Re: Another potential ksh bug?

[Vadim Zhukov]

For me, this is a definite bug. I've opted my students to fix this
bug, so unless there's a hurry, there must be a fix till the end of
December. :)

пн, 7 дек. 2020 г. в 07:43, Jordan Geoghegan :
>
> Hello again,
>
> I was playing around with ksh array syntax and its behaviour when set as
> read-only. In my testing I noticed that ksh will allow you to overwrite
> the first element of a read-only array. Example snippet:
>
> #!/bin/ksh
> arr[0]=val1
> arr[1]=val2
> readonly arr
> echo "${arr[@]}"
> arr=yikes
> echo "${arr[@]}"
>
> I tested a few other shells, and this bug does exists in the original
> pdksh and is also present in zsh. This bug is not present in ksh93, mksh
> or bash, where they abort when trying to modify the read-only array.
>
> I don't have access to a proper ksh88 shell, but it would be nice if
> someone could confirm its behaviour.
>
> I was just hoping someone could confirm if this is intended behaviour,
> or if it's a bug.
>
> Regards,
>
> Jordan
>


-- 
  WBR,
  Vadim Zhukov

Re: httpd with multiple php-fpm pools in separate chroots

[Vadim Zhukov]

I have setup like below working for me, with base httpd and php-7.3
package. I have PHP web app installed into /var/www/webapp directory,
with 'web' subdirectory serving as HTTP root, and I only want to
handle request paths starting with '/api' here.

The /etc/httpd.conf:

server "my.server" {
listen on * port 80
location "/api/*" {
root "/webapp/web"
directory index "index.php"
fastcgi socket "/run/php-webapp.sock"
}
}

And the PHP FastCGI conf snip:

[webapp]
user = $pool
group = $pool
listen = /var/www/run/php-$pool.sock
listen.owner = www
listen.group = www
listen.mode = 0660

chroot = /var/www/$pool

вс, 29 дек. 2019 г. в 02:21, Nazar Zhuk :
>
> Hello,
>
> I am trying to run multiple PHP sites, each in it's own chroot:
> /var/www/site1, /var/www/site2, etc. Document roots are
> /var/www/siteX/htdocs.
>
> The issue is that fastcgi DOCUMENT_ROOT and SCRIPT_FILENAME generated by
> httpd are relative to httpd chroot and include /siteX. php-fpm can't
> find scripts.
>
> I tried to change DOCUMENT_ROOT and SCRIPT_FILENAME with "fastcgi
> param". This works for DOCUMENT_ROOT, but for SCRIPT_FILENAME, I need to
> pass the actual script name.
>
> Conceptually I need:
>
> fastcgi param SCRIPT_FILENAME "/htdocs/"
>
> Built-in macros like in "block return" and "request rewrite" don't work
> here.
>
> I can make this work with a single php file like this:
>
> server "site1" {
>  listen on * port 80
>  root "/site1/htdocs"
>  location "*.php" {
>  fastcgi param DOCUMENT_ROOT "/htdocs"
>  fastcgi param SCRIPT_FILENAME "/htdocs/test.php"
>  fastcgi socket "/site1/run/php-fpm.sock"
>  }
> }
>
> This will serve http://site1/test.php which is located at
> /var/www/site1/htdocs/test.php
>
> Is there a solution or a workaround? Aside from running all php-fpm
> pools in /var/www chroot?
>
>
> Thanks.
>
> --
> Nazar
>


-- 
  WBR,
  Vadim Zhukov

Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?

[Vadim Zhukov]

вс, 2 дек. 2018 г. в 22:59, stephane l1 :
>
> does the conflicts come because I have already installed the package Qt5.9.6 
> (so release version) ?

Regarding conflicts - yes, you'll need to use "pkg_add -r" (replace
mode) to install alternative (FLAVORed) version of package. This is
documented in ports(7), packages(7) and pkg_add(1).

Regarding "not signed", you can set TRUSTED_PKG_PATH before running
pkg_add, or add -Dunsigned. Using "make install" in port directory
does this for you, but it won't use "pkg_add -r", though.

-- 
  WBR,
  Vadim Zhukov

Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?

[Vadim Zhukov]

вс, 2 дек. 2018 г. в 16:31, stephane l1 :
>
> Hi,
> Shall I make FLAVOR=debug make  in each Makefile of the modules of Qt in the 
> port  ?

Basically, yes. You can play with shell, of course, to run those in a
single command, though.

Please note that debug FLAVOR isn't linked to bulk builds, so it _may_
fail due to some unexpected condition on your system that differs from
mine. And make sure you have enough room for building... And I really,
really do not recommend doing it on HDD, only on SSD. :)

>>
>> ok thanks I will try to compile from the ports too..
>> Yes it was just a Qt problem in qversiontagging.h.
>> ok it would be more simple to use the ports thanks
>>
>> Le dim. 2 déc. 2018 à 14:02, Vadim Zhukov  a écrit :
>>>
>>> Well, I was talking about compiling from ports.
>>>
>>> If you try to compile Qt from sources on your own you're, well, on
>>> your own. find /usr/ports/x11/qt5 -name '*.patch' should give you a
>>> clue how much on your own you are. :)
>>> вс, 2 дек. 2018 г. в 15:03, stephane l1 :
>>> >
>>> > Hi,
>>> >
>>> > I have tryed with FLAVOR = debug make in the .pro and I have still this 
>>> > error :
>>> >
>>> > /usr/bin/ld: libQt5Core.so.5.9.6: undefined versioned symbol name 
>>> > qt_version_tag@Qt_5.8
>>> > /usr/bin/ld: failed to set dynamic section sizes: Bad value
>>> > clang++: error: linker command failed with exit code 1 (use -v to see 
>>> > invocation)
>>> >
>>> >
>>> > Le dim. 2 déc. 2018 à 12:14, Vadim Zhukov  a écrit :
>>> >>
>>> >> You'd better use "FLAVOR=debug make" inside x11/qt5 directory to build
>>> >> components you're interested in.
>>> >> вс, 2 дек. 2018 г. в 03:06, stephane l1 :
>>> >> >
>>> >> > Hi,
>>> >> > I have tried to compile a debug version of Qt5.9.6 on OpenBSD 6.4 with 
>>> >> > the
>>> >> > mkspecs of the package release Qt5.9.6 and the platform openbsd-clang 
>>> >> > but I
>>> >> > have linking error on the first lib libQt5Core on version-tag@Qt_5_8 ?
>>> >> > Have I forgotten something to configure ?
>>> >> >
>>> >> > Thanks
>>> >> > best regards
>>> >> >
>>> >> > Stéphane L . from france
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >>   WBR,
>>> >>   Vadim Zhukov
>>>
>>>
>>>
>>> --
>>>   WBR,
>>>   Vadim Zhukov



-- 
  WBR,
  Vadim Zhukov

Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?

[Vadim Zhukov]

Well, I was talking about compiling from ports.

If you try to compile Qt from sources on your own you're, well, on
your own. find /usr/ports/x11/qt5 -name '*.patch' should give you a
clue how much on your own you are. :)
вс, 2 дек. 2018 г. в 15:03, stephane l1 :
>
> Hi,
>
> I have tryed with FLAVOR = debug make in the .pro and I have still this error 
> :
>
> /usr/bin/ld: libQt5Core.so.5.9.6: undefined versioned symbol name 
> qt_version_tag@Qt_5.8
> /usr/bin/ld: failed to set dynamic section sizes: Bad value
> clang++: error: linker command failed with exit code 1 (use -v to see 
> invocation)
>
>
> Le dim. 2 déc. 2018 à 12:14, Vadim Zhukov  a écrit :
>>
>> You'd better use "FLAVOR=debug make" inside x11/qt5 directory to build
>> components you're interested in.
>> вс, 2 дек. 2018 г. в 03:06, stephane l1 :
>> >
>> > Hi,
>> > I have tried to compile a debug version of Qt5.9.6 on OpenBSD 6.4 with the
>> > mkspecs of the package release Qt5.9.6 and the platform openbsd-clang but I
>> > have linking error on the first lib libQt5Core on version-tag@Qt_5_8 ?
>> > Have I forgotten something to configure ?
>> >
>> > Thanks
>> > best regards
>> >
>> > Stéphane L . from france
>>
>>
>>
>> --
>>   WBR,
>>   Vadim Zhukov



-- 
  WBR,
  Vadim Zhukov

Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?

[Vadim Zhukov]

You'd better use "FLAVOR=debug make" inside x11/qt5 directory to build
components you're interested in.
вс, 2 дек. 2018 г. в 03:06, stephane l1 :
>
> Hi,
> I have tried to compile a debug version of Qt5.9.6 on OpenBSD 6.4 with the
> mkspecs of the package release Qt5.9.6 and the platform openbsd-clang but I
> have linking error on the first lib libQt5Core on version-tag@Qt_5_8 ?
> Have I forgotten something to configure ?
>
> Thanks
> best regards
>
> Stéphane L . from france



-- 
  WBR,
  Vadim Zhukov

Re: "no route to host" from pkg_add

[Vadim Zhukov]

вт, 7 авг. 2018 г., 21:16 Benjamin Walkenhorst <
walkenhorst.benja...@gmail.com>:

> Hello everyone,
>
> I recently installed OpenBSD 6.3 in a VPS.
>
> In the last few days, I get an error message when running pkg_add, "no
> route to host".
> I have tried setting various hosts in /etc/installurl, but the problem
> remains.
>
> When I run pkg_add, this is the output I get I get:
> [20:02|root@myhost:~]# pkg_add nmap
> https://fastly.cdn.openbsd.org/pub/OpenBSD//6.3/packages-stable/amd64/:
> ftp: connect: No route to host
> https://fastly.cdn.openbsd.org/pub/OpenBSD//6.3/packages/amd64/: ftp:
> connect: No route to host
> https://fastly.cdn.openbsd.org/pub/OpenBSD//6.3/packages/amd64/: empty
> Can't find nmap
>
> When I try to ping the host specified in /etc/installurl or call
> traceroute, everything seems to work as expected.
>
> I checked the output of /usr/bin/env to make sure there is no proxy
> configured
> (I copied that .zshrc around quite a bit), but as far as I can tell,
> there are no proxies set up anywhere in
>  the environment (i.e. the output of "env | grep -i proxy" is empty).
>
> I have two systems (one laptop and one VM) running OpenBSD 6.3 on my home
> network, and they work fine, so I
> am fairly certain the problem is with the configuration of the VPS.
>
> What am I missing?
>
> Thank you very much for any suggestions,
> Benjamin
>

Most likely, you didn't allow outgoing connections for _pkgfetch user in
pf.conf.

Re: OpenBSD snapshot at EFI: no micro :(

[Vadim Zhukov]

4 июня 2018 г. 2:42:21 GMT+03:00, Leonid Bobrov  пишет:
>Additional output:
>
>mazocomp$ cat > /dev/audio < /dev/zero &   
>   
>[1] 68006
>mazocomp$ audioctl play.{bytes,errors}
>play.bytes=1251840
>play.errors=0
>mazocomp$ audioctl play.{bytes,errors} 
>play.bytes=1724160
>play.errors=0
>mazocomp$ audioctl play.{bytes,errors} 
>play.bytes=2807040
>play.errors=0
>mazocomp$ kill %1
>mazocomp$ fg %1
>cat > /dev/audio < /dev/zero 
>Terminated 
>mazocomp$ mixerctl -v
>inputs.dac-0:1_mute=off  [ off on ]
>inputs.dac-0:1=222,222 
>inputs.dac-2:3_mute=off  [ off on ]
>inputs.dac-2:3=222,222 
>inputs.beep=108 
>record.adc-0:1_source=mic2  [ mic2 mic ]
>record.adc-0:1_mute=off  [ off on ]
>record.adc-0:1=126,126 
>record.adc-2:3_source=mic  [ mic mic2 mix ]
>record.adc-2:3_mute=off  [ off on ]
>record.adc-2:3=126,126 
>inputs.mix_source=dac-0:1,dac-2:3  { dac-0:1 dac-2:3 }
>inputs.mix_dac-0:1=126,126 
>inputs.mix_dac-2:3=126,126 
>outputs.hp_source=dac-0:1  [ dac-0:1 dac-2:3 ]
>outputs.hp_boost=off  [ off on ]
>outputs.spkr_source=dac-2:3  [ dac-0:1 dac-2:3 ]
>inputs.mic=255,255 
>outputs.mic_dir=input-vr80  [ none input input-vr80 ]
>inputs.mic2=255,255 
>outputs.mic2_dir=input-vr80  [ none input input-vr80 ]
>outputs.hp_sense=unplugged  [ unplugged plugged ]
>outputs.mic_sense=unplugged  [ unplugged plugged ]
>outputs.spkr_muters=hp  { hp }
>outputs.master=255,255 
>outputs.master.mute=off  [ off on ]
>outputs.master.slaves=dac-0:1,dac-2:3  { dac-0:1 dac-2:3 beep }
>record.enable=sysctl  [ off on sysctl ]
>mazocomp$

It's a new sysctl: kern.audio.record=0, and there's also a per-device mixer 
knob in called record.enable.

Microphone, and any other audio recording, is now disabled by default.

This probably worths noting in current.html...
-- 
  WBR,
Vadim Zhukov

Re: Viewport for man.openbsd.org -- readability on phones

[Vadim Zhukov]

If you REALLY want something like we had, without JS and non-standard
features, you can try something like:

@media screen and (min-width: 1000px) {
html { max-width: 100ex }
html { max-width: 80ch }
}

The @media queries is a long-standing feature and should just work.
The "ch" isn't supported by IE <=8 and Opera <=20, so if you really
care, you can use doubled declaration: this way browsers that don't
support "ch" will use old "ex". Using "ex" for specifying width is
ugly and it probably should be something like "65em" instead anyway...

--
  WBR,
  Vadim Zhukov


2018-05-18 4:08 GMT+03:00 Ingo Schwarze :
> Hi Ken,
>
> Ken M wrote on Thu, May 17, 2018 at 08:50:53PM -0400:
>
>> I will probably have to duck and run
>> for suggesting javascript as the answer here...
>
> Precisely.  :)
>
>> But for the most part the modern industry standard to make pages
>> scale well across many devices and screen orientations is to use
>> a responsive design library, most notably bootstrap.
>
> We are talking about a simplistic one-column layout here,
> and avoiding that kind of bloat (in particular javascript)
> is among the top four design goals, together with support
> for hyperlinks, support for semantic annotations, and avoiding
> gratuitous presentational differences when compared to terminal
> output (just to avoid misunderstandings, not every difference
> is gratuitous: for example, terminals naturally use fixed-width
> fonts, HTML naturally uses proportional fonts).
>
> But no, javascript is an even worse suggestion than the
> original idea of "meta viewport".
>
> Yours,
>   Ingo
>

Re: no default httpd.conf?

[Vadim Zhukov]

2018-05-17 14:26 GMT+03:00 Stuart Henderson :
> On 2018-05-17, Vadim Zhukov  wrote:
>> 17 мая 2018 г. 5:50:16 GMT+03:00, justina colmena  
>> пишет:
>>
>> Regarding su-php, I'd go with per-user php-fpm process, actually,
>> that's much safer, and rarely used ones can easily wait in swap (I
>> feel that you're trying to pack as much users as possible). You
>> can ever use symlinks to create, e.g., /etc/rc.d/phpXY_fpm_USER1,
>> /etc/rc.d/phpXY_fpm_USER2 and so on, and then set up different flags
>> like "-u USER1" for those in rc.conf.
>
> No need to run multiple copies of php-fpm yourself, it handles multi
> uid itself. Various ways to handle chroot as well, you can chroot them
> separately, or use a shared chroot and rely on permissions. This should
> give you some ideas:
>
> [global]
> error_log = syslog
> syslog.facility = daemon
> log_level = notice
>
> [www]
> user = www
> group = www
> listen = /var/www/run/php-fpm.sock
> listen.owner = www
> listen.group = www
> listen.mode = 0600
> pm = dynamic
> pm.max_children = 20
> pm.start_servers = 2
> pm.min_spare_servers = 1
> pm.max_spare_servers = 3
> chroot = /var/www
>
> [web1]
> user = _web1
> group = _web1
> listen = /var/www/run/php-fpm-web1.sock
> listen.owner = www
> listen.group = www
> listen.mode = 0600
> pm = dynamic
> pm.max_children = 20
> pm.start_servers = 2
> pm.min_spare_servers = 1
> pm.max_spare_servers = 2
> chroot = /var/www
> env[TMP] = /var/www/web1/tmp
> env[TMPDIR] = /var/www/web1/tmp

Now that breakfast is gone I start to think you (and Josh earlier) are
right: single php-fpm process should be fine. :)

--
  WBR,
  Vadim Zhukov

Re: no default httpd.conf?

[Vadim Zhukov]

17 мая 2018 г. 5:50:16 GMT+03:00, justina colmena  пишет:
>I just recently installed OpenBSD 6.3, and I was looking for an example
>httpd.conf, but I did not find one. The manual page does document
>more or less how to create one, but there still appears to be some lack
>of ease and safety putting up a basic web page with dynamic content (I
>am most used to PHP and PostgreSQL for that purpose, but of course
>there are many options that more or less replace the ubiquitous "LAMP"
>or "Linux/Apache/MySQL/PHP" stack.
>
>Now there is nothing in OpenBSD's httpd really like Apache's "UserDir"
>directive. Of course the real user directory has to dwell somewhere in
>the "/var/www" chroot on OpenBSD. The alternative to "UserDirs" of
>course, is wildcard subdomains, but those do not really cooperate all
>that well with https, dnssec, or caa records, or with certain other
>general goals of security.
>
>The other thing I am curious about is something like "su-php" which
>appears to be deprecated and outdated. So, assuming some sort of
>UserDir
>scenario, (probably more sophisticated than my very basic one I
>have hacked together below,) does php-fpm have a way to prevent one
>user's malicious php script from reading another user's database
>access credentials?
>
>%<
># /etc/httpd.conf for amarillo.colmena.biz
>
>server "default" {
>listen on * port 80
>listen on :: port 80
>listen on * tls port 443
>listen on :: tls port 443
>tls certificate "/etc/ssl/fullchain.pem"
>directory index index.php
>location "/.well-known/acme-challenge/*" {
>root "/acme"
>root strip 2
>}
>location match "/~justina/.*%.php" {
>root "/justina"
>root strip 1
>fastcgi socket "/run/php-fpm.sock"
>}
>location "*.php" {
>fastcgi socket "/run/php-fpm.sock"
>}
>location "/~justina/*" {
>root "/justina"
>root strip 1
>directory auto index
>}
>location "/~justina" {
>block return 301 "/~justina/"
>}
>}
>types {
>include "/usr/share/misc/mime.types"
>}

Did you ever looked in /etc/examples?

OpenBSD HTTPd is a web server, but not each web server is fully-featured Apache 
HTTP Server replacement. So, yes, no UserDir. If you need this functionality, 
then just install apache-httpd from packages.

Regarding su-php, I'd go with per-user php-fpm process, actually, that's much 
safer, and rarely used ones can easily wait in swap (I feel that you're trying 
to pack as much users as possible). You can ever use symlinks to create, e.g., 
/etc/rc.d/phpXY_fpm_USER1, /etc/rc.d/phpXY_fpm_USER2 and so on, and then set up 
different flags like "-u USER1" for those in rc.conf.

-- 
  WBR,
Vadim Zhukov

Re: Why would you use make show rather than make -V in ports?

[Vadim Zhukov]

2017-12-23 1:57 GMT+03:00 Thomas Levine <_...@thomaslevine.com>:
> The normal port Makefile includes this "show" target.
>
>   $ grep -A3 ^show: /usr/ports/infrastructure/mk/bsd.port.mk
>   show:
>   .for _s in ${show}
>   @echo ${${_s}:Q}
>   .endfor
>
> Why would one use it rather than make -V?

The "show" gives you expanded value when -V gives raw one. Just assign
"foo=$bar" in Makefile and see what happens in both cases.

--
  WBR,
  Vadim Zhukov

Re: xlock permission problem

[Vadim Zhukov]

2016-07-17 22:20 GMT+03:00 Jyri Hovila [iki.fi] :
> Hi, and thanks for your time!
>
> On Sun, 17 Jul 2016 21:52:53 +0300
> Vadim Zhukov  wrote:
>
>> Check the following:
>>
>> - you have root:auth mode rwxr-sr-x set for /usr/X11R6/bin/xlock;
>
> # ls -la /usr/X11R6/bin/xlock
> -rwxr-sr-x  1 root  auth  2970216 Jun  2 15:00 /usr/X11R6/bin/xlock

Jun, 2... is your base in sync? I mean, userland corresponds to kernel
and to xenocara?

