webserver with PHP support
Hello list, tell me please what's the difference between /usr/pkg/libexec/cgi-bin/php and /usr/pkg/bin/php I mean that this works: /usr/libexec/httpd -b -U nobody -C .php /usr/pkg/libexec/cgi-bin/php /var/www/ and this does not: /usr/libexec/httpd -b -U nobody -C .php /usr/pkg/bin/php /var/www/ -- best regards, Alexey https://alexeyka.zantsev.com/
Re: nice program to make sound
El 23 de abril de 2024 15:01:43 CEST, Todd Gruhn escribió: >I did: > > vlc file:///file.mp3 --play-and-exit > >I works -- but I dont want the GUI on the screen. > >Is there another program to do this? cvlc perhaps?
Re: need your advice before new Raspberry Pi purchase
Hello, My RPi4 arrived yesterday and everything worked and booted fine from the 128 GB SD using UEFI. Network was working fine also through ethernet without configuring anything. 3GB limit disabled. Today I will continue configuring the OS. The only nasty thing was that SD card reader in my NUC8i7 did not work in NetBSD and needed to flash it under Linux. I think I will buy a card reader for the next time. Should I fill a bug report? Thanks guys! Regards. Ramiro. El 22 de abril de 2024 22:16:09 CEST, Ramiro Aceves escribió: > > >El 22/4/24 a las 20:09, John Klos escribió: >> Hi, >> >>> Cause lighttpd was familar to me, I have used it under raspbian and Debian. Lighttpd Web server, home minidlna film server. >> >> If your usage is simple, then bozohttpd's setup will be very simple. For >> instance, my setup is just four lines in /etc/inetd.conf (two each for IPv4 >> and IPv6 http, and two for https). >> >> I'm interested in minidlna. Currently I can send web links to mp4 files and >> people know how to Airplay them to their TVs, but I'd love to be able to set >> up a simple media server that'd let people browse their media straight from >> their TVs. >> >> BTW - here's my Raspberry Pi 4 server: >> >> https://www.reddit.com/r/raspberry_pi/comments/w3yaes/my_updated_1u_raspberry_pi_4_server/ > >Oh, beautiful 1U server, well done! > >Minidlna seems simple to configure. I have only used it to serve films for my >wife and daughter at home, nothing exotic. > >About bozohttpd. I use lighttpd for very simple experimental WEB pages using >https, PHP and digest auth sha256 authentication. I think that bozohttpd >server only support basic authentication: > > HTTP BASIC AUTHORIZATION > bozohttpd has support for HTTP Basic Authorization. If a file named > .htpasswd exists in the directory of the current request, bozohttpd will > restrict access to documents in that directory using the RFC 2617 HTTP > "Basic" authentication scheme. > > Note: This does not recursively protect any sub-directories. > >I have to experiment. > >Thanks so much. >Ramiro. > > > > > >> >> John
Re: RPi 4b Wifi Device
Hello Thomas, I do not know what happens and if this has something to do or not. I have seen this advice in pftf/RPi4 in GitHub: Note: Booting from USB or from ESP requires a recent-enough version of the Pi EEPROM (as well as a recent version of the UEFI firmware). If you are using the latest UEFI firmware and find that booting from USB or from ESP doesn't work, please visit https://github.com/raspberrypi/rpi-eeprom/releases to update your EEPROM. My RPi4 arrived yesterday and everything worked and booted from the SD using UEFI. Regards. Ramiro. El 23 de abril de 2024 22:12:47 CEST, "Thomas D. Dean" escribió: >On 4/23/24 08:54, Justin Parrott wrote: >> this is what i was talking about, i don't like booting an sbc from stick >> >> even if you can hit disk >> >> can net run on sbc? >> > >I can boot NetBSD 10 on an RPi 4b from an SD card . It seems to run fine. >Seems lots faster than RPi OS booted from the same type SD card. > >I can > 1. access the network > 2. ssh into the RPi > 3. build applications >on a RPi 4B running NetBSD 10 booted from an SD card. > >What I can not do is get the RPi 4b to boot NetBSD from a USB-3 flash drive. > >I can get the RPi 4b to boot RPi OS from the USB-3 flask drive. > >Tom Dean
Re: Mail delivery from Postfix to remote IMAP
