Re: Another potential ksh bug?
For me, this is a definite bug. I've opted my students to fix this bug, so unless there's a hurry, there must be a fix till the end of December. :) пн, 7 дек. 2020 г. в 07:43, Jordan Geoghegan : > > Hello again, > > I was playing around with ksh array syntax and its behaviour when set as > read-only. In my testing I noticed that ksh will allow you to overwrite > the first element of a read-only array. Example snippet: > > #!/bin/ksh > arr[0]=val1 > arr[1]=val2 > readonly arr > echo "${arr[@]}" > arr=yikes > echo "${arr[@]}" > > I tested a few other shells, and this bug does exists in the original > pdksh and is also present in zsh. This bug is not present in ksh93, mksh > or bash, where they abort when trying to modify the read-only array. > > I don't have access to a proper ksh88 shell, but it would be nice if > someone could confirm its behaviour. > > I was just hoping someone could confirm if this is intended behaviour, > or if it's a bug. > > Regards, > > Jordan > -- WBR, Vadim Zhukov
Re: httpd with multiple php-fpm pools in separate chroots
I have setup like below working for me, with base httpd and php-7.3 package. I have PHP web app installed into /var/www/webapp directory, with 'web' subdirectory serving as HTTP root, and I only want to handle request paths starting with '/api' here. The /etc/httpd.conf: server "my.server" { listen on * port 80 location "/api/*" { root "/webapp/web" directory index "index.php" fastcgi socket "/run/php-webapp.sock" } } And the PHP FastCGI conf snip: [webapp] user = $pool group = $pool listen = /var/www/run/php-$pool.sock listen.owner = www listen.group = www listen.mode = 0660 chroot = /var/www/$pool вс, 29 дек. 2019 г. в 02:21, Nazar Zhuk : > > Hello, > > I am trying to run multiple PHP sites, each in it's own chroot: > /var/www/site1, /var/www/site2, etc. Document roots are > /var/www/siteX/htdocs. > > The issue is that fastcgi DOCUMENT_ROOT and SCRIPT_FILENAME generated by > httpd are relative to httpd chroot and include /siteX. php-fpm can't > find scripts. > > I tried to change DOCUMENT_ROOT and SCRIPT_FILENAME with "fastcgi > param". This works for DOCUMENT_ROOT, but for SCRIPT_FILENAME, I need to > pass the actual script name. > > Conceptually I need: > > fastcgi param SCRIPT_FILENAME "/htdocs/" > > Built-in macros like in "block return" and "request rewrite" don't work > here. > > I can make this work with a single php file like this: > > server "site1" { > listen on * port 80 > root "/site1/htdocs" > location "*.php" { > fastcgi param DOCUMENT_ROOT "/htdocs" > fastcgi param SCRIPT_FILENAME "/htdocs/test.php" > fastcgi socket "/site1/run/php-fpm.sock" > } > } > > This will serve http://site1/test.php which is located at > /var/www/site1/htdocs/test.php > > Is there a solution or a workaround? Aside from running all php-fpm > pools in /var/www chroot? > > > Thanks. > > -- > Nazar > -- WBR, Vadim Zhukov
Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?
вс, 2 дек. 2018 г. в 22:59, stephane l1 : > > does the conflicts come because I have already installed the package Qt5.9.6 > (so release version) ? Regarding conflicts - yes, you'll need to use "pkg_add -r" (replace mode) to install alternative (FLAVORed) version of package. This is documented in ports(7), packages(7) and pkg_add(1). Regarding "not signed", you can set TRUSTED_PKG_PATH before running pkg_add, or add -Dunsigned. Using "make install" in port directory does this for you, but it won't use "pkg_add -r", though. -- WBR, Vadim Zhukov
Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?
вс, 2 дек. 2018 г. в 16:31, stephane l1 : > > Hi, > Shall I make FLAVOR=debug make in each Makefile of the modules of Qt in the > port ? Basically, yes. You can play with shell, of course, to run those in a single command, though. Please note that debug FLAVOR isn't linked to bulk builds, so it _may_ fail due to some unexpected condition on your system that differs from mine. And make sure you have enough room for building... And I really, really do not recommend doing it on HDD, only on SSD. :) >> >> ok thanks I will try to compile from the ports too.. >> Yes it was just a Qt problem in qversiontagging.h. >> ok it would be more simple to use the ports thanks >> >> Le dim. 2 déc. 2018 à 14:02, Vadim Zhukov a écrit : >>> >>> Well, I was talking about compiling from ports. >>> >>> If you try to compile Qt from sources on your own you're, well, on >>> your own. find /usr/ports/x11/qt5 -name '*.patch' should give you a >>> clue how much on your own you are. :) >>> вс, 2 дек. 2018 г. в 15:03, stephane l1 : >>> > >>> > Hi, >>> > >>> > I have tryed with FLAVOR = debug make in the .pro and I have still this >>> > error : >>> > >>> > /usr/bin/ld: libQt5Core.so.5.9.6: undefined versioned symbol name >>> > qt_version_tag@Qt_5.8 >>> > /usr/bin/ld: failed to set dynamic section sizes: Bad value >>> > clang++: error: linker command failed with exit code 1 (use -v to see >>> > invocation) >>> > >>> > >>> > Le dim. 2 déc. 2018 à 12:14, Vadim Zhukov a écrit : >>> >> >>> >> You'd better use "FLAVOR=debug make" inside x11/qt5 directory to build >>> >> components you're interested in. >>> >> вс, 2 дек. 2018 г. в 03:06, stephane l1 : >>> >> > >>> >> > Hi, >>> >> > I have tried to compile a debug version of Qt5.9.6 on OpenBSD 6.4 with >>> >> > the >>> >> > mkspecs of the package release Qt5.9.6 and the platform openbsd-clang >>> >> > but I >>> >> > have linking error on the first lib libQt5Core on version-tag@Qt_5_8 ? >>> >> > Have I forgotten something to configure ? >>> >> > >>> >> > Thanks >>> >> > best regards >>> >> > >>> >> > Stéphane L . from france >>> >> >>> >> >>> >> >>> >> -- >>> >> WBR, >>> >> Vadim Zhukov >>> >>> >>> >>> -- >>> WBR, >>> Vadim Zhukov -- WBR, Vadim Zhukov
Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?
Well, I was talking about compiling from ports. If you try to compile Qt from sources on your own you're, well, on your own. find /usr/ports/x11/qt5 -name '*.patch' should give you a clue how much on your own you are. :) вс, 2 дек. 2018 г. в 15:03, stephane l1 : > > Hi, > > I have tryed with FLAVOR = debug make in the .pro and I have still this error > : > > /usr/bin/ld: libQt5Core.so.5.9.6: undefined versioned symbol name > qt_version_tag@Qt_5.8 > /usr/bin/ld: failed to set dynamic section sizes: Bad value > clang++: error: linker command failed with exit code 1 (use -v to see > invocation) > > > Le dim. 2 déc. 2018 à 12:14, Vadim Zhukov a écrit : >> >> You'd better use "FLAVOR=debug make" inside x11/qt5 directory to build >> components you're interested in. >> вс, 2 дек. 2018 г. в 03:06, stephane l1 : >> > >> > Hi, >> > I have tried to compile a debug version of Qt5.9.6 on OpenBSD 6.4 with the >> > mkspecs of the package release Qt5.9.6 and the platform openbsd-clang but I >> > have linking error on the first lib libQt5Core on version-tag@Qt_5_8 ? >> > Have I forgotten something to configure ? >> > >> > Thanks >> > best regards >> > >> > Stéphane L . from france >> >> >> >> -- >> WBR, >> Vadim Zhukov -- WBR, Vadim Zhukov
Re: how to compile a debug version of Qt5.9.6 on OpenBSD 6.4 ?
You'd better use "FLAVOR=debug make" inside x11/qt5 directory to build components you're interested in. вс, 2 дек. 2018 г. в 03:06, stephane l1 : > > Hi, > I have tried to compile a debug version of Qt5.9.6 on OpenBSD 6.4 with the > mkspecs of the package release Qt5.9.6 and the platform openbsd-clang but I > have linking error on the first lib libQt5Core on version-tag@Qt_5_8 ? > Have I forgotten something to configure ? > > Thanks > best regards > > Stéphane L . from france -- WBR, Vadim Zhukov
Re: "no route to host" from pkg_add
вт, 7 авг. 2018 г., 21:16 Benjamin Walkenhorst < walkenhorst.benja...@gmail.com>: > Hello everyone, > > I recently installed OpenBSD 6.3 in a VPS. > > In the last few days, I get an error message when running pkg_add, "no > route to host". > I have tried setting various hosts in /etc/installurl, but the problem > remains. > > When I run pkg_add, this is the output I get I get: > [20:02|root@myhost:~]# pkg_add nmap > https://fastly.cdn.openbsd.org/pub/OpenBSD//6.3/packages-stable/amd64/: > ftp: connect: No route to host > https://fastly.cdn.openbsd.org/pub/OpenBSD//6.3/packages/amd64/: ftp: > connect: No route to host > https://fastly.cdn.openbsd.org/pub/OpenBSD//6.3/packages/amd64/: empty > Can't find nmap > > When I try to ping the host specified in /etc/installurl or call > traceroute, everything seems to work as expected. > > I checked the output of /usr/bin/env to make sure there is no proxy > configured > (I copied that .zshrc around quite a bit), but as far as I can tell, > there are no proxies set up anywhere in > the environment (i.e. the output of "env | grep -i proxy" is empty). > > I have two systems (one laptop and one VM) running OpenBSD 6.3 on my home > network, and they work fine, so I > am fairly certain the problem is with the configuration of the VPS. > > What am I missing? > > Thank you very much for any suggestions, > Benjamin > Most likely, you didn't allow outgoing connections for _pkgfetch user in pf.conf.
Re: OpenBSD snapshot at EFI: no micro :(
4 июня 2018 г. 2:42:21 GMT+03:00, Leonid Bobrov пишет: >Additional output: > >mazocomp$ cat > /dev/audio < /dev/zero & > >[1] 68006 >mazocomp$ audioctl play.{bytes,errors} >play.bytes=1251840 >play.errors=0 >mazocomp$ audioctl play.{bytes,errors} >play.bytes=1724160 >play.errors=0 >mazocomp$ audioctl play.{bytes,errors} >play.bytes=2807040 >play.errors=0 >mazocomp$ kill %1 >mazocomp$ fg %1 >cat > /dev/audio < /dev/zero >Terminated >mazocomp$ mixerctl -v >inputs.dac-0:1_mute=off [ off on ] >inputs.dac-0:1=222,222 >inputs.dac-2:3_mute=off [ off on ] >inputs.dac-2:3=222,222 >inputs.beep=108 >record.adc-0:1_source=mic2 [ mic2 mic ] >record.adc-0:1_mute=off [ off on ] >record.adc-0:1=126,126 >record.adc-2:3_source=mic [ mic mic2 mix ] >record.adc-2:3_mute=off [ off on ] >record.adc-2:3=126,126 >inputs.mix_source=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 } >inputs.mix_dac-0:1=126,126 >inputs.mix_dac-2:3=126,126 >outputs.hp_source=dac-0:1 [ dac-0:1 dac-2:3 ] >outputs.hp_boost=off [ off on ] >outputs.spkr_source=dac-2:3 [ dac-0:1 dac-2:3 ] >inputs.mic=255,255 >outputs.mic_dir=input-vr80 [ none input input-vr80 ] >inputs.mic2=255,255 >outputs.mic2_dir=input-vr80 [ none input input-vr80 ] >outputs.hp_sense=unplugged [ unplugged plugged ] >outputs.mic_sense=unplugged [ unplugged plugged ] >outputs.spkr_muters=hp { hp } >outputs.master=255,255 >outputs.master.mute=off [ off on ] >outputs.master.slaves=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 beep } >record.enable=sysctl [ off on sysctl ] >mazocomp$ It's a new sysctl: kern.audio.record=0, and there's also a per-device mixer knob in called record.enable. Microphone, and any other audio recording, is now disabled by default. This probably worths noting in current.html... -- WBR, Vadim Zhukov
Re: Viewport for man.openbsd.org -- readability on phones
If you REALLY want something like we had, without JS and non-standard features, you can try something like: @media screen and (min-width: 1000px) { html { max-width: 100ex } html { max-width: 80ch } } The @media queries is a long-standing feature and should just work. The "ch" isn't supported by IE <=8 and Opera <=20, so if you really care, you can use doubled declaration: this way browsers that don't support "ch" will use old "ex". Using "ex" for specifying width is ugly and it probably should be something like "65em" instead anyway... -- WBR, Vadim Zhukov 2018-05-18 4:08 GMT+03:00 Ingo Schwarze : > Hi Ken, > > Ken M wrote on Thu, May 17, 2018 at 08:50:53PM -0400: > >> I will probably have to duck and run >> for suggesting javascript as the answer here... > > Precisely. :) > >> But for the most part the modern industry standard to make pages >> scale well across many devices and screen orientations is to use >> a responsive design library, most notably bootstrap. > > We are talking about a simplistic one-column layout here, > and avoiding that kind of bloat (in particular javascript) > is among the top four design goals, together with support > for hyperlinks, support for semantic annotations, and avoiding > gratuitous presentational differences when compared to terminal > output (just to avoid misunderstandings, not every difference > is gratuitous: for example, terminals naturally use fixed-width > fonts, HTML naturally uses proportional fonts). > > But no, javascript is an even worse suggestion than the > original idea of "meta viewport". > > Yours, > Ingo >
Re: no default httpd.conf?
2018-05-17 14:26 GMT+03:00 Stuart Henderson : > On 2018-05-17, Vadim Zhukov wrote: >> 17 мая 2018 г. 5:50:16 GMT+03:00, justina colmena >> пишет: >> >> Regarding su-php, I'd go with per-user php-fpm process, actually, >> that's much safer, and rarely used ones can easily wait in swap (I >> feel that you're trying to pack as much users as possible). You >> can ever use symlinks to create, e.g., /etc/rc.d/phpXY_fpm_USER1, >> /etc/rc.d/phpXY_fpm_USER2 and so on, and then set up different flags >> like "-u USER1" for those in rc.conf. > > No need to run multiple copies of php-fpm yourself, it handles multi > uid itself. Various ways to handle chroot as well, you can chroot them > separately, or use a shared chroot and rely on permissions. This should > give you some ideas: > > [global] > error_log = syslog > syslog.facility = daemon > log_level = notice > > [www] > user = www > group = www > listen = /var/www/run/php-fpm.sock > listen.owner = www > listen.group = www > listen.mode = 0600 > pm = dynamic > pm.max_children = 20 > pm.start_servers = 2 > pm.min_spare_servers = 1 > pm.max_spare_servers = 3 > chroot = /var/www > > [web1] > user = _web1 > group = _web1 > listen = /var/www/run/php-fpm-web1.sock > listen.owner = www > listen.group = www > listen.mode = 0600 > pm = dynamic > pm.max_children = 20 > pm.start_servers = 2 > pm.min_spare_servers = 1 > pm.max_spare_servers = 2 > chroot = /var/www > env[TMP] = /var/www/web1/tmp > env[TMPDIR] = /var/www/web1/tmp Now that breakfast is gone I start to think you (and Josh earlier) are right: single php-fpm process should be fine. :) -- WBR, Vadim Zhukov
Re: no default httpd.conf?
17 мая 2018 г. 5:50:16 GMT+03:00, justina colmena пишет: >I just recently installed OpenBSD 6.3, and I was looking for an example >httpd.conf, but I did not find one. The manual page does document >more or less how to create one, but there still appears to be some lack >of ease and safety putting up a basic web page with dynamic content (I >am most used to PHP and PostgreSQL for that purpose, but of course >there are many options that more or less replace the ubiquitous "LAMP" >or "Linux/Apache/MySQL/PHP" stack. > >Now there is nothing in OpenBSD's httpd really like Apache's "UserDir" >directive. Of course the real user directory has to dwell somewhere in >the "/var/www" chroot on OpenBSD. The alternative to "UserDirs" of >course, is wildcard subdomains, but those do not really cooperate all >that well with https, dnssec, or caa records, or with certain other >general goals of security. > >The other thing I am curious about is something like "su-php" which >appears to be deprecated and outdated. So, assuming some sort of >UserDir >scenario, (probably more sophisticated than my very basic one I >have hacked together below,) does php-fpm have a way to prevent one >user's malicious php script from reading another user's database >access credentials? > >%< ># /etc/httpd.conf for amarillo.colmena.biz > >server "default" { >listen on * port 80 >listen on :: port 80 >listen on * tls port 443 >listen on :: tls port 443 >tls certificate "/etc/ssl/fullchain.pem" >directory index index.php >location "/.well-known/acme-challenge/*" { >root "/acme" >root strip 2 >} >location match "/~justina/.*%.php" { >root "/justina" >root strip 1 >fastcgi socket "/run/php-fpm.sock" >} >location "*.php" { >fastcgi socket "/run/php-fpm.sock" >} >location "/~justina/*" { >root "/justina" >root strip 1 >directory auto index >} >location "/~justina" { >block return 301 "/~justina/" >} >} >types { >include "/usr/share/misc/mime.types" >} Did you ever looked in /etc/examples? OpenBSD HTTPd is a web server, but not each web server is fully-featured Apache HTTP Server replacement. So, yes, no UserDir. If you need this functionality, then just install apache-httpd from packages. Regarding su-php, I'd go with per-user php-fpm process, actually, that's much safer, and rarely used ones can easily wait in swap (I feel that you're trying to pack as much users as possible). You can ever use symlinks to create, e.g., /etc/rc.d/phpXY_fpm_USER1, /etc/rc.d/phpXY_fpm_USER2 and so on, and then set up different flags like "-u USER1" for those in rc.conf. -- WBR, Vadim Zhukov
Re: Why would you use make show rather than make -V in ports?
