from:"\"Gerard Lally\""

Re: IKEv2/IPsec VPN

2017-09-22 Thread Gerard Lally

On Fri, 22 Sep 2017, at 19:21, Chuck Zmudzinski wrote:
> On 9/22/2017 3:49 AM, Christos Zoulas wrote:
> > On Sep 21,  9:18pm, frchu...@gmail.com (Chuck Zmudzinski) wrote:
> > -- Subject: Re: IKEv2/IPsec VPN

This has been fascinating so far. Sorry I haven't replied -- been tied
up with hospital visits the past week. Keep at it Fr Zmudzinski -- many
a breakthrough in human knowledge has been made by clerics!

;-)

IKEv2/IPsec VPN

2017-09-19 Thread Gerard Lally

Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with
20-30 remote Windows clients connecting.

I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The
documentation doesn't make it clear -- to me -- if such a setup is
possible. Ideally it would be nice if strongSwan was supported on NetBSD
but it seems this is not the case. So where to begin? Does racoon
support IKEv2? At one stage there was a racoon2 fork but development
seems to have stalled on that.

If you run such a setup some ideas to kickstart my reading would be
welcome. Thank you.

IKEv2/IPsec VPN

2017-09-19 Thread Gerard Lally

Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with
20-30 remote Windows clients connecting.

I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The
documentation doesn't make it clear -- to me -- if such a setup is
possible. Ideally it would be nice if strongSwan was supported on NetBSD
but it seems this is not the case. So where to begin? Does racoon
support IKEv2? At one stage there was a racoon2 fork but development
seems to have stalled on that.

If you run such a setup some ideas to kickstart my reading would be
welcome. Thank you.

Re: blacklistd and bpfjit

2017-03-29 Thread Gerard Lally

On Tue, 28 Mar 2017, at 02:20, co...@sdf.org wrote:
> npf attempts to auto load bpfjit, if it receives an error (such as
> 'permission denied because securelevel=1'), it will report that bpfjit
> is not loaded and this is a performance problem, even if bpfjit is
> already loaded.
> 
> in -8 it will no longer do this.

Thanks for the explanation. Yes, I'm using 7.1.

Re: blacklistd and bpfjit

2017-03-27 Thread Gerard Lally

On Mon, 27 Mar 2017, at 17:22, atomicules wrote:
> >npfctl: error loading the bpfjit module; performance will be degraded:
> >Operation not permitted
> >npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf
> 
> I think that's a XEN issue. I've been playing about with npf and 
> building kernels and I cannot get bpfjit to work on XEN even though 
> I've supposedly enabled it during the kernel build.
> 
> And not to derail you too much, but I can't really get npf to work 
> properly on XEN at all. Been meaning to email you about that. Sure it 
> "works", but it doesn't seem to respect the rules like my desktop npf 
> does (it basically blocks EVERYTHING). I'm 99% sure it's a XEN problem 
> and not me.

(For some reason this reply was buried - already read - in Gmail's All
Mail folder. Not sure now if I've received other replies to my post.)

I don't have Xen installed on the new server yet, although that's my
next step. I did have problems with npf and Xen some time ago; as far as
I remember that had to do with the dom0 kernel not loading modules. You
seem to have covered that by compiling a new kernel. Sorry; can't help
you much more on that just now.

blacklistd and bpfjit

2017-03-27 Thread Gerard Lally

I have been testing blacklistd today. It works nicely, but one thing I
don't understand is whether or not the bpfjit module is needed.

I have securelevel=1 in rc.conf. To load the module early, before
securelevel gets raised, I added bpfjit to /etc/modules.conf, and then
"set bpf.jit on;" in npf.conf.

However, when I reload npf rules I get the following complaint:

npfctl: error loading the bpfjit module; performance will be degraded:
Operation not permitted
npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf

So I set bpf.jit off instead, and blacklistd continues to work fine. I
presume bpf.jit is not really necessary for blacklistd to work properly?

Boot selector with GPT + BIOS

2016-07-30 Thread Gerard Lally

Some time ago I was able to set up a NetBSD + Slackware dual boot,
with fdisk MBR partitioning and the NetBSD boot selector (fdisk -B).

With 3TB disks I now need to use a GPT partition scheme. I presume
fdisk -B no longer works in this situation. Is there another way of
installing the NetBSD boot selector?

Re: linking issue - what am I doing wrong?

2016-03-25 Thread Gerard Lally

On Fri, 25 Mar 2016 15:50:36 -0600 (MDT)
Swift Griggs  wrote:
> 
> Some folks, who have had similar issues, asked what I ended up doing and if 
> I'd post it. Here's the skinny:
> 
> I was doing this:
> 
> gcc -g -Wall -I/usr/pkg/include -I/usr/X11R7/include -lXm \
>-L/usr/pkg/lib -o hello hello.c
> 
> I switched it to this:
> 
> gcc -Wl,-rpath,/usr/pkg/lib -Wl,-rpath,/usr/X11R7/lib -g -Wall \
>-I/usr/pkg/include -I/usr/X11R7/include -lXm \
>-L/usr/pkg/lib -o hello hello.c
> 
> I guess that bakes in the library search path to your resulting binary. Very 
> helpful, actually. I just never really knew this was an alternative to 
> something like always having to set LD_LIBRARY_PATH, but since I saw other 
> programs that managed to pull it off, I thought I'd ask. I'm glad I did. 
> There are so many smart folks on this list.

Thanks Swift. (I hit Reply instead of Reply-All, so the list never saw
my request. Sorry about that.)

-- 
Gerard Lally

Re: GPT, wedges and RAID-1 on new server with NetBSD 7

2016-03-09 Thread Gerard Lally

On Tue, 08 Mar 2016 15:06:32 -0500
Greg Troxel  wrote:
> 
> Gerard Lally  writes:
> 
> > If I want separate / swap and /home, I presume I should delete raid1a
> > and create raid1a, raid1b and raid1e instead (by clicking on its
> > parent raid1 and selecting "Edit BSD partitions")?
> 
> Separately from how to use sysinst for this (which I've never done), I
> think it is sensible to have partitions within a raid.   I typically
> have wd0a/wd1a as type raid, being mostly the whole disk, and then
> within raid0 have a/b/e/f.
> 
> > I create these and proceed with installation as normal, selecting
> > raid1 as the available disk on which I want to install NetBSD. But
> > each time I do this I get the dreaded error "FATAL: No bootable medium
> > found! System halted."
> >
> > Where am I going wrong? One thing I note is that I am not asked at any
> > point to install bootcode to the disks as I would be with non-RAID
> > setups.
> 
> Probably you can boot to utility and run installboot manually on wd0a/wd1a.
> 
> > If it's not possible to do this with sysinst is it at least possible
> > to do it by dropping to a shell?
> 
> When I want to set up a new raid system, I tend to get a bootable disk
> with a minimal system and boot that and do the whole disk setup
> including bootblocks by hand.  But I suspect you are just missing
> bootblocks.
> 
> > Ideally I would like to use GPT with the RAID-1 setup as well, since I
> > will be on 2 x 2TB disks and I anticipate this getting bigger, not
> > smaller in years to come. I have successfully set up NetBSD with GPT
> > by dropping to a shell but I don't know where to add RAID into that
> > mix.
> 
> As others commented it seems disklabel-in-raid-in-gpt works.  So that
> leads to having two raid sets.  One is small enoguh to fit in 2T, and
> would have root, swap, /var, /usr sorts of things.  The other would be
> just bare raid in gpt, and have a filesystem in raid0d.  or maybe gpt
> inside raid.  The point is that the >2T raid doesn't have a disklabel
> (because it's too big) and doesn't have root (because the bootblocks
> can't yet find it).

Well I successfully booted a RAID system in Virtualbox yesterday
evening! I followed Tobias's instructions, and also found David
Brownlee's wedgeraidbootsetup.sh script** very useful. It's a lot
clearer to me now what has to be done.

Here is an overview for anyone else having trouble understanding the
steps:

1) create a small gpt partition on disk0 and disk1 for boot;
2) create another gpt partition on disk0 and disk1 for raid;
3) assemble the raid using the components created in 2;
4) use gpt again to partition this raid array into / swap and home
partitions;
5) build filesystems on these partitions;
6) mount the filesystems and extract sets;
7) install boot on the wedges created in step 1;
8) configure the system (fstab, rc.conf, etc)

I'm happy again now! I was afraid I might end up having to install "An
Inferior Operating System" on my 36 euro per month server!

;-)

Thank you one and all for helping me understand this.

** Posted to netbsd-users June 2015:
https://mail-index.netbsd.org/netbsd-users/2015/06/16/msg016252.html

-- 
Gerard Lally

GPT, wedges and RAID-1 on new server with NetBSD 7

2016-03-06 Thread Gerard Lally

Later this month I will be replacing a dedicated single-disk 120GB SSD
server with a 2 x 2TB SATA server. I would really like to put NetBSD 7
on RAID-1 here; I've had it running very nicely on the single disk
server for months (with thanks to Manuel Bouyer for the Dedibox
instructions).

The trouble is, I've been installing and re-installing NetBSD 7 on
Virtualbox with two virtual disks of 8GB each to get at least the RAID
part right before I make the move on real hardware but I've had no
luck booting the system whatever.

This is how I have been doing it so far:

1) Boot from amd64 CD
2) Select "Utility menu"
3) Select "Partition disk"
4) Format the already-existing wd0a as RAID; do the same for wd1a
5) Now select "Create software RAID", with wd0a and wd1a as disks,
RAID level set to 1 and sectPerSU set to 128
6) Save changes, as instructed
7) Wait for parity re-write to finish

Next step is where I get confused. I now have to create partitions for
RAID. The parity re-write created raid1a with type 4.2BSD which takes
up the whole 8GB.

If I want separate / swap and /home, I presume I should delete raid1a
and create raid1a, raid1b and raid1e instead (by clicking on its
parent raid1 and selecting "Edit BSD partitions")?

I create these and proceed with installation as normal, selecting
raid1 as the available disk on which I want to install NetBSD. But
each time I do this I get the dreaded error "FATAL: No bootable medium
found! System halted."

Where am I going wrong? One thing I note is that I am not asked at any
point to install bootcode to the disks as I would be with non-RAID
setups.

If it's not possible to do this with sysinst is it at least possible
to do it by dropping to a shell? Ideally I would like to use GPT with
the RAID-1 setup as well, since I will be on 2 x 2TB disks and I
anticipate this getting bigger, not smaller in years to come. I have
successfully set up NetBSD with GPT by dropping to a shell but I don't
know where to add RAID into that mix.

Re: Wheel behavior

2015-08-24 Thread Gerard Lally

On Mon, 24 Aug 2015 08:04:40 +
"Thomas Mueller"  wrote:

> > On 23 August 2015 at 03:39, Pongthep Kulkrisada  wrote:
> > > * Ottavio Caruso (ottavio2006-net...@yahoo.com) wrote:
> > >> But Slackware doesn't have the concept of the wheel group (as long as
> > >> I remember) and I myself don't like it very much.
> > > Slackware has this concept.
> > > http://alien.slackbook.org/dokuwiki/doku.php?id=linux:admin
>  
> > Yes, it might be in the wiki, but I remember correctly it's not implemented.
> 
> I am a former user of Slackware, through 13.0, and can say there was no wheel 
> group.

