Re: make get_last_resort_ifid() truely random

[Florian Obser]

anyone?

On Tue, Aug 15, 2017 at 09:31:26AM +, Florian Obser wrote:
> 
> Rename in6_get_rand_ifi() to get_last_resort_ifid() and delete the old
> get_last_resort_ifid() function because eww.
> Also if your system is so constraint that you end up in
> get_last_resort_ifid() you don't deserve a random ifid that stays
> stable over reboots.
> Simplify code a bit since get_ifid() can no longer fail.
> It couldn't fail before either because that code path was #if 0'ed.
> 
> OK?
> 
> diff --git netinet6/in6.h netinet6/in6.h
> index 0caae1f586a..d80bff21370 100644
> --- netinet6/in6.h
> +++ netinet6/in6.h
> @@ -418,7 +418,6 @@ void  in6_proto_cksum_out(struct mbuf *, struct ifnet 
> *);
>  int  in6_localaddr(struct in6_addr *);
>  int  in6_addrscope(struct in6_addr *);
>  struct   in6_ifaddr *in6_ifawithscope(struct ifnet *, struct in6_addr *, 
> u_int);
> -void in6_get_rand_ifid(struct ifnet *, struct in6_addr *);
>  int  in6_mask2len(struct in6_addr *, u_char *);
>  int  in6_nam2sin6(const struct mbuf *, struct sockaddr_in6 **);
>  
> diff --git netinet6/in6_ifattach.c netinet6/in6_ifattach.c
> index 89acde9c6a4..a8abf5fa695 100644
> --- netinet6/in6_ifattach.c
> +++ netinet6/in6_ifattach.c
> @@ -56,9 +56,9 @@
>  #include 
>  #endif
>  
> -int get_last_resort_ifid(struct ifnet *, struct in6_addr *);
> +void get_last_resort_ifid(struct ifnet *, struct in6_addr *);
>  int get_hw_ifid(struct ifnet *, struct in6_addr *);
> -int get_ifid(struct ifnet *, struct in6_addr *);
> +void get_ifid(struct ifnet *, struct in6_addr *);
>  int in6_ifattach_loopback(struct ifnet *);
>  
>  #define EUI64_GBIT   0x01
> @@ -72,52 +72,13 @@ int in6_ifattach_loopback(struct ifnet *);
>  #define IFID_LOCAL(in6)  (!EUI64_LOCAL(in6))
>  #define IFID_UNIVERSAL(in6)  (!EUI64_UNIVERSAL(in6))
>  
> -/*
> - * Generate a last-resort interface identifier, when the machine has no
> - * IEEE802/EUI64 address sources.
> - * The goal here is to get an interface identifier that is
> - * (1) random enough and (2) does not change across reboot.
> - * We currently use SHA512(hostname) for it.
> - *
> - * in6 - upper 64bits are preserved
> - */
> -int
> -get_last_resort_ifid(struct ifnet *ifp, struct in6_addr *in6)
> -{
> - SHA2_CTX ctx;
> - u_int8_t digest[SHA512_DIGEST_LENGTH];
> -
> -#if 0
> - /* we need at least several letters as seed for ifid */
> - if (hostnamelen < 3)
> - return -1;
> -#endif
> -
> - /* generate 8 bytes of pseudo-random value. */
> - SHA512Init();
> - SHA512Update(, hostname, hostnamelen);
> - SHA512Final(digest, );
> -
> - /* assumes sizeof(digest) > sizeof(ifid) */
> - bcopy(digest, >s6_addr[8], 8);
> -
> - /* make sure to set "u" bit to local, and "g" bit to individual. */
> - in6->s6_addr[8] &= ~EUI64_GBIT; /* g bit to "individual" */
> - in6->s6_addr[8] |= EUI64_UBIT;  /* u bit to "local" */
> -
> - /* convert EUI64 into IPv6 interface identifier */
> - EUI64_TO_IFID(in6);
> -
> - return 0;
> -}
> -
>  /*
>   * Generate a random interface identifier.
>   *
>   * in6 - upper 64bits are preserved
>   */
>  void
> -in6_get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6)
> +get_last_resort_ifid(struct ifnet *ifp, struct in6_addr *in6)
>  {
>   arc4random_buf(>s6_addr32[2], 8);
>  
> @@ -235,7 +196,7 @@ get_hw_ifid(struct ifnet *ifp, struct in6_addr *in6)
>   * available on ifp0, borrow interface identifier from other information
>   * sources.
>   */
> -int
> +void
>  get_ifid(struct ifnet *ifp0, struct in6_addr *in6)
>  {
>   struct ifnet *ifp;
> @@ -267,22 +228,15 @@ get_ifid(struct ifnet *ifp0, struct in6_addr *in6)
>   }
>  
>   /* last resort: get from random number source */
> - if (get_last_resort_ifid(ifp, in6) == 0) {
> - nd6log((LOG_DEBUG,
> - "%s: interface identifier generated by random number\n",
> - ifp0->if_xname));
> - goto success;
> - }
> -
> - printf("%s: failed to get interface identifier\n", ifp0->if_xname);
> - return -1;
> -
> + get_last_resort_ifid(ifp, in6);
> + nd6log((LOG_DEBUG,
> + "%s: interface identifier generated by random number\n",
> + ifp0->if_xname));
>  success:
>   nd6log((LOG_INFO, "%s: ifid: %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
>   ifp0->if_xname, in6->s6_addr[8], in6->s6_addr[9], in6->s6_addr[10],
>   in6->s6_addr[11], in6->s6_addr[12], in6->s6_addr[13],
>   in6->s6_addr[14], in6->s6_addr[15]));
> - return 0;
>  }
>  
>  /*
> @@ -318,13 +272,8 @@ in6_ifattach_linklocal(struct ifnet *ifp, struct 
> in6_addr *ifid)
>   ifra.ifra_addr.sin6_addr.s6_addr32[1] = 0;
>   ifra.ifra_addr.sin6_addr.s6_addr[8] &= ~EUI64_GBIT;
>   ifra.ifra_addr.sin6_addr.s6_addr[8] |= EUI64_UBIT;
> - } else {
> - if (get_ifid(ifp, _addr.sin6_addr) != 0) {
> - nd6log((LOG_ERR,
> -