2017-12-23 1:57 GMT+03:00 Thomas Levine <_...@thomaslevine.com>: > The normal port Makefile includes this "show" target. > > $ grep -A3 ^show: /usr/ports/infrastructure/mk/bsd.port.mk > show: > .for _s in ${show} > @echo ${${_s}:Q} > .endfor > > Why would one use it rather than make -V? The "show" gives you expanded value when -V gives raw one. Just assign "foo=$bar" in Makefile and see what happens in both cases. -- WBR, Vadim Zhukov
Re: xlock permission problem
2016-07-17 22:20 GMT+03:00 Jyri Hovila [iki.fi] : > Hi, and thanks for your time! > > On Sun, 17 Jul 2016 21:52:53 +0300 > Vadim Zhukov wrote: > >> Check the following: >> >> - you have root:auth mode rwxr-sr-x set for /usr/X11R6/bin/xlock; > > # ls -la /usr/X11R6/bin/xlock > -rwxr-sr-x 1 root auth 2970216 Jun 2 15:00 /usr/X11R6/bin/xlock Jun, 2... is your base in sync? I mean, userland corresponds to kernel and to xenocara? >> - you do NOT have nosuid option set for /usr/X11R6. > > # mount > /dev/sd1g on /usr/X11R6 type ffs (local, nodev) > > Still a mystery. =o Then check what owner/group/rights do /etc/*passwd and /etc/login.conf files, and /usr/libexec/auth directory have. They basically should be (according to /etc/mtree/special): -rw-r--r-- 1 root wheel 2770 Jan 14 2016 /etc/login.conf -rw--- 1 root wheel 10350 Jul 12 17:25 /etc/master.passwd -rw-r--r-- 1 root wheel 8522 Jul 12 16:42 /etc/passwd drwxr-x--- 2 root auth 512 Jul 3 17:49 /usr/libexec/auth/ Most likely you have /etc/login.conf non-world-readable... If this won't help, you'll probably need to use ktrace to find out the problematic syscall. -- WBR, Vadim Zhukov
Re: xlock permission problem
2016-07-17 21:31 GMT+03:00 Jyri Hovila [iki.fi] : > Hello, world! > > I'm having an issue with xlock being unable to unlock a locked session. > > I'm running a CURRENT version of OpenBSD on amd64 architecture. > > I can lock my X session with xlock just fine, but when I enter my > password the unlock, xlock says the password is invalid. However, the > password I've entered (several times) is 100% correct. > > Authlog provides the following hints: > > == > xlock[82700]: Start: myusername, myusername, :0 > xlock[82700]: staff: getting class information: Permission denied > xlock[82700]: daemon: getting classinformation: Permission denied > xlock[82700]: xlock: failed unlock attempt on user myusername > xlock[82700]: xlock: xio_error > xlock[82700]: Stop: myusername, myusername, :0, 6m 5s > == > > I've googled thoroughly, checked the permissions of /etc/group etc, but > have not found either a solution nor any hints on how to further > diagnose the problem. > > Any ideas, anyone? Check the following: - you have root:auth mode rwxr-sr-x set for /usr/X11R6/bin/xlock; - you do NOT have nosuid option set for /usr/X11R6. -- WBR, Vadim Zhukov
Re: jabber client with conference history saving
2016-04-18 22:47 GMT+03:00 Joseph Oficre : > Hm, i have just standart Psi package installation. In > ~/.local/share/psi/profiles/default/history/some_conference.history i can > see only " |2015-07-05T02:53:35|4|from|N---|Resource constraint.\nThe > server or recipient lacks the system resources necessary to service the > request.\nTraffic rate limit is exceeded\n--\n " that kind of > messages... What happens if you stop Psi, rename both .config/psi and .local/share/psi folders, and then start Psi again? Psi should ask you, so set up one account and check if history starts being saved okay. If history now gets saved successfully, check your program & account settings carefully. If history will contain only error notifications still... Well, maybe switch to another client won't be such bad idea. In theory I should recommend you the Kopete, but I won't, since it doesn't work well under cwm at least (probably a Qt4 bug, but still). > 2016-04-18 21:42 GMT+03:00 Vadim Zhukov : >> >> 2016-04-17 22:42 GMT+03:00 Joseph Oficre : >> > Hello, @misc. >> > Can someone give me an advice about xmpp client on OpenBSD, Im using Psi >> > for now, but it doesnt save messages history properly (errors only). >> > So i want to try another one. >> > Doesnt matter if console or gui, just with chatroom/private chats >> > history >> > saving ability. >> > >> > OpenBSD-current. >> >> Psi is actually one of the most powerful XMPP clients. And if it >> doesn't save history for you, then something is wrong: I've just >> checked, it works fine here, including UTF-8 stuff. -- WBR, Vadim Zhukov
Re: jabber client with conference history saving
2016-04-17 22:42 GMT+03:00 Joseph Oficre : > Hello, @misc. > Can someone give me an advice about xmpp client on OpenBSD, Im using Psi > for now, but it doesnt save messages history properly (errors only). > So i want to try another one. > Doesnt matter if console or gui, just with chatroom/private chats history > saving ability. > > OpenBSD-current. Psi is actually one of the most powerful XMPP clients. And if it doesn't save history for you, then something is wrong: I've just checked, it works fine here, including UTF-8 stuff. -- WBR, Vadim Zhukov
Re: wireshark illegal instruction on older systems
2016-03-15 21:33 GMT+03:00 Stuart Henderson : > On 2016-03-15, Peter Kay wrote: >> It's a MOVSD SSE instruction. Tshark is ok. I can cope with that or tcpdump >> if need be, but here's the output : > > I think this variant of MOVSD might be AVX? > >> Starting program: /usr/local/bin/wireshark >> warning: Lowest section in /usr/local/lib/libicudata.so.9.0 is .hash at >> 0154 >> >> Program received signal SIGILL, Illegal instruction. >> 0x06d685fb in _GLOBAL__sub_I_qguiapplication.cpp () from >> /usr/local/lib/qt5/./libQt5Gui.so.1.1 > > Looks like it's in Qt5 then. Wireshark still has the "legacy" gtk GUI > (it's in a subpackage), you could try that instead for now. > > Looks like Qt autodetects at build time, we probably want to configure > on i386 with no-avx, no-avx2, no-sse4.1, no-sse4.2, maybe no-ssse3. > (SSE2 is probably reasonable to expect for Qt5 apps, it's present on > Netburst, Pentium-M, Atom, C7 etc. which seems a sane cut-off point > for heavy GUI apps). Yeah. I've patched qmake files, but missed those bits. Modern amd64 makes you blind sometimes. :( -- WBR, Vadim Zhukov
Re: rc.d and rtable
27 Ñнв. 2016 г. 21:29 полÑзоваÑÐµÐ»Ñ "Jiri B" напиÑал: > > On Wed, Jan 27, 2016 at 01:40:14PM +0100, Antoine Jacoutot wrote: > > On Wed, Jan 27, 2016 at 06:47:57AM -0500, Jiri B wrote: > > > Would it be worth to extend rc.d for rtable knobs? > > > > > > - daemon_rtable varible > > > - rc_* functions (route exec, pgrep/pkill -T $rtable...) > > > > > > Or are routing tables not much used thus not worth to make > > > rc.d more complicated? > > > > There has been several discussions about this. No decision made though. > > If you can find a nice way to implement it, I can have a look. > > rc.d framework is so nice... not sure if this is nice way but it > works. Maybe check for existing rtable is not great. The code looks like more or less fine (I'll do a more careful review a bit later), but there are documentation bits missing. -- Vadim Zhukov
Re: "# systrace -c1000:1000 kate" for privilege escalated editing?
03 дек. 2015 г. 4:27 полÑзоваÑÐµÐ»Ñ "Luke Small" напиÑал: > > I want to be able to use systrace for privilege escalation for kompare for > sysmerge diffs and kate. Why isn't systrace able to do this? Because noone wrote a systrace policy for Kate and Kompare (for your installation and user) yet? That's without mentioning that it would be hard to restrict those applications in a correct manner: they do use a lot of system resources by just being nice KDE apps. That being said, I won't expect much security problems in Kompare itself. Kate is more complex, but still doesn't run in terminal. Thus Kompare and Kate likely not being hurt by some crazy escape codes in patch files. Anything else lies outside of usage profile you're talking about, if I understood you correctly. -- Vadim Zhukov
Re: Maintaining CAs not in cert.pem
2015-07-31 3:15 GMT+03:00 Joel Rees : > 2015/07/31 6:49 "Vadim Zhukov" : >> >> [...] >> >> Well, I see four scenarios: >> >> 1. Using the defaults supplied with OpenBSD only. Typical for > home/personal use. >> >> 2. Use the defaults supplied with OpenBSD, and one or more additional >> CAs. Typical for corporate use. >> >> 3. Use personal set of CAs. Usually means either white-, or >> blacklisting entries from "base" certs pack. >> >> After more thinking I see that symlink idea is not good. But we can do >> some other thing: >> >> 1. Have "base" certs installed into /etc/examples/certs.pem. >> 2. Additional certs, if any, should go into /etc/ssl/local.pem. >> 3. Have sysmerge handle certs specially: comparing not (old) >> /etc/examples/cert.pem with /etc/ssl/cert.pem, but >> /etc/examples/cert.pem+/etc/ssl/local.pem vs. /etc/ssl/cert.pem. In >> case they do match, sysmerge would regenerate /etc/ssl/cert.pem by >> concatentaing (new) /etc/examples/cert.pem and /etc/ssl/local.pem. >> >> What do you think? > > I know my opinions don't count much here, but it seems to me that > mishandled certificates are such a huge cash cow that no one wants to do > them right. Until the cash cow dies, anything we try now is likely to be > wrong. > > With that caveat, try your ideas on your own system. You'll need to add > some scripts of your own to extend what sysmerge and other tools do. Post > to the list about how it works for you over the next year or so. > > That's my suggestion. Discussed off-list. There was a misunderstanding that was (I hope) fixed. -- WBR, Vadim Zhukov
Re: Maintaining CAs not in cert.pem
2015-07-31 0:48 GMT+03:00 Vadim Zhukov : > 2015-07-31 0:17 GMT+03:00 Stuart Henderson : >> On 2015-07-30, Vadim Zhukov wrote: >>> 2015-07-30 20:16 GMT+03:00 Stuart Henderson : >>>> On 2015-07-30, Ted Unangst wrote: >>>>> Michael McConville wrote: >>>>>> > Another meat could be, why you're using self-signed certificates? >>>>>> > Given the plethora of options for getting free (valid) certificates. >>>>>> >>>>>> He mentioned in his original email that it's a requirement where he >>>>>> works. That's common, from what I hear, although probably not the >>>>>> safest. >>>>> >>>>> I would consider a cert signed by somebody I actually trust (me) safer >>>>> than >>>>> delegating that trust to 300 strangers. >>>> >>>> I think cert.pem should move to the etc set, so you can remove >>>> CAs from the file (as well as add new ones) without risk of those >>>> changes getting reverted. >>>> >>>> Downside: CA changes will then only take effect after running >>>> sysmerge. Is that a problem? >>> >>> I think it is. This is the same as with /etc/examples: less stuff to >>> merge, less errors to happen. >> >> cert.pem is pretty much a required file, we can't just move it to examples/. >> For people who don't touch it, it's a simple no-touch sysmerge update. >> For people who do, having sysmerge ask about merging it is a lot safer >> than just overwriting. > > No, I didn't want to move /etc/ssl/cert.pem it to /etc/examples. I > think that its current contents could be provided in other way... > >>> I'd ask another question: why can't software use /etc/ssl/myown.pem, >>> or /etc/ssl/*.pem, ever, instead of /etc/ssl/cert.pem? This will make >>> "trust" and "untrust" operations as simple as possible. Noone in >>> healthy mind would place junk in /etc/ssl anyway, right? >> >> Some software allows you to set a different certificate file; other >> software doesn't. Patching everything in ports that verifies SSL certs >> to allow the user to specify an alternative file would just be insane. > > Hm-m, I always tried to live in a separate room with SSL beasts. Now I > realize that I saved a lot of nerves myself, and as a result I'm > living in a pink pony world. Thanks for getting back to the ground. > > I thought that there was some "default" in OpenSSL (and its > decendants) that programs tends to use. Now I realize there is no such > place. Okay, this variant gets busted. > >> And of course then there's no single way to tell programs to use the >> alternative file; "ftp -S cafile=/path/to/cert.pem", >> "env SSL_CERT_FILE=/path/to/cert.pem lynx" >> >>> Or we may ship /etc/ssl/base.pem in base tgz, and install >>> /etc/ssl/cert.pem -> base.pem at installation time. This way things >>> will work by default, and if you need to have your own trust path, you >>> just change symlink. What do you think? >> >> That doesn't really help. One common scenario is wanting to add a >> single CA to the standard file, but otherwise pick up updates (e.g. with >> sysmerge), this method doesn't allow that. > > Well, I see four scenarios: Those should be "three", of course. :) > 1. Using the defaults supplied with OpenBSD only. Typical for home/personal > use. > > 2. Use the defaults supplied with OpenBSD, and one or more additional > CAs. Typical for corporate use. > > 3. Use personal set of CAs. Usually means either white-, or > blacklisting entries from "base" certs pack. > > After more thinking I see that symlink idea is not good. But we can do > some other thing: > > 1. Have "base" certs installed into /etc/examples/certs.pem. > 2. Additional certs, if any, should go into /etc/ssl/local.pem. > 3. Have sysmerge handle certs specially: comparing not (old) > /etc/examples/cert.pem with /etc/ssl/cert.pem, but > /etc/examples/cert.pem+/etc/ssl/local.pem vs. /etc/ssl/cert.pem. In > case they do match, sysmerge would regenerate /etc/ssl/cert.pem by > concatentaing (new) /etc/examples/cert.pem and /etc/ssl/local.pem. > > What do you think? -- WBR, Vadim Zhukov
Re: Maintaining CAs not in cert.pem
2015-07-31 0:17 GMT+03:00 Stuart Henderson : > On 2015-07-30, Vadim Zhukov wrote: >> 2015-07-30 20:16 GMT+03:00 Stuart Henderson : >>> On 2015-07-30, Ted Unangst wrote: >>>> Michael McConville wrote: >>>>> > Another meat could be, why you're using self-signed certificates? >>>>> > Given the plethora of options for getting free (valid) certificates. >>>>> >>>>> He mentioned in his original email that it's a requirement where he >>>>> works. That's common, from what I hear, although probably not the >>>>> safest. >>>> >>>> I would consider a cert signed by somebody I actually trust (me) safer than >>>> delegating that trust to 300 strangers. >>> >>> I think cert.pem should move to the etc set, so you can remove >>> CAs from the file (as well as add new ones) without risk of those >>> changes getting reverted. >>> >>> Downside: CA changes will then only take effect after running >>> sysmerge. Is that a problem? >> >> I think it is. This is the same as with /etc/examples: less stuff to >> merge, less errors to happen. > > cert.pem is pretty much a required file, we can't just move it to examples/. > For people who don't touch it, it's a simple no-touch sysmerge update. > For people who do, having sysmerge ask about merging it is a lot safer > than just overwriting. No, I didn't want to move /etc/ssl/cert.pem it to /etc/examples. I think that its current contents could be provided in other way... >> I'd ask another question: why can't software use /etc/ssl/myown.pem, >> or /etc/ssl/*.pem, ever, instead of /etc/ssl/cert.pem? This will make >> "trust" and "untrust" operations as simple as possible. Noone in >> healthy mind would place junk in /etc/ssl anyway, right? > > Some software allows you to set a different certificate file; other > software doesn't. Patching everything in ports that verifies SSL certs > to allow the user to specify an alternative file would just be insane. Hm-m, I always tried to live in a separate room with SSL beasts. Now I realize that I saved a lot of nerves myself, and as a result I'm living in a pink pony world. Thanks for getting back to the ground. I thought that there was some "default" in OpenSSL (and its decendants) that programs tends to use. Now I realize there is no such place. Okay, this variant gets busted. > And of course then there's no single way to tell programs to use the > alternative file; "ftp -S cafile=/path/to/cert.pem", > "env SSL_CERT_FILE=/path/to/cert.pem lynx" > >> Or we may ship /etc/ssl/base.pem in base tgz, and install >> /etc/ssl/cert.pem -> base.pem at installation time. This way things >> will work by default, and if you need to have your own trust path, you >> just change symlink. What do you think? > > That doesn't really help. One common scenario is wanting to add a > single CA to the standard file, but otherwise pick up updates (e.g. with > sysmerge), this method doesn't allow that. Well, I see four scenarios: 1. Using the defaults supplied with OpenBSD only. Typical for home/personal use. 2. Use the defaults supplied with OpenBSD, and one or more additional CAs. Typical for corporate use. 3. Use personal set of CAs. Usually means either white-, or blacklisting entries from "base" certs pack. After more thinking I see that symlink idea is not good. But we can do some other thing: 1. Have "base" certs installed into /etc/examples/certs.pem. 2. Additional certs, if any, should go into /etc/ssl/local.pem. 3. Have sysmerge handle certs specially: comparing not (old) /etc/examples/cert.pem with /etc/ssl/cert.pem, but /etc/examples/cert.pem+/etc/ssl/local.pem vs. /etc/ssl/cert.pem. In case they do match, sysmerge would regenerate /etc/ssl/cert.pem by concatentaing (new) /etc/examples/cert.pem and /etc/ssl/local.pem. What do you think? -- WBR, Vadim Zhukov
