Re: acpi: pretend to be Darwin on Apple hardware
On Fri, Feb 10, 2017 at 08:56:13AM -0600, joshua stein wrote: > On Thu, 09 Feb 2017 at 18:30:59 -0600, joshua stein wrote: > > Without this, my MacBook Air won't suspend properly (hangs calling > > _PTS) and a similar change in Linux from 2014 (commit > > 7bc5a2bad0b8d9d1ac9f7b8b33150e4ddf197334) notes that upon resume, > > the Thunderbolt ports won't be powered up without pretending to be > > Darwin. > > One regression that this introduces is that acpibat no longer > attaches, because _STA on the PNP0C0A device returns 0 when the OS > is Darwin, expecting it to instead attach to the ACPI Smart Battery > Subsystem device (ACPI0002). > > I'm looking into what it will take to write an ACPI smart battery > driver. > The original diff is ok, but I think if you commit it, you'll hear screams from people complaining their batteries aren't recognized anymore. I'd probably wait until you have the smart battery driver done, then commit the diff. But I don't have any of this hardware so either way it's not going to affect me. Use your best judgement I guess. -ml
Re: asmc: restore keyboard backlight on resume
On Thu, Feb 09, 2017 at 06:41:38PM -0600, joshua stein wrote:
> After resume, the keyboard backlight is still off, so restore it
> (this was also helpful to figure out the machine was actually
> resuming).
>
looks ok to me. ok mlarkin@
-ml
>
> Index: sys/dev/isa/asmc.c
> ===
> RCS file: /cvs/src/sys/dev/isa/asmc.c,v
> retrieving revision 1.30
> diff -u -p -u -p -r1.30 asmc.c
> --- sys/dev/isa/asmc.c22 Apr 2016 20:45:53 - 1.30
> +++ sys/dev/isa/asmc.c10 Feb 2017 00:40:15 -
> @@ -92,6 +92,7 @@ voidasmc_update(void *);
> int asmc_match(struct device *, void *, void *);
> void asmc_attach(struct device *, struct device *, void *);
> int asmc_detach(struct device *, int);
> +int asmc_activate(struct device *, int);
>
> /* wskbd hook functions */
> void asmc_backlight(void *);
> @@ -101,7 +102,7 @@ extern int (*wskbd_get_backlight)(struct
> extern int (*wskbd_set_backlight)(struct wskbd_backlight *);
>
> const struct cfattach asmc_ca = {
> - sizeof(struct asmc_softc), asmc_match, asmc_attach
> + sizeof(struct asmc_softc), asmc_match, asmc_attach, NULL, asmc_activate
> };
>
> struct cfdriver asmc_cd = {
> @@ -355,6 +356,20 @@ asmc_detach(struct device *self, int fla
>
> task_del(systq, >sc_task_backlight);
> asmc_try(sc, ASMC_WRITE, "LKSB", buf, 2);
> + return 0;
> +}
> +
> +int
> +asmc_activate(struct device *self, int act)
> +{
> + struct asmc_softc *sc = (struct asmc_softc *)self;
> +
> + switch (act) {
> + case DVACT_WAKEUP:
> + asmc_backlight(sc);
> + break;
> + }
> +
> return 0;
> }
>
>
Re: Test wanted: free unix domain (a.k.a SOCKET_LOCK())
The process holding the netlock is:
34831 184306 25445 0 30x80 netio perl
ddb{0}> trace /p 0t184306
sleep_finish(d0bceda0,d09e1903,f5536d2c,d03ce235,db7e4514) at sleep_finish+0xb4
sleep_finish(f5536d3c,1,118,d09e5f10,0) at sleep_finish+0xb4
tsleep(db544cdc,118,d09e5f10,0,0,0,f5536dec,d0570a6e,db53ea40,c9303c25,f5536dbc
,d03aab39) at tsleep+0x14f
sbwait(db544c8c,db544cdc,0,0,f5536ef4) at sbwait+0xa8
soreceive(db544c8c,f5536e94,f5536e6c,0,0) at soreceive+0x43d
recvit(db6ee2a8,0,f5536ed8,cf7da9f0,f5536f7c) at recvit+0x122
sys_recvfrom(db6ee2a8,f5536f5c,f5536f7c,0,f5536fa8) at sys_recvfrom+0x90
syscall() at syscall+0x250
The line in soreceive() is here
/usr/src/sys/kern/uipc_socket.c:736
sbunlock(>so_rcv);
error = sbwait(so, >so_rcv);
SOCKET_UNLOCK(s);
sbwait() should call rwsleep() not tsleep().
