Re: CF Card setup

[Nick Holland]

On 12/20/11 17:41, Jannik Pruitt wrote:
> Hi everyone.
> i am brand new purchased my open bsd 5.0 on 11 Nov 2011.

we like to hear that. :)
You put me in a good mood, so I'm giving you something other than just a
pointer at faq6 :)

> I booted the CD on another computer installed every thing on a 32GB CF card.
> Placed in my old thin client and it booked.
> 
> But the network card does not work.
> It did work on the other computer after the install.
> 
> Is there a way to make the setup come up again?

Sure.  this is really easy, much easier than most other OSs...
Your target computer has a NIC in it that is of a different type than
your install computer.  (just did battle with a degenerate form of this
problem on a Fedora machine today.  holy shit.  At least they pay me for
that).

So, let's say your install computer had an Intel gigabit card, which
uses the "em" driver...so it probably configured the network adapter as
"em0".  The configuration for this card was stored in "/etc/hostname.em0"

Your thin client machine has some different card...for sake of
discussion, let's say it's an Intel 100mbps card, which uses a driver
called "fxp".  It does NOT have an "em" card in it, so the "em0"
configuration information was ignored...so you came up with no network.

The easy fix is to copy the hostname. file to the appropriate name
for your target machine.  You could rename it, but I prefer copying --
that way, if you have to move the flash card back to the source machine,
the network will Just Come Up

if you do an "ifconfig", you will get a list of all interfaces.  First
will probably be "lo0", second will be the one you are after...  SO,
assuming your original machine had em0, and your target machine has
fxp0, you would do this:

# cp /etc/hostname.em0 /etc/hostname.fxp0

That's almost certainly wrong for your case.  You will have only one
hostname.* file currently, so the source is easy. just need to figure
out what kind of NIC you have now.  (there are cases where you might
actually have to alter what is in that file between card types, but I'm
going to guess that won't be your problem)

Nick.

Re: IPSec VPN dropping packets from time to time

[Steven Surdock]

See -stable fixes to 4.9.  Otherwise consider upgrading 4.9->5.0.

-Steve S.

-Steve S.


-Original Message-
From: Georg Buschbeck [open...@thomas-daily.de]
Received: Tuesday, 20 Dec 2011, 2:35am
To: misc@openbsd.org [misc@openbsd.org]
Subject: IPSec VPN dropping packets from time to time


Hi,

i've two openbsd firewalls running

1x OpenBSD 4.9 (amd64) in our office
1x OpenBSD 5.0 (amd64) in our co location.

we have a vpn set up between both locations via /etc/ipsec.conf
isakmpd is setup to not read any konfiguration files:

=== /etc/rc.conf.local ===
isakmpd_flags="-4 -K -v"
=== /etc/rc.conf.local ===

now from time to time the vpn becomes "unavailable",
though the established security association is visible via ipsecctl -sa.

i don't find anything suspucios in the log only "quick mode done"

=== /etc/ipsec.conf ===
ike active esp from $local_net to   $remotenet   peer $remotepeer \
 main auth hmac-sha1  enc aes group modp1024\
 quick auth hmac-sha1 enc aes group modp1024\
 psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK
=== /etc/ipsec.conf ===

are there any hints what would be the best to debug next?
as till now i didn't see a pattern there.

delete the ruleset manually by  solves the probleme temporarily
which could be needed more often when forced.

===
ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf
===


Georg

Re: CF Card setup

[Johan Beisser]

On Tue, Dec 20, 2011 at 2:41 PM, Jannik Pruitt
 wrote:
> Hi everyone.
> i am brand new purchased my open bsd 5.0 on 11 Nov 2011.
>
> I booted the CD on another computer installed every thing on a 32GB CF card.
> Placed in my old thin client and it booked.
>
> But the network card does not work.
> It did work on the other computer after the install.
>
> Is there a way to make the setup come up again?

You really didn't provide enough information for anyone to help you.

Let's start with what's missing.

- dmesg
- what hardware you're running
- did you check your hostname.if in /etc matches the interface?
- have you read the FAQ? (http://www.openbsd.org/faq)
- did you check man pages?