Re: Maintaining CAs not in cert.pem
2015-07-30 20:16 GMT+03:00 Stuart Henderson : > On 2015-07-30, Ted Unangst wrote: >> Michael McConville wrote: >>> > Another meat could be, why you're using self-signed certificates? >>> > Given the plethora of options for getting free (valid) certificates. >>> >>> He mentioned in his original email that it's a requirement where he >>> works. That's common, from what I hear, although probably not the >>> safest. >> >> I would consider a cert signed by somebody I actually trust (me) safer than >> delegating that trust to 300 strangers. > > I think cert.pem should move to the etc set, so you can remove > CAs from the file (as well as add new ones) without risk of those > changes getting reverted. > > Downside: CA changes will then only take effect after running > sysmerge. Is that a problem? I think it is. This is the same as with /etc/examples: less stuff to merge, less errors to happen. I'd ask another question: why can't software use /etc/ssl/myown.pem, or /etc/ssl/*.pem, ever, instead of /etc/ssl/cert.pem? This will make "trust" and "untrust" operations as simple as possible. Noone in healthy mind would place junk in /etc/ssl anyway, right? Or we may ship /etc/ssl/base.pem in base tgz, and install /etc/ssl/cert.pem -> base.pem at installation time. This way things will work by default, and if you need to have your own trust path, you just change symlink. What do you think? > Index: base/mi > === > RCS file: /cvs/src/distrib/sets/lists/base/mi,v > retrieving revision 1.716 > diff -u -p -r1.716 mi > --- base/mi 16 Jul 2015 21:28:06 - 1.716 > +++ base/mi 30 Jul 2015 17:14:15 - > @@ -221,7 +221,6 @@ > ./etc/skel/.ssh > ./etc/ssh > ./etc/ssl > -./etc/ssl/cert.pem > ./etc/ssl/lib > ./etc/ssl/private > ./etc/systrace > Index: etc/mi > === > RCS file: /cvs/src/distrib/sets/lists/etc/mi,v > retrieving revision 1.199 > diff -u -p -r1.199 mi > --- etc/mi 3 Jul 2015 22:52:52 - 1.199 > +++ etc/mi 30 Jul 2015 17:14:15 - > @@ -42,6 +42,7 @@ > ./etc/spwd.db > ./etc/ssh/ssh_config > ./etc/ssh/sshd_config > +./etc/ssl/cert.pem > ./etc/ssl/openssl.cnf > ./etc/ssl/x509v3.cnf > ./etc/syslog.conf -- WBR, Vadim Zhukov
Re: Maintaining CAs not in cert.pem
2015-07-30 3:02 GMT+03:00 trondd : > I have my own CA for home use and my work also has their own CA and > intermediate certificates. What is the correct way of maintaining the > certificates so that the system always knows about them? I've been > appending them to /etc/ssl/cert.pem but it gets replaced every update (not > even maintained with sysmerge since it comes for libcrypto and not the etc > package). > > Is there a place to put them that is automatically read in addition to > cert.pem? It depends on software you're using, actually. Qt 4 and 5 look at the whole /etc/ssl (without subdirs) for certificates, for example. -- WBR, Vadim Zhukov
Re: doas, keepenv PATH segfault
2015-07-28 12:34 GMT+03:00 Zé Loff : > Hi all > > On yesterday's amd64 -current (#1201), if PATH is added to the keepenv > list in doas.conf, e.g. > > permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root > > when attempting to run an inexistent command, doas segfaults instead of > exiting with "command not found" and retval 1. > > I actually have no idea if "keepenv PATH" makes any sense, I just had a > couple of scripts in ~/bin that require sudo/doas -- but even if its a > stupid idea, segfaulting didn't seem right. Hi, thank you for the report. I've just committed the fix; please check that your usecase is happy now. -- WBR, Vadim Zhukov
Re: qt4-4.8.6p0
07 Ð¼Ð°Ñ 2015 г. 4:46 полÑзоваÑÐµÐ»Ñ "Stan Gammons" напиÑал: > > Is qt4-4.8.6p0 broken in 5.7 release? I tried to install KDE4 using http://ftp.openbsd.org/pub/OpenBSD/5.7/packages/amd64/ as the package path and when it gets to 98 percent while extracting qt4, it gets a fatal error stating [lib/qt4/translations/qt_de.qml]: Premature end of archive. It states a partial installation recorded as partial-qt4-4.8.6p0.2 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817 Try a mirror. Actually, using mirrors is a recommended way. Check if you could install other big packages - maybe some software, like HTTP caching server, between you and the Internet has problems. Try to get this file separately, and install locally, by pointing pkg_add directly to it. -- Vadim Zhukov
Re: autonet - simple automatic wifi chooser
15 ÑевÑ. 2015 г. 2:59 полÑзоваÑÐµÐ»Ñ "Steve Dee" напиÑал: > > Hi misc, > > I hacked this utility together recently to scratch an itch. You might find > it interesting if you use OpenBSD on a laptop and frequently move between a > few locations with stable networks: > > https://github.com/mrdomino/autonet > > If there's sufficient demand, I'd be happy to put together a port. > > (First post -- sorry in advance for cluelessness.) There is an ongoing effort on this path, involving some kernel changes. Current idea is to have network profiles containing all info about known network and let kernel switch between them, pushing notifications to userland when it's done. Feel free to contact me off-list if you're interested to dig further. -- Vadim Zhukov
Re: httrack
21 Ñнв. 2015 г. 20:11 полÑзоваÑÐµÐ»Ñ "Zuleyha Torku" напиÑал: > > Hi > > I would like to use httrack. But, when I was try to make it source > (downloaded from svn), I have got plenty of errors like belov > > Is there anyone can give some advices about installation httrack on OpenBSD > 5.6 amd64 ? > > htscharset.c:1239: warning: comparison is always true due to limited range > of data type Please take a look for www/httrack port. It didn't get in OpenBSD 5.6, unfortunately, but you likely could take it from -CURRENT (this is not a supported method in general, but should work in that particular case): $ cd /usr/ports $ cvs up -APd www/httrack $ cd www/httrack $ make install Alternatively, you could take patches from this port and adapt them to SVN checkout you have. -- Vadim Zhukov
Re: About special configs to do in OpenBSD for KVM environments
19 дек. 2014 г. 11:53 полÑзоваÑÐµÐ»Ñ "Jiri B" напиÑал: > > On Fri, Dec 19, 2014 at 11:57:19AM +0400, Vadim Zhukov wrote: > > I have few 5.5/amd64 in production under CentOS 6.2, without either direct > > or indirect access to Internet. No problems so far, no adjustments on > > OpenBSD side. > > Time to upgrade hosts? It's time of 6.6 now :) Ouch. How did it happen that I missed 5 years??? More seriously - yes, of course. Just no hurry needed there. -- Vadim Zhukov
Re: About special configs to do in OpenBSD for KVM environments
19 дек. 2014 г. 10:36 полÑзоваÑÐµÐ»Ñ "C. L. Martinez" напиÑал: > > Hi all, > > Please, first of all, I don't want to start a flame or quite similar. > I only want to know what problems I can encounter when I need to > install OpenBSD in kvm environments (mostly CentOS 6.x servers). > > Yes, I know, OpenBSD is not supported to run in virtualization > environments, but many of us only have access to that kind of > environments for testing (new pf rules, updates, etc). We can't use > physical server and although I am not a big fan of this type of > technology, it is here to stay. > > My questions are KVM specific. As far as I know: > > > a) OpenBSD/i386: turn APIC off and set up vio flags to 0x02 > > b) OpenBSD/amd64: set up vio flags to 0x02 > > > Anything else?? I have few 5.5/amd64 in production under CentOS 6.2, without either direct or indirect access to Internet. No problems so far, no adjustments on OpenBSD side. -- Vadim Zhukov
Re: clementine stutters when playing local files
Yes, there are issues related to the fact that disk I/O causes major - from the audio's point of view - pauses. Unfortunately I'm not expert in this area, but this is what you could do: 1. Disable sonogram in Clementine. Yes, this helps a bit, but I was too lazy to investigate, why. :) 2. Try to _lower_ buffer sizes. Larger buffer causes larger read. Eventually I'll look at Clementine 2.x... -- Vadim Zhukov 18 дек. 2014 г. 12:23 полÑзоваÑÐµÐ»Ñ "Marko CupaÄ" напиÑал: > On Thu, 18 Dec 2014 09:13:31 +0100 > Marko CupaÄ wrote: > > > Hi, > > > > When playing local mp3 files in clementine, there are frequent short > > skips. Listening to the same files over network (icecast) everything > > is ok. > > I searched around, and It appears that I have I/O bottleneck, as vmstat > constantly shows blocked processes even though laptop does close to > nothing: > > procsmemory pagediskstraps cpu > r b wavm fre flt re pi po fr sr sd0 sd1 int sys cs us > sy id > 1 5 0 817348 6063372 680 0 0 0 0 0 11 1068 1911 26543 4849 > 6 6 88 > 2 5 0 817364 6063352 41 0 0 0 0 0 0 0 131 7076 933 4 > 0 96 > 2 5 0 817424 6063288 37 0 0 0 0 0 0 0 135 7334 983 3 > 1 96 > 1 5 0 817436 6067428 37 0 0 0 0 0 0 0 143 6822 921 3 > 1 96 > 1 5 0 817516 6067348 43 0 0 0 0 0 0 0 134 7337 976 5 > 0 95 > 0 5 0 817520 6067340 25 0 0 0 0 0 0 0 133 7001 939 3 > 1 96 > 1 5 0 817744 6067116 80 0 0 0 0 0 0 0 136 7419 998 4 > 0 96 > 2 5 0 817760 6067100 38 0 0 0 0 0 0 0 134 6944 936 2 > 1 97 > 2 5 0 818096 6066764 176 0 0 0 0 0 0 0 134 7668 1147 4 > 1 95 > 2 5 0 818124 6066720 34 0 0 0 0 0 2 0 132 6949 941 3 > 0 97 > 2 5 0 818420 6066424 112 0 0 0 0 0 0 0 141 8124 1058 3 > 2 95 > 1 5 0 818416 6066428 27 0 0 0 0 0 0 0 134 7435 981 3 > 1 96 > 2 5 0 818656 6066236 136 0 0 0 0 0 0 0 168 7714 1069 4 > 1 95 > 1 5 0 818672 6075136 27 0 0 0 0 0 0 0 141 7140 947 4 > 2 94 > > Here's atactl identify output: > > Model: KINGSTON SV300S37A240G, Rev: 521ABBF0, Serial #: 50026B72410EC74E > Device type: ATA, fixed > Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 468862128 > Device capabilities: > ATA standby timer values > IORDY operation > IORDY disabling > Device supports the following standards: > ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 ATA-8 > Master password revision code 0xfffe > Device supports the following command sets: > NOP command > READ BUFFER command > WRITE BUFFER command > Host Protected Area feature set > Read look-ahead > Write cache > Power Management feature set > Security Mode feature set > SMART feature set > Flush Cache Ext command > Flush Cache command > 48bit address feature set > Set Max security extension commands > Set Features subcommand required > Power-up in standby feature set > Advanced Power Management feature set > DOWNLOAD MICROCODE command > IDLE IMMEDIATE with UNLOAD FEATURE > SMART self-test > SMART error logging > Device has enabled the following command sets/features: > NOP command > READ BUFFER command > WRITE BUFFER command > Host Protected Area feature set > Read look-ahead > Write cache > Power Management feature set > SMART feature set > Flush Cache Ext command > Flush Cache command > 48bit address feature set > Set Features subcommand required > Advanced Power Management feature set > DOWNLOAD MICROCODE command > > Any advice on where should I start looking for solution? > > Thank you in advance, > -- > Marko CupaÄ > https://www.mimar.rs/
Re: CVS: cvs.openbsd.org: ports
2014-12-08 23:33 GMT+03:00 Vadim Zhukov : > CVSROOT:/cvs > Module name:ports > Changes by: z...@cvs.openbsd.org2014/12/08 13:33:51 > > Log message: > Import Qt 5.3.2. > > Qt is a full development framework with tools designed to streamline > the creation of applications and user interfaces for desktop, > embedded, and mobile platforms. > > This port is not enabled yet, because some ports will pick up Qt5 > instead of Qt4, breaking build. Those will be fixed separately soon. > > There are some non-critical things left to do: > > 1. Support for OpenBSD sensors framework. > 2. V4L2 support. > 3. -L${LOCALBASE}/* could come before -L${WRKBUILD}/* when linking is > done across Qt module boundaries. This means that builds of Qt 5.y > while having Qt 5.x installed (x < y) will be busted. > > Volunteers are welcome to come in and help fixing those problems. > > Last note: don't even try to build "debug" FLAVOR unless you know > what you're doing and you have about 20GB of free space. You've > been warned. > > landry@ agrees on continuing working in-tree > > Status: > > Vendor Tag: zhuk > Release Tags: zhuk_20141208 > > N ports/x11/qt5/Makefile > N ports/x11/qt5/distinfo > N ports/x11/qt5/qt5.port.mk > N ports/x11/qt5/patches/patch-qtbase_src_corelib_kernel_qcore_unix_p_h > N > ports/x11/qt5/patches/patch-qtbase_src_network_kernel_qdnslookup_unix_cpp > N > ports/x11/qt5/patches/patch-qtbase_src_network_socket_qnativesocketengine_unix_cpp > N ports/x11/qt5/patches/patch-qtbase_mkspecs_openbsd-g++_qmake_conf > N ports/x11/qt5/patches/patch-qtbase_qmake_generators_unix_unixmake2_cpp > N ports/x11/qt5/patches/patch-qtbase_qmake_generators_unix_unixmake_cpp > N ports/x11/qt5/patches/patch-qtbase_config_tests_unix_iconv_iconv_pro > N ports/x11/qt5/patches/patch-qtbase_src_corelib_io_qfilesystemwatcher_cpp > N > ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_gccdepends_gccdepends_pro > N > ports/x11/qt5/patches/patch-qtbase_config_tests_unix_pulseaudio_pulseaudio_pro > N ports/x11/qt5/patches/patch-qtbase_configure > N > ports/x11/qt5/patches/patch-qtbase_src_concurrent_qtconcurrentiteratekernel_cpp > N ports/x11/qt5/patches/patch-qtbase_src_gui_image_qxbmhandler_cpp > N > ports/x11/qt5/patches/patch-qtbase_src_network_kernel_qnetworkinterface_cpp > N > ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_libXcomposite_libXcomposite_pro > N ports/x11/qt5/patches/patch-qtwebkit_Source_WebCore_Target_pri > N > ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_libXrender_libXrender_pro > N ports/x11/qt5/patches/patch-qtdeclarative_src_qml_jit_qv4assembler_cpp > N > ports/x11/qt5/patches/patch-qtdeclarative_src_qml_jsruntime_qv4engine_cpp > N ports/x11/qt5/patches/patch-qtwebkit_Source_WebKit2_WebProcess_pro > N > ports/x11/qt5/patches/patch-qtscript_src_3rdparty_javascriptcore_WebKit_pri > N ports/x11/qt5/patches/patch-qtwebkit_Source_WTF_wtf_Platform_h > N ports/x11/qt5/patches/patch-qtbase_qmake_generators_makefile_cpp > N > ports/x11/qt5/patches/patch-qtsensors_src_plugins_sensors_dummy_dummy_pro > N > ports/x11/qt5/patches/patch-qtwebkit_Source_JavaScriptCore_heap_MachineStackMarker_cpp > N > ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_mkspecs_features_default_pre_prf > N > ports/x11/qt5/patches/patch-qtwebkit_Source_WebKit2_Platform_CoreIPC_unix_ConnectionUnix_cpp > N > ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_mkspecs_features_functions_prf > N ports/x11/qt5/patches/patch-qtbase_mkspecs_features_qt_build_paths_prf > N > ports/x11/qt5/patches/patch-qttools_src_assistant_clucene_qclucene-config_p_h > N ports/x11/qt5/patches/patch-qtbase_qmake_Makefile_unix > N > ports/x11/qt5/patches/patch-qtdeclarative_src_3rdparty_masm_wtf_Platform_h > N > ports/x11/qt5/patches/patch-qtwebkit_Tools_qmake_config_tests_glx_glx_pro > N > ports/x11/qt5/patches/patch-qtscript_src_3rdparty_javascriptcore_JavaScriptCore_JavaScriptCore_pri > N ports/x11/qt5/pkg/PLIST-examples > N ports/x11/qt5/pkg/PLIST-html > N ports/x11/qt5/pkg/PLIST-main > N ports/x11/qt5/pkg/PLIST-mysql > N ports/x11/qt5/pkg/PLIST-psql > N ports/x11/qt5/pkg/PLIST-sqlite2 > N ports/x11/qt5/pkg/PLIST-tds > N ports/x11/qt5/pkg/DESCR-examples > N ports/x11/qt5/pkg/DESCR-html > N ports/x11/qt5/pkg/DESCR-main > N ports/x11/qt5/pkg/DESCR-mysql > N ports/x11/qt5/pkg/DESCR-psql >
Re: KDE4 crashes in 5.6
Also, make sure that you have your openfiles (for user) and kern.maxfiles (sysctl) limits bumped. -- Vadim Zhukov 03 дек. 2014 г. 13:14 полÑзоваÑÐµÐ»Ñ "Federico Giannici" напиÑал: > Hi! > I'd like to know if I'm the only one that have experiences crashes with > KDE4 under 5.6-release amd64. > > Often, during the startup or shutdown of KDE4, the bug report window > appears saying that "Plasma Desktop Shell closed unexpectedly" (Executable > "plasma-desktop", Signal "Segmentation fault(11)"). > > Moreover, once every 3-4 times the startup of KDE get stuck after the > final big KDE logo appears in the startup page (maybe this is related to > the first problem). > > It happens in both my PCs where I installed KDE. I'd like to know if this > happens only to me (to my hardware/software configuration), or is a common > and known problem (and if there is any solution). > > Thanks.
