Re: unbound signature expired
On 2024-03-18, Evan Sherwood wrote: >> Wild guess, your time is off. > > Huh, I think you're right. `date` shows me 7 hours ahead of my timezone. > > I restarted ntpd and I see no errors in /var/log/daemon, but the time is > still off. I should be 1200 PDT but it's showing me as 1900 PDT (not > UTC). > > What do I do to fix this? Pretty sure I had set my timezone to > America/Los_Angeles when I installed OpenBSD. ntpd will take ages to correct that much offset (it can set the clock _forwards_ more quickly to the time of a trusted server at startup, but not backwards). You can use rdate to jump the clock instead. -- Please keep replies on the mailing list.
Re: UKC> disable "smth"
On 2024-03-16, Nick Holland wrote: > IF you want to make changes to disk, use "config -ef" from > the booted system, then write your changes to disk. Then > you can either use config -ef to re-enable a device, or just > copy over an unmodified kernel. > > Be aware that altering the kernel binary will "break" the > Kernal Address Re-Linking (KARL). There are fixes for this, > HOWEVER, I'm not sure what your goals are here in tweaking > your kernel like this, but I'm guessing breaking KARL isn't > your biggest problem you are about to create for yourself. in the few cases where this does make sense: add to bsd.re-config(5) and run /usr/libexec/reorder_kernel by hand > This probably isn't something you want to be doing. yep. -- Please keep replies on the mailing list.
Re: mailman on OpenBSD - linking problem
On 2024-03-16, Odhiambo Washington wrote: > > On Sat, Mar 16, 2024 at 3:57=E2=80=AFPM Mark wr= > ote: > >> On Wed, Mar 13, 2024 at 5:44=E2=80=AFPM Odhiambo Washington il.com> >> wrote: >> >>> >>> This is why I suggested he should run Mailman3 from the word go. >>> >>> >>> >> It looks almost impossible to setup Mailman3 on OpenBSD. >> >> No, this is not working at all; >> https://xn--gckvb8fzb.com/mailman3-on-openbsd-71/ >> >> Any other tutorial I could try? >> >> Thank you. >> > > What exactly isn't working for you? Yes, this is a key thing when asking questions. Saying "No, this is not working at all" followed by a URL is not much help. Copy text from a terminal, showing _what commands you ran_ and _what you saw_. > The setup is actually pretty easy. mailman itself should be fairly easy to get installed in a venv, but mailman-web pulls in cryptography and that can be problematic sometimes. Trying to build that via pip isn't working at the moment in -current: error: failed to run custom build command for `openssl-sys v0.9.99` ... This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3), or LibreSSL 2.5 through 3.8.1, but a different version of OpenSSL was found. The build is now aborting due to this version mismatch. - so you'll probably have better luck by installing py3-cryptography from packages (when built in ports, openssl-sys is automatically patched to fix this problem), and when you create the venv, use --system-site-packages to allow the system package to be used. *However*, if you're doing this on a system which already has various python packages installed, using this may result in some conflicts with other software, so if you run into problems from that and can't uninstall the relevant package, you may need to use a fairly clean machine. (The ideal thing would be to get mailman updated to 3.x in ports, but looking at 'pip list' after installing mailman and mailman-web in a venv, there are 84 modules installed, getting on for 40 not in ports yet, and some of the others probably need updating - possibly with a ripple effect on other ports - so it's a lot of work; running in a venv with most things installed via pip is a saner option). -- Please keep replies on the mailing list.
Re: Unable to get ip6 address
On 2024-03-15, Hari wrote: > --MNLCWRX1LHJQ0WPDBV4OIGW5JIHZDB > Content-Type: text/plain; > charset=utf-8 > Content-Transfer-Encoding: quoted-printable > > I have uses mtw wifi firmware=2E > > I don't know what do you mean by multicast=2E I works perfectly fine with = > linux=2E If you don't want to provide enough information that might give clues to people who are trying to help (https://www.openbsd.org/report.html) then I suggest you run Linux on it. -- Please keep replies on the mailing list.
Re: Saving UKC> list output
On 2024-03-15, Nick Holland wrote: > um... your formatting is giving me Commodore VIC20(1) > flashbacks... There are way more than 22 chars in some of those lines :-)
Re: pf nat64 rule not matching
On 2024-03-15, Evan Sherwood wrote: > > Is there a way to configure this without hard-coding my IPv4 address? > I do not think my IPv4 address from my ISP is static, thus my original > interest in the ($wan:0) form. I don't think there is at present. There are no "only use v4" or "only use v6" addresses modifiers, and pf isn't figuring out for itself that it only makes sense to use addresses from the relevant family for af-to translation addresses (although it _does_ do this for nat-to). >> Regarding the other rules and tests, the ::1 rule is wrong, packets >> outgoing on the network won't have a ::1 address, try "!received-on >> any", and packets sourced from the router itself won't hit the af-to >> rule so tests need to be from another machine (and probably best use >> different DNS servers not doing dns64 on the router). > > Thanks for this follow-up. You're right that I was trying to only target > traffic that originated from the router itself with this rule. I had > figured out that the tests needed to be from another machine, though > that did take me a while. > > What are the reasons for doing dns64 on a different machine? Ah I meant that the router should not use the local unbound dns64 resolver for its own traffic - otherwise it won't be able to reach v4 hosts because there won't be anything to handle the translation. Either point it off-machine (ISP or public resolver) or run another local resolver for its own traffic. -- Please keep replies on the mailing list.
Re: Unable to get ip6 address
On 2024-03-15, Hari wrote: > > Well I read and tried to this as stated in faq=2E But it doesn't work, well= > ip6 does work if I trt ethernet but not with wifi=2E At least send a dmesg so readers have some idea of the hardware involved. One possible problem: IPv6 requires multicast for address resolution which might not be working properly.
Re: pf nat64 rule not matching
On 2024-03-15, Tobias Fiebig via misc wrote: > > Moin, >> # perform nat64 (NOT WORKING) >> pass in to 64:ff9b::/96 af-to inet from ($wan:0) > > Can you try if the same happens with a more specific rule (for > testing)? > > i.e.: > > pass in on igc3 inet6 from "put actual v6 prefix here" to 64:ff9b::/96 > af-to inet from "actual IP on igc0"/32 "actual IP on igc0" is a good idea. If I try a similar rule without () using an interface with v4+v6 addresses, pfctl rejects it due to af mismatch. > I am suspecting that the missing inet6 may lead to some confusion. > Alternatively, remove the block rules; URPF may be an issue here, if > you lack a route for the /96. "match log(matches)" and "tcpdump -neipflog0" is your friend for figuring out which rules are used. I suspect the urpf too. Regarding the other rules and tests, the ::1 rule is wrong, packets outgoing on the network won't have a ::1 address, try "!received-on any", and packets sourced from the router itself won't hit the af-to rule so tests need to be from another machine (and probably best use different DNS servers not doing dns64 on the router).
Re: 'xset' not authorized
On 2024-03-13, ofthecentury wrote: > After poking around, it turns out you just need to > add an environmental variable XAUTHORITY in XFCE terminal. > 'export XAUTHORITY=$HOME/.Xauthority' > Add it to $HOME/.xsession to make it permanent. That's the default and you shouldn't need to set it explicitly unless you've set $HOME to something strange.
Re: How to use randon outgoing network aliases?
On 2024-03-12, Joel Carnat wrote: > Hi, > > I have a server with a single NIC but several IPs configured: > # cat /etc/hostname.vio0 > inet 192.0.2.10 255.255.255.0 > inet alias 192.0.2.11 255.255.255.0 > inet alias 192.0.2.12 255.255.255.0 > > The default gateway is set to 192.0.2.1 in /etc/mygate. > > I would like outgoing network traffic to randomely appear coming from > any of those IPs. Can be done with PF nat-to: either one rule with an address pool, or multiple rules with probabilities (e.g. for three: 33%, 50%, plus one with no probability to catch the rest).
Re: files are going missing
On 2024-03-11, beecdadd...@danwin1210.de wrote: >> Did you perhaps download these files to somewhere under /tmp or /var/tmp >> or somewwhere else volatile like a memory file system and then reboot >> before trying to access those downloads? > > didn't reboot, and I didn't mention but other files both from yt-dlp and > the folder structure of torrenting are there, and yt-dlp said that video > and other files are downloaded Is it in /tmp though? As well as most files being cleared at boot, old files are cleared daily.
Re: 'xset' not authorized
On 2024-03-09, ofthecentury wrote: > For the droves who have/will have the same question: > You can disable DPMS by tweaking the Xorg config > out. First, get the monitor identifier from your > /var/log/Xorg.0.log. Then, add a dpms.conf file to > /usr/X11R6/share/X11/xorg.conf.d/ with this: > Section "Monitor" > Identifier "LVDS0" [insert your monitor identifier] > Option "DPMS" "false" > EndSection > Kill xenodm and launch xenodm again. > Confirm by running 'xset q' that DPMS is disabled. > Laptop screen will not shut off on you again. "xset -dpms" and "xset s off" work fine for me..
Re: dmesg hangs 7.4
Can you get dmesg out by another means (most likely, write to a usb stick)? Any difference if you install a snapshot? Anything special with the network setup? Anything odd in dmesg on the box you're ssh'ing *from*? On 2024-03-09, Laura Smith wrote: > Hi > > I've got a fresh install of 7.4 on a new box and am seeing a very weird > problem. > > If I enter "dmesg" I get a few lines of output and then it hangs and my ssh > connection gets dropped. I ran syspatch, rebooted and the problem persists. > > Example: > > # dmesg > MX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu19: 32KB 64b/line 8-way D-cache, 64KB 64b/line 8-way I-cache, 2MB 64b/line > 16-way L2 cache, 30MB 64b/line 12-way L3 cache > cpu19: smt 0, core 35, package 0 > cpu20 at mainbus0: apid 72 (application processor) > cpu20: 12th Gen Intel(R) Core(TM) i9-12900TE, 3392.18 MHz, 06-97-02, patch > 0025 > Timeout, server 10.1.2.3 not responding. > > -- Please keep replies on the mailing list.
Re: Cannot add gd
On 2024-03-09, Sebastien Marie wrote: > Amarendra Godbole writes: > >> I ran into this error today, while adding package gd on amd64 7.4 release... >> >> # pkg_add gd >> quirks-6.160 signed on 2024-03-06T19:04:54Z >> Can't install gd-2.3.3 because of libraries >> |library fontconfig.13.1 not found >> | not found anywhere >> |library freetype.30.3 not found >> | not found anywhere >> Direct dependencies for gd-2.3.3 resolve to tiff-4.5.1 png-1.6.39 >> libwebp-1.3.1pl0 jpeg-2.1.5.1v0 libiconv-1.17 >> Full dependency tree is tiff-4.5.1 xz-5.4.4 png-1.6.39 libiconv-1.17 >> jpeg-2.1.5.1v0 zstd-1.5.5 giflib-5.2.1 libwebp-1.3.1pl0 lz4-1.9.4 >> Couldn't install gd-2.3.3 >> # >> >> This worked a week ago when installing on a similar setup, though I am >> not sure what has changed. The fontconfig and freetype requirement >> seems not listed in the subsequent direct and full dependency tree. Am >> I missing something obvious? > > did you installed xbase74 set ? I bet this is the problem. See https://www.openbsd.org/faq/faq15.html#PkgInstall: "Sometimes you may encounter an error like the one in the following example" ... #1 under "There are several things to check"
Re: browser titlebar doesn't support emoji
On 2024-03-08, Dan wrote: > Tested in 7.4 Xfce, Firefox and Badwolf titlebar don't support emojicon > (tested: flags) like from the picture attached. > --MP_/lkiChjrXvBrR91ZQdbF+m=B > Content-Type: image/png > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; filename=browser_title.png > > iVBORw0KGgoNSUhEUgAAA6UAAADHCAYAAADh9fWKBmJLR0QA8wDzAPNl4f/dCXBI > WXMAAAsTAAALEwEAmpwYAAAgAElEQVR42uy9d5wlR3k2+lRVd58zs5N3drRJmxVXWm0SylhIKAEK > ljDI3M82QnwftsDGYGyS74clEw3X2CALAx/YxvbFNr4KRgYMAiusclokbZI2andmNk2O53RX1f2j > +q1T3edM2N1ZoVDP/ua3M+d0qFzv86ZiZzZdpRljYIxBKQUACMMQAKC1zvxIKcEYA+ccLrTWUEpB > CGG/M/eg6jr6n55F92itIYSwZaB3ArDfu5/RvQCglIKUMnM95xyMscw90ACQLTvVnX53y0nP1lo7 > 18C+V2sNqTQ4Z2CMIykLgHEACZRSYMyUBUym1ysopQEGcMEAaCil7XVuOyRJAimlrQeVn9VoS6qn > eae5IggCKAUIEUApiTiOEYZhVd/l+8ZtA3o23ZNvCw2YuqTlllLa/qN+pXGllMqMDbefqNz0DIKp > g0Icx4iiCEmSgHOOQlRAnMS2zlSmMAzBGEO5XLbjMQojSGXKRc+jdwRBkHkvlUMIUTX+qB5ascy4 > orrTvfTDOYfgAuOlcZxwwlyMjozg0OFDaGxsRLlcBuccQRBASpmZC/kxTm2WJIn9m66lz+h/mrel > UsnOYyor1QMA4ji2bUbf03dRGGF0bBQXXXQ+TjtjCf7h736AUikBIFGIiojjxLateab5n9qvrlgH > DV01Ht2xRX3mlkUIkVkLbHun19H7qO8457a96LMkSRBFEaSUmb6l8eeWhe5zxzjnHIyrmnNDSoko Please don't send image attachments to this mailing list. Most of the emoji fonts use PNG encoding which is not supported by OpenBSD's build of freetype (needs to be built with libpng, which is in ports - whereas libfreetype is in the xenocara tree, which cannot depend on things from ports).
