Re: client limit (100) reached, refusing connection from xx.xxx.x.26 OpenBSD 5.1

[Jérémie Courrèges-Anglas]

Motty Cruz  writes:

> I see the following error in my firewall log:
> client limit (100) reached, refusing connection from xx.xxx.x.26 (this
> IP is on the firewall interface facing the public)
> proxy cannot connect to server xx.xxx.x.48: No route to host

Looks like a log message from ftp-proxy(8); the max 100 sessions limit
is documented in the manpage.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: HUAWEI dongle

[Jérémie Courrèges-Anglas]

"Read, James C"  writes:

>>A full dmesg output, or at least an indication of what model the dongle is
>>would be useful here.
>
> Would love to be able to do that. Anybody had success mounting an OpenBSD
> filesystem in linux?

IIRC it's something like mount -o ro,44bsd.

> 0x00
>
-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Native EFI Bootloader Support

[Jérémie Courrèges-Anglas]

Joel Rees  writes:

[...]

> (Not that I particularly want to, but the US tax office seems to
> expect everyone who is required to report certain things to be able to
> run a current version of the Adobe PDF viewer. Or, if there is a
> community supported pdf viewer that allows "filling out electronic pdf
> forms". I'm not yet aware of it.)

The last time I had such a need, I used graphics/evince.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: ftp.html

[Jérémie Courrèges-Anglas]

Stuart Henderson  writes:

> On 2015-09-11, Rob Pierce  wrote:
>> Agreed about the word order. How about this?
>> 
>> Index: ftp.html
>>===
>> RCS file: /cvs/www/ftp.html,v
>> retrieving revision 1.673
>> diff -u -p -r1.673 ftp.html
>> --- ftp.html 25 Jul 2015 19:24:18 -  1.673
>> +++ ftp.html 11 Sep 2015 12:30:18 -
>> @@ -61,7 +61,7 @@ upgrade your system very quickly.
>> Download via
>>HTTP/FTP
>>  
>> -OpenBSD can be also easily installed via HTTP or FTP.
>> +OpenBSD can also be easily obtained via HTTP or FTP.
>>  Typically you need a single small piece of boot media (e.g., a boot floppy)

Boot floppy, really? :)

>>  and then the rest of the files can be installed from a number of locations,
>>  including directly off the Internet.
>>
>>
>
> I would just drop the word 'easily' here.

+1

> Also, see the line at the top of the file, you are patching the wrong file.
>


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Show us your /etc/profile

[Jérémie Courrèges-Anglas]

Alexander Hall alexan...@beard.se writes:

[...]

 I'm pretty sure this messes up $? at the prompt. Try:

 false
 echo $?

 You could circumvent this by saving $? at the beginning of the function and 
 returning it at the end. 

Here's an excerpt of my .kshrc.  The '$' is printed in red if the last
command failed, $? is preserved in case I want to know the exact value.

---
_nc=$(tput sgr0)
_red=$(tput setaf 1)
---
_ps1_err () {
local _rc=$?
[ $_rc -ne 0 ]  printf %s $_red
return $_rc
}
PS1='\h \w\[$(_ps1_err)\]\$\[$_nc\] '
---

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: DHCPv6 server - send_packet6: Network is unreachable

[Jérémie Courrèges-Anglas]

Claus Lensbøl cl...@fab-it.dk writes:

[...]

 Does anyone have a clue about what this issue could be? Or maybe
 give a direction in which I could try to debug?

Please provide missing information, such as the OpenBSD version you're
using, the version of your isc-dhcp package, your dhcpd configuration,
etc  You're also mentioning pf yet you don't provide your pf.conf.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: ps: display command arguments

[Jérémie Courrèges-Anglas]

Ingo Feinerer feine...@logic.at writes:

 Hi,

Hi Ingo,

 when running

 R --file=~/test.R --args -i -j -k

 with R from math/R in ports and test.R as

 commandArgs(TRUE)
 Sys.sleep(10)

 ps output displays

 /usr/local/lib/R/bin/exec/R --file=/home/user/test.R --args --args --args 
 --args

 (Note the four --args.) However, R appears to have the right arguments
 (the first --args is deliberately ignored by R):

 R commandArgs(TRUE)
 [1] -i -j -k

 Any ideas why the display of the arguments in ps differs from the
 command line?

One possible explanation is that R modifies its original argv[] in place.

--8--
#include unistd.h

int
main(int argc, char *argv[])
{
if (argc  2)
return 1;

argv[1] = new-argv[1];

sleep(20);

return 0;
}
--8--

If you launch ./r some-arg you'll see new-argv[1] in ps(1) output.
As a side note this doesn't happen on Linux thus some projects don't
care much about the possible breakage on OpenBSD (see the pexp in
net/geomyidae/pkg/geomyidae.rc).

 With a simple shell script I cannot reproduce this. E.g.,

 ./test.sh --args -i -j -k

 with test.sh as

 #!/bin/sh

*

 echo $@
 sleep 10

 results in ps displaying

 /bin/sh ./test.sh --args -i -j -k

ksh doesn't do weird stuff like that, at least...

* you could insert ''set -- --args --args --args --args'' here, to
  replace the original arguments, ksh wouldn't modify argv either.

 Best regards,
 Ingo


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: WiFi BCM43224 not configured!

[Jérémie Courrèges-Anglas]

Stefan Sperling s...@stsp.name writes:

 On Wed, Jun 17, 2015 at 12:47:57PM +0200, Jérémie Courrèges-Anglas wrote:
 IIUC BCM43* nics could have been supported if development efforts hadn't
 been killed by licensing issues.  I doubt there are developers who want
 to work on this anymore.

 You're probably referring to the b43 Linux driver story from years ago.
 Our bwi(4) has nothing to do with that. It was ported from DragonflyBSD.

I was thinking about bcw(4).

 I believe the BCM43224 chip could be supported by bwn(4) in FreeBSD and
 definitely brcmsmac in Linux, both of which have a suitable licence.

Not sure about bwn(4), according to their online manpage, but indeed the
license of the linux driver seems appropriate[1].

 Of course, there's a non-trivial amount of work involved in porting either
 of these drivers over. Volunteers, please sign in blood here: __

:)

[1] 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/wireless/brcm80211/brcmsmac
-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: WiFi BCM43224 not configured!

[Jérémie Courrèges-Anglas]

Mohammad BadieZadegan mbzade...@gmail.com writes:

 Is that possible to informing the OpenBSD developers that use its driver on
 the next release?

Sorry but merely asking developers for feature X in release+1 is not the
way to go.

IIUC BCM43* nics could have been supported if development efforts hadn't
been killed by licensing issues.  I doubt there are developers who want
to work on this anymore.

Please follow Stefan's advices in
http://marc.info/?l=openbsd-portsm=143453181530615w=2 :

 Please replace it with a different supported minipci card, or use a
 supported USB wifi dongle.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: jwm ; speedy window manager

[Jérémie Courrèges-Anglas]

Eivind Eide xeno...@gmail.com writes:

 i recommend jwm as  window manager .

 Second that. It's a good WM for slow systems. But obsd port sticks at 2.1.0
 http://openports.se/x11/jwm
 while upstreams have 2.2.2
 http://www.joewing.net/projects/jwm/release-2.2.shtml#v2.2.2
 ...probably have to read myself up on updating obsd ports one day
 instead of whining...

We couldn't see the updates since upstream changed the location where
the releases are stored.  This has now been fixed and the road is clear
if anyone wants to give a shot at updating it. ;)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: smtpd outbound SSL3_GET_KEY_EXCHANGE:bad dh p length

[Jérémie Courrèges-Anglas]

Marcus MERIGHI mcmer-open...@tor.at writes:

 Hello, 

Hi,

 frankenstein warning: stable.mtier.org, all patches applied

 the mail server in question doesn't deliver to a certain destination
 (Network error on destination MXs). Other destinations work. When I
 connect manually I can send messages via the destination server. But no
 TLS involved this way. SMTP greeting of destination server:

 $ nc 216.55.105.124 25
 220 mobile-systems.at ESMTP Sendmail 8.14.5/8.13.4; Mon, 30 Mar 2015
   13:12:39 +0200 (CEST)

 log entries on originating server:

 Mar 30 13:11:18 frax smtpd[28031]: smtp-out: Connecting to
   smtp+tls://216.55.105.124:25 (216.55.105.124.hera.net) on session
   23d6e647b646bf14...
 Mar 30 13:11:18 frax smtpd[28031]: smtp-out: Connected on session
   23d6e647b646bf14
 Mar 30 13:11:24 frax smtpd[28031]: smtp-out: Error on session
   23d6e647b646bf14: IO Error: error:1408D06E:SSL
   routines:SSL3_GET_KEY_EXCHANGE:bad dh p length
 Mar 30 13:11:24 frax smtpd[28031]: smtp-out: Disabling route [] -
   216.55.105.124 (216.55.105.124.hera.net) for 800s
 Mar 30 13:11:24 frax smtpd[28031]: smtp-out: No valid route for
   [connector:[]-[relay:yyy.at,heloname=mail.xxx.at],0x0]
 Mar 30 13:11:24 frax smtpd[28031]: smtp-out: No valid route for
   [connector:[]-[relay:yyy.at,heloname=mail.xxx.at],0x0]

 I guess it's about the line:

 Error on session 23d6e647b646bf14: IO Error: error:1408D06E:SSL
   routines:SSL3_GET_KEY_EXCHANGE:bad dh p length

 Any hints on what's going wrong here?

This is likely due to /usr/src/lib/libssl/src/ssl/s3_clnt.c rev 1.108,
rev 1.85.2.1 on branch OPENBSD_5_6.

 Any hints on how to solve or work around?

Try to suggest mobile-systems.at folks that they use bigger dh
params? (512 - = 1024 bits)

 Thanks in advance, Marcus

 P.S.: is m...@opensmtpd.org dead?

The last mail I received from this list was 22 hours ago.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: [man ksh] missing keystroke for delete-char-forward

[Jérémie Courrèges-Anglas]

A diff has been committed (-current) to bind Delete (ESC[3~) to
delete-char-forward.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: pkg_add vs. cvs -up, and pkg_check telling me about unknown files directories

[Jérémie Courrèges-Anglas]

Joel Rees joel.r...@gmail.com writes:

 I recently tried, for fun, or because I wasn't thinking, I'm not sure
 which, doing a cvs -up in /usr/ports. It told me P or U for
 archivers/cabextract, net/isc-bind, and www/drupal6/views, none of
 which should be installed on my system. (I don't remember which was P
 and which U.) Since they are not supposed to be installed, I did not
 run make in any of their directories in /usr/ports.

cvs operations have little to do with the packages you have installed /
ports you have built.

  man cvs | less +'/ U '

pkg_check is known to report false positives.  I doubt there is enough
data to tell whether your pkg_add / pkg_info glitches are real issues or
just local, transient errors.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: postgresql-server exiting abnormally after upgrade to -snapshot

[Jérémie Courrèges-Anglas]

j...@wxcvbn.org (Jérémie Courrèges-Anglas) writes:

 Please try the diff below.  It fixes the backwards memcpy problem
 easily noticeable with psql -h ::1.

Updated diff. Thanks to Stuart for reminding me that netmasks sa_len
values can be much surprising.

$OpenBSD$
--- src/backend/libpq/hba.c.origMon Feb 16 21:53:21 2015
+++ src/backend/libpq/hba.c Mon Feb 16 23:08:38 2015
@@ -700,8 +700,13 @@ check_ip(SockAddr *raddr, struct sockaddr * addr, stru
struct sockaddr_storage addrcopy,
maskcopy;
 
-   memcpy(addrcopy, addr, sizeof(addrcopy));
-   memcpy(maskcopy, mask, sizeof(maskcopy));
+   memcpy(addrcopy, addr, sizeof(struct sockaddr_in));
+   /*
+* On some OSes, if mask is obtained from eg. getifaddrs(3), 
sa_len
+* can vary wildly. We already know that addr-sa_family == 
AF_INET,
+* so just use sizeof(struct sockaddr_in).
+*/
+   memcpy(maskcopy, mask, sizeof(struct sockaddr_in));
pg_promote_v4_to_v6_addr(addrcopy);
pg_promote_v4_to_v6_mask(maskcopy);
 


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: postgresql-server exiting abnormally after upgrade to -snapshot

[Jérémie Courrèges-Anglas]

Please try the diff below.  It fixes the backwards memcpy problem
easily noticeable with psql -h ::1.

$OpenBSD$
--- src/backend/libpq/hba.c.origMon Feb 16 21:53:21 2015
+++ src/backend/libpq/hba.c Mon Feb 16 21:54:44 2015
@@ -700,8 +700,8 @@ check_ip(SockAddr *raddr, struct sockaddr * addr, stru
struct sockaddr_storage addrcopy,
maskcopy;
 
-   memcpy(addrcopy, addr, sizeof(addrcopy));
-   memcpy(maskcopy, mask, sizeof(maskcopy));
+   memcpy(addrcopy, addr, addr-sa_len);
+   memcpy(maskcopy, mask, mask-sa_len);
pg_promote_v4_to_v6_addr(addrcopy);
pg_promote_v4_to_v6_mask(maskcopy);
 


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: sudo nohup tcpdump at startup

[Jérémie Courrèges-Anglas]

fRANz andrea.francesc...@gmail.com writes:

 On Thu, Jan 29, 2015 at 10:54 PM, Christopher Barry
 christopher.r.ba...@gmail.com wrote:

 what happens if you source /etc/rc.local instead?
 as in:
 [ -f /etc/rc.local ]  . /etc/rc.local

 Hi Christopher,
 I'm sorry, same behaviour: some commands were correctly invoked, for example:

 /sbin/ifconfig pflog0 up  /sbin/pflogd -f /dev/null

 but not tcpdump in this specific form:

 sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
 logger -t pf -p local2.info 

 The complete file is:

 # cat /etc/rc.local
 /sbin/ifconfig pflog0 up  /sbin/pflogd -f /dev/null
 sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
 logger -t pf -p local2.info 

Here nohup applies to tcpdump(1) only, not to logger(1).

- nohup logger -t pf -p local2.info 

 I already tried full paths but don't help.