>> - you do NOT have nosuid option set for /usr/X11R6.
>
> # mount
> /dev/sd1g on /usr/X11R6 type ffs (local, nodev)
>
> Still a mystery. =o

Then check what owner/group/rights do /etc/*passwd and /etc/login.conf
files, and /usr/libexec/auth directory have. They basically should be
(according to /etc/mtree/special):

-rw-r--r--  1 root  wheel   2770 Jan 14  2016 /etc/login.conf
-rw---  1 root  wheel  10350 Jul 12 17:25 /etc/master.passwd
-rw-r--r--  1 root  wheel   8522 Jul 12 16:42 /etc/passwd
drwxr-x---  2 root  auth 512 Jul  3 17:49 /usr/libexec/auth/

Most likely you have /etc/login.conf non-world-readable... If this
won't help, you'll probably need to use ktrace to find out the
problematic syscall.

--
  WBR,
  Vadim Zhukov

Re: xlock permission problem

[Vadim Zhukov]

2016-07-17 21:31 GMT+03:00 Jyri Hovila [iki.fi] :
> Hello, world!
>
> I'm having an issue with xlock being unable to unlock a locked session.
>
> I'm running a CURRENT version of OpenBSD on amd64 architecture.
>
> I can lock my X session with xlock just fine, but when I enter my
> password the unlock, xlock says the password is invalid. However, the
> password I've entered (several times) is 100% correct.
>
> Authlog provides the following hints:
>
> ==
> xlock[82700]: Start: myusername, myusername, :0
> xlock[82700]: staff: getting class information: Permission denied
> xlock[82700]: daemon: getting classinformation: Permission denied
> xlock[82700]: xlock: failed unlock attempt on user myusername
> xlock[82700]: xlock: xio_error
> xlock[82700]: Stop: myusername, myusername, :0, 6m 5s
> ==
>
> I've googled thoroughly, checked the permissions of /etc/group etc, but
> have not found either a solution nor any hints on how to further
> diagnose the problem.
>
> Any ideas, anyone?

Check the following:

- you have root:auth mode rwxr-sr-x set for /usr/X11R6/bin/xlock;
- you do NOT have nosuid option set for /usr/X11R6.

--
  WBR,
  Vadim Zhukov

Re: jabber client with conference history saving

[Vadim Zhukov]

2016-04-18 22:47 GMT+03:00 Joseph Oficre :
> Hm, i have just standart Psi package installation. In
> ~/.local/share/psi/profiles/default/history/some_conference.history i can
> see only "  |2015-07-05T02:53:35|4|from|N---|Resource constraint.\nThe
> server or recipient lacks the system resources necessary to service the
> request.\nTraffic rate limit is exceeded\n--\n " that kind of
> messages...

What happens if you stop Psi, rename both .config/psi and
.local/share/psi folders, and then start Psi again? Psi should ask
you, so set up one account and check if history starts being saved
okay.

If history now gets saved successfully, check your program & account
settings carefully.

If history will contain only error notifications still... Well, maybe
switch to another client won't be such bad idea. In theory I should
recommend you the Kopete, but I won't, since it doesn't work well
under cwm at least (probably a Qt4 bug, but still).

> 2016-04-18 21:42 GMT+03:00 Vadim Zhukov :
>>
>> 2016-04-17 22:42 GMT+03:00 Joseph Oficre :
>> > Hello, @misc.
>> > Can someone give me an advice about xmpp client on OpenBSD, Im using Psi
>> > for now, but it doesnt save messages history properly (errors only).
>> > So i want to try another one.
>> > Doesnt matter if console or gui, just with chatroom/private chats
>> > history
>> > saving ability.
>> >
>> > OpenBSD-current.
>>
>> Psi is actually one of the most powerful XMPP clients. And if it
>> doesn't save history for you, then something is wrong: I've just
>> checked, it works fine here, including UTF-8 stuff.

--
  WBR,
  Vadim Zhukov

Re: jabber client with conference history saving

[Vadim Zhukov]

2016-04-17 22:42 GMT+03:00 Joseph Oficre :
> Hello, @misc.
> Can someone give me an advice about xmpp client on OpenBSD, Im using Psi
> for now, but it doesnt save messages history properly (errors only).
> So i want to try another one.
> Doesnt matter if console or gui, just with chatroom/private chats history
> saving ability.
>
> OpenBSD-current.

Psi is actually one of the most powerful XMPP clients. And if it
doesn't save history for you, then something is wrong: I've just
checked, it works fine here, including UTF-8 stuff.

--
  WBR,
  Vadim Zhukov

Re: wireshark illegal instruction on older systems

[Vadim Zhukov]

2016-03-15 21:33 GMT+03:00 Stuart Henderson :
> On 2016-03-15, Peter Kay  wrote:
>> It's a MOVSD SSE instruction. Tshark is ok. I can cope with that or tcpdump
>> if need be, but here's the output :
>
> I think this variant of MOVSD might be AVX?
>
>> Starting program: /usr/local/bin/wireshark
>> warning: Lowest section in /usr/local/lib/libicudata.so.9.0 is .hash at
>> 0154
>>
>> Program received signal SIGILL, Illegal instruction.
>> 0x06d685fb in _GLOBAL__sub_I_qguiapplication.cpp () from
>> /usr/local/lib/qt5/./libQt5Gui.so.1.1
>
> Looks like it's in Qt5 then. Wireshark still has the "legacy" gtk GUI
> (it's in a subpackage), you could try that instead for now.
>
> Looks like Qt autodetects at build time, we probably want to configure
> on i386 with no-avx, no-avx2, no-sse4.1, no-sse4.2, maybe no-ssse3.
> (SSE2 is probably reasonable to expect for Qt5 apps, it's present on
> Netburst, Pentium-M, Atom, C7 etc. which seems a sane cut-off point
> for heavy GUI apps).

Yeah. I've patched qmake files, but missed those bits. Modern amd64
makes you blind sometimes. :(

--
  WBR,
  Vadim Zhukov

Re: rc.d and rtable

[Vadim Zhukov]

27 янв. 2016 г. 21:29 пользователь "Jiri B" 
написал:
>
> On Wed, Jan 27, 2016 at 01:40:14PM +0100, Antoine Jacoutot wrote:
> > On Wed, Jan 27, 2016 at 06:47:57AM -0500, Jiri B wrote:
> > > Would it be worth to extend rc.d for rtable knobs?
> > >
> > > - daemon_rtable varible
> > > - rc_* functions (route exec, pgrep/pkill -T $rtable...)
> > >
> > > Or are routing tables not much used thus not worth to make
> > > rc.d more complicated?
> >
> > There has been several discussions about this. No decision made though.
> > If you can find a nice way to implement it, I can have a look.
>
> rc.d framework is so nice... not sure if this is nice way but it
> works. Maybe check for existing rtable is not great.

The code looks like more or less fine (I'll do a more careful review a bit
later), but there are documentation bits missing.

--
Vadim Zhukov

Re: "# systrace -c1000:1000 kate" for privilege escalated editing?

[Vadim Zhukov]

03 дек. 2015 г. 4:27 пользователь "Luke Small"

написал:
>
> I want to be able to use systrace for privilege escalation for kompare for
> sysmerge diffs and kate. Why isn't systrace able to do this?

Because noone wrote a systrace policy for Kate and Kompare (for your
installation and user) yet? That's without mentioning that it would be hard
to restrict those applications in a correct manner: they do use a lot of
system resources by just being nice KDE apps.

That being said, I won't expect much security problems in Kompare itself.
Kate is more complex, but still doesn't run in terminal. Thus Kompare and
Kate likely not being hurt by some crazy escape codes in patch files.
Anything else lies outside of usage profile you're talking about, if I
understood you correctly.

--
Vadim Zhukov

Re: Maintaining CAs not in cert.pem

[Vadim Zhukov]

2015-07-31 3:15 GMT+03:00 Joel Rees :
> 2015/07/31 6:49 "Vadim Zhukov" :
>>
>> [...]
>>
>> Well, I see four scenarios:
>>
>> 1. Using the defaults supplied with OpenBSD only. Typical for
> home/personal use.
>>
>> 2. Use the defaults supplied with OpenBSD, and one or more additional
>> CAs. Typical for corporate use.
>>
>> 3. Use personal set of CAs. Usually means either white-, or
>> blacklisting entries from "base" certs pack.
>>
>> After more thinking I see that symlink idea is not good. But we can do
>> some other thing:
>>
>> 1. Have "base" certs installed into /etc/examples/certs.pem.
>> 2. Additional certs, if any, should go into /etc/ssl/local.pem.
>> 3. Have sysmerge handle certs specially: comparing not (old)
>> /etc/examples/cert.pem with /etc/ssl/cert.pem, but
>> /etc/examples/cert.pem+/etc/ssl/local.pem vs. /etc/ssl/cert.pem. In
>> case they do match, sysmerge would regenerate /etc/ssl/cert.pem by
>> concatentaing (new) /etc/examples/cert.pem and /etc/ssl/local.pem.
>>
>> What do you think?
>
> I know my opinions don't count much here, but it seems to me that
> mishandled certificates are such a huge cash cow that no one wants to do
> them right. Until the cash cow dies, anything we try now is likely to be
> wrong.
>
> With that caveat, try your ideas on your own system. You'll need to add
> some scripts of your own to extend what sysmerge and other tools do. Post
> to the list about how it works for you over the next year or so.
>
> That's my suggestion.

Discussed off-list. There was a misunderstanding that was (I hope) fixed.

--
  WBR,
  Vadim Zhukov

Re: Maintaining CAs not in cert.pem

[Vadim Zhukov]

2015-07-31 0:48 GMT+03:00 Vadim Zhukov :
> 2015-07-31 0:17 GMT+03:00 Stuart Henderson :
>> On 2015-07-30, Vadim Zhukov  wrote:
>>> 2015-07-30 20:16 GMT+03:00 Stuart Henderson :
>>>> On 2015-07-30, Ted Unangst  wrote:
>>>>> Michael McConville wrote:
>>>>>> > Another meat could be, why you're using self-signed certificates?
>>>>>> > Given the plethora of options for getting free (valid) certificates.
>>>>>>
>>>>>> He mentioned in his original email that it's a requirement where he
>>>>>> works. That's common, from what I hear, although probably not the
>>>>>> safest.
>>>>>
>>>>> I would consider a cert signed by somebody I actually trust (me) safer 
>>>>> than
>>>>> delegating that trust to 300 strangers.
>>>>
>>>> I think cert.pem should move to the etc set, so you can remove
>>>> CAs from the file (as well as add new ones) without risk of those
>>>> changes getting reverted.
>>>>
>>>> Downside: CA changes will then only take effect after running
>>>> sysmerge. Is that a problem?
>>>
>>> I think it is. This is the same as with /etc/examples: less stuff to
>>> merge, less errors to happen.
>>
>> cert.pem is pretty much a required file, we can't just move it to examples/.
>> For people who don't touch it, it's a simple no-touch sysmerge update.
>> For people who do, having sysmerge ask about merging it is a lot safer
>> than just overwriting.
>
> No, I didn't want to move /etc/ssl/cert.pem it to /etc/examples. I
> think that its current contents could be provided in other way...
>
>>> I'd ask another question: why can't software use /etc/ssl/myown.pem,
>>> or /etc/ssl/*.pem, ever, instead of /etc/ssl/cert.pem? This will make
>>> "trust" and "untrust" operations as simple as possible. Noone in
>>> healthy mind would place junk in /etc/ssl anyway, right?
>>
>> Some software allows you to set a different certificate file; other
>> software doesn't. Patching everything in ports that verifies SSL certs
>> to allow the user to specify an alternative file would just be insane.
>
> Hm-m, I always tried to live in a separate room with SSL beasts. Now I
> realize that I saved a lot of nerves myself, and as a result I'm
> living in a pink pony world. Thanks for getting back to the ground.
>
> I thought that there was some "default" in OpenSSL (and its
> decendants) that programs tends to use. Now I realize there is no such
> place. Okay, this variant gets busted.
>
>> And of course then there's no single way to tell programs to use the
>> alternative file; "ftp -S cafile=/path/to/cert.pem",
>> "env SSL_CERT_FILE=/path/to/cert.pem lynx"
>>
>>> Or we may ship /etc/ssl/base.pem in base tgz, and install
>>> /etc/ssl/cert.pem -> base.pem at installation time. This way things
>>> will work by default, and if you need to have your own trust path, you
>>> just change symlink. What do you think?
>>
>> That doesn't really help. One common scenario is wanting to add a
>> single CA to the standard file, but otherwise pick up updates (e.g. with
>> sysmerge), this method doesn't allow that.
>
> Well, I see four scenarios:

Those should be "three", of course. :)

> 1. Using the defaults supplied with OpenBSD only. Typical for home/personal 
> use.
>
> 2. Use the defaults supplied with OpenBSD, and one or more additional
> CAs. Typical for corporate use.
>
> 3. Use personal set of CAs. Usually means either white-, or
> blacklisting entries from "base" certs pack.
>
> After more thinking I see that symlink idea is not good. But we can do
> some other thing:
>
> 1. Have "base" certs installed into /etc/examples/certs.pem.
> 2. Additional certs, if any, should go into /etc/ssl/local.pem.
> 3. Have sysmerge handle certs specially: comparing not (old)
> /etc/examples/cert.pem with /etc/ssl/cert.pem, but
> /etc/examples/cert.pem+/etc/ssl/local.pem vs. /etc/ssl/cert.pem. In
> case they do match, sysmerge would regenerate /etc/ssl/cert.pem by
> concatentaing (new) /etc/examples/cert.pem and /etc/ssl/local.pem.
>
> What do you think?

--
  WBR,
  Vadim Zhukov

Re: Maintaining CAs not in cert.pem

[Vadim Zhukov]

2015-07-31 0:17 GMT+03:00 Stuart Henderson :
> On 2015-07-30, Vadim Zhukov  wrote:
>> 2015-07-30 20:16 GMT+03:00 Stuart Henderson :
>>> On 2015-07-30, Ted Unangst  wrote:
>>>> Michael McConville wrote:
>>>>> > Another meat could be, why you're using self-signed certificates?
>>>>> > Given the plethora of options for getting free (valid) certificates.
>>>>>
>>>>> He mentioned in his original email that it's a requirement where he
>>>>> works. That's common, from what I hear, although probably not the
>>>>> safest.
>>>>
>>>> I would consider a cert signed by somebody I actually trust (me) safer than
>>>> delegating that trust to 300 strangers.
>>>
>>> I think cert.pem should move to the etc set, so you can remove
>>> CAs from the file (as well as add new ones) without risk of those
>>> changes getting reverted.
>>>
>>> Downside: CA changes will then only take effect after running
>>> sysmerge. Is that a problem?
>>
>> I think it is. This is the same as with /etc/examples: less stuff to
>> merge, less errors to happen.
>
> cert.pem is pretty much a required file, we can't just move it to examples/.
> For people who don't touch it, it's a simple no-touch sysmerge update.
> For people who do, having sysmerge ask about merging it is a lot safer
> than just overwriting.

No, I didn't want to move /etc/ssl/cert.pem it to /etc/examples. I
think that its current contents could be provided in other way...

>> I'd ask another question: why can't software use /etc/ssl/myown.pem,
>> or /etc/ssl/*.pem, ever, instead of /etc/ssl/cert.pem? This will make
>> "trust" and "untrust" operations as simple as possible. Noone in
>> healthy mind would place junk in /etc/ssl anyway, right?
>
> Some software allows you to set a different certificate file; other
> software doesn't. Patching everything in ports that verifies SSL certs
> to allow the user to specify an alternative file would just be insane.

Hm-m, I always tried to live in a separate room with SSL beasts. Now I
realize that I saved a lot of nerves myself, and as a result I'm
living in a pink pony world. Thanks for getting back to the ground.

I thought that there was some "default" in OpenSSL (and its
decendants) that programs tends to use. Now I realize there is no such
place. Okay, this variant gets busted.

> And of course then there's no single way to tell programs to use the
> alternative file; "ftp -S cafile=/path/to/cert.pem",
> "env SSL_CERT_FILE=/path/to/cert.pem lynx"
>
>> Or we may ship /etc/ssl/base.pem in base tgz, and install
>> /etc/ssl/cert.pem -> base.pem at installation time. This way things
>> will work by default, and if you need to have your own trust path, you
>> just change symlink. What do you think?
>
> That doesn't really help. One common scenario is wanting to add a
> single CA to the standard file, but otherwise pick up updates (e.g. with
> sysmerge), this method doesn't allow that.

Well, I see four scenarios:

1. Using the defaults supplied with OpenBSD only. Typical for home/personal use.

2. Use the defaults supplied with OpenBSD, and one or more additional
CAs. Typical for corporate use.

3. Use personal set of CAs. Usually means either white-, or
blacklisting entries from "base" certs pack.

After more thinking I see that symlink idea is not good. But we can do
some other thing:

1. Have "base" certs installed into /etc/examples/certs.pem.
2. Additional certs, if any, should go into /etc/ssl/local.pem.
3. Have sysmerge handle certs specially: comparing not (old)
/etc/examples/cert.pem with /etc/ssl/cert.pem, but
/etc/examples/cert.pem+/etc/ssl/local.pem vs. /etc/ssl/cert.pem. In
case they do match, sysmerge would regenerate /etc/ssl/cert.pem by
concatentaing (new) /etc/examples/cert.pem and /etc/ssl/local.pem.

What do you think?

--
  WBR,
  Vadim Zhukov

Re: Maintaining CAs not in cert.pem

[Vadim Zhukov]

2015-07-30 20:16 GMT+03:00 Stuart Henderson :
> On 2015-07-30, Ted Unangst  wrote:
>> Michael McConville wrote:
>>> > Another meat could be, why you're using self-signed certificates?
>>> > Given the plethora of options for getting free (valid) certificates.
>>>
>>> He mentioned in his original email that it's a requirement where he
>>> works. That's common, from what I hear, although probably not the
>>> safest.
>>
>> I would consider a cert signed by somebody I actually trust (me) safer than
>> delegating that trust to 300 strangers.
>
> I think cert.pem should move to the etc set, so you can remove
> CAs from the file (as well as add new ones) without risk of those
> changes getting reverted.
>
> Downside: CA changes will then only take effect after running
> sysmerge. Is that a problem?

I think it is. This is the same as with /etc/examples: less stuff to
merge, less errors to happen.

I'd ask another question: why can't software use /etc/ssl/myown.pem,
or /etc/ssl/*.pem, ever, instead of /etc/ssl/cert.pem? This will make
"trust" and "untrust" operations as simple as possible. Noone in
healthy mind would place junk in /etc/ssl anyway, right?

Or we may ship /etc/ssl/base.pem in base tgz, and install
/etc/ssl/cert.pem -> base.pem at installation time. This way things
will work by default, and if you need to have your own trust path, you
just change symlink. What do you think?


> Index: base/mi
> ===
> RCS file: /cvs/src/distrib/sets/lists/base/mi,v
> retrieving revision 1.716
> diff -u -p -r1.716 mi
> --- base/mi 16 Jul 2015 21:28:06 -  1.716
> +++ base/mi 30 Jul 2015 17:14:15 -
> @@ -221,7 +221,6 @@
>  ./etc/skel/.ssh
>  ./etc/ssh
>  ./etc/ssl
> -./etc/ssl/cert.pem
>  ./etc/ssl/lib
>  ./etc/ssl/private
>  ./etc/systrace
> Index: etc/mi
> ===
> RCS file: /cvs/src/distrib/sets/lists/etc/mi,v
> retrieving revision 1.199
> diff -u -p -r1.199 mi
> --- etc/mi  3 Jul 2015 22:52:52 -   1.199
> +++ etc/mi      30 Jul 2015 17:14:15 -
> @@ -42,6 +42,7 @@
>  ./etc/spwd.db
>  ./etc/ssh/ssh_config
>  ./etc/ssh/sshd_config
> +./etc/ssl/cert.pem
>  ./etc/ssl/openssl.cnf
>  ./etc/ssl/x509v3.cnf
>  ./etc/syslog.conf


--
  WBR,
  Vadim Zhukov

Re: Maintaining CAs not in cert.pem

[Vadim Zhukov]

2015-07-30 3:02 GMT+03:00 trondd :
> I have my own CA for home use and my work also has their own CA and
> intermediate certificates.  What is the correct way of maintaining the
> certificates so that the system always knows about them?  I've been
> appending them to /etc/ssl/cert.pem but it gets replaced every update (not
> even maintained with sysmerge since it comes for libcrypto and not the etc
> package).
>
> Is there a place to put them that is automatically read in addition to
> cert.pem?