Re: USB ethernet ure0 not working
On 2024-03-08, ofthecentury wrote: > I made a little progress. I made routing table show now by > setting re0 interface to down. It seems like everything is > set up now to work, but I'm getting no internet connectivity. > Here's the pastebin of dmesg/ifconfig/routes: > https://pastebin.com/imXdfPqC When people ask for a dmesg, they mean a complete dmesg. And pastebin is more for things like IRC - better to include the actual things directly in email, it's less annoying for readers. > When I unplug the USB dongle, plug ethernet cable into > re0 and set re0 to up, internet connectivity is there. So, > why is the ure0 not working? You have the same address range on re0 and ure0, and a default route pointing out of re0. > A separate question: why is ure0 interface not added to the > egress group when the USB dongle is plugged in? I had to > manually add it to egress because my pf firewall is configured > to filter egress. Maybe there's an issue there somehow? Interfaces automatically have the 'egress' group applied if there's a default route pointing out of them. There's no default route pointing out of ure0 so that's why. -- Please keep replies on the mailing list.
Re: "FollowSymLinks" equivalent in httpd?
On 2024-03-08, James Cook wrote: > On Fri, Mar 08, 2024 at 04:28:52PM +0300, Mark wrote: >> Greetings. >> >> Trying to figure out the mailman configuration on OpenBSD. >> >> What is the equivalent of the following server block in httpd? >> >> " >> Options FollowSymLinks >> AllowOverride None >> " >> >> Does the httpd even support following symlinks? base httpd doesn't support _not_ following symlinks. > httpd follows symlinks for me. I just tried making a text file a.txt > in /var/www/htdocs, and making a symlink with ln -s b.txt a.txt, > and http://localhost/b.txt gets the content of a.txt. > > Keep in mind httpd by default runs chrooted to /var/www, so if you > want to use absolute paths you will need to leave out /var/www. For > example if you want c.txt to be a a symlink pointing to > /var/www/htdocs/a.txt you could run > > ln -s /htdocs/a.txt symlink_file_name.txt And, importantly (given the config snippet), /var/lib/mailman won't be accessible. -- Please keep replies on the mailing list.
Re: Found bug, prepared patch, sent to bugs and tech, no response.
You haven't done anything wrong, and the messages do show up. I think there are just not many people who know this area, and not many people running sasyncd to test your diff. On 2024-03-07, Rafał Ramocki wrote: > Hello, > > I've found bug on line between sasyncd and the kernel. I've investigated it, > found root cause and created a pach. I've posted bug report to [ > mailto:b...@openbsd.org | b...@openbsd.org ] with patch with my fix proposal. > Waited some time but not get any response. I've sent reminder - still > blackhole. Waited some time and sent similar information on [ > mailto:t...@openbsd.org | t...@openbsd.org ] . I'm waiting but still got no > response. Does anyone know is there something wrong with my correspondence > that make my messages invisible or maybe openbsd project does not have anyone > who could review my proposal and accept my patch or maybe there is some other > reason that I do not know a the moment? > > My report to bugs: [ https://marc.info/?l=openbsd-bugs=170834352721352=2 > | https://marc.info/?l=openbsd-bugs=170834352721352=2 ] > My report to tech: [ https://marc.info/?l=openbsd-tech=17089534351=2 > | https://marc.info/?l=openbsd-tech=17089534351=2 ] > > > Best regards > Rafal Ramocki > > -- Please keep replies on the mailing list.
Re: Stopped at smu7_powergate_uvd+0x23 Question
On 2024-03-06, Avon Robertson wrote: > 6. Serial Console Info, and OpenBSD 7.4 dmesg.boot > > Output has been captured via a serial console from the problem machine > from each of the installed snapshots on a subsequent cold boot. Each > set of captured information has shown that the machine has stopped at: > > smu7_powergate_uvd+0x23: movb%dh,0xdb9(%rax) > > Other captured information from each of the snapshots is almost > identical. Including boot messages from a problematic kernel + diff between that and the last working one + information about the crashes (at least: panic message or other messages when it stopped, trace, ps) would be helpful. > The following set of captured information is from the last snapshot > installed on the machine. It is followed by dmesg.boot from a > previously installed working 7.4 snapshot. > > The captured information plus the 7.4 snapshot are deliberately not > included in this post as this email would be > 83k bytes. An 83k email which includes the information necessary to tell what's going on is more useful than a shorter one which doesn't. > My question is: should I send everything to b...@openbsd.org? That's probably the best place to send it.
Re: Fwd: Disk encryption cipher
On 2024-03-06, ofthecentury wrote: > Who's this psycho Jan Stary telling people new to OpenBSD not to use > an appropriate public mailing list for legitimate questions? Sadly some list members are a bit intolerant of things which are perfectly valid topics for the list. > Stop poluting the list with your bullshit. > > On Mar 06 12:16:26, ofthecent...@gmail.com wrote: >> https://github.com/openbsd/src/blob/master/sys/dev/softraid.c >> Judging by the source code it's aes-512-xts now. So yes that's perfectly ok content for the list. >> Such hard. Very cipher. Hacking can't. NSA oh no. He does have a point here though.
Re: can't find PID
On 2024-03-05, Raul Miller wrote: > If you want to track which executable was running which pid at a > specific time, you need to put that information in a log, so you can > associate pid and time with the executable path. see accton(8), lastcomm(1) -- Please keep replies on the mailing list.
Re: crawling network with ix driver when routing trafic
On 2024-03-04, Pierre Peyronnel wrote: > On Mon, 4 Mar 2024 at 11:24, Claudio Jeker wrote: > >> >> Try to disable LRO on the ix(4) card: >> ifconfig ix0 -tcplro >> >> Also could you try -current (with and without tcplro). >> > > One sysupgrade -s later (see below), I can confirm that I have the same > behaviour > - slow with LRO > - fast without LRO > > Now I need a way back to -stable > Maybe when 7.5 is released ? You can edit /usr/sbin/sysupgrade - 121 if $RELEASE && [[ ${_KERNV[1]} == '-beta' ]]; then 122 NEXT_VERSION=${_KERNV[0]} 123 else 124 NEXT_VERSION=$(echo ${_KERNV[0]} + 0.1 | bc) 125 fi add NEXT_VERSION=7.5 after this, then you can run sysupgrade -r after release. Alternatively run bsd.rd from release (when available) by hand. (Maybe sysupgrade -f should work on versions which are detected as "release" instead though...)
Re: disklabel and df -h don't show same size
On 2024/03/03 13:06, beecdadd...@danwin1210.de wrote: > is there no way to know how many rounds a drive needs to be decrypted? if Easiest way is probably to modify the bootloader to print it (in libsa). You could also check a hexdump of the softraid header block but you'll need to figure out the layout. > so, then that's good security but want to know how many rounds my computer > would do, after the crypto has been created? > I find -v gives you rounds and probably default rounds if you don't do -r, > but I am too late to find out that now You can't tell for sure from running bioctl afterwards, if the cpu was throttled at the time the autodetect could have picked a lower number of rounds. Adjust it with bioctl -P with an explicit setting for -r if you want to be sure (this works on an existing softraid volume too).
Re: disklabel and df -h don't show same size
On 2024-03-03, beecdadd...@danwin1210.de wrote: > On Sun, March 3, 2024 12:07 pm, Otto Moerbeek wrote: >> On Sun, Mar 03, 2024 at 12:01:12PM -, beecdadd...@danwin1210.de >> wrote: >> >> >>> oh okay reserved for root? I ran those commands as root, or you mean >>> something else? I didn't know overhead was that big.. so this is okay, >>> then? thanks for very fast reply >> >> 3.5G meta data overhead is less than 1.5% of your partition. Not that >> high, I'd say. > > 235-223 is 8G, not 3.5G? 238.5-235 = 3.5G (overhead) 235-223 = 12G ~= 5% (reserved for root) >> You can change that 5% by using tunefs, or when doing newfs from the >> start). > > newfs from the start? I did newfs from the start? > https://www.openbsd.org/faq/faq14.html#softraidcrypto > is this not what you mean by newfs from the start? You can change the 5% by using the -m flag when you newfs, or by running tunefs on an existing filesystem (but it will need to be unmounted first). A fileystem has meta data overhead. That space is not avalailable for user files. Also, by default 5% of available space is reserved for root only. That fraction is represented in available space. See newfs(8). -- Please keep replies on the mailing list.
Re: Need advice on “tcp proxy”
On 2024-03-02, Kasak wrote: > Hello misc! There is a good manual on OpenBSD faq about redirection and > reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy > > I’m using nginx as tcp and udp proxy, but maybe there is another software, > more suitable for this task? > I need to redirect and reflect near 15 tcp ports and couple of udp. > I know I can do this with only pf, but I switched to nginx intentionally, > because this amount of ports made my pf config hard readable. As far as TCP goes, haproxy is possibly a bit better suited. It doesn't do UDP though (and unlikely to in a generic way, see https://github.com/haproxy/haproxy/issues/62). Depending on which UDP protocols are used there might be better alternatives though - for example if it's DNS then look at dnsdist. UDP proxying in most cases needs to be protocol-aware.
Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?
On 2024-02-28, Pontus Stenetorp wrote: > On Wed 28 Feb 2024, Stuart Henderson wrote: >> On 2024-02-28, Pontus Stenetorp wrote: >> > On Tue 27 Feb 2024, Stuart Henderson wrote: >> >> On 2024-02-27, Stuart Henderson wrote: >> >> > On 2024-02-27, Peter Kay wrote: >> >> >> >> >> >> Just been to upgrade a rather old system I keep OpenBSD on for fun all >> >> >> the way up from 6.9, and found bytemark no longer seem to be hosting >> >> >> any OpenBSD content. >> >> > >> >> > That's why they have been removed from the mirrors list since 2022. >> >> >> >> Oh hmm, seems I readded them as they had started working again, I'll drop >> >> them again. >> > >> > Since it has crossed my mind that scripting together some sort of "mirror >> > health" tool would be a fairly easy (yet probably valuable) contribution >> > to the community, is there currently anything akin to that in use by you >> > or others when maintaining the mirrors list? A few searches of mine turned >> > up empty, but it could equally well be that my search skills were lacking. >> >> No need for another tool, we have mirmon and mirrorcheck.sh. The problem >> is finding time to review results of checks, and making decisions >> about what to include in ftp.html (for parts of the world with low >> connectivity, a mirror which is slightly behind on snapshots can still >> be very useful). > > Firstly, thank you of course for all your efforts maintaining the list. > Agreed about usefulness being very much circumstancial and thank you for > pointing me in the directions of two tools I have overlooked. mirmon is of > course net/mirmon in ports, but I have failed to locate mirrorcheck.sh in > both ports and src (even with a grep -ir), as well as with a web search. > Where does it live? It's in the www tree.
Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?
On 2024-02-28, Pontus Stenetorp wrote: > On Tue 27 Feb 2024, Stuart Henderson wrote: >> On 2024-02-27, Stuart Henderson wrote: >> > On 2024-02-27, Peter Kay wrote: >> >> >> >> Just been to upgrade a rather old system I keep OpenBSD on for fun all >> >> the way up from 6.9, and found bytemark no longer seem to be hosting >> >> any OpenBSD content. >> > >> > That's why they have been removed from the mirrors list since 2022. >> >> Oh hmm, seems I readded them as they had started working again, I'll drop >> them again. > > Since it has crossed my mind that scripting together some sort of "mirror > health" tool would be a fairly easy (yet probably valuable) contribution to > the community, is there currently anything akin to that in use by you or > others when maintaining the mirrors list? A few searches of mine turned up > empty, but it could equally well be that my search skills were lacking. No need for another tool, we have mirmon and mirrorcheck.sh. The problem is finding time to review results of checks, and making decisions about what to include in ftp.html (for parts of the world with low connectivity, a mirror which is slightly behind on snapshots can still be very useful). -- Please keep replies on the mailing list.
Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?
On 2024-02-27, Kirill A Korinsky wrote: > On Tue, 27 Feb 2024 14:59:32 +0100, > Kenneth Gober wrote: >> >> Slightly off topic, but does anyone know of any archives that have >> packages for 3.0, 3.1, 3.2, and/or 3.3? Especially 3.0 -- the only >> site I've ever found with 3.0 packages may have been incomplete. >> > > https://mirror.leaseweb.com/pub/OpenBSD > > whcih also has rsync mirror BTW That depends where you are, it is a geo distributed DNS and they use different upstreams in different places, some fetch from ftp.eu (which has many old versions, though not 3.0-3.3), others from ftp3.usa (which doesn't).
Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?
On 2024-02-27, Stuart Henderson wrote: > On 2024-02-27, Peter Kay wrote: >> Just been to upgrade a rather old system I keep OpenBSD on for fun all >> the way up from 6.9, and found bytemark no longer seem to be hosting >> any OpenBSD content. > > That's why they have been removed from the mirrors list since 2022. Oh hmm, seems I readded them as they had started working again, I'll drop them again.
Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?
On 2024-02-27, Peter Kay wrote: > Just been to upgrade a rather old system I keep OpenBSD on for fun all > the way up from 6.9, and found bytemark no longer seem to be hosting > any OpenBSD content. That's why they have been removed from the mirrors list since 2022.
Re: snmpd and route changes
Not 100% sure but there's a chance that this will work how you expect in -current. https://github.com/openbsd/src/commit/029c661593e4bba8652393dbb912eaf3b5031eec On 2024-02-23, Marko Cupać wrote: > Hi, > > my OpenBSD firewall has static default route to the Internet over > external interface, and gets routes to internal subnets by means of > OSPF with Juniper switch over internal interface. > > Host on one of internal subnets queries snmpd listening on internal > interface of OpenBSD firewall. When OSPF on OpenBSD firewall is > up, requests arrive on internal interface, replies depart on internal > interface - expected working situation. > > When OSPF on OpenBSD firewall go down (rcctl stop ospfd), requests > still arrive on internal interface (switch has static default route > over OpenBSD firewall), but as firewall has no longer route to internal > subnet from which queries originate, it correctly tries to send replies > over default route (external interface), which intentionally get > blocked by pf. > > The problem is the fact that after OSPF on OpenBSD firewall comes up > (rcctl start ospfd), snmpd continues to send replies over default > route, not over more specific route learned over OSPF. Restarting snmpd > results in picking up new route correctly. > > I am not 100% sure, but I think the same happens with pflow exports to > the same host on internal subnet. It takes destroying pflow0 interface > and netstart-ing it for picking up new route correctly. > > Anyone else encountered this? Could this be a bug? Or should I > reconfigure something? > > PS: My setup is actually a bit more complicated (CARP pair, OSPF > depends on carp interface, aggregated interfaces etc. but that should > not affect the situation where snmpd sends traffic over default route > and external interface even though routing table has more specific > route over internal interface. I will gladly provide more details if > needed. > > snmpd.conf (redacted): > > listen on udp 10.66.66.253 read snmpv3 > seclevel auth > system contact "John Doe (john@example.org" > system description "OpenBSD" > system location "Somwhere" > system name "fw2.example.org" > user "example" authkey "thisisnotakey" auth hmac-sha1 > > hostname.pflow0 (redacted): > > flowsrc 10.66.66.253 flowdst 10.66.65.169:9996 > pflowproto 10 > > route to host's subnet when OSPF is up (redacted): > > netstat -rn | grep 10.66.65.0 > > 10.66.65.0/24 10.30.66.249 UG 0 957 -32 aggr0 > > route -n get 10.66.65.0/24 > >route to: 10.66.65.0 > destination: 10.66.65.0 >mask: 255.255.255.0 > gateway: 10.66.66.249 > interface: aggr0 > if address: 10.66.66.253 >priority: 32 (ospf) > flags: > use mtuexpire > 7126 0 0 > > ospfctl sh rib | grep 10.66.65.0 > > 10.66.65.0/24 10.66.66.249 Intra-Area Network 65536 20:32:27 > > ospfctl sh fib | grep 10.66.65.0 > > *O 32 10.66.65.0/24 10.66.66.249 > > dmesg: > > OpenBSD 7.4 (GENERIC.MP) #0: Sun Oct 22 12:13:42 MDT 2023 > > r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 17027289088 (16238MB) > avail mem = 16491503616 (15727MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x788c5000 (241 entries) > bios0: vendor HP version "P89" date 11/23/2021 > bios0: HP ProLiant DL360 Gen9 > efi0 at bios0: UEFI 2.4 > efi0: HP rev 0x25c00 > acpi0 at bios0: ACPI 5.0 > acpi0: sleep states S0 S5 > acpi0: tables DSDT FACP UEFI MCEJ SSDT HEST BERT ERST EINJ BGRT HPET PMCT > WDDT APIC MCFG SLIT SRAT SPMI RASF SPCR MSCT BDAT PCCT DMAR SSDT SSDT SSDT > acpi0: wakeup devices PEX4(S4) BR05(S4) BR03(S4) BR07(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz, 2597.06 MHz, 06-4f-01, patch > 0b40 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB > 64b/line 8-way L2 cache, 10MB 64b/line 20-way L3 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz,
Re: Automatic OS updates
Kernels with just "OpenBSD 7.5" will appear for some time before pub/OpenBSD/7.5/*/packages are available. -- Sent from a phone, apologies for poor formatting. On 21 February 2024 20:36:39 Kirill A. Korinsky wrote: On Wed, 21 Feb 2024 21:11:05 +0100, Stuart Henderson wrote: If you're using sysupgrade -s, you also want -Dsnap in pkg_add. After double check in man it seems not nessesary, let me quote: %c Expands to the string "snapshots" when running a -current or -beta kernel, or if the command line option -D snap | -D snapshot is specified. Otherwise, %c expands to %v, which selects a release version. -- wbr, Kirill
Re: Automatic OS updates
On 2024-02-21, b...@fea.st wrote: > FWIW if you guys want to yell at me for spreading bad ideas, > I've posted how to do automatic updates here: > > https://openbsd.pages.dev/auto-updates/ If you're using sysupgrade -s, you also want -Dsnap in pkg_add.
Re: certbot in cron - best way?
On 2024-02-20, Odhiambo Washington wrote: > This should work: > > 0 0,12 * * * /bin/sleep 1552 && rcctl stop httpd && certbot renew && > rcctl start httpd You might like to investigate ~ in crontab(5), e.g. "~ 0,12" and lose the "sleep". Wouldn't it be better to have certbot write files into a directory served by httpd so you don't need the "rcctl stop" though?
Re: Automatic OS updates
On 2024-02-20, obs...@loopw.com wrote: > > >> On Feb 20, 2024, at 2:31 AM, Thomas Schmidt >> wrote: >> >> OP did indeed mean `sysupgrade`, > > which makes little sense _unless_ on -current, which will guarantee to break > this every sixth months when -current shifts about. > >> but fwiw, `syspatch && reboot` reboots >> your system if a patch as applied. I got it in all of my servers' >> cronjobs. > > Most of the patches don’t require a reboot. Correct. Looking at the 7.4 patches, only 3 affect the kernel and definitely need a reboot to get applied: 002_msplit - requires reboot 008_vmm - requires reboot 009_pf - requires reboot Two where you don't really need to do anything other than apply the patch: 003_patch 004_ospfd (because, if you're affected by it, then things would be broken already) The rest don't actually need a reboot, but do need *some* things restarting if you're using them: 001_xserver 005_tmux 006_httpd 007_perl 010_xserver 011_ssh 012_xserver 013_unbound (Also: had there been fixes to libraries - libc, libssl, etc - they would be in this category too - you could figure out which long-running processes would need to be restarted and do that). However, considering the "*some* things need restarting" case, given what is available from syspatch, rebooting is the only reasonable way to automate making sure that anything needing a restart really is restarted. > This idea sounds horrible for uptime. Sorry. I’m not rebooting something > because a font was patched… There is a fairly high bar for a fix to get turned into a syspatch. Now, you might not be affected by every patched bug, and if you're updating manually then you can make that decision. But this thread is about automating, and the majority of syspatches do require processes to be restarted in order to take effect.
Re: Ignore some USB devices
On 2024-02-19, Kirill A Korinsky wrote: > On Mon, 19 Feb 2024 23:09:35 +0100, > Stuart Henderson wrote: >> >> > I read that as it is impossible to blacklist a device, right? >> >> Only by running a kernel where the driver's attach routine has been >> modified to skip attaching the device e.g. if it matches certain >> vendor/device id. OpenBSD doesn't have any other way to detach a USB >> driver from a device. >> > > As an alternative solution, is it possible to enforce ugen to specific > device by vendor and product IDs? > > I've tried: > > $ doas config -e -o /bsd.new /bsd > ukc> find ugen > 309 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 > product -1 release -1 flags 0x0 > ukc> find uaudio > 303 uaudio* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 > product -1 release -1 flags 0x0 > ukc> add ugen > Device not complete number or * is missing > ukc> add ugen* > Clone Device (DevNo, 'q' or '?') ? 309 > Insert before Device (DevNo, 'q' or '?') ? 303 > 303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 > product -1 release -1 flags 0x0 > ukc> change 303 > 303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 > product -1 release -1 flags 0x0 > change [n] y > port [-1] ? > configuration [-1] ? > interface [-1] ? > vendor [-1] ? 0x041e > product [-1] ? 0x3130 > release [-1] ? > flags [0] ? > 303 ugen* changed > 303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor 0x41e > product 0x3130 release -1 flags 0x0 > ukc> find ugen* > 303 ugen* at uhub*|uhub* disable port -1 configuration -1 interface -1 > vendor 0x41e product 0x3130 release -1 flags 0x0 > 310 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 > product -1 release -1 flags 0x0 > ukc> quit > Saving modified kernel. > > with no luck. > No - ugen acts as a fallback. If a USB device is claimed by another driver, ugen won't get a chance to attach to it. There is a common mechanism to recognise devices by vid/pid for special handling - sometimes to prevent attaching - sometimes for other adaptations which are needed. If you're interested, see sys/dev/usb/usb_quirks.c and look at how UQ_BAD_HID is used to knock out devices which would normally be claimed by uhid(4); you could use something similar to prevent e.g. uaudio from attaching to a certain device. However, it would require compiling the kernel to configure it.
Re: Ignore some USB devices
On 2024-02-19, Kirill A Korinsky wrote: > On Mon, 19 Feb 2024 22:32:18 +0100, > Jan Stary wrote: >> >> So get some normal headphones that plug into the laptop >> (without creating a new device) >> and simply connect the display when you want, >> or don't connect it when you don't. >> > > I read that as it is impossible to blacklist a device, right? Only by running a kernel where the driver's attach routine has been modified to skip attaching the device e.g. if it matches certain vendor/device id. OpenBSD doesn't have any other way to detach a USB driver from a device.
Re: sysupgrade fails firmware fetch
On 2024-02-18, Theo de Raadt wrote: > Kirill A. Korinsky wrote: > >> On Sat, 17 Feb 2024 22:27:52 +0100, >> Sonic wrote: >> > >> > Seems it's looking for a 7.5 directory (-current apparently just moved >> > to 7.5-beta) instead of the snapshot directory. >> > >> >> And using snapshot directory fails because wrong signature: >> >> ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots >> fw_update: failed. >> signify: verification failed: checked against wrong key >> Signature check of SHA256.sig failed >> ~ $ > > The heuristic in fw_update is weak. Every 6 months there is a chance > for someone to dig in and see if there is a better heuristic. It's not too bad as long as the person building firmware tgz gets a heads-up before the version number is updated.
Re: Out of memory error when build OpenBSD Base/LLVM
On 2024-02-17, Shivam Gupta wrote: > Hi All, > > I recently installed OpenBSD OS on my ASUS laptop quad core pentium with 4 > GB RAM and 1 TB HDD. > > I was following the guide to build the system from source. But in `make > build` step it gets a memory error when building LLVM. I tried other ways > like make -j1 changing some build configuration in llvm's CMakelists.txt > but nothing works. The CMakelists.txt files are not used in the OpenBSD src tree. > So I am seeking help if anything could be done here to complete the make > build on this ASUS laptop. > > I do have another better ASUS TUF F15 laptop but there is some issue in the > installation, kernel panic after I login in fresh install. So I am trying > on this old laptop. You may need to bump datasize values in login.conf for the class used by your login user. -- Please keep replies on the mailing list.
Re: Automatic OS updates
On 2024-02-15, b...@fea.st wrote: > So I was curious, am I the only one using automatic OS updates > in cron to keep the fish fresh and the bits dust free? > > I think I read somewhere that it's not recommended but I'm not > running a server so it seems like a good idea to me. > > /etc/crontab: > > # Example of job definition: > # . minute (0 - 59) > # | .- hour (0 - 23) > # | | .-- day of month (1 - 31) > # | | | .--- month (1 - 12) OR jan,feb,mar,apr ... > # | | | | . day of week (0 - 6) (Sunday=0 or 7) OR > sun,mon,tue,wed,thu,fri,sat > # | | | | | > # * * * * * user-name command to be executed > 0 3 * * * root sysupgrade You should read upgrade notes (faq/current.html for -current, faq/upgradeXX.html for releases) *before* upgrading. For -current you should really be aware of commits (read src-changes) so you can identify times which would be bad to update (often best to hold off for a few days after a major library bump or major perl version update in order that new packages are available). -- Please keep replies on the mailing list.