 Again,
 it's not a problem hack the rc file but when possible I avoid it, as
 suggested many times in this list ;-)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: LibReSSL CHACHA20/POLY1305

[Jérémie Courrèges-Anglas]

Renaud Allard ren...@allard.it writes:

 On 11/14/2014 10:12 AM, Jonathan Gray wrote:

 Now openssl ciphers CHACHA20 works as intended
 # openssl ciphers CHACHA20
 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

 This is already present in rev 1.68/-current
 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68r1=1.67f=u


 So now, I have set in nginx.conf this
 ssl_ciphers !aNULL:AES256:AES128:CHACHA20:@STRENGTH;

 But using sslscan, I still get:
 FailedTLSv1  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305

I guess it means that you didn't feed with nginx an ecdsa cert.

 Is that somewhere else?


-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: security - pass the hash style attacks?

[Jérémie Courrèges-Anglas]

Philip Guenther guent...@gmail.com writes:

 [apologies for the contentless previous message]

 On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther guent...@gmail.com wrote:
 On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill n6gh...@yahoo.com wrote:
 ...
 what about kerberos? (windows K5 vs Unix K5?)

 There's a bunch of *really good* papers on Kerberos's design which
 discuss exactly these sorts of issues and how they are addressed or
 completely avoided.  I remember finding the one cast as a dialog
 between two system programmers (one named Athena...) as a good intro
 on this stuff.

Yup.  First tutorial link on this page:

  http://web.mit.edu/kerberos/papers.html

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: OT: integrating git branch output into ksh PS1 shell prompt?

[Jérémie Courrèges-Anglas]

Fred Snurd fredsn...@yahoo.com writes:

 Git fans like to know what branch is current, and bash's implementation
 of PS1 allows for update each time it is displayed. All of my attempts
 of adding a call to a ksh function into PS1 appear to be evaluated at
 the time that PS1 is set, but not upon each new display of the shell
 prompt. Does anyone have suggestions on how to have ksh execute
 a function upon each display of PS1?

Use single quotes, eg.

_ps1_err() {
local _rc=$?
[ $_rc -ne 0 ]  printf %s $_red
return $_rc
}
PS1='\h \w\[$(_ps1_err)\]\$\[$_nc\] '

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: OpenBSD 5.5 + FreeRADIUS 2.2: PID directory deleted on reboot?

[Jérémie Courrèges-Anglas]

Andrew Lester martinblan...@gmail.com writes:

 Hi all,

Hi,

 This is probably a very simple question, but for the life of me I have not 
 been able to
 locate a solution. I am running a RADIUS server on OpenBSD 5.5 stable (+ 
 openssl patches) 
 using FreeRADIUS 2.2.0p2 from the ports tree. When I first installed 
 FreeRADIUS, it worked
 great. However, when I rebooted the system, radiusd would no longer start. I 
 discovered
 the run_dir of /var/lrun/radiusd, which houses the PID file and socket, was 
 missing. I
 re-created the directory and changed its ownership to _freeradius. After 
 that, it
 started working again. But whenever the system reboots, the entire 
 /var/run/radiusd
 directory gets deleted somehow.

That's a fact, /var/run is cleaned up at boot time.

 The only references I could find regarding this happening with OpenBSD was on 
 a blog,
 where the recommendation was simply to manually re-create the directory. 
 There must be
 something I am missing here, and I feel like it’s probably quite simple. Does 
 anybody know
 what I need to do in order to prevent the run dir from being deleted, or know 
 if there is
 a better location for it where it won’t be automatically deleted when the 
 system reboots?

The fr package comes with an rc script that takes care of this for you:

  rc_pre() {
/usr/bin/install -d -o _freeradius /var/run/radiusd
  }

If you don't use it (eg. because you run radiusd -X in tmux), just add
that line to /etc/rc.local.

 Thanks in advance for any help, it is much appreciated and OpenBSD rocks!

:)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Custom kernel with PIPEX without IPSEC failed to compile

[Jérémie Courrèges-Anglas]

Ivan Solonin iss...@gmail.com writes:

 I tried to compile custom kernel in the 5.5 release of OpenBSD on landisk 
 platform with PIPEX, but found requirment of IPSEC by PIPEX.
 As I've found in file /sys/netinet/udp_usrreq.c it uses IPSEC only with L2TP 
 to distinguish IPsec packets against non-IPsec.
 Is PIPEX so strong require IPSEC?
 Is it possible to compile custom kernel with PIPEX enabled, but without IPSEC?

The landisk 5.5 kernel weighs 3664076 bytes. I'd say that trying to get
rid of a few kilobytes won't help much.

Regarding your actual question, no idea. ;)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Custom kernel with PIPEX without IPSEC failed to compile

[Jérémie Courrèges-Anglas]

Sender: owner-m...@openbsd.org
On-Behalf-Of: j...@wxcvbn.org
Subject: Re: Custom kernel with PIPEX without IPSEC failed to compile
Message-Id: 87lhspkug7@ritchie.wxcvbn.org
Recipient: adam.atkin...@damovo.com
Received: from Mail2.damovo.com (109.204.121.44)
by UK001B237.d.grp (10.8.1.9) with Microsoft SMTP Server (TLS) id 
14.2.318.4; Sun, 22 Jun 2014 13:20:57 +0100
Received: from cluster-j.mailcontrol.com (85.115.54.190)
by Mail2.damovo.com (109.204.121.44) with Microsoft SMTP Server (TLS) 
id 14.2.318.4; Sun, 22 Jun 2014 13:20:56 +0100
Received: from shear.ucar.edu (lists.openbsd.org [192.43.244.163])
by rly45j.srv.mailcontrol.com (MailControl) with ESMTP id 
s5MCKqbQ004783 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 
verify=FAIL)
for adam.atkin...@damovo.com; Sun, 22 Jun 2014 13:20:55 +0100
Received: from openbsd.org (localhost [127.0.0.1])
by shear.ucar.edu (8.14.5/8.14.5) with ESMTP id s5MCUnkU005827
for adam.atkin...@damovo.com; Sun, 22 Jun 2014 06:30:49 -0600 (MDT)
Received: from chomsky.autogeree.net (chomsky.autogeree.net [91.216.110.36])
by shear.ucar.edu (8.14.5/8.14.5) with ESMTP id s5MCUTvg030186 
(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
for misc@openbsd.org; Sun, 22 Jun 2014 06:30:31 -0600 (MDT)
Received: from ritchie.wxcvbn.org (localhost [127.0.0.1])
by wxcvbn.org (8.14.8/8.14.8) with ESMTP id s5MCJcxL011658; Sun, 22 Jun 
2014 14:19:38 +0200 (CEST)
Received: (from jca@localhost)
by ritchie.wxcvbn.org (8.14.8/8.14.8/Submit) id s5MCJaa4026132; Sun, 22 
Jun 2014 14:19:36 +0200 (CEST)
From: =?utf-8?Q?J=C3=A9r=C3=A9mie_Courr=C3=A8ges-Anglas?= j...@wxcvbn.org
To: Ivan Solonin iss...@gmail.com
CC: misc@openbsd.org
Subject: Re: Custom kernel with PIPEX without IPSEC failed to compile
References: op.xhul9xnc16z...@ic0.lan.rlan
Mail-Followup-To: Ivan Solonin iss...@gmail.com, misc@openbsd.org
Date: Sun, 22 Jun 2014 14:19:36 +0200
Message-ID: 87lhspkug7@ritchie.wxcvbn.org
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
List-Help: mailto:majord...@openbsd.org?body=help
List-ID: misc.openbsd.org
List-Owner: mailto:owner-m...@openbsd.org
List-Post: mailto:misc@openbsd.org
List-Subscribe: mailto:majord...@openbsd.org?body=sub%20misc
List-Unsubscribe: mailto:majord...@openbsd.org?body=unsub%20misc
X-Loop: misc@openbsd.org
Precedence: list
Sender: owner-m...@openbsd.org
X-Mailcontrol-Inbound: 8gSgIv9v3sbRnxYICSb3h!uiaIa96vptNsOUTq2TeYo=
X-Spam-Score: 1.106
X-Scanned-By: MailControl 28796.38 (www.mailcontrol.com) on 10.74.0.155
Return-Path: owner-misc+M140773=adam.atkinson=damovo@openbsd.org
X-MS-Exchange-Organization-OriginalArrivalTime: 22 Jun 2014 12:20:56.5112 (UTC)
X-MS-Exchange-Organization-OriginalClientIPAddress: 85.115.54.190
X-MS-Exchange-Organization-OriginalServerIPAddress: 109.204.121.44
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: Mail2.damovo.com
X-MS-Exchange-Organization-PRD: openbsd.org
Received-SPF: None (Mail2.damovo.com: owner-m...@openbsd.org does not designate 
permitted sender hosts)
X-MS-Exchange-Organization-OriginalSize: 2778
X-MS-Exchange-Forest-MessageScope: ----
X-MS-Exchange-Organization-MessageScope: ----
X-MS-Exchange-Organization-HygienePolicy: Standard
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0
X-MS-Exchange-Organization-MessageLatencyInProgress: 
LSRV=Mail2.damovo.com:TOTAL=0;2014-06-22T12:20:56.760Z
X-MS-Exchange-Forest-ArrivalHubServer: UK001B237.d.grp
X-MS-Exchange-Organization-SenderIdResult: NONE
X-MS-Exchange-Organization-AuthSource: Mail2.damovo.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-MessageLatency: SRV=Mail2.damovo.com:TOTAL=0
X-MS-Exchange-Organization-Recipient-Limit-Verified: True
X-MS-Exchange-Forest-RulesExecuted: UK001B237
X-MS-Exchange-Organization-Rules-Execution-History: 
WW-SetDomainsAsNotJunk%%%DamovoUK-FaultEscalation%%%DamovoUK_AutoResponse%%%DE-UPSAlarmRule%%%BE-OutboundDisclaimer%%%WW-OutboundDisclaimer%%%UK-OutboundDisclaimer%%%IE-OutboundDisclaimer%%%DamovoUK_GFiRule%%%DE-Redirect_Techem%%%CH-SupportRule%%%UKScanToEmailBlockExternal

Ivan Solonin iss...@gmail.com writes:

 I tried to compile custom kernel in the 5.5 release of OpenBSD on landisk 
 platform with PIPEX, but found requirment of IPSEC by PIPEX.
 As I've found in file /sys/netinet/udp_usrreq.c it uses IPSEC only with L2TP 
 to distinguish IPsec packets against non-IPsec.
 Is PIPEX so strong require IPSEC?
 Is it possible to compile custom kernel with PIPEX enabled, but without IPSEC?

The landisk 5.5 kernel weighs 3664076 bytes. I'd say that trying to get
rid of a few kilobytes won't help much.

Regarding your actual question, no idea. ;)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF 

Re: Ethernet configuration problem

[Jérémie Courrèges-Anglas]

Salut Thuban, hi folks,

Thuban thu...@yeuxdelibad.net writes:

 Hello,
 I am currently trying to install OpenBSD 5.5 on a usb stick, and didn't
 manage to connect to the internet (to download file sets).

 Neither dhcp works.
 I tried to configure the interface manually, but the ethernet interface
 seems to still be sleeping. I used this command :

 ifconfig jme0 inet 192.168.1.68 255.255.255.0 192.168.1.255

 If it can help, here is an extract from the `dmesg` command (written by
 hand, sorry)

 jme0 at pci3 dev 0 function 0 JMicron JMC250 rev 0x05; msi, address ...

The OpenBSD project doesn't seem to have any record of this particular
revision of this card.  Thus I wouldn't expect it to work.

What would be cool, now, if you have a working wireless interface (I
guess you don't) or if you have another usb stick: send the dmesg of
your machine as hinted here:

  http://www.openbsd.org/faq/faq4.html#SendDmesg

Note that you can also download the sets before performing the install
in bsd.rd (then you can fetch them from your second USB stick).

 jmphy0 at jme0 phy 1: JMP211 10/100/1000 PHY, rev.1

 The command ifconfig detect 2 interfaces : jme0 and vlan0 (wifi I
 guess?)

No, vlan interfaces are... vlan interfaces.  There is no network
interface named wlan on OpenBSD, those wireless interfaces are named
like the drivers that support them.

 Do you have any suggestion to make this ethernet working?

Send your hardware to a developer interested in adding support for
it? :)

 All my apologize for my bad english and beginner questions.

 Regards,

 --
 Thuban
 PubKey : http://yeuxdelibad.net/Divers/thuban.pub
 KeyID : 0x54CD2F2F

 [demime 1.01d removed an attachment of type application/pgp-signature which 
 had a name of signature.asc]

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Chain loading from grub 0.97

[Jérémie Courrèges-Anglas]

Benjamin Heath benjamin.joel.he...@gmail.com writes:

 Hello misc!

 I've had Openbsd 5.5 for a while as the sole system on my eeepc. I decided
 to install grub and multi boot to either Linux or Freebsd.

 # pkg_add grub
 # grub-install
 # reboot

 Oops. I didn't configure it. Oh well, I'm sure I can just use grub manually
 to chainload Openbsd. First I make sure nothing was erased.

 grub find /boot
   (hd0,3,a)
 grub find /bsd.rd
   (hd0,3,a)
 grub find /root/.profile
   (hd0,3,a)

 So it's clearly still there.

 grub rootnoverify (hd0,3,a)
 grub chainloader +1
 grub boot

What about (untested):

grub rootnoverify (hd0,3)
grub chainloader +1
grub boot

[...]

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: bind port broken

[Jérémie Courrèges-Anglas]

Stéphane Guedon steph...@22decembre.eu writes:

 Le lundi 19 mai 2014 14:59:54, vous avez écrit :
 You provide zero details on what you are doing, how can someone know
 what to fix without the minimum bits of information.

 I was aware of the thing, yet didn't know what to do since I have done
 really really few.

 I just placed myself in /usr/ports/net/isc-bind and launched a make
 clean, then make as explained on the faq page.

 Then, make produced a lot of compil work which ended at :

[...]