Re: fastcgi support in httpd(8)
22 ноÑб. 2014 г. 12:54 полÑзоваÑÐµÐ»Ñ "Riley Baird" < bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch> напиÑал: > > Hi, > > I am running OpenBSD 5.6-stable (without the X packages). > > I have successfully setup the httpd(8) webserver, but only for static > webpages. I have been unable to get cgi (perl) scripts to run. > > Due to the OpenBSD chroot, I have copied the folowing files into > /var/www. The libraries were generated from `ldd /usr/bin/perl`. > /usr/bin/perl > /usr/lib/libc.so.77.0 > /usr/lib/libm.so.9.0 > /usr/lib/libperl.so.15.0 > /usr/lib/libpthread.so.18.0 > /usr/lib/libutil.so.12.1 > /usr/libexec/ls.so > > My httpd.conf is: > > # $OpenBSD: httpd.conf,v 1.10 2014/08/06 20:29:54 reyk Exp $ > > # > # Macros > # > ext_addr="egress" > > server "default" { > listen on $ext_addr port 80 > > location "/cgi-bin/*" { > fastcgi > > # The /cgi-bin directory is outside of the document root > root "/" > } > } > > Using a web browser on another computer, > http://192.168.1.55/cgi-bin/script.pl simply says "500 Internal Server > Error". > > A script as simple as the below brings up this error, but it has been > tested with other scripts: > > #!/usr/bin/perl > print "Hello!" > > Thanks for reading, Crazy idea just out of head: 1. Put /bin/sh and /usr/bin/kdump (both are statically linked) inside chroot. Rename them if you feel unsafe. 2. Write a shell script that runs 'exec ktrace -if ... perl ... "$@"'. Make sure ktrace will be able to write its output file, it will be run as CGI user! 3. Make this script handle a connection in your web server/FastCGI config. 4. Run kdump on resulting ktrace output file and investigate problems. If you won't get ktrace output, you'll likely have problem with FastCGI itself, look at its logs then. -- Vadim Zhukov
Re: sole instance of a process
21 ноÑб. 2014 г. 10:00 полÑзоваÑÐµÐ»Ñ "Pete Vickers" напиÑал: > > Hi, > > I suspect this may be the wrong list for this question. However although strictly it's a Bourne shell script query, it only seem to act up under OpenBSD (for me). > > Essentially I have a job which needs to be run periodically. So I have a shell script to do the necessary commands, and this is scheduled via (root's) crontab. > It is however very important that multiple instances of the job are not run concurrently (e.g. if an previous invocation hung), and so the script should detect this upon invocation before proceeding. > > I don't want a single long running job (which could e.g. sleep between loops) for various reasons. And I also don't like PID files and other fragile locking hacks. > > > So down to business, below is the gist of my script. Most of the time it appears to run fine. However occasionally (once every couple of days?) it reports via email that a duplicate process is detected, but the included ps listing shows no other instance. I don't believe that this is just due to an old instance exiting in the small time window between the pgrep, and the ps invocations. So basically I guess there is an error in my script or it's logic, or something else I'm not seeing. > > Any hit with the clue bat gratefully received. > > > > #!/bin/sh > # > # > SHOUT="/usr/bin/logger -i -t MYPERIODICJOB" > # > # > # Ensure another instance of this is not running > # > MYNAME=`basename $0` > MYPID=$$ > # > /usr/bin/pgrep -fu root $MYNAME | /usr/bin/grep -v $MYPID && \ First problem: if first shell running script has PID 75 and second has PID 5, this grep command will ignore both. Second problem: if you have anything in system with argument containing script's name, like text editor, or file scanner, or whatever, it will match, too, producing the problem you see. I'd recommend you to save output of ps in a temporary variable, and run grep on its content. But the better solution should be locking of some sort. You can use dolock(1) from ports infrastructure (don't forget to remove lock file in EXIT trap), or just switch to Perl and proper file locks. > { > $SHOUT "HELP - duplicate process detected $?" ; \ > ps -axjwww | mail -s "HELP MYPERIODICJOB $MYPID $MYNAME $PPID" m...@example.com ; \ > exit 1 ; > } > > # > # > # starting doing useful stuff here.. > # > > > Disclaimer: I know my scripting is far from optimal... -- Vadim Zhukov
Re: kde4-4.13.3p0 on OpenBSD 5.6 10/15/2014 AMD64 snapshot
05 ноÑб. 2014 г. 1:29 полÑзоваÑÐµÐ»Ñ "Stan Gammons" напиÑал: > > > On 11/04/14 00:44, Vadim Zhukov wrote: >> >> 04 ноÑб. 2014 г. 3:11 полÑзоваÑÐµÐ»Ñ "Stan Gammons" напиÑал: >> > >> > Does anyone besides me experience crashes with Dolphin on kde4-4.13.3p0? When I click on the kde crash handler developer information tab it churns forever and ever and ever and never returns any information. >> >> What the "ulimit -a" command says? > > > $ ulimit -a > time(cpu-seconds)unlimited > file(blocks) unlimited > coredump(blocks) unlimited > data(kbytes) 524288 > stack(kbytes)4096 > lockedmem(kbytes)2701294 > memory(kbytes) 8101456 > nofiles(descriptors) 512 That's likely to be a problem. Please, adjust number-of-open-files limits in /etc/login.conf and /etc/sysctl.conf. "pkg_info kde-runtime" will give you some clues. Remember that you'll need to re-login to make login.conf changes apply. > processes128 > $ > > >> Also, could you post all uncommented global options in your /etc/samba/smb.conf? >> >> > > [global] > >workgroup = WORKGROUP > >load printers = yes > >log file = /var/log/samba/smbd.%m > >max log size = 50 > >dns proxy = no > > [homes] >comment = Home Directories >browseable = no >writable = yes > > [printers] >comment = All Printers >path = /var/spool/samba >browseable = no >guest ok = no >writable = no >printable = yes > > > Like Federico who also replied to this thread, I'm unable to put a finger on an exact cause for the crashes. But wonder if it's some combination of running KDE, Firefox and Thunderbird. > > Oh, there is another thing I failed to mention. I log in and manually start kde with "startkde4" Some times when I logout that way it will hang and ctrl-alt-backspace is needed to return to the command line. Some times kwin will crash when I logout also. -- Vadim Zhukov
Re: kde4-4.13.3p0 on OpenBSD 5.6 10/15/2014 AMD64 snapshot
04 ноÑб. 2014 г. 3:11 полÑзоваÑÐµÐ»Ñ "Stan Gammons" напиÑал: > > Does anyone besides me experience crashes with Dolphin on kde4-4.13.3p0? When I click on the kde crash handler developer information tab it churns forever and ever and ever and never returns any information. What the "ulimit -a" command says? Also, could you post all uncommented global options in your /etc/samba/smb.conf? -- Vadim Zhukov
Re: WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch
2014-09-23 18:41 GMT+04:00 Stefan Wollny : > I have this Lenovo T60 running amd64-current (full dmesg at the end): > > OpenBSD 5.6-current (GENERIC.MP) #388: Mon Sep 22 02:23:15 MDT 2014 > t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.62 MHz > real mem = 3203203072 (3054MB) > avail mem = 3109261312 (2965MB) > > I follow current since > OpenBSD 5.6 (GENERIC.MP) #310: Tue Jul 29 11:49:10 MDT 2014 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > All programs have been installed from packages. For KDE-programs I went > for the first time with KDE4. Window-manager is Fluxbox. Whenever I > fetch a fresh snapshot the first thing after reboot is "pkg_add -ui" and > an update of /usr/src, /usr/ports, /usr/xenocara. > > Starting some usual programs in a xterm I get the following warnings: > > ~ $ okular > > okular:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 : > WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, > relink your program > okular:/usr/local/lib/qt4/libQtScript.so.2.0: > /usr/local/lib/kde4/libs/libkjsapi.so.50.2 : WARNING: > symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, relink your > program > > ~ $ xombrero > xombrero:/usr/local/lib/libestdc++.so.16.0: /usr/lib/libstdc++.so.57.0 : > WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, > relink your program > Bus error (core dumped) > > ~ $ konqueror > konqueror:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 > : WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, > relink your program > > ~ $ libreoffice > /usr/local/lib/libreoffice/program/soffice.bin:/usr/lib/libstdc++.so.57.0: > /usr/local/lib/libestdc++.so.16.0 : WARNING: > symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, relink your > program > > > Even though I am pretty confident that I followed all advisories given > for current I might have missed something. Has anyone a clue what I > could do better??? Reinstalling from ports? That message is an unfortunate side-effect of switching KDE4 build to newer GCC (from ports and not from base system). While actually such messages ("symbol size mismatch") do indicate real problems (this is why they do appear, at all), this particular one - "_ZN11__gnu_debug17_S_debug_messagesE" - is mostly harmless and you may ignore it safely. -- WBR, Vadim Zhukov
Re: mpd unable to start on recent snapshots
2014-09-04 0:29 GMT+04:00 Nicholas Fleisher : > On Wed Sep 03 9:39 PM, David Coppa wrote: >> > Thanks, but unfortunately getting rid of the corrupted database doesn't >> > help. mpd can't seem to create a good new one from scratch. >> >> Double check your /etc/mpd.conf, check that /var/spool/mpd has the >> right owner/group and permissions, have a look at /var/log/mpd/mpd.log >> for errors... > > I tried reinstalling (including userdel/groupdel _mpd, and so forth) and > starting with a fresh /etc/mpd.conf, but still no luck. > Owner/group/permissions on /var/spool/mpd are correct (i.e. owner and > group both _mpd, writeable for both). The log shows mpd adding several > songs and then abruptly quitting. It complains twice about the mpdstate > file being missing, but even after touch'ing it and setting appropriate > ownership/permissions, I get the same error as before. > > The only other info I can think of that might be helpful: after the > fresh reinstall and mpd startup, the /var/spool/mpd directory contains > only mpd.pid and the playlists directory, i.e. mpd.db and mpdstate are > both missing. (though, as mentioned above, manually creating them and > then retrying does not solve the problem). > > Thanks for all the suggestions. Running out of ideas here... Try ktrace then. You'll need to set up a complex command line with sudo involved, but this would give you what system call fails (if any, but I'm sure there it is). -- WBR, Vadim Zhukov
Re: PF Tagging
2014-09-02 23:10 GMT+04:00 andy : > Hi, > > Hoping this is a pretty dumb question and someone can just shoot me down > with an instant answer but is there any reason why I can't compare against > multiple tags? > > E.g. > pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS } > queue (_wan_dflt,_wan_pri) set prio (1,4) keep state > > I seem to only be able compare against one tag at a time which seem to be > quite limiting? Yes, only one tag maximum. This makes actual comparison in PF fast & easy: internal PF per-packet and per-rule structures both contain a single number, reperesenting a tag. To allow multiple tags you'll need to make size of those structures dynamic. > Cheers, Andy. > > PS; Yes I am only just starting to get round to setting up policy based > rules for the first time as part of a big rewrite for a new much larger > office with *many* VLANs etc.. You'll probably want to play more with "match" rules. -- WBR, Vadim Zhukov
Re: kile-kde4
2014-08-04 2:46 GMT+04:00 Stefan Wollny : > Am 08/03/14 um 20:25 schrieb Vadim Zhukov: >> 2014-08-03 22:24 GMT+04:00 Stefan Wollny : >>> Am 08/03/14 um 19:39 schrieb Vadim Zhukov: >>>>> Does this help you: >>>>>> ~ $ kile -v kile:/usr/lib/libstdc++.so.57.0: >>>>>> /usr/local/lib/libestdc++.so.16.0 : WARNING: >>>>>> symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, >>>>>> relink your program >>>> This is normal for stuff built with non-base GCC... >>>> >>>>>> kile:/usr/local/lib/qt4/libQtScript.so.2.0: >>>>>> /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING: >>>>>> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, >>>>>> relink your program >>>> ... and this one is not. It looks like you have different binaries >>>> (libraries or kile executable itself) linked with different >>>> libraries. Check for (normally hidden) .libs-* packages, e.g., "ls >>>> -d /var/db/pkg/.libs*". >>> >>> ~ $ sudo ld -d /var/db/pkg/.libs* >>> /var/db/pkg/.libs-firefox-30.0p0: file not recognized: File truncated >> >> Wut? Please look at the command line above AGAIN. >> >>>>>> Qt: 4.8.6 KDE Development Platform: 4.13.3 Kile: 2.1.3 >>>>>> >>>>>> >>>>>> >>>>>> Would it be helpful if I delete kile-kde4 and kde4-libs and >>>>>> give it a new try from ports? >>>> Why don't you use official packages? >>> >>> Because with kde4 kde3-based kile from packages gave me the same >>> behaviour... >> >> Wut? There are kile packages both for KDE3 and KDE4. >> >>> I will de-install kile and the package in /usr/ports and give the >>> official package a second try. >> >> Please do. >> >> -- >> WBR, >> Vadim Zhukov >> > Hi Vadim, > > sorry that it took so long for the next tests: I did an upgrade to > amd64-current #316 and fsck'd the partitions while being there. > > OK - one more info that doesn't make a difference in reality: I had > 'only' installed kde4-minimal so far prior to installing kile. Now for > the sake of testing I accepted the pollution in particular of kde4-games > just to be shure we do not miss a piece and installed kde4 from > packages. So far I started X with fluxbox and now did an additional test > with ../startkde4: Same result - kile becomes irresponsible after startup. > > I did thé last tests with all references under ~/.kde4/ to kile where > deleted. Mmmh - I will redo the test after having moved ~/.kde4 to > ~/_kde4 - let's see if kile recreates this folder... > > Well - yes, it does. But just before as this is the second startup of > kile it stops right here: > > ~ $ kile > kile:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 : > WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, > relink your program > kile:/usr/local/lib/qt4/libQtScript.so.2.0: > /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING: > symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, relink your > program > Object::connect: No such signal > org::freedesktop::UPower::DeviceAdded(QString) > Object::connect: No such signal > org::freedesktop::UPower::DeviceRemoved(QString) > > > > Still I am requested to 'relink' the program ... > > It will be annoying - but unless you come up with a better suggestion I > will reinstall the entire system from scratch to the bare minimum to be > assured that I did not make an error with the present installation. But > not before monday night. > > BTW: Any other tests related to kde4 you'd like me to do? (Just drop me > a note privately to not pollute misc@) > > Have a nice week! I reproduced your problem here. It looks like the root of problem is in libinotify, which doesn't handle named pipes well. The Kile creates two named pipes to talk with LyX server (see http://wiki.lyx.org/LyX/LyXServer). And then at some point libinotify tries to open those files... You can try to run the two following commands: $ kwriteconfig4 --file ~/.kde/share/config/kilerc --group DirWatch --key PreferredMethod Fam $ rm ~/{.lyx/,}.lyxpipe* (if your KDEHOME isn't in the ~/.kde, tweak the first command accordingly) And then start Kile again. See if it helps. -- WBR, Vadim Zhukov
Re: kile-kde4
2014-08-03 22:24 GMT+04:00 Stefan Wollny : > Am 08/03/14 um 19:39 schrieb Vadim Zhukov: >>> Does this help you: >>>> ~ $ kile -v kile:/usr/lib/libstdc++.so.57.0: >>>> /usr/local/lib/libestdc++.so.16.0 : WARNING: >>>> symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, >>>> relink your program >> This is normal for stuff built with non-base GCC... >> >>>> kile:/usr/local/lib/qt4/libQtScript.so.2.0: >>>> /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING: >>>> symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, >>>> relink your program >> ... and this one is not. It looks like you have different binaries >> (libraries or kile executable itself) linked with different >> libraries. Check for (normally hidden) .libs-* packages, e.g., "ls >> -d /var/db/pkg/.libs*". > > ~ $ sudo ld -d /var/db/pkg/.libs* > /var/db/pkg/.libs-firefox-30.0p0: file not recognized: File truncated Wut? Please look at the command line above AGAIN. >>>> Qt: 4.8.6 KDE Development Platform: 4.13.3 Kile: 2.1.3 >>>> >>>> >>>> >>>> Would it be helpful if I delete kile-kde4 and kde4-libs and >>>> give it a new try from ports? >> Why don't you use official packages? > > Because with kde4 kde3-based kile from packages gave me the same > behaviour... Wut? There are kile packages both for KDE3 and KDE4. > I will de-install kile and the package in /usr/ports and give the > official package a second try. Please do. -- WBR, Vadim Zhukov
Re: kile-kde4
2014-08-03 21:24 GMT+04:00 Stefan Wollny : > Am 08/03/14 um 19:00 schrieb Vadim Zhukov: >> 2014-08-03 20:51 GMT+04:00 Stefan Wollny : >>> Hi there, >>> >>> has s.o. managed to get kile-kde4 from ports up and running properly? >>> >>> On my system (Lenovo T60 / Core2 / OpenBSD-current #315 - amd64) >>> kile-kde4 did compile and does start - but that's about it. I cannot >>> open any file as the system complains about wrong libraries and unknown >>> mimetypes. >>> >>> If this is the first test 'out in the wild' take it as an error report. >>> Otherwise I would appreciate any hints on how to do it properly. >>> >>> Some relvant information further down. >> >> Please report actual error you see. >> >> I've tested Kile at the time of import by starting and typing some >> stuff. Not a Kile user myself, though. >> >> -- >> WBR, >> Vadim Zhukov >> > Hi Vadim, > > thank you for your super-fast reply. > > The error is that kile simply does not respond to any input > (keyboard/mouse) after I try to open an existing .tex-document or start > a new one. > > I had started kile from the command line to report the system's output > with my initial mail. If I kill kile with ctrl-c and try to restart it > from the command line it doesn't come up again - the splash screen is > the last reaction. > > Does this help you: > ~ $ kile -v > kile:/usr/lib/libstdc++.so.57.0: /usr/local/lib/libestdc++.so.16.0 : > WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, > relink your program This is normal for stuff built with non-base GCC... > kile:/usr/local/lib/qt4/libQtScript.so.2.0: > /usr/local/lib/kde4/libs/libkhtml.so.50.2 : WARNING: > symbol(_ZTIN14WTFNoncopyable11NoncopyableE) size mismatch, relink your > program ... and this one is not. It looks like you have different binaries (libraries or kile executable itself) linked with different libraries. Check for (normally hidden) .libs-* packages, e.g., "ls -d /var/db/pkg/.libs*". > Qt: 4.8.6 > KDE Development Platform: 4.13.3 > Kile: 2.1.3 > > > > Would it be helpful if I delete kile-kde4 and kde4-libs and give it a > new try from ports? Why don't you use official packages? -- WBR, Vadim Zhukov
Re: kile-kde4
2014-08-03 20:51 GMT+04:00 Stefan Wollny : > Hi there, > > has s.o. managed to get kile-kde4 from ports up and running properly? > > On my system (Lenovo T60 / Core2 / OpenBSD-current #315 - amd64) > kile-kde4 did compile and does start - but that's about it. I cannot > open any file as the system complains about wrong libraries and unknown > mimetypes. > > If this is the first test 'out in the wild' take it as an error report. > Otherwise I would appreciate any hints on how to do it properly. > > Some relvant information further down. Please report actual error you see. I've tested Kile at the time of import by starting and typing some stuff. Not a Kile user myself, though. -- WBR, Vadim Zhukov
Re: i386: Updating ports conflicts'
2014-07-17 22:14 GMT+02:00 Stefan Wollny : > Hi there, > > a cvs-update of /etc/ports on i386-current quits at the letter D: > > ~ $ dmesg | grep OpenBSD > OpenBSD 5.6-beta (GENERIC.MP) #247: Wed Jul 16 22:09:54 MDT 2014 > > > 8< --- > ? devel/p5-MooseX-Role-WithOverloading > ? devel/p5-MooseX-SemiAffordanceAccessor > ? devel/p5-MooseX-Traits > ? devel/p5-MooseX-Traits-Pluggable > RCS file: /cvs/ports/INDEX,v > retrieving revision 1.427 > retrieving revision 1.428 > Merging differences between 1.427 and 1.428 into INDEX > rcsmerge: warning: conflicts during merge > cvs server: conflicts found in INDEX > C INDEX > P archivers/freeze/Makefile > P archivers/freeze/pkg/PLIST > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/gmpc-autoplaylist > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/gmpc-stopbutton > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/gmpccaa > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/gom > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/last.fm > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/libmpcdec > cvs server: cannot open directory /cvs/D: No such file or directory > cvs server: skipping directory audio/lopster > cvs [server aborted]: could not find desired version 1.26 in > /cvs/ports/books/Makefile,v > quirks-1.146 signed on 2014-07-08T10:12:04Z Sorry, typed Ctrl+Enter too fast. It looks like as your AnonCVS mirror was broken, you realized it and then switched to another one. But the broken files are still there... Just get rid of the /usr/ports and reload it again; Given how many chages were in the tree since 5.5, checking out could be faster than updating from ports.tar.gz from 5.5. -- WBR, Vadim Zhukov
Re: i386: Updating ports conflicts'
2014-07-17 22:14 GMT+02:00 Stefan Wollny : > Hi there, > > a cvs-update of /etc/ports on i386-current quits at the letter D: > > ~ $ dmesg | grep OpenBSD > OpenBSD 5.6-beta (GENERIC.MP) #247: Wed Jul 16 22:09:54 MDT 2014 > > > 8< --- > ? devel/p5-MooseX-Role-WithOverloading > ? devel/p5-MooseX-SemiAffordanceAccessor > ? devel/p5-MooseX-Traits > ? devel/p5-MooseX-Traits-Pluggable > RCS file: /cvs/ports/INDEX,v > retrieving revision 1.427 > retrieving revision 1.428 > Merging differences between 1.427 and 1.428 into INDEX > rcsmerge: warning: conflicts during merge > cvs server: conflicts found in INDEX > C INDEX It looks like you called "make index" at some point in the past. Just remove that file and then "cvs up INDEX" to get a clean version. -- WBR, Vadim Zhukov
Re: Problem installing KDE4
2014-07-12 13:58 GMT+02:00 Stan Gammons : > On 07/12/14 01:26, Vadim Zhukov wrote: >> >> 12.07.2014 2:17 пользователь "Stan Gammons" >> Ð½Ð°Ð¿Ð¸Ñ Ð°Ð»: >> >>> I downloaded install55.iso dated July 11, 2014 from ftp.openbsd.org this >> >> afternoon and after a new install I tried to install kde4 using the >> snapshot packages from the same site which are dated July 8, 2014. In >> doing >> so I get can't resolve errors on glib2-2.40.0p7 and python-2.7.7 which >> causes lots of other errors due to the dependency on these packages. Is >> the older snapshot of the packages the problem or is something else wrong? >> >> It's just a consistency problem, packages and base sets are not built at >> the same time (and sometimes with the same base code, ever). Even more, >> currently there is a hackathon going on, so things get out of sync easily. >> Your options are: >> >> 1) Wait for about a week. >> >> 2) Get & update ports tree, then run "dpb x11/kde4" (or whatever) to get a >> consistent set of packages. >> > > I reinstalled the July 06 AMD64 install55.iso and KDE4 installed Ok with the > packages dated July 08. > > Is there a way to find out whether or not a given date package(s) will work > with a current build iso? Other than installing a current iso and finding > out the hard way. Yes, but not easy one: check the contents of base sets, and compare library versions there with what requirements you have in fat compiled packages (like kdelibs, chrome...). The latter could be done by manual fetching & unpacking of package, and looking at the +CONTENTS for the @wantlib lines. -- WBR, Vadim Zhukov
Re: Problem installing KDE4
12.07.2014 2:17 полÑзоваÑÐµÐ»Ñ "Stan Gammons" напиÑал: > > I downloaded install55.iso dated July 11, 2014 from ftp.openbsd.org this afternoon and after a new install I tried to install kde4 using the snapshot packages from the same site which are dated July 8, 2014. In doing so I get can't resolve errors on glib2-2.40.0p7 and python-2.7.7 which causes lots of other errors due to the dependency on these packages. Is the older snapshot of the packages the problem or is something else wrong? It's just a consistency problem, packages and base sets are not built at the same time (and sometimes with the same base code, ever). Even more, currently there is a hackathon going on, so things get out of sync easily. Your options are: 1) Wait for about a week. 2) Get & update ports tree, then run "dpb x11/kde4" (or whatever) to get a consistent set of packages.
