Re: amd64/SHA256.sig: 404 Not Found

2021-10-09 Thread Edgar Pettijohn



On 10/9/21 12:43 PM, franci...@posteo.de wrote:

Hi Folks,
just trying to sysupgrade as usual, but I get the 404 on amd/SHA256.sig
test with url from https://man.openbsd.org/installurl.5 doesn't improve
the situation.

# sysupgrade
Fetching from https://cdn.openbsd.org/pub/OpenBSD/7.1/amd64/
sysupgrade: Error retrieving
https://cdn.openbsd.org/pub/OpenBSD/7.1/amd64/SHA256.sig: 404 Not Found

Any help is appreciated, Thanks in advance!
francis



The current release is 6.9 so not sure why its looking for 7.1 unless 
you are from the future of course.




Re: USB-to-Serial

2021-10-03 Thread Edgar Pettijohn



On 10/3/21 10:07 AM, David Anthony wrote:

Hello,

I'm attempting to use cu to connect to an EdgeRouter PoE device. I am 
in the dialer group. I am running the following command in an Xterm 
window:


$ cu -l cuaU0 -s 115200

The following command appears to succeed, but (mostly) gibberish is 
returned to my terminal. I'm not sure if it's non-printable ASCII or 
I'm doing something seriously wrong. Official documentation on this 
device claims a baud rate of 115200. Any ideas?


I haven't used my edgerouter in awhile, but couldn't hurt to try some 
other rates. Maybe 9600 will do it.



Edgar



Re: How to use macros in acme-client.conf?

2021-07-26 Thread Edgar Pettijohn



On 7/26/21 5:20 AM, Omar Polo wrote:

Alexis  writes:


Stuart Henderson  writes:


In gmane.os.openbsd.misc, you wrote:

I'm trying to use macros in my acme-client.conf, but it seems I
cannot
get the syntax right. In addition to that, even when I try the
example
from the acme-client.conf(5):

api_url="https://acme-v02.api.letsencrypt.org/directory;
authority letsencrypt {
api url $api_url
account key "/etc/acme/letsencrypt-privkey.pem"
}

It fails with a syntax error:

$ ./acme-client -vvv -f ../test.conf
api_url = "https://acme-v02.api.letsencrypt.org/directory;
../test.conf:3: syntax error

Are spaces around the '=' permitted? i thought they weren't. The
example in acme-client.conf(5) man page certainly doesn't have them.

The parser.y used in acme-client (and other stuff in base) is quite
flexible w.r.t. spaces/tabs

 602 top:
 603 p = buf;
 604 while ((c = lgetc(0)) == ' ' || c == '\t')
 605 ; /* nothing */

In sh (and probably other languages) spaces around the equal sign aren't
permitted (well, the are valid but yields a different result).


Alexis.


Might be worth checking for non printable characters:

#!/usr/bin/env perl
#
# set tabstop=2
#
use common::sense;

my $file = shift or die "usage: $0 filename\n";

open my $fh, "<", $file or die "$!";

my $line_number = 1;
while (<$fh>) {
    my @chars = split //;
    for (@chars) {
        my $ord = ord $_;
        # skip newlines and tabs
        next if ($ord == 10 || $ord == 9);
        die "non printable character found: $line_number: $ord\n"
            if ($ord < 32 || $ord > 126);
    }
    $line_number++;
}

close $fh;

1;




Re: Who is responsible for ports.su? (admittedly a non-canon resource)

2021-06-13 Thread Edgar Pettijohn



On 6/13/21 4:18 PM, ropers wrote:

Sorry to disturb, but does anyone know how to contact whoever is
responsible for ports.su?
An email address would be great, though I'm not sure if it's okay to
post that on-list.  Perhaps it's okay to send that off-list?

Thank you,
Ian


edgar@edgar-ThinkPad-T420:~$ whois ports.su

domain:    PORTS.SU
descr: ports.
descr: Powered by BSD UNIX.
nserver:   d.ns.ports.su. 2001:470:7240::d
nserver:   ns2.he.net.
nserver:   ns2.linode.com.
nserver:   ns3.he.net.
nserver:   ns4.he.net.
nserver:   ns4.linode.com.
nserver:   ns5.he.net.
nserver:   ns5.linode.com.
state: REGISTERED, DELEGATED
person:    Private Person
e-mail:    mureni...@yandex.ru
registrar: DOMENUS-SU
created:   2013-02-24T23:33:23Z
paid-till: 2022-02-25T00:33:23Z
free-date: 2022-03-30
source:    TCI

Last updated on 2021-06-13T21:21:30Z



Re: Packages/libraries in disarray after sysupgrade

2021-05-13 Thread Edgar Pettijohn
On Thu, May 13, 2021 at 07:50:35PM -0500, Edgar Pettijohn wrote:
> On Thu, May 13, 2021 at 10:47:11PM +, tetrahe...@danwin1210.me wrote:
> > After upgrading 6.8->6.9 (stable, not current) using sysupgrade, I am
> > finding it not possible to install packages via pkg_add
> > 
> > When I try to install something, I get a series of errors like " > dependency library name>: bad major" or ": minor is too
> > small"
> > 
> > I am assuming I need to be installing new packages with `pkg_add -U` to
> > update the dependencies as needed. However, the manpage suggests this is not
> > desirable.
> > 
> > Is there a better way to do things?
> >
> 
> I just ran into this myself. I'm guessing the packages are built with a
> newer library. So I'm running sysupgrade again to see if they get
> installed. I'll repost if that indeed solves my issue.
> 
> edgar
>

Yep just completed a sysupgrade followed by pkg_add -u and i can now
install new packages without errors. Probably the same will work for
you.

edgar



Re: Packages/libraries in disarray after sysupgrade

2021-05-13 Thread Edgar Pettijohn
On Thu, May 13, 2021 at 10:47:11PM +, tetrahe...@danwin1210.me wrote:
> After upgrading 6.8->6.9 (stable, not current) using sysupgrade, I am
> finding it not possible to install packages via pkg_add
> 
> When I try to install something, I get a series of errors like " dependency library name>: bad major" or ": minor is too
> small"
> 
> I am assuming I need to be installing new packages with `pkg_add -U` to
> update the dependencies as needed. However, the manpage suggests this is not
> desirable.
> 
> Is there a better way to do things?
>

I just ran into this myself. I'm guessing the packages are built with a
newer library. So I'm running sysupgrade again to see if they get
installed. I'll repost if that indeed solves my issue.

edgar



Re: Not possible to sysupgrade via snapshots right now?

2021-05-11 Thread Edgar Pettijohn
On May 11, 2021 3:42 AM, Robert Klein  wrote:

  On Sun, 9 May 2021 07:47:32 -0700
  Scott Vanderbilt  wrote:

  > On 5/9/2021 4:04 AM, Stuart Henderson wrote:
  > > On 2021-05-08, Scott Vanderbilt  wrote: 
  > >> Apologies if this is a question to which there is an obvious
  > >> answer, but I could not find one in the sysupgrade man page, in
  > >> the FAQ, or by Googling.
  > >>
  > >> Is it not possible to do a sysupgrade from 6.9-current to latest
  > >> using snapshots at the moment? When I try, I get the following
  > >> response from sysupgrade: 
  > >
  > > This can only have happened if you were running a "6.9" kernel
  and
  > > not "6.9-current". You might still have the boot messages to
  > > confirm; zgrep OpenBSD /var/log/messages*
  > >  
  >
  > I can assure you with absolute certainty that this machine in
  > question was running 6.9-current prior to the attempt to run
  > sysupgrade.
  >

  maybe you had a snapshot claiming to be “release”.  This
  typically
  happened in the past a couple of days around the actual release.  If
  you look at the history of sys/conf/newvers.sh (e.g. at the github
  mirror, if CVS is too much effort for one file) you'll see 6.9 went
  out
  of beta on April, 4 and into current on April 18.  I'd guess
  snapshots
  made during this period all are marked “release”.

  Best regards
  Robert


This is similar to how pkg_* requires -Dsnap from time to time. I've just
trained myself to always use the flags so as not to let the software have
to decide for me.
Edgar 


Re: Documentation on OpenBSD's 3-process privsep model?

2021-03-31 Thread Edgar Pettijohn
On Mar 31, 2021 3:02 AM, Ottavio Caruso
 wrote:

  On 31/03/2021 04:46, Marc Espie wrote:
  > On Tue, Mar 23, 2021 at 09:41:06AM +, Ottavio Caruso wrote:
  >> On 23/03/2021 05:53, misopolemiac wrote:
  >>> I'd appreciate some pointers to documentation or minimal examples
  of
  >>> the 3-process privilege separation model for OpenBSD's daemons.
  >>> Internet searches pointed to skeleton examples at
  >>> github.com/krwesterback/newd and github.com/krwesterback/newdctl,
  but
  >>> those repos are now dead and it's unclear how authoritative they
  were
  >>> in the first place.
  >>>
  >>>
  >>
  >> Blind leading the blind here, but I think a good starting point
  would be
  >> recent presentations by Marc Espie, who, I believe but I might be
  wrong, is
  >> the developer who worked the most on privsep.
  >>
  >> http://www.openbsd.org/events.html
  >
  > Definitely not at all.
  >
  > I haven't worked the most on privsep, by far.
  >
  > and the examples I've worked on are highly specific and probably
  > not applicable to most of the base code.
  >
  >

  I was wrong then. My apologies. Still, it's worth giving a look at
  the
  events page. I have learnt a lot about OpenBSD going through all
  presentations and papers, despite understanding only 0.1% of the
  technical details.

  --
  Ottavio Caruso



I often use the source for identd as a template. It's a fairly simple
daemon. So it's easy to gut it and rework it to fit your needs.
Edgar 


Re: Auto-mounting removable disks

2021-03-22 Thread Edgar Pettijohn
hotplugd(8) can probably do what you want. 
Edgar 
On Mar 22, 2021 7:43 PM, tetrahe...@danwin1210.me wrote:

  I have a removable disk that I want to auto-mount. However, it may
  not
  always be present. If I put an entry in fstab for it, will the system
  be
  able to cope even if the disk is not present?

  Is there a better way to do this?


Re: Default partitions allocate only 1GB to /

2021-02-27 Thread Edgar Pettijohn
On Sat, Feb 27, 2021 at 11:21:45PM +, tetrahe...@danwin1210.me wrote:
> On Sat, Feb 27, 2021 at 08:27:07PM +, James Cook wrote:
> > Something's strange about your setup. The installer normally creates a
> > separate partition for /usr and maybe /usr/local. If you're using
> > pkg_add, then packages go in /usr/local, so they shouldn't end up on
> > your root partition.
> > 
> > If your disk is really tiny the installer won't create a separate /usr
> > partition, but in that case it won't make a separate /home either.
> 
> As far as I know everything was installed using defaults.
> 
> Doing `pkg_add libreoffice` the installer is definitely looking at both /
> and /usr/local/ ... and it gives an odd bytecount for /:
> 
> ```
> Error: /dev/sda1 on / is not large enough (/etc/mke2fs.conf)
> /dev/sda1 on /: 956 bytes (missing 86470 blocks)
> /dev/sd1h on /usr/local: 4513435 bytes
> ```
> 
> Later it gives different byte counts for both values.
>

doas du -xh /

should help you locate whats going on.

Edgar



Re: Default partitions allocate only 1GB to /

2021-02-27 Thread Edgar Pettijohn
On Sat, Feb 27, 2021 at 03:32:44PM +, tetrahe...@danwin1210.me wrote:
> When installing OpenBSD, the default partition layout only allocates 1GB to
> / ... most of the disk space is allocated to /home.
> 
> Once you start installing packages, / quickly grows beyond 1GB, and it looks
> like even some large packages exceed the available space on their own:
>   Error: /dev/sda1 on / is not large enough
> 
> Is there an easy fix for this that I'm missing somewhere, or is this a
> poorly chosen default?
> 

Its more likely that you accidentaly used dd to write to a usb stick and instead
wrote to a file in /dev.  Thats the only way I've ever had this problem.

Edgar



Re: spamd vs IPv6

2021-02-22 Thread Edgar Pettijohn
On Mon, Feb 22, 2021 at 06:28:29PM +, Nick Guenther wrote:
> February 22, 2021 1:22 PM, "Edgar Pettijohn"  wrote:
> 
> > Have you tried starting spamd with '-l ::1' to alter its address to bind
> > to?
> 
> I hadn't! But it's no help:
> 
> comms# /usr/libexec/spamd -l ::1 -d -v -G 15:4:864 -C 
> /etc/letsencrypt/live/comms.kousu.ca/fullchain.pem -K 
> /etc/letsencrypt/live/comms.kousu.ca/privkey.paranoid.pem 
> spamd: getaddrinfo: no address associated with name
>

Looks like its hardcoded to only support inet4.



Re: spamd vs IPv6

2021-02-22 Thread Edgar Pettijohn
Have you tried starting spamd with '-l ::1' to alter its address to bind
to?
Edgar 


On Feb 22, 2021 10:11 AM, Nick Guenther  wrote:

  July 1, 2020 7:34 AM, "Harald Dunkel" 
  wrote:

  > Hi folks,
  >
  > spamd(8) still mentions 127.0.0.1, but no indication of IPv6
  support.
  > Looking on Google for "openbsd spamd ipv6" gives me some entries of
  > 2015 and 2016, but no up-to-date information. Please excuse if I am
  > too blind to see.
  >
  > I am a big fan of spamd, but I wonder is spamd in a dead-end wrt IP
  > address families? Would you recommend "IPv4 only" for EMail?

  I was just wondering about this too! I can't see a clear answer
  anywhere online either.




  I went looking because I realized that

  # /etc/pf.conf
  pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd

  was becoming

  # pfctl -s rules
  pass in log inet proto tcp from any to any port = 25 flags S/SA
  divert-to 127.0.0.1 port 8025

  I wondered where that `inet` was coming from. Eventually I realized
  that maybe pf was implying it from the divert-to, since, according to
  pf.conf(5):

  > divert-to [...] The packets will not be modified [...]

  so if a packet comes in as IPv4 (inet) is has to stay IPv4.

  I tried

  # /etc/pf.conf
  pass in log proto tcp to any port smtp divert-to 127.0.0.1 port spamd
  pass in log proto tcp to any port smtp divert-to ::1 port spamd

  and this became

  # pfctl -s rules 
  pass in log inet proto tcp from any to any port = 25 flags S/SA
  divert-to 127.0.0.1 port 8025
  pass in log inet6 proto tcp from any to any port = 25 flags S/SA
  divert-to ::1 port 8025


  However if I actually tried to connect via IPv6 (`nc -6
  mail.myserver.com 25`) I just get an immediately closed connection,
  presumably because ::1:8025 isn't open.


  Come to think of it, because spamd uses IP addresses to do its job,
  for this to happen the database format needs to be augmented to store
  the longer addresses, so it's not necessarily a simple change, and
  that's probably why it hasn't happened yet.

  I just double-checked by digging around in the code (which I am not
  finally experienced enough for, phew) and found:
  
https://github.com/openbsd/src/blob/cf8f31167b4af5c8ea769ff3d8a5974a24fec6bb/libexec/spamd/spamd.c#L1427

  smtplisten = socket(AF_INET, SOCK_STREAM, 0);

  So yeah, it looks like it's still inet-only, no inet6 here.

  -Nick


Re: using kevent to catch signals

2021-02-19 Thread Edgar Pettijohn
On Fri, Feb 19, 2021 at 06:49:45AM +0100, Sebastien Marie wrote:
> On Thu, Feb 18, 2021 at 10:23:05PM -0600, Edgar Pettijohn wrote:
> > I'm having trouble using kevent(2) to catch signals. Below is a sample
> > program. It should catch SIGHUP and SIGUSR1 and just print it out.
> > Instead when i send the process sighup with `kill -SIGHUP $PID` it
> > exits and the word Hangup is writtin to the terminal. If I use
> > `kill -SIGUSR1 $PID` the process exits and the words User defined signal 1
> > are written to the terminal. What am I doing wrong?
> 
> to quote kqueue(2) man page about signals:
> 
>[EVFILT_SIGNAL] coexists with the signal(3) and sigaction(2)
>facilities, and has a lower precedence.  The filter will record all
>attempts to deliver a signal to a process, even if the signal has
>been marked as SIG_IGN.  Event notification happens after normal
>signal delivery processing.

I read this and it just didn't click.

> 
> and to quote signal(3) man page about default action:
> 
>  Name Default Action   Description
>SIGHUP   terminate processterminal line hangup
>SIGUSR1  terminate processuser-defined signal 1
> 
> Your program needs to first ignore SIGHUP and SIGUSR1 (so the process
> will not terminate). This way, the kqueue(2) subsystem should be able
> to process them correctly.
> 
> Thanks.
> -- 
> Sebastien Marie

With the proper signal({SIGHUP,SIGUSR1}, SIG_IGN) calls it works as expected.

Thanks,

Edgar



using kevent to catch signals

2021-02-18 Thread Edgar Pettijohn
I'm having trouble using kevent(2) to catch signals. Below is a sample
program. It should catch SIGHUP and SIGUSR1 and just print it out.
Instead when i send the process sighup with `kill -SIGHUP $PID` it
exits and the word Hangup is writtin to the terminal. If I use
`kill -SIGUSR1 $PID` the process exits and the words User defined signal 1
are written to the terminal. What am I doing wrong?

Thanks!

