Re: relayd send/expect syntax

2017-02-08 Thread dale . lindskog 
> Running the most recent amd64 snapshot on ESXi.
> 
> OpenBSD r1.mwlucas.org 6.0 GENERIC#162 amd64
> 
> I'm trying to use relayd's check send/expect support to verify a
> daemon's banner comes up. After problems I've stripped this down to
> the simplest possible config, a single known good mail server. The server
> keeps showing up as down, with a TCP timeout. Packet sniffer shows
> that the connection opens and that the SMTP banner is returned in less
> than a second.
> 
> Am I doing something obviously stupid here?
> 
> Here's the config and the debugging output.
> 
> relayd.conf:
> ---
> ext_ip="203.0.113.213"
> 
> log updates
> timeout 9000
> 
> 
> table  { 104.236.197.233 }
> 
> redirect smtp {
> listen on $ext_ip port 587 interface em0
> forward to  check send nothing expect "200 *"
> }
> 
> --
> 
> Why have the "timeout 9000"? Well, because of the error I get:
> 
> relayd -d
> pfe: filter init done
> startup
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relayd_tls_ticket_rekey: rekeying tickets
> init_tables: created 1 tables
> hce_notify_done: 104.236.197.233 (tcp read timeout)
> host 104.236.197.233, check send expect (9020ms,tcp read timeout), state 
> unknown -> down, availability 0.00%
> pfe_dispatch_hce: state -1 for host 1 104.236.197.233
> ^Chce exiting, pid 12145
> kill_tables: deleted 1 tables
> flush_rulesets: flushed rules
> pfe exiting, pid 67580
> relay exiting, pid 72564
> ca exiting, pid 19097
> relay exiting, pid 72558
> relay exiting, pid 72790
> ca exiting, pid 1431
> ca exiting, pid 889
> parent terminating, pid 81783
> 
> Any suggestions, folks?

Does the daemon actually return "200"? --

 $ nc -vv localhost 25
 Connection to localhost 25 port [tcp/smtp] succeeded!
 220 elanoir.my.domain ESMTP OpenSMTPD
 ^C

-- Dale

PKG_CACHE directory permissions and pkg_add(1) -n option

2015-07-02 Thread Dale Lindskog 
It is discouraged but possible to run pkg_add(1), with the -n option, as a 
user other than root.  However, if pkg_add(1) does not have write 
permission to $PKG_CACHE, then error messages are produced.  For example:

$ ls -ld $PKG_CACHE
drwxr-xr-x  2 root  wheel  3072 Jul  2 12:13 /var/pkg_cache
$ pkg_add -vn gcal
pkg_add should be run as root
Update candidates: quirks-2.54 - quirks-2.54
quirks-2.54 signed on 2015-03-08T12:33:05Z
Fatal error: Ustar 
[ftp://ftp.openbsd.org/pub/OpenBSD/5.7/packages/amd64/gcal-3.6.3p0.tgz][?]: 
Error while reading header
 at /usr/libdata/perl5/OpenBSD/Ustar.pm line 89.

These error messages are less than clear about the underlying permissions 
problem, especially when -v is omitted.  (-v is what produces the first 
line of output: 'pkg_add should be run as root'.)

It is desirable to me (a) to run pkg_add -n as a non-root user and (b) 
that non-root users are unable to write to the PKG_CACHE directory.  One 
solution is for pkg_add(1) to silently omit the attempt to copy the 
package to an unwritable $PKG_CACHE.  Below is a diff that does that, and 
modifies pkg_add(1)'s man page accordingly.

I realize this should go to tech@, but I'm worried that I'm being dumb in 
some kind of way, and my understanding is that dumb posts, if they must 
occur, are better sent to misc@ first for vetting.  :)

Index: pkg_add.1
===
RCS file: /cvs/src/usr.sbin/pkg_add/pkg_add.1,v
retrieving revision 1.132
diff -u -p -r1.132 pkg_add.1
--- pkg_add.1   16 Apr 2015 20:01:39 -  1.132
+++ pkg_add.1   2 Jul 2015 19:00:43 -
@@ -188,7 +188,8 @@ or
 If the environment variable
 .Ev PKG_CACHE
 is set to a directory name, every package retrieved from a distant location
-will also be copied here.
+will also be copied here, provided pkg_add has write permission to that 
+directory
 .Pp
 Some packages may depend on other packages.
 When resolving dependencies
@@ -371,7 +372,7 @@ Don't actually install a package, just r
 would be taken if it was.
 Will still copy packages to
 .Ev PKG_CACHE
-if applicable.
+if applicable and if pkg_add has write permission to that directory.
 .It Fl P Ar type
 Check permissions for distribution, where
 .Ar type
@@ -745,7 +746,7 @@ if no
 option is specified.
 .It Ev PKG_CACHE
 If set, any package retrieved from a distant location will be copied to
-that directory as well.
+that directory as well, if pkg_add has write permission to that directory.
 .It Ev PKG_PATH
 If a given package name cannot be found,
 the directories named by
Index: OpenBSD/PackageRepository.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v
retrieving revision 1.113
diff -u -p -r1.113 PackageRepository.pm
--- OpenBSD/PackageRepository.pm4 Mar 2015 13:55:32 -   1.113
+++ OpenBSD/PackageRepository.pm2 Jul 2015 19:00:44 -
@@ -534,7 +534,7 @@ sub open_pipe
$object-{pid2} = $pid2;
} else {
open STDERR, '', $object-{errors};
-   if (defined $object-{cache_dir}) {
+   if (defined $object-{cache_dir} and -w $object-{cache_dir}) {
my $pid3 = open(my $in, -|);
$self-did_it_fork($pid3);
if ($pid3) {

Re: Set PKG_PATH using Time Zone?

2015-03-26 Thread Dale Lindskog 
On Thu, 26 Mar 2015, L.R. D.S. wrote:

 Is really boring write the package repository everytime we install. 
 Why not set the repository using the Time Zone as a reference?
 For example, if you set Japan as your zone, then run
 export PKG_PATH=http://www.ftp.ne.jp/OpenBSD/'uname -r'/packages/'uname -m'/

#!/usr/bin/perl -w
use strict;

chomp( my( $uname_r, $uname_m ) = ( `uname -r`, `uname -m` ) );
chomp( my $zone = join( '/', ( split('/', `ls -l /etc/localtime`) )[-2,-1] ) );

my %mirror = (
  Canada/Mountain = ftp://ftp.openbsd.org/pub/OpenBSD;,
  # okay, I'm bored now... hopefully L.R. D.S. will help
);

print $mirror{$zone}/$uname_r/packages/$uname_m/;