On Thu, Feb 09, 2017 at 12:36:44PM +0100, Martin Pieuchot wrote:
> +int
> +sosleep(struct socket *so, void *ident, int prio, const char *wmesg, int
> timo)
> +{
> + if (so->so_proto->pr_protocol != PF_LOCAL)
> + return rwsleep(ident, , prio, wmesg, timo);
> + else
> + return tsleep(ident, prio, wmesg, timo);
> +}
Here the check must be (so->so_proto->pr_domain->dom_family != PF_LOCAL).
bluhm
Re: Test wanted: free unix domain (a.k.a SOCKET_LOCK())
On Thu, Feb 09, 2017 at 12:36:44PM +0100, Martin Pieuchot wrote: > Please test and report back. This diff triggers a deadlock in /usr/src/regress/sys/net/pf_divert. Several processes hang in netlock on the remote machine. root@ot2:.../~# ps axkl | grep netlock 0 27718 0 0 10 0 0 0 netlock DK??0:01.66 (softcloc 0 65641 0 0 10 0 0 0 netlock DK??0:01.66 (systq) 0 98536 0 0 10 0 0 0 netlock DK??0:23.32 (softnet) 0 29505 0 0 10 0 0 0 netlock DK??0:00.12 (pfpurge) 0 31797 57781 0 10 0 912 2932 netlock Ds??0:00.03 sshd: roo After the test timeout the machine recovers. run-regress-inet-args-icmp-to time SUDO= perl -I/usr/src/regress/sys/net/pf_divert /usr/src/regress/sys/net/pf_divert/remote.pl -f inet 10.188.81.21 10.188.81.188 ot2 /usr/src/regress/sys/net/pf_divert/args-icmp-to.pl Remote no 'Shutdown' in server.log after 20 seconds at /usr/src/regress/sys/net/pf_divert/remote.pl line 211. *** Error 255 in /usr/src/regress/sys/net/pf_divert (Makefile:136 'run-regress-inet-args-icmp-to') bluhm
struct ipipstat: use 64 bits counters
Using a mix of 32 and 64 bits counters leads to an ugly conversion to
percpu counters. Why not move to 64 bits counters? struct ipipstat is
afaik only used by netstat and ports/shells/nsh (I can cook a fix for
the latter).
ok?
Index: sys/netinet/ip_ipip.h
===
RCS file: /d/cvs/src/sys/netinet/ip_ipip.h,v
retrieving revision 1.6
diff -u -p -r1.6 ip_ipip.h
--- sys/netinet/ip_ipip.h 14 Dec 2007 18:33:41 - 1.6
+++ sys/netinet/ip_ipip.h 10 Feb 2017 15:48:13 -
@@ -43,18 +43,17 @@
* Not quite all the functionality of RFC-1853, but the main idea is there.
