Re: I have several questions
On 2014-08-11, Theo de Raadt dera...@cvs.openbsd.org wrote: Did you use separate disk partitions, or just make one big / partition? If the latter, that would *probably* stop the signature verification from being possible. By installation files I mean installation files on CD The installation program says it can't verify and I have to make an answer to let installation program go ahead You mean you used the install*.iso or install*.fs files for installation. This is documented that these media do not have signatures for the contents inside themselves. For those install methods you have to verify the install media files themselves beforehands. Did you do that? You didn't, did you. And then you booted that on your machine? Tsk tsk. This is the least of your problems... This has not been an problem in the last twenty or so years. Best regards, J JOACHIM
Re: I have several questions
On August 12, 2014 7:34:58 AM CEST, Long Wind longwind2...@gmail.com wrote: On 8/12/14, Stuart Henderson s...@spacehopper.org wrote: Yes. Did you use separate disk partitions, or just make one big / partition? does that matter? I am new to OpenBSD, and I let installation program decide how to disk-label Oh come on. Stuart is very much *not* new to OpenBSD, and now he asked the exact same question twice. Why would it *not* matter? Just answer the [essence of the] question. /Alexander
Re: I have several questions
I raise the question again. During installation, I am asked: Directory does not contain SHA256.sig. Continue without verification? [no] I have to enter yes to let it proceed: Installing bsd Installing bsd.rd Installing base55.tgz ... I have downloaded CD image for i386 and burned it and booted it I think I shall not encounter such a question Why SHA256.sig isn't on CD? Thanks to all those who reply (replied)!!
Re: I have several questions
I raise the question again. During installation, I am asked: Directory does not contain SHA256.sig. Continue without verification? [no] I have to enter yes to let it proceed: Installing bsd Installing bsd.rd Installing base55.tgz ... I have downloaded CD image for i386 and burned it and booted it I think I shall not encounter such a question Why SHA256.sig isn't on CD? Because that CD cannot be internally signed and externally signed with the current build mechanism. It is in the FAQ. Very the CD image media itself. You didn't do that? Then you booted it?
Re: I have several questions
previously on this list Theo de Raadt contributed: You see the cd can fetch sets from mirrors and in fact all you need to upgrade is bsd.rd, a reboot from it and an internet connection, in which case verifying bsd.rd and the sets is needed. Very the CD image media itself. You didn't do that? Then you booted it? If you really want you can add sha256.sig to the iso with isomaster from packages or choose http rather than cd. The bit you seem to have missed from Theo's last email aside from the above? is that booting the iso/bsd.rd without verifying it with signify (buy a cd or verify with checksums) means that while the sets may be valid the iso may not be and you could already be fscked from this or past CDs etc. (verifying could be compromised anyway). -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: I have several questions
On 12/08/14 18:27, Long Wind wrote: I raise the question again. During installation, I am asked: Directory does not contain SHA256.sig. Continue without verification? [no] I have to enter yes to let it proceed: Installing bsd Installing bsd.rd Installing base55.tgz ... I have downloaded CD image for i386 and burned it and booted it I think I shall not encounter such a question Why SHA256.sig isn't on CD? Thanks to all those who reply (replied)!! If someone was able to modify the ISO to tamper with the sets, they could also alter the keys included, and change the checksums and .sig file. In this case, you would be told everything was fine and it would continue installing. That is why you should verify the install ISO itself before booting/installing.
Re: I have several questions
Just riffing off of what has already been said, not claiming any expertise. Just relating personal and unfortunately painful at times experience. There are folks out there with amazing knowledge and experience. Some choose to be malicious. The ones that have both patience and discipline combined with the above... yikes. You can certainly build a mighty fortress with OpenBSD, but if you get sloppy with the foundation it is gonna fail. Applies to any in life. Malicious types can shim BIOS, boot loaders, craft insane hidden disklabels, and who knows what else. They can also mess with downloads. e.g. can't get a foothold right now, i'll just mess with basexx.tgz for neophyte obsd user (me). Partial extract before failure... He'll reboot and then let's see what he does... Mirror traffic is watched, certainly possible to get hammered on during upgrades... Anywho, lots of knowledge available here. Just gotta poke around a bit ;) As an aside, if your online banking 'requires' either Java or Flash, that is rather disturbing.
