Re: Programmatically add default IPv6 route

2024-02-23 Thread Claudio Jeker
On Fri, Feb 23, 2024 at 06:25:18PM +0100, Denis Fondras wrote:
> Hello,
> 
> I am trying to add IPv6 support for pppd(8) (IPv6CP) and I encounter a blocker
> when adding a default IPv6 route to PPP peer.
> 
> Feb 23 17:26:45 rt-01 pppd[64071]: Couldn't add IPv6 default route: Network 
> is unreachable
> 
> Adding the default route from route(8) works when the connection is 
> established.
> 
> From what I see with route(8), it sends the same route message as pppd(8).
> 
> From `route -v add -inet6 default fe80::ca4c:75ff:fe16:9f00%ppp0` :
> 
> ```
> RTM_ADD: Add Route: len 168, priority 0, table 0, if# 0, pid: 0, seq 1, errno > 0
> flags:
> fmask:
> use:0   mtu:0expire:0 
> locks:  inits: 
> sockaddrs: 
>  :: fe80::ca4c:75ff:fe16:9f00%ppp0 default
> ```
> 
> From pppd(8) :
> ```
> got message of size 168 on Fri Feb 23 17:26:45 2024
> RTM_ADD: Add Route: len 168, priority 0, table 0, if# 0, pid: 64071, seq 1, 
> errno 51
> flags:
> fmask:
> use:0   mtu:0expire:0 
> locks:  inits: 
> sockaddrs: 
>  :: fe80::ca4c:75ff:fe16:9f00%ppp0 default
> ```
> 
> However `route monitor -inet6` shows that the message is different when using
> route(8) :
> ```
> got message of size 288 on Fri Feb 23 17:26:22 2024
> RTM_ADD: Add Route: len 288, priority 56, table 0, if# 7, name ppp0, pid: 
> 53003, seq 1, errno 0
> flags:
> fmask:
> use:0   mtu:0expire:0 
> locks:  inits: 
> sockaddrs: 
>  :: fe80::ca4c:75ff:fe16:9f00%ppp0 :: ppp0 fe80::d925:b01f:db25:b020%ppp0 
> fe80::ca4c:75ff:fe16:9f00%ppp0
> ```
> 
> Should I also send the IFP, IFA and BRD sockaddrs from pppd(8) ?

Don't think so.

> How comes message sent from route(8) have more attributes when received by
> monitor ?

The kernel fills those in.

Make sure you encode the IPv6 link local address correctly. The stupid
kame hack will hunt you.
-- 
:wq Claudio



Re: ssh IPV6 link local through jumphost

2024-02-23 Thread tom...@yandex.ru
On Fri, 23 Feb 2024 10:49:05 -0700
Ian Timothy  wrote:

> > On Feb 23, 2024, at 10:33, Tom  wrote:
> > 
> > command `ssh user@fe80::262:bff::@em0` works just fine.
> > 
> > `ssh -J  user9001@jumpserver user@fe80::262:bff::%em0`  
> 
> Don’t know if this is the problem, but I notice your two addresses
> are different. Notice @em0 vs %em0. 

Those are results of obfuscating them, in my tests it's % everywhere
and not ,. Sorry about that.



Dell BOSS-S1 adapter or HBA330 non-raid

2024-02-23 Thread Hrvoje Popovski
Hi all,

did anyone installed and boot successfully OpenBSD on Dell BOSS-S1
adapter or HBA330 non-raid controller ?
I've got Dell R740xd in lab and of course for storage controllers there
are BOSS-S1 and HBA330. :)
OpenBSD can be installed on these controllers but unfortunately it panic
at boot.

I will send proper bug report to bugs@, but I would like to know if
someone have some experience with this controllers and OpenBSD.

Thank you...



Re: If you need to gamify...

2024-02-23 Thread Nowarez Market


a good weekend indeed..

Feb 23, 2024 19:04:44 Nowarez Market :

> 
> If you need to gamify an ipotetical homescreen of Xfce in OpenBSD
> how it could appear and what could be the possible price for a feedback to 
> bugs@ ?
> 
> Indeed I just gamified 5 Mode website: https://5mode.com
> 
> 
>> N0\/\/@r€Z
>> --
>>    /\/\@rk€T
> 


Re: ssh IPV6 link local through jumphost

2024-02-23 Thread Denis Fondras
Le Fri, Feb 23, 2024 at 12:33:42PM -0500, Tom a écrit :
> Hi list!
> 
> Could you please guide me how to use link-local addresses with jumphost?
> 
> I have a server 'X' with a link local IPv6 address of
> fe80::262:bff:: 
> that IP is reachable from the server 'jumpserver' via interface em0,
> command `ssh user@fe80::262:bff::@em0` works just fine.
> 
> However if I issue the command:
> `ssh -J  user9001@jumpserver user@fe80::262:bff::%em0`
> that doesn't work:
> Error: channel 0: open failed: connect failed: hostname
> nor servname provided, or not known stdio forwarding failed
> 
> The command above works fine for IPv6 GUA 2006::XYZ.
> 
> Tried versions OpenSSH_7.5, OpenSSH_9.6.
> 

I can confirm it works with OpenSSH_9.6 on OpenBSD-current.
Any change to ssh_config or sshd_config ?



Re: ssh IPV6 link local through jumphost

2024-02-23 Thread Ian Timothy


> On Feb 23, 2024, at 10:33, Tom  wrote:
> 
> command `ssh user@fe80::262:bff::@em0` works just fine.
> 
> `ssh -J  user9001@jumpserver user@fe80::262:bff::%em0`

Don’t know if this is the problem, but I notice your two addresses are 
different. Notice @em0 vs %em0. 



Re: Programmatically add default IPv6 route

2024-02-23 Thread Denis Fondras
One more information, ENETUNREACH is issued on line 521 of net/route.c.
Could this be some kind of race condition ?

>From route monitor, I get this after my RTM_ADD :
```
RTM_CHGADDRATTR: address attributes being changed: len 224, if# 7, name ppp0, 
metric 0, flags:
sockaddrs: 
 ::::::: ppp0 fe80::d97e:e77f:db7e:e780%ppp0 
fe80::ca4c:75ff:fe16:9f00%ppp0

```


Le Fri, Feb 23, 2024 at 06:25:18PM +0100, Denis Fondras a écrit :
> Hello,
> 
> I am trying to add IPv6 support for pppd(8) (IPv6CP) and I encounter a blocker
> when adding a default IPv6 route to PPP peer.
> 
> Feb 23 17:26:45 rt-01 pppd[64071]: Couldn't add IPv6 default route: Network 
> is unreachable
> 
> Adding the default route from route(8) works when the connection is 
> established.
> 
> From what I see with route(8), it sends the same route message as pppd(8).
> 
> From `route -v add -inet6 default fe80::ca4c:75ff:fe16:9f00%ppp0` :
> 
> ```
> RTM_ADD: Add Route: len 168, priority 0, table 0, if# 0, pid: 0, seq 1, errno > 0
> flags:
> fmask:
> use:0   mtu:0expire:0 
> locks:  inits: 
> sockaddrs: 
>  :: fe80::ca4c:75ff:fe16:9f00%ppp0 default
> ```
> 
> From pppd(8) :
> ```
> got message of size 168 on Fri Feb 23 17:26:45 2024
> RTM_ADD: Add Route: len 168, priority 0, table 0, if# 0, pid: 64071, seq 1, 
> errno 51
> flags:
> fmask:
> use:0   mtu:0expire:0 
> locks:  inits: 
> sockaddrs: 
>  :: fe80::ca4c:75ff:fe16:9f00%ppp0 default
> ```
> 
> However `route monitor -inet6` shows that the message is different when using
> route(8) :
> ```
> got message of size 288 on Fri Feb 23 17:26:22 2024
> RTM_ADD: Add Route: len 288, priority 56, table 0, if# 7, name ppp0, pid: 
> 53003, seq 1, errno 0
> flags:
> fmask:
> use:0   mtu:0expire:0 
> locks:  inits: 
> sockaddrs: 
>  :: fe80::ca4c:75ff:fe16:9f00%ppp0 :: ppp0 fe80::d925:b01f:db25:b020%ppp0 
> fe80::ca4c:75ff:fe16:9f00%ppp0
> ```
> 
> Should I also send the IFP, IFA and BRD sockaddrs from pppd(8) ?
> How comes message sent from route(8) have more attributes when received by
> monitor ?
> 
> Denis
> 



ssh IPV6 link local through jumphost

2024-02-23 Thread Tom
Hi list!

Could you please guide me how to use link-local addresses with jumphost?

I have a server 'X' with a link local IPv6 address of
fe80::262:bff:: 
that IP is reachable from the server 'jumpserver' via interface em0,
command `ssh user@fe80::262:bff::@em0` works just fine.

However if I issue the command:
`ssh -J  user9001@jumpserver user@fe80::262:bff::%em0`
that doesn't work:
Error: channel 0: open failed: connect failed: hostname
nor servname provided, or not known stdio forwarding failed

The command above works fine for IPv6 GUA 2006::XYZ.

Tried versions OpenSSH_7.5, OpenSSH_9.6.



Programmatically add default IPv6 route

2024-02-23 Thread Denis Fondras
Hello,

I am trying to add IPv6 support for pppd(8) (IPv6CP) and I encounter a blocker
when adding a default IPv6 route to PPP peer.

Feb 23 17:26:45 rt-01 pppd[64071]: Couldn't add IPv6 default route: Network is 
unreachable

Adding the default route from route(8) works when the connection is established.

>From what I see with route(8), it sends the same route message as pppd(8).

>From `route -v add -inet6 default fe80::ca4c:75ff:fe16:9f00%ppp0` :

```
RTM_ADD: Add Route: len 168, priority 0, table 0, if# 0, pid: 0, seq 1, errno 0
flags:
fmask:
use:0   mtu:0expire:0 
locks:  inits: 
sockaddrs: 
 :: fe80::ca4c:75ff:fe16:9f00%ppp0 default
```

>From pppd(8) :
```
got message of size 168 on Fri Feb 23 17:26:45 2024
RTM_ADD: Add Route: len 168, priority 0, table 0, if# 0, pid: 64071, seq 1, 
errno 51
flags:
fmask:
use:0   mtu:0expire:0 
locks:  inits: 
sockaddrs: 
 :: fe80::ca4c:75ff:fe16:9f00%ppp0 default
```

However `route monitor -inet6` shows that the message is different when using
route(8) :
```
got message of size 288 on Fri Feb 23 17:26:22 2024
RTM_ADD: Add Route: len 288, priority 56, table 0, if# 7, name ppp0, pid: 
53003, seq 1, errno 0
flags:
fmask:
use:0   mtu:0expire:0 
locks:  inits: 
sockaddrs: 
 :: fe80::ca4c:75ff:fe16:9f00%ppp0 :: ppp0 fe80::d925:b01f:db25:b020%ppp0 
fe80::ca4c:75ff:fe16:9f00%ppp0
```

Should I also send the IFP, IFA and BRD sockaddrs from pppd(8) ?
How comes message sent from route(8) have more attributes when received by
monitor ?

Denis



Re: snmpd and route changes

2024-02-23 Thread Stuart Henderson
Not 100% sure but there's a chance that this will work how you expect in 
-current.

https://github.com/openbsd/src/commit/029c661593e4bba8652393dbb912eaf3b5031eec


On 2024-02-23, Marko Cupać  wrote:
> Hi,
>
> my OpenBSD firewall has static default route to the Internet over
> external interface, and gets routes to internal subnets by means of
> OSPF with Juniper switch over internal interface.
>
> Host on one of internal subnets queries snmpd listening on internal
> interface of OpenBSD firewall. When OSPF on OpenBSD firewall is
> up, requests arrive on internal interface, replies depart on internal
> interface - expected working situation.
>
> When OSPF on OpenBSD firewall go down (rcctl stop ospfd), requests
> still arrive on internal interface (switch has static default route
> over OpenBSD firewall), but as firewall has no longer route to internal
> subnet from which queries originate, it correctly tries to send replies
> over default route (external interface), which intentionally get
> blocked by pf.
>
> The problem is the fact that after OSPF on OpenBSD firewall comes up
> (rcctl start ospfd), snmpd continues to send replies over default
> route, not over more specific route learned over OSPF. Restarting snmpd
> results in picking up new route correctly.
>
> I am not 100% sure, but I think the same happens with pflow exports to
> the same host on internal subnet. It takes destroying pflow0 interface
> and netstart-ing it for picking up new route correctly.
>
> Anyone else encountered this? Could this be a bug? Or should I
> reconfigure something?
>
> PS: My setup is actually a bit more complicated (CARP pair, OSPF
> depends on carp interface, aggregated interfaces etc. but that should
> not affect the situation where snmpd sends traffic over default route
> and external interface even though routing table has more specific
> route over internal interface. I will gladly provide more details if
> needed.
>
> snmpd.conf (redacted):
>
> listen on udp 10.66.66.253 read snmpv3
> seclevel auth
> system contact "John Doe (john@example.org"
> system description "OpenBSD"
> system location "Somwhere"
> system name "fw2.example.org"
> user "example" authkey "thisisnotakey" auth hmac-sha1
>
> hostname.pflow0 (redacted):
>  
> flowsrc 10.66.66.253 flowdst 10.66.65.169:9996
> pflowproto 10
>
> route to host's subnet when OSPF is up (redacted):
>
> netstat -rn | grep 10.66.65.0
>
> 10.66.65.0/24 10.30.66.249   UG 0  957 -32 aggr0
>
> route -n get 10.66.65.0/24
>
>route to: 10.66.65.0
> destination: 10.66.65.0
>mask: 255.255.255.0
> gateway: 10.66.66.249
>   interface: aggr0
>  if address: 10.66.66.253
>priority: 32 (ospf)
>   flags: 
>  use   mtuexpire
> 7126 0 0
>
> ospfctl sh rib | grep 10.66.65.0
>
> 10.66.65.0/24 10.66.66.249   Intra-Area   Network   65536   20:32:27
>
> ospfctl sh fib | grep 10.66.65.0
>
> *O   32 10.66.65.0/24  10.66.66.249
>
> dmesg:
>
> OpenBSD 7.4 (GENERIC.MP) #0: Sun Oct 22 12:13:42 MDT 2023
> 
> r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 17027289088 (16238MB)
> avail mem = 16491503616 (15727MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x788c5000 (241 entries)
> bios0: vendor HP version "P89" date 11/23/2021
> bios0: HP ProLiant DL360 Gen9
> efi0 at bios0: UEFI 2.4
> efi0: HP rev 0x25c00
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S5
> acpi0: tables DSDT FACP UEFI MCEJ SSDT HEST BERT ERST EINJ BGRT HPET PMCT 
> WDDT APIC MCFG SLIT SRAT SPMI RASF SPCR MSCT BDAT PCCT DMAR SSDT SSDT SSDT
> acpi0: wakeup devices PEX4(S4) BR05(S4) BR03(S4) BR07(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz, 2597.06 MHz, 06-4f-01, patch 
> 0b40
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 
> 64b/line 8-way L2 cache, 10MB 64b/line 20-way L3 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz, 

snmpd and route changes

2024-02-23 Thread Marko Cupać
Hi,

my OpenBSD firewall has static default route to the Internet over
external interface, and gets routes to internal subnets by means of
OSPF with Juniper switch over internal interface.

Host on one of internal subnets queries snmpd listening on internal
interface of OpenBSD firewall. When OSPF on OpenBSD firewall is
up, requests arrive on internal interface, replies depart on internal
interface - expected working situation.