Edgar
#include 
#include 
#include 

#include 
#include 
#include 

int
main(int argc, char** argv)
{
int kq;
struct kevent ev[2];

if ((kq = kqueue()) == -1)
err(1, "kqueue()");

EV_SET([0], SIGHUP, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
EV_SET([1], SIGUSR1, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);

if ((kevent(kq, ev, 2, NULL, 0, NULL)) == -1)
err(1, "kevent()");

for (;;) {
struct kevent kev[2];
int ret;
int i;

ret = kevent(kq, NULL, 0, kev, 2, NULL);
if (ret == -1)
err(1, "kevent()");
else if (ret > 0) {
for (i = 0; i < ret; i++) {
struct kevent* k = [i];
switch (k->filter) {
case EVFILT_SIGNAL:
if (k->ident == SIGHUP)
printf("received sighup\n");
else if (k->ident == SIGUSR1)
printf("received sigusr1\n");
break;
default:
printf("received unknown event\n");
break;
}
}
}
}

return 0;
}


Re: httpd, PHP7.4, phpIPAM, MariaDB

2021-02-09 Thread Edgar Pettijohn
On Tue, Feb 09, 2021 at 05:30:52PM -0600, Jesse Barton wrote:
> Hey OpenBSD Community,
> 
> I am working on getting phpIPAM setup on a OpenBSD system but so far i'm
> running into an issue with connecting the php site to the database.
> 
> I used parts of these documentation pages to get everything working.
> https://www.php.net/manual/en/install.unix.openbsd.php
> https://phpipam.net/documents/installation/
> 
> Here is the specific message im getting in my error.log
> 
> PHP message: PHP Fatal error:  Uncaught Exception: Could not connect to
> database! SQLSTATE[HY000] [2002] No such file or directory in
> /htdocs/ipam/functions/classes/class.PDO.php:159
> Stack trace:
> #0 /htdocs/ipam/functions/classes/class.PDO.php(1053): DB->connect()
> #1 /htdocs/ipam/functions/classes/class.PDO.php(298):
> Database_PDO->connect()
> #2 /htdocs/ipam/functions/classes/class.Common.php(236): DB->escape()
> #3 /htdocs/ipam/functions/classes/class.Common.php(411):
> Common_functions->fetch_object()
> #4 /htdocs/ipam/functions/classes/class.User.php(136):
> Common_functions->get_settings()
> #5 /htdocs/ipam/index.php(29): User->__construct()
> #6 {main}
>   thrown in /htdocs/ipam/functions/classes/class.PDO.php on line 159
> 
> Im able to log into the database with the desired user running
> # mysql -u phpipam -p
>

> my config.php is set
> $db['host'] = 'localhost';

I would try changing the above to '127.0.0.1'

Edgar

> $db['user'] = 'username';
> $db['pass'] = 'password';
> $db['name'] = 'phpipam';
> $db['port'] = 3306;
> 
> If there is any other information that would be helpful in troubleshooting
> this i'm all ears.



Re: OpenSMTPD is not sending e-mail.

2021-01-28 Thread Edgar Pettijohn
On Thu, Jan 28, 2021 at 08:41:46PM +0100, Radek wrote:
> Hi, 
> a few days ago all my boxes using the same ISP stopped to send me emails from 
> local users and daemons (daily outputs and any other cronjob reports) to 
> @gmail.com.
> I have tried to send email to a few not_gmail mailboxes - the same problem. 
> If i send emails from other boxes (using other ISP), they are received 
> correctly.
> 
> Telnet test doesn't show the "220 mx.google." line. Does is mean that 
> port 25 is blocked by the ISP?
>

I would guess not since it shows you connected.

> $ telnet gmail-smtp-in.l.google.com 25
> Trying 173.194.220.26...
> Connected to gmail-smtp-in.l.google.com.
> Escape character is '^]'.
> Connection closed by foreign host.
> 
>

> $ smtpctl remove all
> 14 envelopes removed
> $ echo test-123 | mail -s test-123 a...@gmail.com
> $ tail -n 30 /var/log/maillog
> Jan 28 20:06:43 fw66-krz smtpd[69953]: 717b813accae5132 smtp connected 
> address=local host=fw66-krz.krz
> Jan 28 20:06:43 fw66-krz smtpd[69953]: 717b813accae5132 smtp message 
> msgid=ba93721b size=331 nrcpt=1 proto=ESMTP
> Jan 28 20:06:43 fw66-krz smtpd[69953]: 717b813accae5132 smtp envelope 
> evpid=ba93721b7de7a76f from= to=
> Jan 28 20:06:43 fw66-krz smtpd[69953]: 717b813accae5132 smtp disconnected 
> reason=quit
> Jan 28 20:06:57 fw66-krz smtpd[69953]: 717b8138ac37b4db mta error 
> reason=Connection closed unexpectedly
> Jan 28 20:06:57 fw66-krz smtpd[69953]: smtp-out: Disabling route [] <-> 
> 142.250.96.27 (142.250.96.27) for 15s
> Jan 28 20:07:12 fw66-krz smtpd[69953]: smtp-out: Enabling route [] <-> 
> 142.250.96.27 (142.250.96.27)
> Jan 28 20:07:14 fw66-krz smtpd[69953]: 717b8139462f1927 mta error 
> reason=Connection closed unexpectedly
> Jan 28 20:07:14 fw66-krz smtpd[69953]: smtp-out: Disabling route [] <-> 
> 108.177.112.27 (108.177.112.27) for 15s
> Jan 28 20:07:14 fw66-krz smtpd[69953]: 717b813c3c64b02d mta connecting 
> address=smtp://142.250.96.27:25 host=142.250.96.27
> Jan 28 20:07:14 fw66-krz smtpd[69953]: 717b813c3c64b02d mta connected
> Jan 28 20:07:29 fw66-krz smtpd[69953]: smtp-out: Enabling route [] <-> 
> 108.177.112.27 (108.177.112.27)
> Jan 28 20:07:30 fw66-krz smtpd[69953]: 717b813ddb20a2c5 mta connecting 
> address=smtp://108.177.112.27:25 host=108.177.112.27
> Jan 28 20:07:30 fw66-krz smtpd[69953]: 717b813ddb20a2c5 mta connected
> 
> 
> 
> 
> On Tue, 26 Jan 2021 11:26:17 - (UTC)
> Stuart Henderson  wrote:
> 
> > On 2021-01-25, latincom  wrote:
> > > It had worked for many years; but this time OpenBSD 6.8; server and 
> > > Laptop, are not working as the man page says.
> > >
> > > I did an empiric test, because i am not qualified for a real test.
> > >
> > > Both are not able to send messages (e-mails), to other machines.
> > > The message at maillog is the same:
> > >
> > > result="TempFail" stat="Network error on destination MXs"
> > 
> > Perhaps your ISP blocks port 25. What do you get if you type
> > "telnet gmail-smtp-in.l.google.com 25"? It should go something
> > like this:
> > 
> > $ telnet gmail-smtp-in.l.google.com 25
> > Trying 66.102.1.27...
> > Connected to gmail-smtp-in.l.google.com.
> > Escape character is '^]'.
> > 220 mx.google.com ESMTP k2si3832128wrm.242 - gsmtpquit  
> > 221 2.0.0 closing 
> > connection k2si3832128wrm.242 - gsmtp
> > Connection closed by foreign host.
> > 
> > 
> 
> 
> 
> -- 
> Radek
> 



Re: relay email from users to per-user smtp servers

2021-01-24 Thread Edgar Pettijohn
You may want to look at table(5) specifically the credentials section.

Not sure how ugly it would get with multiple relay rules, but I think
it should be possible.

However, I think it would just be easier to teach your mua to do it
for you.

Edgar



Re: pkg_info(1) manpage issue

2021-01-24 Thread Edgar Pettijohn
On Sun, Jan 24, 2021 at 09:35:46PM +0100, Andrew Easton wrote:
> Hello everyone, 
> 
> it appears that there may be a way to misinterpret
> the man page for pkg_info(1) in the state of
> commit 0b249e2164be2385bc6a5e82814435649b2b06e0
> Date:   Sun Jan 24 10:21:43 2021 +
> on the github openbsd src mirror.
> 
> The problem description is under the headline
> "Issue".
> 
> There is a realistic chance that I am
> misunderstanding something. If this is the case, what
> further measures can I take to narrow down the problem?
> 
> === Issue ===
> 
> The uninstalled packages are supposed to be listed
> together with their one-line summary. The manual
> page accessible with $ man 1 pkg_info; reads:
> 
> [quote]
> When browsing through uninstalled packages, running
> pkg_info -I *.tgz will report a summary line for each
> package, so that it is possible to run
> pkg_info pkgname.tgz to obtain a longer package
> description, and pkg_add -n pkgname.tgz to check that
> the installation would proceed cleanly, including
> dependencies.
> [\quote]
> 
> Copy-pasting the command "pkg_info -I *.tgz" from the
> manual page into the terminal yields the following
> error:
> 
> computer$ pkg_info -I *.tgz
> Invalid spec: *.tgz
> Invalid spec: *.tgz
> computer$
>

Are there any packages in the directory? Try:

$ cd /usr/ports/packages/`uname -m`/all
$ pkg_info -I *.tgz

Obviously you're results will vary, but I get:

file:./autoconf-2.67p1.tgz: unsigned package
autoconf-2.67p1.tgz automatically configure source code on many Un*x platforms
file:./autoconf-2.69p3.tgz: unsigned package
autoconf-2.69p3.tgz automatically configure source code on many Un*x platforms
file:./automake-1.16.2.tgz: unsigned package
automake-1.16.2.tgz GNU Standards-compliant Makefile generator
file:./bison-3.3.2p1.tgz: unsigned package
bison-3.3.2p1.tgz   GNU parser generator
file:./blas-3.8.0p0.tgz: unsigned package

followed by many more...

Or an absolute path like:

pkg_info -I https://cnd.openbsd.org/pub/OpenBSD/6.8/packages-stable/`uname 
-m`/curl-7.72.0p0.tgz
curl-7.72.0p0.tgz   transfer files with FTP, HTTP, HTTPS, etc.

However, pkg_add -n 
https://cnd.openbsd.org/pub/OpenBSD/6.8/packages-stable/`uname 
-m`/curl-7.72.0p0.tgz
Does give weird output:
quirks-3.440 signed on 2021-01-22T19:53:09Z
Can't find transfer
Can't find files
Can't find with
Can't find FTP,
Can't find HTTP,
Can't find HTTPS,
Can't find etc.

 
Edgar

> 
> Even calling pkg_info(1) with doas(1) yields the same
> behaviour:
> 
> computer$ doas pkg_info -I *.tgz
> Invalid spec: *.tgz
> Invalid spec: *.tgz
> computer$
> 
> 
> Note that there is a relatively long pause between
> the two "Invalid spec" messages both with and without
> doas(1).
> 
> 
> In which way am I misunderstanding the manual page
> for pkg_info(1) for the specific operation of
> browsing uninstalled packages and showing a summary
> line?
> 
> 
> === Affected Man-Page File ===
> /usr.sbin/pkg_add/pkg_info.1
> in 
> commit 0b249e2164be2385bc6a5e82814435649b2b06e0
> Date:   Sun Jan 24 10:21:43 2021 +
> 
> 
> 
> Kind regards,
> Andrew Easton
> 



Re: help needed with httpd.conf and rewrite directive

2021-01-06 Thread Edgar Pettijohn
On Wed, Jan 06, 2021 at 02:12:40PM -0800, Kevin wrote:
> Hey gang,
> 
> I'm trying to setup some rewrites in httpd that are needed to make some
> software we just purchased work.
> 
> The vendor's official docs only support nginx and apache, and I'm having a
> helluva time understanding how to make them work in our beloved OpenBSD.
> 
> Below is the nginx sample they provide.
> 
> Anyone with some httpd rewrite foo mind whacking me with a clue stick on
> how to accomplish this purty please?
> 
> Thanks,
> Kevin
> 
>location /sendy/l/ {
> rewrite ^/sendy/l/([a-zA-Z0-9/]+)$ /sendy/l.php?i=$1 last;
> }

I'm not an expert, but I would try:

location match "^/sendy/l/([%w\/]+)$" {
request rewrite "/sendy/l.php?i=$1"
}

good luck

Edgar



Re: OpenSMTPD-extras manual

2020-12-20 Thread Edgar Pettijohn
On Sun, Dec 20, 2020 at 05:09:22PM +0300, ??  wrote:
> man table-socketmap is interesting but confusing:
> __
> """DESCRIPTION
>  This manual page documents the file
>  format of "socketmap" tables used by
>  the smtpd(8) mail daemon.
> 
>  The format described here applies to tables
>  as defined in smtpd.conf(5).
> 
> SOCKETMAP TABLE
>  A "socketmap" table uses a simple protocol.
> The client sends a single-

The single line request is:

table-name key

>  line request and the server sends
> a single-line reply.
>

The reply is one of:

OK answer
NOTFOUND
TEMP
TIMEOUT
PERM

>  The table may be used for any kind of key-based
> lookup and replies are
>  expected to follow the formats described in table(5).
> """
> __

So in theory you would have something like the following in
smtpd.conf:

table test socketmap:/path/to/socketmap.sock

where the table-name would be test in the above request line.

> 
> This table type could be just an experimental
> useless table type like ldap tables or
> a universal key to any userdata(password) storage if
> one manages to make a middleware which
> is able to make requests to any userdata storage
> and return a needed value in proper format
> to smtpd server through socketmap.
> 
> But again no clear manual entry makes it useless.
> No hint in the manual how to configure this type
> of table access
> 
> 
> 20.12.2020 01:34, Ingo Schwarze ??:
> > Hi Maksim & Edgar,
> > 
> > Edgar Pettijohn wrote on Sat, Dec 19, 2020 at 03:37:22PM -0600:
> > > On Sat, Dec 19, 2020 at 08:02:19PM +0300, ??  wrote:
> > 
> > > > Where can I find any manuals and examples regarding OpenSMTPD-extras?
> > 
> > Try:
> > 
> > $ man -k ^table-
> > $ man table-passwd table-socketmap table-sqlite table-redis
> > 
> > > > Which table types are supported and do not have status "experimental"
> > > > like ldap tables?
> > > > E.g. what is opensmtpd-extras-python and how can I use it?
> > 
> > Not sure about thise questions.
> > 
> > > Your best bet is to git clone the repository and search for the tables,
> > > etc you are interested in.
> > 
> > That would be unusual with OpenBSD; when possible, we try to include
> > documentation in user-installable packages and not only in source
> > distributions.
> > 
> > Strangely, in this case, there are files
> > 
> >table-postgres.5 table-mysql.5
> > 
> > in the source tarballs but not in the respective packing lists.
> > 
> > Strangely, the tarball also contains three empty README files.
> > 
> > > If there is a manual simply `mandoc file | less`.
> > 
> > Not the best advice ever...  :-/
> > 
> > Manually piping mandoc(1) output to less(1) is never needed.
> > 
> > If you have a manual page in the current directory - say, table-sqlite.5 -
> > then just
> > 
> > $ man -l table-sqlite.5
> > 
> > is sufficient, and if it's properly installed, as the opensmtpd-extras
> > package does it, then just
> > 
> > $ man table-sqlite
> > 
> > does the job without even needing to worry about the current directory.
> > 
> > > Unfortunantly there aren't manuals for all of the `extras`.
> > 
> > Hmm, you may be right about that one, for example a table-python(5)
> > manual page doesn't appear to exist.
> > 
> > Yours,
> >Ingo
> > 
> 
> -- 
> ?? ??,
> ?? 
> 



Re: OpenSMTPD-extras manual

2020-12-19 Thread Edgar Pettijohn
On Sat, Dec 19, 2020 at 08:02:19PM +0300, ??  wrote:
> Hello.
> Where can I find any manuals and examples regarding OpenSMTPD-extras?
> Which table types are supported and do not have status "experimental"
> like ldap tables?
> E.g. what is opensmtpd-extras-python and how can I use it?
> -- 
> Best regards
> Maksim Rodin
>

Sorry didn't answer the python question. I'm not a python expert, but I 
suspect that you would write a script similar to the following perl:

Obviously untested, just a best guess.

#!/usr/bin/env perl

use common::sense;

our %state = ();

sub update {
$state{updated} = 1;

print STDERR "table perl updated\n";
}

sub check {
my ($service, $value, $key) = @_;
print STDERR "$service: $value: $key\n";
}

sub lookup {
my ($service, $value, $key) = @_;

print STDERR "$service: $value: $key\n";

return "test";
}

sub fetch {
my ($service, $value) = @_;

print STDERR "$service: $value\n";
return "test";
}

Then in smtpd.conf have something like:

table test python:/path/to/python/script.py

action "some_action" maildir alias 



Re: OpenSMTPD-extras manual

2020-12-19 Thread Edgar Pettijohn
On Sat, Dec 19, 2020 at 08:02:19PM +0300, ??  wrote:
> Hello.
> Where can I find any manuals and examples regarding OpenSMTPD-extras?
> Which table types are supported and do not have status "experimental"
> like ldap tables?
> E.g. what is opensmtpd-extras-python and how can I use it?
> -- 
> Best regards
> Maksim Rodin
>

Your best bet is to git clone the repository and search for the tables, 
etc you are interested in. If there is a manual simply `mandoc file | less`.

Unfortunantly there aren't manuals for all of the `extras`.

Good luck,

Edgar



Re: Malloc options

2020-11-12 Thread edgar
On Nov 12, 2020 3:06 AM, Stuart Henderson  wrote:

  On 2020-11-11, ed...@pettijohn-web.com 
  wrote:
  > Thanks for the quick reply. I'll stick with "s" for now and if its
  > unbearably slow I'll try others.

  'S' not 's', they're case-sensitive (from the manual, "Unless
  otherwise
  noted uppercase means on, lowercase means off.")


Luckily it's a typo in the email. However, I don't recall reading that.
Must have skimmed past it.
Thanks,
Edgar 


Re: Malloc options

2020-11-11 Thread edgar
On Nov 11, 2020 10:19 AM, Otto Moerbeek  wrote:

  On Wed, Nov 11, 2020 at 10:09:19AM -0600, ed...@pettijohn-web.com
  wrote:

  > I'm trying to compile a program that is using a MALLOC_OPTIONS of
  "A"
  > which doesn't exist. Reading the manual all of the options look
  good to
  > me so what would be the best? I'm going to go with "S" unless
  otherwise
  > instructed.
  > Thanks,
  > Edgar

  A long time ago A existed, not it is the default: if an inconsistency
  is detected, malloc aborts.

  While developing and for "sensitive" programs S is best. ssh and sshd
  use it.

  If S is too slow, any subset of CFJ might provide a middle ground.
  Not using any flags is also pretty safe already compared to other
  malloc implementations.