 *** Error 2 in bin/named (Makefile:559 'named')
 *** Error 1 in bin (Makefile:100 'subdirs')
 *** Error 1 in /usr/obj/ports/isc-bind-9.9.3pl1/build-amd64
 (Makefile:107 'subdirs')
 *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2659
 '/usr/obj/ports/isc-bind-9.9.3pl1/build-amd64/.build_done')
 *** Error 1 in /usr/ports/net/isc-bind
 (/usr/ports/infrastructure/mk/bsd.port.mk:2388 'all')

 The release is bind 9.9.3, I am on amd64 and my openbsd is a 5.5 just
 upgraded (so I had to rebuild my bind cause it contains the dnssec
 signer I use).

$ cd /usr/ports/net/isc-bind  cvs up -r OPENBSD_5_5 Makefile

gives me a 9.9.5 bind port, not 9.9.3.  Confusing...

[...]


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: bgpd/session.c+rde.c code explanation

[Jérémie Courrèges-Anglas]

Denis Fondras open...@ledeuns.net writes:

 please, if you want to help, be MUCH more precise (and get clear on
 what side of the fork() we are). With a report like that I had to go
 through large parts of code to ecventually maybe spot what you are
 referring to. That doesn't help, that just costs time. I appreciate
 the effort, but please make it easier to consume for us :)
 

 Sorry for the imprecise question.

 I am reading src/usr.sbin/bgpd/rde.c (rev 1.328).
 At line 234 (so in the child process), there is :

   if ((conf = calloc(1, sizeof(struct bgpd_config))) == NULL)

 I can't find any free(conf) later in the code. From _exit(2) I don't
 understand it can free allocated memory on itself. How is it handled ?

By the OS, which cleans up after the process exits.  If it wasn't that
way, we'd all have a much shorter uptime...

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: bgpd/session.c+rde.c code explanation

[Jérémie Courrèges-Anglas]

Denis Fondras open...@ledeuns.net writes:

 By the OS, which cleans up after the process exits.  If it wasn't that
 way, we'd all have a much shorter uptime...
 

 Thank you Jérémie :)
 I had not considered it as I can see

 ...
 free(ibuf_rde);
 ...
 free(ibuf_main);
 ...

 at the end of session_main() in session.c.

Maybe you should consider this as best effort.  It's a good thing to
clean up at the end of a function in an executable, even in error cases
where the end result is exit(1) / err() / fatal(), because code gets
copied and used in different contexts (where cleaning up could be
necessary).

But from discussions on tech@ a few months ago, you'll see that there is
no real interest in amending those non-problems if no true audit is
done to track down all occurrences in a particular piece of software.

That said, thid diff works fine on a simple test setup.

Index: session.c
===
RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.334
diff -u -p -p -u -r1.334 session.c
--- session.c   22 Jan 2014 04:08:08 -  1.334
+++ session.c   6 May 2014 13:21:26 -
@@ -599,6 +599,7 @@ session_main(int pipe_m2s[2], int pipe_s
free(la);
}
free(conf-listen_addrs);
+   free(conf);
free(peer_l);
free(mrt_l);
free(pfd);

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: dovecot-lda delivery failure: can't expand ~/

[Jérémie Courrèges-Anglas]

Steve Fairhead st...@fivetrees.com writes:

 Hi folks,

Hi,

 I'm preparing a new machine (OpenBSD 5.5, Dovecot 2.2.10) to replace an
 elderly but venerable (OpenBSD 4.3, Dovecot 1.0.10) mailserver. Access
 from mail clients to the IMAP Maildirs is working fine (so it's not an
 auth issue, I think), but local mail delivery (to/from system users) is
 failing. The maillog shows this:

 May  4 12:03:10 hglserver-test1 dovecot: lda(steve): Error: user steve:
 Initialization failed: Namespace '': Home directory not set for user.
 Can't expand ~/ for mail root dir in: ~/Maildir

 May  4 12:03:10 hglserver-test1 dovecot: lda(steve): Fatal: Invalid user
 settings. Refer to server log for more information.

 May  4 12:03:10 hglserver-test1 sendmail[5139]: s440WjIS026017: to=|
 /usr/local/libexec/dovecot/deliver, ctladdr=steve (1000/1000),
 delay=10:30:25, xdelay=00:00:00, mailer=prog, pri=2269378, dsn=4.0.0,
 stat=Deferred: prog mailer (/bin/sh) exited with EX_TEMPFAIL

 The configuration for mail location is:

 mail_location = maildir:~/Maildir

 and again, mail clients can see this. I'm using sendmail with .forward
 files calling the LDA as documented in the Dovecot wiki:

 | /usr/local/libexec/dovecot/deliver

Note that this is now merely a symlink to
/usr/local/libexec/dovecot/dovecot-lda.

 where dovecot/deliver is a stock symlink to dovecot-lda. The
 conf.d/15-lda.conf file is stock, which appears correct to me.

 I've searched and searched for clues; the lack of relevant results in
 e.g. Google leads me to the humbling conclusion that I'm doing something
 monumentally stupid. Any cluebats gratefully accepted.

I use the dovecot, just to fill and access my maildir (no listener or
auth involved), with ''dovecot-lda -kc conffile'' from my .forward.  It
uses the environment to expand my ~/Maildir path, and userdb { driver =
passwd } (just to avoid spam about disabling the duplicates database).

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: bgpd/session.c+rde.c code explanation

[Jérémie Courrèges-Anglas]

Claudio Jeker cje...@diehard.n-r-g.com writes:

 On Tue, May 06, 2014 at 03:32:06PM +0200, Jérémie Courrèges-Anglas wrote:
 Denis Fondras open...@ledeuns.net writes:
 
  By the OS, which cleans up after the process exits.  If it wasn't that
  way, we'd all have a much shorter uptime...
  
 
  Thank you Jérémie :)
  I had not considered it as I can see
 
  ...
  free(ibuf_rde);
  ...
  free(ibuf_main);
  ...
 
  at the end of session_main() in session.c.
 
 Maybe you should consider this as best effort.  It's a good thing to
 clean up at the end of a function in an executable, even in error cases
 where the end result is exit(1) / err() / fatal(), because code gets
 copied and used in different contexts (where cleaning up could be
 necessary).

 Bad advice, you should not cleanup before err() or fatal() ever.
 It could very well be that you hit a bug that trashed your heap and
 calling free() will not solve anything. Doing cleanup before exit is only
 used to check for memleaks with simple tools.

I do agree with your argument, but I find it hard to apply every time.
When looking at one function it can be hard to see if the caller(s)
will call fatal() or not (not all errors are fatal, after all).

Sorry for the bad advice.

[...]

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Hearbleed and OpenSSL 1.0.1c

[Jérémie Courrèges-Anglas]

Lars Bonnesen lars.bonne...@gmail.com writes:

 Just want to make sure if I get this right.

 Patches 007 and 008 (OpenSSL-fix) for 5.4 has been run.

 OpenBSD 5.5 install source code patch branch run and compiled.

 On both setup I get this:

 # openssl version -a
 OpenSSL 1.0.1c 10 May 2012
 built on: date not available
 platform: information not available
 options:  bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int)
 blowfish(idx)
 compiler: information not available
 OPENSSLDIR: /etc/ssl

 As far as I understand, OpenSSL 1.0.1g is needed in order to be home same
 reg. heartbleed.

 I know that OpenBSD's OpenSSL is a fork, and this is maybe where the
 confussion comes in... but can someone clarify for me the above?

The patches you applied are just that, patches that fix the problem
they're supposed to fix.  There is no reason to change the OpenSSL
version in such a patch, it would be a lie.

This is not related to the fork, which happened in -current and does not
affect 5.5.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: pkg_add http://${REDIRECT}

[Jérémie Courrèges-Anglas]

Hi,

Try to deal with packages like the OpenBSD project does.
Just stuff your packages in http://foo/$release/packages/$arch/
Tell your clients to tweak their pkg.conf and run pkg_add 10bees
That's it.

When you have a new version / a bumped package, just upload it there.
You don't need to purge the older ones; this would allow your clients to
rollback to an older version easily.  Supporting -current involves more
work, you'd have to coordinate with both the OpenBSD development process
and your clients to distribute freshly built packages.

BTW for 5.5+ you will have to deal with signed packages.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: ftp-proxy versus IPv4 and IPv6 dual stack?

[Jérémie Courrèges-Anglas]

John Jasen jja...@realityfailure.org writes:

 As a quick sanity check, the ftp-proxy daemon in OpenBSD 5.4 through
 -current does NOT listen on IPv4 and IPv6 simultaneously?

As documented.

 In order to support FTP over IPv4 and IPv6, two running ftp-proxy
 daemons would be required, one with the -6 flag?

Yup.  Well, if you need ftp-proxy in the first place.  Are you sure you
need FTP btw? :)

 If so, I do not see an immediate way to fire two ftp-proxy instances in
 rc.conf.* -- would one of them have to be triggered from rc.local? Or is
 there a cleaner way?

They can't be started by the same, unmodified rc.d/ftpproxy script*.
I'd start both from rc.local to prevent confusion.

* if it had to be integrated with rc.d(8), that would mean adding
  a ftpproxy6 script, hooking it in /etc/rc and adding a -4 flag to
  ftpproxy so that the daemons command lines differ properly for rc.d(8)
  signalling.
-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: ftp-proxy versus IPv4 and IPv6 dual stack?

[Jérémie Courrèges-Anglas]

Stuart Henderson s...@spacehopper.org writes:

 On 2014-04-15, Jérémie Courrèges-Anglas j...@wxcvbn.org wrote:
 * if it had to be integrated with rc.d(8), that would mean adding
   a ftpproxy6 script, hooking it in /etc/rc and adding a -4 flag to
   ftpproxy so that the daemons command lines differ properly for rc.d(8)
   signalling.

 It needs handling one way or another, and that doesn't seem *too* horrible
 (not that it's exactly nice)..

other alternatives i can think of, more or less ugly / worth it:
- tweaking pexp
- ln /usr/sbin/ftp-proxy /usr/sbin/ftp6-proxy, handle argv[0]
- handling carefuly both v4 and v6 in the same ftpproxy

option 2 looks easy and less error-prone even if the name looks ugly.
dunno what others think.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: 003_ftp.patch, cert ref count

[Jérémie Courrèges-Anglas]

Mike Small sma...@panix.com writes:

 Was looking at
 http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/003_ftp.patch.sig
 this last chunk...

 + if (ssl_verify) {
 + X509  *cert;
 +
 +   cert = SSL_get_peer_certificate(ssl);
 +  if (cert == NULL) {
 +  fprintf(ttyout, %s: no server 
 certificate\n,
 +  
 getprogname());
 + 
   goto cleanup_url_get;
 + 
   }
 +
 +   if (ssl_check_hostname(cert, host) != 0) {
 +  fprintf(ttyout, 
 %s: host `%s' not present in
 + 
 server certificate\n,
 + 
   getprogname(), host);
 + 
goto cleanup_url_get;
 + 
  }
 +
 +   X509_free(cert);
 }


 If that second check fails and you goto cleanup_url_get you skip
 X509_free(cert). Wouldn't that screw up the reference count?

Good catch.

 Or does
 that not matter after SSL_Shutdown and SSL_Free are called?

It does not matter because if the second check fails, we're going to
exit the process anyway, so a memory leak does not have an impact; I'm
more concerned by the ssl_ctx allocation, for which I already have
a diff.

Thanks,
-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: heartbleed ssl bug and ports or packages question

[Jérémie Courrèges-Anglas]

Didier Wiroth dwir...@gmail.com writes:

 Hello,
 I'm not a developer but more of an openbsd hobbyist.
 I'm using current with current packages that are a few days old.

 I patched my openbsd servers and revoked all my ssl keys, generated
 new ones and changed every possible password.
 Even though, as far as I understood, you can't be sure credentials
 have not been read out of memory and your system has not been
 compromised at some point in the past.
 Anyway, I had a look at the following patch and was reading the comments:
 http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/002_openssl.patch.sig
 and came across this line:
 Also recompile any statically-linked binaries depending on it

 F.ex. I use dovecot:
 # ldd `which dovecot`
 /usr/local/sbin/dovecot:
 StartEnd  Type Open Ref GrpRef Name
 04f81c50 04f81c913000 exe  10   0  /usr/local/sbin/dovecot
 04fa2152c000 04fa219f4000 rlib 01   0
 /usr/local/lib/dovecot/libdovecot.so.2.0
 04fa1d89 04fa1dd7d000 rlib 01   0  /usr/lib/libc.so.74.0
 04fa275a7000 04fa27aa4000 rlib 01   0
 /usr/local/lib/libiconv.so.6.0
 04fa2bb0 04fa2bb0 rtld 01   0  /usr/libexec/ld.so

 The following library is not listed: /usr/lib/libssl.so.20.0
 So I guess ssl was statically compiled in the dovecot package/port, as
 dovecot supports ssl and I currently use it.

/usr/local/sbin/dovecot is not the listener facing the network.

ldd /usr/local/libexec/dovecot/imap-login

 Is it possible to track which ports or packages have statically
 compiled in ssl support?

I can't think of a reliable way to do this.  I doubt there are many of
such ports.

 Do I need to recompile/rebuild the port with the patched libssl library?
 or better ... but slower:
 Do I need to recompile every ports to be sure the bug can't be
 exploited on my openbsd systems?

Your call.  Note that dpb makes it easy.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: unlink utility

[Jérémie Courrèges-Anglas]

Dmitrij D. Czarkoff czark...@gmail.com writes:

 Gilles Chehade said:
 without commenting on the need for the utility itself, the code you have
 provided does not respect the coding style of OpenBSD, and your main
 function shouldn't be returning errno

 Sorry, I was not paying enough attention to style.