When OSPF on OpenBSD firewall go down (rcctl stop ospfd), requests
still arrive on internal interface (switch has static default route
over OpenBSD firewall), but as firewall has no longer route to internal
subnet from which queries originate, it correctly tries to send replies
over default route (external interface), which intentionally get
blocked by pf.

The problem is the fact that after OSPF on OpenBSD firewall comes up
(rcctl start ospfd), snmpd continues to send replies over default
route, not over more specific route learned over OSPF. Restarting snmpd
results in picking up new route correctly.

I am not 100% sure, but I think the same happens with pflow exports to
the same host on internal subnet. It takes destroying pflow0 interface
and netstart-ing it for picking up new route correctly.

Anyone else encountered this? Could this be a bug? Or should I
reconfigure something?

PS: My setup is actually a bit more complicated (CARP pair, OSPF
depends on carp interface, aggregated interfaces etc. but that should
not affect the situation where snmpd sends traffic over default route
and external interface even though routing table has more specific
route over internal interface. I will gladly provide more details if
needed.

snmpd.conf (redacted):

listen on udp 10.66.66.253 read snmpv3
seclevel auth
system contact "John Doe (john@example.org"
system description "OpenBSD"
system location "Somwhere"
system name "fw2.example.org"
user "example" authkey "thisisnotakey" auth hmac-sha1

hostname.pflow0 (redacted):
 
flowsrc 10.66.66.253 flowdst 10.66.65.169:9996
pflowproto 10

route to host's subnet when OSPF is up (redacted):

netstat -rn | grep 10.66.65.0

10.66.65.0/24 10.30.66.249   UG 0  957 -32 aggr0

route -n get 10.66.65.0/24

   route to: 10.66.65.0
destination: 10.66.65.0
   mask: 255.255.255.0
gateway: 10.66.66.249
  interface: aggr0
 if address: 10.66.66.253
   priority: 32 (ospf)
  flags: 
 use   mtuexpire
7126 0 0

ospfctl sh rib | grep 10.66.65.0

10.66.65.0/24 10.66.66.249   Intra-Area   Network   65536   20:32:27

ospfctl sh fib | grep 10.66.65.0

*O   32 10.66.65.0/24  10.66.66.249

dmesg:

OpenBSD 7.4 (GENERIC.MP) #0: Sun Oct 22 12:13:42 MDT 2023

r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17027289088 (16238MB)
avail mem = 16491503616 (15727MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x788c5000 (241 entries)
bios0: vendor HP version "P89" date 11/23/2021
bios0: HP ProLiant DL360 Gen9
efi0 at bios0: UEFI 2.4
efi0: HP rev 0x25c00
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP UEFI MCEJ SSDT HEST BERT ERST EINJ BGRT HPET PMCT WDDT 
APIC MCFG SLIT SRAT SPMI RASF SPCR MSCT BDAT PCCT DMAR SSDT SSDT SSDT
acpi0: wakeup devices PEX4(S4) BR05(S4) BR03(S4) BR07(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz, 2597.06 MHz, 06-4f-01, patch 
0b40
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
8-way L2 cache, 10MB 64b/line 20-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2623 v4 @ 2.60GHz, 2597.04 MHz, 06-4f-01, patch 
0b40
cpu1: 

Re: qwx0: failed to send/start with QCNFA765

2024-02-23 Thread Stefan Sperling
On Fri, Feb 23, 2024 at 11:58:51AM +0100, Marco van Hulten wrote:
> Today, after installing the latest snapshot, I do not get this error
> anymore.  Does it contain the patch?

Yes, it should.
The latest snap's build date is newer than my commit from last night.

> Wi-Fi to normal access points is working fine.  Still a problem with
> eduroam, but I think that should be unrelated to qwx(4).

Perhaps, I wouldn't know. I don't have any way to test WPA Enterprise.



Re: qwx0: failed to send/start with QCNFA765

2024-02-23 Thread Marco van Hulten
On Thu, 22 Feb 2024 17:17:45 +0100 Stefan Sperling wrote:
> On Thu, Feb 22, 2024 at 03:28:42PM +0100, Marco van Hulten wrote:
> > On Thu, 22 Feb 2024 13:29:27 +0100 Stefan Sperling wrote:  
> > > Can you reproduce this on non-WPA-Enterprise networks,
> > > i.e. without eduraom / wpaakms 802.1x?  
> > 
> > Did not succeed in reproducing so far.  
> 
> I figured out the scan command error, details and patch below.
> 
> The good news is that this is just a cosmetic issue.
> Let me know if you still see any issues with the patch applied.

>   qwx0: failed to send WMI_START_SCAN_CMDID
>   qwx0: failed to start hw scan: 58

Today, after installing the latest snapshot, I do not get this error
anymore.  Does it contain the patch?

Wi-Fi to normal access points is working fine.  Still a problem with
eduroam, but I think that should be unrelated to qwx(4).

Marco



Re: qwx0: failed to send/start with QCNFA765

2024-02-22 Thread Stefan Sperling
On Thu, Feb 22, 2024 at 03:28:42PM +0100, Marco van Hulten wrote:
> On Thu, 22 Feb 2024 13:29:27 +0100 Stefan Sperling wrote:
> > Can you reproduce this on non-WPA-Enterprise networks,
> > i.e. without eduraom / wpaakms 802.1x?
> 
> Did not succeed in reproducing so far.

I figured out the scan command error, details and patch below.

The good news is that this is just a cosmetic issue.
Let me know if you still see any issues with the patch applied.

> Additional dmesg output that seems to be new:
> 
> qwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU
> qwx0: failed to enqueue rx buf: 28
> qwx_ce_recv_process_cb: failed to post rx buf to pipe: 2 err: 28

The above is a known issue I still need to investigate.
I suspect it is harmless.

Now, regarding your scan command failures:

An important detail is that ifconfig will make multiple calls into
the kernel while reconfiguring the interface:

ifconfig qwx0 nwid eduroam wpa wpaakms 802.1x up

This command enters the driver in the kernel 4 times in a row:

nwid eduroam# 1) set network ID
wpa # 2) enable WPA
wpaakms 802.1x  # 3) enable WPA Enterprise
up  # 4) set UP flag

Every time the driver is entered, a configuration change is flagged
(by signalling error ENETRESET internally) which causes the driver
to stop and restart the interface to let the configuration change take
effect. Provided the interface is already marked UP, the final step
of restarting a wifi device is to begin a scan for APs.

This scan runs in a separate background thread in the kernel and the
ifconfig process will continue running "in parallel" to the scan.
ifonfig will more or less immediately enter the kernel again to
apply the next configuration item (e.g. in step 2 to enable WPA).

Now the driver wants to stop the interface again, but the scan thread
is still active!
We don't want the device to see a confusing mix of commands coming from
multiple threads, so the driver needs to wait for the scan thread to
finish before it can proceed to stop and restart the device again.
The ifconfig driver thread sets a global "please stop" flag and waits...

Before the scan thread sends its scan command it will check the "please stop"
flag. When it is set, the Linux code we inherited returns ESHUTDOWN, which
is error number 58. This matches the error you are seeing:

  qwx0: failed to start hw scan: 58

So this is not an actual error condition, it is expected behaviour.
ESHUTDOWN will cause the scan thread to stop what is it doing and
allow the ifconfig driver thread to take back control of the hardware.

The patch below should avoid printing a warning about this for all
WMI commands, including your case, but handling other potential
cases as well.

---
 make qwx(4) ignore ESHUTDOWN while printing errors to dmesg
 
 ESHUTDOWN is an expected thread-synchronization condition which
 can be triggered via ifconfig commands. Don't warn about this.
 
 Reported by Marco van Hulten on misc@
 
diff 11a0e80d7bc8830d3a9189682bad3c13b0eeb2cb 
9d7e156a181573d2b75a72c9297a5ec5796865f7
commit - 11a0e80d7bc8830d3a9189682bad3c13b0eeb2cb
commit + 9d7e156a181573d2b75a72c9297a5ec5796865f7
blob - 43753d3d31405116391a7f706fb0735162b062b5
blob + f0ad77d417bb8774b7de90c543705bd9bbec57a9
--- sys/dev/ic/qwx.c
+++ sys/dev/ic/qwx.c
@@ -17232,8 +17232,10 @@ qwx_wmi_pdev_set_param(struct qwx_softc *sc, uint32_t 
 
ret = qwx_wmi_cmd_send(wmi, m, WMI_PDEV_SET_PARAM_CMDID);
if (ret) {
-   printf("%s: failed to send WMI_PDEV_SET_PARAM cmd\n",
-   sc->sc_dev.dv_xname);
+   if (ret != ESHUTDOWN) {
+   printf("%s: failed to send WMI_PDEV_SET_PARAM cmd\n",
+   sc->sc_dev.dv_xname);
+   }
m_freem(m);
return ret;
}
@@ -17268,8 +17270,10 @@ qwx_wmi_pdev_lro_cfg(struct qwx_softc *sc, uint8_t pde
 
ret = qwx_wmi_cmd_send(wmi, m, WMI_LRO_CONFIG_CMDID);
if (ret) {
-   printf("%s: failed to send lro cfg req wmi cmd\n",
-   sc->sc_dev.dv_xname);
+   if (ret != ESHUTDOWN) {
+   printf("%s: failed to send lro cfg req wmi cmd\n",
+   sc->sc_dev.dv_xname);
+   }
m_freem(m);
return ret;
}
@@ -17303,8 +17307,10 @@ qwx_wmi_pdev_set_ps_mode(struct qwx_softc *sc, int vde
 
ret = qwx_wmi_cmd_send(wmi, m, WMI_STA_POWERSAVE_MODE_CMDID);
if (ret) {
-   printf("%s: failed to send WMI_PDEV_SET_PARAM cmd\n",
-   sc->sc_dev.dv_xname);
+   if (ret != ESHUTDOWN) {
+   printf("%s: failed to send WMI_PDEV_SET_PARAM cmd\n",
+   sc->sc_dev.dv_xname);
+   }
m_freem(m);
return ret;
}
@@ 

Re: qwx0: failed to send/start with QCNFA765

2024-02-22 Thread Marco van Hulten
On Thu, 22 Feb 2024 13:29:27 +0100 Stefan Sperling wrote:
> On Thu, Feb 22, 2024 at 11:35:35AM +0100, Marco van Hulten wrote:
> > Hello,
> > 
> > The Qualcomm QCNFA765 (support recently added) in my ThinkPad P14s
> > worked for some time, but now it mostly does not and I get these kernel
> > messages:
> > 
> >   qwx0: failed to send WMI_START_SCAN_CMDID
> >   qwx0: failed to start hw scan: 58
> > 
> > This happens when I run this command:
> > 
> >   ifconfig qwx0 nwid eduroam wpa wpaakms 802.1x up
> > 
> > dmesg is attached.  Is this a bug or am I doing something wrong?
> > 
> > Similar, when I first scan and then try to join an open network,
> > following qwx(4),
> > 
> >   qwx0: failed to send WMI_11D_SCAN_START_CMDID: 58
> >   qwx0: failed to start 11d scan; vdev: 0 ret: 58
> >   qwx0: failed to send WMI_START_SCAN_CMDID
> >   qwx0: failed to start hw scan: 58
> > 
> > Sometimes it works again; I cannot put my finger what triggers the
> > problem.  
> 
> Please show a full trace that appears after you run 'ifconfig qwx0 debug'.

Just 'ifconfig qwx0 debug' doesn't give any output (terminal or
console).  I don't know if it should.  The commands 'ifconfig qwx0 down;
ifconfig qwx0 up debug' resulted on console:

qwx0: ASSOC -> RUN
qwx0: INIT -> SCAN
qwx0: end active scan
qwx0: - 1c:9e:cc:3b:d3:b0   11  +171 54M   ess  privacy   rsn! "Vodafone-D3AC"!
qwx0: - 1c:9e:cc:3b:d3:b8  100  +169 54M   ess  privacy   rsn! "Vodafone-D3AC"!
qwx0: - 1c:ed:6f:bb:ea:bf  100  +172 54M   ess  privacy   rsn! "fHome"!
qwx0: - 1c:ed:6f:bb:ea:c1   60  +168 54M   ess  privacy   rsn! "fHome"!
qwx0: - 26:7b:cb:c6:10:0a   48  +208 54M   ess  privacy   rsn! 
"DIRECT-WTBDGP14SmsWV"!
qwx0: - 6e:63:9c:51:08:fd6  +173 54M   ess   no!  rsn! "Vodafone 
Hotspot"!
qwx0: - 74:88:bb:4f:74:8d   48  +206 54M   ess   no!  rsn! "gast-bonnet"!
qwx0: - 74:88:bb:4f:74:8e   48  +206 54M   ess   no!  rsn! "bonnet"!
qwx0: + 74:88:bb:4f:74:8f   48  +206 54M   ess  privacy   rsn  "eduroam"
qwx0: + 74:88:bb:9c:32:605  +188 54M   ess  privacy   rsn  "eduroam"
qwx0: - 74:88:bb:9c:32:6d  140  +178 54M   ess   no!  rsn! "gast-bonnet"!
qwx0: - 74:88:bb:9c:32:6e  140  +178 54M   ess   no!  rsn! "bonnet"!
qwx0: + 74:88:bb:9c:32:6f  140  +178 54M   ess  privacy   rsn  "eduroam"
qwx0: + 74:88:bb:d0:63:c05  +183 54M   ess  privacy   rsn  "eduroam"
qwx0: - 74:88:bb:d0:63:c15  +183 54M   ess   no!  rsn! "bonnet"!
qwx0: - 74:88:bb:d0:63:c25  +183 54M   ess   no!  rsn! "gast-bonnet"!
qwx0: - 74:88:bb:d0:63:cd   36  +184 54M   ess   no!  rsn! "gast-bonnet"!
qwx0: - 74:88:bb:d0:63:ce   36  +184 54M   ess   no!  rsn! "bonnet"!
qwx0: + 74:88:bb:d0:63:cf   36  +184 54M   ess  privacy   rsn  "eduroam"
qwx0: - ce:9e:a2:2b:a0:be   11  +171 54M   ess  privacy   rsn! 
0x00!
qwx0: SCAN -> AUTH
qwx0: sending auth to 74:88:bb:4f:74:8f on channel 48 mode 11a
qwx0: AUTH -> ASSOC
qwx0: sending assoc_req to 74:88:bb:4f:74:8f on channel 48 mode 11a
qwx0: ASSOC -> RUN
qwx0: associated with 74:88:bb:4f:74:8f ssid "eduroam" channel 48 start 9Mb 
short preamble short slot time
qwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU

> Can you reproduce this on non-WPA-Enterprise networks,
> i.e. without eduraom / wpaakms 802.1x?

Did not succeed in reproducing so far.  I tried a network without a
mention of "802.1x", namely from

detekti# ifconfig qwx0 scan 
qwx0: flags=808847 mtu 
1500
lladdr 04:7b:cb:b6:bf:14
index 2 priority 4 llprio 3
groups: wlan egress
media: IEEE802.11 autoselect mode 11a (OFDM9 mode 11a)
status: no network
ieee80211: nwid eduroam chan 48 bssid 74:88:bb:4f:74:8f -52dBm 
wpaprotos wpa2 wpaakms 802.1x wpaciphers ccmp wpagroupcipher ccmp
nwid DIRECT-WTBDGP14SmsWV chan 36 bssid 26:7b:cb:c6:10:0a 
-47dBm HT-MCS15 privacy,spectrum_mgmt,wpa2 !wpaproto
nwid gast-bonnet chan 1 bssid 74:88:bb:4f:74:82 -50dBm HT-MCS23 
spectrum_mgmt,radio_measurement 
nwid eduroam chan 1 bssid 74:88:bb:4f:74:80 -50dBm HT-MCS23 
privacy,spectrum_mgmt,radio_measurement,wpa2,802.1x
[...]