Re: getaddrinfo(3) & chroot(2) with root
2014-05-14 20:57 GMT+04:00 Denis Fondras : > Hello all, > > I am burning my last neurons with a behavior I can't explain. I wonder > why getaddrinfo() fails when called after chroot() with root user. > > > I have this piece of code : > > /*--- test.c ---*/ > #include > #include > #include > #include > #include > > int main(int argc, char *argv[]) > { > struct addrinfo *ai_out; > struct passwd *pw; > int error; > > pw = getpwnam("_bgpd"); > > error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out); > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > chroot(pw->pw_dir); > chdir("/"); > > error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out); > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > return 0; > } > /*--- test.c ---*/ > > $ ./a.out > getaddrinfo() succeed > getaddrinfo() succeed > > # ./a.out > getaddrinfo() succeed > getaddrinfo() succeed > > > > > Everything is good. Now if I compile : > > /*--- test.c ---*/ > #include > #include > #include > #include > #include > > int main(int argc, char *argv[]) > { > struct addrinfo *ai_out; > struct passwd *pw; > int error; > > pw = getpwnam("_bgpd"); > > error = 0 > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > chroot(pw->pw_dir); > > error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out); > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > return 0; > } > /*--- test.c ---*/ > > $ ./a.out > getaddrinfo() succeed > getaddrinfo() succeed > > # ./a.out > getaddrinfo() succeed > getaddrinfo() failed > > > > If this an expected behavior, what would be the preferred way to resolve > a name from a chrooted process ? I am extending OpenBGPd and I need to > resolve domain names and connect to a service (no BGP protocol). I am > currently using the "session" process to handle the connection part but > I am stuck on name resolution for now. /etc/resolv.conf is read on the first attempt to resolve something, no? And, of course, you have no /your/chroot/path/etc/resolv.conf. -- WBR, Vadim Zhukov
Re: linux port of systrace
2014-05-13 19:06 GMT+04:00 Илья Аржанников : > Hello. > > I am trying to use linux port systrace. And I found the problem. When I run > under systrace (it does not matter with -A or -a (actually it never came till > -a)) something that use vfork systrace and children processes hangup. I saw > in sources that linux port uses ptrace as backend because it's not a native > systrace subsystem. And linux systrace try to rewrite vfork system call on > sys_clone, but it give nothing. With fork everything is ok, because fork is > wrap around clone syscall and systrace just add one more flag to call it. > > Has anyone experience this problem? Does this also happen with only one CPU? -- WBR, Vadim Zhukov
Re: sudo -u & environment help
sudo -i ? 04.04.2014 14:31 полÑзоваÑÐµÐ»Ñ "Craig R. Skinner" напиÑал: > Hi, > > When sudo'ing to another user, how can I obtain all of their environment > settings as they receive when logging in themselves? > > When I use sudo in this manner, settings such as $PATH, $MAIL & umask > aren't being honoured: > > > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > craig > > /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/u sr/site/sbin:/home/craig/bin > /var/mail/craig > 027 > > > > Here, $PATH, $MAIL & umask are unchanged: > > $ sudo -H -i -u david > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > david > > /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/u sr/site/sbin:/home/craig/bin > /var/mail/craig > 027 > > > Compare the difference when logging in as that user: > > $ login david > ... > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > david > /usr/bin:/bin:/usr/local/bin:/usr/site/bin:/home/david/bin > /var/mail/david > 022 > > > > > /etc/login.conf: > default:\ > :passwordcheck=/usr/local/bin/pwqcheck -1:\ > :passwordtries=0:\ > :path=/usr/bin /bin /usr/local/bin /usr/site/bin ~/bin:\ > :umask=022:\ > :datasize-cur= > > staff:\ > :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin > /usr/site/bin /usr/site/sbin ~/bin:\ > :umask=027:\ > :datasize-cur= > > > $ egrep 'env_|Defaults' /etc/sudoers | grep -v ^# > Defaults env_keep +="DESTDIR DISTDIR EDITOR FETCH_CMD FLAVOR FTPMODE GROUP > MAKE" > Defaults env_keep +="MAKECONF MULTI_PACKAGES NOMAN OKAY_FILES OWNER > PKG_CACHE" > Defaults env_keep +="PKG_DBDIR PKG_DESTDIR PKG_PATH PKG_TMPDIR PORTSDIR" > Defaults env_keep +="RELEASEDIR SHARED_ONLY SSH_AUTH_SOCK SUBPACKAGE > VISUAL" > Defaults env_keep +="WRKOBJDIR" > Defaults always_set_home, ignore_dot, use_loginclass > > > > login(1): > > login enters information into the environment (see environ(7)) > specifying > the user's home directory (HOME), command interpreter (SHELL), search > path (PATH), terminal type (TERM), and user name (both LOGNAME and > USER). > > ENVIRONMENT > login sets the following environment variables: > > HOME > MAIL > > sudo(8): > > Command Environment > .. On BSD systems, if the use_loginclass option > is > enabled, the environment is initialized based on the path and setenv > settings in /etc/login.conf. The new environment contains the TERM, > PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables > in > addition to variables from the invoking process permitted by the > env_check and env_keep options. This is effectively a whitelist for > environment variables. > > > > How can I become another user - without knowing their password, > and gain their 'natural' environment? > > e.g. from wheel group to a users group member. > > 'su -l username' & 'login username' require their password. > > I thought 'sudo -H -i -u username' would do it. > > Any suggestions on what else I need to configure?
Re: Cannot make state when using 'user' option in pf.conf
2014/1/26 Jiri B : > Hello, > > I'm trying to understand why there's no PF state for a outgoing > rule dedicated to dnscrypt-proxy (668) daemon. > > pf.conf says 'user' option needs effective ID... > > # ps -axo uid,ruid,gid,rgid,pid,args | grep dnscrypt > 688 688 688 688 16665 /usr/local/sbin/dnscrypt-proxy -d > --local-address=127.0.0.1:5331 --user=_dnscrypt-proxy > > # pfctl -sr > block drop out log quick on egress from ! (egress:0) to any > anchor "test-out" all > pass out log quick on egress inet proto udp from any to 208.67.220.220 port = > 443 user = 688 > pass out log quick on egress inet proto tcp from any to 208.67.220.220 port = > 443 user = 688 flags S/SA > pass out log quick on egress inet proto icmp all icmp-type echoreq > block drop in log quick from no-route to any > block drop in log quick from urpf-failed to any > block drop out log quick all > block drop in log quick on egress inet from any to 255.255.255.255 > anchor "test-in" all > pass in log quick on egress inet proto icmp from any to (egress:0) icmp-type > echoreq code 0 > pass in log quick on egress inet proto tcp from any to (egress:0) port = 22 > flags S/SA > block drop in log quick all > > Now when dnscrypt-proxy tries to make a connection it is blocked. > Interestingly there's even no logged outgoing connection, but just > blocked return. > > # tcpdump -i pflog0 -n -e -ttt -vv > tcpdump: WARNING: snaplen raised from 116 to 160 > tcpdump: listening on pflog0, link-type PFLOG > Jan 26 00:41:00.884036 rule 7/(match) [uid 0, pid 23524] block out on iwn0: > [uid 0, pid 16665] 192.168.1.100.10976 > 208.67.220.220.443: udp 512 (ttl 64, > id 9876, len 540, bad cksum 208! differs by e108) > > (from anchor) > # pfctl -ss > all tcp 192.168.1.100:16505 -> 66.7.199.108:22 ESTABLISHED:ESTABLISHED > > Well it works if I add dnscrypt-proxy rule for root but why? Because the socket (hint: <1024) was opened with root rights, and therefore the uid=0 was saved there. -- WBR, Vadim Zhukov
Re: samba and e2fsprogs packages -- 5.4
2013/12/5 Peter Fraser : > samba required the e2fsprogs package. The problem occurs when trying to use > samba's net command. > The net command requires libuuid. > It was not easy to find where libuuid was located. pkg_locate libuuid.so - no? -- WBR, Vadim Zhukov
Re: slashdot rumours
01.11.2013 12:58 полÑзоваÑÐµÐ»Ñ "Marko CupaÄ" напиÑал: > > I just read an article on slashdot which says that a piece of > malware made "Open BSD operating system (...) modify its > settings and delete its data without explanation or prompting", and > that malware is spreading over microphone and speakers. > > Is this just some kind of negative publicity on a day of OpenBSD 5.4 > release, or there is something to it? Yes, there is. I should add that it does not require microphones for spreading, ever. You need just to type blindly what your friend says.
Re: /var/cache/fontconfig ??
2013/6/9 Otto Moerbeek > On Sun, Jun 09, 2013 at 10:10:06AM +0100, Jason McIntyre wrote: > > > On Sun, Jun 09, 2013 at 05:06:01AM -0400, Jiri B wrote: > > > >Sorry but this seems to bizzare to make 'cache' appropriate > > > >subdir in /var just because of one specific tool. Wouldn't be > > > >better to customize it to use /var/db/fontconfig? > > > > > > Ahh, on other machine there's also 'cups' and 'libvirt' :) > > > > > > jirib > > > > in that case my diff is definitely wrong. so i need a general > > description of what /var/cache is for. > > > > jmc > > A cache holds stuff the is relativey expensive to recompute. If the > data is thrown away, it can be regenerated. > Is there any real difference with subdir under /var/tmp then? -- WBR, Vadim Zhukov
Re: extattr on OpenBSD
2013/6/7 Ted Unangst > On Thu, Jun 06, 2013 at 03:40, Jiri B wrote: > > As now FUSE is in the tree, is there a plan to resuscitate > > extattr on OpenBSD, so some filesystems in usespace could > > work or benefit from it? I'd like to see to be able to access > > glusterfs for example which uses extattr for its own metadata. > > I don't think so. > Too many tools remain unaware of them, causing attributes to get > stripped off doing rather mundane operations. > > Samba 4 also may use extattr to save some network-share-specific information, so this could be really useful in that case. But not for generic use, of course - and adding a bloat to kernel just to the sake of compatibility with other OS... oh, we already have Linux ABI, don't we? :) -- WBR, Vadim Zhukov
Re: Problem with a startup script
22.05.2013 10:19 полÑзоваÑÐµÐ»Ñ "C. L. Martinez" напиÑал: > > Hi all, > > I have a problem with some tcl rc.d startup scripts. Start and status > works ok but stop and restart, doesn't. Stupid question: does it stop if you kill it by pid directly? I've seen at least one daemon do far that ignores SIGTERM... > Script: > > #!/bin/sh -x > # > # $OpenBSD: suricata_proxyin_agent,v 1.0 > > daemon="/usr/local/bin/suricata_proxyin_agent.tcl" > daemon_flags="-c /data/config/etc/sguil/suricata_proxyin_agent.conf -D" > > . /etc/rc.d/rc.subr > > pexp="/usr/local/bin/tclsh8.5 $daemon" > > rc_cmd $1 > > I have tried several variants like to insert rc_stop specific option > or changing pexp to "/usr/local/bin/tclsh8.5 $daemon $daemon_args" > without luck. > > Debugging script, acts as like the other system startup scripts: > > . > > + echo NO > + : NO > + [ XNO = XYES ] > + echo NO > + : NO > + domainname > + [ X != X -a -d /var/yp/binding ] > + echo NO > + : NO > + : NO > + [ -n /usr/local/bin/suricata_proxyin_agent.tcl ] > + unset _RC_DEBUG _RC_FORCE > + getopts df c > + shift 0 > + basename ./suricata_proxyin_agent > + _name=suricata_proxyin_agent > + _RC_RUNDIR=/var/run/rc.d > + _RC_RUNFILE=/var/run/rc.d/suricata_proxyin_agent > + eval _rcflags=${suricata_proxyin_agent_flags} > + _rcflags= > + eval _rcuser=${suricata_proxyin_agent_user} > + _rcuser= > + getcap -f /etc/login.conf suricata_proxyin_agent > + > /dev/null > + 2>&1 > + [ -z ] > + daemon_class=daemon > + [ -z ] > + daemon_user=root > + [ -n ] > + [ -n ] > + [ -n ] > + printf %s -c /data/config/etc/sguil/suricata_proxyin_agent.conf -D > + daemon_flags= -c /data/config/etc/sguil/suricata_proxyin_agent.conf -D > + daemon_flags=-c /data/config/etc/sguil/suricata_proxyin_agent.conf -D > + readonly daemon_class > + unset _rcflags _rcuser > + pexp=/usr/local/bin/suricata_proxyin_agent.tcl -c > /data/config/etc/sguil/suricata_proxyin_agent.conf -D > + rcexec=su -l -c daemon -s /bin/sh root -c > + pexp=/usr/local/bin/tclsh8.5 /usr/local/bin/suricata_proxyin_agent.tcl > + rc_cmd stop > > root@nsm10:/usr/local/etc/rc.d# ps xa |grep suricata_proxyin_agent.tcl > | grep -v grep > 17486 p2- I 0:00.29 /usr/local/bin/tclsh8.5 > /usr/local/bin/suricata_proxyin_agent.tcl -c > /data/config/etc/sguil/suricata_proxyin_agent.conf -D > > Any idea why process is not stopped??
Re: ACPI hack for temperature control
2013/5/2 STeve Andre' > Can someone point me to the proper patch for ACPI so I don't reboot > any more? Thanks. > Do you mean disabling acpitz(4) when it does the Wrong Thing, or ThinkPad-specific patch I was posting some time ago (and still want to incorporate but after 64-bit time_t)? -- WBR, Vadim Zhukov
Re: FAQ 8.1 - I forgot my root password...
2013/4/11 f5b : > FAQ 8.1 - I forgot my root password... > > http://www.openbsd.org/faq/faq8.html#LostPW > > ... > re: > Mount the partitions. Both "/" and /usr will need to be mounted read-write. > Assuming they are on separate partitions (as they should be), the following > will work: > > # fsck -p / && mount -uw / > # fsck -p /usr && mount /usr Why do you need to mount /usr read-write for updating password, ever? Read-only is enough, no? -- WBR, Vadim Zhukov
Re: in current: chrootdirectory in ssh (cannot stat /usr/libexec/sftp-server)
08.04.2013 11:13 полÑзоваÑÐµÐ»Ñ "Didier Wiroth" напиÑал: > > Hello, > (running current with OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012) > > I'm trying to setup chrootdirectory in sshd_config as a test configuration > without success. > > Here is a snip from my sshd_config > > #(this is the default line) > Subsystem sftp/usr/libexec/sftp-server > > #added the following match block > Match Group remote-sync, Address 127.0.0.1 > ChrootDirectory /home/chroot/%u > ForceCommand internal-sftp -f LOCAL0 -l INFO > AllowAgentForwarding no > AllowTcpForwarding no > GatewayPorts no > X11Forwarding no > --- > > The home directory /home/chroot/sync is owned by root:wheel. > > When I try to connect I get the following error: > cannot stat /usr/libexec/sftp-server: No such file or directory > > What do I miss? > What is wrong with my test config? It's obvious that global configuration parameter is involved. That means that your Match rule doesn't work. > Thanks for any input!!! > Didier > > See the entire output here: > $ sudo /usr/sbin/sshd -D -d -p -f /etc/ssh/sshd_config > debug1: sshd version OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012 > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: read PEM private key done: type ECDSA > debug1: private host key: #2 type 3 ECDSA > debug1: rexec_argv[0]='/usr/sbin/sshd' > debug1: rexec_argv[1]='-D' > debug1: rexec_argv[2]='-d' > debug1: rexec_argv[3]='-p' > debug1: rexec_argv[4]='' > debug1: rexec_argv[5]='-f' > debug1: rexec_argv[6]='/etc/ssh/sshd_ > config' > debug1: Bind to port on 0.0.0.0. > Server listening on 0.0.0.0 port . > debug1: Bind to port on ::. > Server listening on :: port . > debug1: fd 5 clearing O_NONBLOCK > debug1: Server will not fork when running in debugging mode. > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 > debug1: inetd sockets after dupping: 3, 3 > Connection from 127.0.0.1 port 31875 > debug1: Client protocol version 2.0; client software version OpenSSH_6.2 > debug1: match: OpenSSH_6.2 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.2 > debug1: permanently_set_uid: 27/27 [preauth] > debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth] > debug1: SSH2_MSG_KEXINIT sent [preauth] > debug1: SSH2_MSG_KEXINIT received [preauth] > debug1: kex: client->server aes128-ctr hmac-md5-...@openssh.com > z...@openssh.com [preauth] > debug1: kex: server->client aes128-ctr hmac-md5-...@openssh.com > z...@openssh.com [preauth] > debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] > debug1: SSH2_MSG_NEWKEYS sent [preauth] > debug1: expecting SSH2_MSG_NEWKEYS [preauth] > debug1: SSH2_MSG_NEWKEYS received [preauth] > debug1: KEX done [preauth] > debug1: userauth-request for user sync service ssh-connection method none > [preauth] > debug1: attempt 0 failures 0 [preauth] > debug1: user sync matched group list remote-sync, at line 124 > debug1: connection from 127.0.0.1 matched 'Address 127.0.0.1' at line 124 > debug1: userauth_banner: sent [preauth] > debug1: userauth-request for user sync service ssh-connection method > publickey [preauth] > debug1: attempt 1 failures 0 [preauth] > debug1: test whether pkalg/pkblob are acceptable [preauth] > debug1: temporarily_use_uid: 1001/999 (e=0/0) > debug1: trying public key file /home/chroot/sync/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug1: matching key found: file /home/chroot/sync/.ssh/authorized_keys, > line 3 > Found matching RSA key: c9:1b:a7:00:9c:52:08:44:1b:2f:7e:28:94:f4:e0:af > debug1: restore_uid: 0/0 > Postponed publickey for sync from 127.0.0.1 port 31875 ssh2 [preauth] > debug1: userauth-request for user sync service ssh-connection method > publickey [preauth] > debug1: attempt 2 failures 0 [preauth] > debug1: temporarily_use_uid: 1001/999 (e=0/0) > debug1: trying public key file /home/chroot/sync/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug1: matching key found: file /home/chroot/sync/.ssh/authorized_keys, > line 3 > Found matching RSA key: c9:1b:a7:00:9c:52:08:44:1b:2f:7e:28:94:f4:e0:af > debug1: restore_uid: 0/0 > debug1: ssh_rsa_verify: signature correct > Accepted publickey for sync from 127.0.0.1 port 31875 ssh2 > debug1: monitor_child_preauth: sync has been authenticated by privileged > process > debug1: Enabling compression at level 6. [preauth] > debug1: monitor_read_log: child log fd closed > User child is on pid 2371 > Changed root directory to "/home/chroot/sync" > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 1 win 2097152 max > 32768 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: session 0 > debu
Re: Can't cleanly umount a usb stick
2013/3/18 STeve Andre' : >I've just run into something I can't explain. Likely it's not a > bug, but puzzling none the less. > >I normally run KDE, and then thunderbird, firefox and chrome > as well as a bunch of other stuff. Fine, mostly. > >I frequently mount a 32G usb stick to stuff my 'reagents' software > on, for keeping Windows sheep (mostly) safe. To do this I mount the > stick on /dos, and copy stuff to it. > >Only today and maybe a couple of other times, I finished copying > data to /dos and did umount /dos, and got a device busy message. > Only the one xterm touched /dos, from the mount, to the copy, to > the umount. Last time this happened I did a umount -f as I needed > the data. This time I went hunting and an fstat | grep doc revealed > that firefox had /dos? *I* didn't do anything. > >Any ideas as to whats going on, or things to check? I am puzzled. Probably some time ago you saved something from FireFox directly to /dos (or subfolder of). Then FireFox remembered the last folder you were using, and open it on start. Save something to a different folder. Probably it's also a good idea to avoid asking about destination folder at all. I use this setting personally to avoid having a bunch of extra files spreading everywhere: things I really need gets moved somewhere else, and then I just wipe the directory (or rather use subdir in /tmp). -- WBR, Vadim Zhukov
Re: Should I be tuning relayd?