Greg A. Woods wrote in : |At Tue, 23 Apr 2024 01:41:11 +0200, Steffen Nurpmeso \ |wrote: |Subject: Re: Mail delivery from Postfix to remote IMAP |> |> SPF should never have been introduced | |I agree _VERY_ much! It still does absolutely nothing to reduce SMTP |abuse or increase trust in any way whatsoever. Well -- there are people which disagree; and they seem to matter. I personally think the RFC as such is a true masterpiece, in my eyes (fwiw). A lot of thought and energy where used, to think the concept "to the last leaf" that noone normally uses. And if you have (a) fixed IP(s), and all that, then SPF can secure one hop. And if you are an organizational unit like some *bsd.org, or a university, or cpan.org, or any such, you can setup SRS or create permanent pseudo addresses the way dmarc.ietf.org does it, and rewrite the emails. Likewise any DKIM-will-be-broken thing can do the same "(temporary) shadow address)" when receiver DNS entries notify that this will cause trouble (aka DMARC etc). But i always say that all for one has to be done, increases the complexity massively, and that is surely one reason why so many little ones just give up. I say email should be easy. Reality is that most infrastructure do not do any of the above, and so basic concepts of email, like "simple forwarding by alias", or "mailing lists" "fail badly". Anyhow i used SPF from 2015 to 2024, i had "-all" and that seemed to be a good thing, until last year suddenly an email reply to an address behind a FreeBSD.org caused a bounce, and their postmaster just said it "works as designed" i think were his words. So i changed it to "~all" due to that, but what is a SPF record with "~all" worth? i said. So i said i write a DKIM signed, and have a cryptographically verifiable host-specific signature, and i give a shit how many hops or which mystic ways the emails take, as long as they end up where they should, and throw away the SPF DNS entry. Unfortunately the entire ecosystem is at least "from bug to fix", but sometimes all the time, grazy, and penaltizes messages without the glorified SPF, or with a message ID which contains the sender address plain, or which contains a Received: header with an "invalid IP" (even though that was inside a VPN and a follow-up Received: had the same domain name with one sub- lesser), and all that. I personally always (now) say that i do not understand any of that, i would go for only DKIM, and slightly redesign it (as already mentioned). You know, a TLS connection does not even establish, likewise SSH, why should email be any different given that the tool is there. And throw away all the others. The only thing is that the host key could be stolen, but effectively that has the same risk as any web- or mail- or etc server that uses server certificates; at times where most servers live in virtual boxes (somewhere in the clowd) total trust to the virtual (clowd) providers is anyway necessary, already. This still breaks mailing-lists then, at least those which modify the (covered) message (parts). There is no way out of that (i totally reject ARC), but if the mailing-list verifies DKIM, and creates a DKIM signature itself, i imagine, that is, email programs could offer the possibility to "trust this". Effectively the mailing-list creates a new message, then. It will produce the ugly "x via y" From:, or go the IETF "dmarc".ietf.org "pseudo subscriber address" way. Anyway that is my opinion. Throw away all this tremendously bloated infrastructure and keep only DKIM. SPF with the "~all" that a normal person needs who could possibly contact an alias that will then fail is a mess, that much is plain. By the way in practice most of the email spam i receive comes via Google, and these have all the weapons in place. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: RPi 4b Wifi Device
On 4/23/24 08:54, Justin Parrott wrote: this is what i was talking about, i don't like booting an sbc from stick even if you can hit disk can net run on sbc? I can boot NetBSD 10 on an RPi 4b from an SD card . It seems to run fine. Seems lots faster than RPi OS booted from the same type SD card. I can 1. access the network 2. ssh into the RPi 3. build applications on a RPi 4B running NetBSD 10 booted from an SD card. What I can not do is get the RPi 4b to boot NetBSD from a USB-3 flash drive. I can get the RPi 4b to boot RPi OS from the USB-3 flask drive. Tom Dean
Re: nice program to make sound
mpg123, or its successor (?) mpg321. There is also mp3blaster if you are looking for a TUI with playlists. -- Benny > Am 23.04.2024 um 19:02 schrieb Todd Gruhn : > > I did: > > vlc file:///file.mp3 --play-and-exit > > I works -- but I dont want the GUI on the screen. > > Is there another program to do this?
nice program to make sound
I did: vlc file:///file.mp3 --play-and-exit I works -- but I dont want the GUI on the screen. Is there another program to do this?