# cat /etc/slackware-version
Slackware 14.1

# grep wheel /etc/group
wheel:x:10:root

-- 
Gerard Lally

Re: Where to install user stuff

2015-07-16 Thread Gerard Lally

At date and time Thu, 16 Jul 2015 11:35:37 +, William A. Mahaffey III wrote:
> 
>  On various SGI, Linux & FreeBSD boxen, I have always installed
> in-house software under /usr/local.  I notice no such directory on my
> NetBSD 6.1.5 box. I did notice that pkg_add installed sudo under
> /usr/pkg. Is that the recommended/standard/canonical place to install
> user software under NetBSD ?

If you are doing ./configure, make and make install then /usr/local
will be created automatically. If you are using pkgsrc then /usr/pkg
will be the default location. You can also bootstrap pkgsrc so that it
operates in unprivileged mode; this way pkgsrc installs to bin, sbin and
so on in /home/william/pkg/ , no root user or sudo required. This is a
very nice feature of pkgsrc which honours the principle of least
privilege.

Just extract the pkgsrc tarball to $HOME and cd to ~/pkgsrc/bootstrap.
Then do
./bootstrap --unprivileged
and the configuration file ~/pkg/etc/mk.conf will be adjusted
accordingly so that software is installed to ~/pkg/bin and ~/pkg/sbin.

-- 
Gerard Lally

Re: Minor setup issues

2015-07-15 Thread Gerard Lally

On Wed, 15 Jul 2015 11:18:48 +
"William A. Mahaffey III" wrote:
> 
>  I have my shiny new NetBSD 6.1.5 server up & running, all RAID
> devices working AOK, several reboots completed, swap configured, etc.
> All is well except for a few pilot errors. Following recommendations
> I now login to root by su, rather than directly at the console. When
> I do, none of my aliases get set & filename completion using the tab
> key doesn't work. This isn't huge, but is irritating.

You're probably using sh. If so you will need the following options in
.shrc:

set -o emacs
set -o tabcomplete

NetBSD also has ksh which is, as far as I know, pdksh under the hood. A
better korn shell clone is mksh, available in pkgsrc.

> All is well logging in at the console, although the screen is limited
> to 80 chars/line & 25 lines, which restricts what you can see in
> crowded directories. I am ssh-ing in as my regular user, BTW, that
> probably makes a difference. When fully operational, there will be no
> kbd/mouse/monitor hooked up, so I do need to get this either fixed or
> understood.

I found the best way to deal with the console is to specify a vesa mode
in /boot.cfg. When booting, choose 5 to drop to a prompt and type "vesa
list". This will give you a list of vesa modes supported by your
hardware. For example, 0x14b. You then type "vesa 0x14b" and then "boot".

You can then add your chosen mode to /boot.cfg as follows:

menu=Boot normally:rndseed /var/db/entropy-file;vesa 0x14b;boot netbsd

-- 
Gerard Lally

Re: Printing to a network printer by IP address

2015-06-21 Thread Gerard Lally

At date and time Sun, 21 Jun 2015 09:18:39 -0700, jgw wrote:

  | Gerard Lally  wrote:
  | 
  | > (NetBSD 7 amd64)
  | >
  | > Is is possible to print to an ethernet-connected printer with just the
  | > standard NetBSD print commands, without going through CUPS? The printer
  | > is connected directly to the network switch and has a fixed IP address
  | > on the LAN; there is no print server. It is a business-class Ricoh
  | > Aficio MP C2800 Postscript and PCL printer.
  | >
  | > I have a hard time getting a conceptual overview of printing in BSD and
  | > Linux to be honest; it seems to be a bit of a minefield with postscript,
  | > CUPS, filters, ghostscript, foomatic, drivers, spooling, line printing
  | > and so on.
  | >
  | > At the moment I would like to print a copy of some of the text
  | > configuration files in /etc but it would be useful eventually to be
  | > able to print documents formatted with graphics as well.
  | 
  | As others mentioned, you can just setup BSD lpd.  You will likely need to
  | create a filter for it as well as a spool file.  And probably install
  | ghostscript.  I believe the FreeBSD Guide has some info on it.  I've been
  | using it for years with an HPLJ and it works fine for occasional print
  | jobs.  If you want my notes let me know off-list.

That printing section in the FreeBSD Guide is very good! It gives a
great overview of the various parts and how they fit together. The
overview was what I was missing. Thanks for the reference. I'll
study the method below as well when I get back to that network
tomorrow.

  | A few years ago I came across an alternate technique using just netcat/ncat
  | which is actually very fast if you can avoid dealing with postscript; my
  | notes are below:
  | 
  |  --
  |   Printing w/o lpd(8) to a Network Printer:
  | 
  |   Using ncat(1) and an appropriate print filter you can print directly to
  |   a network printer that understands "raw" input.
  | 
  |   For example, the HPLJ-2100 is a PCL-only printer (doesn't understand
  |   Postscript) and listens on port 9100.  The following makes use of the
  |   current lpd(8) print filter to process plain text, Postscript and PCL
  |   files:
  | 
  |   % cat cat_sitter.ps | /usr/local/lib/if\-hplj_2100 | ncat 192.168.1.12 
9100
  | 
  |   The filter uses gs(1) (Ghostscript), something like so:
  | 
  |   % gs -q -dSAFER -sDEVICE=lj5gray -sOutputFile=- -
  | 
  |   This requires a lot of CPU cycles and produces rather large PCL outputs.
  |   It's better to produce PCL source files directly if possible:
  | 
  |   ex)
  |   # create a PCL file created two ways:
  |   % groff -ms -Tlj4 my_file.ms > cat_sitter.pcl
  |   % groff -ms my_file.ms | gs -sDEVICE=lj4 -sOutputFile=cat_sitter.PCL -
  | 
  |   # compare the files
  |   %  ls -sh1 my_file.{pcl,PCL}
  |   1.2M my_file.PCL
  |   3.8K my_file.pcl  => over 300x difference!

-- 
Gerard Lally

Re: Printing to a network printer by IP address

2015-06-21 Thread Gerard Lally

At date and time Sun, 21 Jun 2015 15:49:47 +, Ron Swiernik wrote:

  | Allmost all my print queues are without filters. NetBSD makes is
  | s much easier with the lp=port@hostname.
  | 
  | Sample printcap entry:
  | lp:\
  | :sh:\
  | :lp=9100@default:\
  | :sd=/var/spool/output/default:\
  | :lf=/var/log/lpd-errors:\
  | :mx#0:
  | 
  | For basic stuff the printer should be able to recongize the
  | input stream. I have done this to Ricoh station simular to that
  | class. It will only use the defaults that the printer is set to.
  | If you want to do anything else it is probably easier to use
  | some filtering thing like CUPS.

This is very useful, and it clears up the concept of filters for me,
to an extent. Thanks.

-- 
Gerard Lally

Re: Printing to a network printer by IP address

2015-06-21 Thread Gerard Lally

At date and time Sun, 21 Jun 2015 16:11:56 +0100, Matthias Scheler wrote:

  | On Sun, Jun 21, 2015 at 02:46:19PM +0100, Gerard Lally wrote:
  | > Is is possible to print to an ethernet-connected printer with just the
  | > standard NetBSD print commands (LPD, LPR), without going through CUPS?
  | 
  | Yes, at least if the printer supports HP Jetdirect which most printers
  | (even non-HP ones) do. Please check whether your printer accepts
  | TCP connections on port 9100.

Thank you Matthias. I will be able to check that tomorrow.

-- 
Gerard Lally

Printing to a network printer by IP address

2015-06-21 Thread Gerard Lally

(NetBSD 7 amd64)

Is is possible to print to an ethernet-connected printer with just the
standard NetBSD print commands, without going through CUPS? The printer
is connected directly to the network switch and has a fixed IP address
on the LAN; there is no print server. It is a business-class Ricoh
Aficio MP C2800 Postscript and PCL printer.

I have a hard time getting a conceptual overview of printing in BSD and
Linux to be honest; it seems to be a bit of a minefield with postscript,
CUPS, filters, ghostscript, foomatic, drivers, spooling, line printing
and so on.

At the moment I would like to print a copy of some of the text
configuration files in /etc but it would be useful eventually to be
able to print documents formatted with graphics as well.

-- 
Gerard Lally

Printing to a network printer by IP address

2015-06-21 Thread Gerard Lally

(Apologies if this ends up double-posted.)

(System: NetBSD 7 amd64)

Is is possible to print to an ethernet-connected printer with just the
standard NetBSD print commands (LPD, LPR), without going through CUPS?
The printer is connected directly to the network switch and has a fixed
IP address on the LAN; there is no print server. It is a business-class
Ricoh Aficio MP C2800 Postscript and PCL printer.

I have a hard time getting a conceptual overview of printing in BSD and
Linux to be honest; it seems to be a bit of a minefield with postscript,
ghostscript, CUPS, filters, foomatic, drivers, spooling, line printing
and so on.

At the moment I would like to print a copy of some of the text
configuration files in /etc but it would be useful eventually to be
able to print documents formatted with graphics as well.

-- 
Gerard Lally

How to ensure pkgsrc groff is preferred over groff in base

2015-05-30 Thread Gerard Lally

Thanks to all who contributed to the recent groff thread. I now
understand the pros and cons a bit better.

I posted the following question here, to netbsd-users, instead of
pkgsrc-users because it is connected to that thread.

What is the correct way to ensure pkgsrc binaries and libraries are
used instead of their equivalents in base? For example, after installing
pkgsrc groff I now have groff, grn, grodvi, grog and more in both
/usr/bin and /usr/pkg/bin. Do I create multiple aliases, or just change
$PATH so that /usr/pkg/bin is before /usr/bin? For user, and/or root?
Would changing $PATH create other problems elsewhere?

I realise this is basic UNIX stuff I should understand better; it's
just that I would like to know the standard or correct way of doing it.

--
Gerard Lally

Re: How to enable quotas on /home

2015-05-04 Thread Gerard Lally

At date and time Mon, 4 May 2015 19:46:14 +0200, Manuel Bouyer wrote:

> On Sun, Apr 26, 2015 at 02:20:36PM +0100, Gerard Lally wrote:
> > I'm trying to get quotas working on 7 beta. As far as I can tell the old 
> > way of implementing quotas in fstab has been superseded, and fstab(5) 
> > recommends "turn[ing] on the new, in-file system quota with tunefs(8) or 
> > at newfs(8) time, and to not use the 'userquota' or 'groupquota' 
> > options."
> > 
> > /home is a GPT partition - /dev/dk3. The file system was created as 
> > follows:
> > 
> > newfs -O2 -b 16384 -f 2048 /dev/dk3
> > 
> > "tunefs -q user -q group /home" returns "enabling user quotas, enabling
> > group quotas", which appears to confirm user and group quotas have been
> > successfully enabled. I then run fsck_ffs on /home, following the
> > recommendation in tunefs(8). I follow the prompts to create user quota
> > inodes and group quota inodes; one thing I notice is it repeatedly
> > informs me of user and group quota mismatches for ID 0 and 1000. At this
> > stage quotas seem to be enabled but edquota tells me no mounted
> > filesystems have quota support.
> > 
> > Forcing fsck_ffs at reboot with the -f flag in rc.conf makes no 
> > difference; as soon as I reboot "tunefs -N /home" tells me quotas are 
> > disabled again.
> > 
> > Where am I going wrong? I've looked at all the quota-related man pages
> > but it's quite hard to separate those relevant to the new quota
> > subsystem from those relating to the older method. quotaon(8) and
> > quotaoff(8), for example, don't seem relevant to the new method.
> 
> You did run tunefs with /home unmounted, did you ?