It depends on software you're using, actually. Qt 4 and 5 look at the
whole /etc/ssl (without subdirs) for certificates, for example.

--
  WBR,
  Vadim Zhukov

Re: doas, keepenv PATH segfault

[Vadim Zhukov]

2015-07-28 12:34 GMT+03:00 Zé Loff :
> Hi all
>
> On yesterday's amd64 -current (#1201), if PATH is added to the keepenv
> list in doas.conf, e.g.
>
>   permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root
>
> when attempting to run an inexistent command, doas segfaults instead of
> exiting with "command not found" and retval 1.
>
> I actually have no idea if "keepenv PATH" makes any sense, I just had a
> couple of scripts in ~/bin that require sudo/doas -- but even if its a
> stupid idea, segfaulting didn't seem right.

Hi,

thank you for the report. I've just committed the fix; please check
that your usecase is happy now.

--
  WBR,
  Vadim Zhukov

Re: qt4-4.8.6p0

[Vadim Zhukov]

07 мая 2015 г. 4:46 пользователь "Stan Gammons"

написал:
>
> Is qt4-4.8.6p0 broken in 5.7 release?  I tried to install KDE4 using
http://ftp.openbsd.org/pub/OpenBSD/5.7/packages/amd64/ as the package path
and when it gets to 98 percent while extracting qt4, it gets a fatal error
stating [lib/qt4/translations/qt_de.qml]: Premature end of archive. It
states a partial installation recorded as partial-qt4-4.8.6p0.2 at
/usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817

Try a mirror. Actually, using mirrors is a recommended way.

Check if you could install other big packages - maybe some software, like
HTTP caching server, between you and the Internet has problems. Try to get
this file separately, and install locally, by pointing pkg_add directly to
it.

--
Vadim Zhukov

Re: autonet - simple automatic wifi chooser

[Vadim Zhukov]

15 февр. 2015 г. 2:59 пользователь "Steve Dee"

написал:
>
> Hi misc,
>
> I hacked this utility together recently to scratch an itch. You might find
> it interesting if you use OpenBSD on a laptop and frequently move between
a
> few locations with stable networks:
>
> https://github.com/mrdomino/autonet
>
> If there's sufficient demand, I'd be happy to put together a port.
>
> (First post -- sorry in advance for cluelessness.)

There is an ongoing effort on this path, involving some kernel changes.
Current idea is to have network profiles containing all info about known
network and let kernel switch between them, pushing notifications to
userland when it's done. Feel free to contact me off-list if you're
interested to dig further.

--
Vadim Zhukov

Re: httrack

[Vadim Zhukov]

21 янв. 2015 г. 20:11 пользователь "Zuleyha Torku"

написал:
>
> Hi
>
> I would like to use httrack. But, when I was try to make it source
> (downloaded from svn), I have got plenty of errors like belov
>
> Is there anyone can give some advices about installation httrack on
OpenBSD
> 5.6 amd64 ?
>
> htscharset.c:1239: warning: comparison is always true due to limited range
> of data type

Please take a look for www/httrack port. It didn't get in OpenBSD 5.6,
unfortunately, but you likely could take it from -CURRENT (this is not a
supported method in general, but should work in that particular case):

$ cd /usr/ports
$ cvs up -APd www/httrack
$ cd www/httrack
$ make install

Alternatively, you could take patches from this port and adapt them to SVN
checkout you have.

--
Vadim Zhukov

Re: About special configs to do in OpenBSD for KVM environments

[Vadim Zhukov]

19 дек. 2014 г. 11:53 пользователь "Jiri B" 
написал:
>
> On Fri, Dec 19, 2014 at 11:57:19AM +0400, Vadim Zhukov wrote:
> > I have few 5.5/amd64 in production under CentOS 6.2, without either
direct
> > or indirect access to Internet. No problems so far, no adjustments on
> > OpenBSD side.
>
> Time to upgrade hosts? It's time of 6.6 now :)

Ouch. How did it happen that I missed 5 years???

More seriously - yes, of course. Just no hurry needed there.

--
Vadim Zhukov

Re: About special configs to do in OpenBSD for KVM environments

[Vadim Zhukov]

19 дек. 2014 г. 10:36 пользователь "C. L. Martinez"

написал:
>
> Hi all,
>
>  Please, first of all, I don't want to start a flame or quite similar.
> I only want to know what problems I can encounter when I need to
> install OpenBSD in kvm environments (mostly CentOS 6.x servers).
>
>  Yes, I know, OpenBSD is not supported to run in virtualization
> environments, but many of us only have access to that kind of
> environments for testing (new pf rules, updates, etc). We can't use
> physical server and although I am not a big fan of this type of
> technology, it is here to stay.
>
>  My questions are KVM specific. As far as I know:
>
>
> a) OpenBSD/i386: turn APIC off and set up vio flags to 0x02
>
> b) OpenBSD/amd64: set up vio flags to 0x02
>
>
> Anything else??

I have few 5.5/amd64 in production under CentOS 6.2, without either direct
or indirect access to Internet. No problems so far, no adjustments on
OpenBSD side.

--
Vadim Zhukov

Re: clementine stutters when playing local files

[Vadim Zhukov]

Yes, there are issues related to the fact that disk I/O causes major - from
the audio's point of view - pauses. Unfortunately I'm not expert in this
area, but this is what you could do:

1. Disable sonogram in Clementine. Yes, this helps a bit, but I was too
lazy to investigate, why. :)

2. Try to _lower_ buffer sizes. Larger buffer causes larger read.

Eventually I'll look at Clementine 2.x...

--
Vadim Zhukov
18 дек. 2014 г. 12:23 пользователь "Marko Cupać"

написал:

> On Thu, 18 Dec 2014 09:13:31 +0100
> Marko Cupać  wrote:
>
> > Hi,
> >
> > When playing local mp3 files in clementine, there are frequent short
> > skips. Listening to the same files over network (icecast) everything
> > is ok.
>
> I searched around, and It appears that I have I/O bottleneck, as vmstat
> constantly shows blocked processes even though laptop does close to
> nothing:
>
>  procsmemory   pagediskstraps  cpu
>  r b wavm fre  flt  re  pi  po  fr  sr sd0 sd1  int   sys   cs us
> sy id
>  1 5 0 817348 6063372  680   0   0   0   0   0  11 1068 1911 26543 4849
> 6  6 88
>  2 5 0 817364 6063352   41   0   0   0   0   0   0   0  131  7076  933  4
> 0 96
>  2 5 0 817424 6063288   37   0   0   0   0   0   0   0  135  7334  983  3
> 1 96
>  1 5 0 817436 6067428   37   0   0   0   0   0   0   0  143  6822  921  3
> 1 96
>  1 5 0 817516 6067348   43   0   0   0   0   0   0   0  134  7337  976  5
> 0 95
>  0 5 0 817520 6067340   25   0   0   0   0   0   0   0  133  7001  939  3
> 1 96
>  1 5 0 817744 6067116   80   0   0   0   0   0   0   0  136  7419  998  4
> 0 96
>  2 5 0 817760 6067100   38   0   0   0   0   0   0   0  134  6944  936  2
> 1 97
>  2 5 0 818096 6066764  176   0   0   0   0   0   0   0  134  7668 1147  4
> 1 95
>  2 5 0 818124 6066720   34   0   0   0   0   0   2   0  132  6949  941  3
> 0 97
>  2 5 0 818420 6066424  112   0   0   0   0   0   0   0  141  8124 1058  3
> 2 95
>  1 5 0 818416 6066428   27   0   0   0   0   0   0   0  134  7435  981  3
> 1 96
>  2 5 0 818656 6066236  136   0   0   0   0   0   0   0  168  7714 1069  4
> 1 95
>  1 5 0 818672 6075136   27   0   0   0   0   0   0   0  141  7140  947  4
> 2 94
>
> Here's atactl identify output:
>
> Model: KINGSTON SV300S37A240G, Rev: 521ABBF0, Serial #: 50026B72410EC74E
> Device type: ATA, fixed
> Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 468862128
> Device capabilities:
> ATA standby timer values
> IORDY operation
> IORDY disabling
> Device supports the following standards:
> ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 ATA-8
> Master password revision code 0xfffe
> Device supports the following command sets:
> NOP command
> READ BUFFER command
> WRITE BUFFER command
> Host Protected Area feature set
> Read look-ahead
> Write cache
> Power Management feature set
> Security Mode feature set
> SMART feature set
> Flush Cache Ext command
> Flush Cache command
> 48bit address feature set
> Set Max security extension commands
> Set Features subcommand required
> Power-up in standby feature set
> Advanced Power Management feature set
> DOWNLOAD MICROCODE command
> IDLE IMMEDIATE with UNLOAD FEATURE
> SMART self-test
> SMART error logging
> Device has enabled the following command sets/features:
> NOP command
> READ BUFFER command
> WRITE BUFFER command
> Host Protected Area feature set
> Read look-ahead
> Write cache
> Power Management feature set
> SMART feature set
> Flush Cache Ext command
> Flush Cache command
> 48bit address feature set
> Set Features subcommand required
> Advanced Power Management feature set
> DOWNLOAD MICROCODE command
>
> Any advice on where should I start looking for solution?
>
> Thank you in advance,
> --
> Marko Cupać
> https://www.mimar.rs/

Re: CVS: cvs.openbsd.org: ports

[Vadim Zhukov]

2014-12-08 23:33 GMT+03:00 Vadim Zhukov :
> CVSROOT:/cvs
> Module name:ports
> Changes by: z...@cvs.openbsd.org2014/12/08 13:33:51
>
> Log message:
> Import Qt 5.3.2.
>
> Qt is a full development framework with tools designed to streamline
> the creation of applications and user interfaces for desktop,
> embedded, and mobile platforms.
>
> This port is not enabled yet, because some ports will pick up Qt5
> instead of Qt4, breaking build. Those will be fixed separately soon.
>
> There are some non-critical things left to do:
>
> 1. Support for OpenBSD sensors framework.
> 2. V4L2 support.
> 3. -L${LOCALBASE}/* could come before -L${WRKBUILD}/* when linking is
> done across Qt module boundaries. This means that builds of Qt 5.y
> while having Qt 5.x installed (x < y) will be busted.
>
> Volunteers are welcome to come in and help fixing those problems.
>
> Last note: don't even try to build "debug" FLAVOR unless you know
> what you're doing and you have about 20GB of free space. You've
> been warned.
>
> landry@ agrees on continuing working in-tree
>
> Status:
>
> Vendor Tag: zhuk
> Release Tags:   zhuk_20141208
>
> N ports/x11/qt5/Makefile
> N ports/x11/qt5/distinfo
> N ports/x11/qt5/qt5.port.mk
> N ports/x11/qt5/patches/patch-qtbase_src_corelib_kernel_qcore_unix_p_h
> N 
> ports/x11/qt5/patches/patch-qtbase_src_network_kernel_qdnslookup_unix_cpp
> N 
> ports/x11/qt5/patches/patch-qtbase_src_network_socket_qnativesocketengine_unix_cpp
> N ports/x11/qt5/patches/patch-qtbase_mkspecs_openbsd-g++_qmake_conf
> N ports/x11/qt5/patches/patch-qtbase_qmake_generators_unix_unixmake2_cpp
> N ports/x11/qt5/patches/patch-qtbase_qmake_generators_unix_unixmake_cpp
> N ports/x11/qt5/patches/patch-qtbase_config_tests_unix_iconv_iconv_pro
> N ports/x11/qt5/patches/patch-qtbase_src_corelib_io_qfilesystemwatcher_cpp
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_gccdepends_gccdepends_pro
> N 
> ports/x11/qt5/patches/patch-qtbase_config_tests_unix_pulseaudio_pulseaudio_pro
> N ports/x11/qt5/patches/patch-qtbase_configure
> N 
> ports/x11/qt5/patches/patch-qtbase_src_concurrent_qtconcurrentiteratekernel_cpp
> N ports/x11/qt5/patches/patch-qtbase_src_gui_image_qxbmhandler_cpp
> N 
> ports/x11/qt5/patches/patch-qtbase_src_network_kernel_qnetworkinterface_cpp
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_libXcomposite_libXcomposite_pro
> N ports/x11/qt5/patches/patch-qtwebkit_Source_WebCore_Target_pri
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_libXrender_libXrender_pro
> N ports/x11/qt5/patches/patch-qtdeclarative_src_qml_jit_qv4assembler_cpp
> N 
> ports/x11/qt5/patches/patch-qtdeclarative_src_qml_jsruntime_qv4engine_cpp
> N ports/x11/qt5/patches/patch-qtwebkit_Source_WebKit2_WebProcess_pro
> N 
> ports/x11/qt5/patches/patch-qtscript_src_3rdparty_javascriptcore_WebKit_pri
> N ports/x11/qt5/patches/patch-qtwebkit_Source_WTF_wtf_Platform_h
> N ports/x11/qt5/patches/patch-qtbase_qmake_generators_makefile_cpp
> N 
> ports/x11/qt5/patches/patch-qtsensors_src_plugins_sensors_dummy_dummy_pro
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Source_JavaScriptCore_heap_MachineStackMarker_cpp
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_mkspecs_features_default_pre_prf
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Source_WebKit2_Platform_CoreIPC_unix_ConnectionUnix_cpp
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_mkspecs_features_functions_prf
> N ports/x11/qt5/patches/patch-qtbase_mkspecs_features_qt_build_paths_prf
> N 
> ports/x11/qt5/patches/patch-qttools_src_assistant_clucene_qclucene-config_p_h
> N ports/x11/qt5/patches/patch-qtbase_qmake_Makefile_unix
> N 
> ports/x11/qt5/patches/patch-qtdeclarative_src_3rdparty_masm_wtf_Platform_h
> N 
> ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_glx_glx_pro
> N 
> ports/x11/qt5/patches/patch-qtscript_src_3rdparty_javascriptcore_JavaScriptCore_JavaScriptCore_pri
> N ports/x11/qt5/pkg/PLIST-examples
> N ports/x11/qt5/pkg/PLIST-html
> N ports/x11/qt5/pkg/PLIST-main
> N ports/x11/qt5/pkg/PLIST-mysql
> N ports/x11/qt5/pkg/PLIST-psql
> N ports/x11/qt5/pkg/PLIST-sqlite2
> N ports/x11/qt5/pkg/PLIST-tds
> N ports/x11/qt5/pkg/DESCR-examples
> N ports/x11/qt5/pkg/DESCR-html
> N ports/x11/qt5/pkg/DESCR-main
> N ports/x11/qt5/pkg/DESCR-mysql
> N ports/x11/qt5/pkg/DESCR-psql
>   

Re: KDE4 crashes in 5.6

[Vadim Zhukov]

Also, make sure that you have your openfiles (for user) and kern.maxfiles
(sysctl) limits bumped.

--
Vadim Zhukov
03 дек. 2014 г. 13:14 пользователь "Federico Giannici"

написал:

> Hi!
> I'd like to know if I'm the only one that have experiences crashes with
> KDE4 under 5.6-release amd64.
>
> Often, during the startup or shutdown of KDE4, the bug report window
> appears saying that "Plasma Desktop Shell closed unexpectedly" (Executable
> "plasma-desktop", Signal "Segmentation fault(11)").
>
> Moreover, once every 3-4 times the startup of KDE get stuck after the
> final big KDE logo appears in the startup page (maybe this is related to
> the first problem).
>
> It happens in both my PCs where I installed KDE. I'd like to know if this
> happens only to me (to my hardware/software configuration), or is a common
> and known problem (and if there is any solution).
>
> Thanks.

Re: fastcgi support in httpd(8)

[Vadim Zhukov]

22 нояб. 2014 г. 12:54 пользователь "Riley Baird" <
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch> написал:
>
> Hi,
>
> I am running OpenBSD 5.6-stable (without the X packages).
>
> I have successfully setup the httpd(8) webserver, but only for static
> webpages. I have been unable to get cgi (perl) scripts to run.
>
> Due to the OpenBSD chroot, I have copied the folowing files into
> /var/www. The libraries were generated from `ldd /usr/bin/perl`.
> /usr/bin/perl
> /usr/lib/libc.so.77.0
> /usr/lib/libm.so.9.0
> /usr/lib/libperl.so.15.0
> /usr/lib/libpthread.so.18.0
> /usr/lib/libutil.so.12.1
> /usr/libexec/ls.so
>
> My httpd.conf is:
>
> # $OpenBSD: httpd.conf,v 1.10 2014/08/06 20:29:54 reyk Exp $
>
> #
> # Macros
> #
> ext_addr="egress"
>
> server "default" {
> listen on $ext_addr port 80
>
> location "/cgi-bin/*" {
> fastcgi
>
> # The /cgi-bin directory is outside of the document root
> root "/"
> }
> }
>
> Using a web browser on another computer,
> http://192.168.1.55/cgi-bin/script.pl simply says "500 Internal Server
> Error".
>
> A script as simple as the below brings up this error, but it has been
> tested with other scripts:
>
> #!/usr/bin/perl
> print "Hello!"
>
> Thanks for reading,

Crazy idea just out of head:

1. Put /bin/sh and /usr/bin/kdump (both are statically linked) inside
chroot. Rename them if you feel unsafe.
2. Write a shell script that runs 'exec ktrace -if ... perl ... "$@"'. Make
sure ktrace will be able to write its output file, it will be run as CGI
user!
3. Make this script handle a connection in your web server/FastCGI config.
4. Run kdump on resulting ktrace output file and investigate problems.

If you won't get ktrace output, you'll likely have problem with FastCGI
itself, look at its logs then.

--
Vadim Zhukov

Re: sole instance of a process

[Vadim Zhukov]

21 нояб. 2014 г. 10:00 пользователь "Pete Vickers"

написал:
>
> Hi,
>
> I suspect this may be the wrong list for this question. However although
strictly it's a Bourne shell script query, it only seem to act up under
OpenBSD (for me).
>
> Essentially I have a job which needs to be run periodically. So I have a
shell script to do the necessary commands, and this is scheduled via
(root's) crontab.
> It is however very important that multiple instances of the job are not
run concurrently (e.g. if an previous invocation hung), and so the script
should detect this upon invocation before proceeding.
>
> I don't want a single long running job (which could e.g. sleep between
loops) for various reasons. And I also don't like PID files and other
fragile locking hacks.
>
>
> So down to business, below is the gist of my script. Most of the time it
appears to run fine. However occasionally (once every couple of days?) it
reports via email that a duplicate process is detected, but the included ps
listing shows no other instance. I don't believe that this is just due to
an old instance exiting in the small time window between the pgrep, and the
ps invocations.  So basically I guess there is an error in my script or
it's logic, or something else I'm not seeing.
>
> Any hit with the clue bat gratefully received.
>
>
>
> #!/bin/sh
> #
> #
> SHOUT="/usr/bin/logger -i -t MYPERIODICJOB"
> #
> #
> # Ensure another instance of this is not running
> #
> MYNAME=`basename $0`
> MYPID=$$
> #
> /usr/bin/pgrep -fu root $MYNAME | /usr/bin/grep -v $MYPID && \

First problem: if first shell running script has PID 75 and second has PID
5, this grep command will ignore both.

Second problem: if you have anything in system with argument containing
script's name, like text editor, or file scanner, or whatever, it will
match, too, producing the problem you see.

I'd recommend you to save output of ps in a temporary variable, and run
grep on its content.

But the better solution should be locking of some sort. You can use
dolock(1) from ports infrastructure (don't forget to remove lock file in
EXIT trap), or just switch to Perl and proper file locks.

> {
> $SHOUT "HELP - duplicate process detected $?" ; \
> ps -axjwww | mail -s "HELP MYPERIODICJOB $MYPID $MYNAME
$PPID" m...@example.com ; \
> exit 1 ;
>  }
>
> #
> #
> # starting doing useful stuff here..
> #
>
>
> Disclaimer: I know my scripting is far from optimal...