Not discussing the usefulness of unlink(1), but it's bikeshedding time
here.  Sorry. :)

 What about this one:

 
  unlink.c
 
 /*
  * Copyright (c) 2014 Dmitrij D. Czarkoff czark...@gmail.com
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */

 #include errno.h
 #include locale.h
 #include stdio.h
 #include stdlib.h
 #include unistd.h

 extern char   *__progname;

 static void   usage(void);

 int
 main(int argc, char **argv)
 {
   setlocale(LC_ALL, );

   if (argc != 2)
   usage();

I suggest using getopt() and the usual argc -= optind, argv += optind
dance, for consistency at the source level and to handle --
transparently.

   else if (unlink(*(argv + 1))) {

With what I said above, this becomes *argv.

   perror(__progname);
   return (1);

err() can do this in one line, while giving you a more rich error message:

err(1, unable to delete `%s', *argv);

   }
   return (0);
 }

 static void
 usage(void)
 {
   (void)fprintf(stderr, usage: %s file\n, __progname);

Now that we have getprogname(), maybe we could start using it?

   exit(1);
 }
 

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: unlink utility

[Jérémie Courrèges-Anglas]

Theo de Raadt dera...@cvs.openbsd.org writes:

 but given that 'unlink' is already used in some scripts

 I would like to see some proof of that.

 The way I see it, the ports tree is a large enough ecosystem capable
 of measuring whether something is in use.

 So, since it isn't in the ports tree, please show some proof.

The only port that we patch so that it calls rm -f instead of unlink at
runtime is sysutils/gitolite.  The patch has already been committed
upstream.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: ksh reopening stdin

[Jérémie Courrèges-Anglas]

LEVAI Daniel l...@ecentrum.hu writes:

 Hi!

Hi Daniel,

 I'm doing this:


 --- script.sh ---
 #!/bin/ksh

 for word in $(tr '\n' ' ');do
 # ^^ tr(1) reads from standard input
  ... some stuff ...
 done

 read FOO

 case ${FOO} in
  ... ... ...
 esac
 --- script.sh ---

 $ script.sh  /foo/bar


 The problem with this of course, is that I want `read' to read from the
 user interactively, also from stdin, but stdin is piped to the script
 (and subsequently to tr(1)) before `read'. So now `read' just gets eof.

 I'm thinking about something along the lines of first closing the
 stdin that is piped to the script (somehow, I don't know), then
 reopening it (also, somehow). I know this sounds vague, but does the
 concept makes sense at all?

 I was playing around with something like this:

 for word in $(tr ..);do; ... ;done

 exec 3/dev/stdin
 exec -
 exec 03

 read FOO

Try using ''read  /dev/tty'' for your interactive user input.

 Thanks for any pointers!

 Daniel

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: The unknown in i386-unknown-openbsd5.4

[Jérémie Courrèges-Anglas]

na...@mips.inka.de (Christian Weisgerber) writes:

[...]

 Maybe we can just leave it.

Indeed.

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
(previous: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494)

Re: The unknown in i386-unknown-openbsd5.4

[Jérémie Courrèges-Anglas]

Adam Jensen han...@riseup.net writes:

 On Sun, 02 Feb 2014 18:19:50 +0100
 j...@wxcvbn.org (Jérémie Courrèges-Anglas) wrote:

  Maybe we can just leave it.
 
 Indeed.
 

 Well, at least you didn't call it a bikeshed issue (though, that
 probably would have been a more compelling statement).

Fine: I call this a bikeshed issue.

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
(previous: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494)

Re: OpenBSD as a router on Oracle T5120

[Jérémie Courrèges-Anglas]

Eduardo Meyer dudu.me...@gmail.com writes:

[...]

 I will try
 ftp://ftp.openbsd.org//pub/OpenBSD/snapshots/sparc64/install55.iso right
 now. Other than simply running it is there anything else I should look at,
 or any new command line tool to play around?

Disabling pf and kern.pool_debug would save some CPU cycles.

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
(previous: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494)

Re: netstat segfault on -current

[Jérémie Courrèges-Anglas]

Alexey Suslikov alexey.susli...@gmail.com writes:

 On Tue, Dec 24, 2013 at 12:16 AM, Chris Smith obsd_m...@chrissmith.org 
 wrote:
 On Mon, Dec 23, 2013 at 5:10 PM, Alexey E. Suslikov
 alexey.susli...@gmail.com wrote:
 blind guess - you have kernel and userland out of sync.

 Not so.

 It doesn't matter how so: ABI is either in sync, or it is out of sync (hence
 the issue). cvs up and rebuild/reinstall netstat.

This may very well be a real issue, not just another case of
out-of-sync.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Is Ext2 stable enough for normal use?

[Jérémie Courrèges-Anglas]

Tekk t...@parlementum.net writes:

 I've got an ext3 /home partition which I use under linux, how likely is
 it that files will get clobbered if I use the same /home under a dual
 boot with openbsd?

This is a really really really bad idea, even without taking into
account that ext2fs support is minimal (eg. some recent modifications
made on ext2/3 created on Linux make the FS unusable on OpenBSD).

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Issues compiling binkd-1.1 on OpenBSD 5.3 (testing on 5.4 in a bit, as well); ns_msg undeclared

[Jérémie Courrèges-Anglas]

Damon Getsman damo.g...@gmail.com writes:

 I've got a system that I'm trying to get connected to another fidonet hub
 [again], but I'm having issues now that I'm having to connect to a new
 coordinator.  Previously I was able to connect via binkd-0.9.4, but I'm
 having issues that I can't get resolved between several people very
 experienced with binkd; it appears to be an incompatibility between more
 recent versions and 0.9.4, not a configuration issue.

 Unfortunately, when attempting to get binkd-1.1 to compile on my OpenBSD
 5.3 system, there appears to be some issues either locating a library or
 finding the correct library to install on my system.  There is a rather
 large lack of information for my situation available; as far as anybody
 experienced with fidonet or binkd (as far as I know) knows, I'm the only
 person that has had binkd running on OpenBSD, let alone run into these
 incompatibilities and tried to get binkd-1.1 to compile in this environment.

 Here is the problem that I've been getting, starting with the 'configure'
 shell script output that seems to be applicable:
 -=-=-
 checking for ns_initparse... no
 checking for ns_msg._msg_ptr... no
 checking for ns_msg._ptr... no
 -=-=-

 and then, compilation seems to go fine until I hit the last few files
 before final linkage; 'make' errors follow:
 -=-=-
 Compiling srv_gai.c...
 srv_gai.c: In function 'srv_getaddrinfo':
 srv_gai.c:82: error: 'ns_msg' undeclared (first use in this function)
 srv_gai.c:82: error: (Each undeclared identifier is reported only once
 srv_gai.c:82: error: for each function it appears in.)
 srv_gai.c:82: error: expected ';' before 'nsb'
 srv_gai.c:83: error: 'ns_rr' undeclared (first use in this function)
 srv_gai.c:83: error: expected ';' before 'rrb'
 srv_gai.c:137: error: 'ns_c_in' undeclared (first use in this function)
 srv_gai.c:137: error: 'ns_t_srv' undeclared (first use in this function)
 srv_gai.c:151: warning: implicit declaration of function 'ns_initparse'
 srv_gai.c:151: error: 'nsb' undeclared (first use in this function)
 srv_gai.c:163: warning: implicit declaration of function 'ns_msg_count'
 srv_gai.c:163: error: 'ns_s_an' undeclared (first use in this function)
 srv_gai.c:164: warning: implicit declaration of function 'ns_parserr'
 srv_gai.c:164: error: 'rrb' undeclared (first use in this function)
 srv_gai.c:168: warning: implicit declaration of function 'ns_rr_class'
 srv_gai.c:171: warning: implicit declaration of function 'ns_rr_type'
 srv_gai.c:173: warning: implicit declaration of function 'ns_rr_rdlen'
 srv_gai.c:178: warning: implicit declaration of function 'ns_rr_rdata'
 srv_gai.c:178: warning: assignment makes pointer from integer without a cast
 *** Error 1 in /usr/src/binkd-1.1 (Makefile:76 'srv_gai.o': @gcc -c
 -DPACKAGE_NAME=\\ -DPACKAGE_TARNAME=\\ -DPACKAGE_VERSION=\\ -DPACK...)
 -=-=-

You need stuff that was moved from base to the net/libbind package.

 Now, I will be the first one to admit that my knowledge of Makefile syntax
 and operations is pretty limited.  I can fumble my way through general
 modifications, but I'm not sure I'm doing things correctly.  I've gotten
 some difficult packages to compile that haven't wanted to on particular
 systems, but I find these solutions pretty much by educated guess.  I know
 C/C++, but I can't say that I've ever coded anything more than a few
 hundred (600) lines long in that language.  So as far as porting to a new
 operating system, taking into account SYSV/BSD differences and anything
 else, I'm pretty lost.

 My web searching for the ns_msg and associated functions seemed to indicate
 that this is a part of libspf2,

Well, libspf2 depends on libbind.

 which I then installed via pkg_add to my
 system.  Right off the bat I attempted a freshly started 'configure' and
 'make'.  The configuration still indicated success, but with the same 'not
 found' messages that I indicated in my first cut 'n paste in this message.
  I then made several modifications to the Makefile and even attempted
 manual compilation of srv_gai.c with different command lines, trying to
 manually specify -lspf2.  No luck.  I even tried switching the order of the
 compilation in order to compile unix/ns_parse.c prior to srv_gai.c,
 thinking (strictly due to the superficial resemblance of the name of this
 file and hints that I saw in the source code) that perhaps an ns_msg may
 reside in there.  Yeah, it was desperation time by this point.  No go.

So... you need to add /usr/local/include/bind/ to the include search
list, /usr/local/lib/libbind/ to the lib search list (with -L and -R),
you need to link against libbind (-lbind), and you need to patch
srv_gai.c so that it includes arpa/nameser.h.

The provided Makefile.in doesn't honor CPPFLAGS / LDFLAGS.

 At this point I'm totally out of ideas.  I'd be grateful for anything that
 anybody might be able to suggest.  Well, with possible exception of
 switching operating systems.  My machine that has ports forwarded 

Re: Patch to fix /etc/rc.d/identd...

[Jérémie Courrèges-Anglas]

Adam Jeanguenat a...@voyager.6v6.org writes:

Below is a patch to fix the identd rc.d script, which currently
 doesn't allow you to stop the daemon because ${pexp} is passed
 incorrectly.

Fixed, thanks.

Note the string identd: resolver is 16 chars long and at the
 limit of what OpenBSD cares about (according to the pgrep/pkill(1) man
 page), but it works fine. I suppose both strings could be shortened if
 desired, but I figured the least amount of ambiguity was the best.

This 16-bytes limitation is not a problem when using -f.

If identd is already running, /var/run/rc.d/identd will need to be
 manually deleted first as it contains the wrong ${pexp}.

--avj


 Index: identd
 ===
 RCS file: /home/cvsync/src/etc/rc.d/identd,v
 retrieving revision 1.6
 diff -u -p -r1.6 identd
 --- identd8 Aug 2013 15:41:28 -   1.6
 +++ identd4 Dec 2013 19:17:26 -
 @@ -7,6 +7,7 @@ daemon_flags=-e
  
  . /etc/rc.d/rc.subr
  
 +pexp=identd: (listen|resolver)
  rc_reload=NO
  
  rc_cmd $1


-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Issues compiling binkd-1.1 on OpenBSD 5.3 (testing on 5.4 in a bit, as well); ns_msg undeclared

[Jérémie Courrèges-Anglas]

j...@wxcvbn.org (Jérémie Courrèges-Anglas) writes:

[...]

 If building binkd on OpenBSD is so painful then a port could be useful.

Something like that...

[demime 1.01d removed an attachment of type application/octet-stream]
-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: samba and e2fsprogs packages -- 5.4

[Jérémie Courrèges-Anglas]

Peter Fraser p...@thinkage.ca writes:

 samba required the e2fsprogs package. The problem occurs when trying to use 
 samba's net command.
 The net command requires libuuid.
  It was not easy to find where libuuid was located.

This kind of report should go to ports@... (redirecting there on
purpose).

What's the exact error / problem?

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Are there OpenBSD users who are not IT professionals?

[Jérémie Courrèges-Anglas]

Salim Shaw salims...@vfemail.net writes:

 OpenBSD is for the world. You have to ask yourself a few questions. Are
 you an open source advocate? Do you like the freedom to use an operating
 system the way you want to? Do you value stability and code correctness
 in an operating system? Is security paramount in your computing world?
 Do you value accurate documentation and a developer world who pride
 themselves on correctness? If the answer to these few question is yes,
 then OpenBSD is for you.

I'd like to point out that yes is not a required answer to all those
questions.  Just pick what you like...

[...]

-- 
jca | PGP : 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Mount CD/DVD and playback DVD as normal user

[Jérémie Courrèges-Anglas]

Fred open...@crowsons.com writes:

 On 11/12/13 20:48, Laurence Rochfort wrote:
 Thanks Fred,

 /cdrom is the mount point, so no I don't think it should be a symlink.

 The command is:

 $ mount /dev/cd0a /cdrom
 mount_cd9660: /dev/cd0a on /cdrom: Operation not permitted

 Hi Laurence,

 You are right it should just be a node so not a symlink.

 The issue is with root owning /cdrom - but if you add /cdrom entry to fbtab:

 port:fred ~ tail -2 /etc/fbtab
 #/dev/ttyC0   0600/dev/fd0
 /dev/ttyC00600/cdrom
 ^
0700 *might* give better results.

 Then the user who logs in can then mount /cdrom

 port:fred ~ mount -tcd9660 /dev/cd0a /cdrom
 port:fred ~ mount
 /dev/sd0a on / type ffs (local)
 /dev/sd0k on /home type ffs (local, nodev, nosuid)
 /dev/sd0d on /tmp type ffs (local, nodev, nosuid)
 /dev/sd0f on /usr type ffs (local, nodev)
 /dev/sd0g on /usr/X11R6 type ffs (local, nodev)
 /dev/sd0h on /usr/local type ffs (local, nodev)
 /dev/sd0j on /usr/obj type ffs (local, nodev, nosuid)
 /dev/sd0i on /usr/src type ffs (local, nodev, nosuid)
 /dev/sd0e on /var type ffs (local, nodev, nosuid)
 /dev/sd2i on /mnt/usbpen type msdos (local)
 /dev/cd0a on /cdrom type cd9660 (local, nodev, nosuid, read-only)

 I had to read mount(8) and fbtab(5) to work it out...

 hth

 Fred

-- 
jca | PGP : 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Similar tool as poudriere for OpenBSD

[Jérémie Courrèges-Anglas]

C. L. Martinez carlopm...@gmail.com writes:

 On Mon, Nov 11, 2013 at 4:29 PM, Vigdis vigdis+o...@chown.me wrote:
 On Mon, 11 Nov 2013 15:37:17 +,
 C. L. Martinez carlopm...@gmail.com wrote:

 Hi all,

  Exists some tool in OpenBSD similar to poudriere for FreeBSD? This
 tool builds massive packages for FreeBSD hosts and for different
 versions and releses (current, stable, release).

 https://wiki.freebsd.org/PkgPrimer
 https://fossil.etoilebsd.net/poudriere/doc/trunk/doc/index.wiki

 Thanks.


 http://openbsd.org/faq/faq15.html#dpb



 Yep, pretty pretty close ... But if I understand correctly, if I would
 like to build ports for i386 and amd64 archs I need to use two hosts:
 one to build i386 ports and another to build amd64 ports, correct??

