support new

[Solène Rapenne]

0
C France
P Bretagne
T Rennes
Z 35000
O Consultant
I Solne Rapenne
M sol...@lambda-solene.eu
U https://www.lambda-solene.eu/
N OpenBSD/FreeBSD/Linux consulting, support, training and system 
administration. Software packaging.

Re: ffs undelete was: Re: single user question

[Solène Rapenne]

Le 2019-05-17 22:47, Edgar Pettijohn a écrit :

On May 17, 2019 3:14 PM, gwes  wrote:




On 5/17/19 2:34 PM, Nathan Hartman wrote:
> On Fri, May 17, 2019 at 12:28 PM ropers  wrote:
>
>
> In the history of the (Berkeley) Fast File System, has there ever been
> an attempt to implement DOS-like undelete for FFS/UFS?
>
> Maybe that could work for "normal delete" while making available a separate
> "secure delete" that cannot be un-deleted and furthermore overwrites the
> deleted data with random garbage. Administrators could optionally force the
> secure overwrite delete.
>
I haven't looked at e.g. zfs in a long time.

A journal-like system which held the deleted/overwritten files
or a system of renaming wouldn't be *that* hard to instantiate
There are some problems:
(a) denial of service by writing and deleting huge [numbers, size] 
files.

(b) retention policy - under what conditions does the system
  guarantee existence of backup files?
(c) versioning - If I create & delete 'a' six times, how many copies 
are

held.
(d) cost of undelete operation - it's not clear how to make
 that efficient.

I'm sure people can find more.

A test version substituting a new open(2) and unlink(2) in libc would 
be

easy to make.

geoff steckel



I'm thinking something like a trashcan. Where rm(1) actually just
moves the files to some predetermined location then on shutdown all
files older than some configureable date are actually unlinked.

Edgar


you can write a shell script to move given parameters into a special 
folder

and make alias rm="that_script"
and a rc script which empty this folder at boot/shutdown.

Re: web hosting

[Solène Rapenne]

Le 15 mai 2019 21:06, Gustavo Rios  a écrit :
>
> I am in need to host my homepage and programs i have written. 
> Do have any suggestion on web hosting services that alllow ssh access too? 
>
> Thanks a lot 
>
> -- 
> Pag Bem Fácil Ltda 
> www.pagbemfacil.com.br 
>

You can try some community shell provider like devio.us, sdf.org or tilde.town
You'll have some http space and a ssh shell.

Re: OpenBSD site

[Solène Rapenne]

Le 2018-10-27 21:06, ivp...@eml.cc a écrit :

Knowing OpenBSD philosophy, you should probably NOT expect a CMS :).

But you don't need to guess when you can check for yourself - all the
sources are available for an anonymous CVS as described in [1].

You can easily have an up-to-date local copy on your machine by first
reading manual pages on cvs(1), httpd(8) and httpd.conf(5) and then
doing something like (as root):

# mkdir -p /var/www/htdocs/openbsd
# cd /var/www/htdocs/openbsd
# cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs checkout -P www

and adding the following section to /etc/httpd.conf:

server "openbsd-doc" {
listen on * port 81
root "/htdocs/openbsd/www"
}

and enabling httpd:

# rcctl enable httpd

After that, navigate to http://localhost:81 and enjoy browsing an
offline copy of OpenBSD website.

[1] https://www.openbsd.org/anoncvs.html



you don't even need to setup a http server to browse the pages :)

Re: Pkg_add

[Solène Rapenne]

Le 2018-09-16 03:33, Michael Ayres a écrit :

Thanks to everyone who has replied in helping me. I have read up on
the man pages and I understand what I need; it is:

1) I want to install some packages on OpenBSD 6.0 which I have
operational on a Parallels VM on my precious MacBookPro High Sierra.


are you using 6.0? If so, it's no longer supported and packages are not
available anymore.


2) I want to set a environmental variable PKG_PATH to the ftp site to
get packages.
  2.a) I am trying to set it to
https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/i386/
, which has an
index of packages I might want to get. I will later put that
PKG_PATH in the start up file so it is always set each time I boot up
OpenBSD.


Are you using i386 architecture in your VM?


3) My PKG_PATH string [
https://ftp.openbsd.org/pub/OpenBSD/6.3/packages/i386/
 ] does not
seem to work. An example I refer to includes some wild cards, “%”,
which I can’t seem to get right.k The example I am working from is at:
https://linux-audit.com/updating-all-openbsd-packages-with-pkg_add/

and one example it uses is passing a variable for name and arch -s,
which I have not set.


http://man.openbsd.org/installurl

https://ftp.openbsd.org/pub/OpenBSD is a right content for the file




4) What is a correct string i should use to set my PKG_PATH variable
to get packages from location at 2a above?



use /etc/installurl instead of PKG_PATH

Re: DNS (UNBOUND) + PF ISSUE

[Solène Rapenne]

Le 2018-08-29 12:41, NN a écrit :

Hi,

many thanks for your quick answer,
I try to  use your PF rule, and got the same answer from my DNS:

    ...
    >> WARNING: recursion requested but not available
    ...

I need the DNS request RULE's for my PF
Any ideas?

BR
deface


On 08/29/18 12:34, Arnaud BRAND wrote:

Le 2018-08-29 11:57, NN a écrit :

*Hi all,*

*Its my first topic here =)
*

*Please help me investigate DNS+PF issue. **
*

*I have 2 VM on OpenBSD 6.3:*

*    VM#1 - Router with PF, IP:192.168.50.1*

*    VM#2 - DNS (as unbound), IP:192.168.50.2**
*

*here is my pf.conf on VM#1:*

    int_if="{ vether0 re0 }"
    set block-policy drop
    set loginterface egress
    set skip on lo0
    match in all scrub (no-df random-id max-mss 1440)
    match out on egress inet from !(egress:network) to any nat-to 
(egress:0)

    pass out quick inet
    pass in on $int_if inet
    pass in on egress inet proto { tcp, udp } from any to (egress)
port 53 rdr-to 192.168.50.2

*I try to check how my Unbound DNS VM#2 working: *

*# dig @192.168.50.1 google.com*

    ; <<>> DiG 9.4.2-P2 <<>> @192.168.50.1 google.com
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2704
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, 
ADDITIONAL: 0


    ;; QUESTION SECTION:
    ;google.com.    IN  A

    ;; ANSWER SECTION:
    google.com. 299 IN  A 172.217.21.110

    ;; Query time: 35 msec
    ;; SERVER: 192.168.50.1#53(192.168.178.100)
    ;; WHEN: Wed Aug 29 11:35:57 2018
    ;; MSG SIZE  rcvd: 44

*Looks good. But if I try to do it out of my local net ... with:*

*# dig @external_IP google.com*

    ; <<>> DiG 9.4.2-P2 <<>> @external_IP google.com
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24861
    ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available <<<   <<<   <<< 
???


    ;; SERVER: external_IP#53
    ;; WHEN: Wed Aug 29 11:30:50 2018
    ;; MSG SIZE  rcvd: 12

*I think that my PF config is wrong. Please help to investigate my 
issue.*


*P.S: unbound.conf is here ...*

server:
    # interface: 188.192.103.156
    interface: 192.168.50.1
    interface: 127.0.0.1
    interface: ::1
    access-control: 0.0.0.0/0 refuse
    access-control: 127.0.0.0/8 allow
    access-control: ::0/0 refuse
    access-control: ::1 allow
    access-control: 192.168.1.0/24 allow
    access-control: 192.168.50.0/24 allow
    access-control: 192.168.178.0/24 allow
    do-not-query-localhost: no
    hide-identity: yes
    hide-version: yes
    port: 53

remote-control:
    control-enable: yes
    control-use-cert: no
    control-interface: /var/run/unbound.sock

forward-zone:
    name: "."
    forward-addr: 192.168.178.1 # fritz.box
    forward-addr: 8.8.8.8 # google.com
    forward-addr: 2001:4860:4860:: # google.com v6
    forward-first: yes # try direct if forwarder fails

Sorry for my English,

BR

deface


Eh... something's off in your configs.
You wrote:
 DNS (as unbound), IP:192.168.50.2
But unbound.conf contains :
 interface: 192.168.50.1
May be it's not used and redirected to 127.0.0.1 ?

Anyway, are you trying to match DNS requests origintaing from the 
inside network and going to public DNS through egress and then 
redirecting these requests to unbound ?

If so, I think you might want to add this rule :
pass in on $int_if inet proto { tcp, udp } from !$UNBOUND_SERVER to 
any  port 53 rdr-to $UNBOUND_SERVER




you have to allow your IP in unbound.conf, look at your rules:

 access-control: 0.0.0.0/0 refuse
 access-control: 127.0.0.0/8 allow
 access-control: ::0/0 refuse
 access-control: ::1 allow
 access-control: 192.168.1.0/24 allow
 access-control: 192.168.50.0/24 allow
 access-control: 192.168.178.0/24 allow

if you are not in the last 3 ranges specified, you won't be allowed
to make a request.

