Re: installboot: no OpenBSD partition

[Jona Joachim]

After some more investigation and especially after stumbling upon a mail
from Otto Moerbeek from 2020, I found that the problem was a missing 'i'
partition in the disklabel.
installboot(8) needs the 'i' partition in the disklabel to find the EFI
partition, otherwise it will try to fall back to MBR.
After manually adding the 'i' partition, everything went find.

Here is the updated disklabel:
# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: KINGSTON SA400S3
duid: 09a9344c23abff6c
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 14593
total sectors: 234441648
boundstart: 1024
boundend: 234441615

16 partitions:
#    size   offset  fstype [fsize bsize   cpg]
  a:    230692352 1024  4.2BSD   2048 16384 12960 # /
  b:  3748239    230693376    swap # none
  c:    234441648    0  unused
  i:  960   64   MSDOS


installboot(8) works as expected now:
# installboot -v sd0
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
copying /usr/mdec/BOOTIA32.EFI to 
/tmp/installboot.AfBA3OfNsR/efi/BOOT/BOOTIA32.EFI
copying /usr/mdec/BOOTX64.EFI to 
/tmp/installboot.AfBA3OfNsR/efi/BOOT/BOOTX64.EFI



Best regards,
Jona

On 16/07/2023 17:28, Jona Joachim wrote:

Hi,

I have trouble with installboot on a small embedded amd64 system.

I get the following error during sysupgrade and also when I run
installboot manually: installboot: no OpenBSD partition.

You can find the output of installboot, fdisk and disklabel below.
I also attached a full dmesg.


I initially installed with 7.2 and I just upgraded to 7.3. This should
be a GPT install but installboot seems to find an MBR, maybe this is the
source of the problem.

If possible, I would like to be able to fix this problem without
reinstalling the system.

Do you have some idea what's going on?

Best regards,

Jona


# installboot -v sd0 /usr/mdec/biosboot /usr/mdec/boot
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
copying /usr/mdec/boot to //boot
looking for superblock at 65536
found valid ffs2 superblock
//boot is 6 blocks x 16384 bytes
fs block shift 2; part offset 1024; inode block 56, offset 2928
expecting 64-bit fs blocks (incr 4)
master boot record (MBR) at sector 0
    partition 0: type 0xEE offset 1 size 4294967295
installboot: no OpenBSD partition



# fdisk sd0

Disk: sd0   Usable LBA: 34 to 234441614 [234441648 Sectors]
   #: type [   start: size ]

   0: EFI Sys  [  64: 960 ]
   1: OpenBSD  [    1024: 234440591 ]


# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: KINGSTON SA400S3
duid: 09a9344c23abff6c
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 14593
total sectors: 234441648
boundstart: 1024
boundend: 234441615

16 partitions:
#    size   offset  fstype [fsize bsize   cpg]
  a:    230692352 1024  4.2BSD   2048 16384 12960 # /
  b:  3748239    230693376    swap # none
  c:    234441648    0  unused

installboot: no OpenBSD partition

[Jona Joachim]

Hi,

I have trouble with installboot on a small embedded amd64 system.

I get the following error during sysupgrade and also when I run
installboot manually: installboot: no OpenBSD partition.

You can find the output of installboot, fdisk and disklabel below.
I also attached a full dmesg.


I initially installed with 7.2 and I just upgraded to 7.3. This should
be a GPT install but installboot seems to find an MBR, maybe this is the
source of the problem.

If possible, I would like to be able to fix this problem without
reinstalling the system.

Do you have some idea what's going on?

Best regards,

Jona


# installboot -v sd0 /usr/mdec/biosboot /usr/mdec/boot
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
copying /usr/mdec/boot to //boot
looking for superblock at 65536
found valid ffs2 superblock
//boot is 6 blocks x 16384 bytes
fs block shift 2; part offset 1024; inode block 56, offset 2928
expecting 64-bit fs blocks (incr 4)
master boot record (MBR) at sector 0
    partition 0: type 0xEE offset 1 size 4294967295
installboot: no OpenBSD partition



# fdisk sd0

Disk: sd0   Usable LBA: 34 to 234441614 [234441648 Sectors]
   #: type [   start: size ]

   0: EFI Sys  [  64: 960 ]
   1: OpenBSD  [    1024: 234440591 ]


# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: KINGSTON SA400S3
duid: 09a9344c23abff6c
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 14593
total sectors: 234441648
boundstart: 1024
boundend: 234441615

16 partitions:
#    size   offset  fstype [fsize bsize   cpg]
  a:    230692352 1024  4.2BSD   2048 16384 12960 # /
  b:  3748239    230693376    swap # none
  c:    234441648    0  unused
OpenBSD 7.3 (GENERIC) #1072: Sat Mar 25 10:26:08 MDT 2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 7933616128 (7566MB)
avail mem = 7673876480 (7318MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xcce1b000 (22 entries)
bios0: vendor American Megatrends Inc. version "P1.30" date 11/27/2020
bios0: ASRock 4X4 BOX
efi0 at bios0: UEFI 2.7
efi0: American Megatrends rev 0x50010
acpi0 at bios0: ACPI 6.0Undefined scope: \\_SB_.PCI0.SBRG.EC0_

acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SDEV SSDT FIDT MCFG AAFT IADT IAMT HPET SSDT VFCT TPM2 
SSDT CRAT CDIT SSDT SSDT SSDT SSDT WSMT APIC SSDT SSDT FPDT
acpi0: wakeup devices GPP0(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) GP17(S4) 
XHC0(S4) XHC1(S4) GP18(S4) GP19(S4) SIO1(S3) GPP1(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 4500U with Radeon Graphics, 2375.00 MHz, 17-60-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 7 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 8 pa 0xfec01000, version 21, 32 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (GPP0)
acpiprt2 at acpi0: bus 3 (GPP3)
acpiprt3 at acpi0: bus -1 (GPP4)
acpiprt4 at acpi0: bus 4 (GP17)
acpiprt5 at acpi0: bus 5 (GP18)
acpiprt6 at acpi0: bus -1 (GP19)
acpiprt7 at acpi0: bus 2 (GPP1)
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
acpibtn0 at acpi0: PWRB
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C3(0@350 io@0x415), C2(0@400 io@0x414), C1(0@1 mwait), PSS
acpicpu1 at acpi0: no cpu matching ACPI ID 2
acpicpu2 at acpi0: no cpu matching ACPI ID 3
acpicpu3 at acpi0: no cpu matching ACPI ID 4
acpicpu4 at acpi0: no cpu matching ACPI ID 5
acpicpu5 at acpi0: no cpu matching ACPI ID 6
acpicpu6 at acpi0: no cpu matching ACPI ID 7
acpicpu7 at acpi0: no 

Re: Unable to create IKEv2 VPN using strongSwan to iked

[Jona Joachim]

Hmm, I tried your configuration and I get the same behaviour with strongswan. I 
don't have an iPhone to test. I tried playing around with the settings 
switching from x509 to PSK, changing strongswan knobs, always with the same 
result.
I can connect to other strongswan responders using this same client.
Do you have other special settings in other strongswan config files?
Do you have any special pf rules? I run with pf disabled for these tests. I 
don't think running pf is required to establish a tunnel.

Best regards,
Jona

On Apr 20, 2020, 16:02, at 16:02, R0me0 ***  wrote:
>Ajust as your necessity *
>
>( Don't forget to adjust your pf rules accordingly ) *
>
>
>
>OpenBSD 6.X ( Works with IPHONE AND STRONGSWAN )
>
>ikev2 "roadwarrior"  passive esp from 0.0.0.0/0 to 10.20.30.0/24 \
> local egress peer any  \
> ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
> childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
> dstid r...@openbsd.org psk "psk_passphrase" config address 10.20.30.32
>
>
>
>Iphone = just disable certificates and set psk
>
>
>Interoperability with StrongSwan
>
>
># cat /etc/ipsec.conf
>
> ipsec.conf – strongSwan IPsec configuration file
># basic configuration
>
>config setup
>
>conn %default
>ikelifetime=60m
>keylife=20m
>rekeymargin=3m
>keyingtries=1
>keyexchange=ikev2
>authby=secret
>ike=aes256-sha256-modp2048!
>esp=aes256-sha256-modp2048!
>
>conn strongswan
>left=%any
>leftfirewall=yes
>leftsourceip=%config
>right=REMOTE_PEER_IP
>rightid=puffymagic.ikedvpn.com
>rightsubnet=192.168.0.0/24,172.8.50.0/24 ( networks you want access on
>other side ) ( behind magic puffer fish )
>auto=add
>
>
>
># cat /etc/ipsec.secrets
>
># ipsec.secrets – strongSwan IPsec secrets file
>: PSK “strongopeniked”
>
>
>
>PS: Magic Puffer Fish Rock!
>
>Em seg., 20 de abr. de 2020 às 09:49, Jona Joachim 
>escreveu:
>
>> Hi,
>>
>> I am trying to connect to iked running on OpenBSD 6.6 from a
>strongSwan
>> 5.7.2 initiator running on Ubuntu 19.10 (which is behind NAT). I am
>> using x509 certificates generated by ikectl.
>>
>> The tunnel cannot be established. It is hard for me to see what's
>going
>> on. strongswan seems to be sending the same IKE_AUTH packet again and
>> again and iked does not seem to respond even though it receives the
>> packet and does not show an error. The only thing fishy I see in iked
>> output is "sa_state: cannot switch: AUTH_SUCCESS -> VALID", not sure
>why
>> it "cannot switch".
>>
>> Does anybody have a working setup between iked and strongSwan or any
>> insights? Config files and logs below.
>>
>> Thanks,
>>
>> Jona
>>
>>
>> iked.conf:
>>
>> ikev2 passive esp \
>>  from 0.0.0.0/0 to 10.201.201.0/24 \
>>  from 192.168.0.0/16 to 10.244.244.0/24 \
>>  from 10.244.244.0/24 to 192.168.0.0/16 \
>>  local 1.2.3.4 peer any \
>>  srcid vpn.example.com \
>> config address 10.201.201.0/24 \
>> config name-server 10.201.201.1 \
>>  tag "IKED"
>>
>>
>> ipsec.conf (strongSwan):
>>
>> config setup
>>  # strictcrlpolicy=yes
>>  # uniqueids = no
>>
>> conn puffvpn
>>  keyexchange=ikev2
>>  dpddelay=5s
>>  dpdtimeout=60s
>>  dpdaction=restart
>>
>>  left=%defaultroute
>>  leftcert=wookie.crt
>>  leftsubnet=192.168.0.0/16
>>  leftfirewall=yes
>>  leftid="wookie"
>>
>>  right=vpn.example.com
>>  rightsubnet=10.201.201.0/24
>>  rightid="vpn.example.com"
>>
>>  auto=start
>>
>> strongswan log:
>>
>> # ipsec up puffvpn
>> initiating IKE_SA puffvpn[5] to 1.2.3.4
>> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
>> N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
>> sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (928 bytes)
>> received packet: from 1.2.3.4[500] to 192.168.4.103[500] (38 bytes)
>> parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
>> peer didn't accept DH group ECP_256, it requested MODP_2048
>> initiating IKE_SA puffvpn[5] to 1.2.3.4
>> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
>> N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
>> sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (1120 bytes)
>> retransmit 1 of request with message ID 0
>> sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (1120 bytes)
>> retransmit 2 of r

Unable to create IKEv2 VPN using strongSwan to iked

[Jona Joachim]

Hi,

I am trying to connect to iked running on OpenBSD 6.6 from a strongSwan 
5.7.2 initiator running on Ubuntu 19.10 (which is behind NAT). I am 
using x509 certificates generated by ikectl.


The tunnel cannot be established. It is hard for me to see what's going 
on. strongswan seems to be sending the same IKE_AUTH packet again and 
again and iked does not seem to respond even though it receives the 
packet and does not show an error. The only thing fishy I see in iked 
output is "sa_state: cannot switch: AUTH_SUCCESS -> VALID", not sure why 
it "cannot switch".


Does anybody have a working setup between iked and strongSwan or any 
insights? Config files and logs below.


Thanks,

Jona


iked.conf:

ikev2 passive esp \
    from 0.0.0.0/0 to 10.201.201.0/24 \
    from 192.168.0.0/16 to 10.244.244.0/24 \
    from 10.244.244.0/24 to 192.168.0.0/16 \
    local 1.2.3.4 peer any \
    srcid vpn.example.com \
config address 10.201.201.0/24 \
config name-server 10.201.201.1 \
    tag "IKED"


ipsec.conf (strongSwan):

config setup
    # strictcrlpolicy=yes
    # uniqueids = no

conn puffvpn
    keyexchange=ikev2
    dpddelay=5s
    dpdtimeout=60s
    dpdaction=restart

    left=%defaultroute
    leftcert=wookie.crt
    leftsubnet=192.168.0.0/16
    leftfirewall=yes
    leftid="wookie"

    right=vpn.example.com
    rightsubnet=10.201.201.0/24
    rightid="vpn.example.com"

    auto=start

strongswan log:

# ipsec up puffvpn
initiating IKE_SA puffvpn[5] to 1.2.3.4
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) 
N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]

sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (928 bytes)
received packet: from 1.2.3.4[500] to 192.168.4.103[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group ECP_256, it requested MODP_2048
initiating IKE_SA puffvpn[5] to 1.2.3.4
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) 
N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]

sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (1120 bytes)
retransmit 1 of request with message ID 0
sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (1120 bytes)
retransmit 2 of request with message ID 0
sending packet: from 192.168.4.103[500] to 1.2.3.4[500] (1120 bytes)
received packet: from 1.2.3.4[500] to 192.168.4.103[500] (471 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) 
CERTREQ N(HASH_ALG) ]
selected proposal: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048

local host is behind NAT, sending keep alives
received 1 cert requests for an unknown ca
sending cert request for "CN=35.180.187.116"
sending cert request for "C=FR, ST=Ile-de-France, L=Paris, O=OpenBSD, 
OU=iked, CN=VPN CA, E=j...@joachim.cc"

authentication of 'wookie' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
sending end entity cert "C=FR, ST=Ile-de-France, L=Paris, O=puffvpn, 
OU=iked, CN=wookie, E=j...@joachim.cc"

establishing CHILD_SA puffvpn{7}
generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr 
AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]

sending packet: from 192.168.4.103[4500] to 1.2.3.4[4500] (1568 bytes)
retransmit 1 of request with message ID 1
sending packet: from 192.168.4.103[4500] to 1.2.3.4[4500] (1568 bytes)
retransmit 2 of request with message ID 1
sending packet: from 192.168.4.103[4500] to 1.2.3.4[4500] (1568 bytes)
retransmit 3 of request with message ID 1
sending packet: from 192.168.4.103[4500] to 1.2.3.4[4500] (1568 bytes)
sending keep alive to 1.2.3.4[4500]
retransmit 4 of request with message ID 1
sending packet: from 192.168.4.103[4500] to 1.2.3.4[4500] (1568 bytes)
sending keep alive to 1.2.3.4[4500]
sending keep alive to 1.2.3.4[4500]
retransmit 5 of request with message ID 1
sending packet: from 192.168.4.103[4500] to 1.2.3.4[4500] (1568 bytes)
sending keep alive to 1.2.3.4[4500]
sending keep alive to 1.2.3.4[4500]
sending keep alive to 1.2.3.4[4500]
giving up after 5 retransmits
peer not responding, trying again (2/3)
establishing connection 'puffvpn' failed

iked log:

# iked -dvv
ikev2 "policy1" passive esp inet from 10.244.244.0/24 to 192.168.0.0/16 
from 0.0.0.0/0 to 10.201.201.0/24 from 192.168.0.0/16 to 10.244.244.0/24 loc
al 1.2.3.4 peer any ikesa enc aes-256,aes-192,aes-128,3des prf 
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group 
modp2048,modp1536,modp
1024 childsa enc aes-256,aes-192,aes-128 auth hmac-sha2-256,hmac-sha1 
srcid vpn.example.com lifetime 10800 bytes 536870912 signature config 
address 1

0.201.201.0 config name-server 10.201.201.1 tag "IKED"
/etc/iked.conf: loaded 1 configuration rules
ca_privkey_serialize: type RSA_KEY length 1192
ca_pubkey_serialize: type RSA_KEY length 270
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1192
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
ca_reload: loaded 

iked cannot estabilsh tunnel when responder provides address configuration

[Jona Joachim]

Hi all,

I'm trying (again) to setup iked. I want to set up a site-to-site IKEv2 
VPN where both sides are behind NAT with a central OpenBSD responder 
which handles openbsd and strongswan initiators on both sides.