26.02.2013 20:06 полÑзоваÑÐµÐ»Ñ "Peter Farmer" напиÑал: > > Hi All, > > Whilst load testing my website (being balanced via relayd) I see this from > time to time (when running "relayd -d"): > > relay www, session 2410 (1 active), 0, 195.143.230.243 -> 10.201.0.7:80, > done > relay www, session 3479 (1 active), 0, 195.143.230.242 -> 10.201.0.6:80, > done > relay www, session 2411 (1 active), 0, 195.143.230.243 -> 10.201.0.6:80, > done > relay www, session 3480 (1 active), 0, 195.143.230.242 -> 10.201.0.7:80, > done > host 10.201.0.6, check http code (0ms), state up -> down, availability > 92.31% > host 10.201.0.7, check http code (0ms), state up -> down, availability > 84.62% > relay www, session 2412 (1 active), 0, 195.143.230.242 -> :80, session > failed > relay www, session 2413 (1 active), 0, 195.143.230.243 -> :80, session > failed > relay www, session 2414 (1 active), 0, 195.143.230.242 -> :80, session > failed > > I also periodically see: > > relay www, session 1609 (1 active), 0, 195.143.230.243 -> 10.201.0.6:80, > session failed > > I know that the webservers are available because I also have a tests > running against each of the webservers and can see they are available all > the time. > > Should I be adding something to relayd.conf or should I be tuning OpenBSD > is anyway? There are typically between 6000 - 9000 states in the state > table during the test. And default PF limit is 1. Too close to be safe. Try to set it in pf.conf to, e.g., 3 first. > The ab command I am running is: > > ab -v -c100 -n10 http://beta.digidayoff.com/ > > My relayd conf is: > > ext_addr="10.201.0.3" > www1="10.201.0.6" > www2="10.201.0.7" > > log all > > table { $www1 $www2 } > relay www { > listen on $ext_addr port http > forward to port http mode roundrobin check http "/" code 200 > } > > > My pf.conf is: > > set skip on lo > anchor "relayd/*" > pass quick on em1 proto pfsync keep state (no-sync) > pass on em1 proto carp keep state > pass# to establish keep-state > # By default, do not permit remote connections to X11 > block in on ! lo0 proto tcp to port 6000:6010 > > > dmesg: > > OpenBSD 5.2 (GENERIC) #309: Wed Aug 1 09:58:55 MDT 2012 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC > real mem = 535756800 (510MB) > avail mem = 499208192 (476MB) > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (268 entries) > bios0: vendor Phoenix Technologies LTD version "6.00" date 09/21/2011 > bios0: VMware, Inc. VMware Virtual Platform > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S4 S5 > acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET > acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) > S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00S(S3) Z00T(S3) > Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) > Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) > Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) P2P1(S3) S1F0(S3) S2F0(S3) > S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00S(S3) > Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) > Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) > Z019(S3) Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) P2P2(S3) S1F0(S3) > S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) > Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) > Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) > Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) P2P3(S3) > S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) > S9F0(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) > Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) > Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) Z01C(S3) Z01D(S3) Z01E(S3) > PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3) S1F0(S3) > PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3) S1F0(S3) > PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S3) S1F0(S3) > PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3) S1F0(S3) > PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3) S1F0(S3) > PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3) S1F0(S3) > PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3) S1F0(S3) > PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67(S3) S1F0(S3) > PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3) S1F0(S3) > PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3) S1F0(S3) > PE82(S3) S1F0(S3) PE83(S3) S1F0(S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3) > PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3) S1F0(S3) > PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE96(S3) S1F0(S3) > PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3) > PEA4(S3) S1F0(S3) PEA5(S3) S1F0(
Re: Shell for PF
2013/2/16 Matthew Weigel : > On Feb 16, 2013, at 5:28 AM, Vadim Zhukov wrote: > >> 2013/2/16 Fil DiNoto : >>> But this is all off-topic, I'm not slaming pf in any way i love it. I >>> was just saying it can't hurt to try to emulate what people know if at >>> all possible. And the fact is that junos/ios have the market share so >>> thats what people know. > > Sorry, Vadim, for responding to Fil through your email. > > I think there is a real risk to trying to present an interface that is > reminiscent of other systems, that behave differently and do less. People > will begin to expect that pf does the same things - no more, no less. Power > that is specific to pf over other systems will be ignored, because people > will think that since they are familiar with the interface they know what > they're doing. Yes, there are people who wants to know enough to have work being done somehow - those don't care what to use and don't want to learn in the general place. Probably they aren't OpenBSD audience but they hurt other people, "advanced" enough, to use OpenBSD either. Those ones who don't care about tools they are actually using, WILL fuck up their use. And hell, yes, I'd prefer netfilter-based solutiong built by smart man than PF-based built by stupid one. But when choosing between netfilter-based and PF-based firewalls built by the same lazy man (I'm NOT talking about OP himself here)... who cares? There is no point in caring about what tools other do use, until this hurts you. If others just use netfilter, fine - it's their problem. :) If you have to use netfilter because others do use PF - it becames your problem. A real problem. Just an example: I had to spent last few months in building virtualized environment based on CentOS 6. Well, I could not say it's full crap - just about 70% of it. :) I know that building the same using OpenBSD could take a few weeks (including detailed documentation of the whole process). But I had to use Linux, because other people here don't know anything about BSDs at all, and because they really need Sun JDK 1.6 for some stuff. It's really pain in the ass: for example, I had to fight with udev, grub and LVM each time I clone a virtual machine; I have to choose between old (CentOS/RHEL repos) and badly tested (EPEL) packages most of the time, or build stuff on my own; I have to debug PAM modules to allow logging in using 25 years old technologies because "official HOWTOs" are not valid for given OS and tools provided with distro fail silently, and ever then it doesn't work the way I want... But people don't want thing that Just Works(TM) if they could not fix it later themselves (though I suspect they could not fix this Linux-based infrastructure either). So many of us have to build Linux-based environments for others and use OpenBSD for ourselves. A bit frustrating but it's better than nothing. :) And let see the problem from the other side. Remember the school. At first you'd learn Newton's physics, where you could just accelerate and run as fast as light could and even faster. And only then, a few years off, the Einstein's theory come. Don't think about shell-like interface for the PF as the right solution for the final product - such thinking IS wrong, I totally agree. But remember, when people will _really_ want some more functionality, they _will_ learn. They just need an incentive. Straightforward making people around learning the whole PF at once is almost the same thing as trying to make the first grader learning relativity theory. I've made enough such mistakes already, trust me. :) And I don't want to say those people are stupid at all, they just could not apprehend as quickly as you or me may want them do. > Presenting a different interface is a FANTASTIC way to communicate > 'difference' to the user. It forces them to think about the difference > sooner, rather than when things aren't working as expected (or after they've > bought more equipment on top of the OpenBSD firewall because "JunOS can't do > that"). > > If that means people don't learn pf because they realize very quickly that > it's unlike anything they know... That is a SERVICE being provided. They knew > they didn't have the time to figure it out before they got ass-deep into it. Everyone does mistakes. Everyone sometimes fucks up the things. I do. :) If you want those happen more rarely than often, set up the appropriate process: give the people as much info as they could handle at the moment given, but not more - or they won't get any info at all. Get they know that there is a PF. Just a few words. Then show some things they use (or want to use) in netfilter/DamnSwitchOS/etc. that are e
Re: Shell for PF
e a more popular choice in a lot of >>> situations. Like me personally I have an ESXi server I lease, I'm not >>> going buy/lease a hardware router/firewall to sit in front of a single >>> machine with a handful of VMs on it, I use an OpenBSD VM as a router >>> to the other VMs and it works wonderfully. My provider had a hard time >>> understanding why I wanted another /29 routed to one of my IP >>> addresses the sales guy kept saying "it won't work that way you need a >>> router and all you have is one server" but eventually they made it >>> happen. >> >> This I must say that's why I decided to answer your message as I can't >> imagine of understand why you would like to run a router inside >> VMWare!?!?!??! >> >> And don't say that it is to make it more secure please. >> >> You make everything more complex and you were talking about making >> things simpler!?!?! A real paradox there don't you think? >> >> Forget that VMWare will not run on OpenBSD as the host and you know you >> will loose a lots of efficiency too? >> >> There is a very long list why you shouldn't run a router in VMWare. Just >> think about it a little and you will see why it make no sense really. >> >> Looks like everyone wants to run everything in VMWare these days and >> thinks it's good for everything... >> >> May be you would gain by playing with PF more and setup routers for fun >> with it. >> >> Just give it a chance and then after a few weeks you will wonder why >> Cisco and JunOS don't do their syntax like PF really. (:> >> >> Just my $0.02 worth for using both and I see no need to have PF be like IOS. >> >> I would be way more in favor to see a company out there somewhere do >> custom hardware for PF and OpenBSD to compete with Cisco routers for >> example. >> >> Some network cards are pretty good as is, but yes it could be even >> better and faster. >> >> I think if such a company would see the light of day, sooner then you >> think Cisco would come and buy them flat out to avoid that competition. >> I would be welling to bet that they would do all they can to make sure >> such a thing never see the light of day! >> >> But wouldn't this be nice if it would -- WBR, Vadim Zhukov
Re: openBSD 5.2 amd64 on lenovo x201s, part 2 apm support and overheating
2013/1/29 Andriy Samsonyuk : > Hi, > > is apm/apmd the only wat to change the fan speen? > > The fan speen never goes above: > hw.sensors.acpithinkpad0.fan0=4527 RPM > +- few RPMs > > if i set apmd -C or -A the laptop powers off after a while > without any warnings. > > with apm -L or -H its running, but getting hotter. > > Any suggestions/ideas? David Coppa already sent you a patch but probably I should clarify some things more. Many modern ThinkPad allow to either delegate management of fan speed to BIOS or to set it manually. OpenBSD point of view is that manual setting fans from userland is a BAD idea. So what's the patch mentioned does is taking management from BIOS to OS. BIOS does a good thing at managing fan speed until it gets too hot. But when overheating happens, there are two complimentary ways to handle the situation: a) raise the fan speed; b) lower CPU speed. (a) is what OpenBSD with the patch mentioned starts to do. The fan is put in so called "disengaged" mode, fan goes to 6000+ RPM and became spinning as if it's trying to make your laptop flying. This probably could damage the fan, but mine is still there for about two years. The same functionality exists in the Linux kernel but the code is (was? Didn't check for a year) disabled; I've actually picked up register addresses from there. (b) is what Windows does. Your videoplayer will start dropping frames but it'll be more or less quiet around. Probably some overheating logic could be added to apmd(8), but this daemon already wants too many options and thus probably needs refactoring. Or there could be some default scripts for sensorsd(8) written... -- WBR, Vadim Zhukov
Re: How do I compile 32-bit binaries on amd64 OpenBSD?
22.01.2013 16:32 полÑзоваÑÐµÐ»Ñ "Salil Wadnerkar" напиÑал: > > Thanks Peter. I found that many autotools packaged programs out there > expect newer gcc environments. > So, when I run > ./configure > make > make install > most of the time, make fails because the system gcc toolchain is old. > I tried using a newer toolchain by setting the environment variables: > export CC=egcc > export CPP=egcc-cpp > export MAKE=gmake > But, libtool is picked up from the /usr/bin instead of /usr/local/bin. > > Can somebody guide me about how I can use the sandboxed gcc environment to > build programs? Probably it's easier to create ports, then Ports framework will care about most problems you're fighting now, including libtool. Take a look at http://www.openbsd.org/porting.html , especially checklist and GNU specifics sections. > On Tue, Jan 22, 2013 at 5:43 PM, Peter Hessler wrote: > > > On 2013 Jan 22 (Tue) at 17:37:18 +0800 (+0800), Salil Wadnerkar wrote: > > :Hi, > > : > > :Some programs like smlnj, which is SML by New Jersey, support only 32-bit > > :binaries. On Linux distros, I can use gcc multilib support. How do I do > > :that in OpenBSD? > > > > OpenBSD does not support multilib, and has no intention to. > > > > Fix the code so it works on 64bit systems. > > > > -- > > The National Short-Sleeved Shirt Association says: > > Support your right to bare arms!
Re: named not answer on external query
17.01.2013 12:31 полÑзоваÑÐµÐ»Ñ "lilit-aibolit" напиÑал: > > This is weird trouble. Years ago I did authoritative server on openbsd 4.x and it's just works > for both - local network and queries from Internet. > But now it doesn't. I know - this is my issue, please help to resolve. > ###named.conf### > // $OpenBSD: named-simple.conf,v 1.10 2009/11/02 21:12:56 jakob Exp $ > acl tlk { > 192.168.5.0/24; > 192.168.55.0/24; > 192.168.66.0/24; > 192.168.99.0/24; > 127.0.0.1; }; > options { > version "";// remove this to allow version queries > listen-on { 127.0.0.1; 192.168.5.254; 192.168.55.254; ext_if; }; > listen-on-v6 { none; }; > allow-transfer { none; }; > empty-zones-enable yes; > //forward first; > forwarders { provider's dns; }; > allow-recursion { tlk; }; > allow-query { any; }; > }; > view "allow-recursion" { > match-clients { tlk; }; > //recursion yes; > > zone "." { > type hint; > file "etc/root.hint"; }; > > zone "localhost" { > type master; > file "standard/localhost"; > //allow-transfer { localhost; }; > }; > > zone "127.in-addr.arpa" { > type master; > file "standard/loopback"; > //allow-transfer { localhost; }; > }; > > zone "zone.1" { > type master; > file "/master/zone.1"; }; > > zone "zone.2" { > type master; > file "/master/zone.3"; }; > > zone "zone.4" { > type master; > file "/master/zone.4"; }; > > zone "168.192.in-addr.arpa" { > type master; > file "/master/168.192.in-addr.arpa"; }; > > include "/master/forbidden.conf"; > }; > > view "deny-recursion" { > recursion no; > additional-from-cache no; > additional-from-auth no; > zone "zone.5" { > type master; > file "/master/zone.5"; }; > }; > > key "rndc-key" { > algorithm hmac-md5; > secret "**"; > }; > > controls { > inet 127.0.0.1 port 953 > allow { 127.0.0.1; } keys { "rndc-key"; }; > }; > > logging { > channel security_channel { > # Send log messages to the specified file > file"log/security.log"; > # Log all messages > severitydebug; > # Log the date and time of the message > print-time yes; > # Log the category of the message > print-category yes; > # Log the severity level of the message > print-severity yes; > }; > > channel default { > # Send logs to the 'local0' syslog facility > syslog local0; > # Log messages of severity 'info' or higher > severityinfo; > print-category yes; > print-severity yes; > }; > > # Logs about approval and denial of requests > category security { > security_channel; > default; > }; > > # Ignore logs about misconfigured remote servers > category lame-servers { null; }; > > # Default logging options > category default { default; }; > }; > > ###zone.5### > ; $OpenBSD: db.localhost,v 1.2 2005/02/07 06:08:10 david Exp $ > $ORIGIN zone.5. > $TTL 24h > @INSOAns1.zone.5. admin.zone.com. ( > 10; serial > 1h; refresh > 30m; retry > 7d; expiration > 1h ); minimum > NSns1.zone.5. > NSns2.zone.5. > @INAright.IP > wwwINAright.IP > ns1INAright.IP > ns2INAright.IP2 > > > ###pf.conf related rules### > pass in on $ext_if inet proto { tcp, udp } from any to em1 port domain > pass in on $int_if inet proto { udp, tcp } from to $int_if port { ntp, domain } > pass out on $ext_if inet proto udp from em1 to any > > I see a numbers of external queries to my server, but don't see the answers: > # tcpdump -i em1 -p udp 'port domain' > 09:28:23.152111 smtp.eurocom.su.19716 > my.server.domain: 59597 [1au] A? www.zone.5. (45) > 09:28:24.136607 idbh.ru.47793 > my.server.domain: 26171% [1au] A? www.zone.5. (45) > 09:28:26.942971 smtp.eurocom.su.44341 > my.server.domain: 615 A? www.zone.5. (34) > 09:28:27.191067 smtp.eurocom.su.17302 > my.server.domain: 42979 [1au] A? www.zone.5. (45) > 09:28:29.417383 smtp.eurocom.su.34958 > my.server.domain: 53565 A? www.zone.5. (34) > 09:28:29.737934 idbh.ru.45564 > my.server.domain: 27837 A? www.zone.5. (34) > > From local net: > user@pc.local:~$ nslookup > > zone.5 > Server: 192.168.5.254 > Address:192.168.5.254#53 > Non-authoritative answer: > Name: zone.5 > Address: right.IP > # tcpdump -i em0 -p udp 'port domain' > 10:00:41.702484 pc.local.46571 > my.server.domain: 50830+ A? zone.5. (30) > 10:00:41.702625 my.server.domain > pc.local.46571: 50830 1/2/0 A right.IP (82) > At first, find where the flow gets stopped: enable debug logging on resolver and add "match log (matches) to port 53" rule as first one in your firewall. Then probably you'll see the problem yourself. Oh, and please, if you get "no packe
Re: Unused swap
2013/1/12 Christian Weisgerber : > Constantine A. Murenin wrote: > >> plus, last i checked, firefox was not even 64-bit friendly anyways > > Bullshit. Well, not FireFox but JavaScript JIT, IIRC. http://www.openbsd.org/papers/slackathon2011_64bitandjit/index.html -- WBR, Vadim Zhukov
Re: Can't use PerlMagick
24.11.2012 5:11 полÑзоваÑÐµÐ»Ñ "Dmitrij D. Czarkoff" напиÑал: > > Hello! > > I'm running into a weird problem with PerlMagick: > > $ perl -e 'use Image::Magick' > Can't load '/usr/local/libdata/perl5/site_perl/amd64-openbsd/auto/Image/Magick/Magick.so ' for module Image::Magick: Cannot load specified object at /usr/libdata/perl5/amd64-openbsd/5.12.2/DynaLoader.pm line 200. > at -e line 1 > Compilation failed in require at -e line 1. > BEGIN failed--compilation aborted at -e line 1. > &Image::Magick::constant not defined. The required ImageMagick libraries are not installed or not installed properly. > END failed--call queue aborted at -e line 1. > > Am I missing something obvious? Is there anything I can do about it? > > OpenBSD -current amd64 (latest snapshot), PerlMagick from > ImageMagick-6.7.7.7p2 package. > > Thanks in advance. LD_PRELOAD for pthread library? OpenBSD Perl isn't threaded. This should be mentioned in pkg-readme...