Note: Opening unbound to the internet is a bad idea.

Re: how to switch to a snapshot?

[Solène Rapenne]

Le 2018-07-25 12:57, Rudolf Sykora a écrit :

Hello,

I'd perhaps like to switch to a recent snapshot.
I read
https://www.openbsd.org/faq/current.html
but do not quite understand it.

If I download the snapshot (ie bsd.rd), boot from it, choose Upgrade
at the prompt, and upgrade any installed packages (??using pkg_add -u 
where

available, otherwise from updated ports??),


correct


do I still have to follow
those points described further down on the page, such as

2018/04/04 - PF_TRANS_ALTQ removed

etc.?


that depend, the one you choosed says this:

Using a snapshot is highly recommended. To update from source,
the following steps are needed

If you use a snapshot, you don't need to rebuild some components from 
source.




I'd expect I should watch for changes of syntax for configuration
files, right?


yes, the current.html page in the FAQ should list was is disruptive from
the latest release to next release.

Re: Boot problem after power failure in OpenBSD 6.2 and later versions

[Solène Rapenne]

Le 2018-04-20 21:41, augusta bonaventura a écrit :

Hi,

I am installing on the hardware mentioned below in OpenBSD 6.2 and 6.3
versions. When the Login menu comes, I turn off power supply (only 1 
time)
for a power failure test. When the device reboots, it reboots itself 
when

it comes to the "boot>" menu.

However, even though I tried at least 10 times in 6.1 and earlier 
versions,

I did not encounter such a problem.

So, What is the difference between OpenBSD versions ? What might be the
cause of this situation? What kind of solution do you offer?

Thanks.

OpenBSD 6.1 dmesg output:



After the power failure, can you try to fsck and see what happens ?
You can use a CD or an usb install support for this.

Re: Kakoune editor on openbsd

[Solène Rapenne]

Le 2018-04-17 02:43, Patrick Marchand a écrit :

On 04/16, Stuart Henderson wrote:
> On 2018-04-16, Patrick Marchand  wrote:
> So trying again I looked closer at what the function was doing and how
> it was implemented for freebsd and dragonflybsd. The function
> tries to find the executable path of kak, but the freebsd way of doing
> it doesnt work because it doesnt seem like KERN_PROC_PATHNAME is defined
> in openbsd? So whats the preferred way of doing this on openbsd?

Hardcode it.

If anybody wants to play with it, heres my tentative pull request
https://github.com/mawww/kakoune/pull/2005

Kakoune has at least one stable release, so I might make this my first
try at creating an openbsd package.


hello,

In another port I used a patch and SUBST_VAR to replace 
KERN_PROC_PATHNAME

by the correct path using ${PREFIX} variable. By hardcoding it with
/usr/local/bin it won't works for people having a different ${PREFIX} 
which

could happen for some reason.

You can take a look at games/tome4 and the patch patch-src_getself_c

Re: minor too small - pkg_add

[Solène Rapenne]

Le 2018-03-19 16:18, Patrick Marchand a écrit :

Hello,
I updated to the latest snapshot yesterday and when I run
pkg_add -Dsnap -u a bunch of pkg will not upgrade because it cant find
ssl.44.9

It does find 44.8 and 45 but not that specific version, last week I had
a similar issue with libm. Now I can get around the error by building
the packages in ports, but I was wondering if there was an easy fix.

Thanks,
Patrick


Hello,

It seems you have to update your snapshot because it's too old. It was
shipped with the lib version 44.8 and the current is now 44.9 from the
output. That mean your snapshot is too old and the packages have been 
built

against a more recent snapshot.

Regards

Re: [Patch] remove xdm reference from X(7)

[Solène Rapenne]

Le 2018-03-15 04:58, Anthony J. Bentley a écrit :
Thanks, but X(7) comes from upstream. Typically we don't modify 
upstream

manuals in Xenocara, as doing so would add more work to X updates.
Improvements to OpenBSD-maintained docs like cwm(1) and xenodm(1) are
welcome though.

Manpages often do that as a marker to run the tbl preprocessor
(similarly with 'e' for eqn, and so on).


Thanks for the insight.

Re: The vim display issue on OpenBSD

[Solène Rapenne]

Le 2018-03-09 08:19, Nan Xiao a écrit :

Hi all,

Greetings from me!

I meet a weird issue: there is a file which contains only "1":

# cat a
1

While use vim to open it, it displays "0". I find the number behind
cursor will decrease 1.

Does anyone bump into this issue? Thanks very much in advance!

P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.

Best Regards
Nan Xiao


hello,

Do you have this error only with this file ? If you do

echo 2 > file

and then you use vim on this file, does it display 1 ?
Could you try with another terminal emulator or from a tty ?

I have no idea about this problem but it may gives some clues.

Re: httpd howto redirect port 80 to 443 in vm

[Solène Rapenne]

Le 2018-03-02 15:33, Matt M a écrit :

Why not use a .htaccess redirect?

https://www.sslshopper.com/apache-redirect-http-to-https.html


.htaccess file is a feature of Apache web server while we are
talking about httpd.

Re: DNS-01 challenge in acme-client

[Solène Rapenne]

Le 2018-03-01 10:45, Consus a écrit :

Hi,

Let's Encrypt is going to support wildcard certificates soon enough, 
but

only through DNS-01 challenge, but acme-client(1) does not support it.
Have you guys considered implemeting DNS challenges?  Maybe someone is
already working on the implementation? If not are patches welcome?


Hello, I'm not a developer of acme-client but I'm using dns challenge 
since
some time. It is not easy to implement because this requires access to 
your

DNS server (like nsd or bind) or your registrar admin API which would
require adding plugins for each API. It is more complicated than 
creating

a file in a folder.

I use https://dehydrated.de/ with a shell script as hook for dns 
challenge.

Re: sudoedit for doas?

[Solène Rapenne]

Le 2018-03-01 11:41, tomr a écrit :

On 02/28/18 17:50, Hess THR wrote:

Hello,

hmm, I went through the relevant man pages:

https://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1
https://man.openbsd.org/doas.conf.5

but I cannot find a sudoedit alternative for the "doas".

Are there any?


Use `doas -C` in a wrapper script that:

- checks for a lock / creates a lock
- copies /etc/doas.conf somewhere
- edits it with your editor of choice
- checks it (with -C)
- copies it back into place
- removes the lock

t


Hello,

What you said mimics visudo (to edit sudo configuration file), not
sudoedit which is documented in sudo(8) :

1.Temporary copies are made of the files to be edited with the owner
  set to the invoking user.
2.The editor specified by the policy is run to edit the temporary
  files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR
  environment variables (in that order).  If none of SUDO_EDITOR,
  VISUAL or EDITOR are set, the first program listed in the editor
  sudoers(5) option is used.
3.If they have been modified, the temporary files are copied back to
  their original location and the temporary versions are removed.

Re: httpd howto redirect port 80 to 443 in vm

[Solène Rapenne]

Le 2018-02-27 07:58, Mischa Peters a écrit :

On 27 Feb 2018, at 05:04, niya  wrote:

hi
using vmd in openbsd 6.2
and following 
http://thecyberrecce.net/2017/01/15/secure-webservers-with-openbsd-6-0-setting-up-httpd-mariadb-and-php/

i have setup openbsd running a webserver
everything installed and the webserver works via port 80 and 443.
i can access the webserver from a remote client by browsing to the ip 
of the host machine and redirecting to the vm address and port using 
pf.
i tried to setup port 80 redirection to port 443 so that all all 
access is over HTTPS, when i use http://host ip, i am redirected to 
https://default/
how do i get the webserver to redirect to the ip address of the host 
machine?


my httpd.conf

server "default" {
listen on $ext_addr port 80 block return 301 
"https://$SERVER_NAME$REQUEST_URI;

#   listen on $ext_addr port 80
listen on $ext_addr tls port 443
tls {
key "/etc/ssl/private/server.key"
certificate "/etc/ssl/server.crt"
}
directory {
index "index.php"
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}


shadrock


Hi,

$SERVER_NAME uses the name you have specified at ‘server “default”’
which is “default” in this case.

Mischa


Exactly, $HTTP_HOST should be used instead of $SERVER_NAME for what
you want to do.

Re: Wondering if any of my hardware is working on -current

[Solène Rapenne]

I'll get the dmesg and send it.


Please take a look at sendbug(1) to make an useful
bug report.