Well it appears not. Thank you once again Manuel; I'm now able to get
edquota up and running for /home.

Little by little I am getting there!

-- 
Gerard Lally

How to enable quotas on /home

2015-04-26 Thread Gerard Lally

I'm trying to get quotas working on 7 beta. As far as I can tell the old 
way of implementing quotas in fstab has been superseded, and fstab(5) 
recommends "turn[ing] on the new, in-file system quota with tunefs(8) or 
at newfs(8) time, and to not use the 'userquota' or 'groupquota' 
options."

/home is a GPT partition - /dev/dk3. The file system was created as 
follows:

newfs -O2 -b 16384 -f 2048 /dev/dk3

"tunefs -q user -q group /home" returns "enabling user quotas, enabling
group quotas", which appears to confirm user and group quotas have been
successfully enabled. I then run fsck_ffs on /home, following the
recommendation in tunefs(8). I follow the prompts to create user quota
inodes and group quota inodes; one thing I notice is it repeatedly
informs me of user and group quota mismatches for ID 0 and 1000. At this
stage quotas seem to be enabled but edquota tells me no mounted
filesystems have quota support.

Forcing fsck_ffs at reboot with the -f flag in rc.conf makes no 
difference; as soon as I reboot "tunefs -N /home" tells me quotas are 
disabled again.

Where am I going wrong? I've looked at all the quota-related man pages
but it's quite hard to separate those relevant to the new quota
subsystem from those relating to the older method. quotaon(8) and
quotaoff(8), for example, don't seem relevant to the new method.

-- Gerard Lally

Re: Request to reconsider removal of groff from base system

2015-03-31 Thread Gerard Lally

At date and time Tue, 31 Mar 2015 15:18:36 +0200, tlaronde wrote:

> On Tue, Mar 31, 2015 at 12:24:51PM +0100, Gerard Lally wrote:
> >
> > As someone who uses groff as a lightweight alternative to TeX and
> > friends**
>
> FWIW, I have developed a minimal TeX system: kerTeX
> (http://www.kergis.com/kertex.html) (french; english at
> http://www.kergis.com/en/kertex.html).
>
> A minimal install can be as small as 8MB. The default (with the AMS
> fonts, e-TeX, dvips, MetaPost, bibtex and the Adobe standard PostScript
> fonts metrics) is less than 40MB.
>
> The advantage of the TeX system is that it is self-sufficient : it
> includes fonts and the mean to design them.

Thank you for this reminder Thierry. I took note of your work a long
time ago and will certainly keep it in mind should I abandon groff, but
for now I have invested some time in learning groff.

To Greg and Eric:

thank you for your replies.

I suppose the long and the short of it is that a powerful typesetting
system - groff - is already there, in base. It's not really about the
space used, but rather that a minimal NetBSD setup comes pre-loaded with
industrial-strength document layout and typesetting software. To my mind
that is quite amazing, and it speaks volumes about both NetBSD and groff.
NetBSD packs a lot of punch into the base system and I feel it would be
sad to sacrifice that power for what seems to me little or no gain.

--
Gerard Lally

Request to reconsider removal of groff from base system

2015-03-31 Thread Gerard Lally

While reading the INSTALL notes for amd64 today, I learned that groff(1)
is to be phased out in a future release, since man pages are handled
with mandoc(1), and groff(1) can still be found in pkgsrc as textproc/groff.

As someone who uses groff as a lightweight alternative to TeX and
friends**, I wonder if it could be kept in the base system. One of my
NetBSD systems is a small VPS server, where I don't have any need, or
indeed much space, to use pkgsrc. I maintain a couple of other NetBSD
systems as backup servers, and pkgsrc is not installed on them either,
but I do use groff to format automated {daily,weekly,monthly} reports.

I would be disappointed to see groff removed from the base system. It
is a nice fit for NetBSD's minimalist philosophy, and I ask that the
decision to remove it be reconsidered. Thank you.

** http://www.schaffter.ca/mom/mom-03.html

--
Gerard Lally

Re: NPF syntax

2015-03-16 Thread Gerard Lally

At date and time Mon, 16 Mar 2015 09:52:07 -0400, D'Arcy J.M. Cain wrote:

> I have decided to give up on pf after banging my head against the wall
> (and the OBSD mailing list) and try npf but I can't figure out the
> syntax.  I followed the example at http://www.netbsd.org/~rmind/npf/
> but I keep getting errors when I validate.  I reduced npf.conf to the
> following two lines:
> 
> table  type tree file "/VEX/general/pf/friends.list"
> table  type tree file "/VEX/general/pf/enemies.list"
> 
> This gives me this error:
> 
> # npfctl validate
> npfctl: table '0' is already defined
> 
> If I remove one line I get this:
> 
> # npfctl validate
> table <0> type tree
> 
> If I put the full file and comment out the table lines I get this:
> 
> # npfctl validate
> /etc/npf.conf:11:3: syntax error near 'alg'
> 
> I am using the example config almost verbatim except for the table
> names and file paths.
> 
> What am I missing here?

I had to move the tables to /etc ; I think the reason was that the /usr
filesystem was not mounted early enough at boot. Perhaps something like
that is your problem as well? Is VEX a NFS mount?

-- 
Gerard Lally

Re: Making pf block DomU <-> DomU traffic

2015-03-07 Thread Gerard Lally

At date and time Sat, 07 Mar 2015 18:14:50 +0100, Torbjörn Granlund wrote:

> Greg Troxel  writes:
> 
> Don't bridge; put each domU on it's own interface and nat them
> individually.
>   
> Thanks.
> 
> Would that amount to manually defining a tapN/bridgeN pair for each
> DomU?

That's what I do.

-- 
Gerard Lally

Re: NPF on domU - more clarity required

2014-12-27 Thread Gerard Lally

At date and time Sat, 27 Dec 2014 14:49:03 +1300, Chris Bannister wrote:

> On Fri, Dec 26, 2014 at 11:32:26PM +0000, Gerard Lally wrote:
> > 
> > Thank you Michael, and thank you to all the other senior NetBSD devs who
> > stooped to help out this perpetual newbie, here and in private!
> 
> It would be nice if people posted to the thread so as to help other
> users in the future.

Point taken, but on this occasion it was just to let me know my question
had been posted elsewhere for increased exposure.

-- 
Gerard Lally

Re: NPF on domU - more clarity required

2014-12-26 Thread Gerard Lally

At date and time Fri, 26 Dec 2014 22:38:05 + (UTC), Michael van Elst wrote:

> lists+netbsd.us...@netmail.ie (Gerard Lally) writes:
> 
> >compiling the kernel as a normal user instead of root? I've just noticed
> >the owner and group on /usr/src/sys/arch/amd64/compile/custom-20141226/
> >are gerard:wsrc. Should that be root:wsrc instead?
> 
> It doesn't matter who is the owner of the build directory, but did
> you actually boot this kernel?

Oh dear. Problem solved. I've made a very silly mistake. With prgmr I
should have placed the custom kernel in /ext2fs/boot/ instead of /

The domU was not using my custom /netbsd kernel at all. It was still
using the domU kernel installed by sysinst. The kernel specified in
/boot.cfg, which I mistakenly assumed was the booting kernel, is
irrelevant. NetBSD as a prgmr domU uses a grub setup with the domU
kernel in a small ext2 partition /ext2fs/boot/ and the boot
configuration file /ext2/boot/grub/menu.lst

Well I am happy this problem is now solved, and I apologise for my
cantankerous first post! Mea culpa.

Thank you Michael, and thank you to all the other senior NetBSD devs who
stooped to help out this perpetual newbie, here and in private!

As a sidenote, if there's a way of eliminating the grub cruft and using
NetBSD's boot manager instead I'd be glad to hear it.

-- 
Gerard Lally

Re: NPF on domU - more clarity required

2014-12-26 Thread Gerard Lally

At date and time Fri, 26 Dec 2014 20:10:35 + (UTC), Christos Zoulas wrote:

> In article <20141226020448.ee93.280fc...@netmail.ie>,
> Gerard Lally   wrote:
> >I have been struggling to get NPF up and running on a NetBSD VPS,
> >specifically a Xen domU. I really think for security reasons NPF should
> >be nearly ready to go, so that we don't have to spend hours researching
> >and pulling our hair out trying to fix what should be a straightforward
> >issue, which leaves a machine vulnerable when it probably needs
> >protection most. It appears this problem came up some years ago, but
> >Googling provides me with no fix.
> >
> >I understand that NetBSD as a Xen domU does not support kernel modules.
> >So the recommendation in the NPF documentation to "modload" npf_ext_log
> >does not apply here. Fine, I took a wild guess and compiled a new Xen
> >domU kernel with the following two lines added to make sure NPF logging
> >and normalisation functionality was compiled into the kernel instead:
> >
> >options NPF_EXT_LOG
> >options NPF_EXT_NORMALISE
> >
> >Needless to say I also made sure pseudo-device npf was enabled as well.
> >
> >I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0
> >with just the word "create".
> >
> >I kept the contents of npf.conf to a minimum for troubleshooting, but
> >NPF just refuses to load. This is the error I get at boot:
> >
> >npfctl: cannot open '/dev/npf': Device not configured
> >npfctl: cannot open '/dev/npf': Device not configured
> >/etc/rc.d/npf exited with code 1
> 
> See if the device driver for npf is registered with the kernel correctly:
> 
>   $ sysctl kern.drivers | tr , '\n' | grep npf
> [198 -1 npf]

Thank you Christos.

[root]# sysctl kern.drivers | tr , '\n' | grep npf
 [198 -1 npf]

> Make sure that the device numbers are correct:
> 
>   $ ls -l /dev/npf
>   crw---  1 root  wheel  198, 0 Oct 13  2013 /dev/npf

[root]# ls -la /dev/npf
crw---  1 root  wheel  198, 0 Dec 26 00:38 /dev/npf

> Look at the ktrace output and see what operation fails:
> 
>   $ ktrace /sbin/npfctl start
>   $ kdump | less

[root]# ktrace /sbin/npfctl start
npfctl: cannot open '/dev/npf': Device not configured

[root]# kdump | less

kdump.txt attached.

I should have added extra information in my last post as well. Better
late than never:

NetBSD xx.xen.prgmr.com 7.0_BETA NetBSD 7.0_BETA
(XEN3_DOMU.201412251110Z) amd64

System installed using ftp, from nyftp.netbsd.org, with all sets.