Four "no"
Just look at this beautiful name for command-line parameter: -Wno-non-virtual-dtor Again, step by step: Warnings No Non Virtual De- structor "No", "Non", "Virtual" and "De-". Four times "no". Excellent example of brilliant software (all of the lang, compiler and piece of shit being built) design, isn't it? :) -- WBR, Vadim Zhukov
Stable releases: KDE-way
It's too bad - I'm OpenBSD user. It's too bad - I understand some words literally. Say, the word "stable". Using OpenBSD I've got accustomed to understand it as... you know, stable. And not as, say: "let's tweak some system headers in OPENBSD_5_0 branch because ANSI published new standard". And, of course, KDE got it right: adding "-fno-exceptions" by default for each and every KDE project is a nice idea, isn't it? It's so cool to force packagers to patch CMakeLists.txt files here and there in stable release (between 4.9.0 and 4.9.2). IMHO, OpenBSD should go this way too. It's so funny. And the coding should be fun, shouldn't it? ... back to WIP ports tree... -- WBR, Vadim Zhukov
Re: pf: multiple reply-to rules; could it be done more simple?
03.08.2012 17:15 полÑзоваÑÐµÐ»Ñ "Dr.-Ing. Torsten Finke" < torsten.fi...@igh-essen.com> напиÑал: > > Dear List, > > my network is connected to the internet by three different DSL > connections. At connection my ISP provides always the same IP addresses, so > that they are effectively configured with a fix IP address each. These > connections are managed by my external firewall. > > Outbound traffic is load balanced via round robin on the three mpath default > routes. > > Since I run several services on my system (e.g. openvpn, which is actually > served by my internal firewall), I have to ensure, that inbound traffic will > be returned to exactly that connection the request came from. This is done by > the following pf rules (openvpn handling as an example among others): > > #--- > ext_if0 = "tun0" > ext_if1 = "tun1" > ext_if2 = "tun2" > int_fw = # my internal firewall's address > ... > > pass in quick on $ext_if0 proto udp from any to any port 1194 \ > rdr-to $int_fw port 1194 reply-to ( $ext_if0 $ext_if0:peer ) > pass in quick on $ext_if1 proto udp from any to any port 1194 \ > rdr-to $int_fw port 1194 reply-to ( $ext_if1 $ext_if1:peer ) > pass in quick on $ext_if2 proto udp from any to any port 1194 \ > rdr-to $int_fw port 1194 reply-to ( $ext_if2 $ext_if2:peer ) > #--- > > May there be any trick that avoids this rule definition for each connection? I > am trying to get the rules more simple and also looking for a rule, that is > independent of the actual connection state (if one of the connections is > broken, pfctl complains about an unreacheable peer of course). > > Has anyone tried somthing like this using pf anchors? I had a patch adding support for routing options to "match" rules, but it lacked pfsync support. If you're interested, I can try to update it and send (or you can avoid waiting and search tech@ archives yourself). AFAIK, previous version still works at the place I've quit a year ago.
Re: man page contents [was: Re: C******.org]
Am I right you need ASCII-like output without extra formatting (e.g., terminal escape codes)? Something like: "xyz utility does the following: blah-blah. The options are as follows: -h to make you happy. -k to kill your ex-girl's kitten. -v to make sure everyone know what are you doing. See also manual page for cat in section one, manual page for kill in section one and for wall in section one." This could be accomplished by new backbend for mandoc, as I can understand. Other easy would be to teach your screen reader to mdoc(7) and man(7) formats. This will do it best as you'll have hyperlinks and other stuff the way you want. ... And for now going with MANPAGER and /etc/man.conf will be your best option, I think. 27.07.2012 4:33 полÑзоваÑÐµÐ»Ñ "Eric Oyen" напиÑал: > man, > the format of that page is ugly to listen to. lots of back slashes. I > noticed > there didn't appear to be any line/returns in there (and that is > something my > screen reader doesn't make clear either). > > I will have to find an online version of the man page mentioned below. > > -eric > > On Jul 26, 2012, at 11:24 AM, Weldon Goree wrote: > > > On Thu, 2012-07-26 at 10:54 -0700, Eric Oyen wrote: > >> well, I am wondering what packages I can use to edit man pages. > > > > The pages themselves are marked-up text; just use a text editor. Note > > that OpenBSD doesn't use groff anymore to render them. Look at > > mandoc(1) > > mdoc(7) (the suggested format) > > man(7) (the legacy format; you may run across it in older pages you're > > editing) > > > > As an example, here's mdoc(7) in its text format, via cvsweb: > > > > > > http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man7/mdoc.7?rev=1.93;cont > ent-type=text%2Fplain > > > > That's what you would be editing. > > > > Weldon > > > > Weldon
Re: multiple instances of ftp-proxy ?
2012/6/12 Илья Шипицин : > Hello! > > is anybody running multiple instances of ftp-proxy in reverse mode? > I'd afraid of anchor "ftp-proxy/*", ftp-proxy doesn't allow to specify > anchor, also, many instances of ftp-proxy can break each others anchors. No, they will not, see prepare_commit() in /usr/src/usr.sbin/ftp-proxy/filter.c: snprintf(an, PF_ANCHOR_NAME_SIZE, "%s/%d.%d", FTP_PROXY_ANCHOR, getpid(), id); > can somebody provide me with example of multiple ftp-proxies ? I've done it simple. In /etc/rc.local: if [ X"${ftpproxy2_flags}" != X"NO" ]; then echo -n ' ftp-proxy2'; /usr/sbin/ftp-proxy ${ftpproxy2_flags} fi In /etc/rc.conf.local: ftpproxy2_flags="-p 8022 -R 172.27.4.2 -v" That's all.
Re: n00b questions -- keyboard messed up
On 24 QNWARQ 2012 G. 10:07:24 Amit Kulkarni wrote: > On Tue, Jan 24, 2012 at 2:07 AM, David Coppa wrote: > > On Tue, Jan 24, 2012 at 9:01 AM, Marc Espie wrote: > >> On Tue, Jan 24, 2012 at 01:33:01AM +0100, Ariane van der Steldt wrote: > >>> KDE also had a browser (konqueror). I don't know if KDE4 still > >>> provides it. Konqueror, as shipped in KDE3, is pretty dated and > >>> will probably not handle many sites, so won't display facebook or > >>> twitter (which may considered a feature). > >> > >> Yes, there's still a konqueror in kde4, but it should be > >> considerably > >> improved. Consider that qt4 integrates webkit, for a start. > > > > By default, it still uses KHTML. You can switch it to WebKit by > > installing kwebkitpart and changing the service preference order > > using > > "keditfiletype text/html". > > I do believe that Vadim has the new KDE porting at > http://github.com/jasperla/openbsd-wip use webkit as the rendering > engine It uses (used to when I was tweaking it in 4.7, will recheck for 4.8) Webkit by default in new installations, existing configurations should manually set Webkit as preferred engine. -- WBR, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Using TrinityDesktop to replace KDE3
02.11.2011 19:13, Dmitrij D. Czarkoff P?P8QP5Q: > On Wed, 2011-11-02 at 17:47 +0400, Vadim Zhukov wrote: >> The point is that we'll be able to run KDE 3 (okay, Trinity) and KDE 4 >> apps at the same time. > > Why would anyone need that? At least me. :) In that use case you can, e.g., carefully move your profile to KDE 4 while still working with old apps. You may check that specific functionality you need/use still exists in KDE 4 without disturbing your workflow. Etc. >> And not fiddle in terminal with updating all the configs at the same time. > > So You prefer continuous fiddling with configs instead of using > "configure once" approach? When your KDE profile is large enough and heavily customized, it becomes a problem. >>> I believe it will halt even before the complete OpenBSD port will be >> finished. >> >> Well, many people say that "OpenBSD will die soon" too. :) And keep >> saying it for many years... > > I think this example is a way closer: http://rus-os.narod.ru/ OMG : -- WBR, Vadim Zhukov
Re: Using TrinityDesktop to replace KDE3
02.11.2011 16:25, Dmitrij D. Czarkoff P?P8QP5Q: On Wed, 2011-11-02 at 06:49 -0500, Amit Kulkarni wrote: On Tue, Nov 1, 2011 at 5:31 PM, Vadim Zhukov wrote: My crazy idea is to port Trinity (those guys migrate to using Qt4 and CMake, which is cool, and to UDev, which is not) and make it replace KDE 3 (which is dead upstream anyway). After this migration to KDE 4 will be seamless (and those who want "KDE 3 enchanced" could have it too :) ). It seems to me that they deliberately changed the API (renamed every lib function for K* to T*) not to interfere with KDE4. If I get it right, that effectively means that neither KDE3 nor KDE4 apps can't be linked with Trinity libs. So, Trinity does not affect migration to KDE4. The point is that we'll be able to run KDE 3 (okay, Trinity) and KDE 4 apps at the same time. And not fiddle in terminal with updating all the configs at the same time. Don't care about libraries: you run apps, not libs. :) BTW, I don't really get the idea of Trinity. KDE4 feature-wise is a superset of KDE3, and as such it can be tuned to mimic KDE3 fairly closely. > That said, KDE4 is far ahead of where KDE3 is. Many former KDE3 apps advanced, and this gap will only get larger as time goes. KDE3 is fairly big, so porting it to Qt4 will take long. Personally I don't care about their goals. They may want ever to dominate over the world, but that's out of the question. :) The question is "could this project help to migrate from KDE 3 to KDE 4". We have Qt4 in ports, so I don't see any problems _for_us_ here. Qt3? Okay. Qt4? Fine. Main problem I see currently is the process of moving Trinity to using UDev and NetworkManager. We already have all other bits they want, don't we? That means that Trinity isn't going to have a sufficient user base, and as far as it has fairly limited development resources, I doubt that it will ever get to major release. They just did the third release, so the project is at least alive. > I believe it will halt even before the complete OpenBSD port will be finished. Well, many people say that "OpenBSD will die soon" too. :) And keep saying it for many years... Current KDE 4 effort took about 1,5 months of work ATM. Yes, a lot of work was done before by Marc Espie, Remi Pointel, FreeBSD and NetBSD KDE teams and others I'm not aware of. But until there are any real stoppers, porting Trinity looks real enough. -- WBR, Vadim Zhukov
Re: Using TrinityDesktop to replace KDE3
02.11.2011 15:49, Amit Kulkarni P?P8QP5Q: On Tue, Nov 1, 2011 at 5:31 PM, Vadim Zhukov wrote: Hello all. Someone of you could already know this, but me was just notified: there exists Trinity Desktop - http://www.trinitydesktop.org/ - that aims to keep KDE 3 platform alive. One of the goals they pursue is co-existing with KDE 4. My crazy idea is to port Trinity (those guys migrate to using Qt4 and CMake, which is cool, and to UDev, which is not) and make it replace KDE 3 (which is dead upstream anyway). After this migration to KDE 4 will be seamless (and those who want "KDE 3 enchanced" could have it too :) ). Is anyone interested? -- WBR, Vadim Zhukov moving this to the misc@ list to get a gauge on people's opinions. Are there many users of KDE on OpenBSD? I thought OpenBSD is mostly GNOME :-) This new fork would be too much work :( Idea is very good, but GNOME in OpenBSD is moving completely to 3.X, why keep a fork of old KDE or old KDE? I agree that there are problems with new KDE but they would be solved in future versions. Opinions? The idea is that migrating from KDE 3 to Trinity will allow to migrate to KDE 4 seamlessly later. At the present time (even when we'll have KDE 4 packages being built officially) you cannot install KDE 3 and KDE 4 together. I suspect that Trinity will be less pain than patching KDE 4 (and KDE 3) to work together. So if anyone has been used Trinity (on any OS), it'll be useful to hear your opinions. -- WBR, Vadim Zhukov
KDE 4 porting mailing group
(same mail as was just sent to ports@) Hello all. I've just set up a mailing group at Google: openbsd-...@googlegroups.com AKA https://groups.google.com/forum/#!forum/openbsd-kde The page at HTTP link above contains quick start guide for newbies. If you have any questions or problems that you don't want to express on ports@ list, welcome. You're also welcome with any ideas how to fix current items in KDE TODO lists: https://github.com/jasperla/openbsd-wip/blob/master/x11/kde4/TODO and some more lists are scattered in ports subdirectories. Most valuable ones will be solutions for migrating from and/or co-existing with KDE 4, but any other useful ideas are welcome too. Patches are welcome even more, of course. :) The group is fully open, so you don't need to register in Google. -- WBR, Vadim Zhukov
Re: EAP-TLS WPA support
20.10.2011 22:44, Alexey Suslikov P?P8QP5Q: Another one http://thread.gmane.org/gmane.os.openbsd.misc/180057/focus=180749 Thanks, but as far as I can understand, they all are about wired networking. And in one of these threads, it's even mentioned that OpenBSD 802.11 stack needs adjustments as well, for using EAP. :( On Thu, Oct 20, 2011 at 21:32, Alexey Suslikov wrote: How about resurrecting this diff? http://thread.gmane.org/gmane.os.openbsd.ports/39927 On Thu, Oct 20, 2011 at 15:58, Martin Pelikan wrote: 2011/10/20 Alexey E. Suslikov: Vadim Zhukov gmail.com> writes: http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=en Well, that rc.conf option seems FreeBSD. AFAIK, OpenBSD doesn't support "enterprise WPA". You can try implementing it yourself. The last PDF I saw had about 1000 pages and basically was describing how to interconnect WPA, EAPOL (802.1x) and 802.11 state machines, and then implement like 42 different authentication mechanisms on top of that. Many people have asked that question and nobody seems to have the time to write the code and test it against different RADIUS servers. Good luck with that. FYI: porting current wpa_supplicant or writing new implementation (into iked?) to me seemed like the same effort, since the protocol suite is pretty complicated. But I gave it just a quick look (and moved to more important things to do). -- WBR, Vadim Zhukov
EAP-TLS WPA support
Hello all. I've just changed my job, and here I'm forced to use 802.11X for (any) network access. Our ifconfig allows only (WPA|WPA2)-PSK, and wpa_supplicant from ports doesn't support our 802.11 stack. Are there any options other than implementing OpenBSD 802.11 stack support in wpa_supplicant? Thanks in advance. -- WBR, Vadim Zhukov
Re: KDE 4 on OpenBSD
20.10.2011 13:20, Paolo Aglialoro P?P8QP5Q: Thanks for all the answers :) ...and sposibo to Vadim and Amit for all the great work! For Vadim: if I understand well about the hal dilemma, hotplugd would at least mount USB devices, so things like phonon would be out Actually, Phonon rely on something else: GStreamer, VLC... At the present, only VLC plugin works fine. KDE relies on UDev here and there, didn't even count all the places yet. > and audio/video be controlled as usual by OpenBSD standard facilities? Which one would be the level of integration with native apps like kmix? KMix is not usable now, need to meet it with sndio. Dragon needs love too: crashes, bugs etc. Other multimedia parts worked fine for me. > Would recent intel-based video chipsets work accelerated (i.e. composting) or not? As far as I recall, it worked for me. When 5.0 comes out, I could gladly test it on sparc64, You'll need -CURRENT for testing anyway, too many KDE-related changes since release: CMake 2.8.6, Raptor2, wscanf(3), removal of JDK <= 1.5, Qt 4 updates... SPARC tests would be great! :) > even though the best sparc64 machine I have with a graphic card is a Blade 150 with 1GB ram. Would it be enough? It's an UltraSPARC IIi 650MHz, would it take ages to compile or what? Right now the lowest platform I had KDE4 running is a Pentium3-M 1.133MHz under debian, but that one just sports canned-out packages, never compiled a row. Maybe I could borrow a V240 dual 1,5MHz 8GB ram from a friend, but dunno which graphic card would fit there without hassles (I've read a recent post on sparc@ about the "would be" video-card compatibility list for OpenBSD which turned out to be too "optimistic" when effectively tried out...). Thanks Paolo On Wed, Oct 19, 2011 at 6:00 PM, Amit Kulkarni wrote: Is there some forecast (even rough like, say, 6mth, 2yrs, etc.) about future availability? Btw, since 4.6 kde abandoned hal, how does this fit with OpenBSD? Thanks We can get it in the main tree when there are testers who are willing to devote their time and give feedback. On October 10th Vadim posted a patch to ports@ on which can be tested on other architectures: sparc/sparc64/loongson etc.. wherever KDE claims to have support. KDE might support only a few, we don't know. We need to find out which arches work in our tree for KDE 4.7.2. Remi Pointel worked on this initially, now Vadim is working on KDE 4.7.2 and if we get testers we will be hopefully be able to get this effort in. Without testers and feedback nothing goes in the main tree!!! Like Vadim said, please start testing next week, when he can get some time to polish up some stuff. If you need help look at the porting FAQ, man ports, man bsd.port.mk thanks in advance -- WBR, Vadim Zhukov
Re: KDE 4 on OpenBSD
19.10.2011 14:23, Paolo Aglialoro P?P8QP5Q: Is there some forecast (even rough like, say, 6mth, 2yrs, etc.) about future availability? At least I hope to get it more or less stable in November. KDE 4 requires (directly, but mostly indirectly) many updates and additions to existing packages. And there are a few problems remaining to be fixed, like co-existing KDE 3 and KDE 4 (if it ever possible) or seamless upgrade. Btw, since 4.6 kde abandoned hal, how does this fit with OpenBSD? I think that needed UDev functionality could be mostly emulated using hotplugd(8), but do not hold your breath, I don't know of any projects started. Currently hardware-related features in KDE 4 are (almost) disabled. You can join to testing process (I recommend doing this after end of this week), see README.md at https://github.com/jasperla/openbsd-wip/ . On Wed, Oct 19, 2011 at 8:38 AM, Antoine Jacoutotwrote: On Wed, 19 Oct 2011, Alvaro Mantilla Gimenez wrote: Hi, Is anybody using KDE 4 on OpenBSD? This port has been marked as broken for a while. Which is the real status of this port? It's being worked on at https://github.com/jasperla/openbsd-wip/tree/master/x11/kde4 -- Antoine -- WBR, Vadim Zhukov