But first I'm starting small and I try to create a small site-to-site 
VPN with 2 peers where one is behind NAT using OpenBSD iked on both 
sides. Both sides run OpenBSD 6.6 with all syspatches applied.


This simple configuration is working, however I'm confronted with a 
strange finding where the setup stops working when I add an address 
configuration directive on the responder side.


Now I know that the OpenBSD iked client does not support IP 
configuration but I expected it to ignore the directive instead of going 
into what seems to be a wait loop.


I could not find any information regarding this issue in documentation 
or forums. I want to set up the address configuration because I plan to 
use it for the strongswan client later on.



Here is the working configuration:

Responder:
ikev2 passive esp \
   from 0.0.0.0/0 to 10.201.201.0/24 \
   local 1.2.3.4 peer any \
   srcid vpn.example.com \
   tag "IKED"

Initiator:
ikev2 active esp \
   from 0.0.0.0/0 to 10.201.201.0/24 \
   peer 1.2.3.4 \
   srcid initiator \
   tag "IKED"

Responder iked -dv:
ikev2 "policy1" passive esp inet from 0.0.0.0/0 to 10.201.201.0/24 local 
1.2.3.4 peer any ikesa enc aes-256,aes-192,aes-128,3des prf 
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group 
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth 
hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes 
536870912 signature tag "IKED"
spi=0xc1079b808ecf48e5: recv IKE_SA_INIT req 0 peer 5.6.7.8:500 local 
1.2.3.4:500, 510 bytes, policy 'policy1'
spi=0xc1079b808ecf48e5: send IKE_SA_INIT res 0 peer 5.6.7.8:500 local 
1.2.3.4:500, 451 bytes
spi=0xc1079b808ecf48e5: recv IKE_AUTH req 1 peer 5.6.7.8:4500 local 
1.2.3.4:4500, 784 bytes, policy 'policy1'
spi=0xc1079b808ecf48e5: send IKE_AUTH res 1 peer 5.6.7.8:4500 local 
1.2.3.4:4500, 720 bytes, NAT-T
spi=0xc1079b808ecf48e5: sa_state: VALID -> ESTABLISHED from 5.6.7.8:4500 
to 1.2.3.4:4500 policy 'policy1'



Now if I change the responder config to add address configuration 
without changing the initiator config:

ikev2 passive esp \
   from 0.0.0.0/0 to 10.201.201.0/24 \
   local 1.2.3.4 peer any \
   srcid vpn.example.com \
   config address 10.201.201.0/24 \
   tag "IKED"

Responder:
ikev2 "policy1" passive esp inet from 0.0.0.0/0 to 10.201.201.0/24 local 
1.2.3.4 peer any ikesa enc aes-256,aes-192,aes-128,3des prf 
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group 
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth 
hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes 
536870912 signature config address 10.201.201.0 tag "IKED"
spi=0x9b7bbe0baad5565b: recv IKE_SA_INIT req 0 peer 5.6.7.8:500 local 
1.2.3.4:500, 510 bytes, policy 'policy1'
spi=0x9b7bbe0baad5565b: send IKE_SA_INIT res 0 peer 5.6.7.8:500 local 
1.2.3.4:500, 451 bytes
spi=0x9b7bbe0baad5565b: recv IKE_AUTH req 1 peer 5.6.7.8:4500 local 
1.2.3.4:4500, 784 bytes, policy 'policy1'
spi=0x9b7bbe0baad5565b: recv IKE_AUTH req 1 peer 5.6.7.8:4500 local 
1.2.3.4:4500, 784 bytes, policy 'policy1'
spi=0x9b7bbe0baad5565b: recv IKE_AUTH req 1 peer 5.6.7.8:4500 local 
1.2.3.4:4500, 784 bytes, policy 'policy1'
spi=0x9b7bbe0baad5565b: recv IKE_AUTH req 1 peer 5.6.7.8:4500 local 
1.2.3.4:4500, 784 bytes, policy 'policy1'

(... repeat forever)

Initiator:
ikev2 "policy1" active esp inet from 0.0.0.0/0 to 10.201.201.0/24 local 
any peer 1.2.3.4 ikesa enc aes-256,aes-192,aes-128,3des prf hmac-sha2-25
6,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group 
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth 
hmac-sha2-256,hmac-sha1 srcid initiator lifetime 10800 bytes 536870912 
rsa tag "IKED"
spi=0x9b7bbe0baad5565b: send IKE_SA_INIT req 0 peer 1.2.3.4:500 local 
0.0.0.0:500, 510 bytes
spi=0x9b7bbe0baad5565b: recv IKE_SA_INIT res 0 peer 1.2.3.4:500 local 
192.168.5.2:500, 451 bytes, policy 'policy1'
spi=0x9b7bbe0baad5565b: send IKE_AUTH req 1 peer 1.2.3.4:4500 local 
192.168.5.2:4500, 784 bytes, NAT-T

(... repeat forever)

Thanks for your insights.


Best regards,

Jona JOACHIM




smime.p7s
Description: S/MIME Cryptographic Signature

Re: ownership of mailboxes with dovecot

[Jona Joachim]

On 2019-12-31, Roderick  wrote:
>
> On Tue, 31 Dec 2019, Eike Lantzsch wrote:
>
>> I'm using an IMAP mailserver with dovecot which is entirely limited to my
>> local network.
>> It pulls my external mail with fetchmail. [...]
>> user username1@foodomain.local.fantasea mailbox is owned by vmail [...]
>> Obviously dovecot has other ideas about security than OpenBSD. 
>
> Is dovecot or fetchmail who create the mailboxes?!
>
>> Can I remedy this (then: how?) or should I go on to ignore this warning?
>
> Perhaps configuring fetchmail?

Maybe the best approach would be to configure fetchmail to forward mail
to the Dovecot LDA, for example over LMTP. This way only Dovecot ever
writes to the mailbox and you have the added benefit of using additional
features such as sieve and indexed mailboxes.

Best regards,
Jona

relayd WebDAV / CalDAV

[Jona Joachim]

Hi,
I'm trying to replace my nginx setup with httpd + relayd.
I want to use relayd for virtual hosts and "TLS acceleration".

I have trouble with my Radicale CalDAV service. Radicale listens on 
localhost port 5232. relayd forwards the connection correctly until the 
client issues an http PROPFIND request. At that point relayd returns 500 
Internal server error. It seems relayd is not happy with webdav requests.

Is there a way to tell it to transparently forward unknown requests?

Here's my old nginx config:
% cat /etc/nginx/sites/radicale.conf
server {
  listen 443;
  server_name radicale.my.domain;

  ssl on;
  ssl_certificate /etc/nginx/certs/radicale.crt;
  ssl_certificate_key /etc/nginx/certs/radicale.key;

  location / {
proxy_passhttp://127.0.0.1:5232;
  }
}

Here's the replacement relayd config:
% cat /etc/relayd.conf
table  { 127.0.0.1 }
table  { 127.0.0.1 }

hostradicale="radicale.my.domain"

log updates

# Protocols
http protocol "tlsvhosts" {
return error
pass

match request header "Host" value $hostradicale forward to 
}

# Relay rules
relay tlsaccel {
listen on egress port 443 tls
protocol "tlsvhosts"

forward to  port 80 check tcp
forward to  port 5232 check tcp
}

Re: OpenBSD Songs - License

[Jona Joachim]

On 2016-08-05, <46rc1p+8qbgq1pcsq...@guerrillamail.com> 
<46rc1p+8qbgq1pcsq...@guerrillamail.com> wrote:
> Hi all,
>
> I've just discovered the OpenBSD Songs, but unfortunately I can't
> tell under which license they've been released. It would be really helpful if
> you could update your website with this information

See:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/telephony/asterisk-openbsd-moh/Makefile?rev=1.24=text/x-cvsweb-markup

# Copyright held by Theo; ok for non-commercial-redistribution

Best regards,
Jona

Re: LPR/LPD does not run filters

[Jona Joachim]

On 2015-10-27, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2015-10-25, Jona Joachim <j...@joachim.cc> wrote:
>> Hi, 
>> I was tired of CUPS so I decided keep it simple and stupid and use
>> lpd/lpr. Strangely, things don't work out as expected. It seems that
>> lpd never executes input filters.
>>
>> Here is the content of /etc/printcap:
>> lp|hl6050|Brother HL6050:\
>> :lp=:rm=hl6050.lan:\
>> :if=/home/jaj/bin/printbrother.sh:\
>> :sh:
>>
>> mg3150|canon|Canon MG3150:\
>> :lp=:rm=canon.lan:\
>> :if=/home/jaj/bin/printcanon.sh:\
>> :sh:
>>
>> Here is the content of printcanon.sh:
>> #!/bin/sh
>>
>> logger "printcanon called $@"
>>
>> /usr/local/bin/a2ps -BRq --columns=1 -o - | \
>> /usr/local/bin/foomatic-rip -q -P Canon-PIXMA-MG3150 \
>> --ppd /home/jaj/bin/Canon-PIXMA-MG3150-ijs-simplified.ppd
>>
>> printbrother.sh is the same except for driver and ppd.
>> Both scripts are executable.
>> I never see the "printcanon called" message in syslog and the printers
>> get incorrect data. The first printer understands a subset of
>> postscript so it prints fine, the second printer however does not.
>> If I run a document manually through the filter and the enqueue it to
>> lpr, the printers are more than happy to print.
>>
>> I see no error nowhere.
>>
>> $ cat /var/log/lpd-errs
>> Oct 25 07:47:01 asterix lpd[9652]: restarted
>> Oct 25 14:57:06 asterix lpd[17953]: restarted
>>
>> $ cat /var/spool/output/lpd/status
>> sending to hl6050.lan
>>
>> I went through the code of lpd to see where things could go wrong but
>> it's a bit complex and I couldn't understand the bits.
>>
>> Does anybody know where I could look to solve this?
>>
>> Best regards,
>> Jona
>>
>>
>
> Does the lpd user have permission to run those scripts? Maybe run lpd
> under ktrace -i for more clues. lpd filters definitely worked in -current
> as of April because I was using them for the music queue at p2k15.

I found out that it is related to using 'rm' instead of 'lp'. It
executes filters if I set lp=5...@hl6050.lan. It does not if I set
rm=hl6050.lan.

Re: LPR/LPD does not run filters

[Jona Joachim]

On 2015-10-27, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2015-10-25, Jona Joachim <j...@joachim.cc> wrote:
>> Hi, 
>> I was tired of CUPS so I decided keep it simple and stupid and use
>> lpd/lpr. Strangely, things don't work out as expected. It seems that
>> lpd never executes input filters.
>>
>> Here is the content of /etc/printcap:
>> lp|hl6050|Brother HL6050:\
>> :lp=:rm=hl6050.lan:\
>> :if=/home/jaj/bin/printbrother.sh:\
>> :sh:
>>
>> mg3150|canon|Canon MG3150:\
>> :lp=:rm=canon.lan:\
>> :if=/home/jaj/bin/printcanon.sh:\
>> :sh:
>>
>> Here is the content of printcanon.sh:
>> #!/bin/sh
>>
>> logger "printcanon called $@"
>>
>> /usr/local/bin/a2ps -BRq --columns=1 -o - | \
>> /usr/local/bin/foomatic-rip -q -P Canon-PIXMA-MG3150 \
>> --ppd /home/jaj/bin/Canon-PIXMA-MG3150-ijs-simplified.ppd
>>
>> printbrother.sh is the same except for driver and ppd.
>> Both scripts are executable.
>> I never see the "printcanon called" message in syslog and the printers
>> get incorrect data. The first printer understands a subset of
>> postscript so it prints fine, the second printer however does not.
>> If I run a document manually through the filter and the enqueue it to
>> lpr, the printers are more than happy to print.
>>
>> I see no error nowhere.
>>
>> $ cat /var/log/lpd-errs
>> Oct 25 07:47:01 asterix lpd[9652]: restarted
>> Oct 25 14:57:06 asterix lpd[17953]: restarted
>>
>> $ cat /var/spool/output/lpd/status
>> sending to hl6050.lan
>>
>> I went through the code of lpd to see where things could go wrong but
>> it's a bit complex and I couldn't understand the bits.
>>
>> Does anybody know where I could look to solve this?
>>
>> Best regards,
>> Jona
>>
>>
>
> Does the lpd user have permission to run those scripts? Maybe run lpd
> under ktrace -i for more clues. lpd filters definitely worked in -current
> as of April because I was using them for the music queue at p2k15.

Well, specifying 'lp' instead of 'rm' does make it run filters, but the job
is not sent to the printer, even when I use the port@host format from
the man page. As soon as I set 'rm', filters are no longer executed.

LPR/LPD does not run filters

[Jona Joachim]

Hi, 
I was tired of CUPS so I decided keep it simple and stupid and use
lpd/lpr. Strangely, things don't work out as expected. It seems that
lpd never executes input filters.

Here is the content of /etc/printcap:
lp|hl6050|Brother HL6050:\
:lp=:rm=hl6050.lan:\
:if=/home/jaj/bin/printbrother.sh:\
:sh:

mg3150|canon|Canon MG3150:\
:lp=:rm=canon.lan:\
:if=/home/jaj/bin/printcanon.sh:\
:sh:

Here is the content of printcanon.sh:
#!/bin/sh

logger "printcanon called $@"

/usr/local/bin/a2ps -BRq --columns=1 -o - | \
/usr/local/bin/foomatic-rip -q -P Canon-PIXMA-MG3150 \
--ppd /home/jaj/bin/Canon-PIXMA-MG3150-ijs-simplified.ppd

printbrother.sh is the same except for driver and ppd.
Both scripts are executable.
I never see the "printcanon called" message in syslog and the printers
get incorrect data. The first printer understands a subset of
postscript so it prints fine, the second printer however does not.
If I run a document manually through the filter and the enqueue it to
lpr, the printers are more than happy to print.

I see no error nowhere.

$ cat /var/log/lpd-errs
Oct 25 07:47:01 asterix lpd[9652]: restarted
Oct 25 14:57:06 asterix lpd[17953]: restarted

$ cat /var/spool/output/lpd/status
sending to hl6050.lan

I went through the code of lpd to see where things could go wrong but
it's a bit complex and I couldn't understand the bits.

Does anybody know where I could look to solve this?