--
Vadim Zhukov

Re: kde4-4.13.3p0 on OpenBSD 5.6 10/15/2014 AMD64 snapshot

[Vadim Zhukov]

05 нояб. 2014 г. 1:29 пользователь "Stan Gammons"

написал:
>
>
> On 11/04/14 00:44, Vadim Zhukov wrote:
>>
>> 04 нояб. 2014 г. 3:11 пользователь "Stan Gammons"

написал:
>> >
>> > Does anyone besides me experience crashes with Dolphin on
kde4-4.13.3p0?  When I click on the kde crash handler developer information
tab it churns forever and ever and ever and never returns any information.
>>
>> What the "ulimit -a" command says?
>
>
> $ ulimit -a
> time(cpu-seconds)unlimited
> file(blocks) unlimited
> coredump(blocks) unlimited
> data(kbytes) 524288
> stack(kbytes)4096
> lockedmem(kbytes)2701294
> memory(kbytes)   8101456
> nofiles(descriptors) 512

That's likely to be a problem. Please, adjust number-of-open-files limits
in /etc/login.conf and /etc/sysctl.conf. "pkg_info kde-runtime" will give
you some clues. Remember that you'll need to re-login to make login.conf
changes apply.

> processes128
> $
>
>
>> Also, could you post all uncommented global options in your
/etc/samba/smb.conf?
>>
>>
>
> [global]
>
>workgroup = WORKGROUP
>
>load printers = yes
>
>log file = /var/log/samba/smbd.%m
>
>max log size = 50
>
>dns proxy = no
>
> [homes]
>comment = Home Directories
>browseable = no
>writable = yes
>
> [printers]
>comment = All Printers
>path = /var/spool/samba
>browseable = no
>guest ok = no
>writable = no
>printable = yes
>
>
> Like Federico who also replied to this thread, I'm unable to put a finger
on an exact cause for the crashes.  But wonder if it's some combination of
running KDE, Firefox and Thunderbird.
>
> Oh, there is another thing I failed to mention.  I log in and manually
start kde with "startkde4"   Some times when I logout that way it will hang
and ctrl-alt-backspace is needed to return to the command line.  Some times
kwin will crash when I logout also.

--
Vadim Zhukov

Re: kde4-4.13.3p0 on OpenBSD 5.6 10/15/2014 AMD64 snapshot

[Vadim Zhukov]

04 нояб. 2014 г. 3:11 пользователь "Stan Gammons"

написал:
>
> Does anyone besides me experience crashes with Dolphin on kde4-4.13.3p0?
When I click on the kde crash handler developer information tab it churns
forever and ever and ever and never returns any information.

What the "ulimit -a" command says?

Also, could you post all uncommented global options in your
/etc/samba/smb.conf?

--
Vadim Zhukov

Re: WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch

[Vadim Zhukov]

2014-09-23 18:41 GMT+04:00 Stefan Wollny :
> I have this Lenovo T60 running amd64-current (full dmesg at the end):
>
> OpenBSD 5.6-current (GENERIC.MP) #388: Mon Sep 22 02:23:15 MDT 2014
> t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.62 MHz
> real mem = 3203203072 (3054MB)
> avail mem = 3109261312 (2965MB)
>
> I follow current since
> OpenBSD 5.6 (GENERIC.MP) #310: Tue Jul 29 11:49:10 MDT 2014
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> All programs have been installed from packages. For KDE-programs I went
> for the first time with KDE4. Window-manager is Fluxbox. Whenever I
> fetch a fresh snapshot the first thing after reboot is "pkg_add -ui" and
> an update of /usr/src, /usr/ports, /usr/xenocara.
>
> Starting some usual programs in a xterm I get the following warnings:
>
> ~ $ okular
>
> okular:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 :
> WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
> relink your program
> okular:/usr/local/lib/qt4/libQtScript.so.2.0:
> /usr/local/lib/kde4/libs/libkjsapi.so.50.2 : WARNING:
> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, relink your
> program
>
> ~ $ xombrero
> xombrero:/usr/local/lib/libestdc++.so.16.0: /usr/lib/libstdc++.so.57.0 :
> WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
> relink your program
> Bus error (core dumped)
>
> ~ $ konqueror
> konqueror:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0
> : WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
> relink your program
>
> ~ $ libreoffice
> /usr/local/lib/libreoffice/program/soffice.bin:/usr/lib/libstdc++.so.57.0:
> /usr/local/lib/libestdc++.so.16.0 : WARNING:
> symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, relink your
> program
>
>
> Even though I am pretty confident that I followed all advisories given
> for current I might have missed something. Has anyone a clue what I
> could do better??? Reinstalling from ports?

That message is an unfortunate side-effect of switching KDE4 build to
newer GCC (from ports and not from base system). While actually such
messages ("symbol size mismatch") do indicate real problems (this is
why they do appear, at all), this particular one -
"_ZN11__gnu_debug17_S_debug_messagesE" - is mostly harmless and you
may ignore it safely.

--
  WBR,
  Vadim Zhukov

Re: mpd unable to start on recent snapshots

[Vadim Zhukov]

2014-09-04 0:29 GMT+04:00 Nicholas Fleisher :
> On Wed Sep 03  9:39 PM, David Coppa wrote:
>> > Thanks, but unfortunately getting rid of the corrupted database doesn't
>> > help.  mpd can't seem to create a good new one from scratch.
>>
>> Double check your /etc/mpd.conf, check that /var/spool/mpd has the
>> right owner/group and permissions, have a look at /var/log/mpd/mpd.log
>> for errors...
>
> I tried reinstalling (including userdel/groupdel _mpd, and so forth) and
> starting with a fresh /etc/mpd.conf, but still no luck.
> Owner/group/permissions on /var/spool/mpd are correct (i.e. owner and
> group both _mpd, writeable for both).  The log shows mpd adding several
> songs and then abruptly quitting.  It complains twice about the mpdstate
> file being missing, but even after touch'ing it and setting appropriate
> ownership/permissions, I get the same error as before.
>
> The only other info I can think of that might be helpful: after the
> fresh reinstall and mpd startup, the /var/spool/mpd directory contains
> only mpd.pid and the playlists directory, i.e. mpd.db and mpdstate are
> both missing.  (though, as mentioned above, manually creating them and
> then retrying does not solve the problem).
>
> Thanks for all the suggestions.  Running out of ideas here...

Try ktrace then. You'll need to set up a complex command line with
sudo involved, but this would give you what system call fails (if any,
but I'm sure there it is).

--
  WBR,
  Vadim Zhukov

Re: PF Tagging

[Vadim Zhukov]

2014-09-02 23:10 GMT+04:00 andy :
> Hi,
>
> Hoping this is a pretty dumb question and someone can just shoot me down
> with an instant answer but is there any reason why I can't compare against
> multiple tags?
>
> E.g.
> pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS }
> queue (_wan_dflt,_wan_pri) set prio (1,4) keep state
>
> I seem to only be able compare against one tag at a time which seem to be
> quite limiting?

Yes, only one tag maximum. This makes actual comparison in PF fast &
easy: internal PF per-packet and per-rule structures both contain a
single number, reperesenting a tag. To allow multiple tags you'll need
to make size of those structures dynamic.

> Cheers, Andy.
>
> PS; Yes I am only just starting to get round to setting up policy based
> rules for the first time as part of a big rewrite for a new much larger
> office with *many* VLANs etc..

You'll probably want to play more with "match" rules.

--
  WBR,
  Vadim Zhukov

Re: kile-kde4

[Vadim Zhukov]

2014-08-04 2:46 GMT+04:00 Stefan Wollny :
> Am 08/03/14 um 20:25 schrieb Vadim Zhukov:
>> 2014-08-03 22:24 GMT+04:00 Stefan Wollny :
>>> Am 08/03/14 um 19:39 schrieb Vadim Zhukov:
>>>>> Does this help you:
>>>>>> ~ $ kile -v kile:/usr/lib/libstdc++.so.57.0:
>>>>>> /usr/local/lib/libestdc++.so.16.0 : WARNING:
>>>>>> symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
>>>>>> relink your program
>>>> This is normal for stuff built with non-base GCC...
>>>>
>>>>>> kile:/usr/local/lib/qt4/libQtScript.so.2.0:
>>>>>> /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING:
>>>>>> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch,
>>>>>> relink your program
>>>> ... and this one is not. It looks like you have different binaries
>>>> (libraries or kile executable itself) linked with different
>>>> libraries. Check for (normally hidden) .libs-* packages, e.g., "ls
>>>> -d /var/db/pkg/.libs*".
>>>
>>> ~ $ sudo ld -d /var/db/pkg/.libs*
>>> /var/db/pkg/.libs-firefox-30.0p0: file not recognized: File truncated
>>
>> Wut? Please look at the command line above AGAIN.
>>
>>>>>> Qt: 4.8.6 KDE Development Platform: 4.13.3 Kile: 2.1.3
>>>>>>
>>>>>>
>>>>>>
>>>>>> Would it be helpful if I delete kile-kde4 and kde4-libs and
>>>>>> give it a new try from ports?
>>>> Why don't you use official packages?
>>>
>>> Because with kde4 kde3-based kile from packages gave me the same
>>> behaviour...
>>
>> Wut? There are kile packages both for KDE3 and KDE4.
>>
>>> I will de-install kile and the package in /usr/ports and give the
>>> official package a second try.
>>
>> Please do.
>>
>> --
>>   WBR,
>>   Vadim Zhukov
>>
> Hi Vadim,
>
> sorry that it took so long for the next tests: I did an upgrade to
> amd64-current #316 and fsck'd the partitions while being there.
>
> OK - one more info that doesn't make a difference in reality: I had
> 'only' installed kde4-minimal so far prior to installing kile. Now for
> the sake of testing I accepted the pollution in particular of kde4-games
> just to be shure we do not miss a piece and installed kde4 from
> packages. So far I started X with fluxbox and now did an additional test
> with ../startkde4: Same result - kile becomes irresponsible after startup.
>
> I did thé last tests with all references under ~/.kde4/ to kile where
> deleted. Mmmh  - I will redo the test after having moved ~/.kde4 to
> ~/_kde4 - let's see if kile recreates this folder...
>
> Well - yes, it does. But just before as this is the second startup of
> kile it stops right here:
>
> ~ $ kile
> kile:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 :
> WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
> relink your program
> kile:/usr/local/lib/qt4/libQtScript.so.2.0:
> /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING:
> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, relink your
> program
> Object::connect: No such signal
> org::freedesktop::UPower::DeviceAdded(QString)
> Object::connect: No such signal
> org::freedesktop::UPower::DeviceRemoved(QString)
>
>
>
> Still I am requested to 'relink' the program ...
>
> It will be annoying - but unless you come up with a better suggestion I
> will reinstall the entire system from scratch to the bare minimum to be
> assured that I did not make an error with the present installation. But
> not before monday night.
>
> BTW: Any other tests related to kde4 you'd like me to do? (Just drop me
> a note privately to not pollute misc@)
>
> Have a nice week!

I reproduced your problem here. It looks like the root of problem is
in libinotify, which doesn't handle named pipes well. The Kile creates
two named pipes to talk with LyX server (see
http://wiki.lyx.org/LyX/LyXServer). And then at some point libinotify
tries to open those files...

You can try to run the two following commands:

$ kwriteconfig4  --file ~/.kde/share/config/kilerc --group DirWatch
--key PreferredMethod Fam
$ rm ~/{.lyx/,}.lyxpipe*

(if your KDEHOME isn't in the ~/.kde, tweak the first command accordingly)
And then start Kile again. See if it helps.

--
  WBR,
  Vadim Zhukov

Re: kile-kde4

[Vadim Zhukov]

2014-08-03 22:24 GMT+04:00 Stefan Wollny :
> Am 08/03/14 um 19:39 schrieb Vadim Zhukov:
>>> Does this help you:
>>>> ~ $ kile -v kile:/usr/lib/libstdc++.so.57.0:
>>>> /usr/local/lib/libestdc++.so.16.0 : WARNING:
>>>> symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
>>>> relink your program
>> This is normal for stuff built with non-base GCC...
>>
>>>> kile:/usr/local/lib/qt4/libQtScript.so.2.0:
>>>> /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING:
>>>> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch,
>>>> relink your program
>> ... and this one is not. It looks like you have different binaries
>> (libraries or kile executable itself) linked with different
>> libraries. Check for (normally hidden) .libs-* packages, e.g., "ls
>> -d /var/db/pkg/.libs*".
>
> ~ $ sudo ld -d /var/db/pkg/.libs*
> /var/db/pkg/.libs-firefox-30.0p0: file not recognized: File truncated

Wut? Please look at the command line above AGAIN.

>>>> Qt: 4.8.6 KDE Development Platform: 4.13.3 Kile: 2.1.3
>>>>
>>>>
>>>>
>>>> Would it be helpful if I delete kile-kde4 and kde4-libs and
>>>> give it a new try from ports?
>> Why don't you use official packages?
>
> Because with kde4 kde3-based kile from packages gave me the same
> behaviour...

Wut? There are kile packages both for KDE3 and KDE4.

> I will de-install kile and the package in /usr/ports and give the
> official package a second try.

Please do.

--
  WBR,
  Vadim Zhukov

Re: kile-kde4

[Vadim Zhukov]

2014-08-03 21:24 GMT+04:00 Stefan Wollny :
> Am 08/03/14 um 19:00 schrieb Vadim Zhukov:
>> 2014-08-03 20:51 GMT+04:00 Stefan Wollny :
>>> Hi there,
>>>
>>> has s.o. managed to get kile-kde4 from ports up and running properly?
>>>
>>> On my system (Lenovo T60 / Core2 / OpenBSD-current #315 - amd64)
>>> kile-kde4 did compile and does start - but that's about it. I cannot
>>> open any file as the system complains about wrong libraries and unknown
>>> mimetypes.
>>>
>>> If this is the first test 'out in the wild' take it as an error report.
>>> Otherwise I would appreciate any hints on how to do it properly.
>>>
>>> Some relvant information further down.
>>
>> Please report actual error you see.
>>
>> I've tested Kile at the time of import by starting and typing some
>> stuff. Not a Kile user myself, though.
>>
>> --
>>   WBR,
>>   Vadim Zhukov
>>
> Hi Vadim,
>
> thank you for your super-fast reply.
>
> The error is that kile simply does not respond to any input
> (keyboard/mouse) after I try to open an existing .tex-document or start
> a new one.
>
> I had started kile from the command line to report the system's output
> with my initial mail. If I kill kile with ctrl-c and try to restart it
> from the command line it doesn't come up again - the splash screen is
> the last reaction.
>
> Does this help you:
> ~ $ kile -v
> kile:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 :
> WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch,
> relink your program

This is normal for stuff built with non-base GCC...

> kile:/usr/local/lib/qt4/libQtScript.so.2.0:
> /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING:
> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, relink your
> program

... and this one is not. It looks like you have different binaries
(libraries or kile executable itself) linked with different libraries.
Check for (normally hidden) .libs-* packages, e.g., "ls -d
/var/db/pkg/.libs*".

> Qt: 4.8.6
> KDE Development Platform: 4.13.3
> Kile: 2.1.3
>
>
>
> Would it be helpful if I delete kile-kde4 and kde4-libs and give it a
> new try from ports?

Why don't you use official packages?

--
  WBR,
  Vadim Zhukov

Re: kile-kde4

[Vadim Zhukov]

2014-08-03 20:51 GMT+04:00 Stefan Wollny :
> Hi there,
>
> has s.o. managed to get kile-kde4 from ports up and running properly?
>
> On my system (Lenovo T60 / Core2 / OpenBSD-current #315 - amd64)
> kile-kde4 did compile and does start - but that's about it. I cannot
> open any file as the system complains about wrong libraries and unknown
> mimetypes.
>
> If this is the first test 'out in the wild' take it as an error report.
> Otherwise I would appreciate any hints on how to do it properly.
>
> Some relvant information further down.

Please report actual error you see.

I've tested Kile at the time of import by starting and typing some
stuff. Not a Kile user myself, though.

--
  WBR,
  Vadim Zhukov

Re: i386: Updating ports conflicts'

[Vadim Zhukov]

2014-07-17 22:14 GMT+02:00 Stefan Wollny :
> Hi there,
>
> a cvs-update of /etc/ports on i386-current quits at the letter D:
>
> ~ $ dmesg | grep OpenBSD
> OpenBSD 5.6-beta (GENERIC.MP) #247: Wed Jul 16 22:09:54 MDT 2014
>
>
> 8< ---
> ? devel/p5-MooseX-Role-WithOverloading
> ? devel/p5-MooseX-SemiAffordanceAccessor
> ? devel/p5-MooseX-Traits
> ? devel/p5-MooseX-Traits-Pluggable
> RCS file: /cvs/ports/INDEX,v
> retrieving revision 1.427
> retrieving revision 1.428
> Merging differences between 1.427 and 1.428 into INDEX
> rcsmerge: warning: conflicts during merge
> cvs server: conflicts found in INDEX
> C INDEX
> P archivers/freeze/Makefile
> P archivers/freeze/pkg/PLIST
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/gmpc-autoplaylist
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/gmpc-stopbutton
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/gmpccaa
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/gom
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/last.fm
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/libmpcdec
> cvs server: cannot open directory /cvs/D: No such file or directory
> cvs server: skipping directory audio/lopster
> cvs [server aborted]: could not find desired version 1.26 in
> /cvs/ports/books/Makefile,v
> quirks-1.146 signed on 2014-07-08T10:12:04Z

Sorry, typed Ctrl+Enter too fast.

It looks like as your AnonCVS mirror was broken, you realized it and
then switched to another one. But the broken files are still there...
Just get rid of the /usr/ports and reload it again; Given how many
chages were in the tree since 5.5, checking out could be faster than
updating from ports.tar.gz from 5.5.

--
  WBR,
  Vadim Zhukov

Re: i386: Updating ports conflicts'

[Vadim Zhukov]

2014-07-17 22:14 GMT+02:00 Stefan Wollny :
> Hi there,
>
> a cvs-update of /etc/ports on i386-current quits at the letter D:
>
> ~ $ dmesg | grep OpenBSD
> OpenBSD 5.6-beta (GENERIC.MP) #247: Wed Jul 16 22:09:54 MDT 2014
>
>
> 8< ---
> ? devel/p5-MooseX-Role-WithOverloading
> ? devel/p5-MooseX-SemiAffordanceAccessor
> ? devel/p5-MooseX-Traits
> ? devel/p5-MooseX-Traits-Pluggable
> RCS file: /cvs/ports/INDEX,v
> retrieving revision 1.427
> retrieving revision 1.428
> Merging differences between 1.427 and 1.428 into INDEX
> rcsmerge: warning: conflicts during merge
> cvs server: conflicts found in INDEX
> C INDEX

It looks like you called "make index" at some point in the past. Just
remove that file and then "cvs up INDEX" to get a clean version.

--
  WBR,
  Vadim Zhukov

Re: Problem installing KDE4

[Vadim Zhukov]

2014-07-12 13:58 GMT+02:00 Stan Gammons :
> On 07/12/14 01:26, Vadim Zhukov wrote:
>>
>> 12.07.2014 2:17 пользователь "Stan Gammons"
>>  Ð½Ð°Ð¿Ð¸Ñ Ð°Ð»:
>>
>>> I downloaded install55.iso dated July 11, 2014 from ftp.openbsd.org this
>>
>> afternoon and after a new install I tried to install kde4 using the
>> snapshot packages from the same site which are dated July 8, 2014. In
>> doing
>> so I get can't resolve errors on glib2-2.40.0p7 and python-2.7.7 which
>> causes lots of other errors due to the dependency on these packages.   Is
>> the older snapshot of the packages the problem or is something else wrong?
>>
>> It's just a consistency problem, packages and base sets are not built at
>> the same time (and sometimes with the same base code, ever). Even more,
>> currently there is a hackathon going on, so things get out of sync easily.
>> Your options are:
>>
>> 1) Wait for about a week.
>>
>> 2) Get & update ports tree, then run "dpb x11/kde4" (or whatever) to get a
>> consistent set of packages.
>>
>
> I reinstalled the July 06 AMD64 install55.iso and KDE4 installed Ok with the
> packages dated July 08.
>
> Is there a way to find out whether or not a given date package(s) will work
> with a current build iso? Other than installing a current iso and finding
> out the hard way.