Re: RPi 4b Wifi Device
this is what i was talking about, i don't like booting an sbc from stick even if you can hit disk can net run on sbc? On Tue, Apr 23, 2024 at 11:51 AM Thomas D. Dean wrote: > On 4/20/24 15:29, Michael Cheponis wrote: > > I run an RPi 4B/8G with external USB SSD drive; I do this because my > uSD cards were getting worn out after about a year of use; I've had no > such problems with my Samsung 870 EVO nor Samsung SSD T7. > > > > I use the built-in GigE adaptor on the RPi 4B, because it's > convenient as I have wired ethernet most places. So I can't help with > WiFi. > > > > I have been running an RPi 3 from a Lexar 64B Thumb Drive since June > 2019 - no problem there, either. > > I use SanDisk Extreme Pro 128GiB flash drives in the RPi 4b USB 3 port, > sometimes with a 6" USB 3 cable. > > I can always boot RPi OS on these drives. I have never been able to boot > NetBSD 10. > > I downloaded the arm64.img, and RPi4_UEFI_Firmware_v1.35.zip. On a Linux > desktop: >dd if=arm64.img of=/dev/sda bs=1M > and, then I replace the corresponding files from > RPi4_UEFI_Firmware_v1.35.zip. >mount /de3v/sda1 /mnt >cd /mnt >unzip ~/NetBSD/RPi4_UEFI_Firmware_v1.35.zip > > When I attempt to boot, I see the color flash, then a cursor at the top > left of the screen, then the screen goes blank. > > he flash drive shows lots of accesses during this process and then shows > access flashes in groups of 3 or 4. I think this indicates an unreadable > file, I think. > > When I do the the same actions with an SD card, NetBSD boots. > > What do you do? > > Tom Dean > -- renegade6969...@gmail.com https://www.facebook.com/profile.php?id=61556020800880 https://twitter.com/Rose29283220654
Re: RPi 4b Wifi Device
On 4/20/24 15:29, Michael Cheponis wrote: > I run an RPi 4B/8G with external USB SSD drive; I do this because my uSD cards were getting worn out after about a year of use; I've had no such problems with my Samsung 870 EVO nor Samsung SSD T7. > > I use the built-in GigE adaptor on the RPi 4B, because it's convenient as I have wired ethernet most places. So I can't help with WiFi. > > I have been running an RPi 3 from a Lexar 64B Thumb Drive since June 2019 - no problem there, either. I use SanDisk Extreme Pro 128GiB flash drives in the RPi 4b USB 3 port, sometimes with a 6" USB 3 cable. I can always boot RPi OS on these drives. I have never been able to boot NetBSD 10. I downloaded the arm64.img, and RPi4_UEFI_Firmware_v1.35.zip. On a Linux desktop: dd if=arm64.img of=/dev/sda bs=1M and, then I replace the corresponding files from RPi4_UEFI_Firmware_v1.35.zip. mount /de3v/sda1 /mnt cd /mnt unzip ~/NetBSD/RPi4_UEFI_Firmware_v1.35.zip When I attempt to boot, I see the color flash, then a cursor at the top left of the screen, then the screen goes blank. he flash drive shows lots of accesses during this process and then shows access flashes in groups of 3 or 4. I think this indicates an unreadable file, I think. When I do the the same actions with an SD card, NetBSD boots. What do you do? Tom Dean
Re: cryptic pkgin SSL cert error
On Tue, 23 Apr 2024 at 15:24, Martin Husemann wrote: > > On Tue, Apr 23, 2024 at 03:17:14PM +0100, David Brownlee wrote: > > However, while better checking of trust anchors is a better end state > > - assuming I am understanding the situation correctly: in an > > effectively unannounced change, pkgin on a -9 system without either > > security/mozilla-rootcerts-openssl installed or /etc/openssl will now > > just fail, including any attempt to install mozilla-rootcerts-openssl > > to resolve. > > Only if the binary pkgs repository URL was using https. > Default setup used to be http: Aha, thanks! - that would be the item of information I lacked :) > > This requires manual intervention to set an environment variable to > > allow mozilla-rootcerts-openssl to be installed, or otherwise setup > > /etc/openssl. That would appear to be an unhelpful change, to the > > extent that I would propose pkgin on netbsd < 10 might be better to > > default to disabling checking trust anchors (with a warning). > > Edit the URL, install mozilla-rootcerts-openssl, change the URL back. I would still classify it as unhelpful, but if it is only affecting users who have changed their setup from the recommended, then it is more of a "it would be good to see if there is a was to help them" rather than an "oops!!" :-p I also appreciate the amount of bikeshedding and general pulling at different angles it took to get to where we are with it working well on -10... so as long as the default & recommended pkgin install on < netbsd-10 is for http rather than https, I'm inclined to leave well enough alone Thanks David
Re: cryptic pkgin SSL cert error