*/
-struct ipipstat
-{
-u_int32_t ipips_ipackets; /* total input packets */
-u_int32_t ipips_opackets; /* total output packets */
-u_int32_t ipips_hdrops; /* packet shorter than header shows */
-u_int32_t ipips_qfull;
-u_int64_t ipips_ibytes;
-u_int64_t ipips_obytes;
-u_int32_t ipips_pdrops; /* packet dropped due to policy */
-u_int32_t ipips_spoof;/* IP spoofing attempts */
-u_int32_t ipips_family; /* Protocol family mismatch */
-u_int32_t ipips_unspec;/* Missing tunnel endpoint address */
+struct ipipstat {
+u_int64_t ipips_ipackets; /* total input packets */
+u_int64_t ipips_opackets; /* total output packets */
+u_int64_t ipips_hdrops; /* packet shorter than header shows */
+u_int64_t ipips_qfull;
+u_int64_t ipips_ibytes;
+u_int64_t ipips_obytes;
+u_int64_t ipips_pdrops; /* packet dropped due to policy */
+u_int64_t ipips_spoof;/* IP spoofing attempts */
+u_int64_t ipips_family; /* Protocol family mismatch */
+u_int64_t ipips_unspec;/* Missing tunnel endpoint address */
};
#define IP4_DEFAULT_TTL0
Index: usr.bin/netstat/inet.c
===
RCS file: /d/cvs/src/usr.bin/netstat/inet.c,v
retrieving revision 1.154
diff -u -p -r1.154 inet.c
--- usr.bin/netstat/inet.c 7 Feb 2017 18:18:16 - 1.154
+++ usr.bin/netstat/inet.c 10 Feb 2017 15:39:13 -
@@ -1065,16 +1065,16 @@ ipip_stats(char *name)
#define p(f, m) if (ipipstat.f || sflag <= 1) \
printf(m, ipipstat.f, plural(ipipstat.f))
- p(ipips_ipackets, "\t%u total input packet%s\n");
- p(ipips_opackets, "\t%u total output packet%s\n");
- p(ipips_hdrops, "\t%u packet%s shorter than header shows\n");
- p(ipips_pdrops, "\t%u packet%s dropped due to policy\n");
- p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n");
- p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n");
+ p(ipips_ipackets, "\t%llu total input packet%s\n");
+ p(ipips_opackets, "\t%llu total output packet%s\n");
+ p(ipips_hdrops, "\t%llu packet%s shorter than header shows\n");
+ p(ipips_pdrops, "\t%llu packet%s dropped due to policy\n");
+ p(ipips_spoof, "\t%llu packet%s with possibly spoofed local
addresses\n");
+ p(ipips_qfull, "\t%llu packet%s were dropped due to full output
queue\n");
p(ipips_ibytes, "\t%llu input byte%s\n");
p(ipips_obytes, "\t%llu output byte%s\n");
- p(ipips_family, "\t%u protocol family mismatche%s\n");
- p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified
endpoint(s)\n");
+ p(ipips_family, "\t%llu protocol family mismatche%s\n");
+ p(ipips_unspec, "\t%llu attempt%s to use tunnel with unspecified
endpoint(s)\n");
#undef p
}
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: acpi: pretend to be Darwin on Apple hardware
On Thu, 09 Feb 2017 at 18:30:59 -0600, joshua stein wrote: > Without this, my MacBook Air won't suspend properly (hangs calling > _PTS) and a similar change in Linux from 2014 (commit > 7bc5a2bad0b8d9d1ac9f7b8b33150e4ddf197334) notes that upon resume, > the Thunderbolt ports won't be powered up without pretending to be > Darwin. One regression that this introduces is that acpibat no longer attaches, because _STA on the PNP0C0A device returns 0 when the OS is Darwin, expecting it to instead attach to the ACPI Smart Battery Subsystem device (ACPI0002). I'm looking into what it will take to write an ACPI smart battery driver.
Re: acpi: pretend to be Darwin on Apple hardware
On 10/02/17(Fri) 11:47, Stefan Sperling wrote: > On Fri, Feb 10, 2017 at 11:37:45AM +0100, Martin Pieuchot wrote: > > I'm not sure to understand why we can't add Darwin, is it going to > > break non Apple machines? > > It was briefly discussed here: > https://marc.info/?l=openbsd-tech=147682199311993=2 > which refers to http://mjg59.dreamwidth.org/29954.html Awesome, what a shitty OS-dependant firmware.