I selected 'gast-bonnet':

detekti# ifconfig qwx0 join gast-bonnet debug
detekti# ifconfig qwx0   
qwx0: flags=808806 mtu 1500
lladdr 04:7b:cb:b6:bf:14
index 2 priority 4 llprio 3
groups: wlan egress
media: IEEE802.11 autoselect mode 11a (OFDM9 mode 11a)
status: no network
ieee80211: nwid eduroam wpaprotos wpa2 wpaakms 802.1x wpaciphers ccmp 
wpagroupcipher ccmp

Nothing on console from these commands.  I cannot reproduce the error.

Additional dmesg output that seems to be new:

qwx0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU
qwx0: failed to enqueue rx buf: 28
qwx_ce_recv_process_cb: failed to post rx buf to pipe: 2 err: 28

I will try my networks at home tonight and try to reproduce the error
and generate debug 

Re: Weird VMD behaviour

2024-02-22 Thread pela0
Hi Omar, thanks for your reply, indeed I did, but, there seems to be a
problem with netstart and my wifi, on start NIC keep waiting for
connection...Just did a fw_update, worked fine ;)

nostromo# fw_update
fw_update: add vmm; update none; keep intel,inteldrm,iwn,uvideo

Gonna test again...

THANKS!!!

-- 
P.

On Thu, Feb 22, 2024 at 01:32:04PM +0100, Omar Polo wrote:
> pela0  wrote:
> > Hi list...Just installed my old Thinkpad T470 with 7.4, everything is
> > fine...but I found a weird problem with VMD, I just can't start nor
> > install a vm, I've got a couple of images, one is an archlinux, the
> > other one an alpine, both images work fine on my other machines...
> > 
> > Every time I try to install or start a vm got this message: 
> > 
> > vmctl: vmm bios firmware file not found...
> > 
> > on dmesg: 
> > vmd[30546]: can't open /etc/firmware/vmm-bios: No such file or directory
> > 
> > About CPUs: 
> > 
> > dmesg | egrep '(VMX/EPT|SVM/RVI)'
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > 
> > VMD is enabled and running, test the vms via: 
> > vmctl start -m 1G -L -i 1 -d ~/Documents/VMM/arch.qcow2 arch
> > 
> > and
> > 
> > vmctl start -m 1G -L -i 1 -r install74.iso -d disk.qcow2 example
> > 
> > 
> > 
> > Pls someone point me in the right direction,.
> 
> have you ever run `fw_update'?  should be done automatically on install
> / upgrade, but only if you have an internet connection working at that
> time.



Re: Weird VMD behaviour

2024-02-22 Thread pela0
Hi again Omar...that was it :D ran fw_update and now everything is
fine...gonna double check my wifi issue

start -m 1G -L -i 1 -d /home/VMM/arch.qcow2 arch
  <
vmctl: started vm 2 successfully, tty /dev/ttyp7

THANKS AGAIN!!!

Hugs from Chile

-- 
P.

On Thu, Feb 22, 2024 at 01:32:04PM +0100, Omar Polo wrote:
> pela0  wrote:
> > Hi list...Just installed my old Thinkpad T470 with 7.4, everything is
> > fine...but I found a weird problem with VMD, I just can't start nor
> > install a vm, I've got a couple of images, one is an archlinux, the
> > other one an alpine, both images work fine on my other machines...
> > 
> > Every time I try to install or start a vm got this message: 
> > 
> > vmctl: vmm bios firmware file not found...
> > 
> > on dmesg: 
> > vmd[30546]: can't open /etc/firmware/vmm-bios: No such file or directory
> > 
> > About CPUs: 
> > 
> > dmesg | egrep '(VMX/EPT|SVM/RVI)'
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > vmm0 at mainbus0: VMX/EPT
> > 
> > VMD is enabled and running, test the vms via: 
> > vmctl start -m 1G -L -i 1 -d ~/Documents/VMM/arch.qcow2 arch
> > 
> > and
> > 
> > vmctl start -m 1G -L -i 1 -r install74.iso -d disk.qcow2 example
> > 
> > 
> > 
> > Pls someone point me in the right direction,.
> 
> have you ever run `fw_update'?  should be done automatically on install
> / upgrade, but only if you have an internet connection working at that
> time.
> 



Re: Weird VMD behaviour

2024-02-22 Thread Josh Grosse
On Thu, Feb 22, 2024 at 09:16:20AM -0300, pela0 wrote:
> on dmesg: 
> vmd[30546]: can't open /etc/firmware/vmm-bios: No such file or directory

Per the FAQ: "In some cases, virtualization capabilities must be
manually enabled in the system's BIOS. Be sure to run the
fw_update(8) command after doing so to get the required vmm-firmware package. 



Re: Weird VMD behaviour

2024-02-22 Thread Omar Polo
pela0  wrote:
> Hi list...Just installed my old Thinkpad T470 with 7.4, everything is
> fine...but I found a weird problem with VMD, I just can't start nor
> install a vm, I've got a couple of images, one is an archlinux, the
> other one an alpine, both images work fine on my other machines...
> 
> Every time I try to install or start a vm got this message: 
> 
> vmctl: vmm bios firmware file not found...
> 
> on dmesg: 
> vmd[30546]: can't open /etc/firmware/vmm-bios: No such file or directory
> 
> About CPUs: 
> 
> dmesg | egrep '(VMX/EPT|SVM/RVI)'
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> 
> VMD is enabled and running, test the vms via: 
> vmctl start -m 1G -L -i 1 -d ~/Documents/VMM/arch.qcow2 arch
> 
> and
> 
> vmctl start -m 1G -L -i 1 -r install74.iso -d disk.qcow2 example
> 
> 
> 
> Pls someone point me in the right direction,.

have you ever run `fw_update'?  should be done automatically on install
/ upgrade, but only if you have an internet connection working at that
time.



Re: qwx0: failed to send/start with QCNFA765

2024-02-22 Thread Stefan Sperling
On Thu, Feb 22, 2024 at 11:35:35AM +0100, Marco van Hulten wrote:
> Hello,
> 
> The Qualcomm QCNFA765 (support recently added) in my ThinkPad P14s
> worked for some time, but now it mostly does not and I get these kernel
> messages:
> 
>   qwx0: failed to send WMI_START_SCAN_CMDID
>   qwx0: failed to start hw scan: 58
> 
> This happens when I run this command:
> 
>   ifconfig qwx0 nwid eduroam wpa wpaakms 802.1x up
> 
> dmesg is attached.  Is this a bug or am I doing something wrong?
> 
> Similar, when I first scan and then try to join an open network,
> following qwx(4),
> 
>   qwx0: failed to send WMI_11D_SCAN_START_CMDID: 58
>   qwx0: failed to start 11d scan; vdev: 0 ret: 58
>   qwx0: failed to send WMI_START_SCAN_CMDID
>   qwx0: failed to start hw scan: 58
> 
> Sometimes it works again; I cannot put my finger what triggers the
> problem.

Please show a full trace that appears after you run 'ifconfig qwx0 debug'.

Can you reproduce this on non-WPA-Enterprise networks,
i.e. without eduraom / wpaakms 802.1x?



Weird VMD behaviour

2024-02-22 Thread pela0
Hi list...Just installed my old Thinkpad T470 with 7.4, everything is
fine...but I found a weird problem with VMD, I just can't start nor
install a vm, I've got a couple of images, one is an archlinux, the
other one an alpine, both images work fine on my other machines...

Every time I try to install or start a vm got this message: 

vmctl: vmm bios firmware file not found...

on dmesg: 
vmd[30546]: can't open /etc/firmware/vmm-bios: No such file or directory

About CPUs: 

dmesg | egrep '(VMX/EPT|SVM/RVI)'
vmm0 at mainbus0: VMX/EPT
vmm0 at mainbus0: VMX/EPT
vmm0 at mainbus0: VMX/EPT
vmm0 at mainbus0: VMX/EPT
vmm0 at mainbus0: VMX/EPT

VMD is enabled and running, test the vms via: 
vmctl start -m 1G -L -i 1 -d ~/Documents/VMM/arch.qcow2 arch

and

vmctl start -m 1G -L -i 1 -r install74.iso -d disk.qcow2 example



Pls someone point me in the right direction,.

Thanks in advance.


-- 
Regards

P.



qwx0: failed to send/start with QCNFA765

2024-02-22 Thread Marco van Hulten
Hello,

The Qualcomm QCNFA765 (support recently added) in my ThinkPad P14s
worked for some time, but now it mostly does not and I get these kernel
messages:

  qwx0: failed to send WMI_START_SCAN_CMDID
  qwx0: failed to start hw scan: 58

This happens when I run this command:

  ifconfig qwx0 nwid eduroam wpa wpaakms 802.1x up

dmesg is attached.  Is this a bug or am I doing something wrong?

Similar, when I first scan and then try to join an open network,
following qwx(4),

  qwx0: failed to send WMI_11D_SCAN_START_CMDID: 58
  qwx0: failed to start 11d scan; vdev: 0 ret: 58
  qwx0: failed to send WMI_START_SCAN_CMDID
  qwx0: failed to start hw scan: 58

Sometimes it works again; I cannot put my finger what triggers the
problem.

According to fw_update, qwx firmware is installed.

Kind regards,

Marco


dmesg.P14s
Description: Binary data


Re: certbot in cron - best way?

2024-02-21 Thread misc



On 2/21/24 10:07, Stuart Henderson wrote:

You might like to investigate ~ in crontab(5), e.g. "~ 0,12" and lose
the "sleep".

Wouldn't it be better to have certbot write files into a directory
served by httpd so you don't need the "rcctl stop" though?


Yes, it would be better. Today had a problem in which rcctl stop worked, but 
rcctl start didn't.
Seems like --webroot from certbot can do the trick. Will test in a few days 
with an expiring certificate.

--fm


Re: Automatic OS updates

2024-02-21 Thread Stuart Henderson
Kernels with just "OpenBSD 7.5" will appear for some time before 
pub/OpenBSD/7.5/*/packages are available.


--
 Sent from a phone, apologies for poor formatting.

On 21 February 2024 20:36:39 Kirill A. Korinsky  wrote:


On Wed, 21 Feb 2024 21:11:05 +0100,
Stuart Henderson wrote:


If you're using sysupgrade -s, you also want -Dsnap in pkg_add.



After double check in man it seems not nessesary, let me quote:

%c  Expands to the string "snapshots" when running a -current or -beta
kernel, or if the command line option -D snap | -D snapshot is
specified.  Otherwise, %c expands to %v, which selects a release
version.

--
wbr, Kirill




Re: Automatic OS updates

2024-02-21 Thread Michał Markowski
Well, in a few weeks you will see why you need it.


Re: Automatic OS updates

2024-02-21 Thread Kirill A . Korinsky
On Wed, 21 Feb 2024 21:11:05 +0100,
Stuart Henderson wrote:
> 
> If you're using sysupgrade -s, you also want -Dsnap in pkg_add.
> 

After double check in man it seems not nessesary, let me quote:

 %c  Expands to the string "snapshots" when running a -current or -beta
 kernel, or if the command line option -D snap | -D snapshot is
 specified.  Otherwise, %c expands to %v, which selects a release
 version.

-- 
wbr, Kirill



Re: Automatic OS updates

2024-02-21 Thread Stuart Henderson
On 2024-02-21, b...@fea.st  wrote:
> FWIW if you guys want to yell at me for spreading bad ideas,
> I've posted how to do automatic updates here:
>
> https://openbsd.pages.dev/auto-updates/

If you're using sysupgrade -s, you also want -Dsnap in pkg_add.




Re: Automatic OS updates

2024-02-21 Thread Kirill A . Korinsky
On Wed, 21 Feb 2024 18:05:56 +0100,
b...@fea.st wrote:
> 
> FWIW if you guys want to yell at me for spreading bad ideas,
> I've posted how to do automatic updates here:
> 
> https://openbsd.pages.dev/auto-updates/
> 
> I'm both trying out the Hugo package and like, documenting
> how I've set things up in case I have to reinstall.
> 
> Time moves fast and I'm damn impressed by how smooth the
> BSD experience is.
> 

I suggest to add that regression may occure during an upgrade.

And personally, bug fixing a nigth upgrade is not something that I
prefer to do with morning coffee.

-- 
wbr, Kirill



Re: Automatic OS updates

2024-02-21 Thread bsd
FWIW if you guys want to yell at me for spreading bad ideas,
I've posted how to do automatic updates here:

https://openbsd.pages.dev/auto-updates/

I'm both trying out the Hugo package and like, documenting
how I've set things up in case I have to reinstall.

Time moves fast and I'm damn impressed by how smooth the
BSD experience is.



Re: Block HTTP requests from non-browser clients

2024-02-21 Thread bsd


Sorry I posted to the wrong thread. Please disregard.



Re: Block HTTP requests from non-browser clients

2024-02-21 Thread bsd
FWIW if you guys want to yell at me for spreading bad ideas,
I've posted how to do automatic updates here:

https://openbsd.pages.dev/auto-updates/

I'm both trying out the Hugo package and like, documenting
how I've set things up in case I have to reinstall.

Time moves fast and I'm damn impressed by how smooth the
BSD experience is.



Re: Block HTTP requests from non-browser clients

2024-02-21 Thread Omar Polo
On 2024/02/21 21:57:29 +0800, Sadeep Madurange  wrote:
> Hello,
> 
> Is there a way to block non-browser clients from accessing a website
> (e.g., scraping attempts by bots or even software like Selenium that
> might programmatically control a browser), preferrably before the
> requests reach the webserver?
> 
> I'm wondering if there's a to do that with, for example, pf to block
> such requests completely rather than responding with a 403.

I don't think you could *reliably* do this.  You mention Selenium, and
that's a "real browser", but also one could use nc(1) and use the same
mix of headers that firefox would send.  So, there are no practical ways
to distinguish the traffic based on the request.

(abusers don't usually set the 'evil bit' on the packets :/)

What you could do is some kind of clownflare shit which blocks your user
behind a page that requires a js challenge to continue.  (and that i
personally hate.)  Or maybe just limit the number of connections you
accept from a given ip per time delta (max-src-conn-rate in pf.conf).

or maybe something else, since you asking for a solution but not telling
your problem :)   (which i assumed is stopping the flood of bad requests
from bad bots.)



Re: Block HTTP requests from non-browser clients

2024-02-21 Thread Kirill A . Korinsky
On Wed, 21 Feb 2024 14:57:29 +0100,
Sadeep Madurange wrote:
> 
> Is there a way to block non-browser clients from accessing a website
> (e.g., scraping attempts by bots or even software like Selenium that
> might programmatically control a browser), preferrably before the
> requests reach the webserver?
> 
> I'm wondering if there's a to do that with, for example, pf to block
> such requests completely rather than responding with a 403.
> 

Here the whole industry which is called Bot Managment which solves that
issue via analyzing request, offers to some edge cases captcha and so
on.

A trivial bot can be catch by regex against User-Agent, or via rate
limit. But more sophisticated ones need a lot of tools, which may
include things like crossing user agent with TLS-level extentions inside
Hello packet, checks against lists of blacklisted IPs and so on.