[PATCH 1/2] libcrypto: make ASN1_time_tm_clamp_notafter public

[Kyle J. McKay]

The ASN1_time_tm_clamp_notafter function does nothing except when
the portable-only SMALL_TIME_T define has been enabled.

However, the SMALL_TIME_T functionality also needs to be accessed
by the libtls tls_get_peer_cert_times function in order for the
portable build of libtls to also support SMALL_TIME_T.

Therefore make the ASN1_time_tm_clamp_notafter function a public
external rather than a private symbol.

Signed-off-by: Kyle J. McKay 

---
 lib/libcrypto/Symbols.list | 1 +
 lib/libcrypto/asn1/asn1.h  | 1 +
 lib/libcrypto/asn1/asn1_locl.h | 2 --
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 2b8557b1..94442cc5 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -214,6 +214,7 @@ ASN1_template_free
 ASN1_template_i2d
 ASN1_template_new
 ASN1_time_parse
+ASN1_time_tm_clamp_notafter
 ASN1_time_tm_cmp
 ASN1_unpack_string
 AUTHORITY_INFO_ACCESS_free
diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h
index da16d5c5..fe9a6c5d 100644
--- a/lib/libcrypto/asn1/asn1.h
+++ b/lib/libcrypto/asn1/asn1.h
@@ -1454,6 +1454,7 @@ void ERR_load_ASN1_strings(void);
 
 int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int 
_mode);
 int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2);
+int ASN1_time_tm_clamp_notafter(struct tm *tm);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libcrypto/asn1/asn1_locl.h b/lib/libcrypto/asn1/asn1_locl.h
index 68f71dfc..c05eb3b9 100644
--- a/lib/libcrypto/asn1/asn1_locl.h
+++ b/lib/libcrypto/asn1/asn1_locl.h
@@ -152,6 +152,4 @@ struct x509_crl_method_st {
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
 
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
-
 __END_HIDDEN_DECLS

-- 

[PATCH 2/2] tls_conninfo.c: use ASN1_time_tm_clamp_notafter

[Kyle J. McKay]

The tls_get_peer_cert_times function returns a certificate's notAfter
date as a time_t value.

Make use of the ASN1_time_tm_clamp_notafter function so that when
SMALL_TIME_T has been defined for a portable build tls_get_peer_cert_times
does not fail when it would otherwise succeed.