Re: Thanks a lot to all devs of OpenBSD
On Sunday 28 August 2011 19:50:51 Marc Espie wrote: > On Sun, Aug 28, 2011 at 05:00:46PM +0200, Tomas Bodzar wrote: > > (and main link which caused that > > http://lists.freebsd.org/pipermail/freebsd-arch/2011-August/011412.h > >tml) > > This link makes me a little sad. I don't quite get why that guy > mentions that FreeBSD ports has problems, but then mentions only the > netbsd work, and blatantly ignores our tools, even though they solve > most of the problems he has... This man thinks that OpenBSD will die sooner or later. I've already had many talks with him... He is an expirienced man, though. Regarding pkgsrc he thinks that its infrastructure will be easier to integrate because it was already ported to many platforms. Even more, it is the default ports/packages infrastructure in DragonFly, which is closer to FreeBSD than to OpenBSD; therefore, it should be easier to adapt. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: httpd virtualhost ip
On 12 June 2011 c. 13:01:39 Bambero wrote: > Hello > > I have many IP and IP based virtualhost configured. > > My hostname.em0 looks like this: > inet 123.456.789.66 255.255.255.224 > inet alias 123.456.789.67 255.255.255.224 > inet alias 123.456.789.68 255.255.255.224 > inet alias 123.456.789.70 255.255.255.224 > inet alias 123.456.789.71 255.255.255.224 > ... BTW, shouldn't it be like below? inet 123.456.789.66 255.255.255.224 inet alias 123.456.789.67 255.255.255.255 inet alias 123.456.789.68 255.255.255.255 inet alias 123.456.789.70 255.255.255.255 inet alias 123.456.789.71 255.255.255.255 And for specifying the connection, you can use cURL PHP extension, for example, see CURLOPT_INTERFACE option in PHP manual. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Thinkpad x201 OBSD compatibility
On 12 February 2011 c. 05:13:33 Ted Unangst wrote: > On Fri, Feb 11, 2011 at 5:05 PM, Vadim Zhukov wrote: > > - NTFS causes problems exhausting kernel memory when, for example, > > running find(1) on Windows folder. > > can you run find in a smaller folder a few times, and send the output > of vmstat -m | grep -i ntfs? After running find on /win/Users/pers/Documents: packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM USB, memdesc, temp, NTFS vrun, DRM USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM NTFS mount, NTFS attr, NTFS data, DRM UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM VM swap, UVM amap, temp, NTFS mount, DRM USB, memdesc, temp, NTFS dir, DRM UVM amap, temp, NTFS hash, DRM 131072 devbuf, VM swap, NTFS data NTFS mount 2 3K 3K 39322K20 0 512,2048 NTFS node 11014K 26K 39322K 4880 0 128 NTFS fnode 11014K 26K 39322K 4880 0 128 NTFS dir 105 420K420K 39322K 1220 0 4096 NTFS hash 116K 16K 39322K10 0 16384 NTFS attr 495 248K296K 39322K 12100 0 512 NTFS data 453 193K194K 39322K 10290 0 16,64,128,256,512,1024,131072 NTFS vrun86 2K 4K 39322K 3640 0 16,32,64,128 After this find ran on /win/Users/pers: packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM USB, memdesc, temp, NTFS vrun, DRM USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM NTFS mount, NTFS attr, NTFS data, DRM UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM VM swap, UVM amap, temp, NTFS mount, DRM USB, memdesc, temp, NTFS dir, DRM UVM amap, temp, NTFS hash, DRM 131072 devbuf, VM swap, NTFS data NTFS mount 2 3K 3K 39322K20 0 512,2048 NTFS node 1343 168K168K 39322K 17210 0 128 NTFS fnode 1343 168K168K 39322K 17210 0 128 NTFS dir 1339 5356K 5356K 39322K 13560 0 4096 NTFS hash 116K 16K 39322K10 0 16384 NTFS attr 5368 2684K 2684K 39322K 60830 0 512 NTFS data 5084 913K913K 39322K 56600 0 16,64,128,256,512,1024,131072 NTFS vrun 57012K 12K 39322K 8480 0 16,32,64,128 And after running on /win/Users: packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM USB, memdesc, temp, NTFS vrun, DRM USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM NTFS mount, NTFS attr, NTFS data, DRM UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM VM swap, UVM amap, temp, NTFS mount, DRM USB, memdesc, temp, NTFS dir, DRM UVM amap, temp, NTFS hash, DRM 131072 devbuf, VM swap, NTFS data NTFS mount 2 3K 3K 39322K20 0 512,2048 NTFS node 1552 194K194K 39322K 19300 0 128 NTFS fnode 1552 194K194K 39322K 19300 0 128 NTFS dir 1549 6196K 6196K 39322K 15660 0 4096 NTFS hash 116K 16K 39322K10 0 16384 NTFS attr 6272 3136K 3136K 39322K 69870 0 512 NTFS data 5952 1039K 1039K 39322K 65280 0 16,64,128,256,512,1024,131072 NTFS vrun 64213K 13K 39322K 9200 0 16,32,64,128 If I rerun find on previously searched folder it ends it work almost immediately - caching? - and there is no difference in vmstat output. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Thinkpad x201 OBSD compatibility
On 11 February 2011 P3. 23:26:33 Chris wrote: > I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and > wondering if anyone using it with OpenBSD at the moment. If so, is it > 100% OpenBSD compatible? Using X201i now. Almost all is working OK. Here are all problems I saw: - Bluetooth causes panics sometimes, especially after suspend/resume cycle. Do not try to disable radio while in OpenBSD. Also note that Bluetooth chip here does not allow to save even one key in his memory, but this looks like hardware limitation. - After switching away from X console is blank, but suspend/resume usually helps. - Note that Lenovo changed the fingerprint sensor, which is not supported by login_fingerprint. - NTFS causes problems exhausting kernel memory when, for example, running find(1) on Windows folder. All those are minorities, the machine itself works cool. I had no problems using OpenBSD, including lockups, except noted above. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: sys.tar.gz in current
On 11 January 2011 c. 22:45:42 Orestes Leal R. wrote: > Hi, where can I get sys.tar.gz but for use in current? > It's the same sys.tar.gz as 4.8 release? > > I'm using 4.8 current and I want to tweak the max file descriptors > but I do not found sys.tar.gz for current. > > "OpenBSD 4.8-current (GENERIC) #614: Mon Jan 10 00:15:18 MST 2011" Just do cvs up from 4.8-RELEASE sys.tar.gz. It's ever not as painful as reading FAQ, especially http://www.openbsd.org/faq/current.html . Trust me. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: wd0 read timeouts - how to proceed?
2010/12/24 Joachim Schipper : > something like 'tar cpf - | tar xpf -' is more likely to get you a > somewhat consistent view. POSIX pax(1) with -rw options should work slightly faster (and it's already faster to type ;) ). -- WBR, Vadim Zhukov
Re: error when compile the kernel
On 1 November 2010 c. 15:36:35 OpenBSD Geek wrote: > I have this error : rm -f eddep *bsd *bsd.gdb tags *.[io] [a-z]*.s > [Ee]rrs linterrs assym.h > > I don't understand why it doesn't work. If > someone can help me. thanks And where's the error? A normal output for "make clean" looks like exactly this. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: (mailx) How can I alter "From" header
On 26 October 2010 c. 00:22:47 Jan Stary wrote: > On Oct 25 14:32:52, Chris Bennett wrote: > > Perhaps you could change /etc/myname to gmail.com? > > Or maybe change /etc/mygate to something faster! Yeah, try 127.0.0.1. Fast as it only can be... -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: found file "bsd" corrupt via Filezilla client.
On 24 August 2010 c. 07:10:48 f5b wrote: > - > http://trac.filezilla-project.org/ticket/5545 > > Description > -- > Filezilla client 3.3.3~3.3.4.1 installed in Windows 2003/7 or Mac OX > 10.6 > > Using Filezilla client download all files from > ftp://ftp.openbsd.org/pub/OpenBSD/4.7/i386/ > when all files downloaded, check SHA256, found file "bsd" corrupt, > other files' checksum ok. > > same machine, using IE or Firefox download file "bsd" , checksum ok. > > > BTW-- > On Windows, file "pxeboot" downloaded through Filezilla Client corrupt > too. On Mac OX 10.6, file "pxeboot" downloaded through Filezilla > Client,checksum ok. Do you want to make OpenBSD developers fix br*$&n download tool for offtopic? -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: a minor correction to rc.conf comments
On 30 July 2010 c. 00:37:23 Kenneth R Westerback wrote: > On Thu, Jul 29, 2010 at 10:54:29AM -0700, Randal L. Schwartz wrote: > > >>>>> "Jason" == Jason McIntyre writes: > > > > Jason> fixed this and the syslogd_flags example above it, which had > > the same Jason> error. > > > > The style guide for a former employer of mine forbid these, > > requiring us to spell out "for example" and "that is". Even if you > > can get them right, it's not obvious that the reader would know them > > as well. > > > > > > -- > > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 > > 777 0095 > > http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix > > consulting, Technical writing, Comedy, etc. etc. See > > http://methodsandmessages.vox.com/ for Smalltalk and Seaside > > discussion > > You mean not everyone speaks enough latin to know the difference > between "exempli gratia" and "id est"? What is modern education > coming to. Well, here, in Russia, while English/German/French are more or less popular in the schools, Latin is being learned by specialists only (medicians, historians etc.) almost. And it's the way it is for about a century, if not more. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: os that rather uses the gpu?
On 14 July 2010 c. 00:54:03 Jiri B. wrote: > On Tue, 13 Jul 2010 22:46:13 +0200 > > Jozsi Avadkan wrote: > > Does someone know a distribution/operating system, that rather uses > > the GPU for "working", not the CPU? [by default] > > > > Or this solution is still in the "beginning part"? > > > > Thanks for any tips, link, suggestions. > > Why are you asking on OpenBSD mailing list? OMG. Well, OpenBSD focuses on portability... (just a joke). Looks like it is a day of mindblowing questions today... -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Secret key in the packet filter.
2010/7/13 jackwssp q : > Hello brothers and sisters, > > Who knows anything about the secret keys in the packet filter(pf), such as > way only for developers. > > Is it real in the open source, and how can I realize it in my own firewall > with open source? # echo 'secret="Follow the white rabbit"' >>/etc/pf.conf
Re: /boot broken on latest snapshot ?
2010/7/10, Josh Elsasser : > On 2010-07-09 14:01:41, Christopher Zimmermann wrote: >> On 07/09/10 14:19, Christopher Zimmermann wrote: >> > Hi, >> > >> > I just upgraded to the very latest snapshot(9.7. 1:50) on i386. Now my >> > system does not boot anymore. The only thing I get is: >> > >> > Using drive 0, partition 3. >> > Loading... >> > [cursor sits here] Same problem here. ThinkPad X60 Tablet, updated to a very fresh snapshot. Previous OS installation was pre-4.7. Booted installed kernel using USB stick (i.e. "set device hd1a", "boot") fine. dmesg and fdisk output as follows. Sorry for GMail mangling. :( -- WBR, Vadim Zhukov OpenBSD 4.7-current (GENERIC.MP) #186: Fri Jul 9 01:19:11 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM real mem = 1063677952 (1014MB) avail mem = 1036275712 (988MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/18/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (64 entries) bios0: vendor LENOVO version "7JET23WW (1.08 )" date 04/18/2007 bios0: LENOVO 636464G acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpihpet0 at acpi0: 14318179 Hz \\_SB_.PCI0 post-crs: 0 \\_SB_.PCI0 post-bbn: 0, 0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1 acpicpu1 at acpi0: C3, C2, C1 acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 97 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "93P5032" serial 362 type LION oem "SANYO" acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK not docked (0) bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 0xe/0x1! cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b1d06000613 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 (irq 11) drm0 at inteldrm0 "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: apic 1 int 17 (irq 11) azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog Devices AD1981HD audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20 (irq 11) pci1 at ppb0 bus 2 em0 at pci1 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 1 int 16 (irq 11), address 00:16:d3:39:d0:d7 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21 (irq 11) pci2 at ppb1 bus 3 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: apic 1 int 17 (irq 11), MoW2, address 00:1c:bf:02:4e:55 ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int 22 (irq 11) pci3 at ppb2 bus 4 ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int 23 (irq 11) pci4 at ppb3 bus 12 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16 (irq 11) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17 (irq 11) uhci2 at pci0 dev 29 function
Re: Set dhcp from command line?
2010/7/8 Chet Langin : > I would like to set DHCP for an interface > from the command line. B I have tried... > > # ifconfig re0 dhcp > > ..and I get this error... > > ifconfig: B dhcp: B bad value > > Using version 4.5. > > Can anyone tell me how to do this? $ man -k dhcp | head -1 dhclient (8) - Dynamic Host Configuration Protocol (DHCP) Client $ -- WBR, Vadim Zhukov
Re: OpenBSD & OpenSSL Lib
2010/7/6 Keith : > We are trying to install URLfilterDB on OpenBSD 4.7 but while doing a > ./configure we keep getting. > > ./configure --with-bz2-lib=/usr/local/lib --with-ssl-lib=/usr/lib/ > > > checking for library containing pthread_create... -lpthread > checking for BZ2_bzBuffToBuffCompress in -lbz2... yes > checking for SSL_load_error_strings in -lssl... no > > ** The OpenSSL library is required for ufdbGuard to compile. > Install the openssl and openssl-devel packages from the installation > media, > or use the --with-ssl-lib option. > > Alternatively, get OpenSSL from http://www.openssl.org > Use --with-ssl=DIR or --with-ssl-lib=DIR to specify > its location. (default is /usr) > > > We have downloaded and installed OpenSSL and have tried various paths to the > ssl library but because we don't know what the files actually called we > don't know if we are setting it correctly. Does anyone know exactly what the > library would be called and where it should be or maby just give us a clue > as to how to find out. 1. It's better to read system guide (FAQ) _before_ starting using operating system, not _after_. This way you'll notice that OpenSSL comes with OpenBSD. Even more, "man SSL_load_error_strings" will give you some information. 2. Configure script is obviously wrong ("-pthread" should be used intead of "-lpthread", for example). Look in config.log for clues. -- WBR, Vadim Zhukov
Re: Silent boot?
2010/7/6 Ilya Ilembitov : > But what if my system couldn't actually boot? For that > kind of occasion, I need my whole dmesg to be stored at any given > point, so I could access it. How do I do that? And where do you want dmesg to be saved if system did not mount any filesystems? And if mounted, there is /var/run/dmesg.boot. I do not see the problem with chatty dmesg. Moreover, after looking in Linux ones I found OpenBSD boot logs rather compact and elegant. What the problem with ignoring it? And what problem do you want to solve implementing graphical bootup? -- WBR, Vadim Zhukov
Re: how to type non latin in xterm?; video stream to watch FIFA World Cup?
2010/6/9 Vadim Zhukov : > 2010/6/8 Sviatoslav Chagaev <0x1...@gmail.com>: >> Hi misc@ >> >> I want to be able to type non latin characters in xterm (Russian and >> Latvian). >> I sat down, read xterm manpage and tried playing with all the options >> which even remotely looked like they could influence something. >> But the only thing I managed to get working is xterm displaying UTF-8 >> correctly. >> >> Here's my ~/.Xdefaults: >> >> XTerm*loginShell: true >> XTerm*useClipping: false >> XTerm*geometry: 119x38 >> XTerm*termName: xterm-xfree86 >> XTerm*scrollBar: false >> XTerm*rightScrollBar: true >> XTerm*colorMode: true >> XTerm*colorBDMode: false >> XTerm*boldColors: true >> XTerm*boldMode: true >> XTerm*cutNewline: false >> XTerm*cutToBeginningOfLine: false >> XTerm*trimSelection: true >> XTerm*internalBorder: 2 >> XTerm*Font: -*-terminus-medium-*-*-*-14-*-*-*-*-*-iso10646-1 >> XTerm*Foreground: rgb:cc/cc/cc >> XTerm*Background: black >> XTerm*locale: false >> XTerm*utf8: 2 >> XTerm*deleteIsDEL: true >> XTerm*eightBitInput: true >> >> >> export LANG=en_US.UTF-8 >> export LC_CTYPE=en_US.UTF-8 >> export LC_NUMERIC=en_US.UTF-8 >> export LC_TIME=en_US.UTF-8 >> export LC_COLLATE=en_US.UTF-8 >> export LC_MONETARY=en_US.UTF-8 >> export LC_MESSAGES=en_US.UTF-8 >> export LC_PAPER=en_US.UTF-8 >> export LC_NAME=en_US.UTF-8 >> export LC_ADDRESS=en_US.UTF-8 >> export LC_TELEPHONE=en_US.UTF-8 >> export LC_MEASUREMENT=en_US.UTF-8 >> export LC_IDENTIFICATION=en_US.UTF-8 >> export LC_ALL=en_US.UTF-8 >> xterm >> >> Didn't help too. >> >> The annoying thing is that when I start vim in xterm, I *can* type in >> any language with no problem. >> >> export LANG=en_US.UTF-8 LC_ALL >> >> Is it possible to enable non latin input in xterm somehow? >> >> --- >> >> And while I'm here, do you know of any video stream of some channel or >> something which mplayer (or something from ports) could play and where >> they'll show FIFA World Cup? My TV receives badly, with a lot of noise, >> so I thought that maybe even an internet stream could be better, plus I >> want commentaries in English. > > See here: http://www.openbsd.ru/docs/howto-cyrillic.html#xterm > > Basically, you need: > 1. echo "set +o emacs-usemeta" >>~/.profile > 2. echo "XTerm*allowC1Printable: true" >>~/.Xdefaults I forgot that xterm doesn't start login shell by default, so ~/.profile will not be called. The easiest way to fix this will be: echo "XTerm*loginShell: true" >>~/.Xdefaults The only bad side effect is wtmp spam as xterm will log every time it starts. -- WBR, Vadim Zhukov