:orc-0.4.24p0: ok
> keepassx-2.0.3p5:graphite2-1.3.13: ok
> keepassx-2.0.3p5:cairo-1.16.0: ok
> keepassx-2.0.3p5:harfbuzz-2.3.0: ok
> keepassx-2.0.3p5:fribidi-1.0.5: ok
> keepassx-2.0.3p5:pango-1.42.4p0: ok
> keepassx-2.0.3p5:cdparanoia-3.a9.8p3: ok
> keepassx-2.0.3p5:gstreamer-0.10.36p12: ok
> keepassx-2.0.3p5:libtheora-1.1.1p3: ok
> keepassx-2.0.3p5:dbus-1.12.12v0: ok
> keepassx-2.0.3p5:dbus-daemon-launch-helper-1.12.12: ok
> keepassx-2.0.3p5:libdaemon-0.14p1: ok
> keepassx-2.0.3p5:gdbm-1.16: ok
> keepassx-2.0.3p5:avahi-0.7p5: ok
> keepassx-2.0.3p5:dconf-0.30.1p0: ok
> keepassx-2.0.3p5:gsettings-desktop-schemas-3.28.1: ok
> keepassx-2.0.3p5:libproxy-0.4.15p1: ok
> keepassx-2.0.3p5:libunbound-1.8.3: ok
> keepassx-2.0.3p5:gmp-6.1.2p3: ok
> keepassx-2.0.3p5:libnettle-3.4.1p0: ok
> keepassx-2.0.3p5:libtasn1-4.13p0: ok
> keepassx-2.0.3p5:p11-kit-0.23.2p1: ok
> keepassx-2.0.3p5:gnutls-3.6.6: ok
> keepassx-2.0.3p5:glib2-networking-2.58.0: ok
> keepassx-2.0.3p5:libpsl-0.20.2: ok
> keepassx-2.0.3p5:libsoup-2.64.2: ok
> keepassx-2.0.3p5:libassuan-2.5.1p0: ok
> keepassx-2.0.3p5:libsecret-0.18.7: ok
> keepassx-2.0.3p5:pinentry-1.1.0p0: ok
> keepassx-2.0.3p5:libusb1-1.0.21p1: ok
> keepassx-2.0.3p5:npth-1.6: ok
> keepassx-2.0.3p5:libksba-1.3.5p1: ok
> keepassx-2.0.3p5:gnupg-2.2.12: ok
> keepassx-2.0.3p5:libcroco-0.6.12: ok
> keepassx-2.0.3p5:librsvg-2.44.12: ok
> keepassx-2.0.3p5:adwaita-icon-theme-3.30.1: ok
> keepassx-2.0.3p5:atk-2.30.0: ok
> keepassx-2.0.3p5:at-spi2-core-2.30.0: ok
> keepassx-2.0.3p5:at-spi2-atk-2.30.0: ok
> keepassx-2.0.3p5:gtk+3-3.24.4: ok
> keepassx-2.0.3p5:gcr-3.28.1: ok
> keepassx-2.0.3p5:zstd-1.3.8: ok
> keepassx-2.0.3p5:libarchive-3.3.3: ok
> keepassx-2.0.3p5:gvfs-1.38.1p0: ok
> keepassx-2.0.3p5:gstreamer-plugins-base-0.10.36p19: ok
> keepassx-2.0.3p5:lcms-1.19: ok
> keepassx-2.0.3p5:libmng-1.0.10p3: ok
> keepassx-2.0.3p5:qt4-4.8.7p18: ok
> keepassx-2.0.3p5: ok
> Running tags: ok
> The following new rcscripts were installed: /etc/rc.d/avahi_daemon 
> /etc/rc.d/avahi_dnsconfd /
> etc/rc.d/messagebus
> See rcctl(8) for details.
> New and changed readme(s):
>         /usr/local/share/doc/pkg-readmes/avahi
>         /usr/local/share/doc/pkg-readmes/dbus
>         /usr/local/share/doc/pkg-readmes/gnupg
>         /usr/local/share/doc/pkg-readmes/gtk+3
> 
> Maybe i do something wrong, can u please put things on the right path
> 
> пн, 4 февр. 2019 г. в 14:41, Antoine Jacoutot :
> 
> On Mon, Feb 04, 2019 at 02:39:28PM +0300, Isimsiz wrote:
> > Good day, sirs
> > Is it possible to install keepassx without gtk+?
> > For some reason keepassx depends on qt4 and gtk+3
> > I use packages. Maybe i need to compile to exclude gtk support or its
> > impossible at all?
> 
> I doesn't depend on gtk+.
> I only RUN_DEPENDS on x11/gtk+3,-guic which is gtk-update-icon-cache 
> (which
> doesn't depend on anything).
> 
> --
> Antoine
> 

-- 
Antoine



Re: Keepassx without gtk

2019-02-04 Thread Antoine Jacoutot
On Mon, Feb 04, 2019 at 02:39:28PM +0300, Isimsiz wrote:
> Good day, sirs
> Is it possible to install keepassx without gtk+?
> For some reason keepassx depends on qt4 and gtk+3
> I use packages. Maybe i need to compile to exclude gtk support or its
> impossible at all?

I doesn't depend on gtk+.
I only RUN_DEPENDS on x11/gtk+3,-guic which is gtk-update-icon-cache (which
doesn't depend on anything).

-- 
Antoine



Re: Are there real mountpoints for gvfs/gio shares ?

2019-01-03 Thread Antoine Jacoutot
On Thu, Jan 03, 2019 at 02:22:53PM +0100, Joel Carnat wrote:
> Hi,
> 
> I was looking at mounting CIFS shares.
> OpenBSD is the "client" machine.
> CIFS a published by a remote NAS.
> 
> Using XFCE and Thunar, everything works well.
> But when I try to access the mountpoints from the console, I just can't find
> them.
> 
> Things like "gio mount smb://", "gio mount -l" and "gio copy" work well.
> 
> I read there should be stuff in ~/.gvfs or /run/user/ on Linux.
> But couldn't find anything mounted on such directories on OpenBSD.
> 
> Is there a way to access the gvfs shares using regular console tools (other
> than gio) ?

Hi.

I doesn't work on OpenBSD because it requires fuse(4) and the ability for
regular users to mount a filesystem which is a privileged operation.

-- 
Antoine



Re: Persistent flags for disabled daemons?

2018-11-04 Thread Antoine Jacoutot
On Sun, Nov 04, 2018 at 03:57:30AM +0100, Klemens Nanni wrote:
> On Sun, Nov 04, 2018 at 12:41:17AM +, John Long wrote:
> > If I use rcctl set to set minidlna's flags to -R it seems it will only
> > allow me to do it when minidlna is enabled. I would like the flags to
> > survive disablement because I don't want to start the minidlna server
> > every time the box comes up.
> Settings flags for disabled daemons is not possible as rcctl tells you.
> 
> Keeping flags when disabling daemons with rcctl is currently not
> possible.  The only way to do so is by commenting the rc.conf.local line
> manually.

Note that it would be easy for rcctl to save the flags (basically only remove
minidlna from the pkg_scripts variable). But that would make the behavior
inconsistent with how base rc.d scripts behave. When you disable a base script,
you must remove the foo_flags from rc.conf.local (and can't retain the flags).
I prefer to have a consistent behavior, this is why rcctl works this way.

-- 
Antoine



Re: How to make the cwm window manager reread new config

2018-09-15 Thread Antoine Jacoutot
On Sat, Sep 15, 2018 at 08:41:52PM +0300, Родин Максим wrote:
> Hello,
> May be a silly question,
> how can I make the cwm window manager reread its config file
> without loosing my working session?

>From cwmrc(5):
BIND FUNCTION LIST
 restart  Restart the running cwm(1).

And from cwm(1):
 cwm rereads its configuration file when it receives a hangup signal,
 SIGHUP, by executing itself with the name and arguments with which it was
 started.  This is equivalent to the restart function.

-- 
Antoine



Re: Add $daemon_nice to rc.subr

2018-09-04 Thread Antoine Jacoutot
On Tue, Sep 04, 2018 at 10:53:17AM +0200, Thomas de Grivel wrote:
> why ? well all interactive process get a quarter range nice priority
> advance compared to all daemon tasks, at least for a laptop
> environment it really makes sense. sndiod and ntpd are unaffected by
> this change.
> 
> you're right to criticize in that I did not document my code, the
> point of this new variable is that an amendment to daemon priority is
> no more than putting one line in /etc/rc.conf.local eg.
> sshd_nice=1
> 
> or in the rc.d/ file
> daemon_nice=whatever
> 
> why, because it is a whole lot more readable and usable than
> inheriting a whole new login class just to change one parameter, but
> if you don't like it nobody foces you huh ?

You're not inheriting a whole new login class, you're just modifying the daemon
one and give it a new name.
Feel free to keep your diff locally, I don't see any value in integrating it.


> Le mar. 4 sept. 2018 à 07:57, Alexandre Ratchov  a écrit :
> >
> > On Tue, Sep 04, 2018 at 04:58:53AM +0200, Thomas de Grivel wrote:
> > >
> > > And I still feel the default nice priority of 10 is rather a good
> > > idea.
> >
> > why?
> 
> 
> 
> -- 
>  Thomas de Grivel
>  http://b.lowh.net/billitch/
> 

-- 
Antoine



Re: OpenBSD 6.2 (up2date with syspatch) - HANGING

2017-12-22 Thread Antoine Jacoutot
On Thu, Dec 21, 2017 at 10:33:23PM +, Maxim Bourmistrov wrote:
> 
> 6.2-stable is NOT STABLE.
> Backport, backport,backport.
> 
> 6.2-stable is a beta release. 
> This is what its IS.
> 
> 5.9 vs. 6.2 - last one is a major downwards.
> I know a lot of stuff done in tcp/ip stack and this is a good job (abt time 
> to ack SMP), but
> Keep those changes in beta, don’t tell ”we have rel and stable here. Eat it”.

Can you keep your rant on the kindergarten mailing list and not tech@. There's a
reason misc@ exists, it's so that people like you can vomit whatever / wherever
while keeping us out of the loop.