Re: DNS resolution when 1st nameserver does not know
On 2024-02-15, Rudolf Sykora wrote: > Josh Grosse wrote: >> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote: >> > my computer is connected to a LAN, from which it obtains its >> > IP and also local-DNS-server IP via DHCP. The latter is then >> > inserted into /etc/resolv.conf by, I believe, resolvd. The >> > computer is furthermore connected via wireguard VPN to >> > another network with its own DNS server, serving the local >> > IPs there. The DNS server in my LAN, of course, does not >> > know the (non-public) IPs in the remote network. However, as >> > it comes 1st in /etc/resolv.conf, the nameserver that comes >> > next (I manually added it to the file) --- and which would >> > know the answer --- is never asked. I can stop resolvd and >> > use the DNS server within the VPN for all the traffic. But >> > I'd still prefer to have most of the work done by the local >> > DNS server, and only if it doesn't know I would ask the >> > server in the VPN. Is there anything simple I can do? >> >> Take a look at unwind(8) and unwind.conf(5). > > > Ok. Creating /etc/unwind.conf with > > forwarder {X.X.X.X} > > where X.X.X.X is the IP address of the DNS server within the VPN, > and turning on unwind with > > ;rcctl enable unwind > ;rcctl start unwind > > does do something, in the sense that I get all the symbolic > names resolved. But can I tell what DNS server was asked for > the translation? --- so that I can check that it is the > local nameserver (as obtained from the local DHCP server) > that gets queried first and only when it does not know the > answer, unwind asks VPN DNS server (X.X.X.X above) for the > answer? you can't do "fallback if domain doesn't exist in the first resolver", but you can tell it to always use the forwarder for certain domains. as well as configuring the forwarder, use something like "preference autoconf" and "force forwarder {some.domain other.domain}". -- Please keep replies on the mailing list.
Re: Improve support of Go
On 2024-02-15, Kirill A Korinsky wrote: > Here my point: it is deprected, but still in use for some large applications > like Docker That is using syscall from golang.org/x/sys/unix, not from go itself. The vendored copy of x/sys/unix in docker-cli in the current ports tree defines EBADMSG for some arch but not others. The newer vendored copy in 25.0.3 defines it for all openbsd archs.
Re: CARP and VRRP compliance
On 2024-02-13, Samuel Jayden wrote: > From the information provided in the link, it appears that CARP and VRRP > protocols aren't inherently interoperable. They are different protocols - they *had* to be different because VRRP was subject to patents. And if carp was changed now, it wouldn't be interoperable with existing carp installations. > While Cisco may have attempted to address this by introducing a command > like "disable-loop-detection carp" in its Nexus 1000V virtual router > product, this solution unfortunately doesn't extend to standard router > hardware, rendering it ineffective in many scenarios. That's not about interop beteeen carp and vrrp speakers, it's about using carp (or vrrp or hsrp or similar) on a port attached to the 'virtual switch'. See 'Information About Redundant Routing Protocols' on https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/layer_2_switching/configuration/guide/n1000v_l2/n1000v_l2_7redundantroutingprot.html > Is it feasible to achieve CARP and VRRP interoperability through a > user-space application? No. They are different protocols. For what you want to do, running VRRP on the OpenBSD box might make some sense though. There are various existing userland implementations of VRRP that might be able to run on OpenBSD, probably with some work to port them - e.g. freevrrpd, frr-vrrpd, vrrpd. Nothing already in the ports tree (if someone wanted to try I'd suggest starting by looking at freevrrpd). -- Please keep replies on the mailing list.
Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node
On 2024-02-14, Willy Manga wrote: > I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one That's mostly not recommended, openntpd (in base) is generally a better idea for OpenBSD systems... > "ntpd[26862]: DNS lookup tempfail" ...though that looks like an openntpd message so you are probably running it anyway and just have an unused package installed. > This node is running with IPv6-only. > > Since I did not have IPv4, I initially only commented the constraint > with IPv4 . But it was not enough. > > > Then I realised that pool.ntp.org doesn't include a record. That is ntppool's decision. > I ended up by commenting the servers line and added several servers close > enough . > > I posted my question on github [1] and someone advised me to rely on > "2.openbsd.pool.ntp.org" > > Is it possible the default ntpd.conf file use something like > > "servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org > looking for IPv6 nodes? openbsd.pool.ntp.org won't help, that doesn't have records either. That DNS zone is nothing to do with OpenBSD - as with pool.ntp.org itself it is ntppool's decision whether they want to include . You need to use one of the "2." pool addresses, e.g. global: 2.pool.ntp.org regional: 2.africa.pool.ntp.org 2.asia.pool.ntp.org 2.europe.pool.ntp.org 2.north-america.pool.ntp.org 2.oceania.pool.ntp.org 2.south-america.pool.ntp.org "vendor": 2.openbsd.pool.ntp.org Also e.g. time.cloudflare.com lists both A and records. -- Please keep replies on the mailing list.
Re: Improve support of Go
On 2024/02/13 07:36, Theo de Raadt wrote: > Stuart Henderson wrote: > > > On 2024-02-13, Kirill A Korinsky wrote: > > > Good day, > > > > > > I'm updating go's syscall table to modern OpenBSD (7.4). > > > > Save your time. Post-7.4 you cannot call syscall() any more. > > The result seems to have nothing to do with syscalls. > > It is the same as the build process for kdump: It is finding cpp definitions > most of which are argument flags, but also a few structs in /usr/include, and > making them available at some level inside the go ecosystem. So if in go you > call a system call via the regular stub API, you may need those flags. you > may > also need them for some other higher-level function call? go doesn't pull > from /usr/include otherwise, does it? > > Oh, yes those are still needed then, I'd forgotten they were part of the same thing from last time I tried to get them updated ...
Re: Improve support of Go
On 2024-02-13, Kirill A Korinsky wrote: > Good day, > > I'm updating go's syscall table to modern OpenBSD (7.4). Save your time. Post-7.4 you cannot call syscall() any more. -- Please keep replies on the mailing list.
Re: Log files, OpenBSD and Zero click exploits
On 2024-02-13, Peter N. M. Hansteen wrote: > On Tue, Feb 13, 2024 at 08:29:59AM +, jonathon575 wrote: >> Kindly find below log entries generated from tcpdump of the pflog. The is a >> fresh install & updated openbsd 7.4, with bare-minimum installation >> configured for a firewall. There are no x* programs installed. >> >> Feb 11 18:09:41.682345 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0xdd6a56bc >> Feb 11 18:09:46.754493 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x963acc89 >> Feb 11 18:09:51.778525 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x93d9508d >> Feb 11 18:09:56.835383 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x112cf65b >> Feb 11 18:29:33.657009 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x639ed21a >> Feb 11 18:29:33.657454 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0xb2fcd9b8 >> Feb 11 18:29:33.658140 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x8ae84cca >> Feb 11 18:29:33.658808 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0xcbb881b7 >> Feb 11 18:29:33.659165 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x612a28f8 >> Feb 11 18:29:33.659416 rule 14/(match) block in on re0: 69.166.225.73.51820 >> > wan-ip.60360: [wg] initiation from 0x49f595ec >> >> wan-ip is my wan static ip address. >> >> What does [wg] means? What does "initiation from 0xdd6a56bc"...etc. means? > > These log entries mean that your system blocked attempts from 69.166.225.73 > access to whatever wan-ip is. > > Your system recognized the traffic as attempts to initiate a WireGuard (a > sort of vpn, see https://man.openbsd.org/wg > and links therein). The attempts were blocked. Sending wireguard packets at you doesn't seem very likely to be malicious, more likely wan-ip was previously used by someone for their wireguard connections and it was reassigned to you. > Some of the things you mention may require specialized tools, but please > invest some time in learning to > properly interpret the output of the basic tools first. accton(8) and the manpages referenced in accton's "SEE ALSO" might be one place to start reading to log what's been run on a system. aide (in packagea) might be useful for detecting changed files. -- Please keep replies on the mailing list.
Re: Installing shellinabox on OpenBSD
On 2024-02-12, Daniel Ouellet wrote: > Anyway in 2024 still not have a decent native ssh client on Window Except it does, a port of openssh.
Re: Second Redis instance?
On 2024-02-06, Louis Brauer wrote: >> Giving opportunity to use /usr/local/etc/redis-FOO.conf >> /usr/local/etc/redis-BAR.conf respectively, as separate instances. >> >> How can I do the same under OpenBSD 7.4? > > You could just copy the /etc/rc.d/redis file to /etc/rc.d/redis2 and modify > the daemon_flags settings in it to use a separate config file. > > Then > - rcctl enable redis2 > - rcctl start redis2 > > I just tried that and it seems to work. Not properly. See my reply. -- Please keep replies on the mailing list.
Re: Entry in the list of UNIX and OpenBSD providers
On 2024-02-06, Theobald, Gerd wrote: > we would be delighted to be included in your list of providers > https://www.openbsd.org/support.html#Germany as a professional training > provider for UNIX and OpenBSD, among others. Here follows the information in > the desired format. > U https://www.it-schulungen.com The OpenBSD course that I see when searching on the website (https://www.it-schulungen.com/seminare/serversysteme/unix/openbsd/openbsd-kompaktkurs.html) will need an update, systrace was removed in 2016.
Re: Second Redis instance?
On 2024-02-06, Mark wrote: > Hi. > > I've redis-6.2.13 installed and running. > > I need to run a second Redis instance with a different .conf file. > > For instance, under FreeBSD, this is as easy as adding in rc.conf file; > > redis_profiles="foo bar" > > Giving opportunity to use /usr/local/etc/redis-FOO.conf > /usr/local/etc/redis-BAR.conf respectively, as separate instances. > > How can I do the same under OpenBSD 7.4? > > Any help, ideas, tips & tricks would be appreciated, > Kindest regards. Unfortunately redis sets the process name in a way that doesn't allow distinguishing multiple instances by matching the name with the command line flags, and that's the only way that the rc.d framework allows matching daemon processes to the script, so running multiple copies via the rc.d framework won't work in a generic way. (in the case of many other daemons, one can simply symlink the rc.d script under a different name, and set flags separately for each name, but that won't work here).. You could copy /etc/rc.d/redis under a different name and modify it so that pexp matches the process title when run with the alternative config file, or otherwise run it outside of rc.d (e.g. from rc.local). -- Please keep replies on the mailing list.
Re: Astertisk missing library
On 2024-02-06, deich...@placebonol.com wrote: > are the libraries in the search path? they're not normal library deps for the main binary, all dlopen()'d from the relevant path. > On February 5, 2024 10:54:38 AM MST, Peter Fraser wrote: >>I should also add the libraries re on my system, and nm says they contain the >>simples >>I don't know why they are not loading. maybe you'll get some clues by running with LD_DEBUG set in the environment - there will be a *lot* of output so run under script(1). or, try comparing /etc/asterisk with one of your working machines and see what's different. >>From: owner-m...@openbsd.org On Behalf Of Stuart >>Henderson >>Sent: Monday, February 5, 2024 7:15 AM >>To: misc@openbsd.org >>Subject: Re: Astertisk missing library >> >>On 2024-02-04, Peter Fraser wrote: >>> Asterisk 20.5.2 works for me two different amd64 computers that I upgraded >>> from 7.3 amd64 to 7.4. >>... >>> [Feb 4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules >>> will be loaded. >>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined >>> symbol 'ast_audiosocket_connect' >>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined >>> symbol 'ast_audiosocket_init' >>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined >>> symbol 'ast_audiosocket_send_frame' >>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined >>> symbol 'ast_audiosocket_receive_frame' >> >>those are in res_audiosocket.so >> >>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined >>> symbol 'ast_speech_new' >>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined >>> symbol 'ast_speech_destroy' >>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined >>> symbol 'ast_speech_grammar_load' >>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined >>> symbol 'ast_speech_grammar_unload' >>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined >>> symbol 'ast_speech_grammar_activate' >> >>and those in res_speech.so >> >>> asterisk:/usr/local/lib/asterisk/modules/app_stasis.so: undefined symbol >>> 'stasis_app_exec' >> >>res_statis >> >>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol >>> 'ast_sip_cli_traverse_objects' >>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol >>> 'ast_sip_cli_traverse_objects' >>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol >>> 'ast_sip_cli_traverse_objects' >>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol >>> 'ast_sip_cli_traverse_objects' >>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol >>> 'ast_sip_push_task_wait_servant' >> >>res_pjsip >> >>etc. I think you may be missing something in modules.conf. I'd probably start >>with a copy of /usr/local/share/examples/asterisk/default/modules.conf >>and see if that works, then tweak from there. >> >>-- >>Please keep replies on the mailing list. >> > -- Please keep replies on the mailing list.