Re: thanks to solene, but moving away from zenlisp

[Solène Rapenne]

Le 2018-02-06 11:56, mayur...@devio.us a écrit :

have been informed by the developer of zenlisp that it's
not going to be supported any further.
thanks solene for you efforts.
i think i'll let of the excuses and start (re)learning
c89, and results will follow. :)


Hello,

no problem. If no one need zenlisp and that it's not going
to be developed anymore, it's better to not have it in ports.

If you like Lisp languages, you can get a look at the following
languages :

- common lisp (sbcl, ecl, clisp)
- scheme (guile, chicken, gauche)
- racket
- clojure (java runtime based)
- newlisp
- picolisp

Re: wxallowed flag

[Solène Rapenne]

Le 2018-01-26 12:52, mazocomp a écrit :

On Fri, Jan 26, 2018 at 12:28:00PM +0100, Marc Espie wrote:

On Fri, Jan 26, 2018 at 12:56:15PM +0200, mazocomp wrote:
> Hi!
>
> Is this a really good idea to keep wxallowed flag on /usr/local by
> default? Is this so scary that many poop software will break (this is
> not a big loss at all)? After all not enabling this flag by default is
> the right thing to do, reliance on W|X should go to /dev/null
>
> The only problem I see after removing this flag and removing python
> is that it also removes packages which, for example, have
> devel/desktop-file-utils in run dependencies, but they work without it.

I don't see your patches for fixing the rather important shit that 
still

requires wxallowed.



So you mean broken packages are more important than system's default
security? Was that true when ProPolice was enabled by default?


That doesn't change base system security if you don't install packages.

Re: Any typical pf.conf or sysctl settings to tweak/speedup NAT/networking stack throughput? (+ don't use USB dongles?)

[Solène Rapenne]

Le 2017-12-14 05:30, ti...@openmailbox.org a écrit :

Hi!

Do you see any typical pf.conf or sysctl settings to tweak/speedup
NAT/networking stack throughput?

(On USB2 dongles, sigh.

Current speed is quite OK actually, a client with good hardware would
get up to 70mbps through the NAT. I was still curious to know if there
are any obvious toggles in sysctl/pf.conf for up:ing NAT/networking
stack throughput though. RAM is not an issue with me, I have plenty. I
thought possibly some settings were set to unnecessarily low defaults,
for OpenBSD to work well on machines with <1GB RAM, say.)

Tinker


Hello,

What is the USB dongle here, a network adapter ? Maybe it's simply the
dongle limiting the bandwidth.

Regards

Re: Image viewer alternative to eog

[Solène Rapenne]

Le 2017-11-25 20:51, x9p a écrit :

Hi,

Is there a good/safe and light image viewer? Was used to eog, but it 
has
too many "vfprintf %s NULL" in messages. gimp is too big and good for 
play

with images, In need of smth fast.

cheers.

x9p


Hello,

I would recommend sxiv

Re: Is there an option switch to lower minimum DH strength in SSH client?

[Solène Rapenne]

Je 2017-11-03 05:06, Jacob Leifman skribis:
I was finally able to bring our OpenBSD based Network Management System 
up
to the current OS release (it was a couple of years out of date) but 
this
process broke access to a large number of older HP switches on our 
network.
Thorough analysis of the problem and study of the source code lead me 
to

believe that the culprit is commit to usr.bin/ssh/dh.h rev 1.14:

increase the minimum modulus that we will send or accept in
diffie-hellman-group-exchange to 2048 bits;

Within the file it further explains that this is mitigation for DH
precomputation attacks. I understand and appreciate strengthening 
server
code. But this breaks the use of SSH client leaving little recourse 
other
than perhaps telnet with NO encryption instead of somewhat weak 
encryption,
as the "server" is outside of our control. (I already checked that we 
have

the latest firmware, less than one year old.)

Curiously, diffie-hellman-group1-sha1, which is the only one supported 
by
the switches, is an accepted KexAlgorithm value in OpenSSH 7.6 (OBSD 
6.2);

I was hoping that I could use it to explicitly request smaller DH but
ultimately it still dies with "Invalid key length" error.

Is this an oversight or is there a particular logic to intentionally
breaking compatibility with a not-insignificant base of installed 
equipment?


Thank you,

Jacob Leifman
Educational Technology

Weymouth Public Schools


Hello,

I'm not sure if it's what you ask but I had a problem with old ssh 
clients
not able to connect to a recent ssh server after a system upgrade. I had 
to

add this to my sshd config (on the server) to allow them to connect :


KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc

Regards

Re: OT: Upload and Download to/from an OpenBSD host

[Solène Rapenne]

Je 2017-10-30 20:23, Mihai Popescu skribis:

Hi,

I am trying to setup a solution on an OpenBSD computer, where i want
to upload and then download large volume of data. I was using ftpd
daemon to do this, but I wonder if there is another way to do this,
regarding speed of transfer.

Sometimes I was in situations to upload and then download data to/from
and OpenBSD computer.
This was happened whenever I got a Windows or Linux machines hooked in
to retrieve large volume of data from their internal disks. The
machines are both plugged in in a switch or they can be directly
linked with an Ethernet cable.

If you think there is another way to do it, other than moving the
disks between machines, please put some ideas here.

Thanks.


Hello,

If you trust your LAN (are the computers on the same LAN ?)
I would recommend using rsync and rsyncd. Without encryption it's really
fast and efficient.

Re: Fail2ban alternative for OpenBSD

[Solène Rapenne]

Je 2017-10-29 02:20, x9p skribis:

Hi,

Coming from the Linux world, I wonder if there is a better alternative
to fail2ban, already being used in OpenBSD servers by the majority.

cheers.

x9p


Hello,

jca imported sshlockout from dragonflybsd. It's in security/sshlockout.

It's dead simple, here is an extract of the man page :


# in /etc/pf.conf
table  persist { }

# and later in /etc/pf.conf - see below
block in quick on $ext_if proto tcp from  to any port 22

# in /etc/syslog.conf
auth.info;authpriv.info|exec /usr/sbin/sshlockout -pf lockout

# in root's crontab
3 3 * * * pfctl -tlockout -T expire 86400

Re: nobreak powers down openbsd

[Solène Rapenne]

Je 2017-10-23 15:40, Friedrich Locke skribis:

Hi folks!

I would like to have my openbsd server to be shutdown when my nobreak 
power

becomes lower than 20% of its capacity; is that possible ?
Any one with experience in this regard ?

Thanks a lot.


Livre
de vírus. www.avast.com
.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


hello,

Is a "nobreak" an UPS ? If so, what model is it ?

Is it connected to your server or your LAN ? If no, no chance to know 
the current state of the battery.

Re: a pf question maybe asked a 1000 times

[Solène Rapenne]

Je 2017-10-20 12:59, Markus Rosjat skribis:

Hi there,

I was wondering, after reading mr hansteens excelent book about pf and
the man pages, if I got it all wrong :)

so here is my example pf.conf

ext_if="hvn0"

set skip on lo

block return# block stateless traffic
block inet6

pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
pass in on $ext_if inet proto tcp from any to ($ext_if) port 443

pass out on $ext_if inet proto tcp from ($ext_if) port { https, 
submission }


and what I expect is the following:

 - traffic ipv4 and ipv6 gets blocked -> general deny
 - I let enter ssh traffic
 - I let enter https traffic
 - I let out treffic on https und submission port
 - I should not be able to establish a ssh connection from this host to
   another machine but should connect to be able to connect to this
   machine

what I notice is I can initiate a ssh connection from this machine. So
there are three possible answers to this:

 - 1st with allowing ssh traffic in the first place ssh port will be
   considered passable from both sites of the nic. Which would somehow
   makes no sense to me at all because its a explicit in rule
 - 2nd the ssh connection initiated is somehow considered coming fom lo
   and for that not passed to the following rules
 - 3rd my rules are just wrong :)

So for all the more skilled human beings out there can you help me with 
it?


regards


Hello,

I'm not a pf expert but you did not block traffic at all.
You may want to use "block all" instead of block return

Have a look at the differents examples : https://www.openbsd.org/faq/pf/

Re: macppc netboot

[Solène Rapenne]

Je 2017-10-18 23:11, Christian Weisgerber skribis:

On 2017-10-18, Solène Rapenne <sol...@perso.pw> wrote:


Are you able to fetch /bsd.rd if you use tftp in command line ?


How is this relevant?

Netbooting is inherently machine-dependent.  Firmware aside, there
are also at least two OpenBSD bootloader flavors:
* pxeboot (amd64, i386) uses TFTP to load the kernel.
* netboot (alpha) and ofwboot.net (sparc64) load the kernel from
  an NFS server.