Re: asmc: restore keyboard backlight on resume
On 09/02/17(Thu) 18:41, joshua stein wrote:
> After resume, the keyboard backlight is still off, so restore it
> (this was also helpful to figure out the machine was actually
> resuming).
ok mpi@
I'm not sure if you choose DVACT_WAKEUP on purpose, another way of doing
it would be to do a task_add() in DVACT_RESUME. The difference is that
the resuming thread is not allowed to sleep in RESUME. At some point we
tried to keep the number of WAKEUP low, but I'm not sure if it is still
relevant today.
> Index: sys/dev/isa/asmc.c
> ===
> RCS file: /cvs/src/sys/dev/isa/asmc.c,v
> retrieving revision 1.30
> diff -u -p -u -p -r1.30 asmc.c
> --- sys/dev/isa/asmc.c22 Apr 2016 20:45:53 - 1.30
> +++ sys/dev/isa/asmc.c10 Feb 2017 00:40:15 -
> @@ -92,6 +92,7 @@ voidasmc_update(void *);
> int asmc_match(struct device *, void *, void *);
> void asmc_attach(struct device *, struct device *, void *);
> int asmc_detach(struct device *, int);
> +int asmc_activate(struct device *, int);
>
> /* wskbd hook functions */
> void asmc_backlight(void *);
> @@ -101,7 +102,7 @@ extern int (*wskbd_get_backlight)(struct
> extern int (*wskbd_set_backlight)(struct wskbd_backlight *);
>
> const struct cfattach asmc_ca = {
> - sizeof(struct asmc_softc), asmc_match, asmc_attach
> + sizeof(struct asmc_softc), asmc_match, asmc_attach, NULL, asmc_activate
> };
>
> struct cfdriver asmc_cd = {
> @@ -355,6 +356,20 @@ asmc_detach(struct device *self, int fla
>
> task_del(systq, >sc_task_backlight);
> asmc_try(sc, ASMC_WRITE, "LKSB", buf, 2);
> + return 0;
> +}
> +
> +int
> +asmc_activate(struct device *self, int act)
> +{
> + struct asmc_softc *sc = (struct asmc_softc *)self;
> +
> + switch (act) {
> + case DVACT_WAKEUP:
> + asmc_backlight(sc);
> + break;
> + }
> +
> return 0;
> }
>
>
Re: acpi: pretend to be Darwin on Apple hardware
On 09/02/17(Thu) 18:30, joshua stein wrote:
> When running on machines with a hw_vendor of "Apple Inc." or "Apple
> Computer, Inc.", only return 1 for an OSI check of "Darwin" and not
> the other Windows variants.
>
> Code in the AML of the MacBookAir7,1 (most likely all Macs) does
> much different things when running on Darwin systems, but the AML
> that checks for Darwin does this:
>
> OSYS = 0x07DC
> If (CondRefOf (\_OSI, Local0))
> {
> If (_OSI ("Darwin"))
> {
> OSYS = 0x2710
> }
>
> If (\_OSI ("Linux"))
> {
> OSYS = 0x03E8
> }
>
> If (\_OSI ("Windows 2009"))
> {
> OSYS = 0x07D9
> }
> [...]
>
> So we can't just add Darwin to aml_valid_osi.
I'm not sure to understand why we can't add Darwin, is it going to
break non Apple machines?
> Without this, my MacBook Air won't suspend properly (hangs calling
> _PTS) and a similar change in Linux from 2014 (commit
> 7bc5a2bad0b8d9d1ac9f7b8b33150e4ddf197334) notes that upon resume,
> the Thunderbolt ports won't be powered up without pretending to be
> Darwin.