  -Otto

Thanks for the quick reply. I'll stick with "s" for now and if its
unbearably slow I'll try others.
Thanks
Edgar


Malloc options

2020-11-11 Thread edgar
I'm trying to compile a program that is using a MALLOC_OPTIONS of "A"
which doesn't exist. Reading the manual all of the options look good to
me so what would be the best? I'm going to go with "S" unless otherwise
instructed. 
Thanks,
Edgar


Re: Are relayd and httpd my future buddy?

2020-10-31 Thread edgar
https://www.amazon.com/Relayd-Httpd-Mastery-Book-11-ebook/dp/B07171352M
Good book.
Edgar

On Oct 31, 2020 11:45 AM, Brian Brombacher  wrote:



  > On Oct 30, 2020, at 6:32 PM, Lars Bonnesen
   wrote:
  >
  > I have been using a combination of Apache, mod_proxy and
  letsencrypt to set
  > up different loadbalancing/https offload solution like this:
  >
  > https://URL1[Apache
  http_1]
  > ---|
  > https://URL2 [Apache https, mod_proxy, and letsencrypt] --- [Apache
  http_2}
  > ---|-- SQL
  > https://URL3[Apache
  http_3]
  > ---|
  >
  > Of coarse running on OpenBSD
  >
  > The URLS are typically sharing one IP and in theory the https
  offload could
  > also be load balanced.
  >
  > Even though the above setup works, I would like to use as much of
  obsd base
  > as possible and less packages. Thinking of httpd, letsencrypt and
  relayd -
  > but can it accomplish my goals about sharing IPs, loadbalancing
  while also
  > doing SSL offload? Or do I need to stick with Apache or maybe look
  at
  > another solution like haproxy?
  >
  > If I can use relayd for this, could someone please share a
  relayd.conf
  > example for me?
  >
  > Regards, Lars.

  If you’re only using mod_proxy for load balancing, yes you can do
  this with httpd and relayd.

  I don’t have a relayd.conf sample for you but there are plenty from
  the mailing list.


Re: strange SMTP interaction with mail.openbsd.org ?

2020-09-06 Thread edgar
On Sep 6, 2020 4:24 PM, Leen Besselink  wrote:

  Hi,

  Recently we've set up a Postfix mailserver with TLS (valid Let's
  Encrypt
  certificate).

  So I was checking the logs and I saw mail.openbsd.org connected and
  disconnected but strange enough did not deliver any mail:

  Sep  6 21:47:13 mx5 postfix/smtpd[938]: connect from
  mail.openbsd.org[199.185.178.25]
  Sep  6 21:47:14 mx5 postfix/smtpd[938]: Anonymous TLS connection
  established from mail.openbsd.org[199.185.178.25]: TLSv1.2 with
  cipher
  ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
  Sep  6 21:47:15 mx5 postfix/smtpd[938]: disconnect from
  mail.openbsd.org[199.185.178.25] ehlo=2 starttls=1 quit=1 commands=4

  When I checked on the other server, it seems mail.openbsd.org
  probably
  tried to deliver '20200906194148.ga50...@dalek.home.local'.

  The name in the MX-record matches the forward and reverse DNS, the
  HELO/EHLO name and certificate.

  Any idea what could have happened ?(or maybe how to contact the
  person(s) running mail.openbsd.org)

  With kind regards,

   Leen.

Have you tried postmas...@openbsd.org?


perl hex possible bug

2020-07-21 Thread Edgar Pettijohn
I was playing around with the hex function in perl. So naturally I
started with:

perldoc -f hex

Which showed me a few examples namely the following:

print hex '0xAf'; # prints '175'
print hex 'aF';   # same
$valid_input =~ /\A(?:0?[xX])?(?:_?[0-9a-fA-F])*\z/

However, I get the following output: (newlines added for clarity)

laptop$ perl -e 'print hex '0xAf';'
373
laptop$ perl -e 'print hex 'aF';'
175

I'm guessing there is a bug here but not sure if its software or
documentation.

Thanks,

Edgar



Re: dhcpd synchronization: leases recovery after downtime

2020-07-18 Thread edgar
On Jul 18, 2020 3:25 PM, Guy Godfroy  wrote:

  Hello,

  I am using two routers on OpenBSD (called mulder and scully), and I
  wish
  to make dhcpd listen on a carp interface between both of them. I am
  using the synchronization mechanism:

  mulder# rcctl get dhcpd flags
  -y em2 -Y em2 carp0

  scully# rcctl get dhcpd flags
  -y em2 -Y em2 carp0

  I tested it and it works great when both routers are up.

  But what is explained in the man page is that it is only a realtime
  sync. So if I understand correctly, when one of the hosts is down,
  there
  is no way for it to get the new leases when it gets back up. My
  thought
  about that is that it defeats the original purpose of the feature. My
  concerns are confirmed by the test:

  1. Make sure that carp0 master is mulder.
  2. Stop dhcpd on scully.
  3. Plug a new machine using a dhcp client on the network of carp0.
  4. Observe that the lease is present in /etc/dhcpd.leases on mulder.
  5. Start dhcpd on scully.
  6. Observe that the lease is missing in /etc/dhcpd.leases on scully.

  I have found no information about leases synchronization other than
  the
  one given in dhcpd man page, but I guess there is no possible leases
  recovery from other routers after a downtime, or when a new router is
  inserted in the stack.

  What is the correct solution to manage this case? Is there a
  possibility
  for a router to ask for its missing leases when it gets up? Something
  like this:

  0. mulder is up, scully is down.
  1. scully gets up and asks on multicast:
  "My last lease was created on date d, what's up since that date?"
  2. mulder answers:
  "Here is the leases created since d: ..."

  Thanks.

  Guy

Not sure how to integrate it properly but this sounds like a job for
ifstated(8).
Edgar 


Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

2020-05-28 Thread edgar
On May 28, 2020 11:42 AM, Marc Espie  wrote:

  On Thu, May 28, 2020 at 01:16:59AM -0300, Quantum Robin wrote:
  > Hi,
  >
  > While surfing on the Google to learn more about OpenBSD, I
  encountered this
  > one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure (
  > https://aboutthebsds.wordpress.com/2013/01/25/20/)
  >
  > Is the author telling the truth? Or just yet another anti-BSD
  thing?
  >

  "At meetings, people are often physically attacked for having even a
  minor disagreement with de Raadt"

  Hyperbole much ?

  Theo has been known to be fairly opiniated, but "physically
  attacked"?

  How can you take this guy seriously ?


I found it pretty comical. 


Re: Howto change login mechanism on OpenBSD

2020-05-20 Thread Edgar Pettijohn
On Wed, May 20, 2020 at 09:50:17PM +, Kevin Chadwick wrote:
> On May 20, 2020 9:31:19 PM UTC, Edgar Pettijohn  
> wrote:
> >On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
> >> Hi Misc,
> >> 
> >> I have an interactive shell program which has an authentication
> >section and I want to login via my program. How can I do that?
> >> 
> >> Actually I want to run this program instead of /bin/ksh. I changed
> >the root's shell with "chsh -s /bin/{my_program} root" command.
> >However, when the system boots, firstly OpenBSD Login is coming and
> >after that my program is running.
> >> 
> >> In short, I want to run an external program on startup without
> >OpenBSD Login.
> >
> >I believe login(1) is executed by getty(8) which is started by init(8).
> >So you would likely have to make changes to one or more of them. But I
> >could be wrong.
> >
> >Edgar
> 
> I believe /etc/ttys controls getty, which may or not help. Getty is respawned 
> too.
> https://man.openbsd.org/man5/ttys.5

I think you're right. Might just need to change a line in /etc/ttys to
execute /bin/{my_program}.

Edgar



Re: Howto change login mechanism on OpenBSD

2020-05-20 Thread Edgar Pettijohn
On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
> Hi Misc,
> 
> I have an interactive shell program which has an authentication section and I 
> want to login via my program. How can I do that?
> 
> Actually I want to run this program instead of /bin/ksh. I changed the root's 
> shell with "chsh -s /bin/{my_program} root" command. However, when the system 
> boots, firstly OpenBSD Login is coming and after that my program is running.
> 
> In short, I want to run an external program on startup without OpenBSD Login.

I believe login(1) is executed by getty(8) which is started by init(8).
So you would likely have to make changes to one or more of them. But I
could be wrong.

Edgar



Re: rc.d: Webserver is removing daemonization - now what?

2020-05-03 Thread Edgar Pettijohn
On Sun, May 03, 2020 at 04:53:42PM +0200, Marcus MERIGHI wrote:
> chad.hoo...@protonmail.com (Chad Hoolie), 2020.05.03 (Sun) 15:43 (CEST):
> > So the folks over at my webserver is removing its daemonization
> > feature, telling its users to use systemd/upstart/a process supervisor
> > instead.
> 
> Ugly move by upstream!
> 
> > But what does this mean to my webserver's startup script in /etc/rc.d,
> > isn't it dependent on the webserver's ability to daemonize?
> 

what webserver are you using?

> You could have shown the content of that rc.d(8) script...?
> 
> > Pretty sure I can't manually daemonize it by adding a "&" to the end
> > of my rcexecs so...
>

#rc.local
/path/to/server &

> Read rc.subr(8), look for "rc_bg".
> 
> Marcus



Re: loading DBD-Pg under base httpd, works but it's wrong way

2020-05-02 Thread edgar
On May 1, 2020 10:24 PM, Andrew Hewus Fresh  wrote:

  On Fri, May 01, 2020 at 01:11:12AM -0400, Chris Bennett wrote:
  > On Thu, Apr 30, 2020 at 08:16:05PM -0700, Andrew Hewus Fresh wrote:
  > > I'm assuming this is using slowcgi, is that correct?
  >
  > Yes
  >
  > >
  > > Depending on your use case, it might be easier to have a separate
  > > slowcgi process for just this script and then add
  OpenBSD::Pledge(3p)
  > > and possibly OpenBSD::Unveil(3p) to limit what the script can
  do.  This
  > > could work with slowcgi's `-u` flag to have this script run as a
  > > specific user.
  > >
  >
  > I have several domains. Some are running very limited scripts.
  >
  > For several, just some very basic stuff. Pledge and Unveil would
  work
  > great for those. I'll check into that. They write files and send
  emails.

  Do note that httpd expects that slowcgi will be chrooted to the same
  place as httpd and sets some of the FCGI_PARAMS based on finding the
  scripts in that chroot.  It's possible to make that work with a
  "phantom" directory structure in the httpd chroot that mirrors the
  scripts you will be running with slowcgi.  They don't need to be the
  full files, empty files that are set as executable work fine for
  faking
  the check.  With that hack and messing with "root" and "rewrite
  request"
  in the location served by that fastcgi should allow you to get the
  information to the script in the necessary format.  Another option is
  a
  Plack Middleware that rewrites those variables as necessary.  Running
  slowcgi with the debug (-d) flag is very informative.


  > One site has a ton of complicated scripts, many in mod_perl that I
  want
  > to ditch.

  You may want to look at some of the options for modules that fake
  being
  mod_perl and run under Plack, which has a FastCGI handler that works
  well with httpd(8).

  https://metacpan.org/search?q=plack+apache

  https://metacpan.org/pod/Plack::Handler::FCGI


  > I am also forking a forum software that's been dropped.
  > It makes a lot of sense to pull all of those perl scripts into a
  single
  > wrapper. It reads/writes to postgresql, sends and receives emails
  and
  > can optionally write files. Pledge and Unveil sound like good
  optional
  > settings. My preference is to make it portable after ditching some
  > security issues and dropping mod_perl 1 from it, etc.

  If those scripts were ported from CGI to mod_perl and not changed
  significantly, I have had good experience with CGI::Emulate::PSGI
  which
  will load those CGIs into a persistent process.  The benefit of
  having
  been ported to mod_perl is that someone probably created an "init"
  function that resets all the state necessary at the beginning of the
  request.

  https://metacpan.org/pod/CGI::Emulate::PSGI


  If they were written specifically targeting mod_perl 1, you probably
  have a slog ahead of you and I don't envy you the task.


  
  > This has all been a bit frustrating, but having worked things out,
  now
  > it's fun!

  That's computers for you.

  l8rZ,
  --
  andrew - http://afresh1.com

  Real programmers don't document.
  If it was hard to write, it should be hard to understand.


You might also take a look at the fastcgi server that comes with kcgi.
Its been awhile since I used it but it has a few more features than
slowcgi. Plus its written by kristaps@ so it's high quality. 
Good luck. 
Edgar 


Re: UNIX crash course

2020-04-21 Thread Edgar Pettijohn
On Tue, Apr 21, 2020 at 09:17:50PM +0300, Pekka Niiranen wrote:
> Hello Sirs,
> 
> That is very comprehensive list of books, but I have
> not found any concise example of "OpenBSD development environment".
> There are KNF settings for vim and emacs in github but not much more.
> 
> OpenBSD is in constant flux so I would like to know which
> of its various services controlled by rcctl would be
> the best starting point for analyzing how code a minimal server
> in OpenBSD 2020 including pledge and prilege separation methods.
> Which of the current services is "the present state of the art" for
> a starting point?
>

The source code would be the best place to look. I know I've learned a
lot reading the code and manual pages. Not knowing your skill level, but
I often start with usr.sbin/identd/identd.c as a good skeleton.

Edgar

> -pekka-
> 
> On 19.4.2020 23.51, Martin wrote:
> > People recommend me these books https://www.openbsd.org/books.html for 
> > programming starting point. Here is a list of admin. related books too. 
> > Very comprehensive and useful books listed.
> > 
> > Martin
> > 
> > ? Original Message ?
> > On Sunday, April 19, 2020 7:15 PM, Chris Zakelj  wrote:
> > 
> > > Looking to the list for suggestions on becoming at least a
> > > semi-competent admin.?? Long-time members may remember my trial-by-fire
> > > 15+ years ago when the boss ordered a T1 and the carrier's tech
> > > "helpfully" pointed the dmz interface at the (already outdated) NT4 file
> > > server.?? My current situation is nothing like that, but thanks to all
> > > the recent trolls, I discovered that following the IEEE's transition
> > > from their email service being little more than a .forward alias into a
> > > full-fledged GMail suite, that Google wasn't forwarding emails it deemed
> > > spammy and caused the partial loss of nearly seven months' worth of
> > > mail.?? Since I don't trust Google or pretty much any "free" provider at
> > > this point, that means doing it myself.?? Some steps (registering a
> > > domain, ordering business-class service or a static IP, etc) are
> > > self-evident.?? But after that, there's a lot I really need to learn
> > > beyond what's in the man pages, and my copy of 'Absolute OpenBSD' is
> > > quite dated at this point.?? I've also got that misbehaving ARC-1200B
> > > card, so if dlg@ or another team member in the US/Canada has interest in
> > > figuring out what's going sideways, I'll pay for shipping both ways.
> > 
> > 
> > 



Re: strncasecmp

2020-04-11 Thread Edgar Pettijohn



On 4/11/20 8:47 PM, Stuart Longland wrote:

On 12/4/20 11:39 am, zeurk...@volny.cz wrote:

"Stuart Longland"  wrote:

On 11/4/20 2:30 am, zeurk...@volny.cz wrote:

https://doomwiki.org/wiki/Absurd texture name in error message

No, what I wrote is:


'https://doomwiki.org/wiki/Absurd texture name in error message'

World of difference. To a UNIX guy.

Ohh, I did see the quotes, that's what made me try the URI with spaces
after seeing the 404 page.


Seems like some people eat everything the WWW n00bs emit, right up to
and including a turd.

What's next? All list messages in quoted-unreadable? C'mon.

doomwiki should not be using such characters in their URIs.  I'm not
blaming you for their presence by the way.  Had they done the right
thing in the first place, the quotes would never have been needed. :-)



I must have missed how any of this has anything to do with OpenBSD.




Re: What is the difference between these anchor rules

2020-03-16 Thread edgar
On Mar 16, 2020 11:07 AM, Carlos Lopez  wrote:

  Hi all,

  I am trying to accomplish several different tests using anchors rules
  under an OpenBSD 6.6 host. But I am seeing a strange behavior
  depending how I configure them. For example:

  This rule works:

  anchor inet from $laptop_admin label "Allow access from $srcaddr via
  SSH" {
  anchor proto tcp to port ssh {
  pass in to (self)
  pass in to { $dmz_network $vpn_network  } tag intlans-to-intlans
  }
  }

  But this one never matches:

  anchor inet from $laptop_admin label "Allow access from $srcaddr via
  http/https services" {
  anchor proto tcp to port { http https } {
  pass in $hots2 tag intlans-to-intlans
  }
  }


Is hots2 a typo in the  mail or the conf also? Or maybe it's not a typo.
Edgar 


  I have tried inserting “quick” keyword in second rule, but
  nothing … Maybe am I doing some mistake? Rules that works goes
  before than the other that fails … Changing order, it doesn’t
  matter …

  Any tip?
  --
  Regards,
  C. L. Martinez


Re: pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway

2020-03-05 Thread Edgar Pettijohn


On Mar 5, 2020 10:15 AM, Steve Williams  wrote:
>
> Hi,
>
> Should this be on ports@?  I'm not working on a port...
>
> TL;DR:
> Does anyone have any recommendations on how to work around not having 
> pthread_mutexattr_setpshared in the OpenBSD pthreads library?
>

Have you tried searching the ports tree patch files for mention of the 
function. You may find a real world example of a workaround.