-- 
Antoine



Re: Problems with fetchmail, trying to run on boot as a user also trying to control with rcctl

2017-11-17 Thread Antoine Jacoutot
On Fri, Nov 17, 2017 at 12:53:07PM +, Eike Lantzsch wrote:
> Hello to all,
> I have running unbound, nsd with MX record, smtpd and dovecot on this box.
> So far with good success.
> The mailserver is not meant to go public.
> I use to download mail from my mailproviders by means of fetchmail which I 
> start on boot in daemon mode as root.
> 
> I don't want that. I want to start it on boot in daemon mode *as a user*. 
> 
> 1) I would like to be able to control fetchmail by means of rcctl no matter 
> if 
> run as a user or as root if that's at all possible. I can't manage to make 
> either work.
> 
> 2) I can start fetchmail on boot in daemon mode as root, but I have problems 
> starting fetchmail as a daemon and *as a user* on boot. I did not manage to 
> figure that out.
> 
> Reason: fetchmail is started alright by rc.local as root - but to do that is 
> "discouraged" for obvious security reasons.
> like in /etc/rc.local:
> /usr/local/bin/fetchmail -f /etc/fetchmailrc -d 600 --syslog
> fetchmail is started and does its job.
> 
> I like to do it the "OpenBSD-way" but for the life of me I cannot figure out 
> how to do that.
> 
> fetchmail also works OK if started manually from the shell of localuser, 
> provided /etc/fetchmailrc is owned by that user.
> 
> I read the paper on rc.d by Antoine Jacoutot:
> https://www.bsdfrog.org/pub/events/openbsd-rcd-AsiaBSDCon2016-paper.pdf
> As I understand 'rcctl start daemon' actually does
> su -l -c daemon -s /bin/sh root -c \
> "/path/to/daemon –flags"
> Does that mean that my efforts to try to start fetchmail (or any daemon) as a 
> user are in vain?
> 
> How else could I do that maybe while forsaking the possibility to control 
> fetchmail by rcctl?
> 
> What I tried so far:
> 
> added user _fetchmail with nologin
> useradd -m -c "fetchmail daemon" -d /var/fetchmail -g =uid -s /sbin/nologin 
> _fetchmail
> 
> /etc/rc.d/fetchmail:
> #!/bin/sh
> #
> # $OpenBSD: fetchmail 2017/11/16 08:12:29 localuser Exp $
> #
> daemon="/usr/local/bin/fetchmail"
> . /etc/rc.d/rc.subr
> rc_cmd $1
> 
> 
> /etc/rc.conf.local:
> dhcpd_flags="em1"
> dovecot=
> fetchmail_flags="-f /etc/fetchmailrc -d 600 --syslog"
> fetchmail_user="_fetchmail"
> inetd_flags=
> mountd_flags=
> newsyslog=
> nfsd_flags=
> nmbd_flags="-D"
> nsd_flags=
> pkg_scripts="dovecot fetchmail fetchnews arpwatch"
> portmap_flags=
> sensorsd_flags=
> smbd_flags="-D"
> unbound_flags=
> 
> 
> /etc/fetchmailrc:
> poll pop.somemailprovider.net protocol POP3 user "someuser@somemailserver" 
> password "XX" \
> is "localuser" here fetchall ssl
> poll pop.somemailprovider.net protocol POP3 user 
> "someotheruser@somemailserver" \
> password "XX"  is "localuser" here fetchall ssl
> poll pop.somemailprovider.net protocol POP3 user 
> "somemoreuser@somemailserver" 
> \
> password "XXX" is "localuser" here fetchall ssl
> poll pop.gmail.com protocol POP3 user "someuse...@gmail.com" password 
> "XX" \
> is "localuser" here fetchall ssl
> set postmaster localu...@localdomain.com.py
> 
> 
> I tried with doas -u localuser
> but fetchmail is not started.
> # rcctl enable fetchmail
> # rcctl check fetchmail
> fetchmail(failed)

Did you actually start it before running 'check' ?
i.e. rcctl start fetchmail
To run rc.d in debug mode:
rcctl -d start fetchmail


> and tried also with su localuser, but I gues that the latter can't work 
> because the user _fetchmail has no shell.
> 
> I ask myself if it would be better to run fetchmail as a progam by cron?
> adding it into /etc/crontab which allows to set the user.
> 
> Sincerly
> Eike
> 
> 
> dmesg:
> OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017
> r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
> GENERIC.MP
> real mem = 4261072896 (4063MB)
> avail mem = 4124913664 (3933MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
> bios0: vendor coreboot version "88a4f96" date 03/07/2016
> bios0: PC Engines apu2
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S2 S3 S4 S5
> acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
> acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) 
> UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat

Re: Bug in rc.d/ifstated ?

2017-11-11 Thread Antoine Jacoutot
On Sat, Nov 11, 2017 at 07:09:13PM +, Christer Solskogen wrote:
> If ifstated.conf have a error this will happen:
> 
> # ifstated
> -d
> 
> /etc/ifstated.conf:35: syntax error
> /etc/ifstated.conf:38: syntax error
> error: state 'fw_slave' not declared
> error: state 'fw_slave' not declared
> unable to load config
> 
> But with the same config:
> # /etc/rc.d/ifstated
> start
> 
> ifstated(ok)
> # echo $?
> 0
> I would expect that it would say something like this, like other daemons do.
> ifstated(failed)

Yes, that's an known issue with several privsep daemons in OpenBSD...
Maybe we could add an rc_pre function like this:

# child will not return a config parsing error to the parent
rc_pre() {
${daemon} -n ${daemon_flags}
}

-- 
Antoine



Re: cyrus imapd in 6.2 ports

2017-10-19 Thread Antoine Jacoutot
On Thu, Oct 19, 2017 at 04:15:43PM +, Peter J. Philipp wrote:
> Hi!
> 
> Thanks, I won't lie.  I did look at that page, but I was in a panic and
> didn't look at it carefully enough.  I did run the commands to lint the
> config files but there was no output.  But I should have been trying to
> convert my databases from berkeley db but I realise now they aren't even
> in bdb format:
> 
> mercury$ for i in *.db; do hexdump -C $i | head -1; done
>   a1 02 8b 0d 74 77 6f 73  6b 69 70 20 66 69 6c 65  |twoskip
> file|
>   a1 02 8b 0d 74 77 6f 73  6b 69 70 20 66 69 6c 65  |twoskip
> file|
>   a1 02 8b 0d 74 77 6f 73  6b 69 70 20 66 69 6c 65  |twoskip
> file|
>   a1 02 8b 0d 74 77 6f 73  6b 69 70 20 66 69 6c 65  |twoskip
> file|
>   a1 02 8b 0d 74 77 6f 73  6b 69 70 20 66 69 6c 65  |twoskip
> file|
> 
> What I'm going to do what I had planned, was, to copy my imap stuff over
> to another computer and upgrade that in all peace and taking my time. 
> Then perhaps I can go back to the major version 3.
> 
> What I foolishly did was I did a pkg_add -u and expected everything to
> still function without informing myself earlier.
> 
> Thanks Antoine for the link again,

No problem.
Keep me posted :-)



> 
> -peter
> 
> 
> On 10/19/17 17:55, Antoine Jacoutot wrote:
> > On Mon, Oct 16, 2017 at 12:27:59PM +, Peter J. Philipp wrote:
> >> Hi,
> >>
> >> I got these messages with the new 6.2 cyrus imapd:
> >>
> >> Oct 14 11:03:26 mercury imaps[55561]: client id sessionid=:
> >> "name" "Thunderbird" "version" "52.2.1"
> >> Oct 14 11:03:26 mercury imaps[55561]: Fatal error: Internal error:
> >> assertion failed: imap/message.c: 4286: !message_need(m, M_RECORD)
> >> Oct 14 11:03:26 mercury master[70566]: process type:SERVICE name:imaps
> >> path:/usr/local/cyrus/libexec/imapd age:0.542s pid:55561 exited, status 75
> >>
> >>
> >> I didnt know what to do with this, so I ran "reconstruct -O -V max" as
> >> _cyrus user, but that had the same failure in an assert failure.
> >>
> >> So I decided to downgrade after upgrading to a new version wasn't
> >> possible.  I put the 6.1 /usr/ports/mail/cyrus_imapd in the 6.2 tree
> >> (after backign up the 6.2 cyrus_imapd) and made install after
> >> pkg_delete'ing the 6.2 cyrus_imapd.  It worked I, I made sure that that
> >> I ran the reconstruct again and it did mention there was a diff version
> >> and probably fixed it.  Either way I have my important mail running
> >> again and wanted to share.
> >>
> >> If I want to go back to cyrus imapd version 3.x.x what should I look
> >> for?  or wait for?
> >>
> >> If anyone has had the same problems perhaps they took greater care than
> >> me to get this going otherwise the downgrade seems to have worked for me.
> > Hi.
> >
> > I can't reproduce the issue.
> > Did you properly convert your old DBs in case they were of type Berkeley?
> > https://cyrusimap.org/imap/download/upgrade.html
> >
> 

-- 
Antoine



Re: cyrus imapd in 6.2 ports

2017-10-19 Thread Antoine Jacoutot
On Mon, Oct 16, 2017 at 12:27:59PM +, Peter J. Philipp wrote:
> Hi,
> 
> I got these messages with the new 6.2 cyrus imapd:
> 
> Oct 14 11:03:26 mercury imaps[55561]: client id sessionid=:
> "name" "Thunderbird" "version" "52.2.1"
> Oct 14 11:03:26 mercury imaps[55561]: Fatal error: Internal error:
> assertion failed: imap/message.c: 4286: !message_need(m, M_RECORD)
> Oct 14 11:03:26 mercury master[70566]: process type:SERVICE name:imaps
> path:/usr/local/cyrus/libexec/imapd age:0.542s pid:55561 exited, status 75
> 
> 
> I didnt know what to do with this, so I ran "reconstruct -O -V max" as
> _cyrus user, but that had the same failure in an assert failure.
> 
> So I decided to downgrade after upgrading to a new version wasn't
> possible.  I put the 6.1 /usr/ports/mail/cyrus_imapd in the 6.2 tree
> (after backign up the 6.2 cyrus_imapd) and made install after
> pkg_delete'ing the 6.2 cyrus_imapd.  It worked I, I made sure that that
> I ran the reconstruct again and it did mention there was a diff version
> and probably fixed it.  Either way I have my important mail running
> again and wanted to share.
> 
> If I want to go back to cyrus imapd version 3.x.x what should I look
> for?  or wait for?
> 
> If anyone has had the same problems perhaps they took greater care than
> me to get this going otherwise the downgrade seems to have worked for me.

Hi.