Looking at INSTALL.macppc, I see that macppc's ofwboot works along
the lines of alpha and sparc64.  If you are trying to give advice
based on amd64/i386, then this will be bogus and misleading.


Indeed, in this case the ofwboot is already retrieved so it's not a
tftp issue.

About the problem for booting on the nfs, I would try starting
tcpdump on the nfs server and see what happens when the client boots.

Re: macppc netboot

[Solène Rapenne]

Je 2017-10-18 16:39, Daniel Boyd skribis:

OK -- from dhcpd.conf:

host cube {
next-server 192.168.60.157;
option subnet-mask 255.255.255.0;
option routers 192.168.60.1;
option root-path "/srv/obsd62";
fixed-address 192.168.60.235;
hardware ethernet 00:30:65:71:c6:e2;
}

And then in OF:
0 > boot enet:,ofwboot /bsd.rd
CLIENT: 003065571c6e2 192.168.60.235
SERVER: f 192.168.60.157
ROUTER: f 192.168.60.1
Transfer FILE: ofwboot \
TFTP-actual=fcbc TFTP-adler32=c626975c load-size=fcbc adler32=c626975c

Loading ELF

OpenBSD/macppc BOOT 1.6

Using IP address: 192.168.60.235
root addr=192.168.60.157 path=/srv/obsd62
callrpc: error = 2
open(/pci@f400/ethernet:/etc/boot.conf): Unknown error: code 72
boot>
Using IP address 192.168.60.235
root addr=192.168.60.157 path=/srv/obsd62
callrpc: error = 2
cannot open /pci@f400/ethernet:/etc/random.seed: Unknown error:
code 72
booting /pci@f400/ethernet:/bsd.rd Using IP address: 192.168.60.235
root addr=192.168.60.157 path=/srv/obsd62
callrcp: error = 2
open /pci@f400/ethernet:/bsd.rd: Unknown error: code 72
 failed(72). will try /bsd
...

So... DHCP is working... TFTP is working.  I just don't think NFS is
working.  I'm able to mount the nfs share on another computer, so, i'm
kind of out of ideas...

On Wed, 2017-10-18 at 14:50 +0200, Solène Rapenne wrote:


Are you able to fetch /bsd.rd if you use tftp in command line ?

Re: macppc netboot

[Solène Rapenne]

Je 2017-10-18 00:47, Daniel Boyd skribis:

I'm attempting to install onto a G4 Cube with a busted CD-ROM drive.
I've never done network booting before, so I'm sure I'm just missing
something.

I set up NFS and TFTP on a linux box, copied ofwboot to the TFTP share
and bsd.rd plus all the tgz files to the NFS share.

In Open Firmware, I'm setting:

default-server-ip -> ip of linux box
root-path -> "x.x.x.x:/path/to/nfs/share"
next-server -> ip of linux box

and then:


boot enet:,ofwboot /bsd.rd


The TFTP part seems to be working.  I get:


OpenBSD/macppc BOOT 1.6


but then:

open(/pci@f400/ethernet:/etc/boot.conf): Unknown error: code 60
boot>
cannot open /pci@f400/ethernet:/etc/random.seed: Unknown error:
code 60
booting /pci@f400/ethernet:/bsd.rd: open
/pci@f400/ethernet:/bsd.rc: Unknown error: code 60 failed(60). will
try /bsd
boot>

..and then it fails to boot bsd

Am I required to set up a DHCP server, too?


Hello, I had the same problem 2 years ago :
http://misc.openbsd.narkive.com/uSQMW0M5/need-help-to-install-openbsd-5-9-macppc-via-pxe

try with root-path "/path/to/nfs/share"
in fact, if I remember well, the TFTP boot will use 
$next-server:/$root-path so you don't

need to put the ip in root-path.

Re: sftp chroot

[Solène Rapenne]

Je 2017-06-14 13:02, Bryan Harris skribis:

On Linux I have mounted another fs inside the user's home folder (it is
mounted twice).  I don't know if OpenBSD has that feature.



This is not possible on OpenBSD, mount will tell "device is busy".

On linux you should use mount --bind to bind a folder on another instead
of mounting twice the mountpoint. FreeBSD has mount_nullfs to do exactly
the same thing as --bind, but OpenBSD doesn't have any of this.

Re: sftp chroot

[Solène Rapenne]

Je 2017-06-14 10:33, Markus Rosjat skribis:

Hi there,

I want to build an sftp environment where the user is chrooted to his
home dir. So far so good but then again the user might need access to
a webserver resource like /var/www/htdocs/some_dir

As far as I understand a symlink doesnt work in the chroot setup and
Im not quiet sure how to achieve this.

I could simply make /var/www/htdocs/some_dir the home dir of the user
but Im not sure if this is the recommended way.

so once again adivce  is helpful :)

regards


hello
you can change the home user folder to one in /var/www/htdocs/
or if the home user in the same mountpoint as /var/www you could
do a hard link folder with ln.

Re: Rsnapshot configuration - Data integrity

[Solène Rapenne]

Je 2017-06-14 01:47, G skribis:

Well as far as /var goes i decided to take a closer look because i am
thinking running aide for system integrity check. So this my 
rsnapshot.conf




Recently I've been investigating software for integrity check, you have 
choice :


- sysutils/bitrot
- a daily mtree as it's done for /etc ; see security(8)
- archivers/par2cmdline (which can also repair files)
- sysutils/aide

I wouldn't really recommend AIDE. bitrot is a lot easier to use.

I wrote an article about data integrity software :

http : https://dataswamp.org/~solene/article-integrity.html

Re: Can I use OpenBSD as a desktop system?

[Solène Rapenne]

Je 2017-06-12 07:45, Rupert Gallagher skribis:
On Mon, Jun 12, 2017 at 1:16 AM, Davor Balder  
wrote:


xfce is available and you should be able to use mac-like shortcuts 
there. I think this relates to your chaoice of window manager/desktop

environment. We have choices!

Using xfce already, but Apple-like shortcuts did not work so far.


I've been using seamonkey and qutebrowser with good results.


Will try them.

I have a privacy and security protocol that I could implement on
firefox only, across different OSs, with extensions, configurations
and changes to the code. The result is better than torbrowser.

I installed chromium on openbsd, but was greeted by chrome instead. I
tried hard to to secure chrome, but each step I took resulted in
greater leaks.

I expected the openbsd version of both ff and chrome to be safer by
default. There is s lot of work to be done. Will share more next
weekend.

R


You can use iridium instead of chromium

Re: Can I use OpenBSD as a desktop system?

[Solène Rapenne]

typing startx isn't even needed if you enable xenodm at install

Je 2017-06-10 00:00, Edgar Pettijohn skribis:

As long as you can type startx at the command prompt, then yes.

⁣Sent from BlueMail ​

On Jun 9, 2017, 3:07 PM, at 3:07 PM, Johan Mellberg
 wrote:

Yes.

2017-06-09 21:39 GMT+02:00 SOUL_OF_ROOT 55 :


Can I use OpenBSD as a desktop system?

Re: Domain redirections to Openbsd.org?

[Solène Rapenne]

Je 2017-05-18 15:51, Wylie Bayes skribis:

Well the IP resolves to the same IP as openbsd.org.  Not sure how he's
retaining all the link structure when clicking around, but yeah i 
didn't

think it was normal, and figured it should be reported in some fashion.



on openbsd.org links are relative, so if you use another domain name to
access the page, the domain names is kept in the url.

Re: openup vs. syspatch vs. pkg_add -u ?

[Solène Rapenne]

Je 2017-05-14 16:56, Adam Thompson skribis:

Now that we’re in the wonderful world of syspatch(8) – which works
well for me so far (thanks for the hard work, everyone!), I’m trying
to figure out if there’s still any point to using m:tier’s openup
tool.

From what I can tell, running “syspatch ; pkg_add -u” is pretty much
equivalent to what openup does… but am I missing anything?



Thanks,

-Adam


Hello,

syspatch only updates base system, not packages.
You still need mtier if you want to update packages on a release.

Regards

Re: list all system users, eg. _x11

[Solène Rapenne]

Le 2017-05-06 20:27, Luke Small a écrit :
Is there a way to determine all users on a system that the users 
command

doesn't seem to show? like _x11 and _ntpd


hello
system users has an uid < 1000 you can retrieve them like by parsing 
/etc/passwd like this


awk -F ':' '{ if($2 < 1000) { print $1 }}' /etc/passwd

you can replace $1 by $0 if you want the whole line instead of only the 
login.

Re: 6.1: /usr/local/bin/node: W^X binary outside wxallowed mountpoint

[Solène Rapenne]

Le 2017-04-25 16:49, Maxim Bourmistrov a écrit :

Hey,
Any work around for this one?

Mount with wxallowed not working.