Signed-off-by: Kyle J. McKay 

---
 lib/libtls/tls_conninfo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index 87660fa9..c8ee4f0f 100644
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -123,7 +123,8 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
goto err;
if ((*notbefore = timegm(_tm)) == -1)
goto err;
-   if ((*notafter = timegm(_tm)) == -1)
+   if (!ASN1_time_tm_clamp_notafter(_tm) ||
+   (*notafter = timegm(_tm)) == -1)
goto err;
 
return (0);

-- 

[PATCH 0/2] SMALL_TIME_T follow-ups (was Re: [PATCH] allow notAfter after 2038 with 32-bit time_t)

[Kyle J. McKay]

Thank you.

I have applied the change to the latest LibreSSL portable tarball and  
tested it.

With the new define (SMALL_TIME_T) enabled, a 32-bit time_t build  
using "openssl s_client -connect" can successfully connect to a server  
and verify its certificate chain when one or more notAfter dates after  
2038 are present.

However, using "nc -c" fails to connect to the same server.

The reason being that libtls also needs to clamp the notAfter date.

Unfortunately the new ASN1_time_tm_clamp_notafter symbol is not public  
and is located in libcrypto which makes it unavailable to libtls.

Seems to me there are two approaches:

1) duplicate the ASN1_time_tm_clamp_notafter function in libtls

2) make the symbol public to avoid duplicating code and potentially  
creating an out-of-sync/maintenance problem

The two patches in this series take approach (2).  The first makes  
ASN1_time_tm_clamp_notafter public and the second calls it from the  
appropriate place in libtls.

A 32-bit time_t build including these two additional patches (and with  
SMALL_TIME_T defined) successfully connects using "nc -c" to servers  
with one or more notAfter dates after 2038.

These patches are submitted under the standard OpenBSD license.

--Kyle

On Aug 13, 2017, at 14:26, Bob Beck wrote:

> https://github.com/openbsd/src/commit/b943944faeecf3a978bf3f57df1b35335ffecbec
>
> On Sun, Aug 13, 2017 at 1:56 PM, Bob Beck  wrote:
>
>>
>> So. To summarize my take on this
>>
>> If you're still running OSX 9, I think you like peril.. for lots of
>> reasons.. Running OpenSSL is probably the least of your perils.
>>
>> Sadly, Linux Raspberry PI sucks, because 32 bit Linux still hasn't  
>> dealt
>> with this.
>>
>> RFC 5280 section 4.1.2.5 guarantees you may see these.
>>
>> So in the interest of allowing 32 bit linux to use LibreSSL, I've  
>> just
>> committed a change to that portable
>> can make use of.
>>
>> We will allow portable to clamp he notAfter field in a certificate  
>> to the
>> largest represntable 32 bit time
>> if a notafter field from a certificate is larger than that value.   
>> We do
>> not clamp any other times
>> in any other places (a larger than 32 bit notBefore, for example,  
>> would
>> continue to be not accepted.
>>
>> This will alllow RFC 5280 4.1.2.5 compliant certs, and certs with  
>> notAfter
>> dates after 2038 to
>> be accepted as if the notAfter date was 03:14:08 UTC on Tuesday, 19
>> January 2038.

Re: time(1): perror(3) -> err(3) and friends

[Scott Cheloha]

Few weeks bump.

Any feedback on this fabulous Scott Cheloha/ingo@ collaboration?

Slightly re-tweaked patch below; while here:

kill(getpid(), sig) -> raise(sig)

I didn't even know there was a raise(3) function until this weekend,
they really did think of everything.

--
Scott Cheloha

Index: time.c
===
RCS file: /cvs/src/usr.bin/time/time.c,v
retrieving revision 1.24
diff -u -p -r1.24 time.c
--- time.c  22 Jul 2017 17:01:09 -  1.24
+++ time.c  20 Aug 2017 22:12:39 -
@@ -67,7 +67,6 @@ main(int argc, char *argv[])
break;
default:
usage();
-   /* NOTREACHED */
}
}
 
@@ -80,14 +79,12 @@ main(int argc, char *argv[])
clock_gettime(CLOCK_MONOTONIC, );
switch(pid = vfork()) {
case -1:/* error */
-   perror("time");
-   exit(1);
-   /* NOTREACHED */
+   warn("fork");
+   return 1;
case 0: /* child */
execvp(*argv, argv);
-   perror(*argv);
+   warn("%s", *argv);
_exit((errno == ENOENT) ? 127 : 126);
-   /* NOTREACHED */
}
 