Re: Astertisk missing library
On 2024-02-04, Peter Fraser wrote: > Asterisk 20.5.2 works for me two different amd64 computers that I upgraded > from 7.3 amd64 to 7.4. ... > [Feb 4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules > will be loaded. > asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol > 'ast_audiosocket_connect' > asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol > 'ast_audiosocket_init' > asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol > 'ast_audiosocket_send_frame' > asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol > 'ast_audiosocket_receive_frame' those are in res_audiosocket.so > asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined > symbol 'ast_speech_new' > asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined > symbol 'ast_speech_destroy' > asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined > symbol 'ast_speech_grammar_load' > asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined > symbol 'ast_speech_grammar_unload' > asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined > symbol 'ast_speech_grammar_activate' and those in res_speech.so > asterisk:/usr/local/lib/asterisk/modules/app_stasis.so: undefined symbol > 'stasis_app_exec' res_statis > asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol > 'ast_sip_cli_traverse_objects' > asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol > 'ast_sip_cli_traverse_objects' > asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol > 'ast_sip_cli_traverse_objects' > asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol > 'ast_sip_cli_traverse_objects' > asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol > 'ast_sip_push_task_wait_servant' res_pjsip etc. I think you may be missing something in modules.conf. I'd probably start with a copy of /usr/local/share/examples/asterisk/default/modules.conf and see if that works, then tweak from there. -- Please keep replies on the mailing list.
Re: GNUstep back and base in OpenBSD 7.4 ARM
On 2024-02-04, Tito Mari Francis Escaño wrote: > Hi misc, > I was hoping to install GNUstep packages in ARM but it seems gnustep-back > and gnustep-base are not yet available in ARM. > I was under the impression that these are needed to start basic GNUstep > development. gnustep's libobjc2 failed to build on arm (32-bit), and afaik all the other gnustep ports directly or indirectly depend on that. http://build-failures.rhaalovely.net/arm/2023-11-23/x11/gnustep/libobjc2.log armv7 is not a great development environment on OpenBSD, package builds are pretty slow (over a month for a bulk build) so there's a slow turnaround of finding out whether any changes result in breaking things on the arch, and not many people have machines, so not many people are able to test fixes. > Please advise what options are available to move forward. You could try fixing the libobjc2 port, there's a chance that adding -fPIC to CFLAGS might help. -- Please keep replies on the mailing list.
Re: Astertisk missing library
On 2024-02-03, Peter Fraser wrote: > Yes > > From pkg_info > > asterisk-20.5.2 open source multi-protocol PBX and telephony toolkit ... >>The asterisk on a new system is missing a large number of symbols of the form: >> >>ast_sip_* ast_stir_* statis_app* >> >>I can't find what is missing, I assume some what a library dependency was >>missed, so my other Asterisk on other OpendBSD system are using the old >>version Please show some actual error messages/logs. modules.conf might be interesting too. Which machine arch are you using? Release or snapshots? 20.5.2 works for me on a 7.4 amd64 system. -- Please keep replies on the mailing list.
Re: New postfix-3.8.20221007p12 broken TLS for Gmail servers?
On 2024-02-03, Mike Fischer wrote: > >> Am 03.02.2024 um 03:44 schrieb Brian Conway : >> >>> Why do you run such an outdated postfix snapshot? >> >> That is the latest version that is supported/available in packages-stable: >> >> https://cdn.openbsd.org/pub/OpenBSD/7.4/packages-stable/amd64/ > > While we have not encountered the TLS issue with Gmail (see below) we are in > the same boat otherwise. postfix-3.8.20221007 seemed like the newest version > a while back and so we are running that version. Going back to 3.7.9 seems > like it may be a partial step backwards. 3.7.9 is a newer version than 3.8.20221007. -- Please keep replies on the mailing list.
Re: New postfix-3.8.20221007p12 broken TLS for Gmail servers?
On 2024-02-03, Mark wrote: > Hi again, > > I completely removed Postfix and installed the official stable package > "postfix-3.7.9p0-sasl2-mysql", but the problem persists. There is possibly still some conflict between openssl (required by newer versions of postfix) and libressl (used by pretty much all of the rest of the ports tree). I would suggest using a 3.5 version if you're using one of the non-default flavoured versions of postfix and having TLS-related problems and see if that helps (from 3.6 they started requiring features from newer versions of openssl that haven't made it into libressl yet). >> https://github.com/openbsd/ports/blob/master/mail/postfix/snapshot/Makefile the snapshot version of Postfix that is currently in the ports tree is seriously outdated, I think it should probably be removed. -- Please keep replies on the mailing list.
Re: Problem sound
On 2024-02-02, Manfred Koch wrote: > Hi all, > > I'm a newbie in openbsd. I use the xfce Desktop but without sound. I > have enabled sndiod_enable=YES > in /etc/rc.conf.local. Further I tried pulseaudio without success. > What's about dbus-daemon? > > Perhaps you can help me, to find a solution? If you're trying to use audio over HDMI, AFAIK that won't work, you'll need to use line out or headphone. Otherwise: send a dmesg, it might give more clues. (Just paste the complete dmesg straight into an email). > Are you knowing a mailinglist for newbies in openbsd? misc@ is just fine for this. -- Please keep replies on the mailing list.
Re: tmux: mouse works in st but not in xterm
On 2024-02-01, Omar Polo wrote: > On 2024/02/01 12:06:13 +0100, rsyk...@disroot.org wrote: >> Dear list, >> >> >> when I run tmux in xterm, the mouse support does not work. > > by default mouse support is disabled on xterm on OpenBSD. No clue why, > as I think it's useful. The knob to enable it is > > XTerm*allowMouseOps: true > > which is documented in xterm. - PatchSet 127 Date: 2021/10/31 18:38:43 Author: matthieu Branch: HEAD Tag: (none) Log: Disable mouse tracking by default. This causes extra control sequences to be sent to the shell when an application that has it enabled crashes. Discussed with deraadt@ Members: Makefile:1.36->1.37 xterm.man:1.55->1.56 -
Re: Communication between hosts on different network interfaces
On 2024-01-07, All wrote: > This is very much doable with DHCP one liner: > add the following to your dhcpd.conf ((!) inside the block of your > 192.168.2.0/24 network) > option classless-static-routes 192.168.3.0/24 192.168.2.1; > > This will install static route into all machines in 192.168.2.0/24 network. On clients that follow the spec properly, that will *override* the default routes so they will have a route to 192.168.3.0/24 but no default route. You need to include the default route too, for example (assuming that should go via 192.168.2.254), option classless-static-routes 192.168.3.0/24 192.168.2.1, 0.0.0.0/0 192.168.2.254;
Re: -current firefox segfault: pledge "", syscall 289
On 2024-01-26, Kirill Miazine wrote: > here's how I can reproduce it here -- just by opening > https://domene.shop/login page and waiting some seconds: > > $ firefox https://domene.shop/login > Exiting due to channel error. > Exiting due to channel error. > Exiting due to channel error. > Exiting due to channel error. > Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: > CompositorBridgeChild receives IPC close with reason=AbnormalShutdown > (t=5.06002) [GFX1-]: CompositorBridgeChild receives IPC close with > reason=AbnormalShutdown > Exiting due to channel error. > Abort trap (core dumped) > > should mention that this is inside Xvnc, and vnc logs has additional > error line: > > PCRE2 library was built without JIT support > > maybe Xvnc -- or PCRE -- are somehow contributing here The firefox port uses pledge, which is incompatible with some things done by the swrast DRI driver (any use of pledge disables the shm syscalls, and it's unlikely that they will be added). https://marc.info/?t=15510231321=1=2 You can either disable pledge in firefox (see the pkg-readme - no need to recompile anything), or build a patched version of Mesa (the patch in that thread will no longer work, but removing -DHAVE_SYS_SHM_H in config.mk may do the trick - and if you go down that route, you'll need to recompile it yourself after updates). -- Please keep replies on the mailing list.
Re: plasmashell crashes when typing in the applications menu search bar
On 2024/01/25 14:17, bi...@iscarioth.org wrote: > Stuart Henderson write : > > That is ludicrous > > > Ah, did I do something wrong because he only needs to setup staff groups > /etc/login.conf and then no need to use `sysctl kern.maxfiles` ? Why on earth would it need to have over a hundred thousand files open at the same time when typing in a search bar?
Re: plasmashell crashes when typing in the applications menu search bar
On 2024-01-24, bi...@iscarioth.org wrote: > Hello Sylvain ! > > If my assumption is correct (KDE open a huge number of files during > the query), > > So you had to increase the number of files open with > > > sysctl kern.maxfiles=102400 That is ludicrous
Re: socket core
On 2024-01-16, Otto Moerbeek wrote: > On Tue, Jan 16, 2024 at 08:16:38AM +0100, Janne Johansson wrote: > >> Den tis 16 jan. 2024 kl 01:16 skrev Gustavo Rios : >> > Hi folks. >> > I have a simple question : How many cores does OBSD support ? >> >> amd64 says >> >> #define MAXCPUS 64 /* bitmask */ >> >> but different arches have different limits. > > But do note that OpenBSD is not great in using many cores, expect it > to not scale in a linear way. It's best to make decisison on actual > measurments. It can vary a lot depending on what you're actually doing on the machine; pure computation will scale better than file access, for example. Keep an eye on "spin" in top(1) while testing. If you're seeing significant numbers for this, adding cores is not all that likely to help.
Re: as cannot do endbr64 instructions (too old)
Please send it to tech@ On 2024/01/10 13:18, Lorenz (xha) wrote: > On Wed, Jan 03, 2024 at 08:50:43AM +0100, Lorenz (xha) wrote: > > On Tue, Jan 02, 2024 at 08:32:00PM -0000, Stuart Henderson wrote: > > > I can't say. Though I doubt there would much objection if it's clean and > > > not a copy of a GPLv3-licensed upstream commit. > > > > what about this? > > > > i am not sure about the situation on arm64. it looks like newer gnu > > assemblers don't like bti instructions unless explicitly enabled. > > llvm seems to be using hint #34 for compatibility. > > > > is /usr/bin/as the GNU assembler on arm64 aswell? > > > > Index: include/opcode/i386.h > > === > > RCS file: /cvs/src/gnu/usr.bin/binutils-2.17/include/opcode/i386.h,v > > retrieving revision 1.11 > > diff -C5 -r1.11 i386.h > > *** include/opcode/i386.h 9 Sep 2018 21:59:43 - 1.11 > > --- include/opcode/i386.h 3 Jan 2024 07:35:49 - > > *** > > *** 1532,1541 > > --- 1532,1545 > > > > /* Intel PCID extension */ > > {"invpcid", 2, 0x660f3882, X, CpuNEW|CpuNo64, > > Modrm|IgnoreSize|No_bSuf|No_wSuf|No_sSuf|No_qSuf|No_xSuf|NoRex64, { > > BaseIndex|Disp8|Disp16|Disp32|Disp32S, Reg32 } }, > > {"invpcid", 2, 0x660f3882, X, CpuNEW|Cpu64, > > Modrm|IgnoreSize|No_bSuf|No_wSuf|No_sSuf|No_qSuf|No_xSuf|NoRex64, { > > BaseIndex|Disp8|Disp16|Disp32|Disp32S, Reg64 } }, > > > > + /* Intel Indirect Branch Tracking extensions */ > > + {"endbr64", 0, 0xF30F1E, 0xFA, Cpu64, NoSuf|ImmExt, { 0, 0, 0 } }, > > + {"endbr32", 0, 0xF30F1E, 0xFB, CpuNo64, NoSuf|ImmExt, { 0, 0, 0 } }, > > + > > /* sentinel */ > > {NULL, 0, 0, 0, 0, 0, { 0, 0, 0} } > > }; > > #undef X > > #undef NoSuf > > > > can someone take a look at this and maby commit if it is OK? i > removed the endbr32 instruction from the patch because i don't think > it will ever be needed on openbsd. > > Index: gnu/usr.bin/binutils-2.17/include/opcode/i386.h > === > RCS file: /cvs/src/gnu/usr.bin/binutils-2.17/include/opcode/i386.h,v > retrieving revision 1.11 > diff -u -p -r1.11 i386.h > --- gnu/usr.bin/binutils-2.17/include/opcode/i386.h 9 Sep 2018 21:59:43 > - 1.11 > +++ gnu/usr.bin/binutils-2.17/include/opcode/i386.h 10 Jan 2024 12:15:36 > - > @@ -1534,6 +1534,9 @@ static const template i386_optab[] = > {"invpcid", 2, 0x660f3882, X, CpuNEW|CpuNo64, > Modrm|IgnoreSize|No_bSuf|No_wSuf|No_sSuf|No_qSuf|No_xSuf|NoRex64, { > BaseIndex|Disp8|Disp16|Disp32|Disp32S, Reg32 } }, > {"invpcid", 2, 0x660f3882, X, CpuNEW|Cpu64, > Modrm|IgnoreSize|No_bSuf|No_wSuf|No_sSuf|No_qSuf|No_xSuf|NoRex64, { > BaseIndex|Disp8|Disp16|Disp32|Disp32S, Reg64 } }, > > +/* Intel Indirect Branch Tracking extensions */ > +{"endbr64", 0, 0xF30F1E, 0xFA, Cpu64, NoSuf|ImmExt, { 0, 0, 0 } }, > + > /* sentinel */ > {NULL, 0, 0, 0, 0, 0, { 0, 0, 0} } > };
Re: File corruption on SSD disk
On 2024-01-10, Randall Gellens wrote: > I'm running OpenBSD on a Protectli box as a router/firewall. The disk is > an SSD. Every now and then I reboot it ("sudo shutdown -r now") just to > make sure it comes back up. Several times it hung on disk errors that > the auto 'fsck' can't fix. I was able to manually run 'fsck' and answer > its prompts to clean up the problems, which sometimes were unreferenced > inodes or similar things. It deleted some files in /var. The system runs > OK, so perhaps the files aren't used in my minimal setup. > > I have two questions: > > (1) In "/etc/rc" I changed [fsck -p "$@"] to [fsck -f "$@"] in an > attempt to get it to force fix problems, so the system could recover > without someone manually doing it. That didn't work (it still stopped > startup with the disk errors), so I tried making it [do_fsck -f -y] but > that didn't work either. How does one make the system recover (e.g., how > would an unstaffed/dark computer operations center do it)? fsck -y is all you can do there. > (2) Why would the system develop disk problems? Might the SSD be > failing? Should I proactively replace it? If I do replace it, should I > start fresh with a clean install versus cloning the current disk? possibly. SSDs aren't exactly permanent storage either, even if not failing (read about "bit rot") - magnetic HDDs too, though they're usually considered to have a bit more longevity than SSDs in that respect. are temperatures in a safe range? are your cables good and properly connected? if replacing, you don't want to start from a clone of a suspicious drive. you don't know if the data you're reading is good or not. I'd go for a clean install, move config across, and review those config files. > By the way, the SSD is a Samsung SSD 870 EVO 500GB (only using a tiny > bit of it). Micromat's Lifespan says it has 100% life left, and their > Tech Tools Pro found no bad blocks. that will most likely be based on erase/write cycles and ignore other possible effects. -- Please keep replies on the mailing list.