I can't reproduce the issue.
Did you properly convert your old DBs in case they were of type Berkeley?
https://cyrusimap.org/imap/download/upgrade.html

-- 
Antoine



Re: pkg_add ignores -m

2017-10-09 Thread Antoine Jacoutot
On Mon, Oct 09, 2017 at 11:53:31AM +, Luke Small wrote:
> Using the -m flag it still gets warnings from pulseaudio and redis that I
> didn't use the -m flag

The warning about not using `-m' actually comes from useradd. It is just telling
you that useradd will not create a new home directory for the new user. Since
the package will actually take care of creating that homedir by itself, you can
safely ignore that warning.

-- 
Antoine



Re: Gnome3 : can not connect to my session

2017-09-05 Thread Antoine Jacoutot
On Tue, Sep 05, 2017 at 06:40:00PM +0200, Stephane HUC "PengouinBSD" wrote:
> Ok. How explain you?
> 
> Before, installing, testing and using Gnome3.
> I run my station without any problem, with Xfce and xenodm.
> 
> My layout keyboard is french since install OpenBSD.
> And my complicated pass is typed in FR, and run correctly.
> 
> The problem is with GDM, despite the locale.conf and session gnome seted.

On GNOME, kbd locale support is handled by... systemd.

It is documented in the package by the way.
Extract from /usr/local/share/doc/pkg-readmes/gnome-3.*:
It is *not* possible to change the GDM greeter keyboard input layout due to the
lack of systemd-localed support on OpenBSD.

-- 
Antoine



Re: binary updates on stable?

2017-09-01 Thread Antoine Jacoutot
On Fri, Sep 01, 2017 at 12:01:42PM +0300, G wrote:
> A couple of months ago i have read this
> 
> https://www.bsdfrog.org/pub/events/my_bsd_sucks_less_than_yours-AsiaBSDCon2017-paper.pdf
> 
> are there any new developments for packages binary updates?

Yes, see: https://man.openbsd.org/syspatch

-- 
Antoine



Re: syspatch question

2017-08-08 Thread Antoine Jacoutot
On August 8, 2017 12:28:46 PM GMT+02:00, Igor Falcomata'  
wrote:
>On Thu, Aug 31, 2017 at 13:56:13, Marko Cupa?? wrote:
>
>>...but the problem I am facing is that syspatch -l shows installed
>>patches up to 013:
>
>I got the same problem; after a quick investigation i found that
>syspatch will
>silently fail if TMPDIR is defined and isn't /tmp (i suspect is related
>to the
>ftp part, because it quits just after the CWD, but i haven't
>investigated more
>deeply):
>
>CWD pub/OpenBSD/syspatch/6.1/amd64
>250 CWD command successful
>QUIT
>
>This way should work:
># TMPDIR=/tmp syspatch -c
>
>ciao,
>I.

I'll have a look at it thanks.
-- 
Antoine

Re: syspatch glitch

2017-07-17 Thread Antoine Jacoutot
On Mon, Jul 17, 2017 at 12:04:19PM +0200, Raimo Niskanen wrote:
> It seems syspatch looks at the current machine capabilities instead of
> which kernel is running when it decides on if /bsd is /bsd.sp or /bsd.mp.

Hi.

> I tried to install OpenBSD 6.1 to a USB connected CF card that later will
> run in an alix2d13 that has got one core, but I did the installation from
> a laptop with two cores.  Both i386.
> 
> Then I moved /bsd to /bsd.mp and /bsd.sp to /bsd since the installer had
> detected that the install machine should run /bsd.mp.
> 
> After that I ran syspatch, still on the laptop, and it failed on patch 002
> with as I remember tar complaining on not being able to find /bsd.sp.

I you run syspatch on the laptop then what you call the running kernel is the
one that booted (i.e. the one on the laptop). That's perfectly normal and as
you saw this is what the installer does as well.

> installation, and after that it seems both /bsd (.mp) and /bsd.sp are
> patched, so I can hopefully change the kernels just before putting the CF
> card in the Alix instead, so no harm done.
> 
> But is it by design that syspatch looks at the running machine instead of
> the running kernel?  I would have expected it the other way around...

Why would you expect that?
The installation was done on an MP system. The running machine and running
kernel as the same in your setup.

What you want to do instead is run syspatch from rc.firstime on your Alix.
Kernel handling is tricky because we need to handle 2 different kernels and
kernel is usually the thing people like to fuck with...

-- 
Antoine



Re: HPLIP HP Laserjet Pro MFP M130fn PPD Plugin installation fails

2017-06-25 Thread Antoine Jacoutot
On Sat, Jun 24, 2017 at 11:49:40AM -0500, rehcla wrote:
> Hi Antoine,
> 
> I can confirm that the Plugin installation works now for me:
> 
> cd plugin_tmp/   
> /local/bin/python2.7 plugin_install.py   
> 
> 
> Do you accept the license terms for the plug-in (y=yes*, n=no, q=quit) ? y
> sh: lsb_release: not found
>  
> Done.
> 
> 
> But I still cant get the printer to work!
> The good news it that scanning works now, but if I try to print I get an 
> error about the missing plugin.
> 
> So here is what I did:
> 
> - Installing hplip / hplip-gui and  gtk+2-cups / gtk+3-cups
> - doing the plugin installation shown above
> 
> When I try to print a testpage hplip-systray says: required plugin not found!
> 
> I did copy HP_LaserJet_MFP_M129-M134.ppd from  /etc/cups/ppd/ to 
> /usr/local/share/foomatic/db/source/PPD/HP/ 
> (cause the gui setup is looking there), but no effect!
> 
> What am I missing?

Honestly, I don't know.
Without direct access to the hardware, it's kind of hard for me to help any
further. That specific printer maight not even be able to work on OpenBSD...
The workaround and associated doc I made in the pkg-readme are theoretical
because I don't have a printer that requires a plugin to be able to function
properly. I've been told in the past that it worked (on some printers at least)
but maybe not all?

Sorry but I am afraid you are on you own on this one.
If you find a way to make it work, please do share it and I'll add the required
steps in the the pkg-readme.

Thanks...

> 15.06.2017, 09:41, "Antoine Jacoutot" <ajacou...@bsdfrog.org>:
> > On Sun, Jun 04, 2017 at 07:09:19PM +0200, Reheis Claus wrote:
> >>  Hi all,
> >>
> >>  Recently I acquired an HP Laserjet Pro MFP M130fn and I would like to
> >>  use it with my OpenBSD Deskop...
> >>  As it is supported since hplip 3.17 I have to use OpenBSD Current.
> >>  I managed to get until the plugin installation, but now I am stuck at
> >>  the point:
> >>
> >>  /usr/local/bin/python2.7 plugin_install.py
> >>
> >>  License blablabla
> >>
> >>  Do you accept the license terms for the plug-in (y=yes*, n=no, q=quit) ? y
> >>  sh: lsb_release: not found
> >>  Plugin installation failed
> >>  error: Plugin installation failed
> >>
> >>  Any advice? thx
> >
> > Hi.
> >
> > Thanks for the report.
> > FWIW I just fixed it in current.
> >
> > --
> > Antoine
> 

-- 
Antoine



Re: bug tracking system for OpenBSD

2017-06-19 Thread Antoine Jacoutot
On Mon, Jun 19, 2017 at 07:26:14PM +0200, Ingo Schwarze wrote:
> Hi,
> 
> Harald Dunkel wrote on Mon, Jun 19, 2017 at 06:51:24PM +0200:
> 
> > would it be possible to establish a real bug tracking system
> > for OpenBSD?
> 
> There is exactly one reason it hasn't happened yet:
> 
> No developer has been able and willing to invest the additional
> time required to set it up and to commit to maintaining it.

Yes. Exactly that.
I have been willing for a while, but I can't invest more time into the project
than I currently do. Maybe once I'm retired and don't need a $dayjob ;-)

-- 
Antoine



Re: HPLIP HP Laserjet Pro MFP M130fn PPD Plugin installation fails

2017-06-15 Thread Antoine Jacoutot
On Sun, Jun 04, 2017 at 07:09:19PM +0200, Reheis Claus wrote:
> Hi all,
> 
> Recently I acquired an HP Laserjet Pro MFP M130fn and I would like to
> use it with my OpenBSD Deskop...
> As it is supported since hplip 3.17 I have to use OpenBSD Current.
> I managed to get until the plugin installation, but now I am stuck at
> the point:
> 
> /usr/local/bin/python2.7 plugin_install.py
> 
> License blablabla
> 
> Do you accept the license terms for the plug-in (y=yes*, n=no, q=quit) ? y
> sh: lsb_release: not found
> Plugin installation failed
> error: Plugin installation failed
> 
> Any advice? thx

Hi.

Thanks for the report.
FWIW I just fixed it in current.

-- 
Antoine



Re: rc.d manual erratum

2017-05-25 Thread Antoine Jacoutot
On Wed, May 24, 2017 at 04:43:54PM -0400, Choose a display name wrote:
> Section ENVIRONMENT in the rc.d manual starts with:
> 
> >Daemon control scripts use a fixed number of sh(1) variables when starting a 
> >daemon.
> >The following three can be overridden by site-specific values ...
> 
> And description of four variables follow, not three.

Indeed. Fixed, thanks.

-- 
Antoine



Re: 6.1 syspatch installed SP kernel on MP system

2017-05-03 Thread Antoine Jacoutot
On Wed, May 03, 2017 at 03:23:10PM +0200, Marco Bonetti wrote:
> - On May 3, 2017, at 7:16 AM, Antoine Jacoutot ajacou...@bsdfrog.org 
> wrote:
> 
> > On Tue, May 02, 2017 at 08:00:15PM -0500, Aaron Riekenberg wrote:
> >> Have a 6.1 amd64 MP system running the generic MP kernel from the
> >> installation.  MP was automatically chosen by the installer - this is an
> >> Intel Atom 330 dual core box.
> >> 
> >> Ran syspatch today which installed 4 new patches:
> >> 
> >> $ syspatch -l
> >> 001_dhcpd
> >> 002_vmmfpu
> >> 003_libressl
> >> 004_softraid_concat
> >> 
> >> 
> >> One issue is, after installing patches with syspatch and rebooting I'm now
> >> running the SP kernel instead of MP:
> >> 
> >> $ uname -a
> >> OpenBSD server.localdomain 6.1 GENERIC#4 amd64
> >> 
> >> $ sysctl hw.ncpu
> >> hw.ncpu=1
> >> 
> >> 
> >> After the default installation - hw.ncpu was 2 and I was running the MP
> >> kernel.
> > 
> > Hi.
> > 
> > Thanks for the feedback.
> > Yes that should not happen but it does because there was an oversight in the
> > way we constructed the 002 patch. This will be fixed, but for now the best 
> > is
> > for you to move bsd.mp to /bsd.
> 
> Thanks for providing syspatch! Speaking of kernels, man syspatch
> http://man.openbsd.org/syspatch says under FILES section:
> 
> /bsd.syspatch${OSrev} Backup of the original /bsd release kernel.
> 
> But, after running "syspatch" as root:

Same issue. Bug is known and will be fixed.
Thanks.