Best regards,
Jona

Re: LPR/LPD does not run filters

[Jona Joachim]

On 2015-10-25, Predrag Punosevac  wrote:
>> Hi, 
>> I was tired of CUPS so I decided keep it simple and stupid and use
>> lpd/lpr. Strangely, things don't work out as expected. It seems that
>> lpd never executes input filters.
>> 
>> Here is the content of /etc/printcap:
>> lp|hl6050|Brother HL6050:\
>> :lp=:rm=hl6050.lan:\
>> :if=/home/jaj/bin/printbrother.sh:\
>> :sh:
>> 
>> mg3150|canon|Canon MG3150:\
>> :lp=:rm=canon.lan:\
>> :if=/home/jaj/bin/printcanon.sh:\
>> :sh:
>> 
>> Here is the content of printcanon.sh:
>> #!/bin/sh
>> 
>> logger "printcanon called $@"
>> 
>> /usr/local/bin/a2ps -BRq --columns=1 -o - | \
>> /usr/local/bin/foomatic-rip -q -P Canon-PIXMA-MG3150 \
>> --ppd /home/jaj/bin/Canon-PIXMA-MG3150-ijs-simplified.ppd
>> 
>> printbrother.sh is the same except for driver and ppd.
>> Both scripts are executable.
>> I never see the "printcanon called" message in syslog and the printers
>> get incorrect data. The first printer understands a subset of
>> postscript so it prints fine, the second printer however does not.
>> If I run a document manually through the filter and the enqueue it to
>> lpr, the printers are more than happy to print.
>> 
>> I see no error nowhere.
>> 
>> $ cat /var/log/lpd-errs
>> Oct 25 07:47:01 asterix lpd[9652]: restarted
>> Oct 25 14:57:06 asterix lpd[17953]: restarted
>> 
>> $ cat /var/spool/output/lpd/status
>> sending to hl6050.lan
>> 
>> I went through the code of lpd to see where things could go wrong but
>> it's a bit complex and I couldn't understand the bits.
>> 
>> Does anybody know where I could look to solve this?
>> 
>> Best regards,
>> Jona
>> 
>
> Have you checked ports mailing list? I posted this about a year ago.
>
>
> I know that many people were very frustrated when upstream broke
> foomatic-rip for LPD users. Thanks to Antoine Jacoutot many of us will
> be CUPS free for years to come. I am leaving internet trace for people
> who would be looking for the info but Antoine documentation
>
> /usr/local/share/doc/pkg-readmes/cups-filters-1.0.54p2
>
> is golden standard.
>
> In the nut shell what I did:

Yes, you did exactly the same as me.

Re: iked rsa pki configuration

[Jona Joachim]

On 2015-08-19, Sebastien Marie sema...@openbsd.org wrote:
 On Wed, Aug 19, 2015 at 10:33:54AM +0200, Reyk Floeter wrote:
 
 I attached a diff that generates new .cnf files by expanding the
 variables in the source .cnf files and generating target .cnf files.
 It works with both, ikeca.cnf and x508v3.cnf (ignore the warnings),
 but you/we should install ikeca.cnf to /etc/ssl/ by default.
 
 There are more pending changes for ikectl (eg. from semarie@), but I'd
 like to fix this first.
 
 OK?
 
 Reyk
 
 Index: Makefile
 ===
 RCS file: /cvs/src/usr.sbin/ikectl/Makefile,v
 retrieving revision 1.3
 diff -u -p -u -p -r1.3 Makefile
 --- Makefile 18 Jan 2014 05:54:51 -  1.3
 +++ Makefile 19 Aug 2015 08:12:39 -
 @@ -3,7 +3,7 @@
  .PATH:  ${.CURDIR}/../../sbin/iked
  
  PROG=   ikectl
 -SRCS=   log.c ikeca.c ikectl.c parser.c
 +SRCS=   log.c ikeca.c ikectl.c parser.c util.c

 util.c is missing from diff

util.c is pulled in from the iked folder. It is already in the tree.

Re: iked rsa pki configuration

[Jona Joachim]

On 2015-08-19, Reyk Floeter r...@openbsd.org wrote:
 On Wed, Aug 19, 2015 at 02:04:47PM +1000, Jonathan Gray wrote:
 On Tue, Aug 18, 2015 at 09:22:14PM +0200, Reyk Floeter wrote:
  On Tue, Aug 18, 2015 at 02:26:29PM +, Jona Joachim wrote:
   Hi,
   I'm currently trying to setup a road warrior IKEv2 IPSEC tunnel between
   two OpenBSD boxes running a recent amd64 snapshot. The client is behing
   a NAT.
   The setup works with a PSK but I cannot make it work with RSA
   certificates. No matter what I tried, the client seems to fail
   connecting with:
   ca_getreq: no valid local certificate found
   
   I turn to the mailing list to see if anybody can point me into the right
   direction.
   
   I loosely followed the following guide:
   http://puffysecurity.com/wiki/openikedoffshore.html
   I will try to shorten the command output to make it more readable.
   
   There is an OpenSSL error during the creation of the CA concerning a
   missing element in openssl.cnf. I did not modify openssl.cnf.
   
   On the server side I did the following:
   
   # ikectl ca ikeca create 
   [...]
   Signature ok
   subject=/C=NL/CN=ikeca/emailAddress=j...@joachim.cc
   Getting Private key
   Using configuration from /etc/ssl/openssl.cnf
   variable lookup failed for ca::default_ca
   7504668282756:error:0E06D06C:configuration file
   routines:NCONF_get_string:no
   value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
   name=default_ca
   
  
  It seems that the changes in LibreSSL (or newer OpenSSL before the
  fork) broke some things in ikectl.
  
  Specifically, the possibility to overwrite variables like CERTIP or
  CERTFQDN via $ENV:: options in x509v3.cnf ikeca.cnf* seems to be
  broken; or not longer supported because of security concerns.
  
  Your log file gives a hint that the default CERTFQDN = nohost.nodomain
  value from /etc/ssl/x509v3.cnf (or /etc/ssl/ikeca.cnf) is used instead
  of the CERTFQDN overwrite from the environment (as set by ikectl):
  
   ca_getreq: found CA /C=NL/CN=ikeca/emailAddress=j...@joachim.cc
   ca_x509_subjectaltname: FQDN/nohost.nodomain
   ca_x509_subjectaltname_cmp: FQDN/nohost.nodomain mismatched
   ca_getreq: no valid local certificate found
  
  If libressl no longer supports $ENV in the .cnf files, we have to find
  another way, eg. by generating and using a .cnf file for each
  certificate.
 
 LibreSSL purposefully removed support for environment variables in
 http://marc.info/?l=openbsd-cvsm=142876823016723w=2
 http://marc.info/?l=openbsd-cvsm=142876823016723w=2
 
 So another way is indeed needed.

 In this case, LibreSSL was Theo who unintentionally broke ikectl.

 I attached a diff that generates new .cnf files by expanding the
 variables in the source .cnf files and generating target .cnf files.
 It works with both, ikeca.cnf and x508v3.cnf (ignore the warnings),
 but you/we should install ikeca.cnf to /etc/ssl/ by default.

The patch fixes certificate generation for me.  SubjectAltName gets set
correctly and iked is happy. It is unfortunate that openssl does not
accept SANs as command line arguments. I like the nice stringe expansion
solution.
Maybe libtls will wrap this up nicely, making it possible to generate
the certificates through the API.

Re: iked rsa pki configuration

[Jona Joachim]

On 2015-08-18, Reyk Floeter r...@openbsd.org wrote:
 On Tue, Aug 18, 2015 at 02:26:29PM +, Jona Joachim wrote:
 Hi,
 I'm currently trying to setup a road warrior IKEv2 IPSEC tunnel between
 two OpenBSD boxes running a recent amd64 snapshot. The client is behing
 a NAT.
 The setup works with a PSK but I cannot make it work with RSA
 certificates. No matter what I tried, the client seems to fail
 connecting with:
 ca_getreq: no valid local certificate found
 
 I turn to the mailing list to see if anybody can point me into the right
 direction.
 
 I loosely followed the following guide:
 http://puffysecurity.com/wiki/openikedoffshore.html
 I will try to shorten the command output to make it more readable.
 
 There is an OpenSSL error during the creation of the CA concerning a
 missing element in openssl.cnf. I did not modify openssl.cnf.
 
 On the server side I did the following:
 
 # ikectl ca ikeca create 
 [...]
 Signature ok
 subject=/C=NL/CN=ikeca/emailAddress=j...@joachim.cc
 Getting Private key
 Using configuration from /etc/ssl/openssl.cnf
 variable lookup failed for ca::default_ca
 7504668282756:error:0E06D06C:configuration file
 routines:NCONF_get_string:no
 value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
 name=default_ca
 

 It seems that the changes in LibreSSL (or newer OpenSSL before the
 fork) broke some things in ikectl.

 Specifically, the possibility to overwrite variables like CERTIP or
 CERTFQDN via $ENV:: options in x509v3.cnf ikeca.cnf* seems to be
 broken; or not longer supported because of security concerns.

 Your log file gives a hint that the default CERTFQDN = nohost.nodomain
 value from /etc/ssl/x509v3.cnf (or /etc/ssl/ikeca.cnf) is used instead
 of the CERTFQDN overwrite from the environment (as set by ikectl):

 ca_getreq: found CA /C=NL/CN=ikeca/emailAddress=j...@joachim.cc
 ca_x509_subjectaltname: FQDN/nohost.nodomain
 ca_x509_subjectaltname_cmp: FQDN/nohost.nodomain mismatched
 ca_getreq: no valid local certificate found

 If libressl no longer supports $ENV in the .cnf files, we have to find
 another way, eg. by generating and using a .cnf file for each
 certificate.

 As a workaround, you could try to edit CERTFQDN/CERTIP in
 x509v3.cnf/ikeca.cnf manually before generating the certificate.

Manually editing x509v3.cnf permitted to create valid certificates and
solved the problem. Strange that I am the first one to run into this
problem.

Thank you very much for the quick support!

Re: Ubiquiti EdgeRouter Lite

[Jona Joachim]

On 2015-08-18, Ted Unangst t...@tedunangst.com wrote:
 Predrag Punosevac wrote:
 Dear All,
 
 I am contemplating buying a new machine which will act as a router/DNS
 caching server for my home network. Is anybody currently running OpenBSD
 on the Ubiquiti Networks EdgeRouter LITE in that capacity? I saw that in
 June 2015 USB support was added which allows installing to local disk on
 machine. Can anybody point me to a work in progress documentation diff
 for installing 5.8 octeon port.  I am reading right now

 Here are my notes, which are basic, but should be enough to get you through if
 you're familiar with openbsd.
 http://www.tedunangst.com/flak/post/OpenBSD-on-ERL

Thank you very much for the write-up! I'm looking into buying hardware
to build a small OpenBSD home router and this looks interesting.
You say that the machine will not be able to serve as an IPSEC gateway.
Is that when you consider Gigabit ethernet or do you think that even a
10 Mbit connection will require too much computational power to do
IPSEC on this machine?
You also mention the usb driver which is not so reliable. I don't see a
USB port on the machine. Is this an internal bus? I would be interested
to use it with hostapd with a usb wifi nic.

Kindly,
Jona Joachim

iked rsa pki configuration

[Jona Joachim]

config_free_proposals: free 0x1321b9042c00
ca_getreq: found CA /C=NL/CN=ikeca/emailAddress=j...@joachim.cc
ca_x509_subjectaltname: FQDN/nohost.nodomain
ca_x509_subjectaltname_cmp: FQDN/nohost.nodomain mismatched
ca_getreq: no valid local certificate found
ca_setauth: auth length 272
ikev2_getimsgdata: imsg 18 rspi 0xbefb86b890333bf9 ispi
0xbd1fee3cb9ebd386 initiator 1 sa valid type 0 data length 0
ikev2_dispatch_cert: cert type NONE length 0, ignored
ikev2_getimsgdata: imsg 23 rspi 0xbefb86b890333bf9 ispi
0xbd1fee3cb9ebd386 initiator 1 sa valid type 14 data length 272
ikev2_dispatch_cert: AUTH type 14 len 272
sa_stateflags: 0x00 - 0x04 auth (required 0x05 cert,auth)
sa_stateok: SA_INIT flags 0x04, require 0x05 cert,auth
ikev2_init_ike_sa: policy1 is already active


Kind regards,
Jona Joachim

Re: cdce0 in ifconfig

[Jona Joachim]

On 2015-04-29, Cristián Edwards cri...@gmail.com wrote:
 Problem is that only the ugen driver is present... so I think there is no
 chance of speaking with the modem.

 Will read the link thoruoughly

You have a cdce device. As sthen@ already kindly suggested, you should
be able to just do dhclient cdce0.

Re: 500 httpd error with owncloud

[Jona Joachim]

On 2014-12-29, Clemens Gößnitzer e1126...@student.tuwien.ac.at wrote:
 Hey,

Since your initial email you have not included any config files, i.e.
httpd.conf, etc. Would you, perhaps, care to share them with us? My
shew stone is being serviced.

 Of course. Here they are:

 # cat /etc/httpd.conf
 server default {
 listen on wpi0 port 80
 directory { no index, index index.php }

 location *.php {
 fastcgi socket /run/php-fpm.sock
 }

 }

 types {
 include /usr/share/misc/mime.types
 }


 /etc/php-5.5.ini: everything default except the values mentioned in the
 pkg-readme of owncloud:

 allow_url_fopen = On
 memory_limit = 512M
 upload_max_filesize = 1024M  # to accept large files upload
 post_max_size = 1030M# sync with above value

 all other php module config files unchanged, and active according to
 phpinfo().

 # cat /var/www/owncloud/config/config.php
?php
 $CONFIG = array (
   'instanceid' = 'MY_ID',
   'passwordsalt' = 'MY_PW-SALT',
   'secret' = 'MY_SECRECT',
   'trusted_domains' =
   array (
 0 = '192.168.178.49',
   ),
   'datadirectory' = '/owncloud-data',
   'overwrite.cli.url' = 'http://192.168.178.49/owncloud',
   'dbtype' = 'sqlite3',
   'version' = '7.0.4.2',
   'dbname' = 'owncloud_db',
   'dbhost' = '127.0.0.1',
   'dbtableprefix' = 'oc_',
   'dbuser' = 'oc_clemens',
   'dbpassword' = 'MY_DB-PASSWORD',
   'installed' = true,
 );

Was the sqlite database created? 'installed = true' means that it
assumes that the database is functional and it will not be initialized.
Also you will not need the hostname, user, db prefix, etc. with sqlite.

Also make sure that you don't need any url rewrites. I'm using
owncloud-6.0.4 and the documentation recommends url rewrites which are
not mandatory for owncloud to work but perhaps this changed in the new
version. Perhaps you should try with nginx and the recommended
configuration and see if it works and then go back to httpd.

Best regards,
Jona

Re: fastcgi support in httpd(8)

[Jona Joachim]

On 2014-11-22, Riley Baird 
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch wrote:
 Hi,

 I am running OpenBSD 5.6-stable (without the X packages).

 I have successfully setup the httpd(8) webserver, but only for static
 webpages. I have been unable to get cgi (perl) scripts to run.

That is because httpd(8) does not support plain CGI. It supports FastCGI
which is an entirely different thing.
You probably want to run slowcgi(8) which is a a FastCGI to CGI wrapper
server.

Best regards,
J JOACHIM

Re: I have several questions

[Jona Joachim]

On 2014-08-11, Theo de Raadt dera...@cvs.openbsd.org wrote:
  Did you use separate disk partitions, or just make one big / partition?
  If the latter, that would *probably* stop the signature verification from
  being possible.
 
 
 By installation files I mean installation files on CD
 The installation program says it can't verify
 and I have to make an answer to let installation program go ahead

 You mean you used the install*.iso or install*.fs files for installation.

 This is documented that these media do not have signatures for the
 contents inside themselves.  For those install methods you have to verify
 the install media files themselves beforehands.

 Did you do that?  You didn't, did you.  And then you booted that on
 your machine?  Tsk tsk.  This is the least of your problems...

This has not been an problem in the last twenty or so years.

Best regards,
J JOACHIM

Audio output to multiple devices

[Jona Joachim]

Hello,
if I have multiple audio devices rsnd/0 and rsnd/1, is it possible to
duplicate the output of one program and play it across both devices at
the same time? I went through the sndio manual but I could not find a
way to do this.

Best regards,
Jona

Re: Audio output to multiple devices

[Jona Joachim]

On 2014-07-31, Alexandre Ratchov a...@caoua.org wrote:
 On Thu, Jul 31, 2014 at 04:26:11PM +, Jona Joachim wrote:
 Hello,
 if I have multiple audio devices rsnd/0 and rsnd/1, is it possible to
 duplicate the output of one program and play it across both devices at
 the same time? I went through the sndio manual but I could not find a
 way to do this.
 

 hi,

 that isn't possible yet. You could duplicate it across two
 sub-devices of the same hardware device though (eg. rear speakers
 and front speakers).

Thank you very much!

Re: Gnome 3, toad and my android phone

[Jona Joachim]

On 2014-05-24, Nils R m...@hxgn.net wrote:
 Hi misc@,

 i'm currently trying to find an easy way to copy the pictures i made
 with my android phone to my openbsd -current machine.  To make things
 easy, i installed the gnome, gnome-extras and toad (like advised in 
 [1].)