Yes, but not easy one: check the contents of base sets, and compare
library versions there with what requirements you have in fat compiled
packages (like kdelibs, chrome...). The latter could be done by manual
fetching & unpacking of package, and looking at the +CONTENTS for the
@wantlib lines.

--
  WBR,
  Vadim Zhukov

Re: Problem installing KDE4

[Vadim Zhukov]

12.07.2014 2:17 пользователь "Stan Gammons"
 написал:
>
> I downloaded install55.iso dated July 11, 2014 from ftp.openbsd.org this
afternoon and after a new install I tried to install kde4 using the
snapshot packages from the same site which are dated July 8, 2014. In doing
so I get can't resolve errors on glib2-2.40.0p7 and python-2.7.7 which
causes lots of other errors due to the dependency on these packages.   Is
the older snapshot of the packages the problem or is something else wrong?

It's just a consistency problem, packages and base sets are not built at
the same time (and sometimes with the same base code, ever). Even more,
currently there is a hackathon going on, so things get out of sync easily.
Your options are:

1) Wait for about a week.

2) Get & update ports tree, then run "dpb x11/kde4" (or whatever) to get a
consistent set of packages.

Re: getaddrinfo(3) & chroot(2) with root

[Vadim Zhukov]

2014-05-14 20:57 GMT+04:00 Denis Fondras :
> Hello all,
>
> I am burning my last neurons with a behavior I can't explain. I wonder
> why getaddrinfo() fails when called after chroot() with root user.
>
>
> I have this piece of code :
>
> /*--- test.c ---*/
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(int argc, char *argv[])
> {
> struct addrinfo *ai_out;
> struct passwd   *pw;
> int error;
>
> pw = getpwnam("_bgpd");
>
> error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
> if (error)
> printf("getaddrinfo() failed\n");
> else printf("getaddrinfo() succeed\n");
>
> chroot(pw->pw_dir);
> chdir("/");
>
> error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
> if (error)
> printf("getaddrinfo() failed\n");
> else printf("getaddrinfo() succeed\n");
>
> return 0;
> }
> /*--- test.c ---*/
>
> $ ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
>
> # ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
>
>
>
>
> Everything is good. Now if I compile :
>
> /*--- test.c ---*/
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(int argc, char *argv[])
> {
> struct addrinfo *ai_out;
> struct passwd   *pw;
> int error;
>
> pw = getpwnam("_bgpd");
>
> error = 0
> if (error)
> printf("getaddrinfo() failed\n");
> else printf("getaddrinfo() succeed\n");
>
> chroot(pw->pw_dir);
>
> error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
> if (error)
> printf("getaddrinfo() failed\n");
> else printf("getaddrinfo() succeed\n");
>
> return 0;
> }
> /*--- test.c ---*/
>
> $ ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
>
> # ./a.out
> getaddrinfo() succeed
> getaddrinfo() failed
>
>
>
> If this an expected behavior, what would be the preferred way to resolve
> a name from a chrooted process ? I am extending OpenBGPd and I need to
> resolve domain names and connect to a service (no BGP protocol). I am
> currently using the "session" process to handle the connection part but
> I am stuck on name resolution for now.

/etc/resolv.conf is read on the first attempt to resolve something,
no? And, of course, you have no /your/chroot/path/etc/resolv.conf.

--
  WBR,
  Vadim Zhukov

Re: linux port of systrace

[Vadim Zhukov]

2014-05-13 19:06 GMT+04:00 Илья Аржанников :
> Hello.
>
> I am trying to use linux port systrace. And I found the problem. When I run 
> under systrace (it does not matter with -A or -a (actually it never came till 
> -a)) something that use vfork systrace and children processes hangup. I saw 
> in sources that linux port uses ptrace as backend because it's not a native 
> systrace subsystem. And linux systrace try to rewrite vfork system call on 
> sys_clone, but it give nothing. With fork everything is ok, because fork is 
> wrap around clone syscall and systrace just add one more flag to call it.
>
> Has anyone experience this problem?

Does this also happen with only one CPU?

--
  WBR,
  Vadim Zhukov

Re: sudo -u & environment help

[Vadim Zhukov]

sudo -i ?
04.04.2014 14:31 пользователь "Craig R. Skinner"

написал:

> Hi,
>
> When sudo'ing to another user, how can I obtain all of their environment
> settings as they receive when logging in themselves?
>
> When I use sudo in this manner, settings such as $PATH, $MAIL & umask
> aren't being honoured:
>
>
> $ echo $LOGNAME; echo $PATH; echo $MAIL; umask
> craig
>
>
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/u
sr/site/sbin:/home/craig/bin
> /var/mail/craig
> 027
>
>
>
> Here, $PATH, $MAIL & umask are unchanged:
>
> $ sudo -H -i -u david
> $ echo $LOGNAME; echo $PATH; echo $MAIL; umask
> david
>
>
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/u
sr/site/sbin:/home/craig/bin
> /var/mail/craig
> 027
>
>
> Compare the difference when logging in as that user:
>
> $ login david
> ...
> $ echo $LOGNAME; echo $PATH; echo $MAIL; umask
> david
> /usr/bin:/bin:/usr/local/bin:/usr/site/bin:/home/david/bin
> /var/mail/david
> 022
>
>
>
>
> /etc/login.conf:
> default:\
> :passwordcheck=/usr/local/bin/pwqcheck -1:\
> :passwordtries=0:\
> :path=/usr/bin /bin /usr/local/bin /usr/site/bin ~/bin:\
> :umask=022:\
> :datasize-cur=
>
> staff:\
> :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin
> /usr/site/bin /usr/site/sbin ~/bin:\
> :umask=027:\
> :datasize-cur=
>
>
> $ egrep 'env_|Defaults' /etc/sudoers | grep -v ^#
> Defaults env_keep +="DESTDIR DISTDIR EDITOR FETCH_CMD FLAVOR FTPMODE GROUP
> MAKE"
> Defaults env_keep +="MAKECONF MULTI_PACKAGES NOMAN OKAY_FILES OWNER
> PKG_CACHE"
> Defaults env_keep +="PKG_DBDIR PKG_DESTDIR PKG_PATH PKG_TMPDIR PORTSDIR"
> Defaults env_keep +="RELEASEDIR SHARED_ONLY SSH_AUTH_SOCK SUBPACKAGE
> VISUAL"
> Defaults env_keep +="WRKOBJDIR"
> Defaults always_set_home, ignore_dot, use_loginclass
>
>
>
> login(1):
>
>  login enters information into the environment (see environ(7))
> specifying
>  the user's home directory (HOME), command interpreter (SHELL), search
>  path (PATH), terminal type (TERM), and user name (both LOGNAME and
> USER).
>
> ENVIRONMENT
>  login sets the following environment variables:
>
>  HOME
>  MAIL
>
> sudo(8):
>
>   Command Environment
>  ..  On BSD systems, if the use_loginclass option
> is
>  enabled, the environment is initialized based on the path and setenv
>  settings in /etc/login.conf.  The new environment contains the TERM,
>  PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables
> in
>  addition to variables from the invoking process permitted by the
>  env_check and env_keep options.  This is effectively a whitelist for
>  environment variables.
>
>
>
> How can I become another user - without knowing their password,
> and gain their 'natural' environment?
>
> e.g. from wheel group to a users group member.
>
> 'su -l username' & 'login username' require their password.
>
> I thought 'sudo -H -i -u username' would do it.
>
> Any suggestions on what else I need to configure?

Re: Cannot make state when using 'user' option in pf.conf

[Vadim Zhukov]

2014/1/26 Jiri B :
> Hello,
>
> I'm trying to understand why there's no PF state for a outgoing
> rule dedicated to dnscrypt-proxy (668) daemon.
>
> pf.conf says 'user' option needs effective ID...
>
> # ps -axo uid,ruid,gid,rgid,pid,args | grep dnscrypt
>   688   688   688   688 16665 /usr/local/sbin/dnscrypt-proxy -d 
> --local-address=127.0.0.1:5331 --user=_dnscrypt-proxy
>
> # pfctl -sr
> block drop out log quick on egress from ! (egress:0) to any
> anchor "test-out" all
> pass out log quick on egress inet proto udp from any to 208.67.220.220 port = 
> 443 user = 688
> pass out log quick on egress inet proto tcp from any to 208.67.220.220 port = 
> 443 user = 688 flags S/SA
> pass out log quick on egress inet proto icmp all icmp-type echoreq
> block drop in log quick from no-route to any
> block drop in log quick from urpf-failed to any
> block drop out log quick all
> block drop in log quick on egress inet from any to 255.255.255.255
> anchor "test-in" all
> pass in log quick on egress inet proto icmp from any to (egress:0) icmp-type 
> echoreq code 0
> pass in log quick on egress inet proto tcp from any to (egress:0) port = 22 
> flags S/SA
> block drop in log quick all
>
> Now when dnscrypt-proxy tries to make a connection it is blocked.
> Interestingly there's even no logged outgoing connection, but just
> blocked return.
>
> # tcpdump -i pflog0 -n -e -ttt -vv
> tcpdump: WARNING: snaplen raised from 116 to 160
> tcpdump: listening on pflog0, link-type PFLOG
> Jan 26 00:41:00.884036 rule 7/(match) [uid 0, pid 23524] block out on iwn0: 
> [uid 0, pid 16665] 192.168.1.100.10976 > 208.67.220.220.443: udp 512 (ttl 64, 
> id 9876, len 540, bad cksum 208! differs by e108)
>
> (from anchor)
> # pfctl -ss
> all tcp 192.168.1.100:16505 -> 66.7.199.108:22   ESTABLISHED:ESTABLISHED
>
> Well it works if I add dnscrypt-proxy rule for root but why?

Because the socket (hint: <1024) was opened with root rights, and
therefore the uid=0 was saved there.

--
  WBR,
  Vadim Zhukov

Re: samba and e2fsprogs packages -- 5.4

[Vadim Zhukov]

2013/12/5 Peter Fraser :
> samba required the e2fsprogs package. The problem occurs when trying to use 
> samba's net command.
> The net command requires libuuid.
>  It was not easy to find where libuuid was located.

pkg_locate libuuid.so - no?

--
  WBR,
  Vadim Zhukov

Re: slashdot rumours

[Vadim Zhukov]

01.11.2013 12:58 пользователь "Marko Cupać"
 написал:
>
> I just read an article on slashdot which says that a piece of
> malware made "Open BSD operating system (...) modify its
> settings and delete its data without explanation or prompting", and
> that malware is spreading over microphone and speakers.
>
> Is this just some kind of negative publicity on a day of OpenBSD 5.4
> release, or there is something to it?

Yes, there is. I should add that it does not require microphones for
spreading, ever. You need just to type blindly what your friend says.

Re: /var/cache/fontconfig ??

[Vadim Zhukov]

2013/6/9 Otto Moerbeek 

> On Sun, Jun 09, 2013 at 10:10:06AM +0100, Jason McIntyre wrote:
>
> > On Sun, Jun 09, 2013 at 05:06:01AM -0400, Jiri B wrote:
> > > >Sorry but this seems to bizzare to make 'cache' appropriate
> > > >subdir in /var just because of one specific tool. Wouldn't be
> > > >better to customize it to use /var/db/fontconfig?
> > >
> > > Ahh, on other machine there's also 'cups' and 'libvirt' :)
> > >
> > > jirib
> >
> > in that case my diff is definitely wrong. so i need a general
> > description of what /var/cache is for.
> >
> > jmc
>
> A cache holds stuff the is relativey expensive to recompute. If the
> data is thrown away, it can be regenerated.
>

Is there any real difference with subdir under /var/tmp then?

--
  WBR,
  Vadim Zhukov

Re: extattr on OpenBSD

[Vadim Zhukov]

2013/6/7 Ted Unangst 

> On Thu, Jun 06, 2013 at 03:40, Jiri B wrote:
> > As now FUSE is in the tree, is there a plan to resuscitate
> > extattr on OpenBSD, so some filesystems in usespace could
> > work or benefit from it? I'd like to see to be able to access
> > glusterfs for example which uses extattr for its own metadata.
>
> I don't think so.
> Too many tools remain unaware of them, causing attributes to get
> stripped off doing rather mundane operations.
>
>
Samba 4 also may use extattr to save some network-share-specific
information, so this could be really useful in that case. But not for
generic use, of course - and adding a bloat to kernel just to the sake of
compatibility with other OS... oh, we already have Linux ABI, don't we? :)

--
  WBR,
  Vadim Zhukov

Re: Problem with a startup script

[Vadim Zhukov]

22.05.2013 10:19 пользователь "C. L. Martinez"

написал:
>
> Hi all,
>
>  I have a problem with some tcl rc.d startup scripts. Start and status
> works ok but stop and restart, doesn't.

Stupid question: does it stop if you kill it by pid directly? I've seen at
least one daemon do far that ignores SIGTERM...

>  Script:
>
> #!/bin/sh -x
> #
> # $OpenBSD: suricata_proxyin_agent,v 1.0
>
> daemon="/usr/local/bin/suricata_proxyin_agent.tcl"
> daemon_flags="-c /data/config/etc/sguil/suricata_proxyin_agent.conf -D"
>
> . /etc/rc.d/rc.subr
>
> pexp="/usr/local/bin/tclsh8.5 $daemon"
>
> rc_cmd $1
>
> I have tried several variants like to insert rc_stop specific option
> or changing pexp to "/usr/local/bin/tclsh8.5 $daemon $daemon_args"
> without luck.
>
> Debugging script, acts as like the other system startup scripts:
>
> .
>
> + echo NO
> + : NO
> + [ XNO = XYES ]
> + echo NO
> + : NO
> + domainname
> + [ X != X -a -d /var/yp/binding ]
> + echo NO
> + : NO
> + : NO
> + [ -n /usr/local/bin/suricata_proxyin_agent.tcl ]
> + unset _RC_DEBUG _RC_FORCE
> + getopts df c
> + shift 0
> + basename ./suricata_proxyin_agent
> + _name=suricata_proxyin_agent
> + _RC_RUNDIR=/var/run/rc.d
> + _RC_RUNFILE=/var/run/rc.d/suricata_proxyin_agent
> + eval _rcflags=${suricata_proxyin_agent_flags}
> + _rcflags=
> + eval _rcuser=${suricata_proxyin_agent_user}
> + _rcuser=
> + getcap -f /etc/login.conf suricata_proxyin_agent
> + > /dev/null
> + 2>&1
> + [ -z  ]
> + daemon_class=daemon
> + [ -z  ]
> + daemon_user=root
> + [ -n  ]
> + [ -n  ]
> + [ -n  ]
> + printf  %s -c /data/config/etc/sguil/suricata_proxyin_agent.conf -D
> + daemon_flags= -c /data/config/etc/sguil/suricata_proxyin_agent.conf -D
> + daemon_flags=-c /data/config/etc/sguil/suricata_proxyin_agent.conf -D
> + readonly daemon_class
> + unset _rcflags _rcuser
> + pexp=/usr/local/bin/suricata_proxyin_agent.tcl -c
> /data/config/etc/sguil/suricata_proxyin_agent.conf -D
> + rcexec=su -l -c daemon -s /bin/sh root -c
> + pexp=/usr/local/bin/tclsh8.5 /usr/local/bin/suricata_proxyin_agent.tcl
> + rc_cmd stop
>
> root@nsm10:/usr/local/etc/rc.d# ps xa |grep suricata_proxyin_agent.tcl
> | grep -v grep
> 17486 p2- I   0:00.29 /usr/local/bin/tclsh8.5
> /usr/local/bin/suricata_proxyin_agent.tcl -c
> /data/config/etc/sguil/suricata_proxyin_agent.conf -D
>
> Any idea why process is not stopped??

Re: ACPI hack for temperature control

[Vadim Zhukov]

2013/5/2 STeve Andre' 

> Can someone point me to the proper patch for ACPI so I don't reboot
> any more?  Thanks.
>

Do you mean disabling acpitz(4) when it does the Wrong Thing, or
ThinkPad-specific patch I was posting some time ago (and still want to
incorporate but after 64-bit time_t)?

--
  WBR,
  Vadim Zhukov

Re: FAQ 8.1 - I forgot my root password...

[Vadim Zhukov]

2013/4/11 f5b :
> FAQ 8.1 - I forgot my root password...
>
> http://www.openbsd.org/faq/faq8.html#LostPW
>
> ...
> re:
> Mount the partitions. Both "/" and /usr will need to be mounted read-write. 
> Assuming they are on separate partitions (as they should be), the following 
> will work:
>
> # fsck -p / && mount -uw /
> # fsck -p /usr && mount /usr

Why do you need to mount /usr read-write for updating password, ever?
Read-only is enough, no?

--
  WBR,
  Vadim Zhukov

Re: in current: chrootdirectory in ssh (cannot stat /usr/libexec/sftp-server)

[Vadim Zhukov]

08.04.2013 11:13 пользователь "Didier Wiroth" 
написал:
>
> Hello,
> (running current with OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012)
>
> I'm trying to setup chrootdirectory in sshd_config as a test configuration
> without success.
>
> Here is a snip from my sshd_config
> 
> #(this is the default line)
> Subsystem   sftp/usr/libexec/sftp-server
>
> #added the following match block
> Match Group remote-sync, Address 127.0.0.1
> ChrootDirectory /home/chroot/%u
> ForceCommand internal-sftp -f LOCAL0 -l INFO
> AllowAgentForwarding no
> AllowTcpForwarding no
> GatewayPorts no
> X11Forwarding no
> ---
>
> The home directory /home/chroot/sync is owned by root:wheel.
>
> When I try to connect I get the following error:
> cannot stat /usr/libexec/sftp-server: No such file or directory
>
> What do I miss?
> What is wrong with my test config?

It's obvious that global configuration parameter is involved. That means
that your Match rule doesn't work.

> Thanks for any input!!!
> Didier
>
> See the entire output here:
> $ sudo /usr/sbin/sshd -D -d -p  -f /etc/ssh/sshd_config
> debug1: sshd version OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: read PEM private key done: type ECDSA
> debug1: private host key: #2 type 3 ECDSA
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-D'
> debug1: rexec_argv[2]='-d'
> debug1: rexec_argv[3]='-p'
> debug1: rexec_argv[4]=''
> debug1: rexec_argv[5]='-f'
> debug1: rexec_argv[6]='/etc/ssh/sshd_
> config'
> debug1: Bind to port  on 0.0.0.0.
> Server listening on 0.0.0.0 port .
> debug1: Bind to port  on ::.
> Server listening on :: port .
> debug1: fd 5 clearing O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
> debug1: inetd sockets after dupping: 3, 3
> Connection from 127.0.0.1 port 31875
> debug1: Client protocol version 2.0; client software version OpenSSH_6.2
> debug1: match: OpenSSH_6.2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.2
> debug1: permanently_set_uid: 27/27 [preauth]
> debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
> debug1: SSH2_MSG_KEXINIT sent [preauth]
> debug1: SSH2_MSG_KEXINIT received [preauth]
> debug1: kex: client->server aes128-ctr hmac-md5-...@openssh.com
> z...@openssh.com [preauth]
> debug1: kex: server->client aes128-ctr hmac-md5-...@openssh.com
> z...@openssh.com [preauth]
> debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
> debug1: SSH2_MSG_NEWKEYS sent [preauth]
> debug1: expecting SSH2_MSG_NEWKEYS [preauth]
> debug1: SSH2_MSG_NEWKEYS received [preauth]
> debug1: KEX done [preauth]
> debug1: userauth-request for user sync service ssh-connection method none
> [preauth]
> debug1: attempt 0 failures 0 [preauth]
> debug1: user sync matched group list remote-sync, at line 124
> debug1: connection from 127.0.0.1 matched 'Address 127.0.0.1' at line 124
> debug1: userauth_banner: sent [preauth]
> debug1: userauth-request for user sync service ssh-connection method
> publickey [preauth]
> debug1: attempt 1 failures 0 [preauth]
> debug1: test whether pkalg/pkblob are acceptable [preauth]
> debug1: temporarily_use_uid: 1001/999 (e=0/0)
> debug1: trying public key file /home/chroot/sync/.ssh/authorized_keys
> debug1: fd 4 clearing O_NONBLOCK
> debug1: matching key found: file /home/chroot/sync/.ssh/authorized_keys,
> line 3
> Found matching RSA key: c9:1b:a7:00:9c:52:08:44:1b:2f:7e:28:94:f4:e0:af
> debug1: restore_uid: 0/0
> Postponed publickey for sync from 127.0.0.1 port 31875 ssh2 [preauth]
> debug1: userauth-request for user sync service ssh-connection method
> publickey [preauth]
> debug1: attempt 2 failures 0 [preauth]
> debug1: temporarily_use_uid: 1001/999 (e=0/0)
> debug1: trying public key file /home/chroot/sync/.ssh/authorized_keys
> debug1: fd 4 clearing O_NONBLOCK
> debug1: matching key found: file /home/chroot/sync/.ssh/authorized_keys,
> line 3
> Found matching RSA key: c9:1b:a7:00:9c:52:08:44:1b:2f:7e:28:94:f4:e0:af
> debug1: restore_uid: 0/0
> debug1: ssh_rsa_verify: signature correct
> Accepted publickey for sync from 127.0.0.1 port 31875 ssh2
> debug1: monitor_child_preauth: sync has been authenticated by privileged
> process
> debug1: Enabling compression at level 6. [preauth]
> debug1: monitor_read_log: child log fd closed
> User child is on pid 2371
> Changed root directory to "/home/chroot/sync"
> debug1: Entering interactive session for SSH2.
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 1 win 2097152 max
> 32768
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: session 0
> debu

Re: Can't cleanly umount a usb stick

[Vadim Zhukov]

2013/3/18 STeve Andre' :
>I've just run into something I can't explain.  Likely it's not a
> bug, but puzzling none the less.
>
>I normally run KDE, and then thunderbird, firefox and chrome
> as well as a bunch of other stuff.  Fine, mostly.
>
>I frequently mount a 32G usb stick to stuff my 'reagents' software
> on, for keeping Windows sheep (mostly) safe.  To do this I mount the
> stick on /dos, and copy stuff to it.
>
>Only today and maybe a couple of other times,  I finished copying
> data to /dos and did umount /dos, and got a device busy message.
> Only the one xterm touched /dos, from the mount, to the copy, to
> the umount.  Last time this happened I did a umount -f as I needed
> the data.  This time I went hunting and an  fstat | grep  doc revealed
> that firefox had /dos?  *I* didn't do anything.
>
>Any ideas as to whats going on, or things to check?  I am puzzled.