Edgar

> DETAILS:
> I wanted to see if Apache Guacamole would compile on OpenBSD to server 
> as a remote desktop gateway.
>
> It hasn't been too hard to get it to the final linking step.
>
> I am getting an "undefined reference to `pthread_mutexattr_setpshared'":
>
>     ../../src/libguac/.libs/libguac.so.17.0: undefined reference to
>     `pthread_mutexattr_setpshared'
>     collect2: ld returned 1 exit status
>     *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD   
>     " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...)
>     *** Error 1 in . (Makefile:556 'all-recursive')
>     *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453
>     'all')
>
>
> When I look at some of the code using pthread_mutexattr_setpshared, it's 
> not #ifdef'd or anything, so I think it's pretty much mandatory code.
>
> pool.c:
>
>     guac_pool* guac_pool_alloc(int size) {
>
>      pthread_mutexattr_t lock_attributes;
>      guac_pool* pool = malloc(sizeof(guac_pool));
>
>      /* If unable to allocate, just return NULL. */
>      if (pool == NULL)
>      return NULL;
>
>      /* Initialize empty pool */
>      pool->min_size = size;
>      pool->active = 0;
>      pool->__next_value = 0;
>      pool->__head = NULL;
>      pool->__tail = NULL;
>
>      /* Init lock */
>      pthread_mutexattr_init(_attributes);
>
>      pthread_mutexattr_setpshared(_attributes,
>     PTHREAD_PROCESS_SHARED);
>     //^
>      pthread_mutex_init(&(pool->__lock), _attributes);
>
>
> It looks like this is a posix (of some version) function:
> https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html
>
> An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" 
> returned:
> https://man.openbsd.org/man3/pthread_mutexattr.3
>
> This function is definitely missing...
>
> I tried to see if there was a way to use pthread_mutexattr_settype to 
> accomplish the same thing, but got lost in the maze of documentation.
>
> Does anyone have any recommendations on how to work around not having 
> pthread_mutexattr_setpshared in the OpenBSD pthreads library?
>
> Thanks,
> Steve Williams
>



Re: PPTP NAT passthrough

2020-02-26 Thread Edgar Pettijohn

This appears to be actively maintained.

https://sourceforge.net/projects/pptpclient/

On 02/25/20 12:15, Szél Gábor wrote:

Dear @misc

Our customer need more parallel outgoing PPTP session.
I know PPTP is no security VPN, but our client not have any options. 
(our customer remote partner accept only PPTP VPN ...)


OpenBSD PF can't use parallel PPTP session. First session is NAT-ed, 
but second session is broken.

I know OpenBSD not supported PPTP NAT passthrough.

I found two, very old PPTP proxy for openbsd:

 * https://github.com/crvv/pptp-proxy
   This is ftp-proxy fork(?)
 * https://sourceforge.net/projects/frickin/

frickin 1.x working only fix remote PPTP address, not good for me.
frickin 2.x (beta) not compiled on oBSD 6.6.

pptp-proxy is compiled, and started, but not working.
We tested very simple pf.conf (NAT, and some rules)

pass in quick log on $int_if proto gre from any to ! $int_if:0 rdr-to 
127.0.0.1
pass in quick log on $int_if proto tcp from any to ! $int_if:0 port 
1723 rdr-to 127.0.0.1 port 2317


pptp-proxy is accepted session, but not working.
(in tcpdump only 2 outgoing, 1 inbound packet found)

Does anyone know a working solution for PPTP NAT passthrough?

In openbsd based securityrouter.org firewall a found PPTP-Proxy support:
https://securityrouter.org/wiki/Comparison
But I don't know what to use.





Re: [*EXT*] Re USB printer?

2020-02-17 Thread Edgar Pettijohn


On Feb 17, 2020 11:47 AM, Claus Assmann  wrote:
>
> I got a 
> HP DeskJet 2630
> printer and connected it via usb
> I tried to use it "directly", i.e., /etc/printcap:
> usb:lp=/dev/ulpt0:sd=/var/spool/output/usb:sf:sh:tr=^D:
> as mentioned in the original mail
>
> but this results in an "output error" after I started lpd
> and used
> lpr doc.ps
>
> ulpt0 at uhub0 port 4 configuration 1 interface 1 "HP DeskJet 2600 series" 
> rev 2.00/1.00 addr 2
> ulpt0: using bi-directional mode
> ugen0 at uhub0 port 4 configuration 1 "HP DeskJet 2600 series" rev 2.00/1.00 
> addr 2
> ulpt0: output error
>
> I didn't try to set up cups or similar stuff as that seems
> to be overkill for my simple use case and probably results
> in the same USB error?
> If someone has this kind of printer connected via USB: I am
> interested in the config.
>
> Thanks.
>
> PS: full dmesg attached in case it provides some info about the USB
> problem - hopefully it isn't stripped by the mailing list software;
> here's at least some USB info:
>
> uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 16
> uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 21
> ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 18
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
> addr 1
>
> -- 
> Address is valid for this mailing list only, please do not reply
> to it direcly, but to the list.
>

I've used a couple of hp printers in the past and I always had to use hpcups. 
It is possible that I gave up too early.

Edgar



Re: 550 Invalid recipient domain

2020-02-03 Thread Edgar Pettijohn




On 02/03/20 16:33, Anne Wainwright wrote:

Hi,

OK, maybe this query should be for another mailing list.

Getting mail to my BSD 6.4 server has been an issue. I have Postfix
running. The mail is fetched by fetchmail. As far as I know both
.fetchmailrc and /etc/aliases are correct.

But the 550 message shows in maillog when the mail has come in and is
then shown going out to my ISP's smtp server for user@localhost which
of course rejects this as an undeliverable address. It does not get put
into the mailbox at all.

Surely this is some small stupid thing beyond my ken! If someone can
point me in the right direction I would be very grateful.

Perhaps part of the issue is that the name part of the email address to
the server is not the same as the name of the user that it is to be
delivered to. I am about to revise that to simplify things, though
hoping a small correction somewhere might make that unnecessary.

advance thanks
Ian



I'm guessing you are trying to get postfix on your laptop/desktop to 
relay through your isp.  If so something like the following should do it:


# postfix main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static: YOURUSERNAME:YOURPASSWORD
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
relayhost = [YOURISPSERVER]:587

Edgar



Re: wpa_supplicant error

2020-02-02 Thread Edgar Pettijohn
Try without wpa_supplicant

/etc/hostname.iwm0
nwid yournwid wpakey yourwpakey
dhcp

sh /etc/netstart

On Feb 2, 2020 3:42 PM, Charlie Burnett  wrote:
>
> Hey @misc,
> I've used OpenBSD on my desktop and server for a while, however they both
> have an Ethernet connection. I recently got my hands on a thinkpad x1 6th
> gen in order to ensure compatibility with OpenBSD. I can connect fine via
> the /etc/hostname.if with /etc/netstart, however I need to be able to
> connect to eduroam for class. I was using linux on my past laptop, however
> I connected through wpa_supplicant on it. I copied my wpa_supplicant.conf
> over, however whenever I try to connect to a network I get hung up in the
> same spot. The conf works fine on linux, so the credentials are correct.
> I've also ensured the interface was up with "doas ifconfig iwm0 up" Here's
> the output from attempting to connect with "doas wpa_supplicant -i iwm0 -c
> /etc/wpa_supplicant.conf -D openbsd -dd":
> wpa_supplicant v2.9
> Successfully initialized wpa_supplicant
> Initializing interface 'iwm0' conf '/etc/wpa_supplicant.conf' driver
> 'openbsd' ctrl_interface 'N/A' bridge 'N/A'
> Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
> Reading configuration file '/etc/wpa_supplicant.conf'
> ctrl_interface='/var/run/wpa_supplicant'
> ctrl_interface_group='wheel'
> eapol_version=2
> ap_scan=1
> fast_reauth=1
> update_config=1
> Line: 11 - start of a new network block
> ssid - hexdump_ascii(len=): HOME
> key_mgmt: 0x2
> PSK - hexdump(len=): [REMOVED]
> Line: 19 - start of a new network block
> ssid - hexdump_ascii(len=7): eduroam
> scan_ssid=1 (0x1)
> key_mgmt: 0x1
> eap methods - hexdump(len=): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
> phase2 - hexdump_ascii(len=):
>  61 75 74 68 3d 4d 53 43 48 41 50 56 32    auth=MSCHAPV2
> auth_alg: 0x1
> identity - hexdump_ascii(len=):
> ca_cert - hexdump_ascii(len=):
>  2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 41   /etc/ssl/certs/A
>  64 64 54 72 75 73 74 5f 45 78 74 65 72 6e 61 6c   ddTrust_External
>  5f 52 6f 6f 74 2e 70 65 6d    _Root.pem
> password - hexdump_ascii(len=): [REMOVED]
> Line: 32 - start of a new network block
> ssid - hexdump_ascii(len=):   HOME2
> PSK - hexdump(len=): [REMOVED]
> Priority group 0
>    id=0 ssid='HOME'
>    id=1 ssid='eduroam'
>    id=2 ssid='HOME2'
> Add interface iwm0 to a new radio N/A
> iwm0: Failed to attach pkt_type filter
> iwm0: Own MAC address: 38:00:25:6c:76:6d
> iwm0: RSN: flushing PMKID list in the driver
> iwm0: Setting scan request: 0.10 sec
> ENGINE: Loading builtin engines
> ENGINE: Loading builtin engines
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: Supplicant port status: Unauthorized
> EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> ctrl_interface_group=0 (from group name 'wheel')
> iwm0: Added interface iwm0
> iwm0: State: DISCONNECTED -> DISCONNECTED
> iwm0: Using OpenBSD - overriding ap_scan configuration
> EAPOL: disable timer tick
>
> Here is the output after sending a ctrl-C to the terminal:
> ^Ciwm0: Removing interface iwm0
> iwm0: Request to deauthenticate - bssid=00:00:00:00:00:00
> pending_bssid=00:00:00:00:00:00 reason=3 (DEAUTH_LEAVING) state=DISCONNECTED
> iwm0: State: DISCONNECTED -> DISCONNECTED
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> iwm0: WPA: Clear old PMK and PTK
> iwm0: Cancelling scan request
> iwm0: Cancelling authentication timeout
> Remove interface iwm0 from radio
> Remove radio
> iwm0: CTRL-EVENT-TERMINATING
>
>
> And here's my wpa_supplicant.conf (with ssid's and psk's removed):
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=wheel
> eapol_version=2
> ap_scan=1
> fast_reauth=1
> update_config=1
>
> network={
> ssid="HOME"
> psk=PASSWORD
> }
>
> # Eduroam
> network={
> ssid="eduroam"
> scan_ssid=1
> key_mgmt=WPA-EAP
> eap=PEAP
> phase2="auth=MSCHAPV2"
> auth_alg=OPEN
> identity="burne...@umn.edu"
> ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
> password="Here I am, here I remain."
> }
>
> network={
> ssid="HOME2"
> psk=PASSWORD
> }
>
> Any help would be very much appreciated!



Re: How to hide my server's IP?

2020-02-02 Thread Edgar Pettijohn


On Feb 2, 2020 3:24 PM, Arthur Wayside  wrote:
>
> Hello.
>
> Say I run a websapp inside a chroot and someone manages to hack it and gain 
> shell access. 

Or just don't put it in the chroot.

Can I then somehow hide my server's IP from the likes of ifconfig?
>
> Thanks!
>
> Artur.
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.



Re: How to hide my server's IP?

2020-02-02 Thread Edgar Pettijohn


On Feb 2, 2020 3:24 PM, Arthur Wayside  wrote:
>
> Hello.
>
> Say I run a websapp inside a chroot and someone manages to hack it and gain 
> shell access. Can I then somehow hide my server's IP from the likes of 
> ifconfig?
>
> Thanks!
>
> Artur.
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.

Seems like they would already know this. However, you could:

# chmod go-x /sbin/ifconfig

Assuming they don't have root that should do it.

Edgar



Re: From nginx to openbsd httpd

2020-01-16 Thread Edgar Pettijohn


On Jan 16, 2020 9:27 AM, Michael Hekeler  wrote:
>
> > 
> > Hello,
> > 
> > I use poudriere pkg builder on FreeBSD and I use nginx to get poudriere web
> > status interface.
> > 
> > I'm looking for a less complex httpd server and obhttpd seems to be right
> > choice. I have installed obhttpd 
> > port
> > 
> > nginx httpd.conf is:
> > 

> > server {
> >   listen 80 default;
> >   server_name server_domain_or_IP;
> >   root /usr/local/share/poudriere/html;
> > 
> >   location /data {
> >   alias /usr/local/poudriere/data/logs/bulk;
> >   autoindex on;
> >   }
> > 
> >   location /packages {
> >   root /usr/local/poudriere/data;
> >   autoindex on;
> >   }
> >   }
> > }
> > 
> > obhttpd uses chroot, so I will have to point it to /usr/local/poudriere.
> > 
> > Any hints on getting this on openbsd httpd conf file?
> > 
> > Thanks,
> > 
> > Nuno
>
> Teach poudriere to store logs to /var/www/usr/local/poudriere/data/logs/bulk
>

Or the less safe easier way...

chroot "/"



Re: Syspatch

2020-01-16 Thread Edgar Pettijohn


On Jan 16, 2020 8:09 AM, Christer Solskogen  
wrote:
>
> On Thu, Jan 16, 2020 at 1:45 PM Jan Betlach  wrote:
>
> >
> > Any ideas what is wrong? Might as well be a pebkac I am unaware of…
> >
> >
> Clock out of sync?

I have seen this a few times and it was always my system clock out of whack. 
Might be as easy as making sure ntpd is running.



Re: OpenBSD's extremely poor network/disk performance?

2020-01-07 Thread Edgar Pettijohn


On Jan 7, 2020 9:18 AM, Joe Greco  wrote:
>
> On Tue, Jan 07, 2020 at 02:47:02PM +, cho...@jtan.com wrote:
> > Hamd writes:
> > > It's 2020 and it's -still- sad to see OpenBSD -still- has the
> > > ... lists full of the uninteresting type of wine and that their
> > > twitterings -still- don't include any code.
> > 
> > Yes. Yes it is.
> > 
> > Can't say much for the performance of a suite of servers which have
> > all been taken down to handle the security threat du jour.
>
> Well, that's kind of ridiculous, that's not generally how threats are
> remediated in the real world.
>
> If you take a server down for 15 minutes to apply patches to Insecure-
> But-ZippyBSD, once a week, you get 99.85% uptime and presumably it is
> performing lots faster during that 99.85%, but admittedly performs at 
> zero during the patch process.  Redundancy can cover that in many
> cases.
>
> A different argument could be that if you require a particular level of
> performance, and you have to deploy more compute resources to get it,
> that increases capex and opex, and the end result is a greater level of
> e-waste down the road, and perhaps a greater amount of pollution if the
> power is generated from "bad" sources.
>
> In reality, when you dig down, often you find that there's another
> reason for the issue.  I was recently trying to substitute libressl
> into an openssl environment.  Performance tanked.  Some checking
> showed the speed of "speed -evp aes-256-gcm" was way off.  It looked 
> to me like it was an issue with not using AES-NI.  I'm not going to
> blame libressl for that, I just lacked the time to do a deep dive on
> it to figure out what was (hopefully!) configured wrong.  Probably
> something with ia32cap or whatever the libressl equivalent is.
>
> ... JG

I believe it has something to do with actually zeroing out memory before 
freeing it. Which seems like a good thing to do for crypto stuff.

Edgar

> -- 
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "The strain of anti-intellectualism has been a constant thread winding its way
> through our political and cultural life, nurtured by the false notion that
> democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
>



Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Edgar Pettijohn



On 2020-01-02 16:52, Marc Chantreux wrote:

You have something like 3 lines of perl to play with ;)

is there a todo list somewhere ?



find /usr/src -name '*.pm' | xargs grep XXX

Shows some promising results.


Edgar


regards
marc





Re: sending mail from wordpress

2020-01-02 Thread Edgar Pettijohn


On Jan 2, 2020 7:21 AM, Jiri B  wrote:
>
> https://wordpress.org/plugins/post-smtp/
>

This looks promising. 

Thanks,

Edgar
> j.
>
> On Thu, Jan 2, 2020 at 1:44 PM Stuart Henderson  wrote:
>
> > On 2020-01-02, Edgar Pettijohn  wrote:
> > > I'm having trouble getting mail to go through wordpress.
> >
> > Confogure it to send by SMTP instead. (I don't use wordpress and can't
> > help tell you exactly how, but it's definitely possible - search for
> > e.g. "wordpress smtp authentication").
> >
> > > The mail() function is not disabled. If my reading of
> > > class-phpmailer.php is correct it should see that sendmail_path is
> > > defined and use sendmail instead of mail().
> >
> > Using mail() needs a /bin/sh binary inside the chroot jail. You are
> > better off avoiding mail() where possible.
> >
> >
> >



Re: sending mail from wordpress

2020-01-02 Thread Edgar Pettijohn


On Jan 2, 2020 6:27 AM, Stuart Henderson  wrote:
>
> On 2020-01-02, Edgar Pettijohn  wrote:
> > I'm having trouble getting mail to go through wordpress.
>
> Confogure it to send by SMTP instead. (I don't use wordpress and can't
> help tell you exactly how, but it's definitely possible - search for
> e.g. "wordpress smtp authentication").

Will do.

>
> > The mail() function is not disabled. If my reading of 
> > class-phpmailer.php is correct it should see that sendmail_path is 
> > defined and use sendmail instead of mail().
>
> Using mail() needs a /bin/sh binary inside the chroot jail. You are
> better off avoiding mail() where possible.
>
>

/bin/sh is present. I tested with chroot /var/www /bin/sh which works. Jus 
complains about not having a tty. Maybe I need to populate /dev but that 
doesn't seem necessary.

Thanks,

Edgar



sending mail from wordpress

2020-01-01 Thread Edgar Pettijohn

I'm having trouble getting mail to go through wordpress.

I have femail installed as /var/www/usr/sbin/sendmail.

In /etc/php-7.1.ini I have:

sendmail_path = "/usr/sbin/sendmail -f ed...@pettijohn-web.com"


I can:

echo "HI" | chroot /var/www /usr/sbin/sendmail -f 
ed...@pettijohn-web.com testaddress


and the mail goes through.


However, I get the following from wordpress.

The email could not be sent. Possible reason: your host may have 
disabled the mail() function.



The mail() function is not disabled. If my reading of 
class-phpmailer.php is correct it should see that sendmail_path is 
defined and use sendmail instead of mail().


Any help is appreciated.


Thanks,


Edgar




Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

2019-12-30 Thread Edgar Pettijohn



On 2019-12-30 18:07, ansim...@tutanota.com wrote:

Hi,

I'd like to bring up the following suggestion:

Would it be desirable for the OpenBSD project to replace Perl with Lua
in the base system? A smaller base afforded to by Lua will reduce the
attack surface and complexity of the OpenBSD project as a whole.