 My usb sticks mount fine, but the android phone is only seen by the 
 system, but not mounted by toad in any way (neither when i tell it 
 to connect over MTP, nor over PTP.)  Relevant snippet from dmesg:

 ugen0 at uhub2 port 2 motorola XT1032 rev 2.00/2.28 addr 2

 mtp-detect finds the device, the output of this command is attached.
 So far i haven't tried to sync files over the command line, and would
 like to avoid this.

 Is there a way to make it work with toad, or do i have to rely on file 
 sync via commadline/sftp or something like that?

MTP support is scarce in OpenBSD for the moment.
If your phone supports USB mass storage mode then you should probably
use that. If not, you can try jmtpfs from the openbsd-wip ports:
https://github.com/jasperla/openbsd-wip/tree/master/sysutils/jmtpfs
It mounts the MTP filesystem with fuse(4). However it is quite unstable
for me.
If you only want to copy your pictures, the most reliable way is to use
graphics/gphoto2 (for example gphoto2 --get-all-files).

Best regards,
Jona

Re: Gnome 3, toad and my android phone

[Jona Joachim]

On 2014-05-24, Nils R m...@hxgn.net wrote:
 Jona Joachim schrieb am 24.05.2014 12:06:

 On 2014-05-24, Nils R m...@hxgn.net wrote:
 Hi misc@,

 i'm currently trying to find an easy way to copy the pictures i made
 with my android phone to my openbsd -current machine.  To make things
 easy, i installed the gnome, gnome-extras and toad (like advised in 
 [1].)

 My usb sticks mount fine, but the android phone is only seen by the 
 system, but not mounted by toad in any way (neither when i tell it 
 to connect over MTP, nor over PTP.)  Relevant snippet from dmesg:

 ugen0 at uhub2 port 2 motorola XT1032 rev 2.00/2.28 addr 2

 mtp-detect finds the device, the output of this command is attached.
 So far i haven't tried to sync files over the command line, and would
 like to avoid this.

 Is there a way to make it work with toad, or do i have to rely on file 
 sync via commadline/sftp or something like that?
 
 MTP support is scarce in OpenBSD for the moment.
 If your phone supports USB mass storage mode then you should probably
 use that. If not, you can try jmtpfs from the openbsd-wip ports:
 https://github.com/jasperla/openbsd-wip/tree/master/sysutils/jmtpfs
 It mounts the MTP filesystem with fuse(4). However it is quite unstable
 for me.
 If you only want to copy your pictures, the most reliable way is to use
 graphics/gphoto2 (for example gphoto2 --get-all-files).
 
 Best regards,
 Jona
 

 Hi Jona,

 thanks, i'll try that out as well.  Pictures are the most important thing,
 but access to my videos, music and the filesystem in general (to sync my 
 flash cards from mnemosyne) would be very nice, too.  To my understanding,
 there is no (working) bluetooth support on openbsd either yet.

Bluetooth support existed but was removed because the code was
unmaintained and interest was lacking.
gphoto2 copies videos and maybe audio (at least there is a
--get-all-audio-data option)

Best regards,
Jona

Yaifo 5.5 amd64

[Jona Joachim]

Hi,
since the upgrade from 5.4 to 5.5 can be quite dangerous when done
manually with only remote access, I patched yaifo to upgrade my personal
server. It is functional only for amd64, I did not test any other
platform.
For those who are interested, you can find the patched version here:
http://joachim.cc/files/yaifo55.tar.gz

Best regards,
Jona JOACHIM

Re: Yaifo WIP

[Jona Joachim]

On 2014-02-09, Stuart Henderson s...@spacehopper.org wrote:
 On 2014-02-08, Jona Joachim j...@joachim.cc wrote:
 Hello,
 I've been in need for yaifo for quite some time now, so I decided to 
 bring up some patches to make it work with -CURRENT.

 Seems like a good time to ask: with the new autoinstall(8) functionality,
 do you still need yaifo?

 Are there any small changes to the auto installer that would help the
 standard installer replace yaifo in more situations?

I think yaifo is very useful for situations where the machine is in some
datacenter where you do not control the network infrastructure and don't
have local access. In this case, you do not control the dhcp server (if
there is one) and autoinstall cannot work. If autoinstall had the option
to read the config files from the local hard drive this could be
addressed. One of the advantages of yaifo is also that you can see in
real-time if things go wrong during the upgrade and correct the errors
(broken mirrors, changes to devices, etc.) autoinstall is definitely a
great feature, I haven't tried it out so far.

Best regards,
Jona

Yaifo WIP

[Jona Joachim]

Hello,
I've been in need for yaifo for quite some time now, so I decided to 
bring up some patches to make it work with -CURRENT.
This is work in progress. I only built it on amd64, maybe it will build 
on i386 but it will certainly not work for other architectures.
yaifo.rd boots but you cannot do much via ssh because it fails to 
allocate a pty:

asterix% ssh root@10.0.0.17
PTY allocation request failed on channel 0

Welcome to the OpenBSD/amd64 5.5 installation program.

So basically you can type commands but don't get any output. I don't 
know why this happens, I even tried to add the pty pseudo-device to the 
kernel config file without success.
yaifo.fs does not work, it cannot find the kernel to boot. installboot 
throws some warnings but I don't have enough understanding of the boot 
process to figure out right now what's going wrong.


If anybody wants to have a look, here is the patched tarball:
http://joachim.cc/files/yaifo-55beta-wip.tar.gz

I was able to build it against OpenBSD 5.5 GENERIC.MP#284 amd64.

Best regards,
Jona

Re: Yaifo WIP

[Jona Joachim]

On 2014-02-08, Jona Joachim j...@joachim.cc wrote:
 Hello,
 I've been in need for yaifo for quite some time now, so I decided to 
 bring up some patches to make it work with -CURRENT.
 This is work in progress. I only built it on amd64, maybe it will build 
 on i386 but it will certainly not work for other architectures.
 yaifo.rd boots but you cannot do much via ssh because it fails to 
 allocate a pty:
 asterix% ssh root@10.0.0.17
 PTY allocation request failed on channel 0

As Miod suggested off list, this was due to the fact that the necessary
devices were not created in /dev. This is fixed in the updated tarball:

 http://joachim.cc/files/yaifo-55beta-wip.tar.gz

asterix% ssh root@10.0.0.17
Enter passphrase for key '/home/jaj/.ssh/id_rsa': 
Welcome to YAIFO: The network-based installer for OpenBSD.

Welcome to the OpenBSD/amd64 5.5 installation program.
(I)nstall, (U)pgrade or (S)hell?  

Re: cwm rocks : but...

[Jona Joachim]

On 2013-10-05, Thomas Pfaff tpf...@tp76.info wrote:
 On Sat, 5 Oct 2013 23:10:07 +0200
 Thomas Pfaff tpf...@tp76.info wrote:

  * can the openbsd 'xdm' be made to look equally minimalistic?
(i tried fiddling with the resources, made my system freeze).
   best.
 
 I like this -- http://tp76.info/stuff/slim-login.png


 I should probably also have said that this is x11/slim with a custom
 theme (also found here -- http://tp76.info/stuff/SLIM-Puffy.tar.gz).

The question was about xdm which is not x11/slim. By the way, there is
an x11/slim-themes package which has an OpenBSD theme.

Best regards,
Jona

installboot invalid boot record signature, yaifo

[Jona Joachim]

Hi,
I'm currently patching yaifo to make it work with -CURRENT. The build is
going fine, however I'm stuck at an installboot error which I don't
understand.

/usr/bin/sudo /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot
/dev/rvnd0c
boot: /mnt/boot proto: /usr/mdec/biosboot device: /dev/rvnd0c
installboot: disklabel type unknown
/mnt/boot is 9 blocks x 8192 bytes
fs block shift 1; part offset 0; inode block 32, offset 936
master boot record (MBR) at sector 0
installboot: invalid boot record signature (0x) @ sector 0

I don't understand why installboot fails here and I can't find a reference
to the error.
Can anybody explain to me what is going wrong?
You can find the whole log attached.

Best regards,
Jona

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of make2.log]

Re: Starting popa3d ...

[Jona Joachim]

On 2011-09-13, samt samtw...@gmail.com wrote:
 On 13/09/2011 9:04 PM, Tor Houghton wrote:
 On Tue, Sep 13, 2011 at 12:19:21PM +0930, David Walker wrote:
 Hi.

 uname -rsv
 OpenBSD 5.0 GENERIC#39

 I'm gearing up to use popa3d and testing it on a machine.

 I tried the following in rc.conf.local (where V is version number and
 exeunt) ...
 popa3d_flags=-D
 popa3d_flags=-V
 popa3d_flags=-D -V

 ... and it does not start.

 Even though I see this in RC.D(8) ...

 snip

 popa3d is started by inetd; for example

 $ grep -i pop /etc/inetd.conf
 127.0.0.1:pop3 stream  tcp nowait  root/usr/sbin/popa3d   popa3d

 in my case, i only listen on localhost (connections to this daemon gets
 forwarded by stunnel or ssh).

 kind regards,

 tor houghton


 Short answer to OP:

  Not all binaries that can be run as services have rc.d(8) control 
 scripts.

Quick and dirty way to find out if you can run the daemon that way:

grep popa3d /etc/rc.conf

Best regards,
Jona

-- 
Pond-erosa Puff wouldn't take no guff
Water oughta be clean and free
So he fought the fight and he set things right
With his OpenBSD

Re: dhclient implementation

[Jona Joachim]

On 2011-08-27, I??igo Ortiz de Urbina inigoortizdeurb...@gmail.com wrote:
 On Sat, Aug 27, 2011 at 1:01 AM, Jona Joachim j...@hcl-club.lu wrote:
 On 2011-08-26, I??igo Ortiz de Urbina inigoortizdeurb...@gmail.com wrote:
 Supersede gives me what I want. It just felt weird those entries
 ended up on resolv.conf when I had not requested them.

 Thanks and sorry for the noise.

 This is expected behaviour for the prepend option, it does just that:
 request the name servers and prepend the one(s) you supplied. That way
 by default the system will use the name server you supplied in the
 configuration file but will fall back to the ones given by your router
 in case the first name server is not reachable.

 As I said Jona offlist, yes, I understand that behavior.

I did not say anything off list.

Re: dhclient implementation

[Jona Joachim]

On 2011-08-26, I?igo Ortiz de Urbina tarom...@gmail.com wrote:
 Hi all users and developers

 I simply noticed what I would call a weird behaviour on my 32 bit 4.9
 GENERIC#671 box's dhclient, which I hope is not the expected behavior.
 While reading RFC2131, I didnt find any sentence stating or implying
 that is the desired behavior, as in a server MUST

 Say I run a local instance of named on my machine. I dont want dhcp to
 overwrite my resolv.conf, so I add the classical prepend
 dns-name-servers to my dhclient.conf.

 I capture the traffic while asking for an IP address (no prior leases)
 and I can see how DHCP packets do not request DNS servers. However,
 which I am afraid happens more often than not, my crappy Comtrend
 domestic router ignores the request and simply decides to always
 answer including my ISPs DNS servers. I could check this with
 Wireshark also. The result is resolv.conf has 3 nameserver entries,
 instead of the only one I want to prepend.

Not sure I understand exactly what you mean but perhaps you want supersede
instead of prepend.

Best regards,
Jona

Re: dhclient implementation

[Jona Joachim]

On 2011-08-26, I??igo Ortiz de Urbina inigoortizdeurb...@gmail.com wrote:
 Supersede gives me what I want. It just felt weird those entries
 ended up on resolv.conf when I had not requested them.

 Thanks and sorry for the noise.

This is expected behaviour for the prepend option, it does just that:
request the name servers and prepend the one(s) you supplied. That way
by default the system will use the name server you supplied in the
configuration file but will fall back to the ones given by your router
in case the first name server is not reachable.

Best regards,
Jona

Re: status of ACPI suspend/resume on Thinkpad T60 w/ T7200 processor?

[Jona Joachim]

On Sat, Aug 06, 2011 at 03:24:42AM +0200, Benny Lofgren wrote:
 On 2011-08-05 17.51, Pedro la Peu wrote:
  On Friday 05 August 2011 13:35:16 Jona Joachim wrote:
  There are other resume related problems on my Stinkpad Z61M (console is 
  blank after resume and bge0 can no longer get a link) but at least the 
  machine and X resume enough to be useful.
 
 I've got a Z61p with what I assume is similar hardware (haven't got mine
 handy right now so can't get a dmesg) and exactly the same symptoms. The
 resume would indeed be useful even with the blank text console if only
 the network got back online, but alas no. If memory serves, not even the
 wpi wifi survives a suspend/resume cycle.

wpi(4) did come back nicely back when resume worked on my T60. However
the console never survived a resume, only X was usable.

Best regards,
Jona

Re: status of ACPI suspend/resume on Thinkpad T60 w/ T7200 processor?

[Jona Joachim]

On 2011-08-04, Mike Larkin mlar...@azathoth.net wrote:
 On Thu, Aug 04, 2011 at 09:37:00PM +, Jona Joachim wrote:
 On 2011-08-04, Jonathan Thornburg jth...@astro.indiana.edu wrote:
  What's the status of suspend/resume on thinkpad T60 series models,
  particularly the T60 with T7200 cpu?  So far as I know these are ACPI
  and I know there have been a lot of improvements lately... but on
  2010-10-23 Luca Corti luca () fantacast ! it
  (message http://marc.info/?l=openbsd-miscm=128780398703487w=1)
  reported
  Dmesg from my T60 (T7200) below.
  
  No big issues, but the fan is in fact a bit loud on OpenBSD, even when
  running apmd -C. It could even suspend and resume correctly recently,
  then stopped working but I don't mind since I don't use s/r.
  [[...]]
  OpenBSD 4.8-current (GENERIC.MP) #591: Tue Oct 19 11:45:02 MDT 2010
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 
  Does suspend/resume work on T60 as of 4.9-{release,stable}?  -current?
 
 It does not work in 4.9. I haven't checked -CURRENT but I don't expect
 it to work on -CURRENT either. It used to work at some point but I think
 it was a change to the radeon driver that broke it (I assume you have a
 radeon card). As of now it suspends but does not resume.

 Does the moon icon stay lit, start blinking, go off? Does the screen backlight
 light up (even if it's black). Did you try resuming from text mode (eg no X)?

When I try to resume it starts blinking. The screen backlight does not
light up, the screen stays totally dark, same behaviour with or without
X.

Best regards,
Jona

Re: status of ACPI suspend/resume on Thinkpad T60 w/ T7200 processor?

[Jona Joachim]

On 2011-08-04, Jonathan Thornburg jth...@astro.indiana.edu wrote:
 What's the status of suspend/resume on thinkpad T60 series models,
 particularly the T60 with T7200 cpu?  So far as I know these are ACPI
 and I know there have been a lot of improvements lately... but on
 2010-10-23 Luca Corti luca () fantacast ! it
 (message http://marc.info/?l=openbsd-miscm=128780398703487w=1)
 reported
 Dmesg from my T60 (T7200) below.
 
 No big issues, but the fan is in fact a bit loud on OpenBSD, even when
 running apmd -C. It could even suspend and resume correctly recently,
 then stopped working but I don't mind since I don't use s/r.
 [[...]]
 OpenBSD 4.8-current (GENERIC.MP) #591: Tue Oct 19 11:45:02 MDT 2010
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

 Does suspend/resume work on T60 as of 4.9-{release,stable}?  -current?

It does not work in 4.9. I haven't checked -CURRENT but I don't expect
it to work on -CURRENT either. It used to work at some point but I think
it was a change to the radeon driver that broke it (I assume you have a
radeon card). As of now it suspends but does not resume.