As far as I know the best public availabe list of "bad IP" is
https://www.blocklist.de/ which isn't full but allows to ban
automatically something. Thus, you may use spamd-setup in blocking mode
to fill pf rules via cron.

-- 
wbr, Kirill



Block HTTP requests from non-browser clients

2024-02-21 Thread Sadeep Madurange
Hello,

Is there a way to block non-browser clients from accessing a website
(e.g., scraping attempts by bots or even software like Selenium that
might programmatically control a browser), preferrably before the
requests reach the webserver?

I'm wondering if there's a to do that with, for example, pf to block
such requests completely rather than responding with a 403.

-- 
Sadeep Madurange
PGP: 103BF9E3E750BF7E



Re: certbot in cron - best way?

2024-02-21 Thread Stuart Henderson
On 2024-02-20, Odhiambo Washington  wrote:
> This should work:
>
> 0 0,12 * * * /bin/sleep 1552 &&  rcctl stop httpd  && certbot renew &&
> rcctl start httpd

You might like to investigate ~ in crontab(5), e.g. "~ 0,12" and lose
the "sleep".

Wouldn't it be better to have certbot write files into a directory
served by httpd so you don't need the "rcctl stop" though?



Re: Automatic OS updates

2024-02-21 Thread Stuart Henderson
On 2024-02-20, obs...@loopw.com  wrote:
>
>
>> On Feb 20, 2024, at 2:31 AM, Thomas Schmidt  
>> wrote:
>> 
>> OP did indeed mean `sysupgrade`,
>
> which makes little sense _unless_ on -current, which will guarantee to break 
> this every sixth months when -current shifts about.
>
>> but fwiw, `syspatch && reboot` reboots
>> your system if a patch as applied. I got it in all of my servers'
>> cronjobs.
>
> Most of the patches don’t require a reboot.

Correct. Looking at the 7.4 patches, only 3 affect the kernel and
definitely need a reboot to get applied:

002_msplit - requires reboot
008_vmm - requires reboot
009_pf - requires reboot

Two where you don't really need to do anything other than apply
the patch:

003_patch
004_ospfd (because, if you're affected by it, then things
would be broken already)

The rest don't actually need a reboot, but do need *some* things
restarting if you're using them:

001_xserver
005_tmux
006_httpd
007_perl
010_xserver
011_ssh
012_xserver
013_unbound

(Also: had there been fixes to libraries - libc, libssl, etc - they
would be in this category too - you could figure out which long-running
processes would need to be restarted and do that).

However, considering the "*some* things need restarting" case, given
what is available from syspatch, rebooting is the only reasonable way
to automate making sure that anything needing a restart really is
restarted.

> This idea sounds horrible for uptime.  Sorry.  I’m not rebooting something 
> because a font was patched…

There is a fairly high bar for a fix to get turned into a syspatch.
Now, you might not be affected by every patched bug, and if you're
updating manually then you can make that decision. But this thread is
about automating, and the majority of syspatches do require processes
to be restarted in order to take effect.




Re: Function key in cwmrc

2024-02-21 Thread Ioan Samarul
On Mon, Feb 19, 2024 at 8:41 AM Omar Polo  wrote:
>
> On 2024/02/19 07:34:01 +, Ioan Samarul  wrote:
> > Hello to you all!
> >
> > Is it possible to define something like - in cwm configuration
> > file? The function key combination from my laptop are not recognized
> > so I try to create a hack by using a script that does the same thing
> > (volume/brightness up/down).
>
> Not exactly, fn is not a modifier key for what Xorg can see, unlike
> shift/ctrl/mod1/...  (AFAIK)
>
> What you can try to do is to run xev, press - and see what key
> it is being reported, than bind that.

Thank you so much! After some work I manage to have a part of them mapped.



Re: Automatic OS updates

2024-02-20 Thread Theo de Raadt
obs...@loopw.com wrote:

> Most of the patches don’t require a reboot.  This idea sounds horrible for 
> uptime.  Sorry.  I’m not rebooting something because a font was patched…

syspatch outputs a message that the system needs a reboot.  This could be 
parsed.



Re: Automatic OS updates

2024-02-20 Thread obsdml



> On Feb 20, 2024, at 2:31 AM, Thomas Schmidt  wrote:
> 
> OP did indeed mean `sysupgrade`,

which makes little sense _unless_ on -current, which will guarantee to break 
this every sixth months when -current shifts about.

> but fwiw, `syspatch && reboot` reboots
> your system if a patch as applied. I got it in all of my servers'
> cronjobs.

Most of the patches don’t require a reboot.  This idea sounds horrible for 
uptime.  Sorry.  I’m not rebooting something because a font was patched…



> 
> - Thomas
> 
> Am 17.02.2024 um 02:24 schrieb obs...@loopw.com:
>>> On Feb 15, 2024, at 10:12 AM, b...@fea.st wrote:
>>> am I the only one using automatic OS updates
>>>  0  3  *  *  * root  sysupgrade
>> Maybe you meant “syspatch” there?
>> Syspatching via cron is questionable - Some of the patches wont be loaded 
>> until the box is rebooted.
>> I think its better to run either syspatch or sysupgrade when i’m in front of 
>> the console and can deal with consequences.



Re: do all headphone amps work?

2024-02-20 Thread Courtney
I have an AudioEngine D1 that works well. I also had a FiiO E10K that 
worked,
but within an hour the audio would stutter a ridiculous amount. The 
AudioEngine
will also have this stutter, but it may be 8-12 hours before that 
happens. The
funny thing is, if I stop Firefox and start it again the stutter goes 
away again
for another 8-12 hours. Could never figure out why that was. It's better 
for me
to restart Firefox every 8-12 hours than it was every 30-60 minutes when 
I had

the FiiO. The issue was somewhat similar with FreeBSD on AMD hardware, which
I have now. I don't have an extra Intel system to see if the problem remains
or not.

Courtney

On 2/15/24 03:35, beecdadd...@danwin1210.de wrote:

hi list
I have a question: do all headphones amps work on OpenBSD? I think USB
does it have some sort of driver? what do I look for?
any tips?
does sound sound well on OpenBSD? does it depend on driver/headphones?
I don't want to waste money if they don't work

thanks best regards





Re: do all headphone amps work?

2024-02-20 Thread beecdaddict
that's very simple to check, so if it has drivers listed avoid it

thanks!

On Sat, February 17, 2024 3:52 pm, Stephen Wiley wrote:
> They'll need to provide drivers for Windows and OSX as downloads on their
> web site.  If you can't find those then it's probably just using the USB
> audio class and will work OOTB with OpenBSD and Linux.
>
> --Stephen
>
>
> On Sat, Feb 17, 2024 at 03:07:44PM -, beecdadd...@danwin1210.de
> wrote:
>
>> so how do I know if they have special drivers or something? not known if
>> I'll be able to refund..
>>
>>
>> thanks
>>
>> On Thu, February 15, 2024 4:34 pm, Stephen Wiley wrote:
>>
>>> I haven't used a USB sound card but it looks to me like there's a
>>> standard device class for them from the USB IF (like CDC, HID, MSC
>>> etc.) so I would expect it to work unless they're doing something
>>> strange. If they don't have special drivers that are needed to make it
>>> on Windows they probably aren't. --Stephen
>>>
>>>
>>> On Thu, Feb 15, 2024 at 11:35:53AM -, beecdadd...@danwin1210.de
>>> wrote:
>>>
>>>
 hi list I have a question: do all headphones amps work on OpenBSD?
 I
 think USB does it have some sort of driver? what do I look for? any
 tips? does sound sound well on OpenBSD? does it depend on
 driver/headphones? I don't want to waste money if they don't work



 thanks best regards

>>>
>>>
>>
>>
>
>




Re: certbot in cron - best way?

2024-02-20 Thread misc

Thanks. Worked like a charm.

Cheers,

--fm

On 2/20/24 12:54, Odhiambo Washington wrote:

On Tue, Feb 20, 2024 at 6:47 PM  wrote:


Hi misc,

Usually am updating certificates manually this way:

rcctl stop httpd ; certbot certonly --standalone -d DOMAIN.org -m
notifyc...@domain.org ; rcctl start httpd

but recently saw newer certificates being deployed as 0001,0002,0003
etc, like:

/etc/letsencrypt/live/DOMAIN.org-0002/fullchain.pem

Which setup are you using to automatically update certs with certbot, in
cron, and keeping /etc/httpd.conf updated accordingly?


This should work:

0 0,12 * * * /bin/sleep 1552 &&  rcctl stop httpd  && certbot renew &&
rcctl start httpd


--



Re: certbot in cron - best way?

2024-02-20 Thread Nowarez Market
I think the best way is always to keep things in control, safe and reliable..
And often your setup directly depend on a diversified architecture, maybe with
docker in the middle. Indeed before to lose public access on certificates or 
lost
site configuration I think two times to realize a complete automation.

However every setup has its resources (and economics too). There are setups
that concive software orchestrators, with versioning and backups or an 
ecosystem alike.
Other setup simply doesn't own all these resources for fair reasons.. Automation
dependends a lot on this pletoria of stuff.

Finally, certbot is very opensource like software but.. *doesn't make the 
coffee too* (an italian
euphemism to avoid false expectations for miracles..).

> N0\/\/@r€Z
> --
>    /\/\@rk€T

Feb 20, 2024 16:46:44 m...@phosphorus.com.br:

> Which setup are you using to automatically update certs with certbot, in 
> cron, and keeping /etc/httpd.conf updated accordingly?



Re: certbot in cron - best way?

2024-02-20 Thread Kirill A . Korinsky
Greetings,

On Tue, 20 Feb 2024 16:43:27 +0100,
m...@phosphorus.com.br wrote:
> 
> Which setup are you using to automatically update certs with certbot, in
> cron, and keeping /etc/httpd.conf updated accordingly?
> 

I use records in /etc/acme-client.conf like:

  authority letsencrypt {
  api url "https://acme-v02.api.letsencrypt.org/directory;
  account key "/etc/acme/letsencrypt-privkey.crt"
  }

  domain mx1.catap.net {
  alternative names { mx.catap.net }
  domain key "/etc/ssl/private/mx1.catap.net.key"
  domain full chain certificate "/etc/ssl/mx1.catap.net.crt"
  sign with letsencrypt
  }

which is very similar to an example with one notable exception: I use
path which complaint with relayd pki settings, and also keep full chain.

The certificates is updated on two possible way.

When a machine is dedicated for a single service and it has only one
certificate I keep inside /etc/daily.local

  acme-client $(hostname) && /usr/sbin/rcctl restart relayd smtpd dovecot

which restart relayed daemons when certificate is updated.

Or machine which is used as web hosting with multiple domain, here I use
relayd to terminate SSL and update is via /etc/daily.local as:

  SSL_UPDATED=0
  for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
  do
  acme-client $domain && SSL_UPDATED=1
  done

  if [ $SSL_UPDATED -ne 0 ]; then
  rcctl restart relayd
  fi

-- 
wbr, Kirill



Re: certbot in cron - best way?

2024-02-20 Thread Odhiambo Washington
On Tue, Feb 20, 2024 at 6:47 PM  wrote:

> Hi misc,
>
> Usually am updating certificates manually this way:
>
> rcctl stop httpd ; certbot certonly --standalone -d DOMAIN.org -m
> notifyc...@domain.org ; rcctl start httpd
>
> but recently saw newer certificates being deployed as 0001,0002,0003
> etc, like:
>
> /etc/letsencrypt/live/DOMAIN.org-0002/fullchain.pem
>
> Which setup are you using to automatically update certs with certbot, in
> cron, and keeping /etc/httpd.conf updated accordingly?
>

This should work:

0 0,12 * * * /bin/sleep 1552 &&  rcctl stop httpd  && certbot renew &&
rcctl start httpd

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]


certbot in cron - best way?

2024-02-20 Thread misc

Hi misc,

Usually am updating certificates manually this way:

rcctl stop httpd ; certbot certonly --standalone -d DOMAIN.org -m 
notifyc...@domain.org ; rcctl start httpd


but recently saw newer certificates being deployed as 0001,0002,0003 
etc, like:


/etc/letsencrypt/live/DOMAIN.org-0002/fullchain.pem

Which setup are you using to automatically update certs with certbot, in 
cron, and keeping /etc/httpd.conf updated accordingly?


Cheers,

--fm

--
Att.

(+5521) 97914-8106 (Signal)
PHOSPHORUS NETWORKS | HNO3 SYSTEMS
https://www.linkedin.com/in/fabio1337br/



Re: Single partition fs layout

2024-02-20 Thread Odhiambo Washington
On Tue, Feb 20, 2024 at 5:24 PM hahahahacker2009 
wrote:

> Vào Th 3, 13 thg 2, 2024 vào lúc 19:41 Odhiambo Washington
>  đã viết:
> >
> > Is there a disadvantage to having this layout style where everything is
> on
> > 1 partition?
> >
> > ```
> > openbsd$ uname -a
> > OpenBSD openbsd.vmbridge.local 7.4 GENERIC.MP#1397 amd64
> > openbsd$ df -h
> > Filesystem SizeUsed   Avail Capacity  Mounted on
> > /dev/sd0a 43.3G1.7G   39.5G 5%/
> > openbsd$ ls -al /
> > total 158208
> > drwxr-xr-x  13 root  wheel   512 Feb 13 14:54 .
> > drwxr-xr-x  13 root  wheel   512 Feb 13 14:54 ..
> > -rw-r--r--   1 root  wheel   578 Oct 10 17:41 .cshrc
> > -rw-r--r--   1 root  wheel   468 Oct 10 17:41 .profile
> > drwxr-xr-x   2 root  wheel   512 Oct 10 17:41 altroot
> > drwxr-xr-x   2 root  wheel  1024 Oct 10 17:41 bin
> > -rwx--   1 root  wheel  25441732 Feb 13 14:54 bsd
> > -rwx--   1 root  wheel  25417620 Feb 13 14:36 bsd.booted
> > -rw---   1 root  wheel   4659966 Feb 13 14:35 bsd.rd
> > -rw---   1 root  wheel  25344566 Feb 13 14:35 bsd.sp
> > drwxr-xr-x   6 root  wheel 19456 Feb 13 14:39 dev
> > drwxr-xr-x  24 root  wheel  1536 Feb 13 14:53 etc
> > drwxr-xr-x   3 root  wheel   512 Feb 13 14:36 home
> > drwxr-xr-x   2 root  wheel   512 Oct 10 17:41 mnt
> > drwx--   3 root  wheel   512 Feb 13 14:36 root
> > drwxr-xr-x   2 root  wheel  1536 Oct 10 17:41 sbin
> > lrwxrwx---   1 root  wheel11 Oct 10 17:41 sys -> usr/src/sys
> > drwxrwxrwt   6 root  wheel   512 Feb 13 14:54 tmp
> > drwxr-xr-x  16 root  wheel   512 Feb 13 14:36 usr
> > drwxr-xr-x  24 root  wheel   512 Oct  8 18:42 var
> > ```
> >
> > --
> > Best regards,
> > Odhiambo WASHINGTON,
> > Nairobi,KE
> > +254 7 3200 0004/+254 7 2274 3223
> >  In an Internet failure case, the #1 suspect is a constant: DNS.
> > "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> > [How to ask smart questions:
> > http://www.catb.org/~esr/faqs/smart-questions.html]
>
> There isn't a single advantage having a huge root partition, even
> for virtual throwaway machines.
> I'd add some mail on the list, in addition to the faq:
> https://marc.info/?l=openbsd-misc=154053727724928=3
> https://marc.info/?l=openbsd-misc=154054091026039=3


Very well noted!