Yes; there is no support for running i386 executables on amd64 thus dpb
indeed has no support for that.  Also the machines in your dpb cluster
have to run the same OpenBSD version, with a ports tree in sync.

-- 
jca | PGP : 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: openldap-2.4.36 server

[Jérémie Courrèges-Anglas]

Predrag Punosevac punoseva...@gmail.com writes:

 Hi Misc,

Hi,

this is a question for ports@.

 I am playing with OpenLDAP and I have a question about OpenLDAP server.
 I see in ports OpenLDAP server version 2.3.43 and the client version
 2.4.36 even though current release is 2.4.37. Is there a particular
 reason besides lack of man power and interest why the server is not
 updated to 2.4.36 or newer?

On -current i386:
$ pkg_info -Q openldap
openldap-client-2.4.36 (installed)
openldap-server-2.3.43p13
openldap-server-2.4.36
openldap-server-2.4.36-aci

 I have hard time believing that 2.4.36 in
 the base due to licensing.

There's ldapd in base if you want to give it a try.

 Am I missing something obvious as usual?

Well... ;)

-- 
jca | PGP : 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: segfault in netstat

[Jérémie Courrèges-Anglas]

Scott McEachern sc...@blackstaff.ca writes:

 Using the latest i386 snapshot (Nov8), running netstat as root causes
 a segfault.  Earlier snaps may be affected, I'm just noticing this now.
 Running as a non-root user seems to be fine.

 # netstat -an
 Active Internet connections (including servers)
 Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
 tcp  0  0  192.168.1.5.22 192.168.1.4.41282 ESTABLISHED
 tcp  0216  192.168.1.5.22 192.168.1.4.18447 ESTABLISHED
 tcp  0  0  192.168.1.5.22 192.168.1.4.21025 ESTABLISHED
 tcp  0  0  *.6000 *.* LISTEN
 tcp  0  0  127.0.0.1.587  *.* LISTEN
 tcp  0  0  127.0.0.1.25   *.* LISTEN
 tcp  0  0  *.22   *.* LISTEN
 Active Internet connections (including servers)
 Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
 udp  0  0  *.514  *.*
 Active Internet connections (including servers)
 Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
 tcp6 0  0  *.6000 *.* LISTEN
 tcp6 0  0  ::1.587*.* LISTEN
 tcp6 0  0  ::1.25 *.* LISTEN
 tcp6 0  0  *.22   *.* LISTEN
 Active UNIX domain sockets
 AddressType   Recv-Q Send-Q  Inode   Conn   Refs Nextref
 Addr
 Segmentation fault

 # netstat
 Active Internet connections
 Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
 tcp  0  0  blackstaff.ssh 192.168.1.4.41282 ESTABLISHED
 tcp  0  0  blackstaff.ssh 192.168.1.4.18447 ESTABLISHED
 tcp  0  0  blackstaff.ssh 192.168.1.4.21025 ESTABLISHED
 Active UNIX domain sockets
 AddressType   Recv-Q Send-Q  Inode   Conn   Refs Nextref
 Addr
 Segmentation fault

 No core file seems to be left behind.

netstat is setgid kmem

 Anyone else seeing this?

Yup (fresh i386).

-- 
jca | PGP : 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Full disk encryption and hibernate on amd64

[Jérémie Courrèges-Anglas]

Tomas Bodzar tomas.bod...@gmail.com writes:

 On Thu, Oct 24, 2013 at 2:14 PM, David Coppa dco...@gmail.com wrote:

 On Thu, Oct 24, 2013 at 2:02 PM, Jiri B ji...@devio.us wrote:
  Hi,
 
  after I read mlarkin@'s report on Undeadly.org[1] about
  hibernation, I've got curious question.
 
  How does it work with full disk encryption (FDE) which
  OpenBSD offers?
 
  [1]
 http://undeadly.org/cgi?action=articlesid=20131024092852mode=expandedcount=0
 
  jirib

 It does not work, afaik



 mmm yesterday installed my laptop Dell E6320 with -current amd64
 including whole disk encrypted with softraid and was able to do zzz either
 in console or X just fine including resume.

This is about ZZZ.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: IRC

[Jérémie Courrèges-Anglas]

Just for the record: the freenode #openbsd irc channel isn't the official
irc channel of the OpenBSD project.  We don't care about what happens
there.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Sorry OpenBSD people, been a bit busy

[Jérémie Courrèges-Anglas]

John Long codeb...@inbox.lv writes:

 On Wed, Oct 09, 2013 at 12:41:07PM +0100, sbienddr...@googlemail.com wrote:
 Am I being monitored for receiving these emails?

 No, you're being monitored for using google, stupid.

Please follow Peter's advice:

On 10/09/13 12:18, Peter Hessler wrote:
 This has gotten massively off topic.  Can we please let the thread end here?


 Did anybody consider the possibility Theo didn't start this thread? The
 email headers looked ok at a quick glance but that didn't sound very much
 like him.

He did.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: GNOME on OpenBSD 5.3 amd64

[Jérémie Courrèges-Anglas]

obsd, cgi obsd...@postafiok.hu writes:

 I tried to install GNOME on OpenBSD 5.3 amd64 for Desktop use (on
 VirtualBox), see the howto below.

 But after the howto, reboot, startx with a normal user:
 https://i.imgur.com/MaT8lcW.png

 Xorg.0.log
 https://pastee.org/p8ppa

 # original:
 http://www.gabsoftware.com/tips/tutorial-install-gnome-desktop-and-gnome-display-manager-on-openbsd-4-8/

External tutorial for 4.8 vs. official documentation for 5.3.
This leads to the nonsense you've done to your 5.3 system below.

 ---

 when installing:
 -g*

 ---

 echo 'export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/5.3/packages/amd64/'
 ~/.profile; . ~/.profile
 pkg_add -i -vv gnome-session gdm
 # if there was Can't install foo message, try the pkg_add line again

 ---

 vi /etc/rc.local

 Append/modify the following lines in /etc/rc.local:

 if [ -x /usr/local/sbin/gdm ]; then
 echo -n ' gdm'; (sleep 5; /usr/local/sbin/gdm) 
 fi

 ---

 echo 'exec gnome-session'  /root/.xinitrc; chmod +x /root/.xinitrc
 exit
 echo 'exec gnome-session'  .xinitrc; chmod +x .xinitrc

 ---

 pkg_add -i -vv metacity
 pkg_add -i -vv gnome-panel
 pkg_add -i -vv nautilus

 ---

 vi /etc/rc.conf.local

 Append/modify the following lines :

 xdm_flags=NO
 gnome_enable=YES
 gdm_enable=YES

 ---

 pkg_add -i -vv gnome-terminal gnome-control-center gnome-menus
 gnome-settings-daemon gnome-themes-standard
 # for some reason, these aren't found: gnome-themes-extras gnome-utils
 gnome-applets2 gnome-system-monitor gnome-nettool

 ---

 So the question is anybody has a working howto for installing GNOME on
 OpenBSD?

Just so that Antoine doesn't feel forced to send another mail about this
recurring subject: pkg_add gnome, *read* the various readmes, don't use
virtualbox.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: GNOME on OpenBSD 5.3 amd64

[Jérémie Courrèges-Anglas]

obsd, cgi obsd...@postafiok.hu writes:

 Hi!

 External tutorial for 4.8 vs. official documentation for 5.3.
 This leads to the nonsense you've done to your 5.3 system below.

 --

 I went to openbsd.org, typed GNOME in the search form:
 - the first hit was a PDF from 2007
 - all the remaining were regarding packages

Very few (if any) external software packages are documented on the
website.

 What now? Can you please point out where is the official GNOME install
 documentation for 5.3? or no one uses GNOME with 5.3 on the misc list?

pkg_add gnome, *read* the various readmes, ...
The OpenBSD-specific documentation is either printed on screen at
pkg_add time or installed at /usr/local/share/doc/pkg-readmes/$package
(you *need* to read. pkg_add doesn't spit out information for fun).

 ps.: I found that other people have problems with GNOME on 5.3, maybe it's
 a bug? (
 http://community.spiceworks.com/topic/349701-gnome-on-openbsd-5-3-amd64 )

I don't think this page is of any value, neither for the OpenBSD porters
nor for you...

 Thanks

 UPDATE: oh, ok I just read the bottom part: don't use virtualbox. - so
 the bug comes out when using virtualbox?, ok, Thanks! I will try it with
 other VM's or directly!

Getting an accelerated Xorg using virtualbox is afaik not possible.
If you want gnome-shell, don't use vb or a non-intel graphics card (on
5.3, that is).

[...]

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: [OT] quotes speedup sed

[Jérémie Courrèges-Anglas]

Denis Fondras open...@ledeuns.net writes:

 Hello all,

Hi,

 This afternoon I stumbled upon a weirdness I can't explain. I hope some
 misc-guru can give a clue.

 I was parsing a 45kB html document on my OpenBSD 5.3 with the help of
 sed to extract a value and it was awfully slow. Quoting the input string
 gave it a real boost :

 $ time echo $webpage | sed -n -r
 's/(.*)\token\:\([a-zA-Z0-9]+)\(.*)/\2/p'
 0m0.19s real 0m0.00s user 0m0.00s system

 $ time echo $webpage | sed -n -r
 's/(.*)\token\:\([a-zA-Z0-9]+)\(.*)/\2/p'
 2m14.39s real 2m12.95s user 0m0.00s system


 What could be the explanation ?

Without the quotes the shell performs splitting, maybe ksh(1) is a bit
slow at this...  I'd rather download the page to a temp file rather than
put that stuff into memory.

 Doing the same with GNU sed is instantaneous in both case (quoted/unquoted).

Just by replacing sed by gsed, on the same system?

 Thank you in advance,
 Denis

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: OpenBSD5.3/PF Settings help request

[Jérémie Courrèges-Anglas]

Hi,

Adelin Balou adelin.ba...@etu.univ-valenciennes.fr writes:

[...]

 Please find attached my pf.conf file.

[...]

 [demime 1.01d removed an attachment of type application/octet-stream which 
 had a name of pf.conf]

No attachment allowed here.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: python

[Jérémie Courrèges-Anglas]

Stefan Wollny stefan.wol...@web.de writes:

 Hi there!

Hi,

 As some of you might have noticed I had recently some issues with my
 ancient IBM/lenovo T60 (10 years young and still running; ye).

 Tonight I reinstalled my system to 5.4-current #62. When installing all
 those packages needed on any decent desktop I stumpled upon python:

 One package had a dependency to python-2.7.5 and provided the advice if
 this version is going to be the system-wide python-installion to make
 the relevant symlinks.

 But: At least one other package (libreoffice) requires python-3.3.2 .

 Now what is the best way to go:

 (1)
 Do nothing as the packages will use the python-version they need.

 (2)
 Set symlinks to python-2.7.5

 (3)
 Set symlinks to python-3.3.2

 Any hints, advices, remarks?

Ports are patched to use the versioned python executables / ressources.
Thus you are free to do whatever pleases you.

 Thank you for your time to read and
 Thank you if you reply.

 Regards,
 STEFAN

 P.S.: When writing this the system crashed for the first time after
 re-installing! 'crashed' means the system entirely stopped responding!
 How can I provide ANY information on such a behaviour? (claws-mail had
 made a backup-copy of my writing, except the P.S., of course)

http://www.openbsd.org/report.html

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: cvsync, rsync

[Jérémie Courrèges-Anglas]

hru...@gmail.com writes:

 Alexander Hall alexan...@beard.se wrote:

 Marc already anwered all your questions. Let me quote it.

  Fuck off

 The most brilliant answers of the experts:

[...]

Those people, that you qualify as experts, have spent hours reading and
answering your mails.  I bet you're pretty happy with this, yet I fail
to understand what's your goal.  You're wasting our time because you
fail to understand what people are telling you; this time could be
otherwise used to improve OpenBSD.  This is harmful, can you get it?

Fuck off?  In my opinion you deserve way more harsh insults.  You
wanted a troll, you got it, now can you please let this list improve its
signal/noise ratio?

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: More detailed information about last commands executed than lastcomm

[Jérémie Courrèges-Anglas]

Wiesław Kielas wieslaw.kie...@bluemedia.pl writes:

 Dear misc@,

 Is there any way to get information about last commands executed on a
 OpenBSD machine? I'm interested in getting the command name along with
 arguments passed to it.

 From what I gathered so far, lastcomm can't show command arguments - is
 there any way/other tool which can do that?

Seems like there's nothing in sys/acct.h for storing cli args.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: fvwm in base [was: X -configure segmentation fault]

[Jérémie Courrèges-Anglas]

James Griffin j...@kontrol.kode5.net writes:

 * Thomas Adam tho...@xteddy.org [2013-09-12 10:17:56 +0100]:

 On 12 September 2013 06:10, Carson Chittom car...@wistly.net wrote:
  Zoran Kolic zko...@sbb.rs writes:
 
  In fact, fvwm is in base part.
 
  A while ago, there was a message to misc from the fvwm developer about
  relicensing fvwm to allow a more recent version into base.  I wonder if
  there is any status update?
 
 That is I.  Unfortunately, FVWM cannot be relicensed.
 
 -- Thomas Adam

 If it can't be relicensed so an up-to-date version can be included in
 the base distribution then is there much point in it being there at all?
 People can simply use the package/port to install a supported version
 and the base distribution can simply have cwm as its main wm.