> # syspatch -l
> 001_dhcpd
> 002_vmmfpu
> 003_libressl
> 004_softraid_concat
> # ls /bsd*
> /bsd/bsd.mp /bsd.rd /bsd.sp
> 
> is this a bug in the man page, syspatch or I misunderstood the man page?
> 
> > 
> > --
> > Antoine
> 
> --
> Marco Bonetti
> 

-- 
Antoine



Re: syspatch on diskless fails (stat -qf %Sd / issue)

2017-05-03 Thread Antoine Jacoutot
On Wed, May 03, 2017 at 11:39:48AM +0200, Andreas Kusalananda Kähäri wrote:
> Hi,
> 
> syspatch seems to work fine for keeping my ordinary server and router on
> -stable, thanks!
> 
> However, on my diskless workstation it doesn't work so well:
> 
> Get/Verify syspatch61-001_dhcpd.tgz 100% |*| 71733   00:00
> Installing patch 001_dhcpd
> /usr/sbin/syspatch: ??=1147776: not found

The error message could be improved but syspatch does the right thing here.
It properly aborts because it's not designed to work on a diskless system.

> This is due to stat returning "??" when asking for the device that holds
> the root (?) filesystem in the checkfs shell function.  This is with
> "set -x" at the start of that function:
> 
> Get/Verify syspatch61-001_dhcpd.tgz 100% |*| 71733   00:00
> Installing patch 001_dhcpd
> + typeset _d _df _dev _files=./usr/sbin/dhcpd 
> ./usr/share/man/man5/dhcpd.conf.5 
> ./var/syspatch/61-001_dhcpd/001_dhcpd.patch.sig _sz
> + echo ./usr/sbin/dhcpd ./usr/share/man/man5/dhcpd.conf.5 
> ./var/syspatch/61-001_dhcpd/001_dhcpd.patch.sig
> + grep -qw bsd
> + cd /
> + stat -qf _dev="${_dev} %Sd" %Sd="${%Sd:+${%Sd}\+}%Uz" ./usr/sbin/dhcpd 
> ./usr/share/man/man5/dhcpd.conf.5 
> ./var/syspatch/61-001_dhcpd/001_dhcpd.patch.sig
> + eval _dev="${_dev} ??" ??="${??:+${??}\+}147776" _dev="${_dev} ??" 
> ??="${??:+${??}\+}29070"
> + ??=1147776 _dev= ?? ??=129070
> + _dev= ??
> /usr/sbin/syspatch: ??=1147776: not found
> + set +e
> + rm -rf /tmp/syspatch.vlGsTTUac6
> 
> 
> How may I apply the binary patch on the diskless system, alternatively,
> how do I apply it to the diskless system's files on its file server?
> 
> Regards,
> Kusalananda
> 

-- 
Antoine



Re: 6.1 syspatch installed SP kernel on MP system

2017-05-03 Thread Antoine Jacoutot
On Tue, May 02, 2017 at 08:00:15PM -0500, Aaron Riekenberg wrote:
> Have a 6.1 amd64 MP system running the generic MP kernel from the
> installation.  MP was automatically chosen by the installer - this is an
> Intel Atom 330 dual core box.
> 
> Ran syspatch today which installed 4 new patches:
> 
> $ syspatch -l
> 001_dhcpd
> 002_vmmfpu
> 003_libressl
> 004_softraid_concat
> 
> 
> One issue is, after installing patches with syspatch and rebooting I'm now
> running the SP kernel instead of MP:
> 
> $ uname -a
> OpenBSD server.localdomain 6.1 GENERIC#4 amd64
> 
> $ sysctl hw.ncpu
> hw.ncpu=1
> 
> 
> After the default installation - hw.ncpu was 2 and I was running the MP
> kernel.

Hi.

Thanks for the feedback.
Yes that should not happen but it does because there was an oversight in the
way we constructed the 002 patch. This will be fixed, but for now the best is
for you to move bsd.mp to /bsd.

-- 
Antoine



Re: chmod of /usr/obj/usr.sbin/unbound/util

2017-02-26 Thread Antoine Jacoutot
On Sun, Feb 26, 2017 at 04:30:38PM +0100, Theo Buehler wrote:
> On Sun, Feb 26, 2017 at 02:33:14PM +0100, Jan Stary wrote:
> > Cleaning up /usr/obj/ before a kernel build
> > as a regular user who's in the wobj group,
> > I get the following
> > 
> >   rm: /usr/obj/usr.sbin/unbound/util/configparser.h: Permission denied
> >   rm: /usr/obj/usr.sbin/unbound/util/configparser.c: Permission denied
> >   rm: /usr/obj/usr.sbin/unbound/util/configlexer.c: Permission denied
> >   rm: /usr/obj/usr.sbin/unbound/util: Directory not empty
> >   rm: /usr/obj/usr.sbin/unbound: Directory not empty
> >   rm: /usr/obj/usr.sbin: Directory not empty
> > 
> > 
> > $ find /usr/obj/ | xargs ls -ld
> > drwxrwx---  3 build  wobj 512 Feb 26 14:19 /usr/obj/
> > drwxrwx---  3 build  wobj2560 Feb 26 14:19 /usr/obj/usr.sbin
> > drwxrwx---  3 build  wobj4096 Feb 26 14:19 /usr/obj/usr.sbin/unbound
> > drwxr-xr-x  2 build  wobj 512 Feb 23 20:43 
> > /usr/obj/usr.sbin/unbound/util
> > -rw-rw  1 build  wobj  166639 Feb 23 20:43 
> > /usr/obj/usr.sbin/unbound/util/configlexer.c
> > -rw-rw  1 build  wobj  122438 Feb 23 20:43 
> > /usr/obj/usr.sbin/unbound/util/configparser.c
> > -rw-rw  1 build  wobj6016 Feb 23 20:43 
> > /usr/obj/usr.sbin/unbound/util/configparser.h
> > 
> > Everything is 770 build:wobj, except the single directory
> > /usr/obj/usr.sbin/unbound/util which is 755 build:wobj.
> > 
> > This is on four different -current machines.
> > Is this intended?

Aaarrg... no not this again!
;-)

> Of course it is not intended. It was discussed during the last hackathon
> and aja hunted the problem down to a quirk of install -d. We tried a fix
> in Makefile.bsd-wrapper, but it turned out to be racy, so I had to back
> it out: it could write to the src/ tree in some circumstances.

It's the kind of stupid oddities that make you loose half a day and make you
feel even more stupid than you are... best memory of Australia!

> This is what seems to be the least evil hack:

If that actually improves things, OK aja.
That bug makes me sad...

> Index: usr.sbin/unbound/Makefile.in
> ===
> RCS file: /var/cvs/src/usr.sbin/unbound/Makefile.in,v
> retrieving revision 1.20
> diff -u -p -r1.20 Makefile.in
> --- usr.sbin/unbound/Makefile.in  17 Feb 2017 18:53:31 -  1.20
> +++ usr.sbin/unbound/Makefile.in  26 Feb 2017 15:04:38 -
> @@ -408,7 +408,7 @@ _unbound.la:  libunbound_wrap.lo libunbou
>  
>  util/config_file.c:  util/configparser.h
>  util/configlexer.c:  $(srcdir)/util/configlexer.lex util/configparser.h
> - @-if test ! -d util; then $(INSTALL) -d util; fi
> + @-if test ! -d util; then mkdir -p util; fi
>   if test "$(LEX)" != ":"; then \
>   echo "#include \"config.h\"" > $@ ;\
>   echo "#include \"util/configyyrename.h\"" >> $@ ;\
> @@ -416,7 +416,7 @@ util/configlexer.c:  $(srcdir)/util/conf
>   fi
>  
>  util/configparser.c util/configparser.h:  $(srcdir)/util/configparser.y
> - @-if test ! -d util; then $(INSTALL) -d util; fi
> + @-if test ! -d util; then mkdir -p util; fi
>   $(YACC) -d -o util/configparser.c $(srcdir)/util/configparser.y
>  
>  clean:
> 

-- 
Antoine



Re: rcctl hickups on OpenBSD 6.0?

2017-02-16 Thread Antoine Jacoutot
> > Wait what? rcctl certainly does not check for these.
> 
> It certainly does.  I have found it now!  Well, rcctl does not check for
> these, but it relies on
> . /etc/rc.d/rc.subr
> _rc_parse_conf

Ah right yes. _rc_parse_conf() checks for this indeed.

> And in /etc/rc.d/rc.subr the function _rc_parse_conf calls _rc_quirks
> which checks `domainname` and /var/yp/binding and if they are set
> ypbind_flags becomes ''.

Yes. That is to preserve historical behavior.

> So does /etc/rc, but misses; read on!
> 
> Since I hade run 'domainname ' and ypbind by hand it had set
> /var/yp/binding and therefore 'rcctl enable ypbind' concludes that there is
> no need for an entry in /etc/rc.conf.local because the quirked default value
> is already ''.
> 
> I am pretty certain that the reason that ypbind did not get started from
> /etc/rc when /etc/defaultdomain contained a domain name and /var/yp/binding
> was set is that /etc/rc sources /etc/rc.d/rc.subr and runs _rc_parse_conf
> before /var is mounted so /etc/rc thinks ypbind_flags=NO.  After /var has
> been mounted ypbind_flags= and therefore 'rcctl ls failed' lists ypbind,
> which surely enoug is not started when it should have been.
> 
> Nasty glitch...
> 
> I do not know how it should be fixed, but if I had enabled ypbind through
> rcctl from the start I would have gotten an entry in /etc/rc.conf.local and
> everything would have just worked.
> 
> However, the quirked value for ypbind gets wrong for /etc/rc which I think
> is kind of a bug...

Ahahaha, that's an awesome "issue".
I'll look at fixing this asap.