>
> I tested this with a Thunderbolt ethernet device and it works
> properly before and after suspend. Hot-plugging the Thunderbolt
> ethernet device after boot no longer prints these messages:
>
> ppb5 at pci4 dev 0 function 0 vendor "Intel", unknown product 0x156b rev
> 0x00
> pci6 at ppb5 bus 6
> ppb6 at pci6 dev 0 function 0 vendor "Intel", unknown product 0x156b rev
> 0x00: not configured by system firmware
> ppb7 at pci6 dev 3 function 0 vendor "Intel", unknown product 0x156b rev
> 0x00: not configured by system firmware
> ppb8 at pci6 dev 4 function 0 vendor "Intel", unknown product 0x156b rev
> 0x00: not configured by system firmware
> ppb9 at pci6 dev 5 function 0 vendor "Intel", unknown product 0x156b rev
> 0x00: not configured by system firmware
> ppb10 at pci6 dev 6 function 0 vendor "Intel", unknown product 0x156b rev
> 0x00: not configured by system firmware
Diff looks sane to me.
> Index: sys/dev/acpi/dsdt.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v
> retrieving revision 1.230
> diff -u -p -u -p -r1.230 dsdt.c
> --- sys/dev/acpi/dsdt.c 14 Jan 2017 11:32:00 - 1.230
> +++ sys/dev/acpi/dsdt.c 10 Feb 2017 00:31:02 -
> @@ -106,6 +106,8 @@ void _aml_die(const char *fn, int
> line
> void aml_notify_task(void *, int);
> void acpi_poll_notify_task(void *, int);
>
> +extern char *hw_vendor;
> +
> /*
> * @@@: Global variables
> */
> @@ -1505,6 +1507,21 @@ aml_callosi(struct aml_scope *scope, str
> struct aml_value *fa;
>
> fa = aml_getstack(scope, AMLOP_ARG0);
> +
> + if (hw_vendor != NULL &&
> + (strcmp(hw_vendor, "Apple Inc.") == 0 ||
> + strcmp(hw_vendor, "Apple Computer, Inc.") == 0)) {
> + if (strcmp(fa->v_string, "Darwin") == 0) {
> + dnprintf(10,"osi: returning 1 for %s on %s hardware\n",
> + fa->v_string, hw_vendor);
> + result = 1;
> + } else
> + dnprintf(10,"osi: on %s hardware, but ignoring %s\n",
> + hw_vendor, fa->v_string);
> +
> + return aml_allocvalue(AML_OBJTYPE_INTEGER, result, NULL);
> + }
> +
> for (idx=0; !result && aml_valid_osi[idx] != NULL; idx++) {
> dnprintf(10,"osi: %s,%s\n", fa->v_string, aml_valid_osi[idx]);
> result = !strcmp(fa->v_string, aml_valid_osi[idx]);
>
Re: inteldrm: setup backlight pwm alternate increment on backlight enable
On 2017 Feb 10 (Fri) at 11:52:20 +1100 (+1100), Jonathan Gray wrote: :On Thu, Feb 09, 2017 at 06:39:13PM -0600, joshua stein wrote: :> I have no idea why there are chickens involved, but this fixes the :> problem on at least the MacBookAir7,1 (Broadwell) where upon S3 :> resume, the backlight value is treated as 0 or 100 despite reporting :> intermediate values, so if the backlight value was anything other :> than 100 at suspend time, the screen will stay off upon resume. : :Chicken bits are overrides for functions like clock gating, if it turns :out there is a hardware bug in a particular feature these bits are used :to disable them. : :This diff seems reasonable but it would be nice to get some tests :on non-apple broadwell hardware. : Tested on a broadwell Thinkpad x250, seems fine. Changed the brightness to 40%, then did a few suspend-resumes. dmesg: OpenBSD 6.0-current (GENERIC.MP) #21: Fri Feb 10 10:39:29 CET 2017 phess...@dante.txl.hsgate.de:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8277168128 (7893MB) avail mem = 8021643264 (7650MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xccbfd000 (64 entries) bios0: vendor LENOVO version "N10ET28W (1.05 )" date 01/23/2015 bios0: LENOVO 20CM001UGE acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA SSDT UEFI MSDM BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2594.33 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2594330400 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2593.99 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2593.99 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2593.99 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2,
Re: add empty /root/.ssh/authorized_keys to mtree/sets ?