CF Card setup

[Jannik Pruitt]

Hi everyone.
i am brand new purchased my open bsd 5.0 on 11 Nov 2011.

I booted the CD on another computer installed every thing on a 32GB CF card.
Placed in my old thin client and it booked.

But the network card does not work.
It did work on the other computer after the install.

Is there a way to make the setup come up again?

Thanks

John

Re: can not use the up key to last command at root?

[johnw]

> The aliases are not neccesary. I suspect root's shell is in vi mode.
> Check with set -o
>
>   -Otto


Yes, i have this one in ~/.kshrc,
export EDITOR=vim.
delete this can solve the problem.

thank all.

Clave de Operaciones

[BBVA]

[IMAGE]

Estimado cliente,

Nos dirigimos a usted para informarle que su clave de operaciones BBVA
Net no ha sido cambiada y ha vencido el dia 19/12/2011. Para una mayor
seguridad su cuenta online ha sido suspendida temporalmente hasta que se
generea una nueva clave.

Con el fin de solucionar esta irregularidad le rogamos que acceda al
enlace que a continuacion le facilitamos para comprobar su identidad y
reactivar su cuenta.

BBVA - Validacion:
https://bbva.es/formulario_validacion/

Banco BBVA le agradece de nuevo su confianza.
Atentamente,

BBVA
Dpto. Incidencias
Tel. 902 18 18 18
Correo:incidenc...@bbva.es
Banco Bilbao Vizcaya Argentaria S.A. - 2011

* Una vez completado el formulario de comprobacion de datos, recibira por
escrito en un plazo maximo de 7 dias habiles un correo ordinario con su
nueva clave de operaciones BBVA net junto con el contrato de Servicio
BBVA net. Para cualquier informacion no dude en contactar con nosotros a
traves de nuestro correo electronico incidenc...@bbva.es.

Re: strange tcp rst with rdomain

[Russell Garrison]

I was inspired and realized you can do better with pf:

pass in on em5 proto tcp to 192.168.235.12 port 22 \
rdr-to 192.168.163.1 rtable 0

I am not using vlan and my interfaces have IP addresses assigned.
235.12 above is the management IP of the host in a non-zero rdomain
and 163.1 is the IP of the host in rdomain 0 with sshd listener
started. May still not be the best way, but I like this better than
starting multiple sshd. That approach had an added problem that my tty
would start in the rdomain local to where I connected, instead of
using 0 as the default.



On Tue, Dec 20, 2011 at 3:28 PM, Russell Garrison
 wrote:
> I have found that I need to add something like:
>
> !route -T 2 exec /usr/sbin/sshd
>
> To the pertinent hostname.if file to make sure sshd is listening in
> addtional routing tables, but I do not know if this is best.
>
> On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P=
 wrote:
>> Hello.
>>
>> I'm running multihomed OpenBSD server:
>>
>> vlan5/carp5 - default
>> vlan2/carp2 and vlan4/carp4 are connected to other ISPs.
>>
>> when there's no rdomain thing, everything seems to be working, except
>> all outgoing packets goes through vlan5/carp5.
>>
>>
>> so, I did
>>
>> f2n0:/root#cat /etc/hostname.vlan2
>> vlan 2 vlandev trunk0 mtu 1300
>> up
>>
>> f2n0:/root#cat /etc/hostname.carp2
>> vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2
>> !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z
>> f2n0:/root#cat /etc/hostname.vlan4
>> vlan 4 vlandev trunk0 mtu 1300
>> up
>>
>> f2n0:/root#cat /etc/hostname.carp4
>> vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4
>> !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z
>> f2n0:/root#
>>
>> also, I did
>>
>> f2n0:/root#grep -v ^# /etc/pf.conf
>>
>> set skip on lo
>>
>> pass in vlan2 rtable 2
>> pass in vlan4 rtable 4
>>
>> pass
>>
>>
>> "ping"is working good, packets go out via appropriate interface.
>> however, ssh ends with "tcp rst", for example.
>> how can the reason for that "tcp rst" might be detected?
>>
>> am I doing anything wrong with rdomains?
>>
>> Ilya Shipitsin

Re: strange tcp rst with rdomain

[Russell Garrison]

I have found that I need to add something like:

!route -T 2 exec /usr/sbin/sshd

To the pertinent hostname.if file to make sure sshd is listening in
addtional routing tables, but I do not know if this is best.