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]


Re: Single partition fs layout

2024-02-20 Thread hahahahacker2009
Vào Th 3, 13 thg 2, 2024 vào lúc 19:41 Odhiambo Washington
 đã viết:
>
> Is there a disadvantage to having this layout style where everything is on
> 1 partition?
>
> ```
> openbsd$ uname -a
> OpenBSD openbsd.vmbridge.local 7.4 GENERIC.MP#1397 amd64
> openbsd$ df -h
> Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/sd0a 43.3G1.7G   39.5G 5%/
> openbsd$ ls -al /
> total 158208
> drwxr-xr-x  13 root  wheel   512 Feb 13 14:54 .
> drwxr-xr-x  13 root  wheel   512 Feb 13 14:54 ..
> -rw-r--r--   1 root  wheel   578 Oct 10 17:41 .cshrc
> -rw-r--r--   1 root  wheel   468 Oct 10 17:41 .profile
> drwxr-xr-x   2 root  wheel   512 Oct 10 17:41 altroot
> drwxr-xr-x   2 root  wheel  1024 Oct 10 17:41 bin
> -rwx--   1 root  wheel  25441732 Feb 13 14:54 bsd
> -rwx--   1 root  wheel  25417620 Feb 13 14:36 bsd.booted
> -rw---   1 root  wheel   4659966 Feb 13 14:35 bsd.rd
> -rw---   1 root  wheel  25344566 Feb 13 14:35 bsd.sp
> drwxr-xr-x   6 root  wheel 19456 Feb 13 14:39 dev
> drwxr-xr-x  24 root  wheel  1536 Feb 13 14:53 etc
> drwxr-xr-x   3 root  wheel   512 Feb 13 14:36 home
> drwxr-xr-x   2 root  wheel   512 Oct 10 17:41 mnt
> drwx--   3 root  wheel   512 Feb 13 14:36 root
> drwxr-xr-x   2 root  wheel  1536 Oct 10 17:41 sbin
> lrwxrwx---   1 root  wheel11 Oct 10 17:41 sys -> usr/src/sys
> drwxrwxrwt   6 root  wheel   512 Feb 13 14:54 tmp
> drwxr-xr-x  16 root  wheel   512 Feb 13 14:36 usr
> drwxr-xr-x  24 root  wheel   512 Oct  8 18:42 var
> ```
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]

There isn't a single advantage having a huge root partition, even
for virtual throwaway machines.
I'd add some mail on the list, in addition to the faq:
https://marc.info/?l=openbsd-misc=154053727724928=3
https://marc.info/?l=openbsd-misc=154054091026039=3



Re: SoGo for OpenBSD?

2024-02-20 Thread Mark
On Tue, Feb 20, 2024 at 3:57 PM Sebastian Reitenbach <
sebas...@l00-bugdead-prods.de> wrote:

> is i...@mysite.com your e-mail there? Or is there something still not yet
> configured?
> In any case, this is now getting off-topic, and might be better asked on
> the SOGo mailing
> lists.
>
> > Each time I refresh the browser page (while SOGo inbox is open).
> >
> > It happens every time, every refresh adds such an error line in the
> > sogo.log file, and changing browsers did not help.
> >
> > And I have too many;
> > "Loading two versions of" lines, like;
> >
> > Loading two versions of SOGoTrashFolder.  The class that will be used is
> > undefined
> > Loading two versions of SOGoMailFolder.  The class that will be used is
> > undefined
> > Loading two versions of SOGoSpecialMailFolder.  The class that will be
> used
> > is undefined
>
> these warnings can be ignored.


Hi Sebastian, I completed configuring SOGo on my OpenBSD system,
now it works fine. Thanks to Odhiambo  and you. The only thing is, that I'd
like to report you;

My webserver reports in its log file, "file not found" for SOGo;
/usr/local/lib/GNUstep/SOGo/WebServerResources/js/vendor/ckeditor/plugins/autocomplete/skins/default.css"
failed
(2: No such file or directory)

I thought you might wish to have a look at this, as apparently the
mentioned directories;
"autocomplete/skins/default.css" are not there at all.

Best,
Mark.


Re: No dhcp renewal of IP

2024-02-20 Thread Kenneth Gober
On Sun, Feb 18, 2024 at 4:15 AM Marcus MERIGHI  wrote:

> Hello,
>
> this is not to answer the original question, but...
>
> kgo...@gmail.com (Kenneth Gober), 2024.02.17 (Sat) 22:15 (CET):
> > On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes 
> wrote:
> > > The interface ure0 is the gateway to the Internet, connected to the
> ISP.
> > > Somehow, when this interface loses the IP, the lease is not renewed.
> >
> > This is the rule I would use in my pf.conf to allow my router to send
> DHCP
> > requests to my ISP:
> >
> > pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any
> > port bootps
>
> this is not necessary, because:
>
> "dhcpd reads packets off the wire using BPF, which happens as
> packets come off the network interface, but before the IP stack
> where pf runs."
> David Gwynne  17 Dec 2022 
> https://marc.info/?l=openbsd-misc=167128237931458
>
> Marcus
>

dhcpd(8) is the DHCP server.  It listens for DHCP/BOOTP requests on the
network.

The original question was about the DHCP client (dhcpleased(8) or
dhclient(8)) and
renewals, which are packets sent out to the network.  Those packets do pass
through
pf when being sent (as far as I know) although at the other end whatever
server you
are sending to might be using BPF to read them.

It is true that dhcpleased(8) and dhclient(8) may use BPF to receive
responses from
DHCP servers, but you will never receive any response if your requests are
blocked
before they can even leave your machine.

This is why I have a 'pass out' rule.  It is to allow DHCP requests to be
sent *out* to
the network.

-ken


Re: SoGo for OpenBSD?

2024-02-20 Thread Sebastian Reitenbach
On Sunday, February 18, 2024 22:28 CET, Mark  wrote:

> Odhiambo Washington , wrote:
> 
> > You just need the password field. The password scheme does not matter.
> > You can name the VIEW anything you want.  Just make sure you use whatever
> > you name it in the SOGoUserSources block in sogo.conf:
> > SOGoUserSources =
> > (
> >   {
> > type = sql;
> > id = directory;
> > viewURL = "mysql://
> > DBUSERNAME:{userpassword}@127.0.0.1:3306/DBNAME/
> > *VIEW_NAME*";
> > canAuthenticate = YES;
> > isAddressBook = YES;
> > userPasswordAlgorithm = blf-crypt;
> >   }
> > );
> >
> 
> Mr. Odhiambo, and all, thank you all very much for your help, I really
> appreciate it,
> I now have a fully working -well it seems- SOGo webmail by your help.
> 
> The two things I'd like to solve are;
> 
> I have in my sogo.log file;
> 
> [ERROR] <0x0x53075b5bb68[WOHttpTransaction]>
> client disconnected during delivery of response for
>  method=POST uri=/SOGo/so/i...@mysite.com/Mail/0/folderINBOX/expunge app=SOGo
> rqKey=so rqPath=i...@mysite.com/Mail/0/folderINBOX/expunge> (len=50): the
> socket was shutdown
> 

is i...@mysite.com your e-mail there? Or is there something still not yet 
configured?
In any case, this is now getting off-topic, and might be better asked on the 
SOGo mailing
lists.

> Each time I refresh the browser page (while SOGo inbox is open).
> 
> It happens every time, every refresh adds such an error line in the
> sogo.log file, and changing browsers did not help.
> 
> And I have too many;
> "Loading two versions of" lines, like;
> 
> Loading two versions of SOGoTrashFolder.  The class that will be used is
> undefined
> Loading two versions of SOGoMailFolder.  The class that will be used is
> undefined
> Loading two versions of SOGoSpecialMailFolder.  The class that will be used
> is undefined

these warnings can be ignored.

Sebastian
> 
> However, they're defined in my sogo.conf file.
> 
> Any clue for these?
> 
> Best regards,
> Mark.



Re: Automatic OS updates

2024-02-20 Thread Thomas Schmidt

OP did indeed mean `sysupgrade`, but fwiw, `syspatch && reboot` reboots
your system if a patch as applied. I got it in all of my servers'
cronjobs.

- Thomas

Am 17.02.2024 um 02:24 schrieb obs...@loopw.com:




On Feb 15, 2024, at 10:12 AM, b...@fea.st wrote:
am I the only one using automatic OS updates




  0  3  *  *  * root  sysupgrade


Maybe you meant “syspatch” there?

Syspatching via cron is questionable - Some of the patches wont be loaded until 
the box is rebooted.

I think its better to run either syspatch or sysupgrade when i’m in front of 
the console and can deal with consequences.







Re: Ignore some USB devices

2024-02-19 Thread Nowarez Market
>bios0: vendor HUAWEI version "1.10" date 01/12/2023
>bios0: HUAWEI EUL-WX9

Thanks, appreciated.

> N0\/\/@r€Z
> --
>    /\/\@rk€T

Feb 19, 2024 23:39:05 Kirill A. Korinsky :

>> You could also send a dmesg showing all of those devies.
>> 
> 
> attched



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Tue, 20 Feb 2024 00:21:30 +0100,
Stuart Henderson wrote:
>
> No - ugen acts as a fallback. If a USB device is claimed by another driver,
> ugen won't get a chance to attach to it.
>
> There is a common mechanism to recognise devices by vid/pid for special
> handling - sometimes to prevent attaching - sometimes for other adaptations
> which are needed. If you're interested, see sys/dev/usb/usb_quirks.c and look
> at how UQ_BAD_HID is used to knock out devices which would normally be
> claimed by uhid(4); you could use something similar to prevent e.g. uaudio
> from attaching to a certain device. However, it would require compiling
> the kernel to configure it.
>

Thanks, this is that I'm looking for.

I hope that I can do it without rebuilding the kernel, but after reading
some code around I see that adding a global flag to ignore some USB
devices makes code quite frigile. Or should be duplicated a lot.

--
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Thomas L.
On Mon, 19 Feb 2024 19:43:14 +0100
Kirill A. Korinsky  wrote:
> I do have two USB audio device:
>
>   ~ $ usbdevs  -v
>   Controller /dev/usb0:
>   ...
>   addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
>high speed, self powered, config 1, rev 0.03
>driver: uaudio0
>   ...
>   addr 13: 041e:3130 Creative, Creative BT-W5
>full speed, self powered, config 1, rev 10.00, iSerial
> D97E0B7F86B95AC32000 driver: uhidev10
>driver: uhidev11
>driver: uaudio1
>   ~ $
>
> both of them is managed by uaudio. How can I dissable the first one,
> without disabling the second one?

you can select which audio device is used with -f/-F flags to sndiod
(details in man-page) in /etc/rc.conf.local. maybe that helps?



Re: Ignore some USB devices

2024-02-19 Thread Stuart Henderson
On 2024-02-19, Kirill A  Korinsky  wrote:
> On Mon, 19 Feb 2024 23:09:35 +0100,
> Stuart Henderson wrote:
>> 
>> > I read that as it is impossible to blacklist a device, right?
>> 
>> Only by running a kernel where the driver's attach routine has been
>> modified to skip attaching the device e.g. if it matches certain
>> vendor/device id. OpenBSD doesn't have any other way to detach a USB
>> driver from a device.
>> 
>
> As an alternative solution, is it possible to enforce ugen to specific
> device by vendor and product IDs?
>
> I've tried:
>
>   $ doas config -e -o /bsd.new /bsd
>   ukc> find ugen
>   309 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
> product -1 release -1 flags 0x0
>   ukc> find uaudio
>   303 uaudio* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
> product -1 release -1 flags 0x0
>   ukc> add ugen
>   Device not complete number or * is missing
>   ukc> add ugen*
>   Clone Device (DevNo, 'q' or '?') ? 309
>   Insert before Device (DevNo, 'q' or '?') ? 303
>   303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
> product -1 release -1 flags 0x0
>   ukc> change 303
>   303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
> product -1 release -1 flags 0x0
>   change [n] y
>   port [-1] ?
>   configuration [-1] ?
>   interface [-1] ?
>   vendor [-1] ? 0x041e
>   product [-1] ? 0x3130
>   release [-1] ?
>   flags [0] ?
>   303 ugen* changed
>   303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor 0x41e 
> product 0x3130 release -1 flags 0x0
>   ukc> find ugen*
>   303 ugen* at uhub*|uhub* disable port -1 configuration -1 interface -1 
> vendor 0x41e product 0x3130 release -1 flags 0x0
>   310 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
> product -1 release -1 flags 0x0
>   ukc> quit
>   Saving modified kernel.
>
> with no luck.
>

No - ugen acts as a fallback. If a USB device is claimed by another driver,
ugen won't get a chance to attach to it.

There is a common mechanism to recognise devices by vid/pid for special
handling - sometimes to prevent attaching - sometimes for other adaptations
which are needed. If you're interested, see sys/dev/usb/usb_quirks.c and look
at how UQ_BAD_HID is used to knock out devices which would normally be
claimed by uhid(4); you could use something similar to prevent e.g. uaudio
from attaching to a certain device. However, it would require compiling
the kernel to configure it.




Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 23:09:35 +0100,
Stuart Henderson wrote:
> 
> > I read that as it is impossible to blacklist a device, right?
> 
> Only by running a kernel where the driver's attach routine has been
> modified to skip attaching the device e.g. if it matches certain
> vendor/device id. OpenBSD doesn't have any other way to detach a USB
> driver from a device.
> 

As an alternative solution, is it possible to enforce ugen to specific
device by vendor and product IDs?

I've tried:

  $ doas config -e -o /bsd.new /bsd
  ukc> find ugen
  309 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> find uaudio
  303 uaudio* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> add ugen
  Device not complete number or * is missing
  ukc> add ugen*
  Clone Device (DevNo, 'q' or '?') ? 309
  Insert before Device (DevNo, 'q' or '?') ? 303
  303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> change 303
  303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  change [n] y
  port [-1] ?
  configuration [-1] ?
  interface [-1] ?
  vendor [-1] ? 0x041e
  product [-1] ? 0x3130
  release [-1] ?
  flags [0] ?
  303 ugen* changed
  303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor 0x41e 
product 0x3130 release -1 flags 0x0
  ukc> find ugen*
  303 ugen* at uhub*|uhub* disable port -1 configuration -1 interface -1 vendor 
0x41e product 0x3130 release -1 flags 0x0
  310 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> quit
  Saving modified kernel.

with no luck.

-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 22:43:45 +0100,
Jan Stary wrote:
> 
> On Feb 19 22:33:53, kir...@korins.ky wrote:
> > 
> > I use the rsnd/1 or rsnd/2 to listen music via wireless headphones,
> 
> Why do you have two of those?
>

Because it depends on the order of attaching devices.

> > and rsnd/0 with wired headset to make video calls.
> > 
> > I never use display's audio and it creates only issue for me.
> 
> To be clear: even when you connect the display,
> presumably because you want to use it as a display
> (and maybe even its camera), you want the sound
> to stay at whatever snd device you are using;
> in particular, you don't want sndio to switch
> to the new snd device provided by the newly plugged
> display's uaudio.
> 
> Is there a setting in the display
> that would completely disable its audio?
>

No, this display hasn't got any settigns which I'm aware of.