On Tue, Apr 23, 2024 at 03:17:14PM +0100, David Brownlee wrote: > However, while better checking of trust anchors is a better end state > - assuming I am understanding the situation correctly: in an > effectively unannounced change, pkgin on a -9 system without either > security/mozilla-rootcerts-openssl installed or /etc/openssl will now > just fail, including any attempt to install mozilla-rootcerts-openssl > to resolve. Only if the binary pkgs repository URL was using https. Default setup used to be http: > This requires manual intervention to set an environment variable to > allow mozilla-rootcerts-openssl to be installed, or otherwise setup > /etc/openssl. That would appear to be an unhelpful change, to the > extent that I would propose pkgin on netbsd < 10 might be better to > default to disabling checking trust anchors (with a warning). Edit the URL, install mozilla-rootcerts-openssl, change the URL back. Martin
Re: cryptic pkgin SSL cert error
On Tue, 23 Apr 2024 at 12:45, Greg Troxel wrote: > > David Brownlee writes: > > > Do you have security/mozilla-rootcerts-openssl installed? (which > > should provide a full set of certs in /etc/openssl). Alternatively > > what do you have in /etc/openssl > > > > For netbsd-10 /etc/openssl is populated by the OS, but doing that > > would be a breaking change on netbsd-9, however it may be that the > > latest pkgin is enforcing SSL certificates by default on netbsd-9 > > which would be... unhelpful in this case > > I don't see it as uhelpful -- doctrine has always been that the sysadmin > should choose which CAs to configure as trust anchors. In 10, that's > still more or less doctrine, except the default set is mozilla (or ish) > rather than the empty set. If you haven't set up trust anchors, lots of > things are troubled. For -10, or systems which ship with trust anchors in /etc/openssl or equivalent I would agree the changed behaviour is an absolute improvement. However, while better checking of trust anchors is a better end state - assuming I am understanding the situation correctly: in an effectively unannounced change, pkgin on a -9 system without either security/mozilla-rootcerts-openssl installed or /etc/openssl will now just fail, including any attempt to install mozilla-rootcerts-openssl to resolve. This requires manual intervention to set an environment variable to allow mozilla-rootcerts-openssl to be installed, or otherwise setup /etc/openssl. That would appear to be an unhelpful change, to the extent that I would propose pkgin on netbsd < 10 might be better to default to disabling checking trust anchors (with a warning). If I have misunderstood the situation - my apologies. David
Re: NetBSD 9.3 to 10.0 upgrade failure - check for DOS fs
On Tue, Apr 23, 2024 at 01:20:12PM +, Riccardo Mottola wrote: > /dev/sd0e /media/usb msdos rw 0 0 What is that partition? Is that "usb" device available (as sd0) during your upgrade experiment? If you boot the installer from a USB disk, that might become sd0 and things will go awfully wrong. This still is a bug - sysinst should recognize the device clash, but I'm pretty sure there currently is no such code. Maybe you could try commenting that partition out in /etc/fstab, do the upgrade and later manually enable it again? Martin
Re: cryptic pkgin SSL cert error
David Brownlee wrote: > On Tue, 23 Apr 2024 at 02:27, beaker wrote: > > I have a 9.3/i386 VM on which I recently ran > > $ sudo pkgin update ; sudo pkgin upgrade ;sudo pkgin autoremove > > > > which worked but subsequent attempts to use pkgin report the following > > error: > > > > -- > > $ sudo pkgin update > > cleaning database from > > http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/9.3/All entries... > > reading local summary... > > processing local summary... > > processing remote summary > > (https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/9.3/All)... > > 3061459968:error:1416F086:SSL > > routines:tls_process_server_certificate:certificate verify > > failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1921: > > 3061459968:error:1416F086:SSL > > routines:tls_process_server_certificate:certificate verify > > failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1921: > > 3061459968:error:1416F086:SSL > > routines:tls_process_server_certificate:certificate verify > > failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1921: > > pkgin: Could not fetch > > https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/9.3/All/pkg_summary.xz: > > Authentication error > > -- > > > > A work-around is to edit /usr/pkg/etc/pkgin/repositories.conf so > > it only uses http not https but I'd really rather not do that going > > forward so I'm looking for some guidance on how to fix wahatever > > is causing this SSL certificate verification error. > > > > System info: > > $ pkgin -v > > pkgin 