On Fri, Feb 10, 2017 at 09:36:16AM +0100, Antoine Jacoutot wrote:
> On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> > On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > > Hi,
> > > > >
> > > > > when installing 'throwaway' VMs (manually, not always using
> > > > > autoinstall for
> > > > > $REASONS) i've often found myself having to do right after the
> > > > > install:
> > > > > install -d -m 700 /root/.ssh
> > > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > > /root/.ssh/authorized_keys, ymmv)
> > > > >
> > > > > those are present in /etc/skel for "real" users, so why not creating
> > > > > them for the root account ? install.sub also creates /mnt/root/.ssh
> > > > > when
> > > > > using autoinstall and giving an ssh pubkey, so that'll be one less
> > > > > step
> > > > > to do there.
> > > > >
> > > > > We advise ppl to set prohibit-password for PermitRootLogin, so why
> > > > > not make it
> > > > > easier to use it ? This ways, the correct modes are set.. i often
> > > > > fat-fingered
> > > > > this, to see sshd complaining (rightly!) about bad modes on
> > > > > .ssh/authorized_keys.
> > > >
> > > > Conceptually I'd like this going in.
> > >
> > > +1. (On "managed" systems I use root-owned authorized_keys in a system
> > > directory,
> > > but this doesn't get in the way, and it makes things easier on ad-hoc
> > > installed
> > > systems).
> >
> > Finally built a release with this, the empty file is created in
> > /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> > /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> > dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i
> > kept it
> > for consistency.
> > Hopefully more ppl can chime in and think of potential drawbacks this
> > diff exposes...
> >
> > Sets diff added too, modeled after what's done for
> > /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the
> > etc/
> > change.
>
> Can you add it to mtree/special please?
Sure ! Here's a new fuller diff touching files all around..
Index: etc/Makefile
===
RCS file: /cvs/src/etc/Makefile,v
retrieving revision 1.449
diff -u -r1.449 Makefile
--- etc/Makefile2 Feb 2017 21:35:05 - 1.449
+++ etc/Makefile10 Feb 2017 08:59:27 -
@@ -110,6 +110,8 @@
${DESTDIR}/root/.Xdefaults; \
${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
${DESTDIR}/root/.cvsrc; \
+ ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
+ ${DESTDIR}/root/.ssh/authorized_keys; \
rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
${DESTDIR}/.cshrc; \
Index: etc/mtree/4.4BSD.dist
===
RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
retrieving revision 1.293
diff -u -r1.293 4.4BSD.dist
--- etc/mtree/4.4BSD.dist 27 Dec 2016 09:17:52 - 1.293
+++ etc/mtree/4.4BSD.dist 10 Feb 2017 08:59:27 -
@@ -118,6 +118,8 @@
mnt
..
root mode=0700
+.ssh uname=root mode=0700
+..
..
sbin
..
Index: etc/mtree/special
===
RCS file: /cvs/src/etc/mtree/special,v
retrieving revision 1.122
diff -u -r1.122 special
--- etc/mtree/special 27 Dec 2016 09:17:52 - 1.122
+++ etc/mtree/special 10 Feb 2017 08:59:27 -
@@ -121,6 +121,9 @@
.login type=file mode=0644 uname=root gname=wheel
.profile type=file mode=0644 uname=root gname=wheel
.rhoststype=file mode=0600 uname=root gname=wheel optional
+.ssh type=dir mode=0700 uname=root gname=wheel
+.. #.ssh
+authorized_keystype=file mode=0600 uname=root gname=wheel
.. #root
sbin type=dir mode=0755 uname=root gname=wheel ignore
Index: distrib/miniroot/install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.969
diff -u -r1.969 install.sub
--- distrib/miniroot/install.sub8 Feb 2017 23:13:02 - 1.969
+++ distrib/miniroot/install.sub10 Feb 2017 08:59:27 -
@@ -2868,7 +2868,6 @@
# During autoinstall, add root user's public ssh key to authorized_keys.
[[ -n "$_rootkey" ]] && (
umask 077
- mkdir /mnt/root/.ssh
print -r -- "$_rootkey" >>/mnt/root/.ssh/authorized_keys
)
Index: distrib/sets/lists/base/mi
Re: add empty /root/.ssh/authorized_keys to mtree/sets ?