Probably some time ago you saved something from FireFox directly to
/dos (or subfolder of). Then FireFox remembered the last folder you
were using, and open it on start. Save something to a different
folder. Probably it's also a good idea to avoid asking about
destination folder at all. I use this setting personally to avoid
having a bunch of extra files spreading everywhere: things I really
need gets moved somewhere else, and then I just wipe the directory (or
rather use subdir in /tmp).

--
  WBR,
  Vadim Zhukov

Re: Should I be tuning relayd?

[Vadim Zhukov]

26.02.2013 20:06 пользователь "Peter Farmer"
 написал:
>
> Hi All,
>
> Whilst load testing my website (being balanced via relayd) I see this from
> time to time (when running "relayd -d"):
>
> relay www, session 2410 (1 active), 0, 195.143.230.243 -> 10.201.0.7:80,
> done
> relay www, session 3479 (1 active), 0, 195.143.230.242 -> 10.201.0.6:80,
> done
> relay www, session 2411 (1 active), 0, 195.143.230.243 -> 10.201.0.6:80,
> done
> relay www, session 3480 (1 active), 0, 195.143.230.242 -> 10.201.0.7:80,
> done
> host 10.201.0.6, check http code (0ms), state up -> down, availability
> 92.31%
> host 10.201.0.7, check http code (0ms), state up -> down, availability
> 84.62%
> relay www, session 2412 (1 active), 0, 195.143.230.242 -> :80, session
> failed
> relay www, session 2413 (1 active), 0, 195.143.230.243 -> :80, session
> failed
> relay www, session 2414 (1 active), 0, 195.143.230.242 -> :80, session
> failed
>
> I also periodically see:
>
> relay www, session 1609 (1 active), 0, 195.143.230.243 -> 10.201.0.6:80,
> session failed
>
> I know that the webservers are available because I also have a tests
> running against each of the webservers and can see they are available all
> the time.
>
> Should I be adding something to relayd.conf or should I be tuning OpenBSD
> is anyway? There are typically between 6000 - 9000 states in the state
> table during the test.

And default PF limit is 1. Too close to be safe. Try to set it in
pf.conf to, e.g., 3 first.

> The ab command I am running is:
>
> ab -v -c100 -n10 http://beta.digidayoff.com/
>
> My relayd conf is:
>
> ext_addr="10.201.0.3"
> www1="10.201.0.6"
> www2="10.201.0.7"
>
> log all
>
> table  { $www1 $www2 }
> relay www {
> listen on $ext_addr port http
> forward to  port http mode roundrobin check http "/" code
200
> }
>
>
> My pf.conf is:
>
> set skip on lo
> anchor "relayd/*"
> pass quick on em1 proto pfsync keep state (no-sync)
> pass on em1 proto carp keep state
> pass# to establish keep-state
> # By default, do not permit remote connections to X11
> block in on ! lo0 proto tcp to port 6000:6010
>
>
> dmesg:
>
> OpenBSD 5.2 (GENERIC) #309: Wed Aug  1 09:58:55 MDT 2012
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> real mem = 535756800 (510MB)
> avail mem = 499208192 (476MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (268 entries)
> bios0: vendor Phoenix Technologies LTD version "6.00" date 09/21/2011
> bios0: VMware, Inc. VMware Virtual Platform
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S4 S5
> acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
> acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
S3F0(S3)
> S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00S(S3) Z00T(S3)
> Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3)
> Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3)
> Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) P2P1(S3) S1F0(S3) S2F0(S3)
> S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00S(S3)
> Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3)
> Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3)
> Z019(S3) Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) P2P2(S3) S1F0(S3)
> S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3)
> Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3)
> Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3)
> Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) P2P3(S3)
> S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3)
> S9F0(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3)
> Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3)
> Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3)
> PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3) S1F0(S3)
> PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3) S1F0(S3)
> PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S3) S1F0(S3)
> PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3) S1F0(S3)
> PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3) S1F0(S3)
> PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3) S1F0(S3)
> PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3) S1F0(S3)
> PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67(S3) S1F0(S3)
> PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3) S1F0(S3)
> PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3) S1F0(S3)
> PE82(S3) S1F0(S3) PE83(S3) S1F0(S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3)
> PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3) S1F0(S3)
> PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE96(S3) S1F0(S3)
> PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3)
> PEA4(S3) S1F0(S3) PEA5(S3) S1F0(

Re: Shell for PF

[Vadim Zhukov]

2013/2/16 Matthew Weigel :
> On Feb 16, 2013, at 5:28 AM, Vadim Zhukov  wrote:
>
>> 2013/2/16 Fil DiNoto :
>>> But this is all off-topic, I'm not slaming pf in any way i love it. I
>>> was just saying it can't hurt to try to emulate what people know if at
>>> all possible. And the fact is that junos/ios have the market share so
>>> thats what people know.
>
> Sorry, Vadim, for responding to Fil through your email.
>
> I think there is a real risk to trying to present an interface that is 
> reminiscent of other systems, that behave differently and do less. People 
> will begin to expect that pf does the same things - no more, no less. Power 
> that is specific to pf over other systems will be ignored, because people 
> will think that since they are familiar with the interface they know what 
> they're doing.

Yes, there are people who wants to know enough to have work being done
somehow - those don't care what to use and don't want to learn in the
general place. Probably they aren't OpenBSD audience but they hurt
other people, "advanced" enough, to use OpenBSD either.

Those ones who don't care about tools they are actually using, WILL
fuck up their use. And hell, yes, I'd prefer netfilter-based solutiong
built by smart man than PF-based built by stupid one. But when
choosing between netfilter-based and PF-based firewalls built by the
same lazy man (I'm NOT talking about OP himself here)... who cares?

There is no point in caring about what tools other do use, until this
hurts you. If others just use netfilter, fine - it's their problem. :)
If you have to use netfilter because others do use PF - it becames
your problem. A real problem.

Just an example: I had to spent last few months in building
virtualized environment based on CentOS 6. Well, I could not say it's
full crap - just about 70% of it. :) I know that building the same
using OpenBSD could take a few weeks (including detailed documentation
of the whole process). But I had to use Linux, because other people
here don't know anything about BSDs at all, and because they really
need Sun JDK 1.6 for some stuff. It's really pain in the ass: for
example, I had to fight with udev, grub and LVM each time I clone a
virtual machine; I have to choose between old (CentOS/RHEL repos) and
badly tested (EPEL) packages most of the time, or build stuff on my
own; I have to debug PAM modules to allow logging in using 25 years
old technologies because "official HOWTOs" are not valid for given OS
and tools provided with distro fail silently, and ever then it doesn't
work the way I want...

But people don't want thing that Just Works(TM) if they could not fix
it later themselves (though I suspect they could not fix this
Linux-based infrastructure either). So many of us have to build
Linux-based environments for others and use OpenBSD for ourselves. A
bit frustrating but it's better than nothing. :)

And let see the problem from the other side. Remember the school. At
first you'd learn Newton's physics, where you could just accelerate
and run as fast as light could and even faster. And only then, a few
years off, the Einstein's theory come.

Don't think about shell-like interface for the PF as the right
solution for the final product - such thinking IS wrong, I totally
agree. But remember, when people will _really_ want some more
functionality, they _will_ learn. They just need an incentive.

Straightforward making people around learning the whole PF at once is
almost the same thing as trying to make the first grader learning
relativity theory. I've made enough such mistakes already, trust me.
:) And I don't want to say those people are stupid at all, they just
could not apprehend as quickly as you or me may want them do.

> Presenting a different interface is a FANTASTIC way to communicate 
> 'difference' to the user. It forces them to  think about the difference 
> sooner, rather than when things aren't working as expected (or after they've 
> bought more equipment on top of the OpenBSD firewall because "JunOS can't do 
> that").
>
> If that means people don't learn pf because they realize very quickly that 
> it's unlike anything they know... That is a SERVICE being provided. They knew 
> they didn't have the time to figure it out before they got ass-deep into it.

Everyone does mistakes. Everyone sometimes fucks up the things. I do.
:) If you want those happen more rarely than often, set up the
appropriate process: give the people as much info as they could handle
at the moment given, but not more - or they won't get any info at all.

Get they know that there is a PF. Just a few words. Then show some
things they use (or want to use) in netfilter/DamnSwitchOS/etc. that
are e

Re: Shell for PF

[Vadim Zhukov]

e a more popular choice in a lot of
>>> situations. Like me personally I have an ESXi server I lease, I'm not
>>> going buy/lease a hardware router/firewall to sit in front of a single
>>> machine with a handful of VMs on it, I use an OpenBSD VM as a router
>>> to the other VMs and it works wonderfully. My provider had a hard time
>>> understanding why I wanted another /29 routed to one of my IP
>>> addresses the sales guy kept saying "it won't work that way you need a
>>> router and all you have is one server" but eventually they made it
>>> happen.
>>
>> This I must say that's why I decided to answer your message as I can't
>> imagine of understand why you would like to run a router inside
>> VMWare!?!?!??!
>>
>> And don't say that it is to make it more secure please.
>>
>> You make everything more complex and you were talking about making
>> things simpler!?!?! A real paradox there don't you think?
>>
>> Forget that VMWare will not run on OpenBSD as the host and you know you
>> will loose a lots of efficiency too?
>>
>> There is a very long list why you shouldn't run a router in VMWare. Just
>> think about it a little and you will see why it make no sense really.
>>
>> Looks like everyone wants to run everything in VMWare these days and
>> thinks it's good for everything...
>>
>> May be you would gain by playing with PF more and setup routers for fun
>> with it.
>>
>> Just give it a chance and then after a few weeks you will wonder why
>> Cisco and JunOS don't do their syntax like PF really. (:>
>>
>> Just my $0.02 worth for using both and I see no need to have PF be like IOS.
>>
>> I would be way more in favor to see a company out there somewhere do
>> custom hardware for PF and OpenBSD to compete with Cisco routers for
>> example.
>>
>> Some network cards are pretty good as is, but yes it could be even
>> better and faster.
>>
>> I think if such a company would see the light of day, sooner then you
>> think Cisco would come and buy them flat out to avoid that competition.
>> I would be welling to bet that they would do all they can to make sure
>> such a thing never see the light of day!
>>
>> But wouldn't this be nice if it would

--
  WBR,
  Vadim Zhukov

Re: openBSD 5.2 amd64 on lenovo x201s, part 2 apm support and overheating

[Vadim Zhukov]

2013/1/29 Andriy Samsonyuk :
> Hi,
>
> is apm/apmd the only wat to change the fan speen?
>
> The fan speen never goes above:
> hw.sensors.acpithinkpad0.fan0=4527 RPM
> +- few RPMs
>
> if i set apmd -C or -A the laptop powers off after a while
> without any warnings.
>
> with apm -L or -H its running, but getting hotter.
>
> Any suggestions/ideas?

David Coppa already sent you a patch but probably I should clarify
some things more.

Many modern ThinkPad allow to either delegate management of fan speed
to BIOS or to set it manually. OpenBSD point of view is that manual
setting fans from userland is a BAD idea. So what's the patch
mentioned does is taking management from BIOS to OS.

BIOS does a good thing at managing fan speed until it gets too hot.
But when overheating happens, there are two complimentary ways to
handle the situation: a) raise the fan speed; b) lower CPU speed.

(a) is what OpenBSD with the patch mentioned starts to do. The fan is
put in so called "disengaged" mode, fan goes to 6000+ RPM and became
spinning as if it's trying to make your laptop flying. This probably
could damage the fan, but mine is still there for about two years.

The same functionality exists in the Linux kernel but the code is
(was? Didn't check for a year) disabled; I've actually picked up
register addresses from there.

(b) is what Windows does. Your videoplayer will start dropping frames
but it'll be more or less quiet around.

Probably some overheating logic could be added to apmd(8), but this
daemon already wants too many options and thus probably needs
refactoring. Or there could be some default scripts for sensorsd(8)
written...

--
  WBR,
  Vadim Zhukov

Re: How do I compile 32-bit binaries on amd64 OpenBSD?

[Vadim Zhukov]

22.01.2013 16:32 пользователь "Salil Wadnerkar"

написал:
>
> Thanks Peter. I found that many autotools packaged programs out there
> expect newer gcc environments.
> So, when I run
> ./configure
> make
> make install
> most of the time, make fails because the system gcc toolchain is old.
> I tried using a newer toolchain by setting the environment variables:
> export CC=egcc
> export CPP=egcc-cpp
> export MAKE=gmake
> But, libtool is picked up from the /usr/bin instead of /usr/local/bin.
>
> Can somebody guide me about how I can use the sandboxed gcc environment to
> build programs?

Probably it's easier to create ports, then Ports framework will care about
most problems you're fighting now, including libtool. Take a look at
http://www.openbsd.org/porting.html , especially checklist and GNU
specifics sections.

> On Tue, Jan 22, 2013 at 5:43 PM, Peter Hessler 
wrote:
>
> > On 2013 Jan 22 (Tue) at 17:37:18 +0800 (+0800), Salil Wadnerkar wrote:
> > :Hi,
> > :
> > :Some programs like smlnj, which is SML by New Jersey, support only
32-bit
> > :binaries. On Linux distros, I can use gcc multilib support. How do I do
> > :that in OpenBSD?
> >
> > OpenBSD does not support multilib, and has no intention to.
> >
> > Fix the code so it works on 64bit systems.
> >
> > --
> > The National Short-Sleeved Shirt Association says:
> > Support your right to bare arms!

Re: named not answer on external query

[Vadim Zhukov]

17.01.2013 12:31 пользователь "lilit-aibolit"

написал:
>
> This is weird trouble. Years ago I did authoritative server on openbsd
4.x and it's just works
> for both - local network and queries from Internet.
> But now it doesn't. I know - this is my issue, please help to resolve.
> ###named.conf###
> // $OpenBSD: named-simple.conf,v 1.10 2009/11/02 21:12:56 jakob Exp $
> acl tlk {
> 192.168.5.0/24;
> 192.168.55.0/24;
> 192.168.66.0/24;
> 192.168.99.0/24;
> 127.0.0.1; };
> options {
> version "";// remove this to allow version queries
> listen-on { 127.0.0.1; 192.168.5.254; 192.168.55.254; ext_if; };
> listen-on-v6 { none; };
> allow-transfer { none; };
> empty-zones-enable yes;
> //forward first;
> forwarders { provider's dns; };
> allow-recursion { tlk; };
> allow-query { any; };
> };
> view "allow-recursion" {
> match-clients { tlk; };
> //recursion yes;
>
> zone "." {
> type hint;
> file "etc/root.hint"; };
>
> zone "localhost" {
> type master;
> file "standard/localhost";
> //allow-transfer { localhost; };
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "standard/loopback";
> //allow-transfer { localhost; };
> };
>
> zone "zone.1" {
> type master;
> file "/master/zone.1"; };
>
> zone "zone.2" {
> type master;
> file "/master/zone.3"; };
>
> zone "zone.4" {
> type master;
> file "/master/zone.4"; };
>
> zone "168.192.in-addr.arpa" {
> type master;
> file "/master/168.192.in-addr.arpa"; };
>
> include "/master/forbidden.conf";
> };
>
> view "deny-recursion" {
> recursion no;
> additional-from-cache no;
> additional-from-auth no;
> zone "zone.5" {
> type master;
> file "/master/zone.5"; };
> };
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "**";
> };
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> logging {
> channel security_channel {
> # Send log messages to the specified file
> file"log/security.log";
> # Log all messages
> severitydebug;
> # Log the date and time of the message
> print-time  yes;
> # Log the category of the message
> print-category  yes;
> # Log the severity level of the message
> print-severity  yes;
> };
>
> channel default {
> # Send logs to the 'local0' syslog facility
> syslog  local0;
> # Log messages of severity 'info' or higher
> severityinfo;
> print-category  yes;
> print-severity  yes;
> };
>
> # Logs about approval and denial of requests
> category security {
> security_channel;
> default;
> };
>
> # Ignore logs about misconfigured remote servers
> category lame-servers { null; };
>
> # Default logging options
> category default { default; };
> };
>
> ###zone.5###
> ; $OpenBSD: db.localhost,v 1.2 2005/02/07 06:08:10 david Exp $
> $ORIGIN zone.5.
> $TTL 24h
> @INSOAns1.zone.5. admin.zone.com. (
> 10; serial
> 1h; refresh
> 30m; retry
> 7d; expiration
> 1h ); minimum
> NSns1.zone.5.
> NSns2.zone.5.
> @INAright.IP
> wwwINAright.IP
> ns1INAright.IP
> ns2INAright.IP2
>
>
> ###pf.conf related rules###
> pass in on $ext_if inet proto { tcp, udp } from any to em1 port domain
> pass in on $int_if inet proto { udp, tcp } from  to $int_if port {
ntp, domain }
> pass out on $ext_if inet proto udp from em1 to any
>
> I see a numbers of external queries to my server, but don't see the
answers:
> # tcpdump -i em1 -p udp 'port domain'
> 09:28:23.152111 smtp.eurocom.su.19716 > my.server.domain: 59597 [1au] A?
www.zone.5. (45)
> 09:28:24.136607 idbh.ru.47793 > my.server.domain: 26171% [1au] A?
www.zone.5. (45)
> 09:28:26.942971 smtp.eurocom.su.44341 > my.server.domain: 615 A?
www.zone.5. (34)
> 09:28:27.191067 smtp.eurocom.su.17302 > my.server.domain: 42979 [1au] A?
www.zone.5. (45)
> 09:28:29.417383 smtp.eurocom.su.34958 > my.server.domain: 53565 A?
www.zone.5. (34)
> 09:28:29.737934 idbh.ru.45564 > my.server.domain: 27837 A? www.zone.5.
(34)
>
> From local net:
> user@pc.local:~$ nslookup
> > zone.5
> Server: 192.168.5.254
> Address:192.168.5.254#53
> Non-authoritative answer:
> Name:   zone.5
> Address: right.IP
> # tcpdump -i em0 -p udp 'port domain'
> 10:00:41.702484 pc.local.46571 > my.server.domain: 50830+ A? zone.5. (30)
> 10:00:41.702625 my.server.domain > pc.local.46571: 50830 1/2/0 A right.IP
(82)
>

At first, find where the flow gets stopped: enable debug logging on
resolver and add "match log (matches) to port 53" rule as first one in your
firewall. Then probably you'll see the problem yourself.