> > > Unfortunately /etc/rc starts ypbind like any other daemon so ypbind_flags
> > > has to be != NO and therefore it is not started.
> > > 
> > > So there seems to be some misunderstanding between /etc/rc and rcctl about
> > > exactly when ypbind is enabled or not.
> > > 
> > > The workaround is easy enough (manually editing /etc/rc.conf.local so no
> > > big issue.
> > > 
> > > Also, I tried to set nfsd flags:
> > > rcctl enable nfsd
> > > rcctl set nfsd flags -tun 4
> > > or
> > > rcctl set nfsd flags "-tun 4"
> > > but it did not work (nfsd_flags=)
> > > rcctl set nfsd flags -tu
> > > did work, though.
> > > 
> > > Known problems?
> > 
> > It's not a problem, "-tun 4" are the default flags.
> > Check the output of 'rcctl get nfsd flags'.
> 
> Ok.  That figures!  I had read /etc/rc.conf and concluded that the default
> value for nfsd_flags was NO.

I mean the default flags when nfsd is enabled.

> rc.subr(8) explains that rc.subr global defaults are overridden by
> /etc/rc.d/ script defaults that are overrriden by /etc/rc.conf.local values.
> But /etc/rc.conf defaults are not mentioned here.  I feel a bit confused...
> 
> But 'rcctl get ' will tell me the truth (except for ypbind_flags
> in /etc/rc ;-).  Thank you for enlightening me!

Yes that was one of the reasons rcctl was born; so you can know the status and
flags of your daemons without having to look into several files.

Thanks.

-- 
Antoine



Re: rcctl hickups on OpenBSD 6.0?

2017-02-16 Thread Antoine Jacoutot
On Thu, Feb 16, 2017 at 08:46:45AM +0100, Raimo Niskanen wrote:
> Hello Misc@
> 
> I tried to activate ypbind via rcctl:
> rcctl enable ypbind
> and it did not write "ypbind_flags=" into /etc/rc.conf.local.


Can't reproduce here.
# rcctl enable ypbind ; grep yp /etc/rc.conf.local 
ypbind_flags=

> I had run ypbind so it should start according to the documentation since
> there is a domain file in /var/yp/binding/ but when booting the machine
> ypbind did not start and there was no printout from /etc/rc about starting
> it.  "rcdctl ls failed" did print ypbind.

If 'rcctl ls failed' outputs ypbind, then it means ypbind_flags *is* in
rc.conf.local or something is really bogus...

> 
> I tried to debug rcctl with little success.  Looking at the script it seems
> to me that it checks /etc/rc.conf and /etc/rc.conf.local and should write a
> line "ypbind_flags=" into /etc/rc.conf.local since the default in
> /etc/rc.conf is "ypbind_flags=NO".  But ktrace:ing it indicates that it
> also checks domainname and /var/yp/binding so it is smarter than it looks.

Wait what? rcctl certainly does not check for these.

> Unfortunately /etc/rc starts ypbind like any other daemon so ypbind_flags
> has to be != NO and therefore it is not started.
> 
> So there seems to be some misunderstanding between /etc/rc and rcctl about
> exactly when ypbind is enabled or not.
> 
> The workaround is easy enough (manually editing /etc/rc.conf.local so no
> big issue.
> 
> Also, I tried to set nfsd flags:
> rcctl enable nfsd
> rcctl set nfsd flags -tun 4
> or
> rcctl set nfsd flags "-tun 4"
> but it did not work (nfsd_flags=)
> rcctl set nfsd flags -tu
> did work, though.
> 
> Known problems?

It's not a problem, "-tun 4" are the default flags.
Check the output of 'rcctl get nfsd flags'.

-- 
Antoine



Re: starting avahi the proper way

2017-01-27 Thread Antoine Jacoutot
On Fri, Jan 27, 2017 at 10:53:57PM +0100, luca suriano wrote:
> * -> 03:35:03 (giovedì 19 gennaio 2017)
> * -> "Antoine Jacoutot":
> 
> [...]
> > rcctl enable messagebus avahi_daemon
> > rcctl start messagebus avahi_daemon
> 
> If I had added 'pkg_scripts=messagebus avahi_daemon' into '/etc/rc.conf.local'
> would it been the same thing?

No.
Read the pkg README file under /usr/local/share/doc/pkg-readmes/

-- 
Antoine



Re: starting avahi the proper way

2017-01-18 Thread Antoine Jacoutot
On Wed, Jan 18, 2017 at 09:32:38PM -0500, sven falempin wrote:
> Misc Readers, 6.0 GENERIC.MP#2 amd64 here
> 
> I installed cupsd, and notice avahi would help to find some dnssd stuff.
> i then notice avahi would need dbus to start
> 
> #
> # avahi-daemon 0.6.31 starting up.
> # dbus_bus_get_private(): Failed to connect to socket
> /var/run/dbus/system_bus_socket: No such file or directory
> 
> pkg_add did a great job putting all the rc.d files but
> dbus start failed while `/usr/local/bin/dbus-launch`
> actually did something
> 
> moreover /var/run/dbus/ does not exists as a directory and creating does
> not help
> and ahavi still does not start.
> 
> I do not know where to look for all those zeroconfig daemons :
> manpages ? avahi docs ? dbus  documentation ?
> 
> Am i just suppose to put some stuff in my rc.conf.local (usually the
> package tell this kind of
> stuff ) ?
> 
> If someone already did this, i would gladly save some of time !

rcctl enable messagebus avahi_daemon
rcctl start messagebus avahi_daemon


-- 
Antoine



Re: https for pkg_add?

2017-01-05 Thread Antoine Jacoutot
On Thu, Jan 05, 2017 at 06:50:38PM -0800, jungle boogie wrote:
> Hi All,
> 
> With all the recent changes to supporting https on the various mirrors, does
> that mean https may also be used with the PKG_PATH variable?

Yes.

-- 
Antoine



Re: Watch out for bad options in /var/run/rc.d/$daemon

2017-01-04 Thread Antoine Jacoutot
> example. It starts up, and backgrounds, and then later, it parses its
> argument,
> figures it got a wrong parameter and exits.

I have a WIP diff to rc.d to fix buggy stuff like this.
But it's not ready yet.

> Then trying to add debug parameter to rc.conf.local, and see it
> not taking the debug parameter into account, because the cached
> values from /var/run/rc.d/... are used.
> It caused me a bit of head scratching before I found these cached values
> there.

It's all documented.

> I guess there might be other daemons that might expose such behaviour
> as well.
> Wondering why the cached parameters take precedence?

Because you want to be able to interact with your currently running daemon if
you happen to change the flags in rc.conf.local while it's still running.

-- 
Antoine



Re: Watch out for bad options in /var/run/rc.d/$daemon

2017-01-03 Thread Antoine Jacoutot
On Tue, Jan 03, 2017 at 11:01:18PM -0700, Andy Bradford wrote:
> Hello,
> 
> Since I couldn't find any reference  to this anywhere, I thought I would
> put out a description of the problem in the event that someone else runs
> into it with other daemons.
> 
> At one  point in time,  identd -l had a  different meaning than  it does
> now. After upgrading,  I noticed that identd was not  running, thanks to
> the following section in the daily output email:
> 
> Services that should be running but aren't:
> identd
> 
> So I began investigating why it wasn't running and found the following 
> in /var/log/messages:
> 
> Jan  3 22:46:56 obsd identd[80696]: h/auth: no address associated with name
> Jan  3 22:46:56 obsd identd[84721]: child has gone
> 
> Looking at the output, it seemed  clear that something had changed, so I
> looked at the man page for identd, and sure enough, -l is now different.
> Previously, in /etc/rc.conf.local, I had:
> 
> identd_flags="-elh"
> 
> Which coincided  with the error message.  Clearly -lh meant that  it was
> trying to look  up a host named h, which  doesn't exist, whereas before,
> -l meant to log  to syslog. So, I removed the  -l from identd_flags, and
> tried to  restart the daemon. Much  to my dismay, it  failed to restart,
> even though I had corrected the problem in rc.conf.local.
> 
> As  it turns  out, after  further investigation,  I discovered  that the
> flags get cached in /var/run/rc.d/identd:
> 
> $ cat /var/run/rc.d/identd 
> daemon_class=daemon
> daemon_flags=-elh
> daemon_rtable=0
> daemon_timeout=30
> daemon_user=root
> pexp=identd: (listen|resolver)
> 
> There's the offending -l that I thought I had removed!
> 
> I can see why now:
> 
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr?annotate=1.116
> 
> On line 109, the options that are cached in the _RC_RUNFILE override any
> that were provided before rc_cmd() was called.
> 
> Not sure  if this is  a bug.  How often does  a command line  option get
> repurposed for something else?
> 
> At any rate, I wanted to give a heads up to anyone else who might end up
> with a daemon which refuses to restart, even after the options have been
> corrected.

Nice catch, but the real issue comes from identd(8).

# /usr/sbin/identd -elh
# echo $?
0
# pgrep identd
#

See, it's not running but the return code was 0 which made rc.d(8) believed the
daemon was properly started in which case the variable are cached (so that we
can still match the daemon in the process list if the flags are changed in
rc.conf.local).

Someone fix identd please :-)

-- 
Antoine



Re: mariadb-server and OpenBSD 6.0

2016-09-08 Thread Antoine Jacoutot
On Thu, Sep 08, 2016 at 03:48:21PM +, Peter Fraser wrote:
> After installing
> 
> mariadb-server-10.0.25p0v1.tgz
> 
> and
> 
> rcctl enable mysqld
> /etc/rc.d/mysqld start
> 
> I got errors
> 
> Directly running
> 
> /usr/local/libexec/mysqld
> 
> gave
> 
> 160908 10:07:09 [Note] /usr/local/libexec/mysqld (mysqld 10.0.25-MariaDB)
> starting as process 15703 ...
> 160908 10:07:09 [Warning] Can't create test file /var/mysql/test.lower-test
> 
/usr/local/libexec/mysqld: Can't change dir to '/var/mysql/' (Errcode: 2 "No
> such file or directory")
> 160908 10:07:09 [ERROR] Aborting
> 
> As a guess, I installed
> 
> mariadb-tests-10.0.25v1.tgz
> 
> which fixed the problem.

Did you read the package readme like pkg_add advised you to do ?

-- 
Antoine



Re: OwnCloud - security/setup warnings etc.. Any help/advice would be massively appreciated.