Re: bioctl -v -P
On 2024-01-05, Roderick wrote: > I get > > # bioctl -v -P wd0e > bioctl: BIOCDISCIPLINE: inapeopriate ioctl for device > > Is it not possible to change the pass? > > What was supposed that I do under > > https://www.openbsd.org/faq/upgrade74.html#ConfigChanges > > ??? wd0e is not a softraid volume. Use the softraid volume, e.g. sd1 or sd0 or similar. -- Please keep replies on the mailing list.
Re: Script doesn't stop opensearch
On 2024-01-03, Mik J wrote: > Hello, > > I don't understand how the startup/stop script works It uses the string from pexp (as it was when the daemon was _started_; changes to the rc script after startup are ignored) with pgrep(1) -xf to identify the running process (and pkill -xf to actually signal it). > I can confirm that the pid I see in /var/run/opensearch/opensearch.pid is the > same I see in ps ax | grep opensearch > > However when I want to stop the process > # /etc/rc.d/opensearch stop > Nothing happens Show the contents of /var/run/rc.d/opensearch and the output of some pgrep command that identifies the process (e.g. pgrep -lf opensearch). > And I don't understand how this stop command would do something like that > # kill -15 `cat /var/run/opensearch/opensearch.pid` rc.d doesn't use pid files. If the daemon exited without cleaning the file (e.g in a crash) the pid may have been re-used by another process. -- Please keep replies on the mailing list.
Re: Script doesn't stop opensearch
On 2024-01-04, Mike Fischer wrote: > >> Am 04.01.2024 um 00:06 schrieb Mik J : >> >> However when I want to stop the process >> # /etc/rc.d/opensearch stop >> Nothing happens > > try: > # rcctl stop opensearch > > You are not supposed to ever call the /etc/rc.d/* scripts directly. no, that's fine too. -- Please keep replies on the mailing list.
Re: ignore dns dhcpleased
On 2024-01-03, Peter Wens wrote: > Hi Otto, > > I checked it, and yes it's slaacd > > ... > rdns_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED -> > PROPOSAL_CONFIGURED, timo: 3588 > gen_rdns_proposal: iface 1: fe80::f... > ... > > Don't know how to disable this (e.g. vultr), so for now i disable resolvd. If you want to force a specific server, that's often the right answer anyway. An alternative is to use unwind with its config file.
Re: ProtectLi w/ OpenBSD
On 2024-01-03, Kenneth Hendrickson wrote: > Is there any newer information than this: > https://OpenBsdMailBox.blogspot.com/2023/05/protectli-vp2420-with-dasharo.html That is exactly how a boot looks if you are on a device with serial console and don't tell the boot loader to use the serial console. stty com0 set tty com0 boot -- Please keep replies on the mailing list.
Re: How to access Xauthority for VNC Server
On 2024-01-02, Adam Retter wrote: > > XAUTHORITY=/etc/X11/xenodm/authdir/authfiles/A:0-r4dlnM x0vncserver > -display :0 -PasswordFile ~/.vnc/passwd > > It is not clear to me how I can set this up so that x0vncserver can > access the correctly named auth file each time the machine restarts, > and also under which account it would be considered best practice to > run x0vncserver... Should I run it under my user account, the `_x11` > account, or an account created just for that purpose? > Ideally the VNC Server would start during system startup also. It won't help for system startup, but you can add the x0vncserver command (backgrounded with &) from .xsession to run after login. This would run as your uid and with X environment variables intact so no faffing with XAUTHORITY needed. (I would recommend listening to localhost only and connecting via ssh port-forwarding; for unix VNC clients "-via $hostname localhost" runs the ssh command for you). -- Please keep replies on the mailing list.
Re: as cannot do endbr64 instructions (too old)
On 2024-01-02, Lorenz (xha) wrote: > what is the reason to only include GPLv2 and not GPLv3? The new license terms are not wanted for the base OS. As with GCC, a newer GPLv3 version is available in ports. > that "as" doesn't support modern instructions is starting to cause > all sorts of nasty problems. the compiler backend of hare, QBE, > recently had a patch accepted which adds IBT/BTI support and i > prepared the stdlib to be able to deal with IBT/BTI. > > however, the patch was reverted yesterday with the reason that the > standard openbsd toolchain doesn't support it. i would need to patch > QBE to accept a cfi flag (i don't even know if it'd get accepted), > which, again, would introduce new workarounds in hare for openbsd. You could perhaps encode the bytes instead, like openssl does specifically so it will work on other OS with old binutils too.. 0xf3,0x0f,0x1e,0xfa > if updating "as" is really not an option, would a patch adding support > for endbr64 and the BTI equivilant be accepted? I can't say. Though I doubt there would much objection if it's clean and not a copy of a GPLv3-licensed upstream commit. -- Please keep replies on the mailing list.
Re: Weird network performance with iwn(4)
On 2024-01-02, Murat D. Kadyrov wrote: > On Thu, Dec 21, 2023 at 09:23:42AM +0100, Stefan Sperling wrote: >> On Wed, Dec 20, 2023 at 07:54:47PM +, Lévai, Dániel wrote: >> > Danel Levai wrote: >> > > Stuart Henderson wrote: >> > > > I checked for openwrt support but your AP has a relatively uncommon >> > > > Realtek SoC and it seems fairly unlikely to happen so you're probably >> > > > stuck with the vendor firmware. >> > > > >> > > > Maybe try forcing "mode 11n" or "mode 11g" with ifconfig and see if >> > > > that's any better. >> > > >> > > Interestingly enough, "mode 11g" won't join the AP. 11n works and it's a >> > > steady >> > > 300KByte/sec, it doesn't go up and down like with 11ac. >> > > >> > > Anyway, I'll see if I can find myself another AP to deploy here, maybe >> > > it's just some >> > > fringe compatibility issue. >> > > >> > > Daniel >> > >> > Just for the record, I totally missed trying the 2.4GHz SSID of this AP >> > (it has a different name). I was only trying 5GHz with all modes - no >> > wonder .11g wouldn't join (brain freeze)... >> > So .11n actually works on 2.4GHz with this AP and iwm(4), and has a >> > download speed of around 1,5-2,0MByte. >> > >> > Daniel >> > >> > >> >> This means the performance issue is specific to 11ac mode, correct? > > 11ac mode supported by OpenBSD? Yes, for quite a while now, on bwfm iwm iwx. -- Please keep replies on the mailing list.
Re: Firefox, Chrome, Libreoffice bogus syscall on -current
On 2024-01-01, Ax0n wrote: > On Fri, Dec 29, 2023 at 7:33 PM Stuart Henderson > wrote: > >> Pity, without the deletes a transcript of a run of pkg_add -u -v >> might have shown why the packages didn't get updated. They should have, >> and in most cases they do. >> > > Here's the pkg_add -uiv output that I saved while removing stuff. There's a > bit of detail there, maybe enough to unwind the problem? > > https://gist.github.com/n0xa/934776b75ef520738c0fca16aa8b1071 > pkg_add needs at least -vvv to debug update issues. (There will be too much output for nearly any scrollback buffer so will need running under script(1) or alternative). -- Please keep replies on the mailing list.
Re: Cannot PXE Boot PC Engines APU.1D4
On 2024-01-01, Kenneth Hendrickson wrote: > --- On Monday, January 1, 2024 at 06:10:57 AM EST, Stefan Sperling > wrote: > >> Booting 7.4 or -current kernels with an old pxeboot binary won't work. >> Make sure that both the kernel image and pxeboot originate from the >> 7.4 release or -current. > > > I was using pxeboot and bsd.rd from 7.4. Did you create etc/boot.conf in the tftp server dir with the commands to switch to serial console? (stty com0 , set tty com) If that's not it, show what's displayed in the boot process. -- Please keep replies on the mailing list.
Re: Firefox, Chrome, Libreoffice bogus syscall on -current
On 2023-12-29, Ax0n wrote: > On Fri, Dec 29, 2023, 11:21 Theo de Raadt wrote: > >> Then your machine is not -current, not by a long shot. >> >> We moved to libc.so.98.0 on Dec 12. >> >> At least two rounds of new packages have shown up since then. >> >> I do believe there are circumstances where pkg_add fails to update >> library packages. > > > It turns out there was a list of 100 some packages that couldn't be > upgraded with pkg_add -u and I just wasn't reading it, as the heart of the > message scrolled way off the screen. > > I programmatically pkg_delete'd those and those which relied upon them, and > re-installed only what I really needed and all is well in the world once > again. Pity, without the deletes a transcript of a run of pkg_add -u -v might have shown why the packages didn't get updated. They should have, and in most cases they do.
Re: certbot with cloudflare dns-01 challenge
On 2023-12-27, hammer2_zfs wrote: > Why "OpenBSD packages" did not have a py3-certbot-dns-cloudflare. Because nobody was interested enough in it to write a port and get it committed.
Re: Firefox, Chrome, Libreoffice bogus syscall on -current
On 2023-12-27, Ax0n wrote: > I had been running #1471 since December 5th without issue, and this week > upgraded to the latest snapshot (#1567) after which some apps such as > Firefox won't run. They display "msyscall a8000 error" followed by a > core dump. dmesg(1) shows a bogus syscall. I did ensure that I had properly > sysmerged and updated packages.I waited until the next snapshot hit > mirrors, and verified that this issue persists with build #1572 and fresh > packages as well. Lenovo X1 Carbon Gen 8. dmesg in body. I can put core > dumps somewhere if it helps. Not sure how much core dumps will help, but if you can try running the binaries with problems with LD_DEBUG set in the environment (to anything) and capture output (e.g. using script(1) as it will likely be copious) that might give clues. How are you updating packages / which mirror? Do you have anything left in /usr/local/{bin,sbin,lib} etc which still reference any libc.so.97? Are you doing anything unusual with LD_PRELOAD (e.g. using a socks wrapper)?
Re: qcad does not segfault when qtscript is compiled with -O0.