Br


Hello,

Could you give details ?

When I type node on a fresh installed 6.1 I get
the node shell, no error.

Regards

Re: Encryption

[Solène Rapenne]

Le 2017-03-22 17:28, Jan Betlach a écrit :

Hi misc,

planning to install -current on my Thinkpad T450s (SSD).

I need to have several data directories encrypted, however would not 
mind
whole-disk encryption. Which method would be more supported / 
recommended?
Whole-disk encryption or creating a container file, loop device and 
then

virtual device with the encryption layer on it?

Thanks in advance

Jan


Hello Jan,

That would depend on your need, do you want to protect against someone
who would steal your computer, or against some malicious software
running under your system to read your data ?

In the first case, you should go with FDE (full disk encryption), your
data would be available only after you type the password at boot.

In the second case, you should use some kind of encrypted volume that
would be available only when you need to. I think that's possible to
create an encrypted ffs volume contained into a file, that you can
mount when you need.

Regards

Re: File Server with OpenBSD?

[Solène Rapenne]

Le 2017-03-08 16:25, Raimo Niskanen a écrit :

On Tue, Mar 07, 2017 at 05:55:08PM +0100, Solène Rapenne wrote:

Le 2017-03-07 17:29, Roderick a écrit :
For data integrity, you may use sysutils/bitrot to check for data
integrity (bit rot).


mtree(8) with -K sha1digest might be enough, and is in the base
system.


It's a bit more complicated. You have a bitrot  if the file checksum 
changed

AND the modification time hasn't changed. Files that are updated will be
reported as corrupted, which may be boring.

If you have archiving static data, the mtree method works though.

Re: File Server with OpenBSD?

[Solène Rapenne]

Le 2017-03-07 17:29, Roderick a écrit :

Before I make a decision, I want to ask you for suggestions.

I want to make a small file server, just to separate important
files from my working system. Two disks as Raid 1. Files are to
be read with NFS. Emphasis:

(1) Data Integrity (not security :).

(2) some degree of indepencence from hardware and operating system.
Disk are to be readable for many decades. Standard File System
readable after moving the Disks to another computer, different
hardware, perhaps with different OS.

I was thinking on doing it with FreeBSD and ZFS. I find the last
interesting because: (a) it make checksums and corrections if
a checksum in a disk is wrong (using the other disk in the array),
(b) many OS are implementing it. But I find horrible how
resource hungry it is.

Do you have an idea?

I do preffer OpenBSD, but is there an appropriate file system
for archiving?

I thank for any suggestion
Rodrigo.



Hello,

I have my private file server using OpenBSD. That's not the best system 
for that but it works.
If you are comfortable with and you don't need extra speed, that will be 
ok.


For data integrity, you may use sysutils/bitrot to check for data 
integrity (bit rot).

With OpenBSD, you won't get snapshots, on-the-fly compression etc...

Don't forget backups, that the most important thing for your file server 
:-)


Regards

Re: OpenBSD's HTTPD - I can't figure out how to disable the chroot

[Solène Rapenne]

Le 2017-02-13 00:03, tec...@protonmail.com a écrit :

Hello,

I have a special use case for the HTTPD server, I would like to
disable the chroot but can't seem to get it working correctly. Within
httpd.conf, I have tried to set:

chroot "/" ## Instead of default which is: /var/www


root "/var/www/htdocs/web"
#root "/htdocs/web" # Disabled

location "/" {
directory {
index "index.html"
}
}



But I can't access my page until I put it back to normal (uncomment
the # lines and remove the new ones)


Any help would be greatly appreciated. Thanks


hello
the following works for me on -current

chroot "/"
logdir "/var/www/logs/"

server "*" {
listen on * port 8080
root "/var/www/htdocs/"

location "/solene/" {
directory auto index
}
}

Re: Any network simulators to test openbgpd?

[Solène Rapenne]

Le 2017-02-12 20:25, Karthik Veeragoni a écrit :

Hi all,

I'm looking for any freely available or commercial network simulators 
or

emulators
to test Openbgpd by using any of them.

And I would also like to know on what other poplar platforms/operating
systems, openbgpd is being used in the current market or can be used.

As per the following thread:
https://www.inex.ie/pipermail/ixpmanager/2015-April/000496.html , it is
said the implementing openbgpd on Freebsd is not so secure. What is the
current status of using openbgpd on Freebsd?

Any suggestions are welcome.


Thanks & Regards,
Karthik V


Hello,
you can join dn42 network https://dn42.net/Home

Re: SSHowDowN

[Solène Rapenne]

Le 2016-10-18 10:35, Peter Janos a écrit :

shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Thanks.


from sshd_config(5)

 AllowTcpForwarding
 Specifies whether TCP forwarding is permitted.  The 
available
 options are yes (the default) or all to allow TCP 
forwarding, no
 to prevent all TCP forwarding, local to allow local (from 
the
 perspective of ssh(1)) forwarding only or remote to allow 
remote
 forwarding only.  Note that disabling TCP forwarding does 
not
 improve security unless users are also denied shell access, 
as

 they can always install their own forwarders.

Re: What is the opinion of Theo de Raadt about translation tools?

[Solène Rapenne]

Le 2016-10-13 20:16, SOUL_OF_ROOT 55 a écrit :

PC-BSD still uses Pootle? https://forums.freebsd.org/threads/44595/

Pootle translates well or sometimes translates incorrect?

Pootle translates better than Google Translator?

I uses Google Translator, but if is true that Pootle translates better 
than

Google Translator, I will try use Pootle. [image: Wink]

What is the opinion of Theo de Raadt about translation tools?

For example, about Pootle,  DocBook XML, Command-line tools like
*textproc/itstool*  might.


Hello,

I've been using Pottle on PC-BSD to help to translate. I don't see
how you can compare it to Google Translator as Pottle is just a tool
for people which do the translation.

I think that you should write Theo a mail if you want his opinion.


Regards

Re: tfdpd doesn't deliver pxeboot file

[Solène Rapenne]

Le 2016-09-28 12:45, Peer Janssen a écrit :

TFTP pxeboot requests:

12:15:45.064076 192.168.0.81.2070 > alix.fritz.box.tftp: 24 RRQ 
"pxeboot"

  : 4500 0034 0002  1411 24ea c0a8 0051  E..4..$Q
  0010: c0a8 002c 0816 0045 0020 f181 0001 7078  ...,...E. px
  0020: 6562 6f6f 7400 6f63 7465 7400 7473 697a  eboot.octet.tsiz
  0030: 6500 3000e.0.


The TFTP request from alix asks for a binary transfer


As a comparison, the reaction against the RRQ from the linux box:

12:38:12.807419 kubuntu-neu.fritz.box.36672 > alix.fritz.box.tftp: 19
RRQ "pxeboot" (DF)
  : 4500 002f eca9 4000 4011 cc78 c0a8 001f  E../..@.@..x
  0010: c0a8 002c 8f40 0045 001b 75b7 0001 7078  ...,.@.E..u...px
  0020: 6562 6f6f 7400 6e65 7461 7363 6969 00eboot.netascii.




The TFTP request from your linux box asks for an ascii transfer

There is a difference between the 2 tftp transfers that may explain your 
problem


Can you try the cli tftp and type "binary" before "get pxeboot" ?

like the following :

tftp 192.168.0.44
tftp> binary
tftp> get pxeboot

Re: tfdpd doesn't deliver pxeboot file

[Solène Rapenne]

Le 2016-09-28 11:05, Peer Janssen a écrit :

Am 28.09.2016 um 10:50 schrieb Solène Rapenne:

Le 2016-09-28 10:21, Peer Janssen a écrit :
The target system for an OpenBSD 6.0 install, an alix.2d13, is 
directly

connected to an alix.3x box serving dhcp and tftp.
alix.3x (Server):

# tftp localhost
tftp> get pxeboot
Received 81965 bytes in 0.1 seconds
tftp>



Can you try the LAN ip address instead of localhost ?
Maybe it's a firewall issue or tftp not listening on the lan interface




You may want to boot another computer with PXE to see if the problem is 
related to the alix board or a configuration problem maybe ?


From my little experience with PXE and your configs files, everything 
seems fine there for me.

Re: tfdpd doesn't deliver pxeboot file

[Solène Rapenne]

Le 2016-09-28 10:21, Peer Janssen a écrit :

The target system for an OpenBSD 6.0 install, an alix.2d13, is directly
connected to an alix.3x box serving dhcp and tftp.
alix.3x (Server):

# tftp localhost
tftp> get pxeboot
Received 81965 bytes in 0.1 seconds
tftp>



Hello,

Can you try the LAN ip address instead of localhost ?
Maybe it's a firewall issue or tftp not listening on the lan interface

regards

Re: Logging/backup .ksh_history

[Solène Rapenne]

Le 2016-08-08 08:39, johnw a écrit :

Hi, I use /bin/ksh as a console/terminal shell program, I want to
log/backup all command, run on console/terminal/ksh,

Any idea how to do this?