I used the following config to compile the kernel with npf built-in,
using syssrc.tgz from NetBSD 7.0_BETA 201412251110Z:

/usr/src/sys/arch/amd64/conf/XEN3_DOMU

Perhaps I caused myself a problem by extracting syssrc.tgz and
compiling the kernel as a normal user instead of root? I've just noticed
the owner and group on /usr/src/sys/arch/amd64/compile/custom-20141226/
are gerard:wsrc. Should that be root:wsrc instead? (I am in the wsrc
group.) I seem to remember reading it's permissible to compile a kernel
as a normal user once you're in the wsrc group.

-- 
Gerard Lally


kdump.txt
Description: Binary data

NPF on domU - more clarity required

2014-12-25 Thread Gerard Lally

I have been struggling to get NPF up and running on a NetBSD VPS,
specifically a Xen domU. I really think for security reasons NPF should
be nearly ready to go, so that we don't have to spend hours researching
and pulling our hair out trying to fix what should be a straightforward
issue, which leaves a machine vulnerable when it probably needs
protection most. It appears this problem came up some years ago, but
Googling provides me with no fix.

I understand that NetBSD as a Xen domU does not support kernel modules.
So the recommendation in the NPF documentation to "modload" npf_ext_log
does not apply here. Fine, I took a wild guess and compiled a new Xen
domU kernel with the following two lines added to make sure NPF logging
and normalisation functionality was compiled into the kernel instead:

options NPF_EXT_LOG
options NPF_EXT_NORMALISE

Needless to say I also made sure pseudo-device npf was enabled as well.

I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0
with just the word "create".

I kept the contents of npf.conf to a minimum for troubleshooting, but
NPF just refuses to load. This is the error I get at boot:

npfctl: cannot open '/dev/npf': Device not configured
npfctl: cannot open '/dev/npf': Device not configured
/etc/rc.d/npf exited with code 1

I have /usr on a separate partition which might cause this error at boot
but should not cause the error when I do
/etc/rc.d/npf reload ; /etc/rc.d/npf start
after the system is up and running.

Here are the contents of npf.conf:

===
# /etc/npf.conf

$wired_v4 = { inet4(xennet0) }

procedure "log" {
log: npflog0
}

group "wired" on $wired_v4 {
# disable 80 until we are sure this is running properly
# pass in final family inet4 proto tcp to $wired_v4 port 80
pass in final family inet4 proto tcp to $wired_v4 port 22022
pass stateful out final family inet4 proto tcp flags S/SA \
 from $wired_v4
pass out final family inet4 proto tcp from $wired_v4
pass stateful out final family inet4 from $wired_v4
}

group default {
pass final on lo0 all
block all apply "log"
}

===

I have faced this issue on several occasions now and it is most
frustrating. I would like to be able to have a basic firewall up and
running within five minutes of setting up a machine. I'd been looking
forward to trying NPF but it feels as though I'm in the seven circles
of Hell trying to get it to run.

-- 
Gerard Lally

Re: Sun Fire X4140

2014-11-18 Thread Gerard Lally

At date and time Tue, 18 Nov 2014 21:30:18 +0300, Dima Veselov wrote:

> Hello!
> 
> > I was very, very impressed to see an oldish (mid-2013) NetBSD 6 install
> > on this machine (I didn't have a more recent CD to hand), with hardware
> > RAID, network adapters and video all working. 
> 
> I have bunch of this servers and yes, NetBSD support it almost fully. 
> You seem to be lucky getting X4140 with LSI SAS adapter, because some 
> of them has Adaptec, which is not supported.
> 
> > I tried a recent Linux as
> > well but it failed to set up the network adapters.
> 
> X4140 has strange NVIDIA bridges and network enumerator devices, 
> which can cause problems. My configurations has many of them 
> including Debian 6/7 and NetBSD 6 working for years in production.
> 
> > I plan to put NetBSD 7 on this over the next few days.
> 
> Don't forget to update server firmware, because X4140 has nice but 
> weak service processor and it is most vulnerable part of this server.

Thanks for the advice Dima. I did indeed go searching for firmware
updates but it seems we would need a support contract with Oracle, which
is out of the question for this business. I might be able to get the
person who supplied the server to download the firmware.

> Stock ILOM version can brick itself if it work for long time unattended.
> Still don't know reasons, but I have 3 bricks for past 5 yrs. Maybe 
> they get offended without human attention?

An expensive brick!

> Also don't be surprised if serial port speed between server and ILOM
> will change to default by itself - it's okay for any ILOM version :))


-- 
Gerard Lally

Sun Fire X4140

2014-11-18 Thread Gerard Lally

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.

Build settings:
  Build date   Mon May 13 02:23:15 UTC 2013
Built by   bui...@b6.netbsd.org

   BSDOBJDIR = '/usr/obj'
   BSDSRCDIR = '/usr/src'
 BUILDID = '201305130021Z'
 DESTDIR = 
'/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-dest'
  EXTERNAL_TOOLCHAIN = (undefined)
HAVE_GCC = '45'
HAVE_GDB = '7'
 INSTALLWORLDDIR = (undefined)
 KERNARCHDIR = 'arch/amd64'
 KERNCONFDIR = 
'/home/builds/ab/netbsd-6-1-RELEASE/src/sys/arch/amd64/conf'
  KERNOBJDIR = 
'/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj/home/builds/ab/netbsd-6-1-RELEASE/src/sys/arch/amd64/compile'
  KERNSRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src/sys'
 MACHINE = 'amd64'
MACHINE_ARCH = 'x86_64'
MAKE = 
'/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-tools/bin/nbmake'
MAKECONF = '/home/builds/etc/make.conf'
   MAKEFLAGS = ' -d e -m 
/home/builds/ab/netbsd-6-1-RELEASE/src/share/mk -j 11 -J 15,16 -d e -m 
/home/builds/ab/netbsd-6-1-RELEASE/src/share/mk -j 11 -J 15,16 -j 1 
HOST_OSTYPE=NetBSD-6.0.1-amd64 MKOBJDIRS=yes NOPOSTINSTALL=1 USETOOLS=yes 
_SRC_TOP_=/home/builds/ab/netbsd-6-1-RELEASE/src 
_SRC_TOP_OBJ_=/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj/home/builds/ab/netbsd-6-1-RELEASE/src
 _THISDIR_=etc/'
  MAKEOBJDIR = (undefined)
MAKEOBJDIRPREFIX = 
'/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj'
 MAKEVERBOSE = '0'
   MKBFD = (undefined)
  MKBINUTILS = 'yes'
  MKCATPAGES = 'no'
MKCRYPTO = 'yes'
MKCRYPTO_RC5 = 'no'
   MKCVS = 'yes'
 MKDEBUG = 'no'
  MKDEBUGLIB = 'no'
   MKDOC = 'yes'
MKDTRACE = 'no'
   MKDYNAMICROOT = 'yes'
   MKGCC = 'yes'
   MKGCCCMDS = 'yes'
   MKGDB = 'yes'
MKHESIOD = 'yes'
  MKHTML = 'yes'
MKIEEEFP = 'yes'
 MKINET6 = 'yes'
  MKINFO = 'yes'
  MKIPFILTER = 'yes'
  MKKERBEROS = 'yes'
  MKLDAP = 'yes'
   MKLINKLIB = 'yes'
  MKLINT = 'yes'
   MKMAN = 'yes'
  MKMANZ = 'no'
  MKMDNS = 'yes'
   MKNLS = 'yes'
   MKNPF = 'yes'
   MKOBJ = 'yes'
   MKOBJDIRS = 'yes'
   MKPAM = 'yes'
MKPF = 'yes'
   MKPIC = 'yes'
MKPICINSTALL = 'yes'
MKPICLIB = 'yes'
   MKPOSTFIX = 'yes'
   MKPROFILE = 'yes'
 MKSHARE = 'yes'
  MKSKEY = 'yes'
 MKSOFTFLOAT = 'no'
 MKSTATICLIB = 'yes'
  MKUNPRIVED = 'yes'
MKUPDATE = 'no'
   MKX11 = 'yes'
MKYP = 'yes'
  NBUILDJOBS = (undefined)
NETBSDSRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src'
  NOCLEANDIR = (undefined)
   NODISTRIBDIRS = (undefined)
      NOINCLUDES = (undefined)
  OBJMACHINE = (undefined)
  RELEASEDIR = 
'/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-rlse'
   RELEASEMACHINEDIR = 'amd64'
   TOOLCHAIN_MISSING = 'no'
 TOOLDIR = 
'/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-tools'
  USE_HESIOD = 'yes'
   USE_INET6 = 'yes'
USE_JEMALLOC = 'yes'
USE_KERBEROS = 'yes'
USE_LDAP = 'yes'
 USE_PAM = 'yes'
USE_SKEY = 'no'
  USE_YP = 'yes'
USETOOLS = 'yes'
  USR_OBJMACHINE = (undefined)
   X11SRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/xsrc'
  X11FLAVOUR = 'Xorg'

-- 
Gerard Lally

Emacs without X - eww missing libxml2

2014-10-25 Thread Gerard Lally

Hi,

I wanted to try out the new Emacs 24.4 so I compiled it from source
yesterday on a NetBSD 7 system which does not have X installed.

$ ./configure --prefix=/usr --without-gif --without-tiff
$ make
# make install

Emacs works fine, with one exception: I cannot visit websites in the
new integrated browser, eww. Visiting any website gives me the following
error:

"error in process filter: This function requires Emacs to be compiled
with libxml2"

I had earlier installed xmlcatmgr-2.2 and libxml2-2.9.2 libraries (to
/usr/lib), but «ldd /usr/bin/emacs» shows no reference to libxml2.

Should I expect eww to work in a NetBSD system without X? According to
pkgsrc.se the only dependency libxml2 has is xmlcatmgr.

-- 
Gerard Lally

Re: hp aio : netbsd won't boot ...

2014-09-25 Thread Gerard Lally

At date and time Thu, 25 Sep 2014 16:35:53 +0530, Mayuresh Kathe wrote:

> On 2014-09-25 16:34, Gerard Lally wrote:
> > At date and time Thu, 25 Sep 2014 01:42:47 +0530, Mayuresh Kathe wrote:
> > >> okay, i finally got myself a low end machine at an affordable price.
> >> http://hpshopping.in/HP_18-5019il_All-in-One_Desktop_PC
> >> >> the problems started after unpacking the machine.
> >> >> netbsd 6.1.4 (amd64) install cd just won't boot.
> >> after fiddling around with the bios (which looks like uefi), it >> booted, 
> >> but refused to install, after some more coaxing moved till the >> "newfs" 
> >> execution phase and then barfed.
> >> >> i tested with a bunch of other operating systems (ubuntu 14.04 and >> 
> >> >> omnios), which it install and boot up like a charm.
> >> >> at the moment, have upgraded the memory to 4gb, and run netbsd 6.1.4 >> 
> >> >> via virtual box under ubuntu (desktop) 14.04, but the resource >> 
> >> >> consumption is crazy, i can't even fire up firefox while running >> 
> >> >> netbsd in that mode.
> >> >> any ideas about how i could make netbsd work on bare metal?
> >> or should i simply upgrade the memory to a total of 8gb (which is >> going 
> >> to be quite difficult a proposition at the moment)?
> > > Have you disabled Secure Boot?
> 
> no, should i?