This was already diagnosed and fixed in -current, see https://marc.info/?l=openbsd-ports=170160684730438=2 https://github.com/openbsd/ports/blob/e10f7e1a39f85873183c232462850449f777e16f/x11/qt5/qtscript/patches/patch-src_3rdparty_javascriptcore_JavaScriptCore_interpreter_CallFrame_h On 2023-12-26, Andy Bradford wrote: > Hello, > > A little over a year ago I reported[1] that qcad started having > segfaults in 7.0 (or 7.1). I thought I would try to debug it today in > 7.4 and so enabled DEBUG_PACKAGES and DEBUG variables in the cad/qcad > Makefile and also the x11/qt5/qtscript Makefile hoping to debug the > segfault. In the Makefile for both I set: > > DEBUG_PACKAGES= ${BUILD_PACKAGES} > DEBUG=-O0 -g > > Then I built the packages, installed them and their debug packages and > hoped to capture a segfault, but it doesn't crash. Apparently enabling > -O0 in qtscript's Makefile makes it not crash. To test that hypothesis, > I commented out the DEBUG line completely and rebuilt qtscript with just > the defaults that DEBUG_PACKAGES inherits and sure enough, after > installing that qtscript package built with -O2 qcad again crashes. > > (gdb) bt > #0 0x03eae2f9a990 in QScriptEnginePrivate::mark (this=0x3eb4af54a80, > markStack=...) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1320 > #1 0x03eae2f14d6c in QTJSC::Heap::markRoots (this=0x3ea8c2129e8) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1167 > #2 0x03eae2f13ac5 in QTJSC::Heap::reset (this=0x3ea8c2129e8) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1269 > #3 QTJSC::Heap::allocate (this=0x3ea8c2129e8, s=) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:405 > #4 0x03eae2fa3ac2 in QTJSC::JSCell::operator new (size=56, > exec=) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h:167 > #5 QScriptEnginePrivate::newVariant (this=0x3eb4af54a80, value=...) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1797 > #6 0x03eae2fa51b5 in QScriptEngine::newVariant (this=, > value=...) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:2233 > #7 0x03eade54f63f in qtscript_create_Qt_Axis_class > (engine=0x3eaf5f91770, clazz=...) at > ../../generated_cpp/com_trolltech_qt_core/qtscript_Qt.cpp:4157 > #8 0x03eade5445ee in qtscript_create_Qt_class (engine=0x3eaf5f91770) at > ../../generated_cpp/com_trolltech_qt_core/qtscript_Qt.cpp:8386 > #9 0x03eade62a327 in qtscript_initialize_com_trolltech_qt_core_bindings > (extensionObject=...) at > ../../generated_cpp/com_trolltech_qt_core/com_trolltech_qt_core_init.cpp:312 > #10 0x03eade3a1d9e in com_trolltech_qt_core_ScriptPlugin::initialize > (this=0x3eabb1f6100, key=..., engine=0x3eaf5f91770) at plugin.cpp:21 > #11 0x03eae2fabdf9 in QScriptEngine::importExtension (this=0x3eaf5f91770, > extension=...) at > /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:3769 > #12 0x03ea8abc35ab in RScriptHandlerEcma::RScriptHandlerEcma > (this=0x3eabb1e94e0) at RScriptHandlerEcma.cpp:434 > #13 0x03ea8abd4919 in RScriptHandlerEcma::factory () at > RScriptHandlerEcma.cpp:1074 > #14 0x03ead8eb2c3e in RScriptHandlerRegistry::createScriptHandler > (extension=...) at RScriptHandlerRegistry.cpp:67 > #15 0x03ead8eb2caf in RScriptHandlerRegistry::getGlobalScriptHandler > (extension=...) at RScriptHandlerRegistry.cpp:76 > #16 0x03e87ec05021 in main (argc=1, argv=0x7b524ae78618) at main.cpp:389 > (gdb) list > 1315} > 1316 > 1317if (q) { > 1318QScriptContext *context = q->currentContext(); > 1319 > 1320while (context) { > 1321JSC::ScopeChainNode *node = > frameForContext(context)->scopeChain(); > 1322JSC::ScopeChainIterator it(node); > 1323for (it = node->begin(); it != node->end(); ++it) { > 1324JSC::JSObject *object = *it; > > Stepping through with -O2, it seems to go through one or two iterations of a > while loop and then crashes: > > (gdb) print context > $8 = (QScriptContext *) 0xf0800cd3288 > (gdb) print *context > $9 = {d_ptr = 0x1} > (gdb) next > 1323for (it = node->begin(); it != node->end(); ++it) { > (gdb) > 1324JSC::JSObject *object = *it; > (gdb) > 1325if (object) > (gdb) > 1326markStack.append(object); > (gdb) > 1323
Re: Freetype FT_CONFIG_OPTION_USE_PNG
On 2023/12/22 07:11, Robert Palm wrote: > Stuart, thank you. > > Is it possible to builtin / bundle freetype with sdl2 / sdl2-ttf and enable > this option? > > I think op@ did something similar with godot... > > Am 21. Dez. 2023, um 22:29, Stuart Henderson > schrieb: > > On 2023-12-21, Robert Palm wrote: > > I wanted to ask if in xenocaras freetype the FT_CONFIG_OPTION_USE_PNG > is enabled. > > It's not, afaik it can't be done unless libpng would be moved from ports > to xenocara. > >From a quick look it seems that sdl2-ttf already uses a bundled copy of >freetype.
Re: Freetype FT_CONFIG_OPTION_USE_PNG
On 2023-12-21, Robert Palm wrote: > > I wanted to ask if in xenocaras freetype the FT_CONFIG_OPTION_USE_PNG > is enabled. It's not, afaik it can't be done unless libpng would be moved from ports to xenocara. -- Please keep replies on the mailing list.
Re: Post (snap) update emails: fsck errors and (in)security output
On 2023-12-20, Why 42? The lists account. wrote: > > Just tried the mount of /tmp manually from the command line at got: > mount_mfs: mmap: Cannot allocate memory > > When I halved the size (memory) allocated (-s=2097152) it mounts > successfully: > mjoelnir:robb 20.12 19:50:02 # df -h /tmp > Filesystem SizeUsed Avail Capacity Mounted on > mfs:75507 1.9G1.0K1.8G 1%/tmp > > Strange that it used to work. One day (!) I'll re-partition and allocate > a partition/slice of "real" storage to /tmp instead of using mfs. login.conf used to allow unlimited datasize for the 'daemon' class. That was changed to cap at 4G (IIRC that was a prerequisite before we were allowed to bump MAXDSIZ but I don't remember all the details now). This affects things started from rc - the things particularly likely to run into memory limits here are fsck, mounting mfs filesystems, maybe also running dump or restore from single user mode - also ports daemons, though in most cases we now provide a separate /etc/login.conf.d/daemonname file which raises limits where needed. If you have plenty of RAM you may want to bump that value.
Re: XFCE Thunar filemanager core dumps ...
On 2023-12-20, Why 42? The lists account. wrote: > > On Wed, Dec 20, 2023 at 03:23:52PM -, Stuart Henderson wrote: >> > ... >> > When I started gdb (no expert) I noticed this "Dwarf error": >> > mjoelnir:/tmp 20.12 12:04:38 % gdb -e /usr/local/bin/Thunar -c thunar.core >> > GNU gdb 6.3 >> >> https://www.openbsd.org/faq/ports/ports.html#Backtrace > > Thanks. What I understood from there then was to install the debug > package and run egdb + "bt". Hopefully that's what you had in mind. Also install debug packages for relevant libraries - here, debug-glib2 and debug-gtk+3 may be useful. > Here's the resulting stack trace, the "optimized out" sounds a bit > worrying :-): That doesn't indicate a problem. Probably best to move this to ports@ btw. > (gdb) bt > #0 0x084822eb0565 in g_node_traverse_pre_order () from > /usr/local/lib/libglib-2.0.so.4201.11 > #1 0x084822eb0577 in g_node_traverse_pre_order () from > /usr/local/lib/libglib-2.0.so.4201.11 > #2 0x084822eb0577 in g_node_traverse_pre_order () from > /usr/local/lib/libglib-2.0.so.4201.11 > #3 0x084570b35046 in thunar_tree_view_set_show_hidden > (view=0x848252483c0, show_hidden=) at thunar-tree-view.c:1990 > #4 thunar_tree_view_set_property (object=0x848252483c0, prop_id= out>, value=, pspec=) at thunar-tree-view.c:509 > #5 0x084827e3c82a in object_set_property () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #6 0x084827e3c5a8 in g_object_setv () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #7 0x084827e3d94b in g_object_set_property () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #8 0x084827e2cf19 in on_source_notify () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #9 0x084827e3442b in g_closure_invoke () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #10 0x084827e50f4c in signal_emit_unlocked_R.123 () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #11 0x084827e4ebab in signal_emit_valist_unlocked () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #12 0x084827e4f39f in g_signal_emit () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #13 0x084827e40a53 in g_object_dispatch_properties_changed () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #14 0x084827e3ae1c in g_object_notify_by_spec_internal () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #15 0x084570b43c07 in thunar_window_action_show_hidden > (window=0x848393b6760) at thunar-window.c:4727 > #16 0x0847e652dc4e in _gtk_marshal_BOOLEAN__OBJECT_UINT_FLAGS () from > /usr/local/lib/libgtk-3.so.2201.0 > #17 0x084827e3442b in g_closure_invoke () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #18 0x084827e4ff6d in signal_emit_unlocked_R () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #19 0x084827e4ec0f in signal_emit_valist_unlocked () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #20 0x084827e4f39f in g_signal_emit () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #21 0x0847e65498d2 in gtk_accel_group_activate () from > /usr/local/lib/libgtk-3.so.2201.0 > #22 0x0847e6549a24 in gtk_accel_groups_activate () from > /usr/local/lib/libgtk-3.so.2201.0 > #23 0x0847e686e048 in gtk_window_activate_key () from > /usr/local/lib/libgtk-3.so.2201.0 > #24 0x0847e6874325 in gtk_window_key_press_event () from > /usr/local/lib/libgtk-3.so.2201.0 > #25 0x0847e652ceb0 in _gtk_marshal_BOOLEAN__BOXED () from > /usr/local/lib/libgtk-3.so.2201.0 > #26 0x084827e3442b in g_closure_invoke () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #27 0x084827e50100 in signal_emit_unlocked_R () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #28 0x084827e4ec0f in signal_emit_valist_unlocked () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #29 0x084827e4f39f in g_signal_emit () from > /usr/local/lib/libgobject-2.0.so.4200.18 > #30 0x0847e684e22a in gtk_widget_event_internal () from > /usr/local/lib/libgtk-3.so.2201.0 > #31 0x0847e66ce1cf in gtk_propagate_event () from > /usr/local/lib/libgtk-3.so.2201.0 > #32 0x0847e66cdbe1 in gtk_main_do_event () from > /usr/local/lib/libgtk-3.so.2201.0 > #33 0x08477220a65b in _gdk_event_emit () from > /usr/local/lib/libgdk-3.so.2201.1 > #34 0x084772263c88 in gdk_event_source_dispatch () from > /usr/local/lib/libgdk-3.so.2201.1 > #35 0x084822ea320d in g_main_context_dispatch_unlocked () from > /usr/local/lib/libglib-2.0.so.4201.11 > #36 0x084822ea35ec in g_main_context_iterate_unlocked () from > /usr/local/lib/libglib-2.0.so.4201.11 > #37 0x084822ea369b in g_main_context_iteration () from > /usr/local/lib/libglib-2.0.so.4
Re: XFCE Thunar filemanager core dumps ...
On 2023-12-20, Why 42? The lists account. wrote: > > Hi All, > > I'm running XFCE on OpenBSD 7.4 GENERIC.MP#1535 amd64 > > I pressed Control+h in thunar thinking that it would toggle the display > of hidden files ( .dot files), but instead thunar core dumps: > -rw--- 1 robb robb 20656304 Dec 19 21:02 thunar.core > > Would this be an OpenBSD (porting) issue, or something upstream? > > I don't see this behaviour on an adjacent Linux system (different > versions of XFCE though). I have these versions: > xfce-4.18.1 Xfce desktop meta-package (base installation) > thunar-4.18.8 Xfce4 file manager > > When I started gdb (no expert) I noticed this "Dwarf error": > mjoelnir:/tmp 20.12 12:04:38 % gdb -e /usr/local/bin/Thunar -c thunar.core > GNU gdb 6.3 https://www.openbsd.org/faq/ports/ports.html#Backtrace
Re: Bridging firewall and ntpd
On 2023-12-19, Karel Lucas wrote: > > Hi all, > > I am creating a bridging firewall, and am wondering if it is possible to > use the ntp daemon to ensure that all log files are timed correctly. Is > there a way to achieve that despite the fact that the network > connections do not have an IP address? Yes, e.g. with a gps unit and nmea(4) If you want to fetch time over the network, however, the machine will need to have network access. -- Please keep replies on the mailing list.
Re: OpenBSD on Dell Wyse 3040 N10D - Successful installation and possible problem with ACPI
On 2023-12-18, Luca Di Gregorio wrote: > The system booted, but I saw that it stopped unexpectedly after > some time (hours or minutes) without any apparent reason. > > dmesg said 'acpicpu0 ... bad value ...' > (Unfortunately I don't have a copy of this dmesg). Use sendbug as root to create a bug report including acpi tables. (you may want to sendbug -P > somefile and copy that elsewhere if the machine isn't setup for email). Preferably with an unmodified kernel so that the dmesg is complete. Try to get a copy of the full error message too. > So, I added these lines in /etc/bsd.re-config, to disable ACPI drivers at > boot: > disable acpi > disable acpitz > disable acpitz* > disable acpicpu > disable acpicpu* > disable acpibat > disable acpibat* > disable acpipwrres > disable acpipwrres* > disable acpiprt* why all these, when you only had an issue with acpicpu? (since acpi is involved in so much of running the system, often including thermal controls, that's best avoided). > I'm not skilled enough to go further in the investigation, hopefully > someone more skilled than me will go on deeper and discover > the exact issue causing the unexpected stops. I don't think there's enough information yet for somebody who doesn't have the hardware to do anything to help.