/* parent */
@@ -168,11 +165,11 @@ main(int argc, char *argv[])
 
if (exitonsig) {
if (signal(exitonsig, SIG_DFL) == SIG_ERR)
-   perror("signal");
+   return 128 + exitonsig;
else
-   kill(getpid(), exitonsig);
+   raise(exitonsig);
}
-   exit(WIFEXITED(status) ? WEXITSTATUS(status) : EXIT_FAILURE);
+   return WIFEXITED(status) ? WEXITSTATUS(status) : EXIT_FAILURE;
 }
 
 __dead void

Re: include pine64 firmware in install media

[Artturi Alm]

On Sun, Aug 20, 2017 at 12:24:20AM +1000, Jonathan Gray wrote:
> With the atf-allwinner port and u-boot patch on ports@ we can now build
> and include an open firmware for the Pine64 without boot0.
> 
> The arm64 snapshot for the 19th of August includes an older version of
> this patch which scanned the dmesg for *'Pine64+'* in the dmesg.
> 
> U-Boot actually includes device trees for both
> sun50i-a64-pine64.dtb and sun50i-a64-pine64-plus.dtb in this image so
> this has been changed to just *'Pine64'*.
> 
> So while all variants should boot the miniroot only the 1GB/2GB Pine64+
> systems will install U-Boot from the ramdisk in the current snapshot.
> 
> I don't have a Pine64, looking for testers.

Hi,

my board was -plus afterall, and i was unable to get through the build
for regular GENERIC w/o panics,
so i didn't yet even try the RAMDISK w/your patch,
but since i see you've got correct offsets there,
i doubt it has issues besides missing .dtb copy on pine64?