Best regards,
Jona

-- 
Pond-erosa Puff wouldn't take no guff
Water oughta be clean and free
So he fought the fight and he set things right
With his OpenBSD

Re: Laffs with Lennart

[Jona Joachim]

On 2011-07-16, Chris Cappuccio ch...@nmedia.net wrote:
 Lennart Poettering has graced the world with his brilliance one more time.  
 Why?  Lennart doesn't think BSD is too relevant anymore.
[nolog]

This is nothing new, it has been anticipated by BSD developers a long time ago:
http://talks.dixongroup.net/nycbsdcon2006/

Best regards,
Jona

-- 
Pond-erosa Puff wouldn't take no guff
Water oughta be clean and free
So he fought the fight and he set things right
With his OpenBSD

Re: aucat(1) mixing streams from different users

[Jona Joachim]

On Tue, Jun 28, 2011 at 11:01:26AM +0200, Alexandre Ratchov wrote:
 On Mon, Jun 27, 2011 at 02:21:25PM +, Jona Joachim wrote:
  
   The simpler -- and most natural imho -- would be configure mpd to use
   unix domain sockets (instead of TCP) and to run it as your user id
   instead of _mpd.
  
   If you can't, you can cheat by copying mpd's ~/.aucat_cookie in your
   home directory (it must have mode 0600) this way aucat will consider
   _mpd and you are the same person. After all, I guess you run _mpd for
   you ;)
  
  I see, this is the new authentication mechanism kicking in :) Thanks
  for the explanation, now that I know what's causing it, it's easy to
  fix.
 
 Too bad if this works, because nobody will fix mpd to use unix domain
 sockets by default ;-)

Well, just running mpd as my user id fixes the problem, no need for unix
domain sockets. I usually try to run daemons that don't need to be
reached from outside on unix domain sockets, however with mpd the
problem is that not all clients support them.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

aucat(1) mixing streams from different users

[Jona Joachim]

Hi,
I start mpd and aucat with default settings using rc scripts.
aucat thus runs as user _sndio and mpd runs as _mpd.
Access to sndio between mpd and programs running as a different user are
mutually exclusive, so when mpd is playing music nothing else can access
the sound device.
According to the aucat(1) manpage:
[...] the server can be started by the super-user, [...]  but for
privacy reasons only one user may have connections to it at a given
time.
I was wondering if this is intended behaviour because aucat here does
not run as root but as _sndio.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: aucat(1) mixing streams from different users

[Jona Joachim]

On 2011-06-27, Alexandre Ratchov a...@caoua.org wrote:
 On Mon, Jun 27, 2011 at 02:42:42PM +0200, Jona Joachim wrote:
 Hi,
 I start mpd and aucat with default settings using rc scripts.
 aucat thus runs as user _sndio and mpd runs as _mpd.
 Access to sndio between mpd and programs running as a different user are
 mutually exclusive, so when mpd is playing music nothing else can access
 the sound device.
 According to the aucat(1) manpage:
 [...] the server can be started by the super-user, [...]  but for
 privacy reasons only one user may have connections to it at a given
 time.
 I was wondering if this is intended behaviour because aucat here does
 not run as root but as _sndio.

 This is ok, the _sndio user is to avoid running the server with root
 privileges, it's not involved in the authentication process. You can
 find slightly more details about how it works in the AUTHENTICATION
 section of the sndio(7) man page.

 The simpler -- and most natural imho -- would be configure mpd to use
 unix domain sockets (instead of TCP) and to run it as your user id
 instead of _mpd.

 If you can't, you can cheat by copying mpd's ~/.aucat_cookie in your
 home directory (it must have mode 0600) this way aucat will consider
 _mpd and you are the same person. After all, I guess you run _mpd for
 you ;)

I see, this is the new authentication mechanism kicking in :)
Thanks for the explanation, now that I know what's causing it, it's easy to fix.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: html5 video and browsers

[Jona Joachim]

On 2011-05-10, LEVAI Daniel l...@ecentrum.hu wrote:
 Hi!

 I'm trying out youtube with html5 videos, and I have few question to the
 fellow video watchers.

 In mozilla-firefox I can't even enable html5 in youtube :/

Works perfectly for me.

 In chrome the video plays, but without sound.
 In xxxterm everything works perfectly.

It also works flawlessly for me in webkit-based browsers like midori or
xxxterm. I don't know about chromium though.

 Is it normal that the fullscreen playback is slow and laggy on a
 moderate hardware (i386, ThinkPad T60, Intel(R) CPU T2400 @ 1.83GHz)?

Why run i386 on a T60?


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: html5 video and browsers

[Jona Joachim]

On Tue, May 10, 2011 at 02:23:16PM +0200, Paul de Weerd wrote:
 On Tue, May 10, 2011 at 12:05:00PM +, Jona Joachim wrote:
 |  Is it normal that the fullscreen playback is slow and laggy on a
 |  moderate hardware (i386, ThinkPad T60, Intel(R) CPU T2400 @ 1.83GHz)?
 | 
 | Why run i386 on a T60?
 
 Because that CPU does not support amd64[1].

Oh, well sorry, I didn't know they made them with different CPUs, I
thought they all had a 64 bit Core Duo CPU.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: 49.html typo

[Jona Joachim]

On 2011-04-26, Christiano F. Haesbaert haesba...@haesbaert.org wrote:
 On 25 April 2011 17:54, Jona Joachim j...@hcl-club.lu wrote:
 Very unsignificant but well...
[...]

 Great ! I need this, can we get it in soon ?

Who is we? From the looks of your Gravatar, we is probably your group of
13-year-olds.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: DUID's and fstab

[Jona Joachim]

On 2011-04-12, Alexander Polakov polac...@gmail.com wrote:
 * Stuart Henderson s...@spacehopper.org [110412 15:48]:
 On 2011-04-12, jirib ji...@devio.us wrote:
  On Tue, 12 Apr 2011 02:06:51 +0400
  Alexander Polakov polac...@gmail.com wrote:
 
  I am probably misunderstanding something, but are DUID's supposed to
  be used in place of device filenames in fstab? I suppose they are,
  so this looks strange to me:
  
  % sudo mount f777cc5bbeded528.a
  mount: can't find fstab entry for f777cc5bbeded528.a.
 
 # mount wd0i
 mount: can't find fstab entry for wd0i.

 # mount /dev/sd0i
 # 

I agree that this feature would be very useful if it would work with
DUIDs, especially when mounting disks automatically with hotplugd.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Choosing a window manager...

[Jona Joachim]

On 2011-03-15, Bret Lambert bret.lamb...@gmail.com wrote:
 On Tue, Mar 15, 2011 at 8:03 PM, Kevin Smith openbsd...@gmail.com wrote:
 I'm deciding between kde, xfce, gnome, and fluxbox (in order of
 preference). Any experiences? Any relevant security issues on any of them?


 What you're asking is akin to:

 Hey everyone, I'm trying to decide between:
  Catholicism, Judaism, Buddhism, and Hinduism.

 What's the best?

 Obviously, the answer is Zoroastrianism. Ahura Mazda bless you all.

No, Discordianism it is.


-- 
Worse is better
Richard P. Gabriel

Re: FBI And OpenBSD...

[Jona Joachim]

On 2010-12-16, Michael Dexter dex...@ambidexter.com wrote:
 On 12/15/10 2:17 PM, Randy Wrench wrote:
 The above url carried an article which is disturbing to say the least... 

 Wait a minute... I thought US citizens stayed away from the crypto code
 to keep it untainted of US export controls.

 I smell a prank. (And prey that's the case.)

See:
http://permalink.gmane.org/gmane.comp.security.bugtraq/45620


-- 
Worse is better
Richard P. Gabriel

Re: How to open PDF that requires Adobe 9

[Jona Joachim]

On 2010-12-05, Brynet bry...@gmail.com wrote:
 Hi,

 Why are you using xpdf? it's so old and crummy :-).

 print/epdfview, which uses the poppler library.

AFAIK the poppler library is based on xpdf code so the result would be
about the same.


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Advice on learning C as first language

[Jona Joachim]

On 2010-11-24, Jan Stary h...@stare.cz wrote:
 On Nov 24 06:55:20, James Hozier wrote:
 I read online that the first programming language one learns could
 be crucial to the person's future programming skills and habits
 that become ported to other programming languages they learn later

 Start with LISP, I'm tellin' ya.

Come on, LISP is from teh past, learn Haskell already.


-- 
Worse is better
Richard P. Gabriel

Re: An OpenBSD smartphone

[Jona Joachim]

On 2010-11-17, Ted Unangst ted.unan...@gmail.com wrote:
 Compared to the hardware available today, the openmoko is ridiculously
 obsolete.

On top of that graphics and wifi documentation is only available under
NDA and the reverse engineered Linux drivers are broken.
The hardware is slow and buggy and the OpenBSD Moko port is dead.
Just don't buy it ;)

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: An OpenBSD smartphone

[Jona Joachim]

On 2010-11-17, Martin Schr?der mar...@oneiros.de wrote:
 2010/11/17 Ted Unangst ted.unan...@gmail.com:
 Compared to the hardware available today, the openmoko is ridiculously
 obsolete.

 And the supplier in question is known to hate Theo and OpenBSD.

Obvious troll is obvious.


-- 
Worse is better
Richard P. Gabriel

Re: xmobar 0.11.1

[Jona Joachim]

On 2010-11-13, Nick open...@acrasis.net wrote:
 This .xmobarrc

Config {
   font = xft:Sans-8:bold,
   bgColor = black,
   fgColor = grey,
   position = Top,
   lowerOnStart = False,
   commands = [
  Run Cpu [-L,3,-H,50,--normal,green,--high,red] 10,
  Run Date %Y-%m-%d %a %H:%M:%S date 10,
  Run StdinReader
   ],
   sepChar = %,
   alignSep = }{,
   template = %cpu% } %StdinReader% { fc=#ee9a00%date%/fc 
}

 works on Debian 'squeeze' but on OpenBSD 4.8 i386 produces

xmobar: /home/nick/.xmobarrc: configuration file contains errors at:
Config (line 11, column 6):
error reading the commands: this usually means that a command could
not be parsed.
The error could be located at the begining of the command which
follows the offending one. field: [
  Run Cpu [-L,3,-H,50,--normal,green,--high,red] 10,
  Run Date %Y-%m-%d %a %H:%M:%S date 10,
  Run StdinReader]

 It does work if I remove use of the 'Cpu' plugin.  Help?

Hi,
the CPU module is disabled on OpenBSD since the implementation is Linux
specific. Actually among the Monitor modules only Battery works at the
moment.
I don't know how to access CPU load information on OpenBSD so I would
have to dig the API documentation and I really don't have the time at
the moment.
However you can probably hack around it by running an external script using
the Run Com or PipeReader commands.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Wireless Network GUI

[Jona Joachim]

On 2010-10-07, Christiano F. Haesbaert haesba...@haesbaert.org wrote:
 Why not make a curses GUI ? I find it much more useful than gtk/qt (IMHO).

What would be really nice IMHO is to expose an API that gives access to
ifconfig functionality so everybody could easily write their own UI.
Basically to to write your GUI you need to rewrite part of ifconfig.
Also I always wondered whether it is technically possible to scan for
APs without losing your connection to your current AP, that would be
very handy to implement transparent roaming.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: setting up crypto softraid

[Jona Joachim]

On 2010-07-29, Jan Stary h...@stare.cz wrote:
 I have found myself replicating a tiny script that sets up crypto
 on most of my recent machines, either in rc.local directly or calling
 it from rc.local. Is this the right way to do it, or is there some
 support for it in rc(8) already that I missed?

   Jan


 #!/bin/sh

 RAIDPART=/dev/sd0o
 CRYPTOFS=/dev/sd1a
 MOUNTDIR=/crypto

 bioctl softraid0 | grep CRYPTO\
|| bioctl -v -c C -l $RAIDPART softraid0   \
  fsck $CRYPTOFS \
  mount -v -s -o rw,nodev,nosuid,noatime,softdep $CRYPTOFS $MOUNTDIR

The problem is that you can't be sure that the new device that softraid
attaches will be sd1. For example if you have a umass(4) connected when
you boot things will get mixed up.
Earlier today I thought about writing a script based on the
hw.sensors.softraid0.drive0 sysctl value which will tell you whether it
has been attached correctly and what device was attached.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

uaudio0: audio descriptors make no sense, with logitech webcam

[Jona Joachim]

Hi,
I have a Logitech C200 webcam which includes a uvideo and a uaudio
device for voice recording.

The video part works correctly and is usable, however uaudio is not so
happy, it complains in dmesg and no audio(4) device is attached:
uaudio0: audio descriptors make no sense, error=4

Here's what I get from usbdevs:

port 2 addr 2: high speed, power 500 mA, config 1, Webcam C200(0x0802), 
Logitech(0x046d), rev 0.09, iSerialNumber A0AC6750

And here's the full dmesg output related to this device:

uvideo0 at uhub0 port 2 configuration 1 interface 0 Logitech Webcam C200 rev 
2.00/0.09 addr 2
video0 at uvideo0
uaudio0 at uhub0 port 2 configuration 1 interface 2 Logitech Webcam C200 rev 
2.00/0.09 addr 2
uaudio0: audio descriptors make no sense, error=4

solo% uname -a
OpenBSD solo.my.domain 4.7 GENERIC#117 i386


Does anybody know what may be wrong here?

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: OpenBSD users.

[Jona Joachim]

On 2010-07-17, Mateusz Gierblinski mateusz.gierblin...@gmail.com wrote:
 Hi misc@

 I'm just wondering. Where are you OpenBSD users from?

 I'm from Belgium, anyone else?

Are you aware that by sending such useless mails you are transforming
energy and contributing to global warming?

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Thanks for the ACPI suspend+resume work!

[Jona Joachim]

On 2010-07-09, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
 On Fri, 9 Jul 2010, Josh Rickmar wrote:

 A big thank you to everyone who has been working on the ACPI code!
 Suspend and resume now work nearly flawlessly on my Thinkpad T500 (dmesg
 below) on the July 8 current snapshot.  The only thing I've noticed is
 that my iwn(4) wifi connection doesn't automaticaly reconnet, but that's
 minor.

Also, wsdisplay seems unhappy. After resume on my T60, X11 comes back
but I don't see any output in the console, even though commands I type
get executed.

I'd also like to thank you all for this work!


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Ordering CDs in Europe becoming increasingly difficult

[Jona Joachim]

On 2010-07-08, OpenBSD Europe Orders ord...@openbsdeurope.com wrote:
 Jona Joachim wrote:
 Hi,
 I've been buying every CD release over the last couple of years. I
 purchased 4.6 from openbsdeurope.com and it was just as comfortable as
 with Wim the years before.
 However I haven't purchased 4.7 yet because the ordering involves too
 much hassle.
 openbsdeurope.com now requires you to create an account in order to
 place an order, that's really annoying. On top of that the regex they
 use to verify your e-mail address is flawed.

 We see it another way. When we used PayPal exclusively people purchased 
 and _then_ emailed us asking for an address change because they hadn't 
 bothered to update their PayPal information. 'On top of that' we had 
 people _not_ wanting to use PayPal but other various methods, bank 
 transfer, terminal etc etc...

 Please tell us how to win?

I didn't mean to sound rude. It's just that remembering yet another
password for an account I use once or twice a year is really annoying
especially when it could be easier. You could have a form where the
user can enter his address or alternatively hit a use paypal address
checkbox or something like that.
I like the KISS principle of the SpongiForm ordering system used on
openbsd.org.

 If you had emailed us we would have just taken your order via email and 
 allowed a PayPal payment... like many others have. I will make this 
 very, very clear from the home page.

I didn't know that this was an option. I'm not a big fan of PayPal
either, I had trouble with them in the past. The easiest for me would be
a payement by credit card but I don't know if you can handle that. If
you prefer PayPal it's fine, too.
I will drop you a mail shortly to place the order.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Set dhcp from command line?

[Jona Joachim]

On 2010-07-08, Chet Langin clan...@siu.edu wrote:
 I would like to set DHCP for an interface
 from the command line.  I have tried...

 # ifconfig re0 dhcp

 ..and I get this error...

 ifconfig:  dhcp:  bad value

 Using version 4.5.