   The source contains around 24000 lines of C. Under 64-bit Linux, the
   Lua interpreter built with all standard Lua libraries takes 247K and
   the Lua library takes 421K. - https://www.lua.org/about.html

   Lua is free open-source software, distributed under a very liberal
   license (the well-known MIT license).
   - https://www.lua.org/about.html

I recognize that this will involve a massive multi-year undertaking and
I'd like to be part of the effort if it were to arise.

Cheers,
ansimita



I like lua as a whole, however it isn't extremely useful for system 
administration tasks.


Which I believe is likely the reason for Perl's inclusion.


Edgar



Re: The OpenBSD talk at 36c3

2019-12-30 Thread Edgar Pettijohn


On Dec 30, 2019 5:31 AM, Kevin Chadwick  wrote:
>
>
> > I liked the presentation.  An excerpt from https://isopenbsdsecu.re/about/:
> >> This website was done because studying mitigations is fun, not to get 
> >> involved in a huge flamewars or endless bike-shedding on mailing lists.
>
> It is not my place to comment, however I will say that it did not read to me 
> as
> unbiased. Perhaps things like embargos were mentioned in the video. There are
> significant mis-understandings and perhaps mis-informations, with at times
> oppositional mistakes in the slides. My initial opinion is that very limited
> research effort happened to aid credibility, not in order to create a fair and
> comprehensive report.
>
> I welcome the praise on unveil and pledge though. It would be nice, if there 
> was
> an OpenBSD version of GCP app engine for the less serious but easily scalable
> web services!
>

Even on points where they showed OpenBSD as being late to the game they always 
finished first. I researched Linux seccomp awhile back. It is a mess to use 
compared to a couple of lines of pledge/unveil. Much better long term to get it 
right so it's useable.

Edgar



Re: Re-organising partitions without re-installation

2019-12-23 Thread Edgar Pettijohn


On Dec 23, 2019 4:42 PM, rgci...@disroot.org wrote:
>
> December 24, 2019 4:42 AM, "Dumitru Moldovan"  wrote:
>
> > On Sun, Dec 22, 2019 at 10:56:20AM +1000, Stuart Longland wrote:
> > 
> >> So, a few years ago now, I deployed a router VM with OpenBSD 6.1 AMD64.
> >> Later that got updated to 6.2, then 6.3, 6.4…
> >> 
> >> Yesterday I updated it to 6.5, then 6.6… now I'm trying to run syspatch:
> > 
> > I have a similar issue with my desktop. I tried to outsmart the
> > automatic installer to squeeze as much space as possible for /home on a
> > desktop with an 80GB SSD. Which worked out OK for a few upgrade cycles,
> > always from stable version to next stable version.
> > 
> > However, after a couple of years, I had to unbreak an update that didn't
> > fit any more in /usr. To my surprise, I had lots of old libs from
> > previous releases left on disk. Had to manually remove a few of the
> > older unused libs from /usr to be able to redo the update successfully.
> > 
> > My understanding is that this is by design. In an update, some libs are
> > overwritten (if they keep the same file name), but others are left on
> > disk (theoretically unused) when lib versions are incremented. I can
> > see a few ways in which this eases updates for people following
> > -current, such as the OpenBSD devs, so it's a small price to pay.
>
> one thing that is useful is sysclean(8)
>
> my process now after a doas sysupgrade is
> 1) doas sysclean; and review the output
> 2) vise /etc/sysclean.ignore; so that sysclean ignores special files i created

Just wanted to emphasize step 2 above or else you will delete stuff you 
shouldn't.


> 3) doas sysclean | xargs doas rm -rf
>
> yorosiku ~
>

+1 for sysclean



Re: What do you use to generate invoices on OpenBSD?

2019-12-22 Thread Edgar Pettijohn
I don't, but I wonder if there is a WordPress or similar way to do it. That way 
you have a searchable database plus you can just pull it up on your browser and 
print it out. Just a thought.

Edgar
On Dec 22, 2019 4:14 AM, cho...@jtan.com wrote:
>
> Mikolaj Kucharski writes:
> > Hi,
> >
> > Do you generate invoices on OpenBSD? What do you recommend? If you have
>
> I use nmh to compose an email to my accountant saying something
> along the lines of "please generate the next invoice for work X at
> company Y" and a few hours or days later an invoice -- an opaque
> object with bureaucratic purposes I am more than happy to keep
> encapsulated in their own domain, which is firmly not mine -- shows
> up in my inbox. It even gets automatically forwarded to the client!
>
> Other email software would also work.
>
> Matthew
>



Re: Installing OpenBSD -current snapshots

2019-11-28 Thread Edgar Pettijohn


On Nov 28, 2019 2:15 AM, Bruno Flueckiger  wrote:
>
> On 27.11., Clay Daniels wrote:
> > I have successfully installed OpenBSD 6.6 release and would like to give
> > the Current Snapshots a try. I went to a mirror, and to:
> >
> > Index of /pub/OpenBSD/snapshots/amd64/
> >
> > I saw install66.fs (probably for usb memstick) and install66.iso (surely
> > for a cd/dvd) at ~450Mb. I picked the install66.fs, wrote it to a usb
> > thumbdrive, and it starts the install. When i get into the install it asks
> > where are the file sets? Humm, maybe it gets these online and it tries to
> > do this but no luck. It was late last night, and I checked to see if it had
> > written anything to my disk, which it had not, and went to bed. This
> > evening I'm looking a bit deeper at the snapshot directory and I suspect I
> > need to provide the install with base66.tzg at ~239Mb.
> >
> > My question now is after downloading the base, do I need to un-tar it, and
> > how to I provide it to the install? I wrote the install66.fs to the usb
> > with the dd command. Not clear to me how to either manually copy the base
> > file set to the usb, or maybe leave it on an accessible directory on my
> > machine. Any help would be appreciated.
> >
> > Clay Daniels
>
> I would recommend using sysupgrade(8) with the parameter -s to you.
>
> Cheers,
> Bruno
>

It's a fresh install unfortunately.



Re: Installing OpenBSD -current snapshots

2019-11-27 Thread Edgar Pettijohn
On Wed, Nov 27, 2019 at 08:05:30PM -0600, Clay Daniels wrote:
> I have successfully installed OpenBSD 6.6 release and would like to give
> the Current Snapshots a try. I went to a mirror, and to:
> 
> Index of /pub/OpenBSD/snapshots/amd64/
> 
> I saw install66.fs (probably for usb memstick) and install66.iso (surely
> for a cd/dvd) at ~450Mb. I picked the install66.fs, wrote it to a usb
> thumbdrive, and it starts the install. When i get into the install it asks
> where are the file sets? Humm, maybe it gets these online and it tries to
> do this but no luck. It was late last night, and I checked to see if it had
> written anything to my disk, which it had not, and went to bed. This
> evening I'm looking a bit deeper at the snapshot directory and I suspect I
> need to provide the install with base66.tzg at ~239Mb.
> 
> My question now is after downloading the base, do I need to un-tar it, and
> how to I provide it to the install? I wrote the install66.fs to the usb
> with the dd command. Not clear to me how to either manually copy the base
> file set to the usb, or maybe leave it on an accessible directory on my
> machine. Any help would be appreciated.
> 
> Clay Daniels

I noticed this also, but hadn't had time to figure out if I had messed up or
the installer had. As a general rule I assume its me that messed up. Its odd
if you mount the install66.fs you can see the pub/amd64 directory, but during
installation it can't seem to find the directory regardless of what I have 
tried.

Edgar



Re: Starting redis fails with 'Bus error (core dumped)'

2019-11-17 Thread Edgar Pettijohn


On Nov 17, 2019 3:21 PM, Consus  wrote:
>
> On 22:05 Sun 17 Nov, Unicorn wrote:
> > On Sun, 2019-11-17 at 23:22 +0300, Consus wrote:
> > > On 16:25 Sun 17 Nov, Unicorn wrote:
> > > > After installing redis (and rspamd), before having modified any
> > > > part of
> > > > redis, starting redis with 'rcctl start redis' fails. I then tried
> > > > running the binary itself in /usr/local/sbin/redis-server, which
> > > > only
> > > > returns 'Bus error (core dumped)'.
> > > > 
> > > > I changed the log level in the '/etc/redis/redis.conf' to debug,
> > > > but do
> > > > not get any more information about the reason for failure. Running
> > > > 'grep -R redis /var/log/' did not give me any information either,
> > > > and
> > > > after changing the log level to debug, the only thing that changed
> > > > is
> > > > an unreadable 'redis-server.core' file appearing in '/var/log'.
> > > 
> > > Please, post the output of
> > > 
> > > # gdb /usr/local/sbin/redis-server /var/log/redis-server.core
> > > 
> > 
> > Output:
> > 
> > GNU gdb 6.3
> > Copyright 2004 Free Software Foundation, Inc.
> > GDB is free software, covered by the GNU General Public License, and
> > you are
> > welcome to change it and/or distribute copies of it under certain
> > conditions.
> > Type "show copying" to see the conditions.
> > There is absolutely no warranty for GDB.  Type "show warranty" for
> > details.
> > This GDB was configured as "arm-unknown-openbsd6.6"...(no debugging
> > symbols found)
> > 
> > Core was generated by `redis-server'.
> > Program terminated with signal 10, Bus error.
> > (no debugging symbols found)
> > Loaded symbols for /usr/local/sbin/redis-server
> > Reading symbols from /usr/lib/libm.so.10.1...done.
> > Loaded symbols for /usr/lib/libm.so.10.1
> > Reading symbols from /usr/lib/libpthread.so.26.1...done.
> > Loaded symbols for /usr/lib/libpthread.so.26.1
> > Reading symbols from /usr/local/lib/liblua5.1.so.5.1...done.
> > Loaded symbols for /usr/local/lib/liblua5.1.so.5.1
> > Reading symbols from /usr/lib/libc.so.95.1...done.
> > Loaded symbols for /usr/lib/libc.so.95.1
> > Reading symbols from /usr/libexec/ld.so...Error while reading shared
> > library symbols:
> > Dwarf Error: wrong version in compilation unit header (is 4, should be
> > 2) [in module /usr/libexec/ld.so]

May need to install egdb from ports. Not sure what the deal is with the damn 
Dwarf but using egdb generally works for me.


> > #0  0x133f3834 in SHA1Final () from /usr/local/sbin/redis-server
> > (gdb) 
>
> Damn it, on Linux it prints backtrace by default. Type `bt' in the gdb
> prompt and post the output.
>



Re: Best Practices for growing disk partitions on a server

2019-11-17 Thread Edgar Pettijohn


On Nov 17, 2019 2:35 PM, Lev Lazinskiy  wrote:
>
> Hi folks, 
>
> I am new to openBSD, so forgive me if I am missing something obvious. 
>
> I recently installed openBSD on a server using the auto-partition layout
> during installation and am quickly starting to run out of disk space. 
>
> I have read the section in the FAQ [1] regarding how to grow a disk
> partition, but I am confused on the best way to actually do this. 
>
> Specifically, I am trying to grow /usr and /home but they are "busy"
> when I try to follow these steps on a running server. 
>

You must umount them first.


> Is the assumption that you are supposed to reboot the server with the 
> ISO attached and pop into a shell to complete these steps?
>
> [1] https://www.openbsd.org/faq/faq14.html#GrowPartition
>
> -- 
> Lev Lazinskiy
>

If it's a fresh install probably be easier to just reinstall and size 
partitions how you need them.

Edgar



Re: auto_upgrade.conf et al man pages or documentation?

2019-10-17 Thread Edgar Pettijohn
On Thu, Oct 17, 2019 at 03:15:16PM -0700, Chris Bennett wrote:
> On Fri, Oct 18, 2019 at 10:56:07AM +1300, Shane Lazarus wrote:
> > 
> > So, I just ran sysupgrade with no options to see what would happen.
> > 
> > Unsurprisingly, it proceeded to install ALL of the sets, without bothering
> > to prompt me, or apparently taking note of what was previously selected
> > during the initial install of 6.5.
> > 

It does exactly what the manual says it does.

> > This is an undesirable trait, with neither apparent documentation or what I
> > would consider to be sane defaults.
> > 

I bet they are sane for the developers.

> > If someone would be so kind as to point me in the right direction for how
> > to prevent sysupgrade from being unsane, it would be much appreciated.
> > 

You would have to define unsane, but `sysupgrade -n' would be a first step.

Edgar



Re: Can minecraft run on OpenBSD i386 with less than 2Gb Ram ?

2019-10-05 Thread Edgar Pettijohn


On Oct 5, 2019 8:02 AM, Solene Rapenne  wrote:
>
> On Sat, Oct 05, 2019 at 12:20:09PM +0100, Tom Smyth wrote:
> > Hi all,
> > My 5 year old son as a laptop .. Running OpenBSD 6.5 stable and im trying
> > to
> > I figured current would be a little tricky for him :) ...
> > I have tried to get minecraft working on it but I think I probably don't
> > have enough ram...
> > I have tried upping the staff limits in limits .conf etc..
> > there also seems to be a bug with the current launcher that is included in
> > ports
> > as there is a "you need java script enabled to view this site" message
> > displayed on the launcher after you click the play button ...
> > 
> > Perhaps I just need to shell out for a laptop that will run x86-64 ..  :)
> > 
> > Kindest regards,
> > Tom Smyth.
>
> I think it can run, but you may prefer running games/minetest, it's an
> opensource minecraft clone which requires a LOT less ressources and
> which should bring a lot of fun too.
>
> The main difference would be the lack of monsters, less blocks and no
> redstone, but there are lots of mods to fill thoses gaps IIRC.
>

I enjoyed minetest. He should too. My son eventually outgrew it and wanted the 
real deal at around 8. I don't remember if I tried to install it on OBSD or 
not. It currently lives on a Debian amd64 desktop where it runs pretty good. 
Plus there is an official .deb package which makes things easier for me.

Good luck.

Edgar



Re: OpenSMTPD filters and "Masquerading"

2019-10-04 Thread Edgar Pettijohn
Search the opensmtpd mailing list archives. I believe someone posted an awk 
script that does this or at least something similar.

Good luck,

Edgar
On Oct 4, 2019 3:08 AM, Jon Arlund  wrote:
>
> Hi misc,
> I was delighted to see the inclusion of OpenSMTPD filters in the latest 
> snapshot.
> Knowing this has been a frequently requested feature, does someone know 
> if/how filters could be used to implement domain rewriting/masquerading of 
> the From header in the DATA section?
> I know the "senders" parameter in combination with the "masquerade" option is 
> capable of rewriting the From header for authenticated users. Unfortunately, 
> we still have legacy systems that don't support SMTP authentication but are 
> allowed to relay messages based on their IP address.
> Any information will be greatly appreciated.
> Kind regards,
> Jon



ugen0 chatter on xconsole

2019-09-29 Thread Edgar Pettijohn
I'm guessing someone is working on some ugen code or something similar. Not 
sure exactly when it started, but around 6.4-6.5 my xconsole never told me much 
of anything. Starting about 2 weeks ago on current it won't shut up about ugen0 
detached ...

If this information would be useful to anyone let me know. Will gladly test any 
diffs, etc.

dmesg porn attached.

Edgar


OpenBSD 6.6-beta (GENERIC.MP) #331: Sat Sep 28 18:20:42 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4156157952 (3963MB)
avail mem = 4017500160 (3831MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
bios0: vendor LENOVO version "83ET67WW (1.37 )" date 11/28/2011
bios0: LENOVO 4177RVU
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT 
SSDT UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EHC1(S3) EHC2(S3) 
HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2492.33 MHz, 06-2a-07
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=0 observed drift=0
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
TSC skew=-10
cpu1: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=-10 observed drift=0
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
TSC skew=-2
cpu2: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=-2 observed drift=0
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
TSC skew=-2
cpu3: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2491.91 MHz, 06-2a-07
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=-2 observed drift=0
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 98 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
tpm0 at acpi0: TPM_ addr 0xfed4/0x5000, device 0x104a rev 0x4e
acpibat0 at acpi0: BAT0 model "42T4791" serial 10674 type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: VID_
acpivout at acpivideo0 not configured
acpivideo1 at acpi0: VID_
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800,

Re: Desktop full text search

2019-09-18 Thread Edgar Pettijohn


On Sep 18, 2019 10:37 AM, Oriol Demaria  wrote:
>
> So finding some code between large amounts of repos can be tricky. I 
> don't use Gnome or KDE so I was wondering what do people use for this. 
> Been looking at the ports and I see Xapian and others. Any advice on a 
> nice setup?
>
> Regards,
>
> -- 
> Oriol Demaria
> 2FFED630C16E4FF8
>
Not sure exactly what you need but cscope may be a candidate.

http://cscope.sourceforge.net/



plackup and httpd

2019-09-16 Thread Edgar Pettijohn
Not sure if I'm just dense, but it took awhile to figure this out. So I'm just 
posting here to
help out the next person that needs to know and happens upon this in the 
archives.

doas plackup -s FCGI --listen /var/www/run/psgi.sock myapp.psgi

#/etc/httpd.conf

location "/*" {
fastcgi socket "/run/psgi.sock"
}

If anyone has any advice to improve upon this please share.

Thanks,

Edgar



man.openbsd.org/table.5

2019-09-08 Thread Edgar Pettijohn
Not sure if its just me or not, but I was looking at the table(5) manual online 
and sections look odd.

Particularly `Mailaddr tables' and `Addrname tables'.

Thanks,

Edgar



Re: ldapd hangs/stalls

2019-08-28 Thread Edgar Pettijohn
:\
>     :maxproc-max=512:\
>     :maxproc-cur=256:\
>     :ignorenologin:\
>     :requirehome@:\
>     :tc=default:
>
> #
> # Authpf accounts get a special motd and shell
> #
> authpf:\
>     :welcome=/etc/motd.authpf:\
>     :shell=/usr/sbin/authpf:\
>     :tc=default:
>
> #
> # Building ports with DPB uses raised limits
> #
> pbuild:\
>     :datasize-max=infinity:\
>     :datasize-cur=4096M:\
>     :maxproc-max=1024:\
>     :maxproc-cur=256:\
>     :tc=default:
>
> #
> # Override resource limits for certain daemons started by rc.d(8)
> #
> bgpd:\
>     :openfiles=512:\
>     :tc=daemon:
>
> unbound:\
>     :openfiles=512:\
>     :tc=daemon:
>
> ldap:\
>     :openfiles=512:\
>     :tc=daemon:
>

May need to use rcctl to change it's class to ldap.