2016-04-18 Thread Antoine Jacoutot
On Mon, Apr 18, 2016 at 11:32:32AM -0400, Nick wrote:
> ## I think this error can be safely ignored, is that correct? OpenBSD changed 
> the way environment variables are handled.. (?)
> 1. php does not seem to be setup properly to query system environment 
> variables. The test with getenv("PATH") only returns an empty response.
> 
> ## This I'm not sure of, is it to do with the server needing access to 
> /etc/hosts and /etc/resolv? Would you recommend it?
> 2. This server has no working Internet connection. This means that some of 
> the features like mounting external storage, notifications about updates
> or installation of third-party apps will not work. Accessing files remotely 
> and sending of notification emails might not work, either. We suggest to 
> enable
> Internet connection for this server if you want to have all features.
> 
> ## Is it safe to allow this to be readable by PHP? If so, what do you think 
> might be the best way to go about it?
> 3. /dev/urandom is not readable by PHP which is highly discouraged for 
> security reasons. Further information can be found in our 
> [documentation](https://doc.owncloud.org/server/8.2/go.php?to=admin-security).
> 
> ## I have already set the server to direct to HTTPS using the letsencrypt 
> certs I created, so I figure that this is unnecessary to change - would you 
> agree?
> 4. The "Strict-Transport-Security" HTTP header is not configured to least 
> "15768000" seconds. For enhanced security we recommend enabling HSTS as 
> described in our [security 
> tips](https://nofacade.co.uk/owncloud/index.php/settings/admin#admin-tips).
> 
> ## This one is a real pain to work out:
> 5. No memory cache has been configured. To enhance your performance please 
> configure a memcache if available. Further information can be found in our 
> [documentation](https://doc.owncloud.org/server/8.2/go.php?to=admin-performance).
> 
> ## Reading through /usr/local/share/doc/pkg-readmes/owncloud-8.2.2p3 - it 
> advises me to adapt and append the ownloud/config/config.php file with:
> 'memcache.local' => '\OC\Memcache\Redis',
> 'redis' => array(
> 'host' => 'localhost',
> 'port' => 6379,
> 'timeout' => 0.0,
> ),
> Problem is that after a server restart, I am blocked from accessing my 
> owncloud server. Until I remove the recommended code and restart.
> 
> Here's what I have tried and which hasn't worked for me:
> ln -sf /etc/php-5.6.sample/redis.ini /etc/php-5.6/

That is documented.

> pkg_add redis && rcctl enable redis && rcctl start redis

I though it was kind of obvious that if you wanted redis support, you should 
have a redis server...
Also it does not need to be on the same box.

> rcctl restart httpd
> rcctl restart php56_fpm -df
> 
> 
> Thanks for taking the time to look through this. Cheers
> 

-- 
Antoine



Re: PKG_PATH

2016-04-08 Thread Antoine Jacoutot
On Fri, Apr 08, 2016 at 09:16:13AM +0200, Peter Hessler wrote:
> On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote:
> :Hi,
> :
> :just installed a 5.9 AMD64 version and get issues with adding packages as a
> :regular system user. 'env' shows me the correct setting for PKG_PATH but
> :seems that the user environment isn't able to contact the source.
> :
> :As long as I change to 'root', everything works fine!
> :
> :Thank you for your support
> :
> 
> You should put it into /etc/pkg.conf instead:
> 
> """
> installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/
> """
> 
> %c expands out into the version, and %a into the arch.

I think nowadays you can do something like:
installpath = ftp.hostserver.de


-- 
Antoine



Re: PKG_PATH

2016-04-07 Thread Antoine Jacoutot
On Thu, Apr 07, 2016 at 11:49:11PM +0200, Teno Deuter wrote:
> I run 'pkg_add' with 'doas' and I get only:
> 
> Can't find [the package] I try to install. Doesn't say anything about
> 'root'.
> 
> Also, why 'pkg_add' has to be run as root only? In previous OpenBSD version
> this wasn't the case. Is that due to 'doas'?

doas resets the environment.
If you want to keep PKG_PATH then use something like this in doas.conf:
permit keepenv { PKG_PATH } nopass :wheel


-- 
Antoine



Re: Project: Creating an "immutable" OpenBSD disk image with Packer and Ansible

2016-03-31 Thread Antoine Jacoutot
On Thu, Mar 31, 2016 at 09:55:39AM +0200, Yann Hamon wrote:
> Hi,
> 
> I've been working for some time on a project to manage my router@home, I'm
> sharing it here in the hope that it will be useful to someone else.
> 
> Here it is: https://github.com/yannh/openbsd_immutable_router
> 
> It contains a set of configuration scripts for Packer and Ansible that make
> it easy to generate a disk image, that you can then copy to a USB stick to
> boot from.
> 
> To minimize writes to the USB stick, the root partition is mounted
> read-only, and all folders that require writes are mounted as MFS.
> 
> There is also some pf/dyndns/pppoe configuration that I left for learning
> purposes.
> 
> This workflow allows me to regenerate an image, or do a system upgrade, in
> about 20 minutes - packer build -var-file=config.json openbsd.json, dd
> if=output-qemu/openbsd of=/dev/sdb, reboot. I procrastinate less when doing
> my upgrades now :)

Oh that's funky. Thanks :-)

-- 
Antoine



Re: Building AMI for AWS EC2

2016-02-21 Thread Antoine Jacoutot
On Sun, Feb 21, 2016 at 01:37:21AM -0500, Predrag Punosevac wrote:
> Hi Guys,
> 
> Any updates on this? I am toying with AWS in the case one of my lab's
> projects has to be moved to thier infrastructure. I just played creating
> network gateway/firewall using Colin Percival's FreeBSD. Works OK but
> having OpenBSD latest PF, relayd, httpd, and other goodies sure would be
> nice. I am on us-west-2a and I have not seeing any OpenBSD AMIs.

I share some on eu-west and us-east.
I can put one on us-west as well if you want. You can build your own you 
know... as was mentioned in this thread already.

-- 
Antoine



Re: bgpd in snapshot from 4 feb.

2016-02-07 Thread Antoine Jacoutot
On Sun, Feb 07, 2016 at 10:01:40PM +0100, Claudio Jeker wrote:
> You forgot to run sysmerge. The rc scripts changed on what they pgrep to
> see if the parent process is running. Since the rc script is unable to
> find the process it reports failed eventhough all is OK.

rc.d scripts are part of base, not etc; so running sysmerge or not will make no 
difference.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-28 Thread Antoine Jacoutot
>   # ln -s httpd httpd2
> 
> That's a terrible name.  The next admin coming along will have no

Duh, I was just making a point.

> clue what this second httpd is needed for.

As I said, I thing it'd be a worthful addition to the doc indeed.
However I don't think this should go into rcctl.

"I should document that" is what I wrote iirc; and I will.
httpd is not a good example anyway. Something like snmpd might.

Please give me a couple of days and I'll send a diff.
Thanks.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-28 Thread Antoine Jacoutot
> Fine, this is what I suggested as the first option.
> 
> But let's do it everywhere and not just for httpd -
> don't use setproctitle in the parent process.
> 
> It does make sense for many more privsep daemons, especially in combination
> with rdomains (ntpd, iked, …). bgpd would probably not need it, but it does
> not harm
> and I'd prefer to change it for consistency (please don't forget that we try
> to keep
> the daemons synced somehow - it's an ecosystem).

I couldn't agree more.

-- 
Antoine



Re: rc.d and rtable

2016-01-28 Thread Antoine Jacoutot
On Thu, Jan 28, 2016 at 03:50:33AM -0500, Jiri B wrote:
> On Thu, Jan 28, 2016 at 11:27:40AM +0300, Vadim Zhukov wrote:
> > [...]
> > The code looks like more or less fine (I'll do a more careful review a bit
> > later), but there are documentation bits missing.
> 
> That was a POC, anyway I'm not very familiar with mandoc :/

Don't worry about it for now.
I'll move this to its next step but as I mentioned, this is a bit late to make 
it into 5.9.
rc.d is nice and simple indeed but there are some corner cases here and there 
and I don't want to introduce any regression at this point.

Thanks Jiri.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-28 Thread Antoine Jacoutot
On Thu, Jan 28, 2016 at 10:29:56AM +0100, Paolo Aglialoro wrote:
> When this goes implemented, how will one start/stop/reload/check the single
> instance or all instances through /etc/rc.d/ ?

You'll have a different rc.d script and associated rc.conf variables for each 
of your instances.
Actually not really a "different" rc.d script, just a link to the original one 
which already works for daemons that properly display their args in the process 
list.

As mentioned in another thread already:
# ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2
Then use mydaemon2_flags ... in rc.conf.local.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-28 Thread Antoine Jacoutot
On Thu, Jan 28, 2016 at 10:45:31AM +0100, Kamil Cholewiński wrote:
> On Thu, 28 Jan 2016, Paolo Aglialoro  wrote:
> > When this goes implemented, how will one start/stop/reload/check the single
> > instance or all instances through /etc/rc.d/ ?
> 
> I hate to repeat myself, but runit solves all of these problems cleanly,
> with no need for ps grepping, with no patches in the daemons necessary,
> and with minimal setup.
> 
> sv restart /var/services/httpd1
> sv restart /var/services/httpd2

I don't see why we wouldn't want to properly fix this in rc.d which is in base 
in the first place.
It's alright to use an external service supervisor when there's a very specific 
need, but in this case I see no reason for it.

-- 
Antoine



Re: rc.d and rtable

2016-01-28 Thread Antoine Jacoutot
> > # ln -s /etc/rc.d/sshd /etc/rc.d/sshdt2
> > # rcctl enable ssht2
> > # rcctl set ssht2 flags -f /etc/ssh/wunder_config
> 
> Aha, that is what I was looking for. So if this works I'm totally happy :)
> Didn't know that you can just symlink rc scripts and everything will work.

Yeah, this was done at c2k15 :-)

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr?rev=1.99=text/x-cvsweb-markup

Maybe I should document that; it's a recurrent question.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-27 Thread Antoine Jacoutot
> Well, we "tradionally" had setproctitle("[priv]") in the parent.  I
> changed the tradition to setproctitle("parent").
> 
> I have no objections with changing this in the parent (but keeping the
> setproctitles in the children) to either the default (all command line
> flags) or to something like setproctitle("parent, %s", conffile).
> Command line flags suck and I don't think that -d or -v would be
> helpful in the output, so I prefer the latter.

"-v" is helpful at least for rc.d which needs to match the full args list by 
default

> All rc scripts would have to be adjusted by somebody with better rc-fu.

Actually if things are properly done, the non default pexp line in the rc.d 
scripts should just be removed and that's it.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-27 Thread Antoine Jacoutot
> This does the trick. It probably doesn't make sense to run multiple
> copies of all of the privsep daemons though I see definite use cases
> for httpd, snmpd [v4 and v6 need separate daemons], and possibly some
> others, but it would be better to keep them all in-sync..