On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote:
> > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > Hi,
> > > >
> > > > when installing 'throwaway' VMs (manually, not always using autoinstall
> > > > for
> > > > $REASONS) i've often found myself having to do right after the install:
> > > > install -d -m 700 /root/.ssh
> > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > /root/.ssh/authorized_keys, ymmv)
> > > >
> > > > those are present in /etc/skel for "real" users, so why not creating
> > > > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > > > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > > > to do there.
> > > >
> > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not
> > > > make it
> > > > easier to use it ? This ways, the correct modes are set.. i often
> > > > fat-fingered
> > > > this, to see sshd complaining (rightly!) about bad modes on
> > > > .ssh/authorized_keys.
> > >
> > > Conceptually I'd like this going in.
> >
> > +1. (On "managed" systems I use root-owned authorized_keys in a system
> > directory,
> > but this doesn't get in the way, and it makes things easier on ad-hoc
> > installed
> > systems).
>
> Finally built a release with this, the empty file is created in
> /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept
> it
> for consistency.
> Hopefully more ppl can chime in and think of potential drawbacks this
> diff exposes...
>
> Sets diff added too, modeled after what's done for
> /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the etc/
> change.
Can you add it to mtree/special please?
> Landry
>
> Index: etc/Makefile
> ===
> RCS file: /cvs/src/etc/Makefile,v
> retrieving revision 1.449
> diff -u -r1.449 Makefile
> --- etc/Makefile 2 Feb 2017 21:35:05 - 1.449
> +++ etc/Makefile 9 Feb 2017 17:13:00 -
> @@ -110,6 +110,8 @@
> ${DESTDIR}/root/.Xdefaults; \
> ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \
> ${DESTDIR}/root/.cvsrc; \
> + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \
> + ${DESTDIR}/root/.ssh/authorized_keys; \
> rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \
> ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \
> ${DESTDIR}/.cshrc; \
> Index: etc/mtree/4.4BSD.dist
> ===
> RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v
> retrieving revision 1.293
> diff -u -r1.293 4.4BSD.dist
> --- etc/mtree/4.4BSD.dist 27 Dec 2016 09:17:52 - 1.293
> +++ etc/mtree/4.4BSD.dist 9 Feb 2017 17:13:00 -
> @@ -118,6 +118,8 @@
> mnt
> ..
> root mode=0700
> +.ssh uname=root mode=0700
> +..
> ..
> sbin
> ..
>
>
> Index: distrib/sets/lists/base/mi
> ===
> RCS file: /cvs/src/distrib/sets/lists/base/mi,v
> retrieving revision 1.820
> diff -u -r1.820 mi
> --- distrib/sets/lists/base/mi7 Feb 2017 21:32:48 - 1.820
> +++ distrib/sets/lists/base/mi9 Feb 2017 17:12:42 -
> @@ -232,6 +232,7 @@
> ./home
> ./mnt
> ./root
> +./root/.ssh
> ./sbin
> ./sbin/atactl
> ./sbin/badsect
> Index: distrib/sets/lists/etc/mi
> ===
> RCS file: /cvs/src/distrib/sets/lists/etc/mi,v
> retrieving revision 1.211
> diff -u -r1.211 mi
> --- distrib/sets/lists/etc/mi 1 Oct 2016 16:58:29 - 1.211
> +++ distrib/sets/lists/etc/mi 9 Feb 2017 17:12:42 -
> @@ -50,6 +50,7 @@
> ./root/.cvsrc
> ./root/.login
> ./root/.profile
> +./root/.ssh/authorized_keys
> ./var/crash/minfree
> ./var/cron/at.deny
> ./var/cron/cron.deny
>
--
Antoine