If it's an option in UEFI then yes, you should. It's at least worth a
try.

-- 
Gerard Lally

Re: hp aio : netbsd won't boot ...

2014-09-25 Thread Gerard Lally

At date and time Thu, 25 Sep 2014 01:42:47 +0530, Mayuresh Kathe wrote:

> okay, i finally got myself a low end machine at an affordable price.
> http://hpshopping.in/HP_18-5019il_All-in-One_Desktop_PC
> 
> the problems started after unpacking the machine.
> 
> netbsd 6.1.4 (amd64) install cd just won't boot.
> after fiddling around with the bios (which looks like uefi), it booted, but 
> refused to install, after some more coaxing moved till the "newfs" execution 
> phase and then barfed.
> 
> i tested with a bunch of other operating systems (ubuntu 14.04 and omnios), 
> which it install and boot up like a charm.
> 
> at the moment, have upgraded the memory to 4gb, and run netbsd 6.1.4 via 
> virtual box under ubuntu (desktop) 14.04, but the resource consumption is 
> crazy, i can't even fire up firefox while running netbsd in that mode.
> 
> any ideas about how i could make netbsd work on bare metal?
> or should i simply upgrade the memory to a total of 8gb (which is going to be 
> quite difficult a proposition at the moment)?

Have you disabled Secure Boot?

-- 
Gerard Lally

Re: Can I use a native Linux installation as DomU?

2014-08-24 Thread Gerard Lally

At date and time Sun, 24 Aug 2014 18:39:05 +0530, Mayuresh wrote:

> I am running NetBSD 6.1 i386, XEN3 DOM0, xentools 41.
> 
> I have a Fedora 17 installation on a separate partition. Currently I can
> dual boot into either of the OSes.
> 
> I am trying to run Fedora 17 as DomU on NetBSD Dom0.
> 
> Firstly, is it a terrible idea - particularly if I need to continue to use
> the Fedora 17 installation natively as well?

No, not a terrible idea at all. I did this some years ago with Slackware.
Quite straightforward, even though I was new to Slackware and NetBSD at
the time. When you are in bare-metal Fedora make sure disk mounts are
specified with UUID rather than /dev, so that the mounts are correct for
both bare-metal and domU.

Just run blkid to get a mapping of UUID to /dev

Then replace /dev/sdaXXX with the corresponding UUID in /etc/fstab.

For example, replace this:

/dev/sda1  /  ext3  defaults  1  2

with this:

UUID=41c22818-fbad-4da6-8196-c816df0b7aa8  /  ext3  defaults 1 2

Perhaps Fedora already specifies mounts this way; Slackware doesn't.

I also found it easier to set up if I used LVM. Another thing you should
do while in bare-metal Fedora is set up SSH, VNC and/or XDMCP, so that
you will be able to log into Fedora when it's running as a domU.

-- 
Gerard Lally

Re: Recent video-related commits: summary wanted

2014-08-21 Thread Gerard Lally

At date and time Mon, 18 Aug 2014 08:39:22 -0600, Roy Bixler wrote:

> On Sat, Aug 16, 2014 at 09:30:50PM +0100, Gerard Lally wrote:
> > There have been many video-related commits to the source tree recently,
> > which I am doing my best to understand. Radeon, nouveau, drm, kms, and
> > the like. It would be nice if someone would summarise what is happening
> > and what difference it makes, and whether NetBSD 7 will benefit. A
> > question I have for starters: do these changes bring native X up to date
> > in -7, and if so would there be any compelling reason to choose modular
> > X instead?
> 
> Whether NetBSD 7 benefits is on the eye of the beholder, but I believe
> the basic purpose of these commits is to import code from the Linux
> Direct Rendering Manager subsystem.  This is the part of the kernel
> that interfaces with the Graphics Processing Unit of the system.  The
> idea is to put the system into graphics mode at bootup, eliminating
> the classic "text mode".  In a sense, text mode still exists from what
> I've seen of Linux systems, which generally use the DRM subsystem to
> change fonts to different sizes.  The X Server's operation becomes
> more seamless.
>
> I don't think I've seen the full benefit of this code yet, since the
> system I've installed NetBSD 7 on has an NVidia card and it doesn't
> seem that Nouveau is active by default.  I will be interested to see
> how it works.  If it's like my expreience in Linux, then it will work
> fairly well and actually be more stable than the proprietary NVidia
> driver.  The disadvantage is that it doesn't support as many NVidia
> cards or, for the cards it does support, it may not support all of the
> features of those cards.  I also found that suspend/resume worked
> better with the NVidia driver than with the Nouveau driver.

Thanks for the information Roy. I'm probably slow to understand this but
is this DRM a supplement to the {nvidia,nouveau,radeon} driver or a
replacement for it? It seems to me from what you say in the first
paragraph its scope is quite narrow, affecting only bootup, but then in
your second paragraph it seems to be a replacement for the driver - you
hope it is "more stable than the proprietary NVidia driver".

-- 
Gerard Lally

Recent video-related commits: summary wanted

2014-08-16 Thread Gerard Lally

There have been many video-related commits to the source tree recently,
which I am doing my best to understand. Radeon, nouveau, drm, kms, and
the like. It would be nice if someone would summarise what is happening
and what difference it makes, and whether NetBSD 7 will benefit. A
question I have for starters: do these changes bring native X up to date
in -7, and if so would there be any compelling reason to choose modular
X instead?

-- 
Gerard Lally

Re: Reliable way to run emulated Linux under NetBSD

2014-08-14 Thread Gerard Lally

At date and time Thu, 14 Aug 2014 19:16:15 +0200, Kamil Rytarowski wrote:

> Hello,
> 
> So nobody actually uses qemu?
> I will give a try to XEN.
> 
> Thanks,

I think Xen is a better choice myself. I tested it a couple of years
ago and found it stable and fast. I had the following domUs running
under a NetBSD dom0:

NetBSD (x3) -- paravirtualised
Slackware (x1) -- paravirtualised
Windows 2008 (x1) -- HVM
Windows XP (x1) -- HVM

The Slackware domU was very interesting. I'll try to explain from
memory, but it's been a while so I don't have all the details. I do have
notes but they're not accessible to me right now. If you get stuck i'll
dig them out and see if they help.

What I did was to install NetBSD first, using just 5 or 10 GB of the
disk, and then set up Xen. I then installed Slackware on the remainder
of the disk, making sure to install Lilo to /boot, not MBR. I installed
Slackware on Logical Volumes (LVM) - lvm-root, lvm-home, etc. I compiled
a new kernel and initrd in Slackware with Xen support (leaving out all
hardware and other options not relevant to a Xen domU), and I copied
this kernel and the initrd to NetBSD's / . I did not delete the old
kernel, but left it as the first option for Lilo. I aslo configured the
NetBSD bootloader to boot into Slackware, using the fdisk -b option.

I then made sure to configure /etc/fstab in Slackware with blkid
references, to ensure Slackware would be able to boot as a domU and as
a physical machine. Another thing I did was to set up Slackware with a
VNC server and also XDMCP. I also set up NFS to share files between the
dom0 and domU.

After all this I was able to return to NetBSD and configure a domU for
Slackware, running in paravirtualised mode (PV is lightning fast). To
access the Slackware domU from the dom0 I used either VNC or XDMCP.
Both of these were fast; the only thing I couldn't configure at the time
was audio. But the icing on the cake for me was also being able to boot
into the same Slackware as a physical machine, by using the first kernel.
So I had a physical Linux setup dual-booting with NetBSD which also
served as a domU inside NetBSD's Xen! To my mind this was incredible.

I fully intend to replicate this setup as my day-to-day working setup
when NetBSD 7 is released. I've learnt a lot about NetBSD since that I
didn't know then. I recommend NetBSD Xen highly: you have all the
benefits of NetBSD and with a paravirtualised Linux domU you also have
the benefit of a very fast Linux setup. And if you do what I did, you
can also dual-boot into this Linux setup whenver you want, if there is
something you find you can't do while it is running under Xen as a domU.

Hope this helps.

-- 
Gerard Lally

Re: NPF not loading and starting at boot

2014-08-12 Thread Gerard Lally

At date and time Tue, 12 Aug 2014 15:14:05 -0500, J. Lewis Muir wrote:

> On 8/10/14, 4:11 PM, J. Lewis Muir wrote:
> > Hello.
> >
> > I'm running amd64 NetBSD 6.1.4 (GENERIC) in a Red Hat KVM (RHEL 6.4.0
> > PC) virtual machine.  I have configured NPF to load and start at boot
> > by adding "npf=YES" to /etc/rc.conf.  However, after booting, NPF is
> > not running:
> >
> > ===
> > # npfctl show
> > Filtering:  inactive
> > Configuration:  empty
> > ===
> >
> > Starting it by hand using the rc.d system works fine:
> >
> > ===
> > # /etc/rc.d/npf start
> > Enabling NPF.
> > ===
> 
> I investigated some more.  I looked at /etc/rc and discovered that
> /var/run/rc.log contains a log of the rc.d system start-up.  I checked
> it, and it contains:
> 
> ===
> [running /etc/rc.d/npf]
> Enabling NPF.
> ===
> 
> So, it looks like it's starting NPF OK.  To further check this, I added
> the following to the end of /etc/rc.local:
> 
> ===
> /sbin/npfctl show > /tmp/rc.local-npfctl-show.txt 2>&1
> ===
> 
> And after booting, that file in /tmp contains what I would expect as
> if everything was OK at that point in the boot (which I understand is
> fairly late in the start-up):
> 
> ===
> # head -n 2 /tmp/rc.local-npfctl-show.txt
> Filtering:  active
> Configuration:  loaded
> ===
> 
> But again, when I log into the machine via SSH after it boots and run
> "npfctl show", somehow NPF is off and the configuration is empty:
> 
> ===
> # npfctl show
> Filtering:  inactive
> Configuration:  empty
> ===
> 
> So, NPF is ending up turned off with an empty configuration between when
> /etc/rc.local ran and when the rc.d system start-up finished.
> 
> Any ideas on what is causing this?
> 
> Thanks!
> 
> Lewis

As a complete newcomer to npf I'm not sure if this is helpful, but here
goes anyway: do you have logging turned on in your npf.conf, and if so,
have you created the interface npflog0?

-- 
Gerard Lally

Re: Veriexec - automatic notification of mismatch?

2014-07-08 Thread Gerard Lally

At date and time Mon, 7 Jul 2014 10:51:48 +0200, Martin Husemann wrote:

> On Mon, Jul 07, 2014 at 05:25:59AM +0100, Gerard Lally wrote:
> > Without checking /var/log/messages manually, how would I go about
> > triggering an instant notification if a file or files monitored by
> > veriexec had changed?
> 
> I suppose you could set up a program specification in syslog.conf
> and send mail or text yourself. A simple script reading one line and
> echoing it to mail should do.