Thanks.


Hello,

you could try this tool https://github.com/a2o/snoopy, it seems to be 
exactly what you need. I don't know if it works on OpenBSD, I don't see 
why it wouldn't work. Maybe I could port it if some people find it a use


LOG example from their doc

2015-02-11T19:05:10+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 
tty:/dev/pts/2 cwd:/root filename:/usr/bin/cat]: cat /etc/fstab.BAK
2015-02-11T19:05:15+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 
tty:/dev/pts/2 cwd:/root filename:/usr/bin/rm]: rm -f /etc/fstab.BAK
2015-02-11T19:05:19+00:00 labrat-1 snoopy[896]: [uid:0 sid:11679 
tty:/dev/pts/2 cwd:/root filename:/usr/bin/tail]: tail -f 
/var/log/messages

Re: T450s doesn't resume after suspend

[Solène Rapenne]

Le 2016-08-05 10:10, Marc Peters a écrit :

Hi,

i have a T450s which doesn't resume after suspended. When i close the
lid, the laptop suspends correctly but doesn't resume at all. Opening
the lid or pressing the button doesn't bring it back. I have to reset 
it.


An acpidump is available at 
http://www.mpeters.org/T450s_acpidump.tar.gz


Anything else needed?


Marc



Hello, you should use sendbug(1) as root for this, and this will send 
the mail to b...@openbsd.org

Re: resolv.conf with dhcp when upgrading with bsd.rd

[Solène Rapenne]

Le 2016-08-01 14:57, j...@wxcvbn.org a écrit :

Solène RAPENNE <sol...@perso.pw> writes:


Hello,

Using -current with unbound as a local dns resolver. dhclient.conf is
set to supersede the dhcp nameserver to use my unbound server

/etc/dhclient.conf
send host-name "solene";
supersede domain-name-servers 127.0.0.1;

When upgrading with bsd.rd, dhclient will use this dhclient.conf with
unbound stopped, the system won't resolve names and won't download
packages through http.

How can I use dhcp and keep 127.0.0.1 as domain name server except if
I'm using bsd.rd ?


Not a direct response to your question, but what I do is use "prepend"
instead of "supersede".


If it's not possible or too complicated, is there a better way than
downloading the packages in the same time I download bsd.rd and not 
use

network during the upgrade ?


Regards



Hello,

I think I'll go to this solution, with a timeout set to a few seconds so 
it doesn't hang too long if it has no result.


regards

Re: resolv.conf with dhcp when upgrading with bsd.rd

[Solène Rapenne]

Le 2016-08-03 22:11, Ossi Herrala a écrit :

On Mon, Aug 01, 2016 at 02:14:27PM +0200, Solène RAPENNE wrote:


When upgrading with bsd.rd, dhclient will use this dhclient.conf with
unbound stopped, the system won't resolve names and won't download 
packages

through http.

How can I use dhcp and keep 127.0.0.1 as domain name server except if 
I'm

using bsd.rd ?



^Z out from the installer (or use the shell before entering upgrade)
then

echo "nameserver 8.8.8.8" >>/etc/resolv.conf

and fg back to installer. Substitute 8.8.8.8 with your preferred DNS.


Good idea, but it would be even better to use > instead of >> because 
it's a temporary /etc/resolv.conf.


I didn't think about ^Z, I dropped to shell then re-run the installer 
but it rerun dhcp and the changes were overwrited.

resolv.conf with dhcp when upgrading with bsd.rd

[Solène RAPENNE]

Hello,

Using -current with unbound as a local dns resolver. dhclient.conf is 
set to supersede the dhcp nameserver to use my unbound server


/etc/dhclient.conf
send host-name "solene";
supersede domain-name-servers 127.0.0.1;

When upgrading with bsd.rd, dhclient will use this dhclient.conf with 
unbound stopped, the system won't resolve names and won't download 
packages through http.


How can I use dhcp and keep 127.0.0.1 as domain name server except if 
I'm using bsd.rd ?


If it's not possible or too complicated, is there a better way than 
downloading the packages in the same time I download bsd.rd and not use 
network during the upgrade ?



Regards

Re: httpd (+ relayd ?) URL redirection, anyone?

[Solène RAPENNE]

Le 2016-07-26 12:13, Miles Keaton a écrit :

Sorry to bother the list with this, but still stumped after two days.

Trying to switch from nginx to httpd, but there's just one thing left:

Having the webserver pass some URLs to another port:

# working nginx config:
http {
  server {
listen   80;
# serving static here
root /var/www/htdocs/test;
# but this URL is sent to Ruby rack server
location = /hello {
  proxy_pass http://127.0.0.1:3000;
}
  }
}

I'm assuming I need relayd to do this, but still stumped after two days 
of

reading and experimenting with man 5 relayd.conf.

Found this answer from Reyk from two years ago:
https://marc.info/?l=openbsd-misc=140508090726719=2
... but maybe the syntax has changed since then, since relayd gives a 
syntax

error for that example, and any variation of it I've tried.

Any suggestions?

Thanks in advance.


Hello,

from http.conf(5) there is no way to redirect to a http server with 
httpd.

It seems to only supports fastcgi with a socket.

Re: choosing OpenBSD for fileserver instead of FreeBSD + ZFS

[Solène]

Le 2016-07-20 13:52, Miles Keaton a écrit :
Got a fileserver with a few terabytes of important personal media, like 
all

old home movies, baby photos, etc.  Files that I want my family to have
access to when I die.

Really it's more of a file archive.  A backup.  Just rsync + ssh.  
Serving

it isn't the point.  Just preserving it forever.

(It's all unencrypted.  It's not that kind of private.  Private and 
offline

from the outside world, but public within the family.)

For years it's been on a Synology, Linux ext4 filesystem.  Now I'm 
making a

new clone of it (new PC) to be in a different location.

I assumed I'd use FreeBSD + ZFS because of ZFS's checksum features.  
But
really I love and prefer OpenBSD for everything else, and don't want 
any

other ZFS features : just that checksum.

So I figure if I use OpenBSD + softraid RAID 5 (across 4 disks) and 
then
write my own little shell script to track the MD5 (find . -type f -exec 
md5
{} \;) whenever I make changes, that should be enough to see if a file 
has

been changed due to disk corruption.

(Which makes me realize I don't know a damn thing about disk 
corruption,
only that it's happened a few times in the past.  The occasional JPG or 
MP3
from the late 90s that used to work but now doesn't, and 
who-knows-why.)


Before I embark on this direction for a fileserver, I thought I should
check with the smart people here on misc:

Any tips from anyone who's done something similar?

Or would anyone advise me against OpenBSD or this MD5 log approach for 
a

fileserver like this?

Thank you.


Hello,

I built a NAS with OpenBSD and I am using aide to track checksum 
changes, I have a tutorial on-going on about this but not finished yet, 
I will let you know when it's finish.


Quickly, with aide, create a database with modification time, checksum 
and size and when you do a check with aide, look at the files which has 
a different checksum and where modification time didn't change. This can 
be made with a one-liner awk command.


Also, make backup. Raid5 will prevent data loss when a disk fail, but if 
2 disks fails or if the filesystem get corrupted, you will lose your 
data. When you have multiple terabyte of data, if you use multiple disks 
that have been made at the same time, chances are that they can fail at 
the same time, also, rebuilding a few terabytes can takes time. Having 
backup with rsnapshot to keep track of a few days changes can be a good 
idea, or at least save very important data if you can't afford saving 
everything (maybe the loss of the musics or videos files is acceptable 
?)

Re: [OT] Cloud storage accessible via sftp or rsync/ssh?

[Solène]

Le 2016-07-20 11:27, John Long a écrit :
Can anybody recommend a good cloud storage provider that has access via 
sftp
or rsync tunneled through ssh? Everything I have found seems targeted 
at

Windows, Linux, phones etc. with no platform-agnostic interface.

Thanks.

/jl


hello

ownCloud / NextCloud supports webdav

Re: How to turn off disk elevator

[Solène]

Le 2016-07-13 11:48, Christian Rößner a écrit :

Hi,

I am relatively new to OpenBSD. I have installed my first virtualized 
KVM
guest and I look for a way to completely turn off the disk elevator, as 
the
guest is running on a server that uses Gentoo Linux as OS on the 
physical

server (having a HP SmartArray RAID controller).

There is no need for the gust to do disk scheduling. On Linux I used to 
set it

to NOOP scheduler.