Lots of people use the base fvwm.  Which works fine for them, even if
older.  Also fvwm is easier to work than cwm when you don't know either.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: pkg_add hung?

[Jérémie Courrèges-Anglas]

Jeffrey Walton noloa...@gmail.com writes:

 On Sun, Sep 15, 2013 at 6:24 AM, Jeffrey Walton noloa...@gmail.com wrote:
 On Sun, Sep 15, 2013 at 6:21 AM, Maxime o...@mxher.fr wrote:
 Le 15/09/2013 12:08, Jeffrey Walton a écrit :
 Before I spend my time and the list's time on this issue, I've read
 15.1 and 15.2 from http://www.openbsd.org/faq/faq15.html#PkgMgmt.

 The command show at http://postimg.org/image/ke2g1wlb9/55c1891b/
 attempted to install 'subversion'. Its been running for about 6 hours,
 so believe something is wrong. Obviously, my speculation could be (and
 likely is) wrong.

 I've searched for pkg_add hung. If the BSD folks call a hung program
 something else, please let me know so I can search for it.

 The docs state I will get an error. I have not received an error. What
 is the relevant man page or manual to rtfm? What should I do next?

 Which PKG_PATH are you using? Are you able to connect to the mirror?
 ftp://mirror.jmu.edu/pub/OpenBSD/
 Mt bad. That was the mirror. Here's the full PKG_PATH (from the
 capture): ftp://mirror.jmu.edu/pub/OpenBSD/OpenBSD/5.3.packages/amd64/
 (with the trailing slash).

Try with http://, your network may be the culprit.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: rcsfile(5)

[Jérémie Courrèges-Anglas]

Jason McIntyre j...@kerhand.co.uk writes:

 On Sat, Sep 14, 2013 at 12:32:25PM -0600, Kyle R W Milz wrote:
 Hello misc@,
 
 Was reading through rcs manual pages and came across a reference to
 rcsfile(5) in the rcscan(1) and rcscmp(1) SEE ALSO sections however I
 can't seem to find it.
 
 Am I dense or is it missing?
 

 none of these files exist on a default install. you're maybe reading
 pages from another rcs implementation.

~$ man -w rcscmp
/usr/local/man/man1/rcscmp.1
~$ grep rcscmp /var/db/pkg/*/+CONTENTS
/var/db/pkg/cvsync-0.24.19p2/+CONTENTS:@bin bin/rcscmp
/var/db/pkg/cvsync-0.24.19p2/+CONTENTS:@man man/man1/rcscmp.1
~$


-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: How does one use adduser in OpenBSD (stuck inEnter username[] loop)?

[Jérémie Courrèges-Anglas]

Jeffrey Walton noloa...@gmail.com writes:

 On Sat, Sep 14, 2013 at 7:08 PM, Martin Schröder mar...@oneiros.de wrote:
 2013/9/15 Jeffrey Walton noloa...@gmail.com:
 I wanted to add myself to the sudo group.

 man sudo
 It appears to lack information on adding a user (I went through this
 man page before asking the question).

 Then, I went to the web and landed on an overflow page (I think its
 the 'meta' site, and not the 'stack' site). That's what took me to
 'adduser'.

 man visudo
 I don't know vi. I do known emacs, but its not on this system so I
 can't edit /etc/sudo by hand.

To make things clear: you should always use visudo(8).  It does
validation on the modified sudoers(5) file.  And just like a lot of
programs, visudo(8) respects the VISUAL and EDITOR environment
variables.  So you're not forced to use vi(1), the base system also
ships with ed(1) and mg(1).

 I tried to add emacs through pkg_add, but it appears broke. Surely
 emacs has been ported to every *nix system in existence, so its
 baffling (to me) the package manager cannot find it.

I am the emacs package maintainer.  If you encounter problems not
documented by the README, please send a mail to po...@openbsd.org, with
a full description.

 man adduser
 I tried `adduser jwalton sudo`, and it did not work even though the
 command looks well formed. I got the command from the overflow site.

 man group
 Does not appear applicable. I want to add a user to a group, and not
 create or delete groups.

adduser is not a standardized command, you can't expect it to behave the
same way as it does on some other OSes.  Just stating a fact.

 And 'usermod -G sudo jwalton' does not work, either. It errors with
 Can't append group sudo for user jwalton.

$ getent group sudo
$ # no output

There is no group named `sudo' in the default install, though you can
add one.  On the other hand, just use visudo(8) and read the bits about
the wheel group.

 This stuff really should not be this hard...

You're on a different OS now, some things stay the same, some change.
On the plus side the documentation is quite extensive.  Manpages, the
FAQ and other pieces of information are a big concern here, so make use
of them.  Have fun.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: How does one use adduser in OpenBSD (stuck inEnter username[] loop)?

[Jérémie Courrèges-Anglas]

Jeffrey Walton noloa...@gmail.com writes:

 Thanks Shawn. Sorry to go offlist.

 So, I'm trying to do some initial testing. I'm on a MacBook with
 OpenBSD in a VM. All I want to do is run my compiler over some source
 files.

Parallels?

 MacBooks have a funky keyboard, and when I try to use visudo to move
 the cursor around, some of the arrow keys don't work. Not to mention
 the DELETE key (or the key combinations I know to use to simulate
 delete). visudo responds with ^? is not valid. I'm sure I'll have that
 file corrupted shortly.

The vi(1) editor in base doesn't behave the same way as vim wrt. some
keys.  export EDITOR=mg and profit.

 I really don't get why this shit is so f**k'ing difficult. How is
 running around with a root terminal open more secure than exec'ing one
 command under sudo???

No one said it was more secure.  As I already said in another mail,
you can't meet a new OS and expect everything to work as you think they
should.

 Thanks for the advice.

 Jeff


 On Sat, Sep 14, 2013 at 7:53 PM, Shawn K. Quinn skqu...@rushpost.com wrote:
 On Sat, Sep 14, 2013, at 06:47 PM, Martin Schröder wrote:
 2013/9/15 Jeffrey Walton noloa...@gmail.com:
  man visudo
  I don't know vi. I do known emacs, but its not on this system so I

 Then learn it. This is unix.
 You really should use visudo to edit /etc/sudoers, not an editor.

 Note that you can configure visudo, vipw, and vigr to use an editor
 besides vi. It's possible to get by on Unix without knowing vi, I did so
 on GNU/Linux systems for most of 4 years, but I finally broke down and
 figured it out and promptly realized it wasn't as hard as it had been
 made out to be.

 --
   Shawn K. Quinn
   skqu...@rushpost.com


-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: How does one use adduser in OpenBSD (stuck inEnter username[] loop)?

[Jérémie Courrèges-Anglas]

Jeffrey Walton noloa...@gmail.com writes:

 On Sat, Sep 14, 2013 at 10:08 PM, Philip Guenther guent...@gmail.com wrote:
 On Sat, Sep 14, 2013 at 7:00 PM, Jeffrey Walton noloa...@gmail.com wrote:
 ...
 Yeah, I should have taken a screen capture. I don't use the mail
 program too often (its been years since I've had to), so it was not a
 priority.

 Screen capture?  In order to convey what was presumably a one line
 error message?  If cut-n-paste won't work, might I suggest just
 (carefully) typing it?
 Yes, I'm lazy like that. Plus it removes any ambiguity.

 Side note: it's lost on me why you're unable to run the compiler
 because of tangles with adduser/sudo/whatever.
 Oh, that's my own doing. I need to install wget and subversion to
 fetch the sources. Plus, I want to see how a Clang 3.3 build goes.
 (Compilers and software engineering are my business, not system
 administration).

$ su -
Password:
# pkg_add subversion llvm

That's it.  You're not into system adminstration yet you want to do
unneeded configuration when you have a precise goal.  What do you
expect?

Re wget, there is ftp(1).

That's already a lot of mails and a lot of attention for what is
a rather simple problem.  Just have a break.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Exploits

[Jérémie Courrèges-Anglas]

Andy a...@brandwatch.com writes:

 On first look I couldn't see the exploit in that old PDF being listed on
 the errata's. Maybe I'm being blind ;)

Or maybe you need to take a second look (010).  The security problem is
described, a workaround and a patch are available.  Publishing an exact
how-to-reproduce-and-expoit-a-bug isn't one of the the responsibilities
of the OpenBSD project, afaik.

 On Sat 07 Sep 2013 19:45:38 BST, Greg Thomas wrote:
 Does this document still hold any truth with current OpenBSD;

 Come on, really?

 http://www.openbsd.org/errata40.html


 On Sat, Sep 7, 2013 at 8:13 AM, andy a...@brandwatch.com wrote:

 Hi everyone,

 I have a feeling that I may get some strong opinions on this question, so
 please don't flame me or anything, I'm asking because I don't know.

 Does this document still hold any truth with current OpenBSD;

 https://www.blackhat.com/presentations/bh-usa-07/Ortega/Whitepaper/bh-usa-07-ortega-WP.pdf

 Cheers, Andy.

Ciao,
-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: mdoc(7) .Sq Fl for a dash

[Jérémie Courrèges-Anglas]

Hi,

Jason McIntyre j...@kerhand.co.uk writes:

 On Tue, Jul 16, 2013 at 12:36:32AM +0200, Jérémie Courrèges-Anglas wrote:
  
  Fl may seem wrong because we're talking about an argument, but I don't
  think a bare `-' (a hyphen) would be better.  We're talking about an
  ascii minus sign here; mandoc_char(7) says a minus sign can be obtained
  with \- .
  
 
  it's not a minus sign. it's a literal -.
 
 I was thinking encoding-wise: you're typing an ascii minus sign, at the
 cli.  If you have a man/mdoc formatter that distinguishes hyphens and
 minus signs, it could produce different output for those, and you would
 not be able to copy-paste examples.  Maybe mandoc doesn't, but groff
 can (some distros even disabled this behavior).
 

 i'm not sure i follow. the differing widths of - will only happen if
 you add mark up.

I'm not saying we should add markup, but that some occurences of -
should be converted to \-.  They do not have the same meaning.

 i'm arguing to remove it.

That would be a step backwards, I think.

 a literal -, with no mark up, can be copied/pasted no matter what the
 output format. well, i say this without actually having tried it.

Nope, and that's the whole point:  you'd have to try it with mandoc,
several versions of groff (possibly with local patches), heirloom troff,
using different input *and* output formats *and* different locales.

 but if
 you can;t, something is not right.

Well, I think I understand that one that may prefer a hyphen or an
em-dash to be represented differently from a minus sign.  Be it on tty,
or an ps or an html document.

 if you add markup (you suggested \-),

I suggested using \- because that's the sequence documented as producing
a minus sign.  See mdoc_char(7), groff_char(7).

 then the width will vary for
 output formats such as postscript. that might stop you being able to
 paste (though again i've never tried).

...

\- is afaik treated correctly in all the cases I described above, except
for a very small number of groff versions, when in an UTF-8 locale or
using ps/pdf (there you can get an unicode minus sign).  This case was
quickly fixed.  You can see lots of reports about all these problems on
the WWW.

Now if you think \- is wrong for a command-line flag, a litteral -
argument, or inside a command name, tell this to Ingo, since that's what
is produced by a Fl inside mandoc. ;)

 jmc


-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: mdoc(7) .Sq Fl for a dash

[Jérémie Courrèges-Anglas]

Jason McIntyre j...@kerhand.co.uk writes:

 On Mon, Jul 15, 2013 at 07:53:04PM +0200, Jan Stary wrote:
 Some of the manpages, e.g. crontab(1),
 markup the folklore phrase
 
  named file, or standard input
  if the pseudo-filename `-' is given
 
 as
 
  named file, or standard input
  if the pseudo-filename
  .Sq Fl
  is given.
 
 Is this correct semantic markup? IMHO not:
 it just abuses the fact that the flags (Fl)
 happen to start with a dash; but that's not
 what is meant here; this is not a flag;
 it is the literal dash that is recognized
 in place of a filename.

Then it is an argument (Ar).

 So I believe it should be simply
 
  .Sq -
 
 Right?

See below.

 The diff below replaces those occurences
 that a grep revealed for me in /usr/share/man;
 Another grep reveals that most other manpages 
 actually use .Sq -.
 
 I left out oldrdist(1) and shutdown(8)
 where it _is_ actually a flag
 and the code processes it as such.
 
  Jan
 

 ok, i agree with this. Fl seems wrong. however there's some ambiguity,
 for me anyway - do oldrdist and shutdown actually process -
 differently, or do the manuals talk about them differently?

Fl may seem wrong because we're talking about an argument, but I don't
think a bare `-' (a hyphen) would be better.  We're talking about an
ascii minus sign here; mandoc_char(7) says a minus sign can be obtained
with \- .

I wonder about cat(1) using
.Pq Sq \-
is that really telling mandoc to treat it as a minus sign?

What about:
.Pq Sq Ar \-

 for oldrdist, - is actually the argument to -f. so it's not an option,
 as far as i can see. just the manual seems to blur things by documenting
 If either the -f or `-' option is not specified, whereas above, the
 text suggests -f- or -f - is how it would work.

Yup, sounds weird.  The text above is right, the next sentence should be
changed.  Why not:

If the
.Fl f
option is not specified, the program looks first for...

I've just discovered oldrdist, btw.  I hope tedu isn't reading this
mail. :)

 similarly, look at cat(1):

   If file is a single dash (`-') or absent, cat reads from the
   standard input.

 no mention of - in SYNOPSIS. but shutdown(8), which lists - in
 SYNOPSIS:

   If `-' is supplied as an option, the warning message is read
   from standard input.

shutdown.c uses '-' in its getopt string, so that it can be passed
before (and probably between) other options (see SYNOPSIS).  This does
not match the way most utilities from the base system handle options and
arguments, so I think the current wording is ok (see getopt(3),
STANDARDS).

 so, it looks like oldrdist and shutdown are just talking about -
 differently to other manuals, but not behaving differently to other
 apps. i.e. we should tweak oldrdist and shutdown too.

 can anyone confirm if there is a technical difference (and, if there is,
 does it translate into practical difference for users)?