 Can anyone tell me how to do this?

dhclient re0

man dhclient
man ifconfig

-- 
Worse is better
Richard P. Gabriel

Re: GPRS/3G Modem : USB : HUAWEI : K3565

[Jona Joachim]

On 2010-05-14, Mayuresh Kathe mayur...@kathe.in wrote:
 has anyone got the above mentioned device to work under openbsd?
 if yes, may i know the process to get it working at my end?
 i'm with vodafone plan in mumbai, india.

Could you perhaps send relevant dmesg(8) output of when you plug in the
device?

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: lpd printing

[Jona Joachim]

On 2010-05-07, Chris Bennett ch...@bennettconstruction.biz wrote:
 On 05/07/10 16:59, Frank Bax wrote:
 I've never printed from my OpenBSD desktop.
 I've used lpd on Windows to print to HP printers with HP JetDirect.

 I read the recent thread about lpd/postscript.

 Will I be able to use lpd to print to any HP JetDirect printer?

 I'm looking at getting an HP 1518ni colour laser.

 Does HP postscript level 3 emulation qualify as postscript support

 Frank


 If your printer is postscript, LPRng + apsfilter is a simple way to 
 install. It is also very lightweight.

Is there any reason why you are advising to use LPRng over lpd(8) which
is in the base system?

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: aucat + korg nanokontrol midi controller

[Jona Joachim]

On Thu, May 06, 2010 at 08:14:41AM +0200, Alexandre Ratchov wrote:
 On Wed, May 05, 2010 at 10:12:25PM +0200, Jona Joachim wrote:
  
  Here's a press  release of the start button:
  solo% midicat -o - -q midithru:0 | hexdump -ve '1/1 %02x\n'
  b0
  2d
  7f
  b0
  2d
  00
  
 
 this a control message. Try other scenes. MMC messages aucat
 supports are:
 
 f0 7f xx 06 01 f7 stop
 f0 7f xx 06 02 f7 start
 f0 7f xx 06 44 06 01 pp pp pp pp f7   relocate

Well, scene selection doesn't change anything here, I get the same byte
sequence regardless the selected scene.

Jona

-- 
Worse is better
Richard P. Gabriel

aucat + korg nanokontrol midi controller

[Jona Joachim]

Hi,
I would like to thank everybody who worked on libsndio/aucat, especially
ratchov@, I really love the design and the the it just works(TM)
experience.
I recently bought a Korg NanoKONTROL[1] midi controller and the volume
control in aucat just works using the sliders. However I'm not quite
savvy in the whole MIDI business and I was wondering if it was possible
to personalize the use of it. For example there is a scene selection
button on the bottom left and to be able to use it with aucat I need to
select scene 4, how come it's scene 4 and not 1? I was also wondering
whether I could use the turn knobs instead of the sliders for the
volume control. Perhaps it's possible to do some magic with the
audio/midish port?
The controller also has start/stop etc. buttons. These probably send MMC
messages and I was wondering whether it would be possible to use these
to control aucat -t slave?

Best regards,
Jona

[1] http://blog.ianbeyer.com/files/2009/11/nanoKONTROL_top.jpg

--
Worse is better
Richard P. Gabriel

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: aucat + korg nanokontrol midi controller

[Jona Joachim]

On Wed, May 05, 2010 at 07:57:31PM +0200, Alexandre Ratchov wrote:
 On Wed, May 05, 2010 at 06:13:20PM +0200, Jona Joachim wrote:
[snip]
  I recently bought a Korg NanoKONTROL[1] midi controller and the volume
  control in aucat just works using the sliders. However I'm not quite
  savvy in the whole MIDI business and I was wondering if it was possible
  to personalize the use of it. For example there is a scene selection
  button on the bottom left and to be able to use it with aucat I need to
  select scene 4, how come it's scene 4 and not 1?
 
 I guess sliders of different scenes are mapped to different
 controllers. And it happens that scene 4 contains a slider
 that maps to the appropriate volume control of aucat.
 
 To control the volume, the simpler is to configure the
 nanokontrol as follows: first slider to (channel 0,
 controller 7), next slider to (channel 1, controller 7), and
 so on.
 
 This way you get one slider per application.

That works as-is, if I select scene 4 I get 1 slider per application
mapped correctly.

  I was also wondering
  whether I could use the turn knobs instead of the sliders for the
  volume control. Perhaps it's possible to do some magic with the
  audio/midish port?
 
 So all you need is to assign volume controls to knobs,
 there's probably a way to configure the nanokontrol to do
 so.
 
 midish can map any control number any other one, so you can
 cheat with it. But using it is more complicated than just
 configuring the nanokontrol. Well unless you want to be able
 to do other fancy things with it, like save/reload your
 settings or record volume automations into midi files etc...

well just configuring the nanokontrol means making the provided
software run in wine or something, I guess it would be easier to use
midish ;)

  The controller also has start/stop etc. buttons. These probably send MMC
  messages and I was wondering whether it would be possible to use these
  to control aucat -t slave?
 
 yes exactly. This is to start multiple applications
 synchronously (ex. play a track with one program while you
 record another track with another program..)

Yes but I don't know how to make it work, at least it doesn't work if I
do the following:
aucat -l -t slave -q midithru:0

The applications don't start when I hit the start button.


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: aucat + korg nanokontrol midi controller

[Jona Joachim]

On Wed, May 05, 2010 at 09:17:15PM +0200, Alexandre Ratchov wrote:
 On Wed, May 05, 2010 at 08:20:38PM +0200, Jona Joachim wrote:
  On Wed, May 05, 2010 at 07:57:31PM +0200, Alexandre Ratchov wrote:
   On Wed, May 05, 2010 at 06:13:20PM +0200, Jona Joachim wrote:
  [snip]
I recently bought a Korg NanoKONTROL[1] midi controller and the volume
control in aucat just works using the sliders. However I'm not quite
savvy in the whole MIDI business and I was wondering if it was possible
to personalize the use of it. For example there is a scene selection
button on the bottom left and to be able to use it with aucat I need to
select scene 4, how come it's scene 4 and not 1?
   
   I guess sliders of different scenes are mapped to different
   controllers. And it happens that scene 4 contains a slider
   that maps to the appropriate volume control of aucat.
   
   To control the volume, the simpler is to configure the
   nanokontrol as follows: first slider to (channel 0,
   controller 7), next slider to (channel 1, controller 7), and
   so on.
   
   This way you get one slider per application.
  
  That works as-is, if I select scene 4 I get 1 slider per application
  mapped correctly.
 
 excellent, this way you escape the windows ``editor'' ;)
 
  
The controller also has start/stop etc. buttons. These probably send MMC
messages and I was wondering whether it would be possible to use these
to control aucat -t slave?
   
   yes exactly. This is to start multiple applications
   synchronously (ex. play a track with one program while you
   record another track with another program..)
  
  Yes but I don't know how to make it work, at least it doesn't work if I
  do the following:
  aucat -l -t slave -q midithru:0
  
  The applications don't start when I hit the start button.
  
 
 oh, you have to use ``-q rmidi:nanokontrol_number'', as
 you probably did for the volume.
 
 Except if you have started the following before you start
 aucat:
 
   midicat -l -q rmidi:nanokontrol_number

I actually have midicat running. I also tried with rmidi:n without
midicat with the same result. volume control works but start/stop
doesn't.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: aucat + korg nanokontrol midi controller

[Jona Joachim]

On Wed, May 05, 2010 at 09:49:51PM +0200, Alexandre Ratchov wrote:
 On Wed, May 05, 2010 at 09:19:05PM +0200, Jona Joachim wrote:
  On Wed, May 05, 2010 at 09:17:15PM +0200, Alexandre Ratchov wrote:
   On Wed, May 05, 2010 at 08:20:38PM +0200, Jona Joachim wrote:
On Wed, May 05, 2010 at 07:57:31PM +0200, Alexandre Ratchov wrote:
 On Wed, May 05, 2010 at 06:13:20PM +0200, Jona Joachim wrote:
[snip]
  I recently bought a Korg NanoKONTROL[1] midi controller and the 
  volume
  control in aucat just works using the sliders. However I'm not quite
  savvy in the whole MIDI business and I was wondering if it was 
  possible
  to personalize the use of it. For example there is a scene 
  selection
  button on the bottom left and to be able to use it with aucat I 
  need to
  select scene 4, how come it's scene 4 and not 1?
 
 I guess sliders of different scenes are mapped to different
 controllers. And it happens that scene 4 contains a slider
 that maps to the appropriate volume control of aucat.
 
 To control the volume, the simpler is to configure the
 nanokontrol as follows: first slider to (channel 0,
 controller 7), next slider to (channel 1, controller 7), and
 so on.
 
 This way you get one slider per application.

That works as-is, if I select scene 4 I get 1 slider per application
mapped correctly.
   
   excellent, this way you escape the windows ``editor'' ;)
   

  The controller also has start/stop etc. buttons. These probably 
  send MMC
  messages and I was wondering whether it would be possible to use 
  these
  to control aucat -t slave?
 
 yes exactly. This is to start multiple applications
 synchronously (ex. play a track with one program while you
 record another track with another program..)

Yes but I don't know how to make it work, at least it doesn't work if I
do the following:
aucat -l -t slave -q midithru:0

The applications don't start when I hit the start button.

   
   oh, you have to use ``-q rmidi:nanokontrol_number'', as
   you probably did for the volume.
   
   Except if you have started the following before you start
   aucat:
   
 midicat -l -q rmidi:nanokontrol_number
  
  I actually have midicat running. I also tried with rmidi:n without
  midicat with the same result. volume control works but start/stop
  doesn't.
 
 hmmm... could you send a hexdump of what message the start
 button sends?
 
 For instance with my setup I'd do:
 
 $ midicat -o - -q rmidi:2 | hexdump -ve '1/1 %02x\n' 
 f0
 7f
 7f
 06
 02
 f7

Here's a press  release of the start button:
solo% midicat -o - -q midithru:0 | hexdump -ve '1/1 %02x\n'
b0
2d
7f
b0
2d
00

 there are multiple MMC start messages. BTW any MIDI device
 is supposed to come with a ``MIDI implementation chart''
 that gives the list of messages the device transmits and
 receives, this is often the last pages of the manual. Did
 you get one ?

I can't seem to find anything like that in the manual.

-- 
Worse is better
Richard P. Gabriel

Re: OpenBSD as L2TP client

[Jona Joachim]

On 2010-04-25, Paolo Supino paolo.sup...@gmail.com wrote:
 Hi

   A client asked me to setup a low cost router to connect to the Internet.
 His current Internet connection requires his router to connect to the ISP
 using L2TP protocol. I've looked through the archives and ports tree for a
 similar posting, but found none...
 Is anyone using  OpenBSD as an L2TP client to connect to the Inernet (or
 knows a solution)?

I haven't tried this but the npppd daemon which is in CURRENT and will be in 4.7
supports L2TP. I don't know of another way to do L2TP op OpenBSD.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

find the CWD of a child process

[Jona Joachim]

Hi!
It happens to me all the time that I want to spawn a new xterm in the
same directory that I am currently in, for example when I want to open a
file with vim but keep a shell in the same directory.

xterm actually has a nice builtin function for this:
spawn-new-terminal()

you can affect that function via the xterm*VT100.translations resource.

however the implementation of this is Linux-specific and it is not
activated in the OpenBSD build process.

Here's a exerpt from HandleSpawnTerminal() in xenocara/app/xterm/misc.c:

/*
* Determine the current working directory of the child so that we can
* spawn a new terminal in the same directory.
*
* If we cannot get the CWD of the child, just use our own.
*/
if (screen-pid) {
char child_cwd_link[sizeof(PROCFS_ROOT) + 80];
sprintf(child_cwd_link, PROCFS_ROOT /%lu/cwd, (unsigned long) 
screen-pid);
child_cwd = Readlink(child_cwd_link);
}

So it obviously tries to access procfs to get that value. Is there a way
to access the same value via the OpenBSD API?

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: What does your environment look like?

[Jona Joachim]

On 2010-01-04, Nick Guenther kou...@gmail.com wrote:
 On Sun, Jan 3, 2010 at 3:01 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 I use default fvwm(1) and I'm happy with that. I tried cwm(1) after
 this post http://undeadly.org/cgi?action=articlesid=20090502141551
 and I found it very clean and useful, but I still use fvwm(1). Anyway
 I plan to try this one http://www.scrotwm.org/


 I never figured out fvwm. It has multiple desktops and you can drag
 windows between them but it jumps them too far too easily. Tell me,
 what's the appeal? I'm willing to think I'm just not understanding it
 (though points should always be allotted for intuitiveness).

 I use wmii with a bunch of dmenu custom menus. I haven't found a file
 manager I like (xfe is the best so far, but it uses some weird custom
 toolkit, thunar is nice but really wants famd, which for some reason
 seems associated with trackerd spinning up and eating my CPU, the
 rox-filer in packages doesn't work right).

hmm, I've been using it for years, what is the problem with ROX?

 doesn't work everywhere, so I keep firefox and epiphany and galeon
 around (why is it that Gecko seems so much slower on OpenBSD than
 Linux?). I try to use mpd but sometimes I just don't bother to set it
 up locally (especially since I have a media server now), so I stick
 with Totem (I hate VLC's UI and mplayer is only really any good for
 one offs; totem is codewise pretty heavy but at least the interface
 makes sense).

I've recently discovered that smplayer is quite nice

 OpenBSD on the desktop feels like a lot of compromises to me :( . If I
 still got off from using the command line everywhere it wouldn't be a
 problem but it is.

nothing beats the command line ;)


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Trouble with a uaudio(4) device

[Jona Joachim]

On 2009-10-24, Jacob Meuser jake...@sdf.lonestar.org wrote:
 On Fri, Oct 23, 2009 at 07:02:54PM +0200, Remco wrote:
 Jona Joachim wrote:
 
  Here's the dmesg output when I plug in the device:
  
  uaudio0 at uhub3 port 2 configuration 1 interface 0 Ten X Technology,
  Inc. USB  AUDIO rev 1.10/2.04 addr 2
  uaudio0: ignored input endpoint of type adaptive

 that means the input (recording) endpoint was not configured.

I completely missed this line when I read the dmesg...

  han% audioctl -f /dev/audio1
  audioctl: /dev/audio1: Device not configured
  han% aucat -f /dev/audio1 -l
  aucat: /dev/audio1: can't open device

 those both fail because they try to open the device for full-duplex
 operation, but there is no recording capability.  'audioctl 
 -f /dev/audioctl1' should work though.

yes that works indeed.

  I don't really know how to debug this any further. This is on i386
  -current.

 It seems this patch was applied 8 days ago

 different patch was applied, but same idea.

 anyway, I have one of the Ten X deally-jobbers.  it was like 3 bucks on
 ebay.  they really are worth  $5.  there's no real volume control
 and it's the lowest quality (both playback and recording) device I
 have.  the ~10 year old PCI cards I got from the thrift store ($5 each)
 work and sound much better.

Well I got this one for  $3 with free shipping so I couldn't really be
disappointed. I thought I could use it for VoIP.
aucat -f /dev/audio1 -m play -l works but when I play sound I only get
a solid beep tone from the device.
I'll try again with above mentioned patch applied.


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: Trouble with a uaudio(4) device

[Jona Joachim]

On 2009-10-23, Daniel Gracia Garallar danie...@electronicagracia.com wrote:
 Probably you'll have to create the /dev/audio1 device. Just go to /etc 
 and make a 'sudo MAKEDEV audio1'. This script will create all the 
 required devs to operate your audio card.

no, that's not the problem, /dev/audio[0-2] are created by default...