I searched the archives and Google, but could not find information.

Thanks in advance

Christian


Hello, you should use virtio drivers for the disk in KVM.

rcs(1) and -I parameter

[Solène RAPENNE]

Hello,

I am not familiar with rcs(1), from the man page I found parameter "-I 
Interactive mode."
and rcs usage displays "usage: rcs [-IiLqTUV] [...]"

When I type "rcs -I" I get

rcs: unknown option -I

Does the parameter -I really exists ?

Re: Installing NextCloud under OpenBSD 5.9

[Solène RAPENNE]

C. L. Martinez writes:
> Hi all,
>
>  I am trying to install NextCloud under an OpenBSD 5.9 host using OpenBSD's 
> httpd. But I am not sure that Nextcloud can work with OpenBSD's httpd.
>
>  First of all, rewrite rules like these:
>
>  Can be backported to OpenBSD's httpd? I am thinking to install apache on the 
> same host, configure NextCloud on it, and redirect requests from OpenBSD's 
> httpd to apache (listening on localhost only).
>
>  What do you think?
>
> Thanks.

Hello,

you could check how it's done for owncloud as the rewrite rules should
be the same.

Compilation success only with clang++

[Solène Rapenne]

Hello,

I would like to make a port for the game bastet 
https://github.com/fph/bastet


Actually, I encounter a problem when compiling the sources. On 5.9 amd64 
it fails with g++/eg++ and compiles fine with clang++.


I don't understand the failures. With g++ it seems assembly related and 
with eg++ it seems related to a problem with boost library which is 
installed from packages.


If you have any hints about those errors I would be happy to read you.

-
Output of the differents C++ compilers :

solene@cbc:~/dev/bastet% make clean && make CXX=g++
rm -f Ui.o Block.o Well.o BlockPosition.o Config.o BlockChooser.o 
BastetBlockChooser.o Test.o main.o bastet

g++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Ui.cpp
g++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Block.cpp
{standard input}: Assembler messages:
{standard input}:73: Error: junk `(%rip)' after expression
{standard input}:108: Error: junk `(%rip)' after expression
{standard input}:141: Error: junk `(%rip)' after expression
{standard input}:174: Error: junk `(%rip)' after expression
{standard input}:207: Error: junk `(%rip)' after expression
{standard input}:240: Error: junk `(%rip)' after expression
{standard input}:273: Error: junk `(%rip)' after expression
*** Error 1 in /home/solene/dev/bastet (:124 'Block.o')


solene@cbc:~/dev/bastet% make clean && make CXX=eg++
rm -f Ui.o Block.o Well.o BlockPosition.o Config.o BlockChooser.o 
BastetBlockChooser.o Test.o main.o bastet

eg++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Ui.cpp
In file included from 
/usr/local/include/boost/tr1/tr1/unordered_set:9:0,

 from BastetBlockChooser.hpp:26,
 from Ui.cpp:22:
/usr/local/include/boost/tr1/detail/config_all.hpp:158:26: fatal error: 
utility: No such file or directory

 #  include_next 
  ^
compilation terminated.
*** Error 1 in /home/solene/dev/bastet (:124 'Ui.o')


solene@cbc:~/dev/bastet% make clean && make CXX=clang++
rm -f Ui.o Block.o Well.o BlockPosition.o Config.o BlockChooser.o 
BastetBlockChooser.o Test.o main.o bastet

clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Ui.cpp
clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Block.cpp
clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Well.cpp
clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c 
BlockPosition.cpp

clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Config.cpp
clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c 
BlockChooser.cpp
clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c 
BastetBlockChooser.cpp

clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c main.cpp
clang++ -ggdb -o bastet Ui.o Block.o Well.o BlockPosition.o Config.o 
BlockChooser.o BastetBlockChooser.o main.o  -lncurses 
-lboost_program_options -L/usr/local/lib
BlockChooser.o: In function 
`Bastet::RandomBlockChooser::GetStartingQueue()':
BlockChooser.cpp:(.text+0xa4): warning: warning: random() may return 
deterministic values, is that what you want?

clang++ -O2 -pipe  -DNDEBUG -Wall -I/usr/local/include  -c Test.cpp
clang++ -ggdb -o Test Ui.o Block.o Well.o BlockPosition.o Config.o 
BlockChooser.o BastetBlockChooser.o Test.o  -lncurses 
-lboost_program_options -L/usr/local/lib
BlockChooser.o: In function 
`Bastet::RandomBlockChooser::GetStartingQueue()':
BlockChooser.cpp:(.text+0xa4): warning: warning: random() may return 
deterministic values, is that what you want?

Re: Performance of Firefox and Chromium

[Solène Rapenne]

Le 2016-04-30 14:23, Alan Corey a écrit :

Re: Performance of Firefox and Chromium

Several seconds?  Oh my.  Try 20 minutes or more on some of the most
bloated sites, with lots of reloads and watching iftop to see when
they're stuck like on my connection.  But thanks for the tip on
Noscript, I'm trying it out.


In Firefox I also use FlashStopper to stop videos in html5 to autoplay 
which is 1) boring and 2) resources consuming.

Re: 5.9 discs in the wild. Europe/Germany

[Solène Rapenne]

Received in France today !

Thanks you for all of this ! :)

Re: jabber client with conference history saving

[Solène Rapenne]

Le 2016-04-17 21:42, Joseph Oficre a écrit :

Hello, @misc.
Can someone give me an advice about xmpp client on OpenBSD, Im using 
Psi

for now, but it doesnt save messages history properly (errors only).
So i want to try another one.
Doesnt matter if console or gui, just with chatroom/private chats 
history

saving ability.

OpenBSD-current.


Hello,

I am using emacs with jabber.el as xmpp client and it works pretty well.
You can configure it to log history of chats and groupchats as explained 
here : 
http://emacs-jabber.sourceforge.net/manual-0.8.0/Message-history.html#Message-history


Kind regards

Re: Need help to install OpenBSD 5.9 macppc via pxe

[Solène Rapenne]

Try tcpdumping the connection and see why it thinks the file doesn't 
exist.


It might be the / try does:
 boot enet:, ofwboot bsd.rd
change the behaviour?

hth

Fred



It boot correctly after changing the following line in dhcpd.conf

option root-path "192.168.1.5:/usr/local/www/thttpd";

to

option root-path "/usr/local/www/thttpd";


Thanks for your help :)

Kind regards

Re: Need help to install OpenBSD 5.9 macppc via pxe

[Solène Rapenne]

Le 2016-04-08 00:55, Fred a écrit :

On 04/07/16 13:09, Solène Rapenne wrote:

Hello,

my dhcpd.conf (isc-dhcpd) :

allow booting;
allow bootp;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.20 192.168.1.50;
  option broadcast-address 192.168.1.255;
}

host macmini {
  next-server 192.168.1.5;
  option subnet-mask 255.255.255.0;
  option routers 192.168.1.5;
  option root-path "192.168.1.5:/usr/local/www/thttpd";
  fixed-address 192.168.1.22;
  hardware ethernet 00:14:51:1f:52:70;
}


Kind regards



Try tcpdumping the connection and see why it thinks the file doesn't 
exist.


It might be the / try does:
 boot enet:, ofwboot bsd.rd
change the behaviour?

hth

Fred


Hello Fred,

I tried bsd.rd instead of /bsd.rd and no more success. With wireshark I 
found that it was the protocol MOUNT that was failing with a ERR_NOENT 
reply from my NFS server. I started mountd in foreground and I get this 
output :


mountd: getting export list
mountd: reading exports from /etc/exports
mountd: got line /usr/local/www/thttpd/ -alldirs -ro -mapall=nobody 
-network 192.168.1.0/24

mountd: making new ep fs=0xbf62e9a4,0x4e951dde
mountd: doing opt -alldirs -ro -mapall=nobody -network 192.168.1.0/24
mountd: doing opt -ro -mapall=nobody -network 192.168.1.0/24
mountd: doing opt -mapall=nobody -network 192.168.1.0/24
mountd: doing opt -network 192.168.1.0/24
setting OP_MASKLEN
get_net: v4 addr 192.168.1.0
mountd: getting mount list
mountd: here we go
mountd: stat failed on /usr/local/www/thttpd/192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:
mountd: stat failed on /192.168.1.5:


It seems that the client wants to mount 192.168.1.5:/192.168.1.5 if I 
understand. This is not what I want and I don't understand this 
behavior.