Thank you Martin. I am studying syslog.conf now.

-- 
Gerard Lally

Veriexec - automatic notification of mismatch?

2014-07-06 Thread Gerard Lally

I've set up veriexec to monitor a data directory (>20GB) containing
documents, pictures, music, and other personal files. I've tested
veriexec at Strict level 1 and it is working as expected. The reason
I'm doing this is to see whether or not veriexec can be used to monitor
a data directory for silent bitrot or file corruption.

Without checking /var/log/messages manually, how would I go about
triggering an instant notification if a file or files monitored by
veriexec had changed? A cron job doesn't seem the right way to do this.
Is there some other blindingly obvious way of doing this which has
sailed right over my head?

;)

-- 
Gerard Lally

Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.

2014-06-21 Thread Gerard Lally

At date and time Thu, 19 Jun 2014 21:51:12 -0400, Greg Troxel wrote:

> 
> Gerard Lally  writes:
> 
> > 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page
> > leave me less than 100% confident.
> 
> On NetBSD 6, I would say yes.  Even on 5, I think so.   I am not really
> clear on booting from GPT, but for other than the boot/root fs it should
> be fine.  I have multiple systems with gpt disks and no issues.
> 
> > 2) As I understand it the NetBSD FFS filesystem is capable of growing
> > to 8 zettabytes, but MBR partitioning combined with traditional
> > disklabels meant we were restricted to 2 (or 4) TB partitions in
> > practice. Am I right in saying that GPT and wedges remove this
> > restriction, and we can now create partitions and filesystems greater
> > than 4TB?
> 
> I think disklabels are limited to 2TB; I'm not sure if it's the whole
> disk or per partition.  (Maybe that's 4TB.)  That is correct - GPT does
> not have a 2TB limit.

That's great. It will be a while before I get >2TB disks for my data but
I'm glad the restrictions won't be there when I do.

> > 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify
> > /dev/dk0, /dev/dk1, etc.
> >
> > This is not a big deal but it leaves me wondering how NAME=xxx in fstab
> > is supposed to work. Does it work with GPT labels instead?
> 
> My impression is that NAME matched the gpt label, so you could mount a
> disk with label foo on /volumes/foo repeatedly.
> 
> > 4) To get the sector offsets and sizes right I first created a
> > traditional MBR + disklabel setup, sizing partitions in MB and taking
> > note of the sector offsets and sector sizes this produced. I started at
> > 2048. After destroying the MBR + disklabel setup I then used this
> > information to create GPT partitions. I assume this is a safe way to do
> > it? I am not really familiar with partition alignment, and even less so
> > since the new disks came out.
> 
> In the modern world, disks don't really have consistent geometries.   So
> the big alignment issue is to make sure that you line up on physical
> blocks, which are often 4K (on disks 2T and greater, or maybe 1T or
> greater).  And, there is some threat of larger physical sizes later.
> 
> So, two recommendations are:
> 
>   start the first partition at some multiple of 64 (because it's a
>   multiple of any sane near-term size).
> 
>   start the first partition at 1 MB (2048 * 512 sectors), which is an
>   even rounder number, and is still a negligible space waste.  (This
>   really surprised me when I did the math; I remember using 2.5 MB
>   disks.)
> 
> Whatever you do - don't start things at sector 34, which is the start of
> available space.  Here's "gpt show" from a 1T disk I have in use.  Note
> that I didn't worry about the exact size being round.
> 
>startsize  index  contents
>0   1 PMBR
>1   1 Pri GPT header
>2  32 Pri GPT table
>   34  30 
>   64  1953525071  1  GPT part - NetBSD FFSv1/FFSv2
>   1953525135  32 Sec GPT table
>   1953525167   1 Sec GPT header
> 
> 
> So I really don't see why you are making disklabels and then
> transferring numbers.  Just make all the start and size values a
> multiple of 2048 sectors, for some size that's round in binary, or close
> to what you want.  Or live on the edge at 64 like I did (I'm kidding; I
> don't think there's anything wrong with 64).

Well I did it that way because I hadn't really looked into sizing
partitions by sector before, but when you mentioned it I went off and
learned how to do it, using basic maths. Very straightforward actually.
Thanks!

> If you find the man pages saying things  that are wrong, feel free to
> send a patch fixing it.

Yes I would like to start contributing back to NetBSD, but it will be
mostly documentation (English and Philosophy were my subjects).

-- 
Gerard Lally

Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.

2014-06-21 Thread Gerard Lally

At date and time Fri, 20 Jun 2014 12:10:18 +0700, Robert Elz wrote:

> Date:Fri, 20 Jun 2014 01:20:03 +0100
> From:    Gerard Lally 
> Message-ID:  <20140620012000.2c49.280fc...@netmail.ie>
>  | 
>   | 1) Is it safe to use GPT on NetBSD?
> 
> Yes, though it is a little tricky to get boot from gpt to work properly
> (you might have fluked onto the technique for that, unless it has been
> recently fixed, you need to first make a bootable MBR, then convert to
> to GPT, and not try to simply do the GPT boot process on a virgin disk).
> (No need for the MBR partitions and GPT ones to be related at all, it is
> the MBR init, which becomes PMBR init, that is important here).

Luckily enough I came upon the instructions below, and booting worked
for me without issue:

http://wiki.netbsd.org/users/jakllsch/gptboot/

>   | 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify
>   | /dev/dk0, /dev/dk1, etc.
>   | dk names also do not persist across reboots. For example, if I create a
>   | wedge as follows the dk_swap name reverts to dk1 after rebooting.
> 
> That stuff really doesn't work in NetBSD 6, you need a -current
> kernel (or something from the past 6-9 months on the current stream)
> to get this functioning the way it should.  It would be nice for all
> the wedge labeling, and auto-discovery, to get pulled up...

Yes, that seems to be the consensus here. It's no big deal, although it
will be useful to have in 7.

>   | dkctl wd0 addwedge dk_swap 64 2097152 swap
>   | 
>   | This is not a big deal but it leaves me wondering how NAME=xxx in fstab
>   | is supposed to work. Does it work with GPT labels instead?
> 
> Yes, the GPT label is the name value.  But the label in addwedge is the
> same thing, but I think only applied n ram, not written back to the filesys
> (not sure about that, but it certainly gave me some weirdness when I
> started).
> 
>   | 4) To get the sector offsets and sizes right I first created a
>   | traditional MBR + disklabel setup, sizing partitions in MB and taking
>   | note of the sector offsets and sector sizes this produced. I started at
>   | 2048.
> 
> Sounds OK.
> 
>   | After destroying the MBR + disklabel setup I then used this
>   | information to create GPT partitions. I assume this is a safe way to do
>   | it?
> 
> Safe, if a little over cautious.
> 
>   | I am not really familiar with partition alignment, and even less so
>   | since the new disks came out.
> 
> As Greg said, just avoid splitting things so that one write requires
> a read/modify/write on the drive (so your writes should be whole drive
> sectors).  For some big drives that's 2K or 4K, so everything (even
> perhaps filesys fragment size) should be multiples of that.
> 
> Most important is to forget that the magic number "63" (or anything like
> it) ever existed...
> 
> I'll append a script I use to make GPT partitions and do most of the
> rest of the work (it uses NAME=... entries in data it adds to fstab if
> fstab already contains any of those, otherwise not - so if they're to
> work, you need to add one NAME= entry manually.)

A useful script to have. Many thanks. (Aside: are you the same Robert
Elz who was involved from the outset in FFS? Just by coincidence I was
reading an article from the 80s the other day which mentioned the name
in connection with FFS. Very interesting to have all these venerable
hackers around if so!)

-- 
Gerard Lally

Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.

2014-06-21 Thread Gerard Lally

At date and time Fri, 20 Jun 2014 18:54:03 +0930, Brett Lymn wrote:

> On Fri, Jun 20, 2014 at 01:20:03AM +0100, Gerard Lally wrote:
> > 
> > 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page
> > leave me less than 100% confident.
> 
> Yes.  I am using GPT on my laptop in a multiboot netbsd/linux/win8 set
> up.  It takes some care to set up but works fine.  I do intend to write
> up what I have done when I have some time.

Please do, and let us know when you do.

-- 
Gerard Lally

Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.

2014-06-21 Thread Gerard Lally

At date and time Fri, 20 Jun 2014 09:22:14 -0700, Jeff Rizzo wrote:

> On 6/19/14, 5:20 PM, Gerard Lally wrote:
> >
> > 3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify
> > /dev/dk0, /dev/dk1, etc.
> > dk names also do not persist across reboots. For example, if I create a
> > wedge as follows the dk_swap name reverts to dk1 after rebooting.
> >
> > dkctl wd0 addwedge dk_swap 64 2097152 swap
> >
> > This is not a big deal but it leaves me wondering how NAME=xxx in fstab
> > is supposed to work. Does it work with GPT labels instead?
> 
> The NAME= stuff is in NetBSD-current but not -6, so it will first appear in 
> NetBSD 7.0.

Thanks for the info.

-- 
Gerard Lally

GPT questions - gpt reliability, wedge naming, and filesystem scaling.

2014-06-19 Thread Gerard Lally

As an experiment I installed NetBSD 6 in a virtual machine to try and
figure out GPT partitions and wedges. The experiment went well, and I
learned for the first time how to install NetBSD by dropping to a shell
from sysinst and running setup from the shell. As always Pierre-Philipp
Braun was a great help.

I have some questions. Answers to one or more of these questions are
most welcome.

1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page
leave me less than 100% confident.

2) As I understand it the NetBSD FFS filesystem is capable of growing
to 8 zettabytes, but MBR partitioning combined with traditional
disklabels meant we were restricted to 2 (or 4) TB partitions in
practice. Am I right in saying that GPT and wedges remove this
restriction, and we can now create partitions and filesystems greater
than 4TB?

3) Using "NAME=dk0" in /etc/fstab didn't work for me; I had to specify
/dev/dk0, /dev/dk1, etc.
dk names also do not persist across reboots. For example, if I create a
wedge as follows the dk_swap name reverts to dk1 after rebooting.

dkctl wd0 addwedge dk_swap 64 2097152 swap

This is not a big deal but it leaves me wondering how NAME=xxx in fstab
is supposed to work. Does it work with GPT labels instead?

4) To get the sector offsets and sizes right I first created a
traditional MBR + disklabel setup, sizing partitions in MB and taking
note of the sector offsets and sector sizes this produced. I started at
2048. After destroying the MBR + disklabel setup I then used this
information to create GPT partitions. I assume this is a safe way to do
it? I am not really familiar with partition alignment, and even less so
since the new disks came out.

-- 
Gerard Lally

Re: openbsd -> netbsd : same yet feels different ...