-- 
Worse is better
Richard P. Gabriel

Trouble with a uaudio(4) device

[Jona Joachim]

Here's the dmesg output when I plug in the device:

uaudio0 at uhub3 port 2 configuration 1 interface 0 Ten X Technology,
Inc. USB  AUDIO rev 1.10/2.04 addr 2
uaudio0: ignored input endpoint of type adaptive
uaudio0: audio rev 1.00, 4 mixer controls
audio1 at uaudio0
uhidev1 at uhub3 port 2 configuration 1 interface 3 Ten X Technology,
Inc. USB  AUDIO rev 1.10/2.04 addr 2
uhidev1: iclass 3/1
uhid0 at uhidev1: input=8, output=8, feature=0
uhidev2 at uhub3 port 2 configuration 1 interface 4 Ten X Technology,
Inc. USB  AUDIO rev 1.10/2.04 addr 2
uhidev2: iclass 3/1, 3 report ids
uhid1 at uhidev2 reportid 3: input=1, output=0, feature=0

When I try to use it I get the following errors:

han% audioctl -f /dev/audio1
audioctl: /dev/audio1: Device not configured
han% aucat -f /dev/audio1 -l
aucat: /dev/audio1: can't open device

I don't really know how to debug this any further. This is on i386
-current.

Here's some more info about the hardware:

 port 2 addr 2: full speed, power 500 mA, config 1, USB  AUDIO(0xf211),
Ten X Technology, Inc.(0x1130), rev 2.04

n% usbhidctl -f /dev/uhid0
No_Event=1 [0]
No_Event=1 [1]
No_Event=1 [2]
No_Event=1 [3]
No_Event=1 [4]
No_Event=1 [5]
No_Event=1 [6]
No_Event=1 [7]
Undefined.Num_Lock=0
Undefined.Caps_Lock=0
Undefined.Scroll_Lock=0
Undefined.Compose=0
Undefined.Kana=0
Undefined.Power=0
Undefined.Shift=0
Undefined.Do_Not_Disturb=0
Undefined.Mute=0
Undefined.Tone_Enable=0
Undefined.High_Cut_Filter=0
Undefined.Low_Cut_Filter=0
Undefined.Equalizer_Enable=0
Undefined.Sound_Field_On=0
Undefined.Surround_Field_On=0
Undefined.Repeat=0
Undefined.Stereo=0
Undefined.Sampling_Rate_Detect=0
Undefined.Spinning=0
Undefined.CAV=0
Undefined.CLV=0
Undefined.Recording_Format_Detect=0
Undefined.Off-Hook=0
Undefined.Ring=0
Undefined.Message_Waiting=0
Undefined.Data_Mode=0
Undefined.Battery_Operation=0
Undefined.Battery_OK=0
Undefined.Battery_Low=0
Undefined.Speaker=0
Undefined.Head_Set=0
Undefined.Hold=0
Undefined.Microphone=0
Undefined.Coverage=0
Undefined.Night_Mode=0
Undefined.Send_Calls=0
Undefined.Call_Pickup=0
Undefined.Conference=0
Undefined.Stand-by=0
Undefined.Camera_On=0
Undefined.Camera_Off=0
Undefined.On-Line=0
Undefined.Off-Line=0
Undefined.Busy=0
Undefined.Ready=0
Undefined.Paper-Out=0
Undefined.Paper-Jam=0
Undefined.Remote=0
Undefined.Forward=0
Undefined.Reverse=0
Undefined.Stop=0
Undefined.Rewind=0
Undefined.Fast_Forward=0
Undefined.Play=0
Undefined.Pause=0
Undefined.Record=0
Undefined.Error=0
Undefined.Usage_Selected_Indicator=0
Undefined.Usage_In_Use_Indicator=0
Undefined.Usage_Multi_Mode_Indicator=0
Undefined.Indicator_On=0
Undefined.Indicator_Flash=0
Undefined.Indicator_Slow_Blink=0
Undefined.Indicator_Fast_Blink=0

han% usbhidctl -f /dev/uhid1
Consumer_Control.Volume_Up=0
Consumer_Control.Volume_Down=0
Consumer_Control.Mute=0
Consumer_Control.Scan_Next_Track=0
Consumer_Control.Scan_Previous_Track=0
Consumer_Control.Pause/Play=0



-- 
Worse is better
Richard P. Gabriel

Re: Would a consolidated greytrapping list be useful?

[Jona Joachim]

On 2009-10-04, Peter N. M. Hansteen pe...@bsdly.net wrote:
 I suppose everybody here knows what greytrapping is and why no spamd
 setup is really complete without at least Bob Beck's uatraps in its
 config.  But then some of do our own local greytrapping, and I for one
 have been exporting the contents of my local-greytrap once per hour to
 a publicly accessible location for the benefit of anybody who wants to
 use the information.

 I assume there are others out there who do their own greytrapping, and
 it might be a good thing for all of us if the data generated at those
 various locations was made available to others.  The data would likely
 overlap quite a bit with established sources such as uatraps and
 nixspam, but more likely than not we would be catching a few that
 would otherwise slip through the cracks.

 So I'm considering setting up a consolidated greytrap list to
 supplement uatraps and others, if other greytrappers out there are
 willing to share their data.  

 My list is available at [1], with a the list of trap addresses and
 some description at [2], with a policy statement of sorts at [3] (I
 imagine I would require a similar statement from any participants),
 and various field notes available at my blog (see the signature).

 Would something like this be useful?  Any comments and feedback
 (including why this would be a monumentally stupid idea) welcome.

I definetely welcome this, I added your blacklist to my spamd.conf and
I'll see how it works out. I don't do greytrapping yet but I may
consider it in the future.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: /dev/audio: Device busy

[Jona Joachim]

On 2009-10-02, Buzzer 4625...@gmail.com wrote:
 pO DANNYM RADIOPEREHWATA OT  2-Oct-2009 07:18, Paul de Weerd
 BYL ZAME^EN W \FIRE, NA ^ASTOTE misc, S TAKIM SOOB]ENIEM:

 |   I need to play a few audio files simultaneously.
 | 
 |   can't open /dev/audio: Device busy.
 | 
 |  man 1 aucat
 |
 | Could you be more verbose? What make you think that I did not read man
 | aucat?
 
 tried aucat. Mine seems to be misfunctioning too, can you share with
 the list what problems you had with aucat in servermode ? Did it give
 any errormessages ?

 I ran aucat with '-l' key, then I try to play wav file with 'aucat
 file.wav' command or 'aucat -s deafault file.wav'.

 aucat -s default send.wav
 aucat: can't open /dev/audio: Device busy
 aucat: send.wav: could not play

 You know, if you assume we can read your mind, we're going to make
 some assumptions of our own...

 I'm waiting for step by step advices. It would be good idea to make
 suitable issue in the FAQ.

You don't learn anything from step by step advices. Step by step advices
create stupid users. You just have to read through the fine
documentation.
/dev/audio can only be opened by one application at a time, in your case
you want aucat to open it so that it can multiplex stuff for you.
If aucat says Device busy then that means that another application is
currently using the audio device, kill that application. After you did
that you just have to run aucat -l and you're good to go, play your
music in mplayer, vlc, totem, whatever, you will be fine.


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: burning cd

[Jona Joachim]

On 2009-09-17, igor denisov denisovigor1...@rambler.ru wrote:
 Hello there,

 when i issue
 #cdrecord -scanbus

 I get
 cdrecord: No such file or directory. Cannot open SCSI driver.

 dmesg | grep 'cd'
 cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 ATAPI 
 5/cdrom removable
 cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2

 may somebody to tell me how to use cdrecord the hardware I have with?
 Regards,
 igor denisov.

the easiest way to burn a cd is probably to use the cdio(1) tool that
comes with the base system.

Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: smtpd update

[Jona Joachim]

On 2009-09-16, Jacek Masiulaniec jac...@dobremiasto.net wrote:
 Hi,

 smtpd has recently benefited from many changes to the local and remote
 delivery code paths.  Their aim is to advance smtpd few steps further to
 being well suited for production use.  I have been working on this for a
 number of weeks, and to put it bluntly - the changes are massive.

 So, please grab the latest smtpd and give it a spin.

I have smtpd from the latest snapshot running smoothly on my client.

Here's my configuration:


listen on lo0

map aliases { source db /etc/mail/aliases.db }

accept for all relay via hcl-club.lu port submission tls certificate hcl


I do certificate based authentication on the server (running postfix).
Works very well ATM.

Thank you very much!


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: IrDA

[Jona Joachim]

On 2009-09-02, Fred Crowson fred.crow...@googlemail.com wrote:
 On 8/30/09, soko.tica soko.t...@gmail.com wrote:
 On 8/28/09, Mike Hammer mikeham...@fastmail.fm wrote:

 Does anyone have IrDA working on a T60 Thinkpad?

 FAQ http://openbsd.org/i386.html#hardware
 says:

 Unsupported Hardware:
 Infrared devices, such as commonly found on laptops


 I have in the past successfully used the birda package on i386 laptops
 to get IrDA working with OpenBSD.

 YMMV - I've not done this recently...

 hth

 Fred

I successfully use IrDA on a T60 with OpenBSD -CURRENT amd64 together
with the birda package

cheers,
Jona

-- 
Worse is better
Richard P. Gabriel

lack of wordexp(3)

[Jona Joachim]

Hi,
I was wondering whether there is a special reason why OpenBSD doesn't
include the wordexp/wordfree functions. It seems like they are part of
POSIX.1 and OpenBSD does feature the similar glob(3) function.


Best regards,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jona Joachim]

On 2008-10-27, Neko [EMAIL PROTECTED] wrote:
 its shows that some poor trolls here dont own ultraportables with no
 external drives, and use more than one os alternative.

 i pass data from bsd to fat 32 so in m$ its then copy onto ntfs,
 i have 1 disk - 8 os, 

 nothing is being done , but more and more ultraportables sells,


 yes it could be resolv into using an ext2 partition instead, but that 
 is not resolving a problem its going around it covering eyes and ears.

 my stuff works, its just a pain , and ffs driver in windooz cant 
 read more than one disklabel.  bsd suggest using more than one partition,
 in that problem , one is the solution,  next time i wont RTFM, and do
 as i see fit because their more opinions than guidlines.

 now as for backwards bsd. why does freebsd write to ntfs? why does 
 osx write to ntfs..  seems to me that is more some obstination done not
 to support it.

Why doesn't Windows write to UFS? See, UFS has been around much longer
than NTFS and the code is BSD licensed. Why don't you phone the MS
support and whine about them not supporting UFS? After all you paid them
and their ultimate goal is to please their customers, a goal which
OpenBSD doesn't have.
Alternatively you could ask them to send free documentation to the
OpenBSD developers.

 shure im doing it wrong , because nothing is being done.

Please send your code to tech@

 but shure a color-ls.pkg is more important if you ask me, SARCASTIC

Not getting your point here but please don't top-post.

Best regards,
Jona

-- 
Pond-erosa Puff wouldn't take no guff
Water oughta be clean and free
So he fought the fight and he set things right
With his OpenBSD

Re: dvorak keyboard not working

[Jona Joachim]

On 2008-09-02, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 [demime could not interpret encoding  - treating as plain text]
 How do I get the dvorak keyboard to run on OpenBSD 4.3.

 I tried:

 * man kbd and using us.dvorak
 * man wsconsctl and wsconsctl -w keyboard.encoding=us.dvorak

-w is a very old wsconsctl option, the 4.3 manual definetely doesn't
mention it.
wsconsctl keyboard.encoding=us.dvorak is working here:

spaceman% wsconsctl keyboard.encoding=us.dvorak
keyboard.encoding - us.dvorak

Of course this sets the layout for the console, not X. Some efforts were
made to make X recognize and use the layout used by wscons, however I
don't think it recognizes dvorak ATM, so you have to edit xorg.conf.

Here's what I'm using:

spaceman% cat /etc/kbdtype 
us.dvorak.swapctrlcaps
spaceman% cat /etc/X11/xorg.conf | grep Xkb
Option XkbLayout  us
Option XkbVariant dvorak
Option XkbOptions ctrl:swapcaps,compose:menu

 * searched the mailing list
 * googled and tried some suggestions for Freebsd

 I can not seem to get it to work.

Cheers,
Jona


-- 
Pond-erosa Puff wouldn't take no guff
Water oughta be clean and free
So he fought the fight and he set things right
With his OpenBSD

Re: 3D Hardware Accerlation

[Jona Joachim]

On 2008-07-30, Owain Ainsworth [EMAIL PROTECTED] wrote:
 On Thu, Jul 31, 2008 at 12:14:36AM +0200, Reyk Floeter wrote:
 On Wed, Jul 30, 2008 at 10:58:10PM +0200, thacrazze wrote:
  Hello,
  sorry that I give you a hard time
  
  but how is status of 3D Hardware Accerlation in OpenBSD? I heard it
  works with the i810 driver. But how is the current status?
  
 
 You can try a recent snapshot and compile a kernel with inteldrm* at
 vga? (commented out with a '#' in GENERIC).
 
 $ dmesg | grep vga   
   
 vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x0c
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 agp0 at vga1: aperture at 0xe000, size 0x1000
 inteldrm0 at vga1: Intel i965GM(0), 1.6.0 20080312
 
 $ uname -srvmp
 OpenBSD 4.4 GENERIC.MP#74 amd64 Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz

 Or indeed radeondrm, etc. Look at the bottom of GENERIC for commented
 entries.

 If you find any problems, mail me.

Is it supposed to work with R500-based cards?

I'm just wondering because I upgraded after the drm related changed got
into the tree yesterday and it doesn't work for me.

In the system message buffer I see:

info: [drm] Setting GART location based on new memory map
info: [drm] Loading R500 Microcode
info: [drm] Num pipes: 1
info: [drm] writeback test succeeded in 2 usecs


In the X log file I get:

drmOpenDevice: node name is /dev/drm0
drmOpenDevice: open result is 11, (OK)
drmAvailable: 1
drmOpenByBusid: Searching for BusID pci::01:00.0
drmOpenDevice: node name is /dev/drm0
drmOpenDevice: open result is 11, (OK)
drmOpenByBusid: drmOpenMinor returns 11
drmOpenByBusid: drmGetBusid reports pci::01:00.0
(EE) AIGLX error: Calling driver entry point failed(EE) AIGLX: reverting to 
software rendering

My card is an ATI Radeon Mobility X1400 and according to the
xorg-driver-ati people it should work with git versions of the radeon
driver and Mesa.

Kind regards,
Jona

GENERIC.MP amd64 panic in kern_lock.c

[Jona Joachim]

Hi!
I got that panic while running sudo make clean in /usr/xenocara.

make could not fork and then I get panic saying
assertion __mp_lock_held(sched_lock) == 0 failed in kern_lock.c

It's a ThinkPad T60 running a GENERIC.MP amd64 snapshot pulled yesterday from
openbsd.informatik.uni-erlangen.de.
I don't have a serial console on that machine so I took pictures of the screen
to get the output of ps and trace. The pictures are of very bad quality, I only
have an old cheap camera... Sorry.
ps shows *a lot* of make processes. I didn't run with -j and I don't have any
fancy options in my mk.conf.

uname -a:
OpenBSD spaceman.my.domain 4.3 GENERIC.MP#1732 amd64

You can find the picture here:
http://www.hcl-club.lu/~jaj/stuff/obsd_panic-generic.mp-1732.tar

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Call for testing - uvideo(4)

[Jona Joachim]

On 2008-06-14, Lars Noodin [EMAIL PROTECTED] wrote:
 I see on undeadly a call for testing uvideo(4) in CURRENT which seems to
 require UVC (USB Video Class) compatible webcams.

 Would that include the webcam built into last year's models of MacBook Pro?

 What options, if any, are there for IEEE 1394?  I have one such web cam
 lying around.

There has been a post on this list one or two days ago where somebody asked
about the support iSight cameras. Unfortunately it seems like these cameras do
not comply with the usb video standard. I don't know if this applies to your
cam, too but chances are that yes...

Jona

-- 
Pond-erosa Puff wouldn't take no guff
Water oughta be clean and free
So he fought the fight and he set things right
With his OpenBSD

Re: Small diff to make dhclient(8) go to background immediately

[Jona Joachim]

On 2008-05-19, Cesare Gargano [EMAIL PROTECTED] wrote:
 On 19/05/08 15:50 +0200, Cesare Gargano wrote:
 On 18/05/08 17:20 +0200, Jona Joachim wrote:
  I very much appreciate the work of reyk@ on dhclient to make it renew the 
  lease when the
  link is lost. However it might happen that you don't have a link at the 
  moment where
  you launch dhclient but you know that you might get a link afterwards.
  This is true when you launch your laptop somewhere where you have wifi 
  connectivity
  but unfortunately you're in a spot where you don't currently receive it.
  If you specify 'dhcp' in hostname.if you will have to wait until 
  dhclient times out
  or hit Ctrl-C at startup.
  This tiny patch adds an option to dhclient to tell it to just go into 
  background and wait
  until you get a link.
  