Oh, and please, if you get "no packe

Re: Unused swap

[Vadim Zhukov]

2013/1/12 Christian Weisgerber :
> Constantine A. Murenin  wrote:
>
>> plus, last i checked, firefox was not even 64-bit friendly anyways
>
> Bullshit.

Well, not FireFox but JavaScript JIT, IIRC.
http://www.openbsd.org/papers/slackathon2011_64bitandjit/index.html

--
  WBR,
  Vadim Zhukov

Re: Can't use PerlMagick

[Vadim Zhukov]

24.11.2012 5:11 пользователь "Dmitrij D. Czarkoff"

написал:
>
> Hello!
>
> I'm running into a weird problem with PerlMagick:
>
>  $ perl -e 'use Image::Magick'
>  Can't load
'/usr/local/libdata/perl5/site_perl/amd64-openbsd/auto/Image/Magick/Magick.so
'
for module Image::Magick: Cannot load specified object at
/usr/libdata/perl5/amd64-openbsd/5.12.2/DynaLoader.pm line 200.
>   at -e line 1
>  Compilation failed in require at -e line 1.
>  BEGIN failed--compilation aborted at -e line 1.
>  &Image::Magick::constant not defined. The required ImageMagick libraries
are not installed or not installed properly.
>  END failed--call queue aborted at -e line 1.
>
> Am I missing something obvious? Is there anything I can do about it?
>
> OpenBSD -current amd64 (latest snapshot), PerlMagick from
> ImageMagick-6.7.7.7p2 package.
>
> Thanks in advance.

LD_PRELOAD for pthread library? OpenBSD Perl isn't threaded. This should be
mentioned in pkg-readme...

Four "no"

[Vadim Zhukov]

Just look at this beautiful name for command-line parameter:

-Wno-non-virtual-dtor

Again, step by step:
Warnings
  No
Non
  Virtual
De-
  structor

"No", "Non", "Virtual" and "De-".

Four times "no".

Excellent example of brilliant software (all of the lang, compiler and
piece of shit being built) design, isn't it? :)

--
  WBR,
  Vadim Zhukov

Stable releases: KDE-way

[Vadim Zhukov]

It's too bad - I'm OpenBSD user.

It's too bad - I understand some words literally.

Say, the word "stable". Using OpenBSD I've got accustomed to
understand it as... you know, stable. And not as, say: "let's tweak
some system headers in OPENBSD_5_0 branch because ANSI published new
standard".

And, of course, KDE got it right: adding "-fno-exceptions" by default
for each and every KDE project is a nice idea, isn't it? It's so cool
to force packagers to patch CMakeLists.txt files here and there in
stable release (between 4.9.0 and 4.9.2).

IMHO, OpenBSD should go this way too. It's so funny. And the coding
should be fun, shouldn't it?

... back to WIP ports tree...
--
  WBR,
  Vadim Zhukov

Re: pf: multiple reply-to rules; could it be done more simple?

[Vadim Zhukov]

03.08.2012 17:15 пользователь "Dr.-Ing. Torsten Finke" <
torsten.fi...@igh-essen.com> написал:
>
> Dear List,
>
> my network is connected to the internet by three different DSL
> connections. At connection my ISP provides always the same IP addresses,
so
> that they are effectively configured with a fix IP address each. These
> connections are managed by my external firewall.
>
> Outbound traffic is load balanced via round robin on the three mpath
default
> routes.
>
> Since I run several services on my system (e.g. openvpn, which is actually
> served by my internal firewall), I have to ensure, that inbound traffic
will
> be returned to exactly that connection the request came from. This is
done by
> the following pf rules (openvpn handling as an example among others):
>
> #---
> ext_if0 = "tun0"
> ext_if1 = "tun1"
> ext_if2 = "tun2"
> int_fw  = # my internal firewall's address
> ...
>
> pass in quick on $ext_if0 proto udp from any to any port 1194 \
> rdr-to $int_fw port 1194 reply-to ( $ext_if0 $ext_if0:peer )
> pass in quick on $ext_if1 proto udp from any to any port 1194 \
> rdr-to $int_fw port 1194 reply-to ( $ext_if1 $ext_if1:peer )
> pass in quick on $ext_if2 proto udp from any to any port 1194 \
> rdr-to $int_fw port 1194 reply-to ( $ext_if2 $ext_if2:peer )
> #---
>
> May there be any trick that avoids this rule definition for each
connection? I
> am trying to get the rules more simple and also looking for a rule, that
is
> independent of the actual connection state (if one of the connections is
> broken, pfctl complains about an unreacheable peer of course).
>
> Has anyone tried somthing like this using pf anchors?

I had a patch adding support for routing options to "match" rules, but it
lacked pfsync support. If you're interested, I can try to update it and
send (or you can avoid waiting and search tech@ archives yourself). AFAIK,
previous version still works at the place I've quit a year ago.

Re: man page contents [was: Re: C******.org]

[Vadim Zhukov]

Am I right you need ASCII-like output without extra formatting (e.g.,
terminal escape codes)? Something like:

"xyz utility does the following: blah-blah. The options are as follows: -h
to make you happy. -k to kill your ex-girl's kitten. -v to make sure
everyone know what are you doing. See also manual page for cat in section
one, manual page for kill in section one and for wall in section one."

This could be accomplished by new backbend for mandoc, as I can understand.
Other easy would be to teach your screen reader to mdoc(7) and man(7)
formats. This will do it best as you'll have hyperlinks and other stuff the
way you want.

... And for now going with MANPAGER and /etc/man.conf will be your best
option, I think.
27.07.2012 4:33 пользователь "Eric Oyen" 
написал:

> man,
> the format of that page is ugly to listen to. lots of back slashes. I
> noticed
> there didn't appear to be any line/returns in there (and that is
>  something my
> screen reader doesn't make clear either).
>
> I will have to find an online version of the man page mentioned below.
>
> -eric
>
> On Jul 26, 2012, at 11:24 AM, Weldon Goree wrote:
>
> > On Thu, 2012-07-26 at 10:54 -0700, Eric Oyen wrote:
> >> well, I am wondering what packages I can use to edit man pages.
> >
> > The pages themselves are marked-up text; just use a text editor. Note
> > that OpenBSD doesn't use groff anymore to render them. Look at
> > mandoc(1)
> > mdoc(7) (the suggested format)
> > man(7) (the legacy format; you may run across it in older pages you're
> > editing)
> >
> > As an example, here's mdoc(7) in its text format, via cvsweb:
> >
> >
>
>
http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man7/mdoc.7?rev=1.93;cont
> ent-type=text%2Fplain
> >
> > That's what you would be editing.
> >
> > Weldon
> >
> > Weldon

Re: multiple instances of ftp-proxy ?

[Vadim Zhukov]

2012/6/12 Илья Шипицин :
> Hello!
>
> is anybody running multiple instances of ftp-proxy in reverse mode?
> I'd afraid of anchor "ftp-proxy/*", ftp-proxy doesn't allow to specify
> anchor, also, many instances of ftp-proxy can break each others anchors.

No, they will not, see prepare_commit() in
/usr/src/usr.sbin/ftp-proxy/filter.c:

 snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d", FTP_PROXY_ANCHOR,
getpid(), id);

> can somebody provide me with example of multiple ftp-proxies ?

I've done it simple. In /etc/rc.local:

if [ X"${ftpproxy2_flags}" != X"NO" ]; then
echo -n ' ftp-proxy2';  /usr/sbin/ftp-proxy
${ftpproxy2_flags}
fi

In /etc/rc.conf.local:

ftpproxy2_flags="-p 8022 -R 172.27.4.2 -v"

That's all.

Re: n00b questions -- keyboard messed up

[Vadim Zhukov]

On 24 QNWARQ 2012 G. 10:07:24 Amit Kulkarni wrote:
> On Tue, Jan 24, 2012 at 2:07 AM, David Coppa  wrote:
> > On Tue, Jan 24, 2012 at 9:01 AM, Marc Espie  wrote:
> >> On Tue, Jan 24, 2012 at 01:33:01AM +0100, Ariane van der Steldt
wrote:
> >>> KDE also had a browser (konqueror). I don't know if KDE4 still
> >>> provides it. Konqueror, as shipped in KDE3, is pretty dated and
> >>> will probably not handle many sites, so won't display facebook or
> >>> twitter (which may considered a feature).
> >>
> >> Yes, there's still a konqueror in kde4, but it should be
> >> considerably
> >> improved. Consider that qt4 integrates webkit, for a start.
> >
> > By default, it still uses KHTML. You can switch it to WebKit by
> > installing kwebkitpart and changing the service preference order
> > using
> > "keditfiletype text/html".
>
> I do believe that Vadim has the new KDE porting at
> http://github.com/jasperla/openbsd-wip use webkit as the rendering
> engine

It uses (used to when I was tweaking it in 4.7, will recheck for 4.8)
Webkit by default in new installations, existing configurations should
manually set Webkit as preferred engine.

--
  WBR,
  Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Using TrinityDesktop to replace KDE3

[Vadim Zhukov]

02.11.2011 19:13, Dmitrij D. Czarkoff P?P8QP5Q:
> On Wed, 2011-11-02 at 17:47 +0400, Vadim Zhukov wrote:
>> The point is that we'll be able to run KDE 3 (okay, Trinity) and KDE 4
>> apps at the same time.
>
> Why would anyone need that?

At least me. :) In that use case you can, e.g., carefully move your 
profile to KDE 4 while still working with old apps. You may check that 
specific functionality you need/use still exists in KDE 4 without 
disturbing your workflow. Etc.


>> And not fiddle in terminal with updating all the configs at the same 
time.

>
> So You prefer continuous fiddling with configs instead of using
> "configure once" approach?

When your KDE profile is large enough and heavily customized, it becomes 
a problem.


>>> I believe it will halt even before the complete OpenBSD port will be
>> finished.
>>
>> Well, many people say that "OpenBSD will die soon" too. :) And keep
>> saying it for many years...
>
> I think this example is a way closer: http://rus-os.narod.ru/

OMG :


--
WBR, Vadim Zhukov

Re: Using TrinityDesktop to replace KDE3

[Vadim Zhukov]

02.11.2011 16:25, Dmitrij D. Czarkoff P?P8QP5Q:

On Wed, 2011-11-02 at 06:49 -0500, Amit Kulkarni wrote:

On Tue, Nov 1, 2011 at 5:31 PM, Vadim Zhukov  wrote:

My crazy idea is to port Trinity (those guys migrate to using Qt4 and
CMake, which is cool, and to UDev, which is not) and make it replace
KDE 3 (which is dead upstream anyway). After this migration to KDE 4
will be seamless (and those who want "KDE 3 enchanced" could have it
too :) ).


It seems to me that they deliberately changed the API (renamed every lib
function for K* to T*) not to interfere with KDE4. If I get it right,
that effectively means that neither KDE3 nor KDE4 apps can't be linked
with Trinity libs. So, Trinity does not affect migration to KDE4.


The point is that we'll be able to run KDE 3 (okay, Trinity) and KDE 4 
apps at the same time. And not fiddle in terminal with updating all the 
configs at the same time. Don't care about libraries: you run apps, not 
libs. :)



BTW, I don't really get the idea of Trinity. KDE4 feature-wise is a
superset of KDE3, and as such it can be tuned to mimic KDE3 fairly
closely.

>

That said, KDE4 is far ahead of where KDE3 is. Many former KDE3 apps
advanced, and this gap will only get larger as time goes. KDE3 is fairly
big, so porting it to Qt4 will take long.


Personally I don't care about their goals. They may want ever to 
dominate over the world, but that's out of the question. :) The question 
is "could this project help to migrate from KDE 3 to KDE 4".


We have Qt4 in ports, so I don't see any problems _for_us_ here. Qt3? 
Okay. Qt4? Fine.


Main problem I see currently is the process of moving Trinity to using 
UDev and NetworkManager. We already have all other bits they want, don't we?



That means that Trinity isn't going to have a sufficient user base, and
as far as it has fairly limited development resources, I doubt that it
will ever get to major release.


They just did the third release, so the project is at least alive.

> I believe it will halt even before the complete OpenBSD port will be 
finished.


Well, many people say that "OpenBSD will die soon" too. :) And keep 
saying it for many years...


Current KDE 4 effort took about 1,5 months of work ATM. Yes, a lot of 
work was done before by Marc Espie, Remi Pointel, FreeBSD and NetBSD KDE 
teams and others I'm not aware of. But until there are any real 
stoppers, porting Trinity looks real enough.


--
WBR, Vadim Zhukov

Re: Using TrinityDesktop to replace KDE3

[Vadim Zhukov]

02.11.2011 15:49, Amit Kulkarni P?P8QP5Q:

On Tue, Nov 1, 2011 at 5:31 PM, Vadim Zhukov  wrote:

Hello all.

Someone of you could already know this, but me was just notified:
there exists Trinity Desktop - http://www.trinitydesktop.org/ - that
aims to keep KDE 3 platform alive. One of the goals they pursue is
co-existing with KDE 4.

My crazy idea is to port Trinity (those guys migrate to using Qt4 and
CMake, which is cool, and to UDev, which is not) and make it replace
KDE 3 (which is dead upstream anyway). After this migration to KDE 4
will be seamless (and those who want "KDE 3 enchanced" could have it
too :) ).

Is anyone interested?

--
   WBR,
   Vadim Zhukov


moving this to the misc@ list to get a gauge on people's opinions.

Are there many users of KDE on OpenBSD? I thought OpenBSD is mostly GNOME :-)

This new fork would be too much work :( Idea is very good, but GNOME
in OpenBSD is moving completely to 3.X, why keep a fork of old KDE or
old KDE? I agree that there are problems with new KDE but they would
be solved in future versions.

Opinions?


The idea is that migrating from KDE 3 to Trinity will allow to migrate 
to KDE 4 seamlessly later. At the present time (even when we'll have KDE 
4 packages being built officially) you cannot install KDE 3 and KDE 4 
together. I suspect that Trinity will be less pain than patching KDE 4 
(and KDE 3) to work together.  So if anyone has been used Trinity (on 
any OS), it'll be useful to hear your opinions.


--
WBR, Vadim Zhukov

KDE 4 porting mailing group

[Vadim Zhukov]

(same mail as was just sent to ports@)

Hello all.

I've just set up a mailing group at Google:

  openbsd-...@googlegroups.com

AKA

  https://groups.google.com/forum/#!forum/openbsd-kde

The page at HTTP link above contains quick start guide for newbies.
If you have any questions or problems that you don't want to express on 
ports@ list, welcome. You're also welcome with any ideas how to fix 
current items in KDE TODO lists:


  https://github.com/jasperla/openbsd-wip/blob/master/x11/kde4/TODO

and some more lists are scattered in ports subdirectories. Most valuable 
ones will be solutions for migrating from and/or co-existing with KDE 4, 
but any other useful ideas are welcome too. Patches are welcome even 
more, of course. :)


The group is fully open, so you don't need to register in Google.
--
WBR, Vadim Zhukov

Re: EAP-TLS WPA support

[Vadim Zhukov]

20.10.2011 22:44, Alexey Suslikov P?P8QP5Q:

Another one

http://thread.gmane.org/gmane.os.openbsd.misc/180057/focus=180749


Thanks, but as far as I can understand, they all are about wired 
networking. And in one of these threads, it's even mentioned that 
OpenBSD 802.11 stack needs adjustments as well, for using EAP. :(



On Thu, Oct 20, 2011 at 21:32, Alexey Suslikov
  wrote:

How about resurrecting this diff?

http://thread.gmane.org/gmane.os.openbsd.ports/39927

On Thu, Oct 20, 2011 at 15:58, Martin Pelikan  wrote:

2011/10/20 Alexey E. Suslikov:

Vadim Zhukov  gmail.com>  writes:
http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=en


Well, that rc.conf option seems FreeBSD.
AFAIK, OpenBSD doesn't support "enterprise WPA". You can try
implementing it yourself. The last PDF I saw had about 1000 pages and
basically was describing how to interconnect WPA, EAPOL (802.1x) and
802.11 state machines, and then implement like 42 different
authentication mechanisms on top of that.
Many people have asked that question and nobody seems to have the time
to write the code and test it against different RADIUS servers.
Good luck with that.
FYI: porting current wpa_supplicant or writing new implementation
(into iked?) to me seemed like the same effort, since the protocol
suite is pretty complicated. But I gave it just a quick look (and
moved to more important things to do).


--
WBR, Vadim Zhukov

EAP-TLS WPA support

[Vadim Zhukov]

Hello all.

I've just changed my job, and here I'm forced to use 802.11X for (any) 
network access. Our ifconfig allows only (WPA|WPA2)-PSK, and 
wpa_supplicant from ports doesn't support our 802.11 stack. Are there 
any options other than implementing OpenBSD 802.11 stack support in 
wpa_supplicant?


Thanks in advance.

--
WBR, Vadim Zhukov

Re: KDE 4 on OpenBSD

[Vadim Zhukov]

20.10.2011 13:20, Paolo Aglialoro P?P8QP5Q:

Thanks for all the answers :)
...and sposibo to Vadim and Amit for all the great work!

For Vadim: if I understand well about the hal dilemma, hotplugd would at
least mount USB devices, so things like phonon would be out


Actually, Phonon rely on something else: GStreamer, VLC... At the 
present, only VLC plugin works fine.


KDE relies on UDev here and there, didn't even count all the places yet.

> and audio/video

be controlled as usual by OpenBSD standard facilities? Which one would be
the level of integration with native apps like kmix?


KMix is not usable now, need to meet it with sndio. Dragon needs love 
too: crashes, bugs etc. Other multimedia parts worked fine for me.


> Would recent

intel-based video chipsets work accelerated (i.e. composting) or not?


As far as I recall, it worked for me.


When 5.0 comes out, I could gladly test it on sparc64,


You'll need -CURRENT for testing anyway, too many KDE-related changes 
since release: CMake 2.8.6, Raptor2, wscanf(3), removal of JDK <= 1.5, 
Qt 4 updates...


SPARC tests would be great! :)

> even though the best

sparc64 machine I have with a graphic card is a Blade 150 with 1GB ram.
Would it be enough? It's an UltraSPARC IIi 650MHz, would it take ages to
compile or what? Right now the lowest platform I had KDE4 running is a
Pentium3-M 1.133MHz under debian, but that one just sports canned-out
packages, never compiled a row. Maybe I could borrow a V240 dual 1,5MHz 8GB
ram from a friend, but dunno which graphic card would fit there without
hassles (I've read a recent post on sparc@ about the "would be" video-card
compatibility list for OpenBSD which turned out to be too "optimistic" when
effectively tried out...).

Thanks
Paolo


On Wed, Oct 19, 2011 at 6:00 PM, Amit Kulkarni  wrote:


Is there some forecast (even rough like, say, 6mth, 2yrs, etc.) about

future

availability?
Btw, since 4.6 kde abandoned hal, how does this fit with OpenBSD?
Thanks



We can get it in the main tree when there are testers who are willing
to devote their time and give feedback.

On October 10th Vadim posted a patch to ports@ on which can be tested
on other architectures: sparc/sparc64/loongson etc.. wherever KDE
claims to have support. KDE might support only a few, we don't know.
We need to find out which arches work in our tree for KDE 4.7.2.

Remi Pointel worked on this initially, now Vadim is working on KDE
4.7.2 and if we get testers we will be hopefully be able to get this
effort in. Without testers and feedback nothing goes in the main
tree!!!

Like Vadim said, please start testing next week, when he can get some
time to polish up some stuff. If you need help look at the porting
FAQ, man ports, man bsd.port.mk

thanks in advance





--
WBR, Vadim Zhukov

Re: KDE 4 on OpenBSD

[Vadim Zhukov]

19.10.2011 14:23, Paolo Aglialoro P?P8QP5Q:

Is there some forecast (even rough like, say, 6mth, 2yrs, etc.) about future
availability?
At least I hope to get it more or less stable in November. KDE 4 
requires (directly, but mostly indirectly) many updates and additions to 
existing packages. And there are a few problems remaining to be fixed, 
like co-existing KDE 3 and KDE 4 (if it ever possible) or seamless upgrade.