Yes, if we go this way, please let's keep them in sync.
There's always some cases where you'd like to run multiple copies of a daemon 
-- even temporarily (and even for the non obvious ones).

> Index: etc/rc.d/httpd
> ===
> RCS file: /cvs/src/etc/rc.d/httpd,v
> retrieving revision 1.3
> diff -u -p -r1.3 httpd
> --- etc/rc.d/httpd22 Jul 2014 17:37:16 -  1.3
> +++ etc/rc.d/httpd27 Jan 2016 22:22:11 -
> @@ -6,6 +6,4 @@ daemon="/usr/sbin/httpd"
>  
>  . /etc/rc.d/rc.subr
>  
> -pexp="httpd: parent.*"
> -

\o/ this is what I expected :-)

>  rc_cmd $1
> Index: usr.sbin/httpd/httpd.c
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v
> retrieving revision 1.53
> diff -u -p -r1.53 httpd.c
> --- usr.sbin/httpd/httpd.c3 Dec 2015 11:46:25 -   1.53
> +++ usr.sbin/httpd/httpd.c27 Jan 2016 22:22:11 -
> @@ -248,7 +248,6 @@ main(int argc, char *argv[])
>  
>   proc_init(ps, procs, nitems(procs));
>  
> - setproctitle("parent");
>   log_procinit("parent");
>  
>   if (pledge("stdio rpath wpath cpath inet dns proc ioctl sendfd",
> 

-- 
Antoine



Re: rc.d and rtable

2016-01-27 Thread Antoine Jacoutot
On Wed, Jan 27, 2016 at 12:58:48PM -0500, Jiri B wrote:
> On Wed, Jan 27, 2016 at 01:40:14PM +0100, Antoine Jacoutot wrote:
> > On Wed, Jan 27, 2016 at 06:47:57AM -0500, Jiri B wrote:
> > > Would it be worth to extend rc.d for rtable knobs?
> > > 
> > > - daemon_rtable varible
> > > - rc_* functions (route exec, pgrep/pkill -T $rtable...)
> > > 
> > > Or are routing tables not much used thus not worth to make
> > > rc.d more complicated?
> > 
> > There has been several discussions about this. No decision made though.
> > If you can find a nice way to implement it, I can have a look.
> 
> rc.d framework is so nice... not sure if this is nice way but it
> works. Maybe check for existing rtable is not great.

I'll have a look but don't hold your breath.
Thanks.
 
> Index: etc/rc.d/rc.subr
> ===
> RCS file: /cvs/src/etc/rc.d/rc.subr,v
> retrieving revision 1.105
> diff -u -p -r1.105 rc.subr
> --- etc/rc.d/rc.subr  21 Dec 2015 10:18:05 -  1.105
> +++ etc/rc.d/rc.subr  27 Jan 2016 17:57:16 -
> @@ -130,7 +130,7 @@ _rc_parse_conf() {
>   while IFS=' ' read -r _l; do
>   [[ $_l == [!#=]*=* ]] || continue
>   _key=${_l%%*([[:blank:]])=*}
> - [[ $_key == *_@(flags|user|timeout) ]] || \
> + [[ $_key == *_@(flags|rtable|user|timeout) ]] || \
>   [[ " ${_allowed_keys[*]} " == *" $_key "* ]] || 
> \
>   continue
>   [[ $_key == "" ]] && continue
> @@ -154,15 +154,15 @@ rc_start() {
>  }
>  
>  rc_check() {
> - pgrep -q -xf "${pexp}"
> + pgrep -T ${daemon_rtable} -q -xf "${pexp}"
>  }
>  
>  rc_reload() {
> - pkill -HUP -xf "${pexp}"
> + pkill -HUP -T ${daemon_rtable} -xf "${pexp}"
>  }
>  
>  rc_stop() {
> - pkill -xf "${pexp}"
> + pkill -T ${daemon_rtable} -xf "${pexp}"
>  }
>  
>  rc_cmd() {
> @@ -172,6 +172,10 @@ rc_cmd() {
>   [ X"${rc_usercheck}" != X"NO" -a X"$1" = "Xcheck" ] || \
>   _rc_err "$0: need root privileges"
>  
> + if ! route -T ${daemon_rtable} -n show >/dev/null 2>&1; then
> + _rc_err "$0: rtable ${daemon_rtable} does not exist"
> + fi
> + 
>   if _rc_not_supported start || _rc_not_supported stop; then
>   rc_restart=NO
>   fi
> @@ -259,12 +263,14 @@ _RC_RUNFILE=${_RC_RUNDIR}/${_name}
>  _rc_do _rc_parse_conf
>  
>  eval _rcflags=\${${_name}_flags}
> +eval _rcrtable=\${${_name}_rtable}
>  eval _rcuser=\${${_name}_user}
>  eval _rctimeout=\${${_name}_timeout}
>  
>  # set default values; duplicated in rcctl(8)
>  getcap -f /etc/login.conf ${_name} 1>/dev/null 2>&1 && \
>   daemon_class=${_name} || daemon_class=daemon
> +[ -z "${daemon_rtable}" ] && daemon_rtable=0
>  [ -z "${daemon_user}" ] && daemon_user=root
>  [ -z "${daemon_timeout}" ] && daemon_timeout=30
>  
> @@ -273,6 +279,7 @@ getcap -f /etc/login.conf ${_name} 1>/de
>   unset _rcflags
>  
>  [ -n "${_rcflags}" ] && daemon_flags=${_rcflags}
> +[ -n "${_rcrtable}" ] && daemon_rtable=${_rcrtable}
>  [ -n "${_rcuser}" ] && daemon_user=${_rcuser}
>  [ -n "${_rctimeout}" ] && daemon_timeout=${_rctimeout}
>  
> @@ -280,9 +287,13 @@ if [ -n "${_RC_DEBUG}" ]; then
>   echo -n "${_name}_flags "
>   [ -n "${_rcflags}" ] || echo -n "empty, using default "
>   echo ">${daemon_flags}<"
> + echo -n "${_name}_rtable "
> + [ -n "${_rcrtable}" ] || echo -n "empty, using default "
> + echo ">${daemon_rtable}<"   
>  fi
>  
>  readonly daemon_class
> -unset _rcflags _rcuser _rctimeout
> +unset _rcflags _rcrtable _rcuser _rctimeout
>  pexp="${daemon}${daemon_flags:+ ${daemon_flags}}"
> -rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
> +rcexec="route -T ${daemon_rtable} exec su -l -c ${daemon_class} -s /bin/sh 
> ${daemon_user} -c"
> +
> Index: usr.sbin/rcctl/rcctl.sh
> ===
> RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v
> retrieving revision 1.88
> diff -u -p -r1.88 rcctl.

Re: rc.d and rtable

2016-01-27 Thread Antoine Jacoutot
> > rc.d framework is so nice... not sure if this is nice way but it
> > works. Maybe check for existing rtable is not great.
> 
> If I see this correctly you add a foo_rtable variable to rc.conf.local.
> I think there is some drawback to this solution.
> You can only have one daemon running in one rtable at a time
> I often run things like sshd in multiple rtables / rdomains in which
> case I would have to copy the sshd rc.d script and fiddle a bit here and

You don't have to copy it, just link it (so you get updates to the original 
script) and add ssht2, ssht3... to pkg_scripts.
But yeah, it's not an obvious road and that's why I warned not to hold any 
breath ;-)

> there. I would prefer if we would have a rc.conf file specific for a
> rtable. Also it is not possible to start daemons with different flags.

Hmm. Can you extend on that?
We should be able to make something like this work:

# ln -s /etc/rc.d/sshd /etc/rc.d/sshdt2
# rcctl enable ssht2
# rcctl set ssht2 flags -f /etc/ssh/wunder_config

> Non the less I think this is a move in the right direction.

It is. It's basically the last obvious situation rc.d does not handle besides 
what was mentioned today (multiple httpd, relayd, ...).
Good thing we have rc.local ;-)

Anyway, I've been pretty busy lately but I think that's something I'd like to 
investigate during our upcoming hackathon a couple months from now (it's too 
late for this release anyway).

-- 
Antoine



Re: rc.d and rtable

2016-01-27 Thread Antoine Jacoutot
On Wed, Jan 27, 2016 at 06:47:57AM -0500, Jiri B wrote:
> Would it be worth to extend rc.d for rtable knobs?
> 
> - daemon_rtable varible
> - rc_* functions (route exec, pgrep/pkill -T $rtable...)
> 
> Or are routing tables not much used thus not worth to make
> rc.d more complicated?

There has been several discussions about this. No decision made though.
If you can find a nice way to implement it, I can have a look.

-- 
Antoine



Re: can't run multiple instances of httpd, flags not visible in processes

2016-01-27 Thread Antoine Jacoutot
On Wed, Jan 27, 2016 at 12:30:08PM +0100, Reyk Floeter wrote:
> On Wed, Jan 27, 2016 at 06:12:22AM -0500, Jiri B wrote:
> > Hi,
> > 
> > I can't run multiple instances of httpd via rc.d as I can't distinguish
> > between httpd instances. ps aux never show flags passed to httpd.
> > 
> > Could httpd be extended to show flags like sshd does it?
> > 
> > root 15681  0.0  0.1  1196  2308 ??  Ssp   12:08PM0:00.05 httpd: 
> > parent (httpd)
> > 
> > vs
> > 
> > root 17247  0.0  0.1   920  1376 ??  Ss12:09PM0:00.03 
> > /usr/sbin/sshd -f /etc/ssh/test_sshd_config
> > 
> > Or is there any other way to distinguish between two httpd instances?
> > 
> > j.
> > 
> 
> Interesting point, I never thought about it.

That's not httpd specific. Most of our privilege separated daemons do that and 
it sucks :-)

-- 
Antoine



Re: Building AMI for AWS EC2

2016-01-20 Thread Antoine Jacoutot
> There are a couple public AMIs available, but I'm curious as to how they are
> built. It'd be pretty cool to be able to build a given snapshot into an AMI,
> rather than be dependent on whomever is creating the public ones.
> 
> If the builder of the public AMIs is reading this, I'd love to hear what
> your process is.

You can play with this if you're brave:
https://github.com/ajacoutot/aws-openbsd

It's kind of ugly but should do the job. Once vmm is in GENERIC, I'll script 
something around it instead.