  I would appreciate any comments.
  Thanks!
  
  
  Index: dhclient.c
(snip diff)
 
 Ehi! Your diff is already there!
 
 cat /etc/dhclient.conf
 link_timeout 0;
   
 is link-timeout

 Ehm! Enjoy!

You're right, I guess I was making things overly complicated...

Re: Small diff to make dhclient(8) go to background immediately

[Jona Joachim]

On 2008-05-19, Cesare Gargano [EMAIL PROTECTED] wrote:
 On 19/05/08 15:50 +0200, Cesare Gargano wrote:
 On 18/05/08 17:20 +0200, Jona Joachim wrote:
  I very much appreciate the work of reyk@ on dhclient to make it renew the 
  lease when the
  link is lost. However it might happen that you don't have a link at the 
  moment where
  you launch dhclient but you know that you might get a link afterwards.
  This is true when you launch your laptop somewhere where you have wifi 
  connectivity
  but unfortunately you're in a spot where you don't currently receive it.
  If you specify 'dhcp' in hostname.if you will have to wait until 
  dhclient times out
  or hit Ctrl-C at startup.
  This tiny patch adds an option to dhclient to tell it to just go into 
  background and wait
  until you get a link.
  
  I would appreciate any comments.
  Thanks!
  
  
  Index: dhclient.c
(snip diff)
 
 Ehi! Your diff is already there!
 
 cat /etc/dhclient.conf
 link_timeout 0;
   
 is link-timeout

 Ehm! Enjoy!

You're right, I guess I was making things overly complicated.

Small diff to make dhclient(8) go to background immediately

[Jona Joachim]

I very much appreciate the work of reyk@ on dhclient to make it renew the lease 
when the
link is lost. However it might happen that you don't have a link at the moment 
where
you launch dhclient but you know that you might get a link afterwards.
This is true when you launch your laptop somewhere where you have wifi 
connectivity
but unfortunately you're in a spot where you don't currently receive it.
If you specify 'dhcp' in hostname.if you will have to wait until dhclient 
times out
or hit Ctrl-C at startup.
This tiny patch adds an option to dhclient to tell it to just go into 
background and wait
until you get a link.

I would appreciate any comments.
Thanks!


Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.118
diff -u -r1.118 dhclient.c
--- dhclient.c  9 May 2008 05:19:14 -   1.118
+++ dhclient.c  18 May 2008 15:11:53 -
@@ -253,7 +253,7 @@
 int
 main(int argc, char *argv[])
 {
-   int  ch, fd, quiet = 0, i = 0, pipe_fd[2];
+   int  ch, fd, quiet = 0, background = 0, i = 0, pipe_fd[2];
extern char *__progname;
struct passwd *pw;
 
@@ -261,8 +261,11 @@
openlog(__progname, LOG_PID | LOG_NDELAY, DHCPD_LOG_FACILITY);
setlogmask(LOG_UPTO(LOG_INFO));
 
-   while ((ch = getopt(argc, argv, c:dl:qu)) != -1)
+   while ((ch = getopt(argc, argv, bc:dl:qu)) != -1)
switch (ch) {
+   case 'b':
+   background = 1;
+   break;
case 'c':
path_dhclient_conf = optarg;
break;
@@ -319,6 +322,9 @@
 
read_client_conf();
 
+   if (background)
+   goto dispatch; 
+
if (!(ifi-linkstat = interface_link_status(ifi-name))) {
fprintf(stderr, %s: no link ..., ifi-name);
if (config-link_timeout == 0) {
@@ -409,7 +415,7 @@
 {
extern char *__progname;
 
-   fprintf(stderr, usage: %s [-dqu] [-c file] [-l file] interface\n,
+   fprintf(stderr, usage: %s [-bdqu] [-c file] [-l file] interface\n,
__progname);
exit(1);
 }

Freeze during boot after recent upgrade (amd64 -current)

[Jona Joachim]

Hi!
After upgrading my system, which runs amd64 -CURRENT, to the latest
snapshot yesterday it freezes during boot after showing the message:
setting tty flags.
The last time I upgraded before this was just after WPA support was
available, so something must have happened between these two moments.
I upgraded my config under /etc using mergemaster.
Normally I run GENERIC.MP but I tested with GENERIC and it yielded the
same results.

Is any aware of what might be going wrong?

Best regards,
Jona

Re: Freeze during boot after recent upgrade (amd64 -current)

[Jona Joachim]

Le Thu, 24 Apr 2008 12:33:32 +, Stuart Henderson a C)critB :

 On 2008-04-24, Jona Joachim [EMAIL PROTECTED] wrote:
 Hi!
 After upgrading my system, which runs amd64 -CURRENT, to the latest
 snapshot yesterday it freezes during boot after showing the message:
 setting tty flags.
 The last time I upgraded before this was just after WPA support was
 available, so something must have happened between these two moments. I
 upgraded my config under /etc using mergemaster. Normally I run
 GENERIC.MP but I tested with GENERIC and it yielded the same results.

 Is any aware of what might be going wrong?

 Best regards,
 Jona



 Serial or vga console?

VGA. This is on a Thinkpad T60 laptop, I don't have a serial interface.
Also I didn't touch the default tty configuration.

Re: Freeze during boot after recent upgrade (amd64 -current)

[Jona Joachim]

Le Thu, 24 Apr 2008 13:17:37 +, Jona Joachim a C)critB :

 Le Thu, 24 Apr 2008 12:33:32 +, Stuart Henderson a C)critB :
 
 On 2008-04-24, Jona Joachim [EMAIL PROTECTED] wrote:
 Hi!
 After upgrading my system, which runs amd64 -CURRENT, to the latest
 snapshot yesterday it freezes during boot after showing the message:
 setting tty flags.
 The last time I upgraded before this was just after WPA support was
 available, so something must have happened between these two moments.
 I upgraded my config under /etc using mergemaster. Normally I run
 GENERIC.MP but I tested with GENERIC and it yielded the same results.

 Is any aware of what might be going wrong?

 Best regards,
 Jona



 Serial or vga console?
 
 VGA. This is on a Thinkpad T60 laptop, I don't have a serial interface.
 Also I didn't touch the default tty configuration.

The error is triggered by:

ttyflags -a 

in /etc/rc.

The machine boots up normally if I comment out this line.
If I issue the command after having booted successfully I can reproduce 
the freeze.

Let me know if you need further information.

cvs.1 contains dead link under SEE ALSO

[Jona Joachim]

Hi!
At the end of the CVS(1) manpage, under the SEE ALSO section, there is a link to
http://www.loria.fr/~molli/cvs-index.html
There seems to be no content anymore under this url.

Best regards,
Jona

Re: halt -p does not work with GENERIC.MP on 4.2-STABLE

[Jona Joachim]

On Fri, 25 Jan 2008 09:43:36 +0100, Pierre Riteau wrote:

 On Jan 25, 2008 9:13 AM, Nicolas Letellier [EMAIL PROTECTED] wrote:
 I use OpenBSD 4.2-stable with a core2duo laptop. When I use GENERIC
 kernel, 'halt -p' works perfectly. However, when I use GENERIC.MP,
 'halt -p' does not work and says :

 apm0: APM set power state: interface not connected (3)
 the operating system has halted
 Please press any key to reboot

 
 You should try with -current. Much work was done on ACPI since 4.2.
 And I don't think the developers are interested in these kind of bugs
 in -stable.

I can confirm that it doesn't work on a fairly recent snapshot.
It does work with GENERIC but when you do a `halt -p` under
GENERIC.MP you get syncing disks and then something like UHCI
controller halted and then nothing.
This is on a ThinkPad T60 (ACPI only) running amd64.

Jona

Re: most secure graphical browser

[Jona Joachim]

On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote:

 One other note, if your planning on doing any internet banking, your pretty
 much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
 under wine on openbsd, it may work also.
 
 Why? Because a lot of the internet banking sites are useless and while
 things like konqueror load them, badly hacked together js, and other bits
 fail a lot, things you won't notice until you go to do something like a
 funds transfer etc. You might be lucky and your banks website isn't ass. But
 I would be checking it thoroughly before making a browser decision.

Talking about brainfucked bank sites...
My bank checks for the browser's user-agent: Firefox on win32 an Linux
passes, Firefox on *BSD is denied access, unless you change the
user-agent string...
I sent them a mail explaining them why this utter nonsense and I just
got a standard reply.

Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

Re: A sad thread - RMS vs. OpenBSD

[Jona Joachim]

On Mon, 07 Jan 2008 00:02:19 -0800, Reid Nichol wrote:

 --- Duncan Patton a Campbell [EMAIL PROTECTED] wrote:
 
 On Sun, 6 Jan 2008 22:21:14 -0500
 Eliah Kagan [EMAIL PROTECTED] wrote:
 
  (There are also multiple useful,
  mutually-inconsistent formal systems in both fields.)
 
 Provably so?
 
 +1
 
 I'd love an example of Math being inconsistent.  Quite frankly, I'd be
 surprised if this is true.

The following sentence is true.
The previous sentence is false.

Oh and by the way this sentence is also false.


Best regards,
Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

Re: Slow Performance on Encrypted svnd

[Jona Joachim]

On Fri, 16 Nov 2007 14:34:22 -0800, Ted Unangst wrote:

 On 11/16/07, Nick Guenther [EMAIL PROTECTED] wrote:
 On 11/16/07, Ted Unangst [EMAIL PROTECTED] wrote:
  instead of pondering problems with using the whole disk, you could
  just use svnd with a file.

 Yeah but doesn't this hint at some horrible inefficiency in the stack 
 somewhere?
 
 it hints at using tools the wrong way leading to poor results.

Who says the tool is used the wrong way?
You?

I think when OpenBSD developers go and write a howto about how to use a
tool in a certain way then you can be sure it's meant to be used this way.

Please refer to:
https://www.mainframe.cx/~ckuethe/encrypted_disks.html

Best regards,
Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

Re: OT: OpenBSD on Asus eeePC

[Jona Joachim]

On Wed, 14 Nov 2007 10:56:25 +0100, Karl Sjodahl - dunceor wrote:

 On Nov 14, 2007 10:45 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2007/11/14 10:37, Alexey Suslikov wrote:
  As sthen@ mentioned, there are models with other WLAN, so be
  careful with it.

 I doubt there are different wlan, it doesn't make any sense.

 They are PCIE mini card, btw, so you'll probably have a harder
 time finding a replacement than if they were Mini PCI. (the in-
 tree options are iwn and rum).

 N.B. the flash is soldered. Personally I think I'd wait for the 8G
 ones - from my experience with Zaurus, 4G can be a bit limiting,


 
 Yeah I agree, 4GB is a bit small.

According to Wikipedia it has a slot for SD and SDHC cards.

Best regards,
Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

Re: Powered by obsd stickers and other stuff

[Jona Joachim]

On Sat, 10 Nov 2007 01:18:42 +0100, Iqigo Tejedor Arrondo wrote:

 Hello all
 
  Some art, at slw spanish foul asymetric connection. The sources are
 xcf, at 1600x1200.
 
  Clarify that I am not a designer :)
 
  I have make the typical Powered by stickers:
 http://inigo.homeunix.net/files/art/powered_by_puffy_black.png
 http://inigo.homeunix.net/files/art/powered_by_puffy_grey.png
 
  I hope that those stickers replace the vista compatible of the
 developers laptops :)
 
  There are some backgrounds:
 
  A blue rounded gradient with puffy:
 http://inigo.homeunix.net/files/art/background_blue_puff_1024x768.png
 http://inigo.homeunix.net/files/art/background_blue_puffy_text_1024x768.png

At first I thought you just copied that one:
http://www.openbsd-france.org/reposit/wallpapers/openbsd_yellow.png
and I wanted to accuse you of plagiarism but then I noticed there are some
differences between the two pictures :)

The pictures are quite nice. I especially like the old picture filter
one. The half wire / half red beastie looks kinda strange :)


Best regards,
Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

Thanks for the work on acpi!

[Jona Joachim]

I saw a lot of acpi related commits over the last few days.
acpibat, acpiac and temperature sensors and now detected and work as
expected on my Thinkpad T60 in -CURRENT!

spaceman% dmesg | grep acpi
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT 
SSDT 
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) 
acpitimer at acpi0 not configured
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0: EC__
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4504 serial 41653 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpidock at acpi0 not configured


spaceman% sysctl hw
hw.machine=amd64
hw.model=Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
hw.ncpu=2
hw.byteorder=1234
hw.physmem=1072099328
hw.usermem=1072091136
hw.pagesize=4096
hw.disknames=cd0,sd0,sd1
hw.diskcount=3
hw.sensors.cpu0.temp0=60.00 degC
hw.sensors.cpu1.temp0=60.00 degC
hw.sensors.acpitz0.temp0=60.05 degC (zone temperature)
hw.sensors.acpitz1.temp0=63.05 degC (zone temperature)
hw.sensors.acpibat0.volt0=10.80 VDC (voltage)
hw.sensors.acpibat0.volt1=11.67 VDC (current voltage)
hw.sensors.acpibat0.watthour0=56.09 Wh (last full capacity)
hw.sensors.acpibat0.watthour1=2.80 Wh (warning capacity)
hw.sensors.acpibat0.watthour2=0.20 Wh (low capacity)
hw.sensors.acpibat0.watthour3=44.66 Wh (remaining capacity), OK
hw.sensors.acpibat0.raw0=1 (battery discharging), OK
hw.sensors.acpibat0.raw1=22 (rate)
hw.sensors.acpiac0.indicator0=Off (power supply)
hw.sensors.aps0.temp0=36.00 degC
hw.sensors.aps0.temp1=36.00 degC
hw.sensors.aps0.indicator0=On (Keyboard Active)
hw.sensors.aps0.indicator1=Off (Mouse Active)
hw.sensors.aps0.indicator2=On (Lid Open)
hw.sensors.aps0.raw0=507 (X_ACCEL)
hw.sensors.aps0.raw1=538 (Y_ACCEL)
hw.sensors.aps0.raw2=507 (X_VAR)
hw.sensors.aps0.raw3=538 (Y_VAR)
hw.cpuspeed=1994
hw.setperf=100
hw.vendor=LENOVO
hw.product=2007QPG
hw.version=ThinkPad T60
hw.serialno=L32Z1K9
hw.uuid=f7d7ad81-4941-11cb-a0bc-86862e763339

Thanks for your hard work!

Best regards,
Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

Re: Google employment opportunity

[Jona Joachim]

On Fri, 12 Oct 2007 20:39:07 -0400
Frank Hale [EMAIL PROTECTED] wrote:

 OMG a Google employee was dumb enough to spam an entire mailing list
 to get to one person. WOW, I thought they hired really smart people.

Be gentle with them, they read your mail.

Jona


-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion

X11 very slow with SMP kernel

[Jona Joachim]

Hi!
I can see X redraw the screen top down very slowly when I use the SMP
kernel on my Thinkpad T60. I can actually see it draw the background
first and then every widget one by one. I don't see this behaviour when
I use GENERIC.
I use an the amd64 kernel.
I tried with a 2 month old snapshot and a freshly built GENERIC.MP
checked out this afternoon with the same result.

spaceman% uname -a
OpenBSD spaceman.my.domain 4.2 GENERIC.MP#0 amd64

dmesg: http://www.hcl-club.lu/~jaj/foo/dmesg
`X -version`: http://www.hcl-club.lu/~jaj/foo/xversion

Is this a know issue?
Do I need to rebuild Xenocara with special knobs to use it with bsd.mp?
Could you point me into a direction to further investigate this?

Best regards,
Jona