See: LG UltraFine 5K

> > Let take two use cases:
> > 1. Listen some music when laptop is connected to the display on wireless
> >headphones by attaching USB dongle;
> > 2. Connect laptop to the display when listen some music on wireless
> >headphones via USB dongle.
> > 
> > The first one leads to rsnd/2 as desired device, and the second one to
> > rsnd/1 as desired device.
> > 
> > As side effect of (2) music might be redirect to the display which has
> > quite hight default level of volume.
> > 
> > So, right now to attach laptop to the screen and do not wake famly up at
> > the night I should:
> >  - pause the music;
> >  - deattach USB dongle;
> >  - connect laptop to the screen;
> >  - attach USB dongle;
> >  - and finaly resume music.
> 
> You could also detach-and-reattach the headphones dongle
> *after* you attach the display.
>

Yeah, it still to many things to do :(

> You could also send a dmesg showing all of those devies.
> 

attched

-- 
wbr, Kirill
OpenBSD 7.5-beta (GENERIC.MP) #39: Mon Feb 19 12:28:22 CET 2024

ca...@matebook.sa31-home.catap.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16890646528 (16108MB)
avail mem = 16357588992 (15599MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x8e2c2000 (32 entries)
bios0: vendor HUAWEI version "1.10" date 01/12/2023
bios0: HUAWEI EUL-WX9
efi0 at bios0: UEFI 2.7
efi0: XX rev 0x10010
acpi0 at bios0: ACPI 5.1
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI SSDT SSDT SSDT SSDT SSDT TPM2 SSDT MSDM LPIT WSMT 
SSDT DBGP DBG2 SSDT NHLT HPET APIC MCFG SSDT SSDT DMAR FPDT BGRT
acpi0: wakeup devices XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) 
PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) 
PXSX(S4) RP07(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3292.33 MHz, 06-8e-0c, patch 
00f8
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,RRSBA,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
4-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3292.33 MHz, 06-8e-0c, patch 
00f8
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,RRSBA,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
4-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3189.24 MHz, 06-8e-0c, patch 
00f8
cpu2: 

Re: Ignore some USB devices

2024-02-19 Thread Stuart Henderson
On 2024-02-19, Kirill A  Korinsky  wrote:
> On Mon, 19 Feb 2024 22:32:18 +0100,
> Jan Stary wrote:
>> 
>> So get some normal headphones that plug into the laptop
>> (without creating a new device)
>> and simply connect the display when you want,
>> or don't connect it when you don't.
>> 
>
> I read that as it is impossible to blacklist a device, right?

Only by running a kernel where the driver's attach routine has been
modified to skip attaching the device e.g. if it matches certain
vendor/device id. OpenBSD doesn't have any other way to detach a USB
driver from a device.




Re: Ignore some USB devices

2024-02-19 Thread Jan Stary
On Feb 19 22:33:53, kir...@korins.ky wrote:
> On Mon, 19 Feb 2024 22:15:40 +0100,
> Jan Stary wrote:
> > 
> > On Feb 19 22:08:40, kir...@korins.ky wrote:
> > > On Mon, 19 Feb 2024 21:58:51 +0100,
> > > Thomas L. wrote:
> > > > 
> > > > you can select which audio device is used with -f/-F flags to sndiod
> > > > (details in man-page) in /etc/rc.conf.local. maybe that helps?
> > > 
> > > thanks, but I right now I do have:
> > > 
> > >   ~ $ rcctl get sndiod flags
> > >   -f rsnd/0 -F rsnd/1 -F rsnd/2
> > 
> > Do you actualy want to switch between the three?
> > What are the three audio devices you want to use, and why?
> 
> I use the rsnd/1 or rsnd/2 to listen music via wireless headphones,

Why do you have two of those?

> and rsnd/0 with wired headset to make video calls.
> 
> I never use display's audio and it creates only issue for me.

To be clear: even when you connect the display,
presumably because you want to use it as a display
(and maybe even its camera), you want the sound
to stay at whatever snd device you are using;
in particular, you don't want sndio to switch
to the new snd device provided by the newly plugged
display's uaudio.

Is there a setting in the display
that would completely disable its audio?

> Let take two use cases:
> 1. Listen some music when laptop is connected to the display on wireless
>headphones by attaching USB dongle;
> 2. Connect laptop to the display when listen some music on wireless
>headphones via USB dongle.
> 
> The first one leads to rsnd/2 as desired device, and the second one to
> rsnd/1 as desired device.
> 
> As side effect of (2) music might be redirect to the display which has
> quite hight default level of volume.
> 
> So, right now to attach laptop to the screen and do not wake famly up at
> the night I should:
>  - pause the music;
>  - deattach USB dongle;
>  - connect laptop to the screen;
>  - attach USB dongle;
>  - and finaly resume music.

You could also detach-and-reattach the headphones dongle
*after* you attach the display.

You could also send a dmesg showing all of those devies.



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 22:32:18 +0100,
Jan Stary wrote:
> 
> So get some normal headphones that plug into the laptop
> (without creating a new device)
> and simply connect the display when you want,
> or don't connect it when you don't.
> 

I read that as it is impossible to blacklist a device, right?

-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 22:15:40 +0100,
Jan Stary wrote:
> 
> On Feb 19 22:08:40, kir...@korins.ky wrote:
> > On Mon, 19 Feb 2024 21:58:51 +0100,
> > Thomas L. wrote:
> > > 
> > > you can select which audio device is used with -f/-F flags to sndiod
> > > (details in man-page) in /etc/rc.conf.local. maybe that helps?
> > 
> > thanks, but I right now I do have:
> > 
> >   ~ $ rcctl get sndiod flags
> >   -f rsnd/0 -F rsnd/1 -F rsnd/2
> 
> Do you actualy want to switch between the three?
> What are the three audio devices you want to use, and why?

I use the rsnd/1 or rsnd/2 to listen music via wireless headphones,
and rsnd/0 with wired headset to make video calls.

I never use display's audio and it creates only issue for me.

>
> > that works almost fine, but requires to deattach USB dongle
> 
> What USB dongle?

Creative BT-W5

> 
> > before I connect laptop to the display.
> > If I forgot to do it, the display's audio will be rsnd/2 with priority.
> 
> What is the rsnd/2 you _want_?
> How does _detaching_ anything before the display attaches help that?
> 

Right now I do have 3 audio devices:
 - embeded inside laptop;
 - embeded inside display;
 - USB dongle to connect to bluetooth headphones.

The first one is always rsdn/0; and the next two depends on the order of
connection.

Let take two use cases:
1. Listen some music when laptop is connected to the display on wireless
   headphones by attaching USB dongle;
2. Connect laptop to the display when listen some music on wireless
   headphones via USB dongle.

The first one leads to rsnd/2 as desired device, and the second one to
rsnd/1 as desired device.

As side effect of (2) music might be redirect to the display which has
quite hight default level of volume.

So, right now to attach laptop to the screen and do not wake famly up at
the night I should:
 - pause the music;
 - deattach USB dongle;
 - connect laptop to the screen;
 - attach USB dongle;
 - and finaly resume music.

If I find the way to blacklist display's audio device, this can be as
simple as connect laptop to the display.

-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Jan Stary
On Feb 19 22:16:37, kir...@korins.ky wrote:
> On Mon, 19 Feb 2024 22:05:37 +0100,
> Jan Stary wrote:Ri
> > 
> > Why are you using this camera, and not the other one?
> >
> > > and after that
> > > X11 screen dissapear, and fplay doesn't response on C-c anymore.
> > > Deattach the display helps to kills fplay.
> > 
> > It is entirely unclear what you are trying to do.
> > 
> > Are you using ffplay to record from a camera?
> > Which camera? The display's camera? I thought you had
> > another camera (which you want to use instead):
> > why don't you just run ffplay with _that_ camera?
> > 
> > Generaly, if the devices you don't want to use
> > (such as the display's camera as uvideo1,
> > ar the display's microphone as uaudio1)
> > simply attach and exist, it doesn't mean
> > you have to use them; having them exist
> > breaks nothing, just tell you applications
> > to use the ones you want (uaudio0, uvideo0?).
> > 
> 
> Sorry, I wasn't clear.
> 
> Camera just exists and I use one in laptop which works, and just
> existing camera doesn't create any issue.
> 
> But 3rd audio device does create some issue.
> 
> Right now I do have 3 audio devices:
>  - embeded inside laptop;
>  - embeded inside display;
>  - USB dongle to connect to bluetooth headphones.
> 
> I also have:
> 
>   ~ $ rcctl get sndiod flags
>   -f rsnd/0 -F rsnd/1 -F rsnd/2
>   ~ $
> 
> that works almost fine, but requires to deattach USB dongle before I
> connect laptop to the display, otherwise the display's one will bersnd/2
> with priority, and music will be redirect into it.
> 
> That can be quite unfair regarding my family, special at 3 am because
> default volume level of display's audio isn't low.

OK, now I see: the headphones dongle needs to connect last
to become the -F snd/2 that overrides the previous.
You should have started by saying that.

So get some normal headphones that plug into the laptop
(without creating a new device)
and simply connect the display when you want,
or don't connect it when you don't.



Re: Ignore some USB devices

2024-02-19 Thread Jan Stary
On Feb 19 22:08:40, kir...@korins.ky wrote:
> On Mon, 19 Feb 2024 21:58:51 +0100,
> Thomas L. wrote:
> > 
> > you can select which audio device is used with -f/-F flags to sndiod
> > (details in man-page) in /etc/rc.conf.local. maybe that helps?
> 
> thanks, but I right now I do have:
> 
>   ~ $ rcctl get sndiod flags
>   -f rsnd/0 -F rsnd/1 -F rsnd/2

Do you actualy want to switch between the three?
What are the three audio devices you want to use, and why?

> that works almost fine, but requires to deattach USB dongle

What USB dongle?

> before I connect laptop to the display.
> If I forgot to do it, the display's audio will be rsnd/2 with priority.

What is the rsnd/2 you _want_?
How does _detaching_ anything before the display attaches help that?



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 21:58:51 +0100,
Thomas L. wrote:
> 
> you can select which audio device is used with -f/-F flags to sndiod
> (details in man-page) in /etc/rc.conf.local. maybe that helps?

thanks, but I right now I do have:

  ~ $ rcctl get sndiod flags
  -f rsnd/0 -F rsnd/1 -F rsnd/2
  ~ $

that works almost fine, but requires to deattach USB dongle before I
connect laptop to the display.

If I forgot to do it, the display's audio will be rsnd/2 with priority.


-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 20:34:10 +0100,
Nowarez Market wrote:
> 
> After all your list of *american gigs* missed only that OS.
> Just do a switch to Windows and you solved. Maybe...
> 

Well, I doubt that this display works well on Windows.

The first OS which supports it was macOS, but support of this display
isn't stable and if attach and deattach it often, the macOS may hang out
on some iteration :)

-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 20:10:46 +0100,
Nowarez Market wrote:
> 
> >Feb 19, 2024 19:46:21 Kirill A. Korinsky :
> >
> >I can't disable uaudio because I use it, and I can't uplug (physically)
> >the LG's Audio because it is integrated into the display which I'm
> >using.
> 
> Curious, what is the connection between your display audio that comes
> watched so magically by your station ?
> 
> Sorry for my investigation..but sometimes seems falks just miss Windows
> left click to unplug stuff..
> 

This is USB-C display and I connect my laptop to it via single USB-C
port.

This connection attach the display, the AC addpater, the USB hub, and
integrated video and audio.

If I can do not connect it, I won't ask about how to ban some devices.

-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Nowarez Market
>Sorry for my investigation..but sometimes seems falks just miss Windows
>left click to unplug stuff..
>
>N0\/\/@r€Z
>--
>   /\/\@rk€T

After all your list of *american gigs* missed only that OS.
Just do a switch to Windows and you solved. Maybe...


> N0\/\/@r€Z
> --
>    /\/\@rk€T



Re: Ignore some USB devices

2024-02-19 Thread Nowarez Market
>Feb 19, 2024 19:46:21 Kirill A. Korinsky :
>
>I can't disable uaudio because I use it, and I can't uplug (physically)
>the LG's Audio because it is integrated into the display which I'm
>using.

Curious, what is the connection between your display audio that comes
watched so magically by your station ?

Sorry for my investigation..but sometimes seems falks just miss Windows
left click to unplug stuff..

> N0\/\/@r€Z
> --
>    /\/\@rk€T

Feb 19, 2024 19:46:21 Kirill A. Korinsky :

> I can't disable uaudio because I use it, and I can't uplug (physically)
> the LG's Audio because it is integrated into the display which I'm
> using.



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 19:09:16 +0100,
deich...@placebonol.com wrote:
>
> You can enter the kernel on boot and disable device drivers,
> boot-config(8) .

I do have two USB audio device:

  ~ $ usbdevs  -v
  Controller /dev/usb0:
  ...
  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
   high speed, self powered, config 1, rev 0.03
   driver: uaudio0
  ...
  addr 13: 041e:3130 Creative, Creative BT-W5
   full speed, self powered, config 1, rev 10.00, iSerial 
D97E0B7F86B95AC32000
   driver: uhidev10
   driver: uhidev11
   driver: uaudio1
  ~ $ 

both of them is managed by uaudio. How can I dissable the first one,
without disabling the second one?

I can't disable uaudio because I use it, and I can't uplug (physically)
the LG's Audio because it is integrated into the display which I'm
using.

Ideally I'm looking for a syntax like:

  disable uaudio vendor 0x043e product 0x9a66

--
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread deich...@placebonol.com
OpenBSD is a monolithic kernel, unlike Linux module design.

You can enter the kernel on boot and disable device drivers, boot-config(8) .

On February 19, 2024 9:30:22 AM MST, "Kirill A. Korinsky"  
wrote:
>On Mon, 19 Feb 2024 17:10:27 +0100,
>Nowarez Market wrote:
>> 
>> You should be able to do it by the /etc/bsd.re-config file, you can start 
>> from here:
>> 
>> http://man.openbsd.org/bsd.re-config
>> 
>> Please be very careful.
>> 
>> (It needs two reboots to apply any change)
>> 
>
>I feel consfused: isn't it a way to exclude some module?
>
>If yes, it isn't that I'm looking.
>
>For example, I'm using USB audio, but I'd like to ban USB audio which is
>included into my display, but not ban the module because if I do so, I
>won't able to use USB audio dingle which I use to connect to wireless
>headphones.
>
>Right now I have:
>
>  ~ $ usbdevs  
>  Controller /dev/usb0:
>  addr 01: 8086: Intel, xHCI root hub
>  addr 02: 1050:0404 Yubico, YubiKey CCID
>  addr 03: 13d3:56f2 Azurewave, USB camera
>  addr 04: 8087:0026 Intel, Bluetooth
>  addr 05: 043e:9a61 LG Electronics Inc., USB2.1 Hub
>  addr 06: 043e:9a73 LG USA, product 0x9a73
>  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
>  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera
>  addr 09: 05ac:0265 Apple Inc., Magic Trackpad
>  addr 10: 05ac:026c Apple Inc., Magic Keyboard with Numeric Keypad
>  addr 11: 043e:9a70 LG Electronics Inc., LG UltraFine Display Controls
>  addr 12: 0a12:4010 Cambridge Silicon Radio, product 0x4010
>  addr 13: 041e:3130 Creative, Creative BT-W5
>  ~ $
>
>and I would like somehow to disable
>
>  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
>  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera
>
>but keeping
>
>  addr 03: 13d3:56f2 Azurewave, USB camera
>  addr 13: 041e:3130 Creative, Creative BT-W5
>
>I've tried to play with config -e /bsd but the best that I can figure
>out is how to disable uaudio, and not only one, specific, device.
>
>-- 
>wbr, Kirill
>


Re: relayd fallback when using tag/tagged

2024-02-19 Thread Michael Hekeler
> > > Using such a configuration:
> > > #-8<---
> > > table   { 192.0.2.4 }
> > > table  { 192.0.2.7}
> > > http protocol www {
> > >block
> > >match request header "Host" value "www.example" tag "example"
> > >pass request tagged "example" forward to 
   
Wouldn't it be wrong if relayd sends the requests to  even though
you told him quite clearly to send them to ?
If  is down then relayd must error out, or not (because this is
what you told him to do: sending to )


I think you need an additional step between which decides where to send the
request.
Then in next step you can tag and modify...