-- 
Antoine



Re: "rcctl start anacron" fails when no jobs to run

2016-01-09 Thread Antoine Jacoutot
On Sat, Jan 09, 2016 at 12:45:42PM +0100, Andreas Kusalananda Kähäri wrote:
> Hi,
> 
> When using rcctl to start a service that is not a true daemon, such
> as anacron (from ports), and that service does its job and exits
> immediately, then rcctl will wait for the allotted timeout to expire and
> report failure:
> 
> $ rcctl get anacron
> anacron_class=daemon
> anacron_flags=-s
> anacron_timeout=30
> anacron_user=root
> 
> $ doas anacron -s -d
> Anacron 2.4.3 started on 2016-01-09
> Normal exit (0 jobs run)
> 
> $ doas rcctl start anacron
> anacron(failed)
> 
> I'm not sure how to fix this.  It doesn't break anything, but it delays
> the boot process.

rc.d is for daemons only.
If anacron is just a standard utility that needs to be run at boot time then 
use rc.local or cron's @reboot facility.

-- 
Antoine



Re: owncloud and php5-libsmbclient / occ

2015-12-30 Thread Antoine Jacoutot
On Wed, Dec 30, 2015 at 10:36:58AM +, Stuart Henderson wrote:
> On 2015-12-30, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote:
> > On Wed, Dec 30, 2015 at 01:29:15AM +0100, Paolo Aglialoro wrote:
> >> # doas -u www /var/www/owncloud/occ
> >> 
> >> provides the following result:
> >> 
> >> PHP Notice:  Undefined index: SERVER_PROTOCOL in
> >> /var/www/owncloud/lib/private/response.php on line 77
> >> App directory "/owncloud/apps" not found! Please put the ownCloud apps
> >> folder in the ownCloud folder or the folder above. You can also configure
> >> the location in the config.php file.
> >> 
> >> How can occ then be run?
> >
> > That is expected when running ownCloud under a chroot because config.php 
> > set the owncloud dir related to the chroot (/owncloud versus 
> > /var/www/owncloud).
> > What you could do is to shutdown your webserver, edit config.php with the 
> > full path, run occ, edit config.php back to its previous value then restart 
> > your webserver.
> 
> You could do this, and leave it with the full /var/www/owncloud path in
> the config file.
> 
> mkdir /var/www/var
> ln -s .. /var/www/var/www

Would that really work? I mean when you manually run 'occ', you are outside the 
chroot.

> I wonder if we should install that symlink by default, it would make
> some things a lot easier.

If it does work, then yeah for sure.

-- 
Antoine



Re: owncloud and php5-libsmbclient / occ

2015-12-29 Thread Antoine Jacoutot
On Wed, Dec 30, 2015 at 01:29:15AM +0100, Paolo Aglialoro wrote:
> Hi,
> 
> the upgrade from 5.7 to 5.8 implies owncloud upgrade from 8.0.2 to 8.1.
> With this upgrade, the php library php5-libsmbclient is needed:
> https://doc.owncloud.org/server/8.1/admin_manual/release_notes.html
> Unfortunately a similar library is not present either in 5.8 packages or in
> -current ones.
> Is there any plan to implement it?

It is not *needed* per se; it's only needed if you want SMB storage support.
If that's the case, you could try and make a port.

> Also, if one would like to use occ utility from CLI, considering that the
> whole owncloud runs chrooted under /var/www/ and that occ therefore looks
> for /owncloud/apps folder (which is obviously /var/www/owncloud/apps) and
> that www user is a nologin one, trying to run the following command:
> 
> # doas -u www /var/www/owncloud/occ
> 
> provides the following result:
> 
> PHP Notice:  Undefined index: SERVER_PROTOCOL in
> /var/www/owncloud/lib/private/response.php on line 77
> App directory "/owncloud/apps" not found! Please put the ownCloud apps
> folder in the ownCloud folder or the folder above. You can also configure
> the location in the config.php file.
> 
> How can occ then be run?

That is expected when running ownCloud under a chroot because config.php set 
the owncloud dir related to the chroot (/owncloud versus /var/www/owncloud).
What you could do is to shutdown your webserver, edit config.php with the full 
path, run occ, edit config.php back to its previous value then restart your 
webserver.

-- 
Antoine



Re: documentation about flags for pkg_scripts

2015-12-14 Thread Antoine Jacoutot
On Mon, Dec 14, 2015 at 10:50:26AM +0100, Marko Cupać wrote:
> Hi,
> 
> I found out from bits and pieces on the 'net that I can use flags for
> pkg_scripts in rc.conf.local, and I also found out by trial and error
> that flags declared in rc.conf.local seem to replace ones
> in /etc/rc.d/ (at least for isc_named).
> 
> I can't find any official documentation about rc flags override in man
> pages or in FAQ. Am I searching in wrong places?

'man rc.d' doesn't cover it?

-- 
Antoine



Re: cyrus-sasl2

2015-12-10 Thread Antoine Jacoutot
> That would be fantastic, thank you very much!

I committed support for gssapi in -current.
Please let me know if that works for you.

-- 
Antoine



Re: kerberos

2015-12-09 Thread Antoine Jacoutot
On Wed, Dec 09, 2015 at 11:13:40AM -0200, Friedrich Locke wrote:
> What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
> removed from the distribution).

It depends on your exact needs, but there's:
ports/security/heimdal
ports/sysutils/login_krb5

-- 
Antoine



Re: cyrus-sasl2

2015-12-09 Thread Antoine Jacoutot
On Wed, Dec 09, 2015 at 01:32:31PM -0500, Kurt Mosiejczuk wrote:
> On Wed, Dec 09, 2015 at 04:15:07PM -0200, Friedrich Locke wrote:
> > Does security/cyrus-sasl2 include support for GSSAPI (I am in need of
> > kerberos) ?
> 
> Not currently.  They removed that support when they kicked Heimdal out
> of base.
> 
> One of my spare time projects is looking how to put that back in as a 
> flavor for the port.

I can take care of that.

-- 
Antoine



Re: embarrassing problem with sysmerge

2015-12-05 Thread Antoine Jacoutot
On Sat, Dec 05, 2015 at 05:40:00PM +0900, Joel Rees wrote:
> About a week ago, I was trying to get cvs up to current, and I tried to do
> a sysmerge in my sleep after make build in src.
> 
> When I realized I wasn't awake enough to merge /etc/login.conf correctly, I
> think I hit control-c.
> 
> Now sysmerge doesn't want to do anything at all.
> 
> Do I assume that login.conf was the last thing it needed to do? (And maybe
> that I must have done something other than ctrl-c?)
> 
> Or can I just cvs up current now and hope that anything that might not have
> gotten picked up last week gets picked up now, or do I need to do some
> digging with mtree and/or some other tools?

You can run 'sysmerge -d' which will force a full diff of everything.

-- 
Antoine



Re: ansible openbsd_rcctl module

2015-12-01 Thread Antoine Jacoutot
On Tue, Dec 01, 2015 at 08:54:25AM -, Sarevok Anchev wrote:
> Hello,
> 
> Recently I submitted openbsd_rcctl to ansible. In order to speed up the
> process of having it included by default, I'm asking the community to
> review/test the module and drop a comment at
> https://github.com/ansible/ansible-modules-extras/pull/1296
> 
> Let me know if there are other OpenBSD-specific modules you'd like to see
> for ansible.

Isn't there support for rcctl in ansible already?

-- 
Antoine



Re: Install from snapshot unable boot

2015-11-27 Thread Antoine Jacoutot
On Fri, Nov 27, 2015 at 08:58:33AM +0100, Rolf Sommerhalder wrote:
> The current snapshot fails to install from .iso at the very last step
> at writing the boot info to disk on VirtualBox.
> 
> http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/i386/BUILDINFO
> Build date: 1448569476 - Thu Nov 26 20:24:36 UTC 2015
> 
> Using "the same procedure", install from an older i386 snapshot from 5
> Nov 2015, followed by an update to the current snapshot using bsd.rd,
> works as usual.

Yeah, that's because of pledge(2):
installboot(19095): syscall 54 "ioctl"

-- 
Antoine



Re: LPR/LPD does not run filters

2015-10-27 Thread Antoine Jacoutot
> Well, specifying 'lp' instead of 'rm' does make it run filters, but the job
p is not sent to the printer, even when I use the port@host format from
> the man page. As soon as I set 'rm', filters are no longer executed.

It's all documented in /usr/local/share/doc/pkg-readmes/cups-filters-*

Extract:

lpd(8): network printer printcap(5) example
---
rp|samsung|Samsung-ML-2850D:\
:lp=9100@1.2.3.4:\
:if=/path/to/script.sh:\
:sd=/var/spool/output:\
:lf=/var/log/lpd-errs:\
:sh:
(where 1.2.3.4 is the printer IP address and 9100 the printer stream port)

foomatic-rip(1) does *not* speak LPD (port 515).
If the printer does not support raw printing over port 9100, it must be
setup locally on a print server (see above for an example using USB)
then accessed over LPD by the clients (there is no need to setup any
print filter on the clients since it will run on the print server).

-- 
Antoine



Re: mk.conf in examples?

2015-10-16 Thread Antoine Jacoutot
On Fri, Oct 16, 2015 at 02:21:38PM +0200, Ingo Schwarze wrote:
> Hi Jan,
> 
> Jan Stary wrote on Fri, Oct 16, 2015 at 08:17:49AM +0200:
> 
> > Should mk.conf(5) be present in /etc/examples,
> > or is it not there on purpose?
> 
> Not every potential configuration file needs an example.
> As a general direction, i'd rather aim for reducing the number of
> files in /etc/examples/ than proliferating it.  The problem is that
> the directory dilutes documentation.  Instead of having all the
> documentation in one place, it makes you look in two places, the
> manual and /etc/examples/, doubling the work you have to do when
> changing a configuration, and creating a risk that some people look
> at one place and don't even realize the other exists.  It also
> doubles the documentation maintenance work and the risk of documentation
> getting outdated and contradictory, so grand total, it kind of
> quadruples the risk of people misconfiguring their system.
> 
> The concept was introduced to reduce the number of files in /etc/,
> and that worked well.  That doesn't mean all the examples files

There's also a side effect that sysmerge used. If an example file changes, it 
could mean the configuration syntax changed -- sysmerge will warn you.
If we are to remove half of the examples (which I have no problem with), then I 
don't think sysmerge should warn anymore.

-- 
Antoine



  1   2   3   4   5   6   7   >