Untested:
rcctl set ldapd class ldap

Edgar



Re: What is you motivational to use OpenBSD

2019-08-28 Thread Edgar Pettijohn
It's easy to upgrade. I'm never worried that upgrading will break something. As 
far as BSD's go it's the easiest to get a desktop going. Since x is in base you 
just have to do a few pkg_add's. And those packages will be built the way you 
expect 9 out of 10 times. 

Edgar
On Aug 28, 2019 3:37 PM, Daniel Ouellet  wrote:
>
> On 8/28/19 10:32 AM, Mohamed salah wrote:
> > I wanna put something in discussion, what's your motivational to use
> > OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> > fine on openbsd and you love this os so much what will do?
>
> - Simplicity.
> - Clean
> - Lean and Slim
> - Work as advertise
> - Secure
>
> And the most important fact a few decades ago got me turn to OpenBSD
> without ever turning back is the man page.
>
> I can't say how many times I wasted trying to figure out how to get shit
> working on other Linux flavors and simply give up.
>
> I have to say I am short of time and anything that make me save some it
> a plus for me. So when I discover OpenBSD totally by mistake, I never
> look back.
>
> My son tells me that some Linux have improved their man page some today,
> but some to me mean nothing and I really could case less.
>
> However searching for ever and reading a lots of stuff that you realize
> simply doesn't apply drives me nuts.
>
> I am sure the list is difference for everyone, instead of asking just
> try it and see for yourself.
>
> No one will know more then you what you are looking for or like.
>



Re: build with DEBUG defined

2019-08-06 Thread Edgar Pettijohn


On Aug 6, 2019 8:51 PM, Gleydson Soares  wrote:
>
> On Tue, Aug 06, 2019 at 06:55:15PM -0500, Edgar Pettijohn wrote:
> > I'm trying to build smtpd with `-g'. I tried the following:
> > 
> > deathstar$ make -DDEBUG
> > ===> smtpd
> > yacc  -o parse.c /usr/src/usr.sbin/smtpd/smtpd/../parse.y
> > cc -O2 -pipe 1 -fstack-protector-all -I/usr/src/usr.sbin/smtpd/smtpd/.. 
> > -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations 
> > -Wshadow -Wpointer-arith -Wcast-qual -Wsign-compare 
> > -Werror-implicit-function-declaration -DIO_TLS -DQUEUE_PROFILING  -MD -MP  
> > -c /usr/src/usr.sbin/smtpd/smtpd/../aliases.c
> > cc: error: no such file or directory: '1'
> > *** Error 1 in smtpd (:87 'aliases.o')
> > *** Error 1 in /usr/src/usr.sbin/smtpd (:48 'all')
> > 
> > I then tried:
> > 
> > deathstar$ cat /etc/mk.conf
> > DEBUG=1
> > 
> > deathstar$ make
> > ===> smtpd
> > yacc  -o parse.c /usr/src/usr.sbin/smtpd/smtpd/../parse.y
> > cc -O2 -pipe 1 -fstack-protector-all -I/usr/src/usr.sbin/smtpd/smtpd/.. 
> > -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations 
> > -Wshadow -Wpointer-arith -Wcast-qual -Wsign-compare 
> > -Werror-implicit-function-declaration -DIO_TLS -DQUEUE_PROFILING  -MD -MP  
> > -c /usr/src/usr.sbin/smtpd/smtpd/../aliases.c
> > cc: error: no such file or directory: '1'
> > *** Error 1 in smtpd (:87 'aliases.o')
> > *** Error 1 in /usr/src/usr.sbin/smtpd (:48 'all')
> > 
> > It builds without DEBUG defined. Any suggestions?
>
> DEBUG=-g
> see mk.conf manpage.
>

The manual says that defining DEBUG adds -g to assembly not that DEBUG should 
be set to -g.  Either way I will give it a shot tomorrow. If it works seems 
like the manual could be a little more informative.

Thanks,

Edgar
> > 
> > Thanks,
> > 
> > Edgar
> > 



build with DEBUG defined

2019-08-06 Thread Edgar Pettijohn
I'm trying to build smtpd with `-g'. I tried the following:

deathstar$ make -DDEBUG
===> smtpd
yacc  -o parse.c /usr/src/usr.sbin/smtpd/smtpd/../parse.y
cc -O2 -pipe 1 -fstack-protector-all -I/usr/src/usr.sbin/smtpd/smtpd/.. -Wall 
-Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow 
-Wpointer-arith -Wcast-qual -Wsign-compare 
-Werror-implicit-function-declaration -DIO_TLS -DQUEUE_PROFILING  -MD -MP  -c 
/usr/src/usr.sbin/smtpd/smtpd/../aliases.c
cc: error: no such file or directory: '1'
*** Error 1 in smtpd (:87 'aliases.o')
*** Error 1 in /usr/src/usr.sbin/smtpd (:48 'all')

I then tried:

deathstar$ cat /etc/mk.conf
DEBUG=1

deathstar$ make
===> smtpd
yacc  -o parse.c /usr/src/usr.sbin/smtpd/smtpd/../parse.y
cc -O2 -pipe 1 -fstack-protector-all -I/usr/src/usr.sbin/smtpd/smtpd/.. -Wall 
-Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow 
-Wpointer-arith -Wcast-qual -Wsign-compare 
-Werror-implicit-function-declaration -DIO_TLS -DQUEUE_PROFILING  -MD -MP  -c 
/usr/src/usr.sbin/smtpd/smtpd/../aliases.c
cc: error: no such file or directory: '1'
*** Error 1 in smtpd (:87 'aliases.o')
*** Error 1 in /usr/src/usr.sbin/smtpd (:48 'all')

It builds without DEBUG defined. Any suggestions?

Thanks,

Edgar



Re: ampd(8) -Z option

2019-08-04 Thread Edgar Pettijohn


On Aug 4, 2019 12:10 PM, Walter Alejandro Iglesias  wrote:
>
> Hi Edgar,
>
> On Sun, Aug 04, 2019 at 11:43:19AM -0500, Edgar Pettijohn wrote:
> > On Sun, Aug 04, 2019 at 05:33:41PM +0200, Walter Alejandro Iglesias wrote:
> > > Hello,
> > > 
> > > Since years I've been using a shell script of mine to shutdown my laptop
> > > when battery is critical.  Convenient because I made it portable among
> > > unix-like systems.  In the case of OpenBSD the script asks battery and
> > > AC status to apm(4).
> > > 
> > > Now I gave a try to the apmd(8) -Z option but, so far, I couldn't make
> > > it work in a reliable way.  I added to rc.conf.local:
> > > 
> > >  apmd_flags="-A -Z 20"
> > > 
> > > But, after doing some tests, sometimes it works, other it seems like
> > > it's totally ignored.
> > 
> > Is your laptop plugged in during the tests? 
>
> First of all, thank you for answering. :-)
>
> The cable is plugged to a multiple socket that has and interrupter.  I
> cut the energy from there while doing the tests, mainly because I'm
> interested it work in that way.
>
> I'm not an electricity expert but I think I understand why you're asking
> that question.  If the AC cable is connected to the laptop, even when in
> the other end it's not connected to the source, since the converter
> holds some residual voltage could make the laptop think it's still
> connected to the main source, right?  But when the source is cut (in the
> way I explained above,) apm(4) correctly says the AC power is
> "disconnected," that's why I assumed apmd(8) should not be tricked by
> the converter.
>

Sounds good. I also have to add -t 60 for it to work on my laptop. Probably has 
a lot to do with the quality of the battery.

Edgar
> > 
> > Edgar
> > 
> > > 
> > > Curious because power management seems to work fine in my T410.  It
> > > sleeps, resumes and hibernates perfectly.  /var/log/messages and 'apmd
> > > -d' don't show significant errors.  Do I need to set something else, add
> > > some -t value to ampd command or some script to /etc/apm?
> > > 
> > > 
> > > Walter
> > > 
>



Re: ampd(8) -Z option

2019-08-04 Thread Edgar Pettijohn
On Sun, Aug 04, 2019 at 05:33:41PM +0200, Walter Alejandro Iglesias wrote:
> Hello,
> 
> Since years I've been using a shell script of mine to shutdown my laptop
> when battery is critical.  Convenient because I made it portable among
> unix-like systems.  In the case of OpenBSD the script asks battery and
> AC status to apm(4).
> 
> Now I gave a try to the apmd(8) -Z option but, so far, I couldn't make
> it work in a reliable way.  I added to rc.conf.local:
> 
>  apmd_flags="-A -Z 20"
> 
> But, after doing some tests, sometimes it works, other it seems like
> it's totally ignored.

Is your laptop plugged in during the tests? 

Edgar

> 
> Curious because power management seems to work fine in my T410.  It
> sleeps, resumes and hibernates perfectly.  /var/log/messages and 'apmd
> -d' don't show significant errors.  Do I need to set something else, add
> some -t value to ampd command or some script to /etc/apm?
> 
> 
>   Walter
> 



sysupgrade

2019-07-27 Thread Edgar Pettijohn
I had been neglecting trying out sysupgrade because I didn't see how you 
could make what is already an easy process any easier. I was mistaken.
It worked like a charm and somehow even easier than before.

Thanks!!

Edgar



Re: perl privilege drop

2019-07-25 Thread Edgar Pettijohn


On Jul 24, 2019 9:06 PM, Andrew Hewus Fresh  wrote:
>
> On Sat, Jul 20, 2019 at 07:20:23PM -0500, Edgar Pettijohn wrote:
> > Is there a standard OpenBSD approved method for dropping privileges in
> > a perl server? Currently looking into Privileges::Drop, but since it
> > isn't in base makes me curious if there is a better way.
>
>
> It's relatively easy to do it yourself like I did in this Plack example.
>
> https://gist.github.com/afresh1/558fc0b4dfbeab0fbd59
>
>     use POSIX qw( setuid setgid );
>     chroot $root || die "Couldn't chroot to $root: $!";
>     setgid($gid) || die "Couldn't setgid $group [$gid]: $!";
>     setuid($uid) || die "Couldn't setuid $user [$uid]: $!";
>

That's too easy. I was expecting it to be more difficult.

Thanks,

Edgar
> I don't know exactly what you're looking for though, so maybe
> OpenBSD::Pledge(3p) or OpenBSD::Unveil(3p) are more what you want?
>
> http://man.openbsd.org/OpenBSD::Pledge
> http://man.openbsd.org/OpenBSD::Unveil
>
>
> l8rZ,
> -- 
> andrew - http://afresh1.com
>
> ($do || !$do) && undef($try) ;  # Master of Perl, Yoda is.  H?
>



Re: makewhatis for man page changes

2019-07-24 Thread Edgar Pettijohn
man 5 man.conf

Need to add /usr/local/man to your manpath.
On Jul 24, 2019 11:39 AM, Jungle Boogie  wrote:
>
> Hi All,
>
> Turns out I don't know everything and I need to read man pages from
> time-to-time. I'm sure you're like me and also want to consult the man pages.
> How do you do it on applications you've installed from source?
>
> Reading makewhatis.8, I think this is the tool I would use.
>
> # makewhatis -D -a /usr/local/share/man
> /usr/local/share/man//de/man1/nmap.1: Adding to database
> /usr/local/share/man//es/man1/nmap.1: Adding to database
> /usr/local/share/man//fr/man1/nmap.1: Adding to database
> /usr/local/share/man//hr/man1/nmap.1: Adding to database
> /usr/local/share/man//hu/man1/nmap.1: Adding to database
> /usr/local/share/man//it/man1/nmap.1: Adding to database
> /usr/local/share/man//ja/man1/nmap.1: Adding to database
> /usr/local/share/man//man1/aerc.1: Adding to database
> /usr/local/share/man//man1/curl-config.1: Adding to database
> /usr/local/share/man//man1/curl.1: Adding to database
> /usr/local/share/man//man1/dnscap.1: Adding to database
> /usr/local/share/man//man1/enchive.1.gz: Adding to database
> /usr/local/share/man//man1/endlessh.1: Adding to database
> ..
>
> but this doesn't work:
> $ man 1 nmap
> man: No entry for nmap in section 1 of the manual.
>
> What am I doing wrong?
>
> Thanks for any tips!
>
> $ sysctl kern.version
> kern.version=OpenBSD 6.5-current (GENERIC.MP) #139: Wed Jul 24 05:11:28 MDT 
> 2019
>     dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
>



Re: shell_exec() exec() and system() not working in php 5.6 openbsd 6.4

2019-07-22 Thread Edgar Pettijohn


On Jul 9, 2019 4:40 AM, mansoor  wrote:
>
> Hi,
> I am using OpenBSD 6.4 and php version 5.6, I am trying to execute shell
> commands through php file using exec, shell_exec or system (tried all of
> them) but none is working.
>
> Here is a sample code in my index.php file.
>
>  $output = shell_exec('ls -l');
> echo "$output";
> ?>
>
> Here is  link
> <https://stackoverflow.com/questions/56933389/run-exec-system-etc-command-using-php-openbsd>
>  
> to my stackoverflow question.
>
> I am stuck in this problem for about a week now.
> Please help me if anyone know about this.
> Thanks
>
>
>
> --
> Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
>

Is it possibly a chroot issue? Not sure what http server you are using.

Edgar



Re: OpenBSD Project

2019-07-21 Thread Edgar Pettijohn
In OpenBSD fashion.

--- email.orig  Sun Jul 21 19:12:04 2019
+++ email.new   Sun Jul 21 19:12:38 2019
@@ -7,7 +7,7 @@
 Perhaps the reason it has worked so long is because we don't have a
 sentence like this, which some may consider contentious, and use as
 reason to pick yet another infamous fight where they believe they know
-better than a quarter decade old project?
+better than a quarter century old project?
 
 It is pretty easy to see why people might misunderstand our approach
 of just getting shit done.  When I could not pay for electricity


Thanks for all the hard work regardless of the orginizational methods used.

Edgar



Re: OpenBSD Project

2019-07-21 Thread Edgar Pettijohn
> To everyone who took the time to respond, your responses were outstanding; if 
> only a short and sweet additional page could be added to the main OpenBSD 
> Project WWW site (e.g., under ???Project Team??? or ???Developers") that just 
> succinctly summarizes exactly what you all said.  For ???smaller??? projects 
> without formal governance I guess it all comes down to the people; I can see 
> how if you have a dedicated core of really good, passionate developers formal 
> by-laws and committees are superfluous, but then the question is how would 
> that be sustainable over the long term other than just by manually and 
> personally attracting and retaining the best on an ad hoc basis without a 
> codified, structured process.  But it seems to be clearly working here.
> 
> Downloaded the macppc port of OpenBSD 6.5 to install on a couple IBM PowerPC 
> 970/970MP-based Apple Power Mac G5 machines for a class project (I just need 
> some decent, reliable, no-frills servers, but I wanted to try using something 
> other than AMD64/x86-64-based machines for a change) with very low 
> expectations (after trying to install the macppc port of a peer Noteworthy 
> Excellent Tried-and-true BSD distribution which crashed immediately upon 
> running ofwboot off the install ISO), but the installer Just Worked!  I 
> don???t understand how this project is able to maintain a working legacy 
> macppc port with so few developers.

quality over quantity :)

> 
> All the best,
> Austin
> 
> ???If you want to change the future, start living as if you???re already 
> there.???  ???Lynn Conway
> 



perl privilege drop

2019-07-20 Thread Edgar Pettijohn
Is there a standard OpenBSD approved method for dropping privileges in a perl 
server? Currently looking into Privileges::Drop, but since it isn't in base 
makes me curious if there is a better way.

Thanks,

Edgar



Re: cd command, chdir syscall, shell behavour

2019-06-29 Thread Edgar Pettijohn


On Jun 29, 2019 5:50 PM, Ingo Schwarze  wrote:
>
> Hi Ian,
>
> ropers wrote on Sat, Jun 29, 2019 at 10:40:30PM +0200:
>
> > This relates to a long-standing annoyance: When I do `man kill` for
> > example, the manpage shown is for code that won't be what runs when I
> > do `kill `.
> > I suppose the general case is that there can be discrepancies between
> >
> >>> $ which kill
> >>> /bin/kill
> >>> $ type kill
> >>> kill is a shell builtin
> >
> > and perhaps `man kill` too (kill is just an example; the issue
> > generalises).
> > As much as this looks like a problem that wants solving, it's such a
> > long-standing and fundamental issue that I'm not sure what can be
> > done. Is there any sense in adding some checks to man(1) to ensure the
> > "wrong" information is not displayed?
>
> It isn't the wrong information.  The command
>
>   $ man kill
>
> means:
>
>   Show me the manual page with the name "kill".
>
> Clearly, that will be kill(1) and not ksh(1).
>
> If what you mean is:
>
>   Show me the manual pages documenting "kill", no matter whether
>   as a stand-alone command or an internal command built-in to another
>   program.
>
> Then you need to say:
>
>   $ man -k Ic,Nm=kill
>
> or something similar.
>
> > An added complication: When users are looking at the respective
> > sections for builtins in `man sh` vs `man ksh`, it may not always be
> > clear which description and behaviour would actually apply.
> > It's also very cumbersome to jump to the correct section e.g. in `man
> > ksh`, even if the user already knows what kind of command and
> > documentation to look for (which is half the battle). One way I
> > sometimes do that is:
> > >> $ man ksh
> > >> G?The following describes/
> > This obviously isn't ideal, but I have not found any applicable
> > shortcuts. Would it be possible to add some way to make it easier to
> > accomplish the task "show me the documentation of builtin  in man
> > ksh"?
>
> What's wrong with:
>
>   $ man -O tag=kill ksh
>
> It's documented in
>
>   $ man -O tag=tag mandoc
>
> Alternatively, type this:
>
>   man ksh:tkill
>
> As documented here:
>
>   $ man -O tag=MANPAGER man
>
> > Anyway, in an ideal world, typing man  would always show the
> > man page actually relevant to what the box would do if the user typed
> >  at the prompt.
>
> No.  That's not how man(1) is defined.  It's
>
>   usage: man [-acfhklw] [-C file] [-M path] [-m path] [-S subsection]
>  [[-s] section] name ...
>
> not
>
>   usage: man ... command ...
>
> Besides, how man(1) searches for the "name" should absolutely not
> depend on the shell the user is currently running.
>
> What next?  When you run
>
>   $ perl -e 'system qw(man kill)'
>
> you want to see the same as with:
>
>   $ perldoc -f kill
>
> > I don't know how this could be solved though; I'm just noticing that
> > there's much inconsistency and considerable possibility for user
> > confusion in that area.
>
> No man(1) begaves quite consistently and predictably.  You are
> merely confused about what the man(1) "name" argument is and how
> to search for internal commands of arbitrary programs instead.
>
> > As another aside:
> > On Ubuntu (and probably Debian), when the user types a command name
> > that does not correspond to any program actually installed, but that
> > *does* correspond to an executable present in a .deb package present
> > in currently configured repositories, the system will recommend that
> > package (sometimes several packages) and helpfully print what the user
> > would have to type to install said package(s).
>
> How revolting.  That's very contrary to the spirit of Unix.
> We certainly don't want to copy that.  No program should attempt
> to implement its very own partial solution for every *other* task
> under the sun, but instead focus on doiing its own task well.
>
> If you want to search for a manual page, use man(1).
> If you want to search for packages, use pkglocate(1).
>

I don't think this would be needed on openbsd as the default install has 
everything you need for a basic system and it's easy to add additional 
packages. However, as I learned when I set up a Debian box for my son to play 
Minecraft it didn't. So it was kinda nice when I typed ifconfig it informed me 
what package to install and I eventually got everything working no thanks to 
the piss poor manual pages provided.