Maybe I'm wrong but to me it sounds more consistent when doing the
layer 3 redirection on 192.0.2.30 :

table  { 192.0.2.4 }
table  { 192.0.2.7 }
redirect www {
 listen on 192.0.2.30 port 80
 forward to  check http "/" code 200
 forward to  check icmp
}

And then do all the layer 7 filtering on 192.0.2.4

But as I said before: maybe I'm wrong ;-)



Re: Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
On Mon, 19 Feb 2024 17:10:27 +0100,
Nowarez Market wrote:
> 
> You should be able to do it by the /etc/bsd.re-config file, you can start 
> from here:
> 
> http://man.openbsd.org/bsd.re-config
> 
> Please be very careful.
> 
> (It needs two reboots to apply any change)
> 

I feel consfused: isn't it a way to exclude some module?

If yes, it isn't that I'm looking.

For example, I'm using USB audio, but I'd like to ban USB audio which is
included into my display, but not ban the module because if I do so, I
won't able to use USB audio dingle which I use to connect to wireless
headphones.

Right now I have:

  ~ $ usbdevs  
  Controller /dev/usb0:
  addr 01: 8086: Intel, xHCI root hub
  addr 02: 1050:0404 Yubico, YubiKey CCID
  addr 03: 13d3:56f2 Azurewave, USB camera
  addr 04: 8087:0026 Intel, Bluetooth
  addr 05: 043e:9a61 LG Electronics Inc., USB2.1 Hub
  addr 06: 043e:9a73 LG USA, product 0x9a73
  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera
  addr 09: 05ac:0265 Apple Inc., Magic Trackpad
  addr 10: 05ac:026c Apple Inc., Magic Keyboard with Numeric Keypad
  addr 11: 043e:9a70 LG Electronics Inc., LG UltraFine Display Controls
  addr 12: 0a12:4010 Cambridge Silicon Radio, product 0x4010
  addr 13: 041e:3130 Creative, Creative BT-W5
  ~ $

and I would like somehow to disable

  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera

but keeping

  addr 03: 13d3:56f2 Azurewave, USB camera
  addr 13: 041e:3130 Creative, Creative BT-W5

I've tried to play with config -e /bsd but the best that I can figure
out is how to disable uaudio, and not only one, specific, device.

-- 
wbr, Kirill



Re: Ignore some USB devices

2024-02-19 Thread Nowarez Market
You should be able to do it by the /etc/bsd.re-config file, you can start from 
here:

http://man.openbsd.org/bsd.re-config

Please be very careful.

(It needs two reboots to apply any change)

> N0\/\/@r€Z
> --
>    /\/\@rk€T

Feb 19, 2024 16:15:31 Kirill A. Korinsky :

> I run OpenBSD and some times connect an external display which contains
> integraded web cam, microphone and speakers.
> 
> Web-cam doesn't work, but both microphone and speakers work.
> 
> Is it possible to ignore it somehow?
> 
> Ideally I'm for a black list of usb divecs base on some id.



Ignore some USB devices

2024-02-19 Thread Kirill A . Korinsky
Folks,

I run OpenBSD and some times connect an external display which contains
integraded web cam, microphone and speakers.

Web-cam doesn't work, but both microphone and speakers work.

Is it possible to ignore it somehow?

Ideally I'm for a black list of usb divecs base on some id.

Thanks.

-- 
wbr, Kirill



Re: Function key in cwmrc

2024-02-19 Thread Omar Polo
On 2024/02/19 07:34:01 +, Ioan Samarul  wrote:
> Hello to you all!
> 
> Is it possible to define something like - in cwm configuration
> file? The function key combination from my laptop are not recognized
> so I try to create a hack by using a script that does the same thing
> (volume/brightness up/down).

Not exactly, fn is not a modifier key for what Xorg can see, unlike
shift/ctrl/mod1/...  (AFAIK)

What you can try to do is to run xev, press - and see what key
it is being reported, than bind that.



Function key in cwmrc

2024-02-18 Thread Ioan Samarul
Hello to you all!

Is it possible to define something like - in cwm configuration
file? The function key combination from my laptop are not recognized
so I try to create a hack by using a script that does the same thing
(volume/brightness up/down).

Thank you!



Re: SoGo for OpenBSD?

2024-02-18 Thread Mark
Odhiambo Washington , wrote:

> You just need the password field. The password scheme does not matter.
> You can name the VIEW anything you want.  Just make sure you use whatever
> you name it in the SOGoUserSources block in sogo.conf:
> SOGoUserSources =
> (
>   {
> type = sql;
> id = directory;
> viewURL = "mysql://
> DBUSERNAME:{userpassword}@127.0.0.1:3306/DBNAME/
> *VIEW_NAME*";
> canAuthenticate = YES;
> isAddressBook = YES;
> userPasswordAlgorithm = blf-crypt;
>   }
> );
>

Mr. Odhiambo, and all, thank you all very much for your help, I really
appreciate it,
I now have a fully working -well it seems- SOGo webmail by your help.

The two things I'd like to solve are;

I have in my sogo.log file;

[ERROR] <0x0x53075b5bb68[WOHttpTransaction]>
client disconnected during delivery of response for
 (len=50): the
socket was shutdown

Each time I refresh the browser page (while SOGo inbox is open).

It happens every time, every refresh adds such an error line in the
sogo.log file, and changing browsers did not help.

And I have too many;
"Loading two versions of" lines, like;

Loading two versions of SOGoTrashFolder.  The class that will be used is
undefined
Loading two versions of SOGoMailFolder.  The class that will be used is
undefined
Loading two versions of SOGoSpecialMailFolder.  The class that will be used
is undefined

However, they're defined in my sogo.conf file.

Any clue for these?

Best regards,
Mark.


Any chance for a pinball port?

2024-02-18 Thread Nowarez Market
Hello,

Although I'm not fanatic of games, classic games like flipper or, better, 
pinball continue to affashinate myself expecially in there new sembiances 
("generative  pinballs" and "subpinballs").

Indeed, I found pinball like a good next lesson to give to my daughter to learn 
"motion gestures" farther.

Any chance for a pinball port soon?

Thanks!

> N0\/\/@r€Z
> --
>    /\/\@rk€T



Re: Not getting any reply, are bug report fixed?

2024-02-18 Thread Otto Moerbeek
On Sun, Feb 18, 2024 at 05:13:23PM +0700, Discord is hell wrote:

> The title says all, although it is somewhat offensive. I'm not
> going to disregard OpenBSD developers' efforts.
> 
> I saw many bug report sent to b...@openbsd.org but get
> no reply. I saw some bug are silently fixed (not sure fixed or
> not). I have a question: I have to watch cvs commits to know
> if a bug is fixed?
> 
> The developers never respond to bug report unless they
> need more detail or confirm that is not a bug?
> 
> Thanks
> 

It depends. Not every developer works in the same way and some have
very little time. Most of OpenBSD work is done by volunteers, people
work on it next to their regular job or other business. So some bugs
get fixed with feedback, some gey fixed silently, some get missed,
some are spotted but only worked on later to name a few examples. It's
just the way it is.

-Otto



ACPI kernel panic in first boot after new OpenBSD install

2024-02-18 Thread Shivam Gupta
Hello all,

I have just installed the OpenBSD on a ASUS tuf f15 gaming laptop,
installation went very smooth.

But I soon as I reboot the computer, it put me in ddb shell and there was a
kernel panic related to acpi.

I searched on internet, and tried to update my bios to the latest version
but that did not help. I tried disabling the acpi but that also not worked,
same result.

I followed
https://www.reddit.com/r/openbsd/comments/150jl5y/acpi_error_at_first_boot_on_dell_inspiron_15_3593/
to
get
https://bugzilla.kernel.org/show_bug.cgi?id=202585, here they said it is
bios bug so closed it.

But bios update did not solve the problem, so I am wondering if there is
any work around of this issue.

I have attached one picture of kernel panic and one with show panic and
trace command on ddb.

Images link -

https://postimg.cc/gallery/KYg665H

Regards,
Shivam


Re: sysupgrade fails firmware fetch

2024-02-18 Thread Kirill A . Korinsky
On Sun, 18 Feb 2024 10:57:27 +0100,
Stuart Henderson wrote:
> 
> It's not too bad as long as the person building firmware tgz gets a
> heads-up before the version number is updated.
> 

Specially that right now it still can be run as:

  env VERSION=74 fw_update -p http://firmware.openbsd.org/firmware/snapshots

I do not say that is good, but it isn't a disaster.

Special for guys who runs on development snapshots.

-- 
wbr, Kirill



Not getting any reply, are bug report fixed?

2024-02-18 Thread Discord is hell
The title says all, although it is somewhat offensive. I'm not
going to disregard OpenBSD developers' efforts.

I saw many bug report sent to b...@openbsd.org but get
no reply. I saw some bug are silently fixed (not sure fixed or
not). I have a question: I have to watch cvs commits to know
if a bug is fixed?

The developers never respond to bug report unless they
need more detail or confirm that is not a bug?

Thanks



Re: sysupgrade fails firmware fetch

2024-02-18 Thread Stuart Henderson
On 2024-02-18, Theo de Raadt  wrote:
> Kirill A. Korinsky  wrote:
>
>> On Sat, 17 Feb 2024 22:27:52 +0100,
>> Sonic wrote:
>> > 
>> > Seems it's looking for a 7.5 directory (-current apparently just moved
>> > to 7.5-beta) instead of the snapshot directory.
>> > 
>> 
>> And using snapshot directory fails because wrong signature:
>> 
>>   ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots 
>>   fw_update: failed.
>>   signify: verification failed: checked against wrong key
>>   Signature check of SHA256.sig failed
>>   ~ $ 
>
> The heuristic in fw_update is weak.  Every 6 months there is a chance
> for someone to dig in and see if there is a better heuristic.

It's not too bad as long as the person building firmware tgz gets a
heads-up before the version number is updated.




Re: Out of memory error when build OpenBSD Base/LLVM

2024-02-18 Thread Stuart Henderson
On 2024-02-17, Shivam Gupta  wrote:
> Hi All,
>
> I recently installed OpenBSD OS on my ASUS laptop quad core pentium with 4
> GB RAM and 1 TB HDD.
>
> I was following the guide to build the system from source. But in `make
> build` step it gets a memory error when building LLVM. I tried other ways
> like make -j1 changing some build configuration in llvm's CMakelists.txt
> but nothing works.

The CMakelists.txt files are not used in the OpenBSD src tree.

> So I am seeking help if anything could be done here to complete the make
> build on this ASUS laptop.
>
> I do have another better ASUS TUF F15 laptop but there is some issue in the
> installation, kernel panic after I login in fresh install. So I am trying
> on this old laptop.

You may need to bump datasize values in login.conf for the class used by your
login user.

-- 
Please keep replies on the mailing list.



Re: No dhcp renewal of IP

2024-02-18 Thread Marcus MERIGHI
Hello, 

this is not to answer the original question, but...

kgo...@gmail.com (Kenneth Gober), 2024.02.17 (Sat) 22:15 (CET):
> On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes  wrote:
> > The interface ure0 is the gateway to the Internet, connected to the ISP.
> > Somehow, when this interface loses the IP, the lease is not renewed.
> 
> This is the rule I would use in my pf.conf to allow my router to send DHCP
> requests to my ISP:
> 
> pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any
> port bootps

this is not necessary, because:

"dhcpd reads packets off the wire using BPF, which happens as
packets come off the network interface, but before the IP stack
where pf runs."
David Gwynne  17 Dec 2022 
https://marc.info/?l=openbsd-misc=167128237931458

Marcus



Re: SoGo for OpenBSD?

2024-02-18 Thread Odhiambo Washington
On Sun, Feb 18, 2024 at 11:46 AM Mark  wrote:

> Odhiambo Washington , wrote:
>
> Thank you, Sebastian. After knowing that I can use  /etc/sogo/sogo.conf
>> and after installing sope-mysql-5.9.1, life should be a lot easier for Mark.
>> It's a matter of creating the VIEW to be used by SOGo for authenticating
>> the users from the MySQL database.
>> In my database I created it as follows:
>> USE exim4u;
>> CREATE VIEW sogo_auth_view AS SELECT user_id AS sogo_id, username AS
>> c_uid, username AS c_name, crypt AS c_password, realname AS c_cn, username
>> AS mail, realname AS displayName FROM users WHERE enabled='1';
>> EXIT;
>>
>> The VIEW is used in sogo.conf as per the tutorial referred to before.
>>
>>
>
> Thank you so much, Odhiambo for the idea.
>
> Two questions;
> 1- My password scheme in my database is BLF-CRYPT (blowfish), should I
> mention this for the CREATE VIEW command?
> (reading that you put crypt AS c_password)
>

You just need the password field. The password scheme does not matter.



> 2- You created "sogo_auth_view" it seems, however the tutorial you sent
> does it for "sogo_view", why so?
>

You can name the VIEW anything you want.  Just make sure you use whatever
you name it in the SOGoUserSources block in sogo.conf:

SOGoUserSources =
(
  {
type = sql;
id = directory;
viewURL = "mysql://DBUSERNAME:{userpassword}@127.0.0.1:3306/DBNAME/
*VIEW_NAME*";
canAuthenticate = YES;
isAddressBook = YES;
userPasswordAlgorithm = blf-crypt;
  }
);


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]


Re: SoGo for OpenBSD?

2024-02-18 Thread Mark
Odhiambo Washington , wrote:

Thank you, Sebastian. After knowing that I can use  /etc/sogo/sogo.conf and
> after installing sope-mysql-5.9.1, life should be a lot easier for Mark.
> It's a matter of creating the VIEW to be used by SOGo for authenticating
> the users from the MySQL database.
> In my database I created it as follows:
> USE exim4u;
> CREATE VIEW sogo_auth_view AS SELECT user_id AS sogo_id, username AS
> c_uid, username AS c_name, crypt AS c_password, realname AS c_cn, username
> AS mail, realname AS displayName FROM users WHERE enabled='1';
> EXIT;
>
> The VIEW is used in sogo.conf as per the tutorial referred to before.
>
>

Thank you so much, Odhiambo for the idea.

Two questions;
1- My password scheme in my database is BLF-CRYPT (blowfish), should I
mention this for the CREATE VIEW command?
(reading that you put crypt AS c_password)

2- You created "sogo_auth_view" it seems, however the tutorial you sent
does it for "sogo_view", why so?

Much regards,
Mark.


Re: SoGo for OpenBSD?