2014-06-18 Thread Gerard Lally

At date and time Wed, 18 Jun 2014 07:39:59 +0300, Terho Uotila wrote:

> On Wed, 18 Jun 2014 00:06:12 +0100
> Gerard Lally wrote:
> 
> > guide. Indeed I am still not 100% clear about it. It's also difficult
> > to get mk.conf working so that GNU and Perl and Sourceforge software
> > is pulled from a local mirror. No matter what I try to get it pulled
> > from HEAnet in Dublin most of it still seems to come from Vienna!
> > 
> 
> Have you tried setting MASTER_SORT in /etc/mk.conf?
> (see /usr/pkgsrc/mk/defaults/mk.conf)
> 
> Sites seem to be listed in /usr/pkgsrc/mk/fetch/sites.mk, and most do
> not have irish mirror listed, maybe you also need to add
> MASTER_SITE_XXX+= ftp://your.nearest.mirror to /etc/mk.conf
> 
> (I haven't tried these, but they don't seem unreasonable ideas to try.)

Yes I tried it with .ie first in MASTER_SORT but it didn't seem to make
any difference. I then disabled MASTER_RANDOM_SORT and then added the
following at the bottom of mk.conf:

MASTER_SITE_GNU=ftp://ftp.heanet.ie/pub/gnu/
MASTER_SITE_SOURCEFORGE=ftp://ftp.heanet.ie/mirrors/sourceforge/

This seems to have fixed it for me so far. I'll now try Irish mirrors
for Perl. Many thanks!

-- 
Gerard Lally

naviserver on NetBSD: is Linux emulation possible?

2014-06-17 Thread Gerard Lally

Hi,

naviserver is a fork of AOLserver, which is a high-performing web server
based on Tcl.

http://en.wikipedia.org/wiki/NaviServer

I am interested in naviserver because I am learning Tcl, and I would
like to see how far I can go developing web applications in Tcl without
using the standard Apache-MySQL-PHP stack.

However, I have been unable to install naviserver from source on NetBSD
6 or current. I do not have the errors at hand but as far as I remember
they related to pthreads. There is no pkgsrc entry available.

Could naviserver perhaps run under Linux emulation in NetBSD? I have
never tried Linux emulation. I can build naviserver on Slackware. I
don't think there would be too many libraries to carry over. I'd like
to know if it's possible and relatively straightforward before I invest
too much time in it.

-- 
Gerard Lally

Re: openbsd -> netbsd : same yet feels different ...

2014-06-17 Thread Gerard Lally

At date and time Tue, 17 Jun 2014 13:43:05 +, Mayuresh Kathe wrote:

> hello,
> 
> it's been 3 days since i took advice from "aaron b" and migrated
> to netbsd from openbsd.
> 
> i won't go overboard and say that i'm an instant fan-boy, but
> frankly, the system feels the same, yet quite different.
> 
> for one, the responsiveness while using the operating system is
> much better than under openbsd (or even freebsd).
> secondly, the community (mailing list) isn't grumpy. :)
> 
> i migrated primarily because of the upcoming support for "lua"
> throughout the operating system, hope it materializes.
> 
> what else could someone who's not so much into system setup and
> administration, nor into systems programming do with netbsd?
> ah yes, i am not much of a 'gui' user, so will be working at the
> console, primarily, but would be nice to know if there's anyone
> here using or carrying over 'cwm' from openbsd, it's kinda nice.

I too moved from OpenBSD to NetBSD. (For 20+ years before that I was an
illiterate product of the Irish education system, knowing and caring for
nothing other than Microsoft Windows.) I liked and still like OpenBSD:
their pf packet filter with queueing integrated; their work on OpenSSH;
and their commitment to security. But a couple of things nagged me. One
was the recommendation not to install from source. The other was the
outright refusal to countenance OpenBSD as a host for virtual machines.
When I discovered NetBSD it was like a breath of fresh air. The whole
system has a feel to it that is just right. And NetBSD has Xen! pkgsrc
has "just-in-time" su! NetBSD has veriexec! LVM and npf have arrived!
NetBSD 7 will have ipfilter 5, which can block based on domain names!

Honestly, to my mind NetBSD feels like a beautifully engineered system,
much more than any other system I have tried. I am not a programmer or
a professional sysadmin. I understand every system has its flaws, and I
certainly have encountered them along the way in NetBSD. Things I'd
love to see in NetBSD: Dragonfly BSD's Hammer; a more complete wiki,
which supersedes all the conflicting and out-of-date documentation out
there.

I would also like to see a *step-by-step* guide to pkgsrc on NetBSD. The
pkgsrc guide falls short of giving this. For example, it makes the
assumption we know where mk.conf is, and where it should go, and what
adjustments we need to make to the file before we start using pkgsrc.
It took me a long time to understand the difference between "just-in-time"
su and compiling an unprivileged build: this will seem ridiculously
obvious to those in the know but to absolute beginners it is thoroughly
confusing and there is no clear explanation in the guide. Indeed I am
still not 100% clear about it. It's also difficult to get mk.conf
working so that GNU and Perl and Sourceforge software is pulled from a
local mirror. No matter what I try to get it pulled from HEAnet in
Dublin most of it still seems to come from Vienna!

These criticisms aside, NetBSD remains for me the gold standard in
operating system design and behaviour. The NetBSD developers and users
here are patient and friendly. They don't tolerate anything less than
excellence, and they are patient. Too patient sometimes! I am dying to
see 7 branched! But at least their conservatism means we will never see
any of the brain-dead rubbish that has infested Linux make its way into
NetBSD.

-- 
Gerard Lally

Re: Good supported wireless card for laptop

2014-06-10 Thread Gerard Lally

At date and time Sun, 08 Jun 2014 22:20:15 -0500, Jimmie Houchin wrote:

> What are some well supported wireless 802.11n or ac cards for laptops?
> I have not been able to get NetBSD to successfully use my wireless card Intel 
> 1030N.

Hi,

if you are happy with a USB-connected wireless-G adapter the D-Link
DWL-G122 is a stable performer on NetBSD. As far as I remember revisions B1
and C1 had different chipsets but they both worked well for me on NetBSD
6.

http://tinyurl.com/l2deg2e

-- 
Gerard Lally

Re: How to install rxvt-unicode-256color termcap entry on machine without X

2014-05-31 Thread Gerard Lally

At date and time Sat, 31 May 2014 15:53:46 +0100, Gerard Lally wrote:

> At date and time Sat, 31 May 2014 11:40:14 +0930, Brett Lymn wrote:
> 
> > On Fri, May 30, 2014 at 10:42:04PM +0100, atomicules wrote:
> > > On 30-May-2014 14:31:11, Gerard Lally wrote:
> > > >I copied this terminfo source file to my home directory in NetBSD and
> > > >ran tic on it:
> > > >
> > > >tic -s rxvt-unicode-256color.terminfo.
> > > >
> > > >This created a .terminfo directory in HOME, and a subdirectory r with a
> > > >single file in r called rxvt-unicode-256color. No cdb extension in other
> > > >words.
> > > 
> > > I'm stumped and confused. I don't understand how NetBSD could do that 
> > > (not create a database file; a file with the .cdb extension). 
> > > According to the man page for tic:
> > > 
> > > >DESCRIPTION
> > > >The tic utility compiles terminfo(5) source into a database for use 
> > > > by
> > > >other programs.  The created database path name is the same as the 
> > > >source
> > > >but with .cdb appended.
> > > 
> > > The .terminfo directory and subdirecotry you describe is what I see on 
> > > Arch
> > > Linux, but not NetBSD.
> > 
> > Make sure you run the right tic - if you have ncurses installed due to
> > some package dependency you may be accidentally running the ncurses tic
> > which will produce the wrong results, try using /usr/bin/tic and see
> > what happens.  This catches me out from time to time.
> 
> Well I finally found a way around it, although it feels like a kludge,
> but it's working now. There is only one tic by the way, in /usr/bin/tic.
> 
> I'll give a summary in case someone else stumbles over this issue.
> 
> Three machines:
> 
> remote= remote NetBSD without X11 (and therefore without rxvt-unicode)
> local = local X11 client with rxvt-unicode terminal installed
> (Slackware)
> vm= temporary local NetBSD virtual machine with X11 and rxvt-unicode
> installed
> 
> I installed NetBSD 6.1.4 with X11 on $vm, and installed rxvt-unicode on
> that machine. Running "make install" created three files in the
> doc/etc/ subdirectory of the working source directory. These three files
> were:
> 
>   rxvt-unicode.terminfo
>   rxvt-unicode.termcap
>   rxvt-unicode.terminfo.cdb.
> 
> I copied these files to $HOME on $remote, and logged in to $remote from
> $local. Once again I ran tic on $remote:
> 
>   $ tic -s rxvt-unicode.terminfo
> 
> But once again this failed to create a file with extension .cdb,
> although it did report successfully adding 2 entries to the database,
> creating ~/.terminfo and ~/.terminfo/r/, together with the two files
> rxvt-unicode and rxvt-unicode-256color in ~/.terminfo/r/.
> 
> Once again "top" reported an error: "no termcap entry for
> rxvt-unicode-256color."
> 
> Now this is where I returned to the tic(1) and terminfo(5) man pages on
> $remote, but to my mind they are not clear here. terminfo(5) specifies
> the file $HOME/.terminfo.cdb as the database which contains terminal
> descriptions for personal use, but tic(1) doesn't seem to care, just
> saying that "the created database path name is the same as the source
> but with .cdb appended." I take that to mean "tic -s rxvt-unicode.terminfo"
> should produce a file named rxvt-unicode.terminfo.cdb in $HOME. Needless
> to say it doesn't.
> 
> At this point I took terminfo(5) literally and created $HOME/.terminfo.cdb
> by renaming the rxvt-unicode.terminfo.cdb file I had copied from $vm.
> Lo and behold that solved the problem straight away! "top" was happy,
> although "tput" complained about an unknown terminal but I solved this
> by logging in as root and running "tic -s /home/gerard/rxvt-unicode.terminfo",
> which created these two files:
> 
>   /usr/share/terminfo/r/rxvt-unicode.terminfo
>   /usr/share/terminfo/r/rxvt-unicode.terminfo-256color
> 
Correction: it created two files as follows:

>   /usr/share/terminfo/r/rxvt-unicode
>   /usr/share/terminfo/r/rxvt-unicode-256color

-- 
Gerard Lally

Re: How to install rxvt-unicode-256color termcap entry on machine without X

2014-05-31 Thread Gerard Lally

At date and time Sat, 31 May 2014 11:40:14 +0930, Brett Lymn wrote:

> On Fri, May 30, 2014 at 10:42:04PM +0100, atomicules wrote:
> > On 30-May-2014 14:31:11, Gerard Lally wrote:
> > >I copied this terminfo source file to my home directory in NetBSD and
> > >ran tic on it:
> > >
> > >tic -s rxvt-unicode-256color.terminfo.
> > >
> > >This created a .terminfo directory in HOME, and a subdirectory r with a
> > >single file in r called rxvt-unicode-256color. No cdb extension in other
> > >words.
> > 
> > I'm stumped and confused. I don't understand how NetBSD could do that 
> > (not create a database file; a file with the .cdb extension). 
> > According to the man page for tic:
> > 
> > >DESCRIPTION
> > >The tic utility compiles terminfo(5) source into a database for use by
> > >other programs.  The created database path name is the same as the 
> > >source
> > >but with .cdb appended.
> > 
> > The .terminfo directory and subdirecotry you describe is what I see on Arch
> > Linux, but not NetBSD.
> 
> Make sure you run the right tic - if you have ncurses installed due to
> some package dependency you may be accidentally running the ncurses tic
> which will produce the wrong results, try using /usr/bin/tic and see
> what happens.  This catches me out from time to time.