Re: I have several questions
Le 11/08/2014 22:47, Long Wind a écrit : how to list packages that belong to a section? (e.g. audio section) My first guess would be to fetch ports (http://www.openbsd.org/faq/faq15.html#PortsFetch) and then list packages in the audio directory :) Another way could be to use pkg_mgr (http://dawn.rhaalovely.net/pkg_mgr/). There is probably some other ways for which I am not aware of. during installation it says it can't verify signatures of installation files (I use 5.5 CD for i386) is that important? i plan to use online banking on OpenBSD, so security is very important which package can select part of mp3 file to create a new mp3? why jdk(java) support is poor on OpenBSD? according to faq, it runs only on amd64. do I have to use Linux emulation? Thanks!
Re: I have several questions
On 2014-08-11, Mxher o...@mxher.fr wrote: Le 11/08/2014 22:47, Long Wind a écrit : how to list packages that belong to a section? (e.g. audio section) My first guess would be to fetch ports (http://www.openbsd.org/faq/faq15.html#PortsFetch) and then list packages in the audio directory :) Another way could be to use pkg_mgr (http://dawn.rhaalovely.net/pkg_mgr/). There is probably some other ways for which I am not aware of. +1 for pkg_mgr if you want a package browser. during installation it says it can't verify signatures of installation files (I use 5.5 CD for i386) is that important? i plan to use online banking on OpenBSD, so security is very important Did you use separate disk partitions, or just make one big / partition? If the latter, that would *probably* stop the signature verification from being possible. which package can select part of mp3 file to create a new mp3? mp3splt / mp3splt-gtk audacity sox probably others why jdk(java) support is poor on OpenBSD? according to faq, it runs only on amd64. It was broken for 5.5 release on i386, iirc this was to do with stack alignment, packages are available again for snapshots and will be in 5.6 though there is still an intermittent problem where javac fails from time to time. do I have to use Linux emulation? I suspect this is unlikely to be very successful for jdk. If you have 64-bit capable hardware then it might be better to reinstall with amd64 if you're going to be using this regularly..
Re: I have several questions
On 8/12/14, Stuart Henderson s...@spacehopper.org wrote: On 2014-08-11, Mxher o...@mxher.fr wrote: Did you use separate disk partitions, or just make one big / partition? If the latter, that would *probably* stop the signature verification from being possible. By installation files I mean installation files on CD The installation program says it can't verify and I have to make an answer to let installation program go ahead
Re: I have several questions
Did you use separate disk partitions, or just make one big / partition? If the latter, that would *probably* stop the signature verification from being possible. By installation files I mean installation files on CD The installation program says it can't verify and I have to make an answer to let installation program go ahead You mean you used the install*.iso or install*.fs files for installation. This is documented that these media do not have signatures for the contents inside themselves. For those install methods you have to verify the install media files themselves beforehands. Did you do that? You didn't, did you. And then you booted that on your machine? Tsk tsk. This is the least of your problems...
Re: I have several questions
On 2014-08-11, Long Wind longwind2...@gmail.com wrote: On 8/12/14, Stuart Henderson s...@spacehopper.org wrote: On 2014-08-11, Mxher o...@mxher.fr wrote: Did you use separate disk partitions, or just make one big / partition? If the latter, that would *probably* stop the signature verification from being possible. By installation files I mean installation files on CD The installation program says it can't verify and I have to make an answer to let installation program go ahead Yes. Did you use separate disk partitions, or just make one big / partition?
Re: I have several questions
On 8/12/14, Stuart Henderson s...@spacehopper.org wrote: Yes. Did you use separate disk partitions, or just make one big / partition? does that matter? I am new to OpenBSD, and I let installation program decide how to disk-label