Both use it as read input from stdin, but I think only oldrdist needs
a tweak.

 jmc

 
 Index: src/libexec/getty/getty.8
 ===
 RCS file: /cvs/src/libexec/getty/getty.8,v
 retrieving revision 1.13
 diff -u -p -u -p -r1.13 getty.8
 --- src/libexec/getty/getty.831 May 2007 19:19:39 -  1.13
 +++ src/libexec/getty/getty.815 Jul 2013 17:42:42 -
 @@ -55,7 +55,7 @@ is the special device file in
  .Pa /dev
  to open for the terminal (for example, ``ttyh0'').
  If there is no argument or the argument is
 -.Sq Fl ,
 +.Sq - ,
  the tty line is assumed to be open as file descriptor 0.
  .Pp
  The
 Index: src/usr.bin/diff/diff.1
 ===
 RCS file: /cvs/src/usr.bin/diff/diff.1,v
 retrieving revision 1.41
 diff -u -p -u -p -r1.41 diff.1
 --- src/usr.bin/diff/diff.1  20 Jan 2013 11:19:12 -  1.41
 +++ src/usr.bin/diff/diff.1  15 Jul 2013 17:42:53 -
 @@ -331,7 +331,7 @@ If either
  or
  .Ar file2
  is
 -.Sq Fl ,
 +.Sq - ,
  the standard input is
  used in its place.
  .Ss Output Style
 Index: src/usr.sbin/cron/crontab.1
 ===
 RCS file: /cvs/src/usr.sbin/cron/crontab.1,v
 retrieving revision 1.28
 diff -u -p -u -p -r1.28 crontab.1
 --- src/usr.sbin/cron/crontab.1  31 Jan 2011 19:13:31 -  1.28
 +++ src/usr.sbin/cron/crontab.1  15 Jul 2013 17:42:57 -
 @@ -48,7 +48,7 @@ they are not intended to be edited direc
  .Pp
  The first form of this command is used to install a new crontab from some
  named file, or standard input if the pseudo-filename
 -.Sq Fl
 +.Sq -
  is given.
  .Pp
  If the


-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: mdoc(7) .Sq Fl for a dash

[Jérémie Courrèges-Anglas]

Jason McIntyre j...@kerhand.co.uk writes:

 On Mon, Jul 15, 2013 at 11:34:53PM +0200, Jérémie Courrèges-Anglas wrote:
 Jason McIntyre j...@kerhand.co.uk writes:
 
  On Mon, Jul 15, 2013 at 07:53:04PM +0200, Jan Stary wrote:
  Some of the manpages, e.g. crontab(1),
  markup the folklore phrase
  
named file, or standard input
if the pseudo-filename `-' is given
  
  as
  
named file, or standard input
if the pseudo-filename
.Sq Fl
is given.
  
  Is this correct semantic markup? IMHO not:
  it just abuses the fact that the flags (Fl)
  happen to start with a dash; but that's not
  what is meant here; this is not a flag;
  it is the literal dash that is recognized
  in place of a filename.
 
 Then it is an argument (Ar).
 
 not really. Ar represents an argument name - this is a literal
 argument.

That makes sense.

 it should therefore be Li, but because the markup on a single
 character is hard to spot, we use Sq. there is a Ql macro which does
 the right thing, but the effect would be the same as using Sq. Sq is
 probably best, i think.

  So I believe it should be simply
  
.Sq -
  
  Right?
 
 See below.
 
  The diff below replaces those occurences
  that a grep revealed for me in /usr/share/man;
  Another grep reveals that most other manpages 
  actually use .Sq -.
  
  I left out oldrdist(1) and shutdown(8)
  where it _is_ actually a flag
  and the code processes it as such.
  
Jan
  
 
  ok, i agree with this. Fl seems wrong. however there's some ambiguity,
  for me anyway - do oldrdist and shutdown actually process -
  differently, or do the manuals talk about them differently?
 
 Fl may seem wrong because we're talking about an argument, but I don't
 think a bare `-' (a hyphen) would be better.  We're talking about an
 ascii minus sign here; mandoc_char(7) says a minus sign can be obtained
 with \- .
 

 it's not a minus sign. it's a literal -.

I was thinking encoding-wise: you're typing an ascii minus sign, at the
cli.  If you have a man/mdoc formatter that distinguishes hyphens and
minus signs, it could produce different output for those, and you would
not be able to copy-paste examples.  Maybe mandoc doesn't, but groff
can (some distros even disabled this behavior).

 I wonder about cat(1) using
 .Pq Sq \-
 is that really telling mandoc to treat it as a minus sign?
 
 What about:
 .Pq Sq Ar \-
 

 the \ is wrong, yes. but so is Ar

[...]

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: mdoc(7) -width description

[Jérémie Courrèges-Anglas]

Jan Stary h...@stare.cz writes:

 The mdoc(7) manpage says about .Bl that

The -width and -offset arguments accept scaling widths
as described in roff(7) or use the length of the given string.

 The words width or offset do not appear anywhere in roff(7).

You're looking at the roff(7) manpage that comes with groff.
Your pager probably prints /usr/local/man/cat7/roff.0 at the bottom of
your screen.

You could use man -a and then enter :n to get the base manpage.

 A description of the often seen 'Ds' is given in the .Bd section,
 but again it points to roff(7) for the complete description,
 which is not there.

 Is that meant to be another roff-related
 manpage from base? Or groff(7)?

   Jan

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: days of the month

[Jérémie Courrèges-Anglas]

Max Power open...@cpnetserver.net writes:

 Hi,

Hi. Please stop using all-caps mail subjects.

 o.s.: OpenBSD 5.3/amd64

 If I create a directory with the command: mkdir $(date +'%d')

You'd better put double quotes around your command substitutions rather
than simple quotes around fixed, non-special strings: $(date '+%d')

 why this is the result: 1, 2, 3, 4, 5, 6, 7, 08, 09, 10, etc.
 Why the '0' [zero] appears only ahead the digit 8 and 9..?

You must have done something wrong:

$ date -j +%d 2013701
01
$

See strftime(3).

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: days of the month

[Jérémie Courrèges-Anglas]

Max Power open...@cpnetserver.net writes:

 You must have done something wrong:
 I have not done anything.

Hey, you must have done *something*. Else you wouldn't be reporting
about it.  You just don't want to tell us *exactly* what you've done.

 The system is the default installation.

I'm not saying that you have fucked up your system.

 You'd better put double quotes around your command substitutions rather
 than simple quotes around fixed, non-special strings: $(date '+%d')
 Ok, but why the command: mkdir $(date +'%d') after the digit 7 works fine?

If you showed us the actual commands you use, we wouldn't have to guess.

To further explain what Jan said in an earlier mail: somewhere in your
script the number output by date(1) is interpreted while in an
arithmetic context, where numbers starting with '0' are interpreted as
octal, and their leading zero gets trimmed.  But this doesn't happen for
08 and 09 which aren't valid octal numbers.

~$ v=03; v=$(($v))
~$ echo $v
3
~$ v=08; v=$(($v))
ksh: 08: bad number `08'
~$ echo $v
08
~$

Hence the reference to August, where scripts that have worked fine so
far start failing with weird error messages.

 If I insert the date manually then it works fine - example: # date
 20130707

Now I can say that you're trying to fuck up your system. :)

 but no by default. Why? thanks

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: IDE disk erasing/zeroing at ~2.4MB/s

[Jérémie Courrèges-Anglas]

Nathan Goings binarysp...@binaryspike.com writes:

 I have a disk -- IIRC, Seagate Barracuda 160gb 7200RPM 8MB Cache SATA
 3.0GB/s

 dmesg:
 wd0 at pciide0 channel 0 drive 0: ST3160811AS
 wd0: 16-sector PIO, LBA48, 152626MB, 312579695 sectors
 wd0 (pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6

 However, when I run `dd if=/dev/zero of=/dev/wd0c bs=1M'  After 3-4 
 hours, it's only running at ~2.4MB/s.  CPU usage is about 30%.

See other replies.

 First, shouldn't SATA drives be sd0? (Looked in BIOS, can't find any
 SATA-to-IDE options enabled)  Second, what can I do to speed it up? or
 troubleshoot it at least?

See pciide(4).  My day-to-day laptop has the same drive controller,
previous BIOS versions had a switch to choose SATA but they removed it.
*shrug*

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: bsd.regress.mk: detect core dumps

[Jérémie Courrèges-Anglas]

Sergey Bronnikov este...@gmail.com writes:

 Imho test should FAIL in case coredump was detected.

I don't think that's a good idea; the current test (checking the exit
status of the child make process) looks enough to me.  If a test doesn't
fail when a program dumps core then either the test should be fixed...
or it may do so on purpose.

 --- bsd.regress.mk_   Sun Jun 30 15:32:02 2013
 +++ bsd.regress.mk__  Sun Jun 30 15:46:04 2013
 @@ -98,7 +98,7 @@
  # XXX - we need a better method to see if a test fails due to timeout or just
  #   normal failure.
  .   if !defined(REGRESS_MAXTIME)
 - ${_SKIP_FAIL}if cd ${.CURDIR}  ${MAKE} ${RT}; then \
 + ${_SKIP_FAIL}if cd ${.CURDIR}  ${MAKE} ${RT}  ! (test -e *.core); 
 then \

~$ ! (test -e a.core b.core); echo $?
ksh: test: b.core: unexpected operator/operand
0
~$

Also core dumps may not sit in the current directory.

   echo -n SUCCESS  ${_REGRESS_OUT} ; \
   else \
   echo -n FAIL  ${_REGRESS_OUT} ; \

Regards,
-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: HTTPD2 script problem

[Jérémie Courrèges-Anglas]

Some people say you ask noob questions; I'm 99% certain that
you're just making fun of us, but let's try...

- man rc.d
- http://www.openbsd.org/faq/faq10.html#rc

Please read this *carefully*, all you need to know is there;
please keep that in mind the next time you have a question,
or you'll just get ignored.

Ciao,
-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: libfaac in ffmpeg on OpenBSD

[Jérémie Courrèges-Anglas]

Peter J. Philipp p...@centroid.eu writes:

 I made a patch to /usr/ports/graphics/ffmpeg but it needs fixing up to
 integrate it into the ports.  However my patch works, which is awesome.
 The patch is uuencoded here:

 http://emea.centroid.eu/blog/index.php?article=1370984565

 Perhaps we can see this in OpenBSD 5.4?  Then I don't have to recompile
 ffmpeg.

OK, the legal issue has already been dealt with by Stuart.

I hesitated replying to you privately, but I think proposals like this
one should be avoided.

On the technical side, your patch should have added audio/faac to
LIB_DEPENDS.

But about the method...
- your mail should probably have been sent to ports@, not misc@
- your mail could easily include an inlined diff (an attachment is also
  possible on ports@).  Instead here one should go to a website,
  copy/paste some text, uudecode it... wait
- your diff is not based on -current, patching fails
- any explanation other than I need this or go to ShitOverflow for
  the details?

As a side not I don't even know what the heck is an Apple TV and I don't
really care about that...
-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: libfaac in ffmpeg on OpenBSD

[Jérémie Courrèges-Anglas]

Peter J. Philipp p...@centroid.eu writes:

 On 06/12/13 12:38, Jérémie Courrèges-Anglas wrote:
 Peter J. Philipp p...@centroid.eu writes:

 I made a patch to /usr/ports/graphics/ffmpeg but it needs fixing up to
 integrate it into the ports.  However my patch works, which is awesome.
 The patch is uuencoded here:

 http://emea.centroid.eu/blog/index.php?article=1370984565

 Perhaps we can see this in OpenBSD 5.4?  Then I don't have to recompile
 ffmpeg.
 OK, the legal issue has already been dealt with by Stuart.

 I hesitated replying to you privately, but I think proposals like this
 one should be avoided.

 On the technical side, your patch should have added audio/faac to
 LIB_DEPENDS.

 But about the method...
 - your mail should probably have been sent to ports@, not misc@
 - your mail could easily include an inlined diff (an attachment is also
possible on ports@).  Instead here one should go to a website,
copy/paste some text, uudecode it... wait
 - your diff is not based on -current, patching fails
 - any explanation other than I need this or go to ShitOverflow for
the details?

 As a side not I don't even know what the heck is an Apple TV and I don't
 really care about that...

 Since there was a legal thing the issue is closed.  However you're just
 nagging.

Fine, I thought I was trying to be helpful, but after reading again my
reply I admit that I shouldn't have wrote the last sentence.  Sorry if
you felt offended.

 I enhanced the OpenBSD port

You did not.

 and thought I'd share, your
 response will make me keep these things secret in the future.

I'd like to tell you that's a shame, but then I wouldn't be honest.

Have a nice day,
-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: obsd 5.3 and openldap

[Jérémie Courrèges-Anglas]

Friedrich Locke friedrich.lo...@gmail.com writes:

 Hi folks,

Hi,

 may someone in the list tell me if with obsd5.3 openldap supports hdb or
 even bdb.

Weren't you the one that requested adding support for mdb on ports,
a while ago?  I thought you knew. :)

  Since i do need to get a directory service and have no knownledge on
  openldap internals, i come to you
  in order to suggest how could i help in order to get mdb supported by
  OpenBSD Ports OpenLDAP.

As far as I understand it, I can see three possible solutions:
- switch to ldapd(8)
- fix the bdb/hdb code in OpenLDAP so that it works on OpenBSD
- nag the OpenBSD developers so that they implement Unified Buffer
  Cache, or even better, just do it.  I don't understand that stuff but
  I'm sure that isn't easy...

 As far as i know, openldap in openbsd ports is broken.

Can't really answer this.  Do you mean anything openldap, or just slapd
/ the slap* tools?

 Thanks you all.

 gustavo.

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Ruby on Rails and the chrooted nginx(8)

[Jérémie Courrèges-Anglas]

Charles Rapenne charles.rape...@gmail.com writes:

 Hi

 Please someone correct me if I'm wrong, but I don't think using Nginx
 with chroot is useful when dealing with proxy_pass or fastcgi
 application.

There's still the possibility that a nginx worker is compromised.

 If your RoR app is compromised, it won't be chrooted as it's not
 running in a chroot. All nginx will do is serving static files.