23.8.1 (using SQLite 3.26.0) > > $ uname -a |cut -d' ' -f4-12 > > NetBSD 9.3_STABLE (GENERIC) #0: Mon Mar 25 15:54:20 UTC > > $ uname -m > > i386 > > Do you have security/mozilla-rootcerts-openssl installed? (which > should provide a full set of certs in /etc/openssl). Alternatively > what do you have in /etc/openssl > > For netbsd-10 /etc/openssl is populated by the OS, but doing that > would be a breaking change on netbsd-9, however it may be that the > latest pkgin is enforcing SSL certificates by default on netbsd-9 > which would be... unhelpful in this case Thanks, installing the mozilla-rootcerts-openssl pkg then re-editing ../pkgin/repositories.conf to use "https" worked. You're probably right about this being sort of a transitory issue mostly affecting 9.x, I just hadn't encountered it before and I've a handful of 9.x systems. Probably the forementioned rootcert pkg is already present on those. -B
Re: NetBSD 9.3 to 10.0 upgrade failure - check for DOS fs
Hi, (removing Robert who may read the reply on the list, if) Martin Husemann wrote: > On Wed, Apr 10, 2024 at 11:52:04PM +0200, Riccardo Mottola wrote: >> 0: NetBSD (sysid 169) >> bootmenu: NetBSD >> start 2048, size 625140400, Active >> 1: >> 2: >> 3: >> Bootselector disabled. >> First active partition: 0 > Can you show us the /etc/fstab file from the NetBSD partition? of course, here it is. Inspected from booting 9.3 [1] - I hope that is what you asked for. sphere$ cat /etc/fstab # NetBSD /etc/fstab # See /usr/share/examples/fstab/ for more examples. /dev/wd0a / ffs rw 1 1 /dev/wd0b noneswapsw,dp0 0 kernfs /kern kernfs rw ptyfs /dev/ptsptyfs rw procfs /proc procfs rw tmpfs /var/shmtmpfs rw,-m1777,-sram%25 /dev/sd0e /media/usb msdos rw 0 0 /dev/cd0a /media/cdromcd9660 ro,noauto it confirms that "wd" is completely dedicated to NetBSD. If we had nice BSD stickers (especially with the Daemon) I'd remove the Windows7 for it :) Riccardo [1] wow, I missed 9.4 release, should I upgrade to that at least? getting to 10 should be still easy. However this is my main NetBSD laptop,s o it should have latest stable. I have then one with testing and one I will keep on 9.x :)
Re: cryptic pkgin SSL cert error
David Brownlee writes: > Do you have security/mozilla-rootcerts-openssl installed? (which > should provide a full set of certs in /etc/openssl). Alternatively > what do you have in /etc/openssl > > For netbsd-10 /etc/openssl is populated by the OS, but doing that > would be a breaking change on netbsd-9, however it may be that the > latest pkgin is enforcing SSL certificates by default on netbsd-9 > which would be... unhelpful in this case I don't see it as uhelpful -- doctrine has always been that the sysadmin should choose which CAs to configure as trust anchors. In 10, that's still more or less doctrine, except the default set is mozilla (or ish) rather than the empty set. If you haven't set up trust anchors, lots of things are troubled.
Re: cryptic pkgin SSL cert error
On Tue, 23 Apr 2024 at 02:27, beaker wrote: > > Hello, > > I have a 9.3/i386 VM on which I recently ran > $ sudo pkgin update ; sudo pkgin upgrade ;sudo pkgin autoremove > > which worked but subsequent attempts to use pkgin report the following error: > > -- > $ sudo pkgin update > cleaning database from > http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/9.3/All entries... > reading local summary... > processing local summary... > processing remote summary > (https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/9.3/All)... > 3061459968:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1921: > 3061459968:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1921: > 3061459968:error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify > failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1921: > pkgin: Could not fetch > https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/9.3/All/pkg_summary.xz: > Authentication error > -- > > A work-around is to edit /usr/pkg/etc/pkgin/repositories.conf so > it only uses http not https but I'd really rather not do that going > forward so I'm looking for some guidance on how to fix wahatever > is causing this SSL certificate verification error. > > System info: > $ pkgin -v > pkgin 23.8.1 (using SQLite 3.26.0) > $ uname -a |cut -d' ' -f4-12 > NetBSD 9.3_STABLE (GENERIC) #0: Mon Mar 25 15:54:20 UTC > $ uname -m > i386 Do you have security/mozilla-rootcerts-openssl installed? (which should provide a full set of certs in /etc/openssl). Alternatively what do you have in /etc/openssl For netbsd-10 /etc/openssl is populated by the OS, but doing that would be a breaking change on netbsd-9, however it may be that the latest pkgin is enforcing SSL certificates by default on netbsd-9 which would be... unhelpful in this case David