Edgar

> This is pe

Re: crontab

2019-05-28 Thread Edgar Pettijohn


On May 28, 2019 3:14 PM, Carlos Aguilar  wrote:
>
> Hi,
>
> I am having lots of problems to execute a shell script at boot time.
>
> My crontab is as follows;
> >>
> SHELL=/bin/ksh
>
> @reboot $HOME/bin/app-ferre
> <<
> My shell script is as follows:
> >>
> #!/bin/ksh
>
> lua=/usr/local/bin/lua53
>
> for f in $(ls /home/alberto/app/service-*.lua) ;do
>     echo 'Initializing' $f '\n'
>     $lua $f &
> done
> >>
>
> Thanks for any help or advice,
>
> // Carlos

Have you tried using rc.local? May be easier.



Re: OpenBSD on Soekris net4801

2019-05-22 Thread Edgar Pettijohn


On May 22, 2019 6:05 PM, Chris Zakelj  wrote:
>
> When I set my 4801 up years and years ago, I did it by using an IDE>CF
> adapter on an old Athlon system I had hanging around rather than messing
> around with virtual images, PXE booting, or the like.  The Geode processor
> is roughly equivalent to a Pentium II, so use i386 images.  Past that, from
> my notes I have the console being set for 9600bps and vt220, and
> \etc\boot.conf
> set tty com0
>
> On Wed, May 22, 2019 at 2:08 PM Alberto Mijares  wrote:
>
> > Hi guys,
> >
> > I'm new on this list. Greetings everyone.
> >
> > Here is my case:
> >
> > I installed OpenBSD on a 4GB Flash Card by attaching the card to a
> > Bhyve VM as a "ahci-hd" custom drive. Then, booted the VM and disabled
> > a few of services. Also disabled kernel and libs randomization, since
> > it's not needed and the Soekris couldn't handle it. At the end, only
> > sshd, syslogd and ntpd are starting and and 73MB or RAM remain free.
> > Finally, I created a /etc/hostname.sis1 file with proper network
> > configuration, since the device name in the VM is not the same of the
> > interface of the Soekris.
> >
> > Now I should say: the serial console is not working for me, for some
> > reason I cannot get it working. I see garbage in the screen with all
> > possible combinations of speeds and other terminal configs.
> >
> > When I plug the CF in the Soekris, it won't boot properly. I think the
> > kernel is loaded and hangs at some point. Can't tell where, as
> > explained before. I know the boot is not finishing because I created a
> > /etc/rc.local in it doesn't do anything.
> >
> > I tried to edit /etc/fstab and change sd disk interface for wd. Not
> > working either.
> >
> > I also tried the bsd.rd but I'm not sure if I get a prompt or it also
> > hangs.
> >
> > Ideally, I would boot the Soekris and wait for network initialization
> > for connecting via SSH. Any suggestion?
> >
> > The only thing I haven't tried is the bsd.mp kernel, now that I think.
> > I'll give it a try and will be waiting for your feedback in the
> > meantime.
> >
> > Thanks in advance.
> >
> >
> > Alberto Mijares
> >
>

I tried doing the virtual image thing with mine and couldn't get it to work. I 
ended up doing the same. You can get cf to USB adapters fairly cheap. And did 
the initial install with my laptop then logged in and fixed the networking 
stuff. I later did a fresh install over pxe using the laptop as the ftpd 
server. This also worked well. I don't remember what it is but I had to disable 
something in the kernel for it to boot up after install. Don't judge me but 
mine is still running 6.2 because I'm too lazy to find it so I can upgrade.

Edgar



Re: ffs undelete was: Re: single user question

2019-05-18 Thread Edgar Pettijohn


On May 18, 2019 4:08 AM, Solène Rapenne  wrote:
>
> Le 2019-05-17 22:47, Edgar Pettijohn a écrit :
> > On May 17, 2019 3:14 PM, gwes  wrote:
> >> 
> >> 
> >> 
> >> On 5/17/19 2:34 PM, Nathan Hartman wrote:
> >> > On Fri, May 17, 2019 at 12:28 PM ropers  wrote:
> >> >
> >> >
> >> > In the history of the (Berkeley) Fast File System, has there ever been
> >> > an attempt to implement DOS-like undelete for FFS/UFS?
> >> >
> >> > Maybe that could work for "normal delete" while making available a 
> >> > separate
> >> > "secure delete" that cannot be un-deleted and furthermore overwrites the
> >> > deleted data with random garbage. Administrators could optionally force 
> >> > the
> >> > secure overwrite delete.
> >> >
> >> I haven't looked at e.g. zfs in a long time.
> >> 
> >> A journal-like system which held the deleted/overwritten files
> >> or a system of renaming wouldn't be *that* hard to instantiate
> >> There are some problems:
> >> (a) denial of service by writing and deleting huge [numbers, size] 
> >> files.
> >> (b) retention policy - under what conditions does the system
> >>   guarantee existence of backup files?
> >> (c) versioning - If I create & delete 'a' six times, how many copies 
> >> are
> >> held.
> >> (d) cost of undelete operation - it's not clear how to make
> >>  that efficient.
> >> 
> >> I'm sure people can find more.
> >> 
> >> A test version substituting a new open(2) and unlink(2) in libc would 
> >> be
> >> easy to make.
> >> 
> >> geoff steckel
> >> 
> > 
> > I'm thinking something like a trashcan. Where rm(1) actually just
> > moves the files to some predetermined location then on shutdown all
> > files older than some configureable date are actually unlinked.
> > 
> > Edgar
>
> you can write a shell script to move given parameters into a special 
> folder
> and make alias rm="that_script"
> and a rc script which empty this folder at boot/shutdown.
>

Im thinking putting the script in ~/bin/rm may be better long term. Either way 
just shows there isn't a pressing need to make code changes for what a couple 
lines of shell scripts can do fairly easily.

Edgar



Re: ffs undelete was: Re: single user question

2019-05-17 Thread Edgar Pettijohn


On May 17, 2019 3:14 PM, gwes  wrote:
>
>
>
> On 5/17/19 2:34 PM, Nathan Hartman wrote:
> > On Fri, May 17, 2019 at 12:28 PM ropers  wrote:
> >
> >
> > In the history of the (Berkeley) Fast File System, has there ever been
> > an attempt to implement DOS-like undelete for FFS/UFS?
> >
> > Maybe that could work for "normal delete" while making available a separate
> > "secure delete" that cannot be un-deleted and furthermore overwrites the
> > deleted data with random garbage. Administrators could optionally force the
> > secure overwrite delete.
> >
> I haven't looked at e.g. zfs in a long time.
>
> A journal-like system which held the deleted/overwritten files
> or a system of renaming wouldn't be *that* hard to instantiate
> There are some problems:
> (a) denial of service by writing and deleting huge [numbers, size] files.
> (b) retention policy - under what conditions does the system
>   guarantee existence of backup files?
> (c) versioning - If I create & delete 'a' six times, how many copies are 
> held.
> (d) cost of undelete operation - it's not clear how to make
>  that efficient.
>
> I'm sure people can find more.
>
> A test version substituting a new open(2) and unlink(2) in libc would be 
> easy to make.
>
> geoff steckel
>

I'm thinking something like a trashcan. Where rm(1) actually just moves the 
files to some predetermined location then on shutdown all files older than some 
configureable date are actually unlinked. 

Edgar



Re: i3bar not working after 6.5 upgrade

2019-05-13 Thread Edgar Pettijohn


On May 13, 2019 2:58 AM, shadrock uhuru  wrote:
>
>
>
> On 5/13/19 1:35 AM, shadrock uhuru wrote:
> > hi everyone
> > since upgrading to 6.5 my i3bar no longer works.
> > i have not changed the configuration in any way
> > when i run the i3status command manually in a terminal the bar is not
> > displayed but the correct infomation that would be on the i3bar is
> > echoed to the terminal.
> > the message on the right hand of the i3bar is
> > error: status_command not found or is missing a library dependency
> > (exit 127)
> > the left hand side of the bar is functioning correctly 
> > the following is from the i3 log file.
> >
> > grep i3bar  'i3log-2019-05-12-0-41-37'
> >  
> > 05/12/19 00:41:40 - config_parser.c:parse_config:267 - CONFIG(line
> > 152): # Start i3bar to display a workspace bar (plus the system
> > information i3status
> > 05/12/19 00:41:41 - Starting bar process: i3bar  --bar_id=bar-0
> > --socket="/tmp/i3-shadrock.Q7Rfx2/ipc-socket.80799"
> > 05/12/19 00:41:41 - executing: i3bar  --bar_id=bar-0
> > --socket="/tmp/i3-shadrock.Q7Rfx2/ipc-socket.80799"
> > 05/12/19 00:41:41 - WM_CLASS changed to i3bar (instance), i3bar (class)
> > 05/12/19 00:41:41 - WM_NAME changed to "i3bar for output LVDS-1"
> > 05/12/19 00:41:41 - Checking window 0x00e3 (class i3bar)
> > 05/12/19 00:41:41 - Checking window 0x00e3 (class i3bar)
> > [/usr/obj/ports/i3-4.16.1/i3-4.16.1/../i3-4.16.1/i3bar/src/child.c:468]
> > ERROR: Child (pid: 72679) unexpectedly exited with status 127
> >
> >
> how do i debug for a missing library ?
> shadrock
>

LD_DEBUG=1 



Re: 6.5 PowerPC Packages

2019-05-09 Thread Edgar Pettijohn


On May 9, 2019 2:45 PM, Henry Bonath  wrote:
>
> Only if said trailer is Delorean-shaped.

Maybe just attach a second delorian to the first.

>
> On Thu, May 9, 2019 at 3:43 PM Edgar Pettijohn  
> wrote:
> >
> >
> > On May 9, 2019 10:41 AM, danieljb...@icloud.com wrote:
> > >
> > > On Thu, May 09, 2019 at 08:55:40AM -0600, Theo de Raadt wrote:
> > > > The real reason is because we're low on current for the flux capacitor,
> > > > after shifting time for the early 6.5 release.  Not all the machines
> > > > were able to fit into back seat of the Delorian.
> > > >
> > >
> > > Come on Theo, everybody knows that you can't run a flux capacitor
> > > without 1.21 gigawatts. Great Scott
> > >
> >
> > Perhaps we can get a trailer to pull behind the delorian so we can fit all 
> > of the machines.
> >



Re: 6.5 PowerPC Packages

2019-05-09 Thread Edgar Pettijohn


On May 9, 2019 10:41 AM, danieljb...@icloud.com wrote:
>
> On Thu, May 09, 2019 at 08:55:40AM -0600, Theo de Raadt wrote:
> > The real reason is because we're low on current for the flux capacitor,
> > after shifting time for the early 6.5 release.  Not all the machines
> > were able to fit into back seat of the Delorian.
> > 
>
> Come on Theo, everybody knows that you can't run a flux capacitor
> without 1.21 gigawatts. Great Scott
>

Perhaps we can get a trailer to pull behind the delorian so we can fit all of 
the machines.



Re: dmenu: was When will be created a great desktop experience for OpenBSD?

2019-05-07 Thread Edgar Pettijohn


On May 7, 2019 3:39 PM, Steve Litt  wrote:
>
> On Tue, 07 May 2019 14:47:15 -0500
> Edgar Pettijohn  wrote:
>
>
> > I use dwm on everything so my desktop experience is the same
> > everywhere.
>
> Just the man I want to talk to.
>
> Do you have dmenu running on OpenBSD? Did you need to make adjustments
> for ksh instead of sh or any other property of OpenBSD?
>
> Thanks,
>
> SteveT
>

I haven't used it in a while, but I don't think I had to make any adjustments. 
The only app I start frequently is Firefox. So I just do a:

$ firefox &

Then switch to a different window for it to open in.

I vaguely recall using the Arch wiki for setting up dmenu.

Good luck.



Re: When will be created a great desktop experience for OpenBSD?

2019-05-07 Thread Edgar Pettijohn


On May 7, 2019 2:29 PM, Steve Litt  wrote:
>
> On Tue, 7 May 2019 14:45:34 -0300
> Clark Block  wrote:
>
> > Was developed the Isotop:
> > 
> > https://www.reddit.com/r/BSD/comments/8of042/isotop_french_desktoporiented_openbsd_distro/
> > 
> > https://3hg.fr/Isos/isotop/
> > 
> > The Isotop is really  a user-friendly and easy-to-use
> > variant of OpenBSD or is foolish?
>
> What's your objective in asking this question? As a first step to
> giving you possibly useful information, I asked about your typing
> capabilities, and you didn't respond. Several people have asked you
> questions, of which you only answered one, with the very broad phrase
> "user-friendly and easy-to-use variant of OpenBSD!"
>
> Then you ask us to evaluate a desktop maybe-described on two all French
> web pages with no screenshots.
>
> Do you want an answer, or did you ask us a rhetorical question, and if
> rhetorical, what point are you trying to get across?
>
> SteveT
>

I use dwm on everything so my desktop experience is the same everywhere.



Re: Migrating smtpd from OpenBSD 6.3 to 6.4 problems

2019-04-24 Thread Edgar Pettijohn


On Apr 24, 2019 5:30 AM, Noth  wrote:
>
>
> On 24/04/2019 02:13, Edgar Pettijohn wrote:
> > On Apr 23, 2019 6:35 PM, Noth  wrote:
> >>
> >> On 23/04/2019 23:51, Edgar Pettijohn wrote:
> >>> On Apr 23, 2019 2:49 PM, Noth  wrote:
> >>>> Hi,
> >>>>
> >>>>      I'm trying to migrate my setups for smtpd+dovecot, and I'm about 
> >>>>half
> >>>> there. The scenario is this:
> >>>>
> >>>> - OpenBSD client machines have smtpd set up to send the daily/weekly
> >>>> mails to an address u...@example.org handled by central server also
> >>>> running smtpd
> >>>>
> >>>> - Central server running OpenBSD with smtpd + dovecot for domain
> >>>> example.org. Local mail is also delivered to u...@example.org
> >>>>
> >>>> I can mail u...@example.org using the u...@example.org mail account, and
> >>>> mail from 6.3 machines is still coming in, but I don't receive mail from
> >>>> the 6.4 machines. I'm a bit stumped as to what I've setup wrong here.
> >>>> Any suggestions are welcome. All this was based on the old faq example
> >>>> that was removed in 6.4. Dovecot config works fine.
> >>>>
> >>>> Maillog is full of these errors: result="524 5.2.4 Mailing list
> >>>> expansion problem"
> >>>>
> >>>>
> >>>>
> >>>> Client machines smtpd.conf :
> >>>>
> >>>> listen on lo0
> >>>>
> >>>> table aliases file:/etc/mail/aliases
> >>>>
> >>>> action "relay" relay host "smtp://mail.example.org" tls no-verify
> >>>> action "maildir" maildir alias 
> >>>>
> >>>> match from local for "example.org" action "relay"
> >>>> match from local for local action "maildir"
> >>>>
> >>>> Client machines aliases file has the root entry modified like thus:
> >>>>
> >>>> root: u...@example.org
> >>>>
> >>>>
> >>>> Server smtpd.conf:
> >>>>
> >>>> queue compression
> >>>>
> >>>> # pki setup
> >>>> pki mail.example.org cert "/etc/ssl/mail.example.org.crt"
> >>>> pki mail.example.org key "/etc/ssl/private/mail.example.org.key"
> >>>>
> >>>> # tables setup
> >>>> table aliases file:/etc/mail/aliases
> >>>> table domains file:/etc/mail/domains
> >>>> table passwd passwd:/etc/mail/passwd
> >>>> table virtuals file:/etc/mail/virtuals
> >>>>
> >>>>
> >>>> # listen ports setup
> >>>> listen on lo0
> >>>> listen on egress port 25 tls pki mail.example.org auth-optional
> >>>> listen on egress port submission tls-require pki mail.example.org auth
> >>>> 
> >>>>
> >>>> # special case for gmail to avoid ipv6 here
> >>>> #limit mta for domain gmail.com inet4
> >>>>

This looks fishy.