2024-02-18 Thread Odhiambo Washington
On Sun, Feb 18, 2024 at 1:06 AM Sebastian Reitenbach <
sebas...@l00-bugdead-prods.de> wrote:

> On Saturday, February 17, 2024 11:03 CET, Mark 
> wrote:
>
> > Hi again everyone, Thanks for all your replies.
> >
> > I'm aware that I could install with "pkg_add sogo", I tried many times.
> >
> > My issue is its configuration.
> >
> > My mail server setup consists of; Postfix, Dovecot, Postfixadmin and
> Nginx.
> >
> > I'm looking for a way to integrate SOGo (only for its webmail interface,
> > nothing more) into my mailserver.
> >
> > There is no sogo.conf at all. And I'd like to use that way, instead of
> > GNUStep commands.
>
> SOGo depends on SOPE, that has two subpackages for PostgreSQL and
> MySQL/MariaDB.
> If you want to use MariaDB as backend, you have to install the sope-mysql
> subpackage, as mentioned in the SOGo README.
>
> As also mentioned in the README, you can use the GNUstep defaults tool
> su  - _sogo
> $ defaults write sogod WOPort 127.0.0.1:2
> $ defaults write sogod WOWorkersCount 4
> ...
> $ defaults read
> sogod WOWorkersCount 4
> sogod WOPort 127.0.0.1:2
> ...
>
> If you insist on the config file,
> you should be able to take the sogo.conf example file from:
> https://github.com/Alinto/sogo/blob/master/Scripts/sogo.conf
> as a start, and place it in /etc/sogo/sogo.conf
>
> When I remember at the next update, I'll include to install it,
> otherwise if someone provides patches before that time,
> send them to me directly.
>
> Sebastian
>

Thank you, Sebastian. After knowing that I can use  /etc/sogo/sogo.conf and
after installing sope-mysql-5.9.1, life should be a lot easier for Mark.
It's a matter of creating the VIEW to be used by SOGo for authenticating
the users from the MySQL database.
In my database I created it as follows:
USE exim4u;
CREATE VIEW sogo_auth_view AS SELECT user_id AS sogo_id, username AS c_uid,
username AS c_name, crypt AS c_password, realname AS c_cn, username AS
mail, realname AS displayName FROM users WHERE enabled='1';
EXIT;

The VIEW is used in sogo.conf as per the tutorial referred to before.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]


Re: SoGo for OpenBSD?

2024-02-18 Thread Mark
>
> SOGo depends on SOPE, that has two subpackages for PostgreSQL and
> MySQL/MariaDB.
> If you want to use MariaDB as backend, you have to install the sope-mysql
> subpackage, as mentioned in the SOGo README.
>
> As also mentioned in the README, you can use the GNUstep defaults tool
> su  - _sogo
> $ defaults write sogod WOPort 127.0.0.1:2
> $ defaults write sogod WOWorkersCount 4
> ...
> $ defaults read
> sogod WOWorkersCount 4
> sogod WOPort 127.0.0.1:2
> ...
>
> If you insist on the config file,
> you should be able to take the sogo.conf example file from:
> https://github.com/Alinto/sogo/blob/master/Scripts/sogo.conf
> as a start, and place it in /etc/sogo/sogo.conf
>
> When I remember at the next update, I'll include to install it,
> otherwise if someone provides patches before that time,
> send them to me directly.
>
> Sebastian
>


Thanks for that info, Sebastian.

It'd be much better for me to have a single configuration file to manage
all the options,
settings and values within there, instead of configuring SOGo in the shell,
line by line.

Question #1; There is no /etc/sogo/ folder by the default after pkg_add
sogo.
If I manually create /etc/sogo/sogo.conf, would SOGo automatically
recognize it?
Or some "sogod_flags" in rc.conf.local would be needed to point to the
configuration file?

Question #2: Would "pkg_add sope-mysql" be a correct way to add MariaDB
backend?
(The file "/usr/local/share/doc/pkg-readmes/sogo" does not mention anything
about that,
but perhaps I'm looking for a wrong README)

Many thanks,
Mark.


Re: sysupgrade fails firmware fetch

2024-02-17 Thread Theo de Raadt
Kirill A. Korinsky  wrote:

> On Sat, 17 Feb 2024 22:27:52 +0100,
> Sonic wrote:
> > 
> > Seems it's looking for a 7.5 directory (-current apparently just moved
> > to 7.5-beta) instead of the snapshot directory.
> > 
> 
> And using snapshot directory fails because wrong signature:
> 
>   ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots 
>   fw_update: failed.
>   signify: verification failed: checked against wrong key
>   Signature check of SHA256.sig failed
>   ~ $ 

The heuristic in fw_update is weak.  Every 6 months there is a chance
for someone to dig in and see if there is a better heuristic.

But be careful.  If the other side of the heuristic is broken for the
real release cycle it will be very uncomfortable.



Re: sysupgrade fails firmware fetch

2024-02-17 Thread Kirill A . Korinsky
On Sat, 17 Feb 2024 22:27:52 +0100,
Sonic wrote:
> 
> Seems it's looking for a 7.5 directory (-current apparently just moved
> to 7.5-beta) instead of the snapshot directory.
> 

And using snapshot directory fails because wrong signature:

  ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots 
  fw_update: failed.
  signify: verification failed: checked against wrong key
  Signature check of SHA256.sig failed
  ~ $ 

-- 
wbr, Kirill



Re: SoGo for OpenBSD?

2024-02-17 Thread Sebastian Reitenbach
On Saturday, February 17, 2024 11:03 CET, Mark  
wrote:

> Hi again everyone, Thanks for all your replies.
> 
> I'm aware that I could install with "pkg_add sogo", I tried many times.
> 
> My issue is its configuration.
> 
> My mail server setup consists of; Postfix, Dovecot, Postfixadmin and Nginx.
> 
> I'm looking for a way to integrate SOGo (only for its webmail interface,
> nothing more) into my mailserver.
> 
> There is no sogo.conf at all. And I'd like to use that way, instead of
> GNUStep commands.

SOGo depends on SOPE, that has two subpackages for PostgreSQL and MySQL/MariaDB.
If you want to use MariaDB as backend, you have to install the sope-mysql
subpackage, as mentioned in the SOGo README.

As also mentioned in the README, you can use the GNUstep defaults tool 
su  - _sogo
$ defaults write sogod WOPort 127.0.0.1:2
$ defaults write sogod WOWorkersCount 4
...
$ defaults read
sogod WOWorkersCount 4
sogod WOPort 127.0.0.1:2
...

If you insist on the config file,
you should be able to take the sogo.conf example file from:  
https://github.com/Alinto/sogo/blob/master/Scripts/sogo.conf
as a start, and place it in /etc/sogo/sogo.conf 

When I remember at the next update, I'll include to install it,
otherwise if someone provides patches before that time,
send them to me directly.

Sebastian

> 
> @Sebastian, is it possible to set SOGo to use /etc/sogo.conf as
> configuration file?
> 
> @Odhiambo, thank you very much for the links, the buff0k.co.za one seems to
> be helpful, even though it's for Debian.
> 
> Regards,
> 
> Mark
> 
> 
> Odhiambo Washington , 17 Şub 2024 Cmt, 11:55 tarihinde
> şunu yazdı:
> 
> >
> >
> > On Fri, Feb 16, 2024 at 4:08 PM Mark  wrote:
> >
> >> Greetings.
> >>
> >> Is there any hero here, to explain/forward me a working tutorial (never
> >> found one) for installation of SoGo (for its webmail) on an OpenBSD mail
> >> server?
> >>
> >
> > Hi Mark,
> >
> > I am new to OpenBSD, but I have used SOGo for several years on Linux and
> > FreeBSD.
> > SOGo will be the webUI for your emails and calendar once it's running.
> > For the installation, you already have the 'doas pkg_add sogo'. You will
> > then configure it.
> > There are two ways to configure it, but I find it easiest to just craft a
> > configuration file in /etc/sogo/sogo.conf.
> > I am not sure where OpenBSD puts it, but the path above is where Linux
> > puts it. FreeBSD OTOH uses
> > /usr/local/etc/sogo/sogo.conf.
> > The backend in my case is MariaDB, with Exim (MTA) and Dovecot as the
> > IMAP4 server.
> > Here is a detailed  tutorial for getting SOGo glued together with other
> > applications to create a Groupware server:
> > ```
> > https://www.buff0k.co.za/tutorial/debian-11-groupware-lemp
> > ```
> > The complete documentation for SOGo is at:
> > ```
> >
> > https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#_creating_a_user_account
> > ```
> > In case you get stuck with something specific to SOGo, then there's an ML
> > for it where the Devs are also present:
> > ```
> > https://www.sogo.nu/support.html
> > ```
> >
> > I will be available to help where I can.
> >
> >
> > --
> > Best regards,
> > Odhiambo WASHINGTON,
> > Nairobi,KE
> > +254 7 3200 0004/+254 7 2274 3223
> >  In an Internet failure case, the #1 suspect is a constant: DNS.
> > "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> > [How to ask smart questions:
> > http://www.catb.org/~esr/faqs/smart-questions.html]
> >



sysupgrade fails firmware fetch

2024-02-17 Thread Sonic
Today "sysupgrade -s" failed to fetch updated firmware:
=
Verifying sets.
Fetching updated firmware.
fw_update: failed.
Cannot fetch http://firmware.openbsd.org/firmware/7.5//SHA256.sig (404
Not Found)
Upgrading.
=

Seems it's looking for a 7.5 directory (-current apparently just moved
to 7.5-beta) instead of the snapshot directory.



Re: No dhcp renewal of IP

2024-02-17 Thread Kenneth Gober
On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes  wrote:

> The interface ure0 is the gateway to the Internet, connected to the ISP.
>
> Somehow, when this interface loses the IP, the lease is not renewed.
>

This is the rule I would use in my pf.conf to allow my router to send DHCP
requests to my ISP:

pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any
port bootps

I need this because I block all inbound *and* outbound traffic on my router
by default.
Without seeing your PF configuration it's unclear whether this rule would
help you and
I do not recommend you ever copy/paste settings on your router that you
don't understand.
But if you do understand what this rule does and can guess why you need it,
feel free to try it.

-ken


Re: No dhcp renewal of IP

2024-02-17 Thread Odd Martin Baanrud
Hello Luis,

Do you have pf enabled on the router, and block all incomming traffic by 
default?
If so, you need to permit the dhcp server to give response to your client, with 
a rule like this:
pass in quick on ure0 inet proto udp from port 67 to port 68

Regards, Martin



No dhcp renewal of IP

2024-02-17 Thread Luis Mendes
Hi,


The interface ure0 is the gateway to the Internet, connected to the ISP.

-
$ cat hostname.ure0 
inet autoconf
-

Somehow, when this interface loses the IP, the lease is not renewed.

-
# rcctl get dhcpd
dhcpd_class=daemon
dhcpd_execdir=
dhcpd_flags=em0
dhcpd_logger=
dhcpd_rtable=0
dhcpd_timeout=30
dhcpd_user=root

-
$ cat dhcpd.conf 
option  domain-name "home.lan";
option  domain-name-servers 192.168.1.253;
max-lease-time 4800;
default-lease-time 1200;

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.253;

range 192.168.1.100 192.168.1.200;

host c1 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.7;
}
host c2 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.12;
option  domain-name-servers 192.168.1.253;
}
host c3 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.20;

}
}
-

The file /var/log/daemon show many 'sendto: Permission denied' for
dhcpleased

-
Feb 17 05:19:32 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:29:43 comp1 last message repeated 9 times
Feb 17 05:34:12 comp1 last message repeated 5 times
Feb 17 05:34:45 comp1 dhcpleased[11074]: sendto: Permission denied
Feb 17 05:34:45 comp1 dhcpleased[11074]: bpf_send_packet: writev:
Network is down Feb 17 05:35:32 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:36:36 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:38:40 comp1 last message repeated 2 times
Feb 17 05:45:23 comp1 last message repeated 9 times
Feb 17 05:46:00 comp1 dhcpleased[11074]: sendto: Permission denied
Feb 17 05:46:00 comp1 dhcpleased[11074]: bpf_send_packet: writev:
Network is down Feb 17 05:46:54 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:47:21 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:48:31 comp1 last message repeated 2 times
Feb 17 05:51:11 comp1 last message repeated 2 times
Feb 17 05:51:37 comp1 dhcpleased[11074]: sendto: Permission denied
Feb 17 05:51:37 comp1 dhcpleased[11074]: bpf_send_packet: writev:
Network is down Feb 17 05:51:42 lenovo ntpd[59884]: DNS lookup tempfail
-

# dhcpleasectl ure0
.
ure0 [Bound]
inet 8.x.x.x netmask 255.255.255.0
default gateway 8.x.x.1
nameservers 100.x.x.x 100.x.x.z
lease 60 minutes
dhcp server 15.x.x.x

-

# rcctl ls failed
shows nothing
-
# rcctl ls stopped | grep dh
dhcrelay
dhcrelay6
-

I must be missing some configuration, but can't find out what.
I've searched the web and it seems that I could add a '!dhclient' line
to file /etc/hostname.ure0, but it's not the default way of doing this.

What is wrong?

Thanks,


Luis Mendes












Re: Out of memory error when build OpenBSD Base/LLVM

2024-02-17 Thread Kenneth Gober
On Sat, Feb 17, 2024 at 10:07 AM Shivam Gupta 
wrote:

> I recently installed OpenBSD OS on my ASUS laptop quad core pentium with 4
> GB RAM and 1 TB HDD.
>
> I was following the guide to build the system from source. But in `make
> build` step it gets a memory error when building LLVM.
>

I have built OpenBSD 7.4/i386 on a VM with 512MB RAM, and 7.4/amd64 on a
VM with 1GB RAM, so 4GB ought to be plenty.  Both VMs were configured with
two CPU cores.

Maybe the build process is trying to do too many things at once, and your
slow
CPUs are exposing race conditions not normally seen? Try booting bsd.sp and
see if the build completes using only one CPU.

-ken


Out of memory error when build OpenBSD Base/LLVM

2024-02-17 Thread Shivam Gupta
Hi All,

I recently installed OpenBSD OS on my ASUS laptop quad core pentium with 4
GB RAM and 1 TB HDD.

I was following the guide to build the system from source. But in `make
build` step it gets a memory error when building LLVM. I tried other ways
like make -j1 changing some build configuration in llvm's CMakelists.txt
but nothing works.

So I am seeking help if anything could be done here to complete the make
build on this ASUS laptop.

I do have another better ASUS TUF F15 laptop but there is some issue in the
installation, kernel panic after I login in fresh install. So I am trying
on this old laptop.

Thanks,
Shivam


Re: Automatic OS updates

2024-02-17 Thread bsd
On Fri, Feb 16, 2024, at 17:09, Jan Stary wrote:
> And this saves you what, ten keystrokes a day?

Yes, it felt silly typing the same things every day and waiting for
the computer to update.

(If an update takes 4 minutes per day to babysit, that's about 
2 hours per month)

On Fri, Feb 16, 2024, at 21:10, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> Blind updating out of cron is utter madness.  If there are any merge
> errors in /etc (think sshd_config for starters), you can end up
> with a machine you cannot log in to, or that's just acting out
> destructively.

Yeah!  But you guys are sysadmins, I'm basically a 'gamer', I mostly
use my OpenBSD computer for an online game.

Thus an upgrade problem mostly risks me being late for a 'war',
which is not the end of the world.

SSH not coming back up is a non-issue, I have screen and keyboard
connected.  (I'll probably turn off auto-updates when traveling tho
as remote access is nice although non-essential.)

I also have a second computer I can boot up if this one doesn't work.



  1   2   3   4   5   6   7   8   9   10   >