Not that I know how easy it is to do so with Rails, but nothing prevents
you from running your fastcgi processes inside a chroot.

 Regards

 2013/6/9  openda...@hushmail.com:
 Hi,

 Is anybody here running Ruby on Rails in the chrooted nginx(8) and know if 
 it's worth the hassle?

 I notice the docs saying: Some applications are pretty simple, and
 chroot(2)ing them makes sense. Others are very complex, and are either
 not worth the effort of forcing them into a chroot(2), or by the time
 you copy enough of the system into the chroot, you have lost the
 benefit of the chroot(2) environment. --
 http://www.openbsd.org/faq/faq10.html#httpdchroot

 O.D.



-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Why is there no pkg_find(1)?

[Jérémie Courrèges-Anglas]

openda...@hushmail.com writes:

 Hi,

 Why is there no pkg_find(1)?

Because pkg_info -Q probably does what you need.

 Having to grep ones FTP mirror or download the entire ports tree to do a 
 make search doesn't seem like such a good idea.

 There's [snip]/pkg_find.html -- what do you guys think of that?

My grandma would write more elegant and correct shell scripts.

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Header files for C/C++ development

[Jérémie Courrèges-Anglas]

eatg75 eat...@hotmail.com writes:

 Hi there I am 'experimenting' with OpenBSD and pondering
 to switch from Linux to OpenBSD, I have installed OpenBSD
  in a virtual machine and during the installation I did not
 select the comp53 package when I rebooted and installed
 clang a tried to compile a simple hello world in C and I
 got errors saying 'stdio.h file not found' and I searched
 in both /usr/include and /usr/local/include for stdio.h
 but I didn't find it (and /usr/include is empty). I searched
 in the 'misc' mailing list for similar threads all way
 back to 2001 but I didn't find nothing helpful.

 Can someone help me.

wild guess: try to install comp53.tgz

 PS: Forgive me for my newbieness
 and thanks anyway.


-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: bug in ksh tab complete

[Jérémie Courrèges-Anglas]

Ted Unangst t...@tedunangst.com writes:

[...]

 If ksh is going to treat : as magic, then it needs to escape it when
 autocompleting. (step 2 above)

I do agree, but... why should ':' be special?

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: bug in ksh tab complete

[Jérémie Courrèges-Anglas]

Philip Guenther guent...@gmail.com writes:

 On Mon, Jun 3, 2013 at 9:29 AM, Jérémie Courrèges-Anglas j...@wxcvbn.org 
 wrote:
 Ted Unangst t...@tedunangst.com writes:
 If ksh is going to treat : as magic, then it needs to escape it when
 autocompleting. (step 2 above)

 I do agree, but... why should ':' be special?

 So that things like
PATH=/usr/local/bin:/usr/btab
 and
scp target:/etc/passtab

 will autocomplete the paths to the right of the colon.

Makes sense.  I don't remember having relied on that behaviour.

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: inotify for BSD?

[Jérémie Courrèges-Anglas]

Doesn't kqueue() fit your needs?

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: inotify for BSD?

[Jérémie Courrèges-Anglas]

Peter J. Philipp p...@centroid.eu writes:

 On 05/15/13 13:41, Jérémie Courrèges-Anglas wrote:
 Doesn't kqueue() fit your needs?


 Thank you for your reply,

 I've never used kqueue before, does this only report events on descriptors
 that have been opened?

I think so.

 I'm wondering if an implementation is done to recurseively watch directories
 in inotify (as written about in the limitations), then it would require a lot
 less filedescriptors even for kqueue correct?  And thus make monitoring
 a filesystem's events a lot more efficient?

As is, kqueue() won't monitor a directory tree recursively.  But there
are examples of kqueue() use; see for example the sysutils/gamin ports
(also devel/glib2 uses it for GIOs, I think).

 -peter

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: ARK-2120L

[Jérémie Courrèges-Anglas]

Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar writes:

 Hi,

Hi,

 I'm intending on getting a ARK-2120L [1] to server as a gateway for my
 network.
 I've been doing some research as to whether or not it'll work on OpenBSD.

 So far I've evaluated:

 CPU (Intel Atom, should work fine).
 LAN (82583V, is listed as working with em).

 However, I'm curious as to whether I should take something else into
 consideration, in particular, the chipset. Do I need to check for some
 other driver compatibility, or should that be it?

The datasheet doesn't provide much information except supported by
Linux 2.6.

 Do thing like the USB chipset require a specific driver, or is that sort
 of stuff standard? (sorry, I'm a bit ignorant on this regard).

I wouldn't worry about USB.

 I'm also slightly curious about the video driver. I don't care about X,
 or video acceleration, since I'll only use video for OpenBSD installation,
 nothing else. Should video work for any modern video card, even if only
 at a very poor resolution? Or do I still need to be careful about
 driver support?

This model has four serial ports, that would probably be nicer than
needing a screen and a keyboard.

 [1]
 http://www.advantech.com/products/ARK-2120L/mod_BD7B04DE-B994-4D74-96DE-21CDB
 3F8158B.aspx
 [2][PDF]
 http://cms.tempel.es//adimage.php?filename=9_015551.pdfcontenttype=pdf

 Thanks,

 --
 Hugo Osvaldo Barrera

 [demime 1.01d removed an attachment of type application/pgp-signature]

-- 
Jérémie Courrèges-Anglas
PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: sendmail stops remote delivery when PTR for local IP points to domain-part

[Jérémie Courrèges-Anglas]

Paul de Weerd we...@weirdnet.nl writes:

 For the sendmail heroes out there...  Let's say I have the following
 in DNS:

 $ORIGIN example.com.
 @ IN  MX  10  mx1
 @ IN  A   192.0.2.1
 @ IN  2001:db8::1
 mx1   IN  A   192.0.2.2
 mx1   IN  2001:db8::2
 www   IN  A   192.0.2.1
 www   IN  2001:db8::1

 $ORIGIN 2.0.192.in-addr.arpa.
 1 IN  PTR example.com.
 2 IN  PTR mx1.example.com.

 $ORIGIN 
 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
 1 IN  PTR example.com.
 2 IN  PTR mx1.example.com.

 (assume there's SOA and NS records too, they're not relevant to the
 question)

 Now on machine 'www.example.com' (this is the hostname set in
 /etc/myname) I would like to send e-mail to x...@example.com.  However,
 sendmail ignores the MX record and attempts local delivery (which
 fails, because 'xxx' is not a local user).

 There's a ton of ways to solve this:

   - get rid of sendmail
   - change PTR records to www.example.com

I'd really go with this.

   - relay all mail via a smarthost (e.g. mx1.example.com)
   - rewrite to @mx1.example.com and fix on mx1
   - run a local resolver that lies about PTRs
   - ...

 However, I'd like to not do any of these but simply instruct sendmail
 to ignore what PTRs are saying local IPs are called.  I don't want to
 make an exception for whatever happens to be in PTR, my sendmail
 config is vanilla OpenBSD defaults and I expect all mail to be
 delivered according to what's in DNS (except for mail to
 www.example.com, the actual hostname (although I'd be interested to
 learn how to do the same for mails directed @www.example.com)).

 Can anybody think of a way to achieve this ?

http://weldon.whipple.org/sendmail/removew.html discusses this and gives
solutions.

HTH

 Thanks,

 Paul 'WEiRD' de Weerd


-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: strange bash (prompt) problem

[Jérémie Courrèges-Anglas]

MJ m...@netauth.com writes:

 Hi,

 Sometimes, maybe once ever 100 commands or so, I get the following type of 
 error:

 [root@black socklog]# dmesg | less
 -bash: $'\302\240less': command not found

Here you have an UTF-8 non-breaking space character.

 It is not reproducible, at least I don't know how to reproduce it. Hitting up
 arrow will reproduce it, but typing the command again will make it go away. It
 seems to only happen when piping output through something.

 Any ideas how to fix this?

Don't type on both your AltGr and your Space key when you don't intend
to.

 [root@black ~]# cat .bash_profile 
 alias ll='ls -al'

 PAGER=less
 PATH=/usr/local/bin:/usr/local/sbin:$PATH
 PS1=[\u@\h \W]# 
 LANG=en_US.UTF-8
 PKG_PATH=http://ftp.funet.fi/pub/mirrors/ftp.openbsd.org/pub/OpenBSD/5.2/packages/i386


 export PAGER PATH PKG_PATH PS1 LANG



 Thanks.

-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: installer - moving sets location right after network for automated installation

[Jérémie Courrèges-Anglas]

Theo de Raadt dera...@cvs.openbsd.org writes:
[...]
 The 5th word in your original email is we, and what you really mean
 to use there is the plural you.

Is that a new theo.c entry?

-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: 802.11n on obsd

[Jérémie Courrèges-Anglas]

Sean Shoufu Luo luosho...@gmail.com writes:

 Hi,

Hi,

 Does OBSD support real 802.11n? It seems not. Although many 802.11n devices
 are claimed supported, 802.11n capability is mostly not excluded, like
 run(4), otus(4), urtwn(4).

This has already been asked many times in the past.

From the manpage of one of the wifi card drivers I use:

CAVEATS
   The iwn driver does not support any of the 802.11n capabilities offered
   by the adapters.  Additional work is required in ieee80211(9) before
   those features can be supported.

The manpages you mention say the same.

 And, btw, how to find the official status page, for example, about
 supported hardward, the list provided in the page
 http://openbsd.org/i386.html seems not updated.

www.openbsd.org and openbsd.org aren't the same machines, you should
prefer the former.  But they're in sync and both have this cvs Id on the
i386.html page:

$OpenBSD: i386.html,v 1.713 2013/01/30 09:47:46 kirby Exp $

I can't think of something both official and more and up-to-date.

Regards,
-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Millions of files in /var/www inode / out of space issue.

[Jérémie Courrèges-Anglas]

Jiri B ji...@devio.us writes:

 On Wed, Feb 20, 2013 at 12:32:02AM +0100, Matthias Appel wrote:
 And by talking of ZFS, why not consider
 ext3/4,reiser,xfs,jfs,ntfs,whatever-fs to be ported to OpenBSD?

 Where are the diffs? For example real improvement would be FAT/NTFS
 speed on OpenBSD, as it is much much slower than on Linux.

Even with ''mount -o sync ...'' on the Linux side?

-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: [obsd] Re: Assigning an IP address to a bridge

[Jérémie Courrèges-Anglas]

Nick Holland n...@holland-consulting.net writes:

[...]

 While I personally love the Reboot and voila, I'm always concerned
 about how non-English/French readers would handle this -- does a Chinese
 person reading the FAQ understand this?  I'm hopelessly monolingual, so
 maybe I worry about the wrong things here (and this from the guy who
 re-styled the FAQ as the Hitchhiker's Guide / Bugbuster's Guide, so
 what do I know? :)

I just asked a chinese friend; he does agree with you, and proposed
that's it!.

 but...good work, thanks!

Yup, this is indeed a Frequently Asked Question. :)

 Nick.

-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: hi OpenBSD

[Jérémie Courrèges-Anglas]

Robert Kopp wrote:
 almost cannot believe it..what do you think [url snipped]
 
 Robert

Url shorteners are bad

Re: add a daemon user

[Jérémie Courrèges-Anglas]

Wesley M.A. open...@e-solutions.re writes:

 Hi,

Hi

 To add a daemon user like for example _nginx :

 useradd -L daemon -d /var/empty -s /sbin/nologin -g =uid _nginx

 Is this enough ?

[...]

Depends.  Your _nginx user will likely serve files, you don't want to put
them in /var/empty, which is where other daemons chroot.  Do you want to
chroot?  Why not use the www user?  Why not use the devel nginx package,
if you need a more recent version?

-- 
Jérémie Courrèges-Anglas
GPG Key Fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?

[Jérémie Courrèges-Anglas]

Reyk Floeter r...@openbsd.org writes:

 On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik
 erling.westen...@gmail.com wrote:
 I need to connect my ThinkPad T500 running 5.2 current to the wifi
 network here at my university.  E.g. the eduroam network which is
 available at most universities through, at least, Europe. After Googling
 around for a while I'm not sure whether OpenBSD yet has support for WPA2
 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a
 sample ifconfig?


 I haven't checked wpa_supplicant for a while, but you can find it in
 ports and some people actually seem to use it with OpenBSD.

 You can even find examples, the following is from a university in
 Germany 
 (http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de):

This webpage shows something that looks like a FreeBSD configuration,
only with s/Free/Open/.

 network={
 ssid=eduroam
 key_mgmt=WPA-EAP
 eap=TTLS
 identity=tim-acco...@rwth-aachen.de
 anonymous_identity=tim-acco...@rwth-aachen.de
 password=PASSWORT-FÜR-TIM-ACCOUNT
 ca_cert=/etc/certs/eduroam-chain.pem
 phase2=auth=PAP
 }

 But, again, I haven't tested it myself.

I don't think they have either. :)

 Reyk

-- 
Jérémie Courrèges-Anglas
GPG Key Fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?

[Jérémie Courrèges-Anglas]

 Erling Westenvik wrote:
 On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote:
  When I need eduroam, I connect my android phone via usb/urndis and
  let the phone handle the WPA2 enterprise stuff.
 
 Yes, my Android phone connects to eduroam but I did not think about the
 possibility of connecting my laptop to the phone via usb. Would you mind
 to share your config for doing that?

Last time I tried, it was like...
- plug the usb cable
- dhclient urndis0

Re: do we have a Perl interface to sysctl(3)?

[Jérémie Courrèges-Anglas]

Philip Guenther guent...@gmail.com writes:

 On Mon, Jan 14, 2013 at 1:16 AM, Jonathan Thornburg
 jth...@astro.indiana.edu wrote:
 FreeBSD has the BSD-Sysctl perl module available from CPAN, which would
 be ideal for my purposes... except that it doesn't (yet) support OpenBSD.

 So, uh, what fails if you try to build it?

cpan output
[...]
OS unsupported (openbsd). Here's a nickel, go buy yourself a real OS.
[..]

Dunno why they stripped kid from this sentence, the meaning wouldn't
have been much altered. 8)

-- 
Jérémie Courrèges-Anglas
GPG Key fingerprint: 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494