Re: load balancing with rdomains
On 2023-12-16, Petr Ročkai wrote: > Hi, > > On Sat, Dec 16, 2023 at 06:37:54PM +0100, Marko Cupać wrote: >> pass in on em0 from (em0:network) to probability 50% rtable 1 >> pass in on em0 from (em0:network) to probability 50% rtable 2 > > IIUIC these two only add up to 75% probability – you presumably want > probability 50% on the second of the two (the first one then being a > match for everything that the later rule doesn't take up). exactly. -- Please keep replies on the mailing list.
Re: load balancing with rdomains
On 2023-12-15, Marko Cupać wrote: > Hi, > > I have a router whose LAN interface is in default rdomain 0, ISP1 in > rdomain 1 and ISP2 in rdomain 2. Reason for this is a bit complicated, > involves wireguard tunneling, I will give more details if needed. > > LAN hosts can access Internet over ISP1 by means of: > > pass in on $if_lan from ($if_lan:network) to rtable 1 > > Also over ISP2 if I change above line to: > > pass in on $if_lan from ($if_lan:network) to rtable 2 > > Is it possible to load-balance over both ISPs / rdomains? See "probability" in pf.conf(5). -- Please keep replies on the mailing list.
Re: OBS-Studio 26.1.0 and later
On 2023-12-12, hammer2_zfs wrote: > I am scripts' kitty ;-) > I was using OBS-Studio 26.1.0 for Streaming by OpenBSD 7.1. > since 7.1 to now... > > recently, My USB device was gone... > then, I tried install by pkg_add obs-stuido on OpenBSD 7.4... > but, I couldn't get the OBS-Studio... > > I want to use the OBS-Studio... > Why, close the support for OBS-Studio... OBS-Studio has never been in the ports tree. You must have been using a third party build or self-built binaries. -- Please keep replies on the mailing list.
Re: VMs not rebooting
On 2023-12-12, Steve Litt wrote: > I've been told by some that OpenBSD has no hardware-assisted VMs, and That has been wrong since around 2012 when ldomd was added (on sparc64). On amd64, vmm(4) was added in ~2015. (_qemu_ on OpenBSD does not have hw virtualisation support, but that is not the only way to do VMs). > others that it does. Without hardware assisted VMs, a very slow > software emulator is required making the guest seem like it's on a 14.4 > modem. > > So my question is, does vmm have hardware assist? vmm(4) provides kernel support for hardware virtualisation on x86. That is used (and required) by vmd(8). -- Please keep replies on the mailing list.
Re: pkg_add - error while reading header / read short file / gzheader truncated
On 2023/12/08 15:40, David Rinehart wrote: > On Fri, 2023-12-08 at 08:37 +0000, Stuart Henderson wrote: > > On 2023-12-07, David Rinehart wrote: > > > > > > I see the same with multiple installs - Started with 7.4. No > > > modification to default installurl. > > > > The contents of the 'default' installurl depend on whuch mirror you > > selected to install from. > > > > I select "disk" for file sets and do not recall selecting a mirror. I > believe this puts https://cdn.openbsd.org/pub/OpenBSD in the file. > > The issue may have started before 7.4, but was not seen at 7.3 release > timeframe. > > After giving it more thought, I believe I started seeing errors on > package installation before 7.4 release. I figured it was a web site > issue because I'm running -stable and no patches seemed related (so > more likely an external issue). Then, the errors were familiar when I > did reinstalls with 7.4. The errors are temporary and the package > installations will complete if run again, or maybe a couple times. > > Thanks, for the reply and any help! I suggest trying a mirror instead then, and see if there's any difference. Pick one from www.openbsd.org/ftp.html.
Re: Weird network performance with iwn(4)
I checked for openwrt support but your AP has a relatively uncommon Realtek SoC and it seems fairly unlikely to happen so you're probably stuck with the vendor firmware. Maybe try forcing "mode 11n" or "mode 11g" with ifconfig and see if that's any better. On 2023-12-08, Lévai Dániel wrote: > On Thursday, December 7th, 2023 at 17:10, Stefan Sperling > wrote: >> >> >> On Thu, Dec 07, 2023 at 03:39:33PM +, Lévai, Dániel wrote: >> >> > Hi all! >> > >> > Recently my trusty T410 died (had iwn(4) in it) and had to switch to an >> > E450 - but this has iwm(4). >> > Never had any issues with iwn(4) and iwm(4) seems to operate perfectly >> > fine in some scenarios, e.g. speedtest.net indicates 100/100Mbit down/up >> > speed. >> >> > But downloading a base74.tgz set takes little more than 30 minutes - in >> > firefox and in console with ftp(1). >> >> >> So you are getting 100/100 Mbit on iwm(4) in a speed test, and only >> downloading >> base74.tgz is slow? > > Well, not quite - speedtest.net (whatever it does) seems to report good > results, browsing however is generally slow, but I can't really set precise > expectations for let's say "opening youtube.com". It's just slow compared to > other machines on the same network. > The most concrete thing I could think of was to download the base set which > was surprisingly slow during the first upgrade after installation. That's why > I started to investigate; this I can measure and report. > > So generally speaking, everything is slow on iwm0 *except* what speedtest.net > seems to report. > >> The speed test being successful would imply that the wifi >> layer is working just fine. If so then something else must be messing with >> your base74.tgz download attempts. >> >> What happens when you download base74.tgz over ethernet? > > No issue, perfect 100Mbit. > >> Or with iwm(4) via a different AP? >> Or with iwm(4) via a different ISP? > > Thanks for the tips! > I went ahead and tried my cell phone's mobile hotspot. > Even though speedtest.net only reported 30/15Mbit down/up, the general > browsing experience was much better and managed to squeeze out 2-3MByte/sec > while downloading the base set from various mirrors. > > Switching back to my home AP seems to be the issue. > It's a Zyxel NBG6615 (end of service by now, no newer firmware). > Is there any debug sysctl's I can set on the laptop that could prove useful > in troubleshooting this? Maybe different settings for iwm(4) or the AP? > > Daniel > > -- Please keep replies on the mailing list.
Re: Getting stuck on trying a fresh install to 7.4
On 2023-12-07, Daniel Ouellet wrote: > On 12/7/23 7:37 AM, Stuart Henderson wrote: >> On 2023-12-06, Daniel Ouellet wrote: >>>>> Any suggestion woudl be greattly appreciated. >>>> >>>> Old boot loaders cannot boot 7.4 kernels. >>>> Upgrade your 6.7 system to 7.3 first (the usual advice to avoid >>>> skipping releases during upgrades applies). Then upgrade to 7.4. >> >> Specifically the interface used for communicating system >> console information between the boot loader and the kernel was changed. >> There was backwards compat but sadly it was removed after one single >> release. >> >> I think this brings the total number of people I know who have been >> affected by this up to 6 now. >> >>> I didn't care what's on it now. All fresh install will do. >>> I have 22 to do. :( >> >> You can copy a new bootloader to the old machines and run installboot. > > Hi Stuart, > > Just to be clear and to help others here. > > You are talking about these two files only right? > > /usr/mdec/boot > /usr/sbin/installboot > > or should this one below be included too? I don't think it's needed, but > just want to be sure and make the info complete. > > /usr/mdec/biosboot Assuming standard partition table not GPT: /usr/mdec/boot and /usr/mdec/biosboot. *Not* /usr/sbin/installboot, the new binary is unlikely to run on new OS.
Re: pkg_add - error while reading header / read short file / gzheader truncated
On 2023-12-07, David Rinehart wrote: > > I see the same with multiple installs - Started with 7.4. No > modification to default installurl. The contents of the 'default' installurl depend on whuch mirror you selected to install from.
Re: Raspberry Pi Installation media gives blank screen on boot
On 2023-12-07, Vilyaem wrote: > Hello, > I am in the process of turning a Void Linux > Raspberry Pi 3 B server to one that runs > OpenBSD 7.4. > > However, when attempting to > begin the installation process, > after the install media boots, the screen > goes blank, nothing else happens afterwards, > the keyboard lights still strangely react > to caps lock and such. The HDMI monitor doesnt > outright lose signal, the screen just remains > black. > > I did the following steps. > > 1. Download miniroot74.img and install74.img from > openbsd.org arm64 > 2. Write miniroot74.img to an SD card using dd > doas dd if=miniroot74.img of=/dev/sdb > 3. Write install74.img to a USB using dd > doas dd if=install74.img of=/dev/sdb > 4. Put in the SD card and USB > 5. Start the Raspberry Pi See "Install on Raspberry Pi" on https://ftp.openbsd.org/pub/OpenBSD/7.4/arm64/INSTALL.arm64
Re: Getting stuck on trying a fresh install to 7.4
On 2023-12-06, Daniel Ouellet wrote: >>> Any suggestion woudl be greattly appreciated. >> >> Old boot loaders cannot boot 7.4 kernels. >> Upgrade your 6.7 system to 7.3 first (the usual advice to avoid >> skipping releases during upgrades applies). Then upgrade to 7.4. Specifically the interface used for communicating system console information between the boot loader and the kernel was changed. There was backwards compat but sadly it was removed after one single release. I think this brings the total number of people I know who have been affected by this up to 6 now. > I didn't care what's on it now. All fresh install will do. > I have 22 to do. :( You can copy a new bootloader to the old machines and run installboot. -- Please keep replies on the mailing list.
Re: pkg_add - error while reading header / read short file / gzheader truncated
On 2023-12-07, Joe B wrote: > Hello Misc, > > I am configuring a couple of laptops for my kids, i had installed 70 with > i3 and gcompris in them, its been a while since the last update so i > decided to make a fresh install. > > So I installed 74 in both of them, used the autoinstall so the process was > straightforward as always, rebooted, hw_update, syspatch, everything as > expected. > > The problem comes when trying to install a package, i am trying just to of > them: feh and gcompris, in both laptops, and i get the following errors, > they are several since i do a few tries and then the problem goes and comes > at different packages > > pkg_add: Ustar [package name, it is different every try, meaning > lcms2-2.15.tgz, gstreamer, libass-] [?]: Error while reading header > https://cdn.openbsd.org/pub/OpenBSD/7.4/packages/amd64/lame-3.100p1.tgz: > Read short file > > My configuration are: > 1 laptop, re0, trying pkg_add feh > 1 laptop, iwn0, trying pkg_add gcompris > > both with the same results, maybe i should try in another LAN, but could it > be a problem with the CDN server ? pkg_add/ftp aren't good at retrying when network connections fail. I'd think it's more likely a problem with your network connection than the cdn server, but you could try one of the other mirrors listed in www.openbsd.org/ftp.html (either set in /etc/installurl or set in the PKG_PATH environment variable; you can just use the hostname in the latter) > Thank you for your time, > > -- Manuel Solis > >>> > > Hello, > > I'm new to openBSD about 3 days old. and I ran into the same issue as > you. I would > > pkg_add something and I kept getting the header message. someone on > IRC helped me > > Simple. change the cdn to another mirror > > look at https://www.openbsd.org/faq/faq15.html#Mirror > > Basically You find a mirror probably ftp like I did go to vim or nano > /etc/installurl > > delete the cdn add another mirror and re-run the pkg_add you might > need to pkg_delete > > the partial and then re-run. pkg_add After all that you might need > pkg_add -u to see if the new mirror > > fixes all the other partials > > > Hope this helps > > > ~ Joe B > -- Please keep replies on the mailing list.
Re: 7.4 pfsync possible state update loop?
On 2023-12-01, Christian Gut wrote: > Hi List, > > I just updated two carp/pfsync firewalls from 7.3 to 7.4. After updating the > second box I see a massive increase in traffic on the sync interface. I now > reproduced this with another pair of firewalls - same thing. > > Both firewall have three physical interfaces: external, internal and sync. > Sync interface is connected via ethernet cable directly. Syncinterface has an > ip address. > > Configuration of hostname.pfsync0: > syncdev em2 > up > > The way I updated these boxes, lets call them primary and secondary: > > 1. update secondary to 7.4, including the change in hostname.pfsync0 > 2. change hostname.carp0 to promote to master - reboot > 3. secondary is now master > 4. update primary to 7.4 >=> traffic on syncif increases > > I tried so far - without any improvements: > - reboot both machines after another > - promote primary again > - ifconfig pfsync0 down; pfctl -F states; ifconfig pfsync0 up When you tried down/flush/up did you do it on both firewalls at the same time? (i.e. down pfsync on both, then flush on both, then up pfsync)? > I think they might see some kind of loop updating the states between each > other. Could someone point me to how I could diagnose further? pfsync was largely rewritten between 7.3 and 7.4, we found one problem like this but it was fixed before release. Best way to proceed is probably to capture traffic on the pfsync interface with tcpdump and see if it relates to any particular state/s and if there's anything special about them or the rules that generate them. bugs@ might be a better place than misc@ to continue this.
Re: Thinkpad x260 not connecting to network
On 2023-12-02, Mike Evron wrote: > > Thanks for taking the time to look into this. If there is any more info > needed or if this should be formatted differently, please let me know. Run "ifconfig iwm0 debug", try to connect, and send the full dmesg. -- Please keep replies on the mailing list.