-Artturi

> 
> Index: arm64/miniroot/Makefile
> ===
> RCS file: /cvs/src/distrib/arm64/miniroot/Makefile,v
> retrieving revision 1.4
> diff -u -p -r1.4 Makefile
> --- arm64/miniroot/Makefile   7 May 2017 12:00:12 -   1.4
> +++ arm64/miniroot/Makefile   19 Aug 2017 14:15:08 -
> @@ -65,6 +65,8 @@ do_files:
>   cp /usr/mdec/BOOTAA64.EFI ${MOUNT_POINT}/efi/boot/bootaa64.efi
>   echo bootaa64.efi > ${MOUNT_POINT}/efi/boot/startup.nsh
>   echo 
> 'arm_control=0x200\nenable_uart=1\ndevice_tree_address=0x100\nkernel=u-boot.bin'
>  > ${MOUNT_POINT}/config.txt
> + dd if=${PUBOOT}/pine64_plus/u-boot-sunxi-with-spl.bin \
> + of=${VND_CDEV} bs=1024 seek=8
>  
>  rd_setup:
>   dd if=/dev/zero of=${IMAGE} bs=512 count=${NBLKS}
> Index: arm64/ramdisk/Makefile
> ===
> RCS file: /cvs/src/distrib/arm64/ramdisk/Makefile,v
> retrieving revision 1.2
> diff -u -p -r1.2 Makefile
> --- arm64/ramdisk/Makefile18 Feb 2017 02:01:53 -  1.2
> +++ arm64/ramdisk/Makefile19 Aug 2017 14:15:08 -
> @@ -18,6 +18,7 @@ DISKTYPE=   rdroot
>  MAKEFSARGS_RD=   -o disklabel=${DISKTYPE},minfree=0,density=4096
>  
>  DIRS=\
> + pine64 \
>   rpi
>  
>  .ifndef DESTDIR
> Index: arm64/ramdisk/install.md
> ===
> RCS file: /cvs/src/distrib/arm64/ramdisk/install.md,v
> retrieving revision 1.6
> diff -u -p -r1.6 install.md
> --- arm64/ramdisk/install.md  28 Jul 2017 18:15:44 -  1.6
> +++ arm64/ramdisk/install.md  19 Aug 2017 14:15:08 -
> @@ -38,23 +38,36 @@ MOUNT_ARGS_msdos="-o-l"
>  md_installboot() {
>   local _disk=/dev/$1 _mdec _plat
>  
> + # Identify platform based on dmesg.
> + case $(scan_dmesg 's/^mainbus0 at root: \(.*\)$/\1/p') in
> + *'Pine64'*) _plat=pine64;;
> + *'Raspberry Pi'*)   _plat=rpi;;
> + esac
> +
>   # Mount MSDOS partition, extract U-Boot and copy UEFI boot program
>   mount ${MOUNT_ARGS_msdos} ${_disk}i /mnt/mnt
>   mkdir -p /mnt/mnt/efi/boot
>   cp /mnt/usr/mdec/BOOTAA64.EFI /mnt/mnt/efi/boot/bootaa64.efi
>   echo bootaa64.efi > /mnt/mnt/efi/boot/startup.nsh
>  
> - _plat=rpi
>   _mdec=/usr/mdec/$_plat
>  
> - cp $_mdec/{bootcode.bin,start.elf,fixup.dat,*.dtb} /mnt/mnt/
> - cp $_mdec/u-boot.bin /mnt/mnt/
> - cat > /mnt/mnt/config.txt<<-__EOT
> - arm_control=0x200
> - enable_uart=1
> - device_tree_address=0x100
> - kernel=u-boot.bin
> - __EOT
> + case $_plat in
> + pine64)
> + dd if=$_mdec/u-boot-sunxi-with-spl.bin of=${_disk}c \
> + bs=1024 seek=8 >/dev/null 2>&1
> + ;;
> + rpi)
> + cp $_mdec/{bootcode.bin,start.elf,fixup.dat,*.dtb} /mnt/mnt/
> + cp $_mdec/u-boot.bin /mnt/mnt/
> + cat > /mnt/mnt/config.txt<<-__EOT
> + arm_control=0x200
> + enable_uart=1
> + device_tree_address=0x100
> + kernel=u-boot.bin
> + __EOT
> + ;;
> + esac
>  }
>  
>  md_prep_fdisk() {
> Index: arm64/ramdisk/list
> ===
> RCS file: /cvs/src/distrib/arm64/ramdisk/list,v
> retrieving revision 1.4
> diff -u -p -r1.4 list
> --- arm64/ramdisk/list8 Jul 2017 15:42:46 -   1.4
> +++ arm64/ramdisk/list19 Aug 2017 14:15:08 -
> @@ -124,4 +124,6 @@ COPY  /usr/local/share/raspberrypi-firmwa
>  COPY /usr/local/share/raspberrypi-firmware/boot/fixup.dat 
> usr/mdec/rpi/fixup.dat
>  COPY /usr/local/share/u-boot/rpi_3/u-boot.bin usr/mdec/rpi/u-boot.bin
>  
> +COPY /usr/local/share/u-boot/pine64_plus/u-boot-sunxi-with-spl.bin 
> usr/mdec/pine64/u-boot-sunxi-with-spl.bin
> +
>  TZ
> 

move identical dwctwo_cd's from under arch/.../ into dev/usb/dwc2/dwc2.c

[Artturi Alm]

Hi,

i think i saw this done similarly in some other driver, and thought why not,
but i'm unsure about the needs-flag in files.x?

-Artturi

diff --git a/sys/arch/arm64/dev/bcm2835_dwctwo.c 
b/sys/arch/arm64/dev/bcm2835_dwctwo.c
index d6cfe61fd2a..9242e9ea65e 100644
--- a/sys/arch/arm64/dev/bcm2835_dwctwo.c
+++ b/sys/arch/arm64/dev/bcm2835_dwctwo.c
@@ -52,10 +52,6 @@ const struct cfattach bcmdwctwo_ca = {
sizeof(struct bcm_dwctwo_softc), bcm_dwctwo_match, bcm_dwctwo_attach,
 };
 
-struct cfdriver dwctwo_cd = {
-   NULL, "dwctwo", DV_DULL
-};
-
 static struct dwc2_core_params bcm_dwctwo_params = {
.otg_cap= 0,/* HNP/SRP capable */
.otg_ver= 0,/* 1.3 */
diff --git a/sys/arch/armv7/broadcom/bcm2835_dwctwo.c 
b/sys/arch/armv7/broadcom/bcm2835_dwctwo.c
index e49a5283cc5..34cb7728a4f 100644
--- a/sys/arch/armv7/broadcom/bcm2835_dwctwo.c
+++ b/sys/arch/armv7/broadcom/bcm2835_dwctwo.c
@@ -55,10 +55,6 @@ const struct cfattach bcmdwctwo_ca = {
sizeof(struct bcm_dwctwo_softc), bcm_dwctwo_match, bcm_dwctwo_attach,
 };
 