Well I finally found a way around it, although it feels like a kludge,
but it's working now. There is only one tic by the way, in /usr/bin/tic.

I'll give a summary in case someone else stumbles over this issue.

Three machines:

remote  = remote NetBSD without X11 (and therefore without rxvt-unicode)
local   = local X11 client with rxvt-unicode terminal installed
(Slackware)
vm  = temporary local NetBSD virtual machine with X11 and rxvt-unicode
installed

I installed NetBSD 6.1.4 with X11 on $vm, and installed rxvt-unicode on
that machine. Running "make install" created three files in the
doc/etc/ subdirectory of the working source directory. These three files
were:

rxvt-unicode.terminfo
rxvt-unicode.termcap
rxvt-unicode.terminfo.cdb.

I copied these files to $HOME on $remote, and logged in to $remote from
$local. Once again I ran tic on $remote:

$ tic -s rxvt-unicode.terminfo

But once again this failed to create a file with extension .cdb,
although it did report successfully adding 2 entries to the database,
creating ~/.terminfo and ~/.terminfo/r/, together with the two files
rxvt-unicode and rxvt-unicode-256color in ~/.terminfo/r/.

Once again "top" reported an error: "no termcap entry for
rxvt-unicode-256color."

Now this is where I returned to the tic(1) and terminfo(5) man pages on
$remote, but to my mind they are not clear here. terminfo(5) specifies
the file $HOME/.terminfo.cdb as the database which contains terminal
descriptions for personal use, but tic(1) doesn't seem to care, just
saying that "the created database path name is the same as the source
but with .cdb appended." I take that to mean "tic -s rxvt-unicode.terminfo"
should produce a file named rxvt-unicode.terminfo.cdb in $HOME. Needless
to say it doesn't.

At this point I took terminfo(5) literally and created $HOME/.terminfo.cdb
by renaming the rxvt-unicode.terminfo.cdb file I had copied from $vm.
Lo and behold that solved the problem straight away! "top" was happy,
although "tput" complained about an unknown terminal but I solved this
by logging in as root and running "tic -s /home/gerard/rxvt-unicode.terminfo",
which created these two files:

/usr/share/terminfo/r/rxvt-unicode.terminfo
/usr/share/terminfo/r/rxvt-unicode.terminfo-256color

Now tput was happy as well. Problem solved, in a most convoluted way!
I'm sure there must be an easier and less stressful way to solve this
but I don't have the knowledge or time to go into it too deeply. All I
want is a good terminal that works!

Thanks to you and atomicule for the help.

-- 
Gerard Lally

Re[2]: How to install rxvt-unicode-256color termcap entry on machine without X

2014-05-30 Thread Gerard Lally

Date:Thu, 29 May 2014 23:48:03 +0100
From:atomicules 

|>  Hi Gerard,
|>  
|>  On 29-May-2014 15:17:31, Gerard Lally wrote:
|>  >Is there a way of installing
|>  >the terminfo or termcap entry for this terminal in the database?
|>  
|>  Not that I know of. I.e. I couldn't figure out a way to append to
|>  the database:
|>  http://atomicules.co.uk/2014/03/26/NetBSD-Terminfo.html
|>  
|>  But... you can create a ~/.terminfo.cdb file that contains the
|>  necessary info for the user of interest.
|>  
|>  >I tried the command below, as recommended on the urxvt website, but I
|>  >still get an error:
|>  >
|>  >REMOTE=myremoteserver.domain
|>  >infocmp rxvt-unicode | ssh $REMOTE "mkdir -p .terminfo && cat >/tmp/ti
|>  >&& tic /tmp/ti"
|>  
|>  I imagine this wants to be something like:
|>  
|>  infocmp rxvt-unicode | ssh $REMOTE "cat >~/.terminfo && tic
|>  ~/.terminfo"
|>  
|>  (Must be someway to get rid of cat from there?)

Hi again, and thanks for your help. I spent some time trying this and
got no further. Pulling my hair out at this stage.

First of all I created a terminfo source file on the Slackware machine
with rxvt-unicode-256color installed:

infocmp -I rxvt-unicode-256color > rxvt-unicode-256color.terminfo

I copied this terminfo source file to my home directory in NetBSD and
ran tic on it:

tic -s rxvt-unicode-256color.terminfo.

This created a .terminfo directory in HOME, and a subdirectory r with a
single file in r called rxvt-unicode-256color. No cdb extension in other
words. But running tic on the source file seems to succeed: it reports
that it added 1 entry to the database.

When I connect to NetBSD using rxvt-unicode-256color (whose TERM
variable is rxvt-unicode-256color) I still get an error running top to
the effect that there is no termcap entry for rxvt-unicode-256color.

Very frustrating.

-- 
Gerard Lally

How to install rxvt-unicode-256color termcap entry on machine without X

2014-05-29 Thread Gerard Lally

Hi,

I am trying to access a NetBSD 6.1.4 amd64 machine from a Slackware
machine, using the rxvt-unicode terminal, compiled with 256-color
support. I do not have X installed on the NetBSD machine, and I would
prefer to do without it if at all possible. Is there a way of installing
the terminfo or termcap entry for this terminal in the database?

I tried the command below, as recommended on the urxvt website, but I
still get an error:

REMOTE=myremoteserver.domain
infocmp rxvt-unicode | ssh $REMOTE "mkdir -p .terminfo && cat >/tmp/ti
&& tic /tmp/ti"

When running top I get the following error:

"top: no termcap entry for a `rxvt-unicode-256color' terminal"

-- 
Gerard Lally

Re: spurious reboot

2013-11-28 Thread Gerard Lally

On Thu, 28 Nov 2013 21:06:36 +0100
m...@netbsd.org (Emmanuel Dreyfus) wrote:
> Manuel Bouyer  wrote:
> 
> > Yes, but depending on the hardware and BIOS, I can immagine that only 2GB 
> > can
> > be below the 2^32 limit, and the remaming above (eventually well above).
> > Splitting at 3Gb is more annoying, hardware-wise, than at 2Gb.
> 
> I wondered if it could be related with the i386 kernel being unstable on
> that machine.

Is the BIOS up-to-date?

Re: net/aget : project contacts not reachable?

2013-06-04 Thread Gerard Lally

On Tue, 4 Jun 2013 22:26:03 +0530
Mayuresh  wrote:
> On Tue, Jun 04, 2013 at 06:42:12PM +0200, Alistair Crooks wrote:
> > I don't see any updates to the package (beyond ones dealing with
> > pkgsrc infrastructure) since its import:
> > 
> > so maybe things have just moved on for them?
> 
> Looks like ... thanks for the findings.
> 
> Anyway, the tool is really nice and I hope it remains in pkgsrc.
> 
> Do not know how this thought sounds, but is it possible to use download
> accelerators (like aget) for distfile downloads in pkgsrc (of course not
> by default.) Since I got to know about aget, I break my pkgsrc builds when
> it is downloading and manually download from the same URL using aget.
> Often it speeds up the things.
> 
> (Of course it won't benefit cases where distfile download already consumes
> your internet connection's bandwidth fully.)

You could also consider the following alternatives, which are
maintained: aria2; curl; wget.

-- 
Gerard Lally

Re: pf question

2013-05-18 Thread Gerard Lally

On Sat, 18 May 2013 13:42:47 +0200
Konrad Neuwirth  wrote:
> Hello, 
> 
> we are currently struggling with a pf configuration that we can't
> seem to get working. 
> 
> Basically, the challenge is that we have a NetBSD system acting as a
> router for a largish network. Said system has two upstream nodes
> ('default routes') that apply, depending on the ip address that we
> use. Basically, we have one broadband connection that should be used
> for most every (outgoing) traffic. The exception is that the second
> upstream handles a subnet that we have here, and all traffic to and
> from those addresses should, of course, be going over that second
> link. 
> 
> What we've done is added the broadband as the default route, and then
> had a pf rule to the effect of: 
> 
> pass out route-to ($ext_if_dsl $dsl_gw) proto tcp \
>   from $fixed_ip to any
> 
> But this does not work -- the packets just do not go out over the
> appropriate interface. Connecting to something on one of those IP
> numbers just … has a connection that times out. 
> 
> What am I missing? What do we need to do? 

I haven't tried this yet with NetBSD but this is how I did something
similar when I used OpenBSD. The OpenBSD version I used was 5.0. Bear
in mind that there were substantial changes to PF syntax around OpenBSD
version 4.7, and as far as I know the NetBSD pf syntax corresponds with
the older versions. The "route-to" option is certainly different, but
perhaps you will still find this reply helpful.

My situation differs from yours in that I had just one internal subnet
and two WAN providers, and all I needed to do on the second WAN link
was to connect from a single LAN host to a single remote host for a
scheduled FTP download.

First of all I defined the default gateway in OpenBSD's /etc/mygate as
usual. Then I added the second gateway to /etc/rc.local

# 123.123.456.xxx is remote FTP server which can be accessed only
# through second upstream provider
# 123.456.789.xxx is second WAN gw
#
route add -host 123.123.456.xxx 123.456.789.xxx


In pf.conf I had the following (irrelevant parts snipped):

# network interfaces

if_wan1 = "fxp0"
if_wan2 = "xl0"
if_lan = "xl1"
if_lo = "lo0"

# gateways
gw_wan1 = "xxx.xxx.xxx.113"
gw_wan2 = "123.456.789.xxx"

# networks
net_lan = "192.168.1.0/24"

# hosts
remote_ftp_host = "123.123.456.xxx"

...

# scrubbing
match on $if_wan1 scrub (random-id reassemble tcp max-mss 1440)
match on $if_wan2 scrub (random-id reassemble tcp max-mss 1440)

# nat
match out on $if_wan1 from $net_lan to any \
nat-to ($if_wan1) port 1024:65535
match out on $if_wan2 from $net_lan to any \
nat-to ($if_wan2) port 1024:65535 

...

# filtering
pass out
pass in on $if_lan
pass in on $if_lan inet proto tcp from any to $remote_ftp_host \
port ftp route-to ($if_wan2 $gw_wan2)

-- 
Gerard Lally

Re: Status of nyftp.netbsd.org

2013-04-23 Thread Gerard Lally

On Tue, 23 Apr 2013 17:15:47 + (UTC)
chris...@astron.com (Christos Zoulas) wrote:
> In article <20130423132208.faab.26074...@netmail.ie>,
> Gerard Lally   wrote:
> >This server has been down for quite a long time. Perhaps advance notice
> >was given and I missed it?
> 
> Bad memory configuration. Should be replaced tomorrow.

Thank you.

-- 
Gerard Lally

Status of nyftp.netbsd.org

2013-04-23 Thread Gerard Lally

This server has been down for quite a long time. Perhaps advance notice
was given and I missed it?
-- 
Gerard Lally

59 matches

Mail list logo