> >>>> action "deliver" mda "/usr/libexec/mail.lmtp -d /var/dovecot/lmtp -f
> >>>> %{sender} %{rcpt}" virtual 
> >>>> action "deliver_local" mda "/usr/libexec/mail.lmtp -d
> >>>> unix:/var/dovecot/lmtp" alias 
> >>>> action "relay" relay
> >>>>
> >>>> match from any for domain  action "deliver"
> >>>> match from any for local   action "deliver"
> >>>> match from local for local action "deliver_local"
> >>>>
> >>>>
> >>>> aliases file same as for clients
> >>>>
> >>>> domain file:
> >>>>
> >>>> example.org
> >>>>
> >>>> virtuals:
> >>>>
> >>>> ab...@example.org     u...@example.org
> >>>> postmas...@example.org    u...@example.org
> >>>> webmas...@example.org    u...@example.org
> >>>> u...@example.org  vmail
> >>>>
> >>>>
> >>> Are the clients clients sending their mail and the server is having 
> >>> problems or vice versa?
> >> Actually the error is 550 invalid recipient because

Re: Migrating smtpd from OpenBSD 6.3 to 6.4 problems

2019-04-23 Thread Edgar Pettijohn


On Apr 23, 2019 6:35 PM, Noth  wrote:
>
>
> On 23/04/2019 23:51, Edgar Pettijohn wrote:
> > On Apr 23, 2019 2:49 PM, Noth  wrote:
> >> Hi,
> >>
> >>    I'm trying to migrate my setups for smtpd+dovecot, and I'm about half
> >> there. The scenario is this:
> >>
> >> - OpenBSD client machines have smtpd set up to send the daily/weekly
> >> mails to an address u...@example.org handled by central server also
> >> running smtpd
> >>
> >> - Central server running OpenBSD with smtpd + dovecot for domain
> >> example.org. Local mail is also delivered to u...@example.org
> >>
> >> I can mail u...@example.org using the u...@example.org mail account, and
> >> mail from 6.3 machines is still coming in, but I don't receive mail from
> >> the 6.4 machines. I'm a bit stumped as to what I've setup wrong here.
> >> Any suggestions are welcome. All this was based on the old faq example
> >> that was removed in 6.4. Dovecot config works fine.
> >>
> >> Maillog is full of these errors: result="524 5.2.4 Mailing list
> >> expansion problem"
> >>
> >>
> >>
> >> Client machines smtpd.conf :
> >>
> >> listen on lo0
> >>
> >> table aliases file:/etc/mail/aliases
> >>
> >> action "relay" relay host "smtp://mail.example.org" tls no-verify
> >> action "maildir" maildir alias 
> >>
> >> match from local for "example.org" action "relay"
> >> match from local for local action "maildir"
> >>
> >> Client machines aliases file has the root entry modified like thus:
> >>
> >> root: u...@example.org
> >>
> >>
> >> Server smtpd.conf:
> >>
> >> queue compression
> >>
> >> # pki setup
> >> pki mail.example.org cert "/etc/ssl/mail.example.org.crt"
> >> pki mail.example.org key "/etc/ssl/private/mail.example.org.key"
> >>
> >> # tables setup
> >> table aliases file:/etc/mail/aliases
> >> table domains file:/etc/mail/domains
> >> table passwd passwd:/etc/mail/passwd
> >> table virtuals file:/etc/mail/virtuals
> >>
> >>
> >> # listen ports setup
> >> listen on lo0
> >> listen on egress port 25 tls pki mail.example.org auth-optional
> >> listen on egress port submission tls-require pki mail.example.org auth
> >> 
> >>
> >> # special case for gmail to avoid ipv6 here
> >> #limit mta for domain gmail.com inet4
> >>
> >> action "deliver" mda "/usr/libexec/mail.lmtp -d /var/dovecot/lmtp -f
> >> %{sender} %{rcpt}" virtual 
> >> action "deliver_local" mda "/usr/libexec/mail.lmtp -d
> >> unix:/var/dovecot/lmtp" alias 
> >> action "relay" relay
> >>
> >> match from any for domain  action "deliver"
> >> match from any for local   action "deliver"
> >> match from local for local action "deliver_local"
> >>
> >>
> >> aliases file same as for clients
> >>
> >> domain file:
> >>
> >> example.org
> >>
> >> virtuals:
> >>
> >> ab...@example.org     u...@example.org
> >> postmas...@example.org    u...@example.org
> >> webmas...@example.org    u...@example.org
> >> u...@example.org  vmail
> >>
> >>
> > Are the clients clients sending their mail and the server is having 
> > problems or vice versa?
> Actually the error is 550 invalid recipient because of 
> r...@hostname.example.org instead of u...@example.org. Sorry about that
>

Follow the first example from smtpd.conf(5) and set up a "smart host relay" 
then set up the server to listen on 587 and authenticate. That should be the 
first step. I remember having a similar problem but I don't remember the exact 
solution.

Edgar



Re: Migrating smtpd from OpenBSD 6.3 to 6.4 problems

2019-04-23 Thread Edgar Pettijohn


On Apr 23, 2019 2:49 PM, Noth  wrote:
>
> Hi,
>
>   I'm trying to migrate my setups for smtpd+dovecot, and I'm about half 
> there. The scenario is this:
>
> - OpenBSD client machines have smtpd set up to send the daily/weekly 
> mails to an address u...@example.org handled by central server also 
> running smtpd
>
> - Central server running OpenBSD with smtpd + dovecot for domain 
> example.org. Local mail is also delivered to u...@example.org
>
> I can mail u...@example.org using the u...@example.org mail account, and 
> mail from 6.3 machines is still coming in, but I don't receive mail from 
> the 6.4 machines. I'm a bit stumped as to what I've setup wrong here. 
> Any suggestions are welcome. All this was based on the old faq example 
> that was removed in 6.4. Dovecot config works fine.
>
> Maillog is full of these errors: result="524 5.2.4 Mailing list 
> expansion problem"
>
>
>
> Client machines smtpd.conf :
>
> listen on lo0
>
> table aliases file:/etc/mail/aliases
>
> action "relay" relay host "smtp://mail.example.org" tls no-verify
> action "maildir" maildir alias 
>
> match from local for "example.org" action "relay"
> match from local for local action "maildir"
>
> Client machines aliases file has the root entry modified like thus:
>
> root: u...@example.org
>
>
> Server smtpd.conf:
>
> queue compression
>
> # pki setup
> pki mail.example.org cert "/etc/ssl/mail.example.org.crt"
> pki mail.example.org key "/etc/ssl/private/mail.example.org.key"
>
> # tables setup
> table aliases file:/etc/mail/aliases
> table domains file:/etc/mail/domains
> table passwd passwd:/etc/mail/passwd
> table virtuals file:/etc/mail/virtuals
>
>
> # listen ports setup
> listen on lo0
> listen on egress port 25 tls pki mail.example.org auth-optional
> listen on egress port submission tls-require pki mail.example.org auth 
> 
>
> # special case for gmail to avoid ipv6 here
> #limit mta for domain gmail.com inet4
>
> action "deliver" mda "/usr/libexec/mail.lmtp -d /var/dovecot/lmtp -f 
> %{sender} %{rcpt}" virtual 
> action "deliver_local" mda "/usr/libexec/mail.lmtp -d 
> unix:/var/dovecot/lmtp" alias 
> action "relay" relay
>
> match from any for domain  action "deliver"
> match from any for local   action "deliver"
> match from local for local action "deliver_local"
>
>
> aliases file same as for clients
>
> domain file:
>
> example.org
>
> virtuals:
>
> ab...@example.org     u...@example.org
> postmas...@example.org    u...@example.org
> webmas...@example.org    u...@example.org
> u...@example.org  vmail
>
>

Are the clients clients sending their mail and the server is having problems or 
vice versa?



Re: OpenBSD 6.3 syspatch

2019-04-07 Thread Edgar Pettijohn


On Apr 7, 2019 10:03 AM, Monah Baki  wrote:
>
> Hi all,
>
> I am running OpenBSD 6.3 in AWS, and I want to run sysptach since
> https://www.openbsd.org/errata63.html shows several patches exist.
>
> So on the openbsd 6.3 server I ran the following;
>
> uname -a displays OpenBSD ip-10-0-0-108.ec2.internal 6.3 GENERIC.MP#107
> amd64
>
> ip-10-0-0-108# syspatch -l
> 001_perl
> 002_libtls
> 003_arp
> 004_gif
> 005_httpd
> 006_ipseclen
> 007_libcrypto
> 008_ipsecout
> 009_libcrypto
> 010_intelfpu
> 011_perl
> 012_execsize
> 013_ipsecexpire
> 014_amdlfence
> 016_fpuinit
> 017_fpufork
> 018_vmml1tf
>
> ip-10-0-0-108# syspatch -c
> ip-10-0-0-108#
>
>
> Why there was no results for fix 19-32 for 6.3.
>
> Thanks
> Monah

I suspect your mirror may be missing them. Which mirror do you use?



Re: Infinite spin when trying to burn a CD

2019-03-26 Thread Edgar Pettijohn


On Mar 26, 2019 9:41 AM, Markus Rosjat  wrote:
>
> Hi,
>
> might not to much help but
>
> Am 26.03.2019 um 14:57 schrieb Maurice McCarthy:
> > I never looked at your dmesg earlier. These lines
> > 
> > cd0(ahci0:2:0): Check Condition (error 0x70) on opcode 0x1e
> >  SENSE KEY: Illegal Request
> > 
>
> the opcode is for the cdb prevent allow media removal so I assume your 
> hardware got a problem with the cdb send by the software so it might be 
> in a state where it still wants to read/write stuff.
>
> if you really want to figure out what the sense code or the check 
> condition error means you have to read up sbc specification on t10.org i 
> guess
>
>
> > suggest the Openbsd system finds something wrong with your hardware.
> > I'm not clever enough to speculate further. Sorry.
> > 
>
> regards
> -- 
> Markus Rosjat    fon: +49 351 8107224    mail: ros...@ghweb.de
>
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
>
> http://www.ghweb.de
> fon: +49 351 8107220   fax: +49 351 8107227
>
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
> you print it, think about your responsibility and commitment to the 
> ENVIRONMENT
>

Have you tried cdrecord from ports? I haven't burnt a CD in awhile but last 
time I did I couldn't get cdio to work but cdrecord would.



Re: what about security ?

2019-03-25 Thread Edgar Pettijohn


On Mar 25, 2019 7:00 PM, Flipchan  wrote:
>
> Check out pledge
>
> On March 25, 2019 11:20:13 PM GMT+01:00, Cord  
> wrote:
> >Hi,
> >what security technology can I implement to securify for example script
> >that connect to any website ?
> >Is there any howto for chroot ?
> >Thank you.
> >Cord
>
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Use an unprivileged user to run the script. 

$ man chroot



Re: man httpd.conf option does not mention option blocks

2019-03-11 Thread Edgar Pettijohn


On Mar 11, 2019 5:20 PM, Evan Silberman  wrote:
>
> Jason McIntyre  wrote:
> > On Mon, Mar 11, 2019 at 12:29:41PM -0700, Evan Silberman wrote:
> > > Jason McIntyre  wrote:
> > > > 
> > > > Index: httpd.conf.5
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> > > > retrieving revision 1.103
> > > > diff -u -r1.103 httpd.conf.5
> > > > --- httpd.conf.5 19 Feb 2019 11:37:26 - 1.103
> > > > +++ httpd.conf.5 11 Mar 2019 19:05:57 -
> > > > @@ -155,7 +155,10 @@
> > > >  .Xr patterns 7 .
> > > >  .El
> > > >  .Pp
> > > > -Followed by a block of options that is enclosed in curly brackets:
> > > > +It is followed by a block of directives and values, enclosed in curly 
> > > > brackets.
> > > > +Directives which take multiple
> > > > +.Ar option
> > > > +values may also group these options in curly brackets.
> > > 
> > > This is better than mine but I don't think the "also" has a referent 
> > > here. Maybe:
> > > "Directives which take multiple option values may be repeated or may 
> > > group the
> > > options in curly brackets." This excludes the possible interpretation 
> > > that e.g.
> > > 'log access "acces_log" error "error_log"' is valid syntax.
> > > 
> > 
> > "also" because we just said that directives and values are enclosed in
> > curly brackets. so "also" meaning "in the same way as we just showed
> > you".
>
> You're right, reading the context more carefully this makes perfect sense.
> > 
> > "repeated" is confusing i think (like you would specify the same option
> > value twice).
>
> Fair enough. I have no further quibbles.
>
> Evan Silberman
>

Not that it matters much, but I like it better too. :)



Re: spamd blacklist-mode logging

2019-02-22 Thread Edgar Pettijohn


On Feb 22, 2019 5:51 PM, Geir Svalland  wrote:
>
> Hello all.
>
> When running spamd in blcklist-mode, does it log it's actions anywhere?
> can't find any info on it, and I'm not even sure it's working.
>
> /Hasse
>

Pretty sure it logs to /var/log/daemon

Maybe start it with the -d flag to see if it's starting.



Re: Best practices for validating downloaded config files in OpenBSD

2019-02-21 Thread Edgar Pettijohn


On Feb 21, 2019 6:38 AM, Tom Smyth  wrote:
>
> Hello All ,
>
> we have an in house shell script based deployment system for our
> OpenBSD boxes in the field
> this involves the boxes  pulling config files over https but Im always
> concerned that if the downloaded files are incomplete or empty that
> this would break the configs and require heavy manual intervention to fix
> and Im wondering is there a framework  or best practices guide
> or a good script example where OpenBSD folks have solved this issue
>
> At the moment im using native OpenBSD FTP client and the pull scripts
> are simple shell scripts,
> Im just-wondering is there shell scripts / functions that solve this problem
> in a much more safe & elegant way than me manually verifying hashes
> on each file download,
>
> Im concerned particularly that in the future that deployment scripts will
> add services (and hence imply the downloading of shell scripts) and i need
> to be certain
>
> im wondering if there is something like   rcctl.subr
> that my shell script could call with functions that have been written by 
> smarter
> people than I,
> any suggestions would be welcome ,
>
>

rdist(1)


>
> -- 
> Kindest regards,
> Tom Smyth
>



Re: 3g/4g modem access from within chroot

2019-02-08 Thread Edgar Pettijohn


On Feb 8, 2019 2:21 PM, Kihaguru Gathura  wrote:
>
> >
> > Is there a /var/www/dev/cuaU2
>
> Indeed this is present. created it before as follows:
>
> www# mkdir /var/www/dev
> www# cd /var/www/dev
> www# sh /dev/MAKEDEV ttyU2
> www# ls
> cuaU2 ttyU2
> www#
>
> >
>
> On 2/8/19, Edgar Pettijohn  wrote:
> >
> > On Feb 8, 2019 9:01 AM, Kihaguru Gathura  wrote:
> >>
> >> Hi,
> >>
> >> What effective way can be used to apply permission to /dev/cuaU2 to
> >> avoid the error below.
> >>
> >>
> >> www# chroot -u www /var/www cgi-bin/modem
> >
> > Is there a /var/www/dev/cuaU2
> >
> >> Status: 200 OK
> >> Content-type: text/html
> >>
> >> cu: open("/dev/cuaU2"): Permission denied
> >>
> >> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the
> >> root folder which allows devices.

What about chown www:daemon /var/www/dev/cuaU0

> >>
> >> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw,
> >> asynchronous, local)
> >> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw,
> >> asynchronous, local, nodev, nosuid)
> >> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw,
> >> asynchronous, local, nodev)
> >>

Where is /var/www mounted?

> >>
> >>
> >> # dmesg
> >> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov  4 23:26:31 MST 2018
> >> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
> >> real mem  = 961421312 (916MB)
> >> avail mem = 902914048 (861MB)
> >> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
> >> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
> >> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
> >> cpu0: 512KB 64b/line 16-way L2 cache
> >> efi0 at mainbus0: UEFI 2.7
> >> efi0: Das U-Boot rev 0x20180900
> >> simplefb0 at mainbus0: 656x416, 32bpp
> >> wsdisplay0 at simplefb0 mux 1
> >> wsdisplay0: screen 0-5 added (std, vt100 emulation)
> >> simplebus0 at mainbus0: "soc"
> >> bcmintc0 at simplebus0
> >> bcmdog0 at simplebus0
> >> bcmrng0 at simplebus0
> >> pluart0 at simplebus0
> >> bcmtemp0 at simplebus0
> >> bcmaux0 at simplebus0
> >> com0 at simplebus0: ns16550, no working fifo
> >> com0: console
> >> dwctwo0 at simplebus0
> >> simplebus1 at mainbus0: "clocks"
> >> agtimer0 at mainbus0: tick rate 19200 KHz
> >> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4
> >> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
> >> cpu1: 512KB 64b/line 16-way L2 cache
> >> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4
> >> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
> >> cpu2: 512KB 64b/line 16-way L2 cache
> >> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4
> >> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
> >> cpu3: 512KB 64b/line 16-way L2 cache
> >> usb0 at dwctwo0: USB revision 2.0
> >> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
> >> 2.00/1.00 addr 1
> >> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard
> >> Microsystems product 0x9514" rev 2.00/2.00 addr 2
> >> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard
> >> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3
> >> smsc0: address b8:27:eb:fd:e2:73
> >> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3:
> >> OUI 0x0001f0, model 0x000c
> >> umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev
> >> 2.00/11.00 addr 4
> >> umass0: using SCSI over Bulk-Only
> >> scsibus0 at umass0: 2 targets, initiator 0
> >> sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
> >> removable serial.03f03f40AA000444
> >> sd0: 7680MB, 512 bytes/sector, 15728640 sectors
> >> vscsi0 at root
> >> scsibus1 at vscsi0: 256 targets
> >> softraid0 at root
> >> scsibus2 at softraid0: 256 targets
> >> bootfile: sd0a:/bsd
> >> boot device: sd0
> >> root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b
> >> WARNING: CHECK AND RESET THE DATE!
> >> umsm0 at uhub1 port 5 configuration 1 interface 0 "HUAWEI HUAWEI
> >> Mobile" rev 2.00/1.02 addr 5
> >> umsm1 at uhub1 port 5 configuration 1 interface 

  1   2   3   4   5   >