Need help to install OpenBSD 5.9 macppc via pxe

[Solène Rapenne]

Hello,

I am trying to install OpenBSD 5.9 on an old mac mini (which actually 
runs FreeBSD and was using OpenBSD before). So, I choosed the network 
way for installation and followed the installation instructions. I get 
an error when loading /bsd.rd (picture at the end)


I have my dhcp/tftp/nfs server with address 192.168.1.5 (running 
freebsd), files for 5.9 are under /usr/local/www/thttpd/


-rw-r--r--  1 root  wheel  1552 Feb 26 14:59 SHA256
-rw-r--r--  1 root  wheel  1715 Feb 26 14:59 SHA256.sig
-rw-r--r--  1 root  wheel  53657599 Feb 26 11:52 base59.tgz
-rw-r--r--  1 root  wheel184634 Feb 26 11:17 boot.mac
-rw-r--r--  1 root  wheel   7787638 Apr  7 12:48 bsd
-rw-r--r--  1 root  wheel   7807488 Apr  7 12:49 bsd.mp
-rw-r--r--  1 root  wheel   8549933 Apr  7 11:28 bsd.rd
-rw-r--r--  1 root  wheel  6917 Feb 26 11:17 bsd.tbxi
-rw-r--r--  1 root  wheel  54197476 Feb 26 11:53 comp59.tgz
-rw-r--r--  1 root  wheel   2812954 Feb 26 11:53 game59.tgz
-rw-r--r--  1 root  wheel   8991150 Feb 26 11:53 man59.tgz
-rw-r--r--  1 root  wheel 64800 Feb 26 11:17 ofwboot
-rw-r--r--  1 root  wheel  23869487 Feb 26 14:53 xbase59.tgz
-rw-r--r--  1 root  wheel  40014023 Feb 26 14:53 xfont59.tgz
-rw-r--r--  1 root  wheel  17159113 Feb 26 14:54 xserv59.tgz
-rw-r--r--  1 root  wheel   4528018 Feb 26 14:54 xshare59.tgz

my /etc/exports :
/usr/local/www/thttpd/ -alldirs -ro -mapall=nobody -network 
192.168.1.0/24



my dhcpd.conf (isc-dhcpd) :

allow booting;
allow bootp;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
 range 192.168.1.20 192.168.1.50;
 option broadcast-address 192.168.1.255;
}

host macmini {
 next-server 192.168.1.5;
 option subnet-mask 255.255.255.0;
 option routers 192.168.1.5;
 option root-path "192.168.1.5:/usr/local/www/thttpd";
 fixed-address 192.168.1.22;
 hardware ethernet 00:14:51:1f:52:70;
}



I can mount the nfs from the freebsd of the mac mini and get files, so 
the NFS is fine. The PXE is fine as it load ofwboot. The DHCP is fine 
too as it get an IP.


But it can't find /bsd.rd which is at the root of the nfs export. What 
is wrong with my setup ?


Picture of the boot in the open firmware 
http://i.zcraft.fr/960991460029255.jpg


Kind regards

ports(7) has a 404 link

[Solène Rapenne]

Hi

Dead link in ports(7)


Index: ports.7
===
RCS file: /cvs/src/share/man/man7/ports.7,v
retrieving revision 1.106
diff -u -p -r1.106 ports.7
--- ports.7 24 Nov 2015 21:27:03 -  1.106
+++ ports.7 6 Apr 2016 12:16:25 -
@@ -743,7 +743,7 @@ List of users and groups created by port
 The
 .Ox
 Ports System:
-.Lk http://www.openbsd.org/faq/ports/ports.html
+.Lk http://www.openbsd.org/faq/faq15.html
 .Pp
 The
 .Ox

Re: Mouse click problems with firefox and firefox-esr

[Solène Rapenne]

Le 2016-03-30 20:23, Nick a écrit :

Hello,

I have tried both firefox and firefox-esr in both OpenBSD 5.8 and 5.9
and can say that there are issues with the mouse not picking up 10-15%
of my clicks, sometimes having to click a good 3 times or more for it
to actually work correctly! When I select and drag text, it can
randomly un-select it as if I have let go of the mouse and clicked
elsewhere.. Just all sorts of stangeness. I never have a problem with
moving the mouse cursor though. To say it's a nuisance is a bit of an
understatement as I am now having to use chromium - which I detest,
being a keen avoider of any google pish.

For extra info, I am using XFCE.

Does anyone have this issue? What is going on?

Thanks


Hello,

I can't reproduce this issue on my systems and I have never seen 
something of this kind.


Do you experience problem with both left and right clicks ? Is it only 
on links ?

Can you try firefox in safe mode ? How do you start xfce ?

Instead of Chrome you can also use Xombrero while you figure out about 
your click problem.


Kind regards
Solène

Re: SIP Client

[Solène Rapenne]

Le 2016-03-07 23:28, Mihai Popescu a écrit :

pjsua - audio only, works fine
baresip - audio and video, works fine

Both are in ports, I was using them with iptel.org as free provider.


Thanks you, I installed baresip from packages and it was very easy to 
configure (easier than jitsi/ekiga/linphone) and works very well.

SIP Client

[Solène Rapenne]

Hello,

Is there a SIP client working on OpenBSD ?
I was using Jitsi or Ekiga but they don't seem working on OpenBSD.

Kind regards

Re: puppet and cross-platform password hashes

[Solène Rapenne]

Le 2016-02-05 08:33, Peter N. M. Hansteen a écrit :

I'm assuming I'm not the first to encounter this -

The interesting part is when we start introducing OpenBSD machines to
the mix, and
creating users with the password hashes from Linux or Solaris fails,
apparently because
the hashes are not bcrypt hashes.

I see two obvious solutions to this. Either


Hi, there may be a third option, using bcrypt for passwords on OpenBSD.
See man 5 login.conf, field localcipher

I never tried but it should do what you want.

Laptop Dell vostro 1500 hang after suspend/resume

[Solène Rapenne]

Hello,

I am using a Dell Vostro 1500, apmd is started with -A flag
and when I type "zzz" to enter in suspend mode everything
seems to works as expected.

But when I resume it, the screen stays black, the backlight
of the screen enables, the power LED show that it's no longer
in sleep mode and the HDD led doesn't show any activity.
The computer can't be pinged via network after resume (using
ethernet or wireless).

This is reproducible on 5.8 and current with my computer.


Here is the dmesg

OpenBSD 5.9-beta (GENERIC.MP) #1804: Fri Jan  8 23:49:58 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2120667136 (2022MB)
avail mem = 2052325376 (1957MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf7180 (45 entries)
bios0: vendor Dell Inc. version "A06" date 04/21/2008
bios0: Dell Inc. Vostro 1500
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG SLIC BOOT SSDT
acpi0: wakeup devices PCI0(S3) PCIE(S4) USB1(S0) USB2(S0) USB3(S0) 
USB4(S0) USB5(S0) EHC2(S0) EHCI(S0) AZAL(S3) RP01(S3) RP02(S3) RP03(S3) 
RP04(S3) RP05(S3) RP06(S3) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz, 966.09 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR

cpu0: 2MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz, 927.58 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR

cpu1: 2MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 3 (PCIE)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 11 (RP01)
acpiprt3 at acpi0: bus 12 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus 13 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS

acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 not present
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID_
acpivout0 at acpivideo1: LCD_
acpivideo2 at acpi0: VID2
cpu0: Enhanced SpeedStep 966 MHz: speeds: 1401, 1400, 1200, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel GM965 Host" rev 0x0c
inteldrm0 at pci0 dev 2 function 0 "Intel GM965 Video" rev 0x0c
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0: msi
inteldrm0: 1280x800
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel GM965 Video" rev 0x0c at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 
20
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 
21
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 
22

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x02: msi
azalia0: codecs: Sigmatel STAC9205X, Conexant/0x2c06, using Sigmatel 
STAC9205X

audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02: msi
pci1 at ppb0 bus 11
ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x02: msi
pci2 at ppb1 bus 12
bwi0 at pci2 dev 0 function 0 "Broadcom BCM4311" rev 0x01: apic 2 int 
17, address 00:1f:3a:0e:fd:9c

ppb2 at pci0 dev 28 function 3 "Intel 82801H PCIE" rev 0x02: msi
pci3 at ppb2 bus 13
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 
20
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 
21
uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x02: apic 2 int 
22
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 
20

usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 

Re: Full disk encryption and keyboard

[Solène Rapenne]

Le 2015-01-12 10:45, Jan Stary a écrit :
Am Sonntag, den 11.01.2015, 20:45 + schrieb 
etie...@magickarpet.org:


 Is there a way to have a different keymap in boot? Not that it's really
 necessary to type boot bsd.rd, but it would be much more efficient
 when typing a passphrase to decrypt a softraid partition to boot from.


How exactly would a different keymap be much more efficient?
How often do you type that softraid crypt password?



That can be important if you use characters like 'éàèçùß' in your 
password which are not on the default qwerty keymap.