Btw, since 4.6 kde abandoned hal, how does this fit with OpenBSD?
I think that needed UDev functionality could be mostly emulated using 
hotplugd(8), but do not hold your breath, I don't know of any projects 
started. Currently hardware-related features in KDE 4 are (almost) disabled.


You can join to testing process (I recommend doing this after end of 
this week), see README.md at https://github.com/jasperla/openbsd-wip/ .

On Wed, Oct 19, 2011 at 8:38 AM, Antoine Jacoutotwrote:


On Wed, 19 Oct 2011, Alvaro Mantilla Gimenez wrote:


Hi,

  Is anybody using KDE 4 on OpenBSD? This port has been marked as broken

for a

while. Which is the real status of this port?

It's being worked on at
https://github.com/jasperla/openbsd-wip/tree/master/x11/kde4

--
Antoine

--
WBR, Vadim Zhukov

Re: Thanks a lot to all devs of OpenBSD

[Vadim Zhukov]

On Sunday 28 August 2011 19:50:51 Marc Espie wrote:
> On Sun, Aug 28, 2011 at 05:00:46PM +0200, Tomas Bodzar wrote:
> > (and main link which caused that
> > http://lists.freebsd.org/pipermail/freebsd-arch/2011-August/011412.h
> >tml)
>
> This link makes me a little sad. I don't quite get why that guy
> mentions that FreeBSD ports has problems, but then mentions only the
> netbsd work, and blatantly ignores our tools, even though they solve
> most of the problems he has...

This man thinks that OpenBSD will die sooner or later. I've already had 
many talks with him... He is an expirienced man, though.

Regarding pkgsrc he thinks that its infrastructure will be easier to 
integrate because it was already ported to many platforms. Even more, it 
is the default ports/packages infrastructure in DragonFly, which is 
closer to FreeBSD than to OpenBSD; therefore, it should be easier to 
adapt.

-- 
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: httpd virtualhost ip

[Vadim Zhukov]

On 12 June 2011 c. 13:01:39 Bambero wrote:
> Hello
>
> I have many IP and IP based virtualhost configured.
>
> My hostname.em0 looks like this:
> inet 123.456.789.66 255.255.255.224
> inet alias 123.456.789.67 255.255.255.224
> inet alias 123.456.789.68 255.255.255.224
> inet alias 123.456.789.70 255.255.255.224
> inet alias 123.456.789.71 255.255.255.224
> ...

BTW, shouldn't it be like below?

inet 123.456.789.66 255.255.255.224
inet alias 123.456.789.67 255.255.255.255
inet alias 123.456.789.68 255.255.255.255
inet alias 123.456.789.70 255.255.255.255
inet alias 123.456.789.71 255.255.255.255

And for specifying the connection, you can use cURL PHP extension, for
example, see CURLOPT_INTERFACE option in PHP manual.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Thinkpad x201 OBSD compatibility

[Vadim Zhukov]

On 12 February 2011 c. 05:13:33 Ted Unangst wrote:
> On Fri, Feb 11, 2011 at 5:05 PM, Vadim Zhukov  wrote:
> >  - NTFS causes problems exhausting kernel memory when, for example,
> > running find(1) on Windows folder.
>
> can you run find in a smaller folder a few times, and send the output
> of vmstat -m | grep -i ntfs?

After running find on /win/Users/pers/Documents:

  packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM
  USB, memdesc, temp, NTFS vrun, DRM
  USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM
  NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM
  UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM
  NTFS mount, NTFS attr, NTFS data, DRM
  UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM
  VM swap, UVM amap, temp, NTFS mount, DRM
  USB, memdesc, temp, NTFS dir, DRM
  UVM amap, temp, NTFS hash, DRM
  131072  devbuf, VM swap, NTFS data
NTFS mount 2 3K  3K 39322K20 0  512,2048
 NTFS node   11014K 26K 39322K  4880 0  128
NTFS fnode   11014K 26K 39322K  4880 0  128
  NTFS dir   105   420K420K 39322K  1220 0  4096
 NTFS hash 116K 16K 39322K10 0  16384
 NTFS attr   495   248K296K 39322K 12100 0  512
 NTFS data   453   193K194K 39322K 10290 0
16,64,128,256,512,1024,131072
 NTFS vrun86 2K  4K 39322K  3640 0  16,32,64,128

After this find ran on /win/Users/pers:

  packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM
  USB, memdesc, temp, NTFS vrun, DRM
  USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM
  NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM
  UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM
  NTFS mount, NTFS attr, NTFS data, DRM
  UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM
  VM swap, UVM amap, temp, NTFS mount, DRM
  USB, memdesc, temp, NTFS dir, DRM
  UVM amap, temp, NTFS hash, DRM
  131072  devbuf, VM swap, NTFS data
NTFS mount 2 3K  3K 39322K20 0  512,2048
 NTFS node  1343   168K168K 39322K 17210 0  128
NTFS fnode  1343   168K168K 39322K 17210 0  128
  NTFS dir  1339  5356K   5356K 39322K 13560 0  4096
 NTFS hash 116K 16K 39322K10 0  16384
 NTFS attr  5368  2684K   2684K 39322K 60830 0  512
 NTFS data  5084   913K913K 39322K 56600 0
16,64,128,256,512,1024,131072
 NTFS vrun   57012K 12K 39322K  8480 0  16,32,64,128

And after running on /win/Users:

  packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM
  USB, memdesc, temp, NTFS vrun, DRM
  USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM
  NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM
  UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM
  NTFS mount, NTFS attr, NTFS data, DRM
  UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM
  VM swap, UVM amap, temp, NTFS mount, DRM
  USB, memdesc, temp, NTFS dir, DRM
  UVM amap, temp, NTFS hash, DRM
  131072  devbuf, VM swap, NTFS data
NTFS mount 2 3K  3K 39322K20 0  512,2048
 NTFS node  1552   194K194K 39322K 19300 0  128
NTFS fnode  1552   194K194K 39322K 19300 0  128
  NTFS dir  1549  6196K   6196K 39322K 15660 0  4096
 NTFS hash 116K 16K 39322K10 0  16384
 NTFS attr  6272  3136K   3136K 39322K 69870 0  512
 NTFS data  5952  1039K   1039K 39322K 65280 0
16,64,128,256,512,1024,131072
 NTFS vrun   64213K 13K 39322K  9200 0  16,32,64,128

If I rerun find on previously searched folder it ends it work almost
immediately - caching? - and there is no difference in vmstat output.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Thinkpad x201 OBSD compatibility

[Vadim Zhukov]

On 11 February 2011 P3. 23:26:33 Chris wrote:
> I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and
> wondering if anyone using it with OpenBSD at the moment. If so, is it
> 100% OpenBSD compatible?

Using X201i now. Almost all is working OK. Here are all problems I saw:

 - Bluetooth causes panics sometimes, especially after suspend/resume
cycle. Do not try to disable radio while in OpenBSD. Also note that
Bluetooth chip here does not allow to save even one key in his memory,
but this looks like hardware limitation.

 - After switching away from X console is blank, but suspend/resume
usually helps.

 - Note that Lenovo changed the fingerprint sensor, which is not
supported by login_fingerprint.

 - NTFS causes problems exhausting kernel memory when, for example,
running find(1) on Windows folder.

All those are minorities, the machine itself works cool. I had no
problems using OpenBSD, including lockups, except noted above.

--
  Best wishes,
    Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: sys.tar.gz in current

[Vadim Zhukov]

On 11 January 2011 c. 22:45:42 Orestes Leal R. wrote:
> Hi, where can I get sys.tar.gz but for use in current?
> It's the same sys.tar.gz as 4.8 release?
>
> I'm using 4.8 current and I want to tweak the max file descriptors
> but I do not found sys.tar.gz for current.
>
> "OpenBSD 4.8-current (GENERIC) #614: Mon Jan 10 00:15:18 MST 2011"

Just do cvs up from 4.8-RELEASE sys.tar.gz. It's ever not as painful as
reading FAQ, especially http://www.openbsd.org/faq/current.html .

Trust me.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: wd0 read timeouts - how to proceed?

[Vadim Zhukov]

2010/12/24 Joachim Schipper :
> something like 'tar cpf - | tar xpf -' is more likely to get you a
> somewhat consistent view.

POSIX pax(1) with -rw options should work slightly faster (and it's
already faster to type ;) ).

--
  WBR,
  Vadim Zhukov

Re: error when compile the kernel

[Vadim Zhukov]

On 1 November 2010 c. 15:36:35 OpenBSD Geek wrote:
> I have this error : rm -f eddep *bsd *bsd.gdb tags *.[io] [a-z]*.s
> [Ee]rrs linterrs assym.h
>
> I don't understand why it doesn't work. If
> someone can help me. thanks

And where's the error? A normal output for "make clean" looks like
exactly this.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: (mailx) How can I alter "From" header

[Vadim Zhukov]

On 26 October 2010 c. 00:22:47 Jan Stary wrote:
> On Oct 25 14:32:52, Chris Bennett wrote:
> > Perhaps you could change /etc/myname to gmail.com?
>
> Or maybe change /etc/mygate to something faster!

Yeah, try 127.0.0.1. Fast as it only can be...

--
  Best wishes,
    Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: found file "bsd" corrupt via Filezilla client.

[Vadim Zhukov]

On 24 August 2010 c. 07:10:48 f5b wrote:
> -
> http://trac.filezilla-project.org/ticket/5545
>
> Description
> --
> Filezilla client 3.3.3~3.3.4.1 installed in Windows 2003/7 or Mac OX
> 10.6
>
> Using Filezilla client download all files from
> ftp://ftp.openbsd.org/pub/OpenBSD/4.7/i386/
> when all files downloaded, check SHA256, found file "bsd" corrupt,
> other files' checksum ok.
>
> same machine, using IE or Firefox download file "bsd" , checksum ok.
>
>
> BTW--
> On Windows, file "pxeboot" downloaded through Filezilla Client corrupt
> too. On Mac OX 10.6, file "pxeboot" downloaded through Filezilla
> Client,checksum ok.

Do you want to make OpenBSD developers fix br*$&n download tool for
offtopic?

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: a minor correction to rc.conf comments

[Vadim Zhukov]

On 30 July 2010 c. 00:37:23 Kenneth R Westerback wrote:
> On Thu, Jul 29, 2010 at 10:54:29AM -0700, Randal L. Schwartz wrote:
> > >>>>> "Jason" == Jason McIntyre  writes:
> >
> > Jason> fixed this and the syslogd_flags example above it, which had
> > the same Jason> error.
> >
> > The style guide for a former employer of mine forbid these,
> > requiring us to spell out "for example" and "that is".  Even if you
> > can get them right, it's not obvious that the reader would know them
> > as well.
> >
> >
> > --
> > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
> > 777 0095 
> > http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix
> > consulting, Technical writing, Comedy, etc. etc. See
> > http://methodsandmessages.vox.com/ for Smalltalk and Seaside
> > discussion
>
> You mean not everyone speaks enough latin to know the difference
> between "exempli gratia" and "id est"? What is modern education
> coming to.

Well, here, in Russia, while English/German/French are more or less
popular in the schools, Latin is being learned by specialists only
(medicians, historians etc.) almost. And it's the way it is for about a
century, if not more.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: os that rather uses the gpu?

[Vadim Zhukov]

On 14 July 2010 c. 00:54:03 Jiri B. wrote:
> On Tue, 13 Jul 2010 22:46:13 +0200
>
> Jozsi Avadkan  wrote:
> > Does someone know a distribution/operating system, that rather uses
> > the GPU for "working", not the CPU? [by default]
> >
> > Or this solution is still in the "beginning part"?
> >
> > Thanks for any tips, link, suggestions.
>
> Why are you asking on OpenBSD mailing list? OMG.

Well, OpenBSD focuses on portability... (just a joke).

Looks like it is a day of mindblowing questions today...

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Secret key in the packet filter.

[Vadim Zhukov]

2010/7/13 jackwssp q :
> Hello brothers and sisters,
>
> Who knows anything about the secret keys in the packet filter(pf), such as
> way only for developers.
>
> Is it real in the open source, and how can I realize it in my own firewall
> with open source?

# echo 'secret="Follow the white rabbit"' >>/etc/pf.conf

Re: /boot broken on latest snapshot ?

[Vadim Zhukov]

2010/7/10, Josh Elsasser :
> On 2010-07-09 14:01:41, Christopher Zimmermann wrote:
>> On 07/09/10 14:19, Christopher Zimmermann wrote:
>> > Hi,
>> >
>> > I just upgraded to the very latest snapshot(9.7. 1:50) on i386. Now my
>> > system does not boot anymore. The only thing I get is:
>> >
>> > Using drive 0, partition 3.
>> > Loading...
>> > [cursor sits here]

Same problem here. ThinkPad X60 Tablet, updated to a very fresh
snapshot. Previous OS installation was pre-4.7.

Booted installed kernel using USB stick (i.e. "set device hd1a", "boot") fine.

dmesg and fdisk output as follows. Sorry for GMail mangling. :(

--
  WBR,
  Vadim Zhukov


OpenBSD 4.7-current (GENERIC.MP) #186: Fri Jul  9 01:19:11 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz ("GenuineIntel"
686-class) 1.83 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
real mem  = 1063677952 (1014MB)
avail mem = 1036275712 (988MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/18/07, BIOS32 rev. 0 @
0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (64 entries)
bios0: vendor LENOVO version "7JET23WW (1.08 )" date 04/18/2007
bios0: LENOVO 636464G
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4)
EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3)
HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz ("GenuineIntel"
686-class) 1.83 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
\\_SB_.PCI0 post-crs: 0
\\_SB_.PCI0 post-bbn: 0, 0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1
acpicpu1 at acpi0: C3, C2, C1
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 97 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "93P5032" serial   362 type LION oem "SANYO"
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000
0xdc000/0x4000! 0xe/0x1!
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b1d06000613
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at inteldrm0
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02:
apic 1 int 17 (irq 11)
azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using
Analog Devices AD1981HD
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1
int 20 (irq 11)
pci1 at ppb0 bus 2
em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00:
apic 1 int 16 (irq 11), address 00:16:d3:39:d0:d7
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1
int 21 (irq 11)
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02:
apic 1 int 17 (irq 11), MoW2, address 00:1c:bf:02:4e:55
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1
int 22 (irq 11)
pci3 at ppb2 bus 4
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1
int 23 (irq 11)
pci4 at ppb3 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1
int 16 (irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1
int 17 (irq 11)
uhci2 at pci0 dev 29 function

Re: Set dhcp from command line?

[Vadim Zhukov]

2010/7/8 Chet Langin :
> I would like to set DHCP for an interface
> from the command line. B I have tried...
>
> # ifconfig re0 dhcp
>
> ..and I get this error...
>
> ifconfig: B dhcp: B bad value
>
> Using version 4.5.
>
> Can anyone tell me how to do this?

$ man -k dhcp | head -1
dhclient (8) - Dynamic Host Configuration Protocol (DHCP) Client
$

--
  WBR,
  Vadim Zhukov

Re: OpenBSD & OpenSSL Lib

[Vadim Zhukov]

2010/7/6 Keith :
> We are trying to install URLfilterDB on OpenBSD 4.7 but while doing a
> ./configure we keep getting.
>
> ./configure --with-bz2-lib=/usr/local/lib --with-ssl-lib=/usr/lib/
> 
> 
> checking for library containing pthread_create... -lpthread
> checking for BZ2_bzBuffToBuffCompress in -lbz2... yes
> checking for SSL_load_error_strings in -lssl... no
>
> ** The OpenSSL library is required for ufdbGuard to compile.
>   Install the openssl and openssl-devel packages from the installation
> media,
>   or use the --with-ssl-lib option.
>
>   Alternatively, get OpenSSL from http://www.openssl.org
>   Use --with-ssl=DIR or --with-ssl-lib=DIR to specify
>   its location. (default is /usr)
>
>
> We have downloaded and installed OpenSSL and have tried various paths to the
> ssl library but because we don't know what the files actually called we
> don't know if we are setting it correctly. Does anyone know exactly what the
> library would be called and where it should be or maby just give us a clue
> as to how to find out.

1. It's better to read system guide (FAQ) _before_ starting using
operating system, not _after_. This way you'll notice that OpenSSL
comes with OpenBSD. Even more, "man SSL_load_error_strings" will give
you some information.

2. Configure script is obviously wrong ("-pthread" should be used
intead of "-lpthread", for example). Look in config.log for clues.

--
  WBR,
  Vadim Zhukov

Re: Silent boot?

[Vadim Zhukov]

2010/7/6 Ilya Ilembitov :
> But what if my system couldn't actually boot? For that
> kind of occasion, I need my whole dmesg to be stored at any given
> point, so I could access it. How do I do that?

And where do you want dmesg to be saved if system did not mount any
filesystems? And if mounted, there is /var/run/dmesg.boot.

I do not see the problem with chatty dmesg. Moreover, after looking in
Linux ones I found OpenBSD boot logs rather compact and elegant. What
the problem with ignoring it? And what problem do you want to solve
implementing graphical bootup?

--
  WBR,
  Vadim Zhukov

Re: how to type non latin in xterm?; video stream to watch FIFA World Cup?

[Vadim Zhukov]

2010/6/9 Vadim Zhukov :
> 2010/6/8 Sviatoslav Chagaev <0x1...@gmail.com>:
>> Hi misc@
>>
>> I want to be able to type non latin characters in xterm (Russian and
>> Latvian).
>> I sat down, read xterm manpage and tried playing with all the options
>> which even remotely looked like they could influence something.
>> But the only thing I managed to get working is xterm displaying UTF-8
>> correctly.
>>
>> Here's my ~/.Xdefaults:
>>
>> XTerm*loginShell: true
>> XTerm*useClipping: false
>> XTerm*geometry: 119x38
>> XTerm*termName: xterm-xfree86
>> XTerm*scrollBar: false
>> XTerm*rightScrollBar: true
>> XTerm*colorMode: true
>> XTerm*colorBDMode: false
>> XTerm*boldColors: true
>> XTerm*boldMode: true
>> XTerm*cutNewline: false
>> XTerm*cutToBeginningOfLine: false
>> XTerm*trimSelection: true
>> XTerm*internalBorder: 2
>> XTerm*Font: -*-terminus-medium-*-*-*-14-*-*-*-*-*-iso10646-1
>> XTerm*Foreground: rgb:cc/cc/cc
>> XTerm*Background: black
>> XTerm*locale: false
>> XTerm*utf8: 2
>> XTerm*deleteIsDEL: true
>> XTerm*eightBitInput: true
>>
>>
>> export LANG=en_US.UTF-8
>> export LC_CTYPE=en_US.UTF-8
>> export LC_NUMERIC=en_US.UTF-8
>> export LC_TIME=en_US.UTF-8
>> export LC_COLLATE=en_US.UTF-8
>> export LC_MONETARY=en_US.UTF-8
>> export LC_MESSAGES=en_US.UTF-8
>> export LC_PAPER=en_US.UTF-8
>> export LC_NAME=en_US.UTF-8
>> export LC_ADDRESS=en_US.UTF-8
>> export LC_TELEPHONE=en_US.UTF-8
>> export LC_MEASUREMENT=en_US.UTF-8
>> export LC_IDENTIFICATION=en_US.UTF-8
>> export LC_ALL=en_US.UTF-8
>> xterm
>>
>> Didn't help too.
>>
>> The annoying thing is that when I start vim in xterm, I *can* type in
>> any language with no problem.
>>
>> export LANG=en_US.UTF-8 LC_ALL
>>
>> Is it possible to enable non latin input in xterm somehow?
>>
>> ---
>>
>> And while I'm here, do you know of any video stream of some channel or
>> something which mplayer (or something from ports) could play and where
>> they'll show FIFA World Cup? My TV receives badly, with a lot of noise,
>> so I thought that maybe even an internet stream could be better, plus I
>> want commentaries in English.
>
> See here: http://www.openbsd.ru/docs/howto-cyrillic.html#xterm
>
> Basically, you need:
> 1. echo "set +o emacs-usemeta" >>~/.profile
> 2. echo "XTerm*allowC1Printable: true" >>~/.Xdefaults

I forgot that xterm doesn't start login shell by default, so
~/.profile will not be called. The easiest way to fix this will be:

echo "XTerm*loginShell: true" >>~/.Xdefaults

The only bad side effect is wtmp spam as xterm will log every time it starts.

--
  WBR,
  Vadim Zhukov