-struct cfdriver dwctwo_cd = {
-   NULL, "dwctwo", DV_DULL
-};
-
 static struct dwc2_core_params bcm_dwctwo_params = {
.otg_cap= 0,/* HNP/SRP capable */
.otg_ver= 0,/* 1.3 */
diff --git a/sys/arch/octeon/dev/octdwctwo.c b/sys/arch/octeon/dev/octdwctwo.c
index cf8b797c4ff..144987b9309 100644
--- a/sys/arch/octeon/dev/octdwctwo.c
+++ b/sys/arch/octeon/dev/octdwctwo.c
@@ -69,10 +69,6 @@ const struct cfattach octdwctwo_ca = {
sizeof(struct octdwctwo_softc), octdwctwo_match, octdwctwo_attach,
 };
 
-struct cfdriver dwctwo_cd = {
-   NULL, "dwctwo", DV_DULL
-};
-
 static struct dwc2_core_params octdwctwo_params = {
.otg_cap = 2,
.otg_ver = 0,
diff --git a/sys/dev/usb/dwc2/dwc2.c b/sys/dev/usb/dwc2/dwc2.c
index 1c0ccba0e25..879b9d01a82 100644
--- a/sys/dev/usb/dwc2/dwc2.c
+++ b/sys/dev/usb/dwc2/dwc2.c
@@ -163,6 +163,10 @@ dwc2_free_bus_bandwidth(struct dwc2_hsotg *hsotg, u16 bw,
 {
 }
 
+struct cfdriver dwctwo_cd = {
+   NULL, "dwctwo", DV_DULL
+};
+
 #define DWC2_INTR_ENDPT 1
 
 STATIC struct usbd_bus_methods dwc2_bus_methods = {

Re: kernel relinking depending on ctfstrip

[Theo de Raadt]

> Does it make sense to move ctfstrip and ctfconv to base?

Yes, they should be in base.

Re: kernel relinking depending on ctfstrip

[Björn Ketelaars]

On Sun 20/08/2017 14:20, Björn Ketelaars wrote:
> I just upgraded my machine to a newer snapshot. Unfortunately the kernel
> relinking bit failed. Root cause is that strip has been replaced by ctfstrip,
> which is part of the comp set, which I have not installed.
> 
> The exact same thing happened when strip was part of the comp set. Solution
> then was that strip was thrown in base [0].
> 
> Does it make sense to move ctfstrip and ctfconv to base?
> 
> [0]
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi?rev=1.847=text/x-cvsweb-markup
> 

I forgot about objcopy, which is also use by ctfstrip. New diff.


diff --git distrib/sets/lists/base/md.alpha distrib/sets/lists/base/md.alpha
index e99541e063f..e6d18ed71c2 100644
--- distrib/sets/lists/base/md.alpha
+++ distrib/sets/lists/base/md.alpha
@@ -61,6 +61,7 @@
 ./sbin/kbd
 ./sbin/mount_ntfs
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.amd64 distrib/sets/lists/base/md.amd64
index 22ba5bcf5f5..035d75553df 100644
--- distrib/sets/lists/base/md.amd64
+++ distrib/sets/lists/base/md.amd64
@@ -66,6 +66,7 @@
 ./sbin/kbd
 ./sbin/mount_ntfs
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/bin/pctr
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
diff --git distrib/sets/lists/base/md.arm64 distrib/sets/lists/base/md.arm64
index 76d487c34d7..04f6662ddc1 100644
--- distrib/sets/lists/base/md.arm64
+++ distrib/sets/lists/base/md.arm64
@@ -29,6 +29,7 @@
 ./etc/firmware/zd1211b
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.armv7 distrib/sets/lists/base/md.armv7
index f4b6f7d..e53c7909275 100644
--- distrib/sets/lists/base/md.armv7
+++ distrib/sets/lists/base/md.armv7
@@ -29,6 +29,7 @@
 ./etc/firmware/zd1211b
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.hppa distrib/sets/lists/base/md.hppa
index ccdca21a99e..05cd23b760d 100644
--- distrib/sets/lists/base/md.hppa
+++ distrib/sets/lists/base/md.hppa
@@ -63,6 +63,7 @@
 ./etc/firmware/zd1211b
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.i386 distrib/sets/lists/base/md.i386
index b223174485b..7ab7798e78a 100644
--- distrib/sets/lists/base/md.i386
+++ distrib/sets/lists/base/md.i386
@@ -68,6 +68,7 @@
 ./sbin/kbd
 ./sbin/mount_ntfs
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/bin/pctr
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
diff --git distrib/sets/lists/base/md.landisk distrib/sets/lists/base/md.landisk
index 3999d2d8eac..15d36fbcfc2 100644
--- distrib/sets/lists/base/md.landisk
+++ distrib/sets/lists/base/md.landisk
@@ -29,6 +29,7 @@
 ./etc/firmware/zd1211b
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.loongson 
distrib/sets/lists/base/md.loongson
index 520f420b88b..6c1b8dcfd30 100644
--- distrib/sets/lists/base/md.loongson
+++ distrib/sets/lists/base/md.loongson
@@ -34,6 +34,7 @@
 ./etc/firmware/zd1211b
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.luna88k distrib/sets/lists/base/md.luna88k
index 8416386f3cf..2712353cb31 100644
--- distrib/sets/lists/base/md.luna88k
+++ distrib/sets/lists/base/md.luna88k
@@ -1,6 +1,7 @@
 ./etc/examples/wsconsctl.conf
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.macppc distrib/sets/lists/base/md.macppc
index abca7e80bb3..81f1fc9399a 100644
--- distrib/sets/lists/base/md.macppc
+++ distrib/sets/lists/base/md.macppc
@@ -64,6 +64,7 @@
 ./sbin/kbd
 ./sbin/pdisk
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.octeon distrib/sets/lists/base/md.octeon
index 6200a23eac9..3bba5606695 100644
--- distrib/sets/lists/base/md.octeon
+++ distrib/sets/lists/base/md.octeon
@@ -32,6 +32,7 @@
 ./etc/firmware/zd1211
 ./etc/firmware/zd1211-license
 ./etc/firmware/zd1211b
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.sgi distrib/sets/lists/base/md.sgi
index 0b9bfc0b7e7..08b9f746dbf 100644
--- distrib/sets/lists/base/md.sgi
+++ distrib/sets/lists/base/md.sgi
@@ -63,6 +63,7 @@
 ./etc/firmware/zd1211b
 ./sbin/kbd
 ./sbin/wsconsctl
+./usr/bin/objcopy
 ./usr/lib/crtbegin.o
 ./usr/lib/crtbeginS.o
 ./usr/lib/crtend.o
diff --git distrib/sets/lists/base/md.socppc distrib/sets/lists/base/md.socppc
index 2427b99604a..d15d32a322a 100644
--- distrib/sets/lists/base/md.socppc
+++ distrib/sets/lists/base/md.socppc
@@ -57,6 

kernel relinking depending on ctfstrip

[Björn Ketelaars]

I just upgraded my machine to a newer snapshot. Unfortunately the kernel
relinking bit failed. Root cause is that strip has been replaced by ctfstrip,
which is part of the comp set, which I have not installed.

The exact same thing happened when strip was part of the comp set. Solution
then was that strip was thrown in base [0].

Does it make sense to move ctfstrip and ctfconv to base?

[0]
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi?rev=1.847=text/x-cvsweb-markup

-- 
Björn Ketelaars
GPG key: 0x4F0E5F21


diff --git distrib/sets/lists/base/mi distrib/sets/lists/base/mi
index f83e9efdb24..d34e68df431 100644
--- distrib/sets/lists/base/mi
+++ distrib/sets/lists/base/mi
@@ -353,6 +353,8 @@
 ./usr/bin/crontab
 ./usr/bin/csplit
 ./usr/bin/ctags
+./usr/bin/ctfconv
+./usr/bin/ctfstrip
 ./usr/bin/cu
 ./usr/bin/cut
 ./usr/bin/cvs
diff --git distrib/sets/lists/comp/mi distrib/sets/lists/comp/mi
index 819e4df1d1b..cf5323bfaba 100644
--- distrib/sets/lists/comp/mi
+++ distrib/sets/lists/comp/mi
@@ -2,9 +2,7 @@
 ./usr/bin/c++
 ./usr/bin/c++filt
 ./usr/bin/cpp
-./usr/bin/ctfconv
 ./usr/bin/ctfdump
-./usr/bin/ctfstrip
 ./usr/bin/flex
 ./usr/bin/flex++
 ./usr/bin/gprof