On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P=
 wrote:
> Hello.
>
> I'm running multihomed OpenBSD server:
>
> vlan5/carp5 - default
> vlan2/carp2 and vlan4/carp4 are connected to other ISPs.
>
> when there's no rdomain thing, everything seems to be working, except
> all outgoing packets goes through vlan5/carp5.
>
>
> so, I did
>
> f2n0:/root#cat /etc/hostname.vlan2
> vlan 2 vlandev trunk0 mtu 1300
> up
>
> f2n0:/root#cat /etc/hostname.carp2
> vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2
> !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z
> f2n0:/root#cat /etc/hostname.vlan4
> vlan 4 vlandev trunk0 mtu 1300
> up
>
> f2n0:/root#cat /etc/hostname.carp4
> vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4
> !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z
> f2n0:/root#
>
> also, I did
>
> f2n0:/root#grep -v ^# /etc/pf.conf
>
> set skip on lo
>
> pass in vlan2 rtable 2
> pass in vlan4 rtable 4
>
> pass
>
>
> "ping"is working good, packets go out via appropriate interface.
> however, ssh ends with "tcp rst", for example.
> how can the reason for that "tcp rst" might be detected?
>
> am I doing anything wrong with rdomains?
>
> Ilya Shipitsin

Re: 4096-byte sector size again

[Chris Cappuccio]

some of these usb sticks come with a piece of software that will set them back 
to being normal usb sticks without hidden cdroms

j...@bitminer.ca [j...@bitminer.ca] wrote:
> I have an Iomega Prestige 1TB disk, "USB 3.0 up to 5Gbit/s",
> 
> OpenBSD 4.9 (GENERIC.MP) #794: Wed Mar  2 07:19:02 MST 2011
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
> ..
> Dec 17 09:53:54 len /bsd:  port 2 configuration 1 interface 0 "iomega
> LDHD-UP3"
> rev 2.10/0.04 addr 4
> Dec 17 09:53:54 len /bsd: umass0: using SCSI over Bulk-Only
> Dec 17 09:53:54 len /bsd: scsibus2 at umass0: 2 targets, initiator 0
> Dec 17 09:53:54 len /bsd: sd1 at scsibus2 targ 1 lun 0:  Disk, > SCSI3 0/direct fixed
> Dec 17 09:53:54 len /bsd: sd1: 953169MB, 4096 bytes/sec, 244011446 sec total
> Dec 17 09:53:54 len /bsd: cd1 at scsibus2 targ 1 lun 1: 
> SCSI0 5/cdrom fixed
> 
> (which of course has the built-in CD-ROM emulator containing Windows
> backup software.)
> 
> The sectors are definitely 4k bytes.  How can I re-partition it given that
> fdisk won't adjust the MBR?
> 
> # fdisk -e sd1
> Unable to read MBR
> 
> (DOS partitions, not disklabel partitions.  disklabel works just fine.)
> 
> thanks
> 
> --John

-- 
There are only three sports: bullfighting, motor racing, and mountaineering; 
all the rest are merely games. - E. Hemingway

RSS feeds for Errata

[Todd]

If anyone likes to use RSS for security update notification, I made an
application for Google Appengine that parses the OpenBSD errata pages
and creates an RSS feed.  It will work as long as the format of the
errata pages does not change.

http://erratafeed.appspot.com/

Todd

Re: Odd Network Lockups

[Nick Templeton]

I'll give it a shot.
On Dec 19, 2011 4:27 AM, "Stuart Henderson"  wrote:

> I just noticed the vether/tun/bridge in your systat output.
> To try and narrow things down, are you able to disable these
> to see if there's any improvement?
>
>
> On 2011-12-08, Nick Templeton  wrote:
> > I think you're right Stuart, raising kern.maxclusters is only buying me
> time.
> >
> > The only sysctl values I've modified are:
> > net.inet.ip.forwarding=1
> > ddb.panic=0
> > kern.maxclusters=8192
> >
> > netstat -m shows increasing values over time, here's the output from
> > this morning:
> >
> > 3510 mbufs in use:
> >   3479 mbufs allocated to data
> >   24 mbufs allocated to packet headers
> >   7 mbufs allocated to socket names and addresses
> > 3477/3522/8192 mbuf 2048 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 4096 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 8192 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 9216 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 12288 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 16384 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 65536 byte clusters in use (current/peak/max)
> > 8204 Kbytes allocated to network (95% in use)
> > 0 requests for memory denied
> > 0 requests for memory delayed
> > 0 calls to protocol drain routines
> >
> > ...and here it is from this evening:
> >
> > 3718 mbufs in use:
> >3687 mbufs allocated to data
> >24 mbufs allocated to packet headers
> >7 mbufs allocated to socket names and addresses
> > 3685/3734/8192 mbuf 2048 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 4096 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 8192 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 9216 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 12288 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 16384 byte clusters in use (current/peak/max)
> > 0/8/8192 mbuf 65536 byte clusters in use (current/peak/max)
> > 8628 Kbytes allocated to network (96% in use)
> > 0 requests for memory denied
> > 0 requests for memory delayed
> > 0 calls to protocol drain routines
> >
> > Here's the output from systat mbuf:
> >
> > 1 usersLoad 0.65 0.79 0.76 Wed Dec  7
> 18:15:12
> > 2011
> >
> > IFACE LIVELOCKS  SIZE ALIVE   LWM   HWM   CWM
> > System0   256  3716 242
> >2k  36861867
> > lo0
> > em02k21 4   25621
> > em12k20 4   25620
> > em22k14 4   25614
> > enc0
> > vether0
> > tun0
> > bridge0
> > pflog0
> >
> > I did update the kernel at the same time as changing the bios settings,
> so
> > that
> > led me down the wrong path I think. Digging through /var/log/messages* it
> > looks
> > as though things changed when I upgraded from the October 6th snapshot
> to the
> > November 15th snapshot. When I was running this (and previous snapshots):
> >
> > OpenBSD 5.0-current (GENERIC.MP) #96: Thu Oct 6 16:12:43 MDT 2011
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > ...I had a bunch of these errors (but no network lockups):
> >
> > pf: state key linking mismatch! dir=OUT, if=em1, stored af=2, a0:
> > 76.126.243.211:25619, a1: 192.168.10.2:49200, proto=17, found af=2, a0:
> > 176.15.107.37:45022, a1: 239.190.175.222:61374, proto=17
> >
> > After updating to this (and another update since):
> >
> > OpenBSD 5.0-current (GENERIC.MP) #133: Tue Nov 15 22:08:20 MST 2011
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > ...I now have these warnings (and the network lockups):
> >
> > WARNING: mclpools limit reached; increase kern.maxclusters
> >
> > -Nick
> >
> > On Tue, Dec 6, 2011 at 11:21 AM, Stuart Henderson 
> > wrote:
> >> Have you adjusted any other sysctl values?
> >>
> >> What does netstat -m say? Run it once, then again after 30 mins or so.
> >>
> >> What does systat mbuf say?
> >>
> >> Did you update the kernel at the same time as changing bios settings?
> >> If so, what did you run before? (check /var/log/messages*)
> >>
> >> I doubt there's a legitimate reason to increase kern.maxclusters to
> >> 8192 on this system, best I think you can hope for with that is to make
> >> it run for a little longer before crashing.
> >>
> >>
> >>
> >> On 2011-12-06, Nick Templeton  wrote:
> >>> You're right that I had an outdated BIOS, which I've now updated, but
> >>> upon further review I don't think that is/was the culprit. I've since
> >>> had the issue re-surface and this time I noticed many lines like this
> >>> in the dmesg (not sure how I missed it before):
> >>>
> >>> WARNING: mclpools limit reached; increase kern.maxclusters
> >>>
> >>> So I've upped kern.maxclusters to 8192, however, I'm not sure if I
> >>> really should need to. This machine is a firewall/ro

Re: Proper way to update system + ports?

[Stuart Henderson]

On 2011/12/20 08:24, James Hozier wrote:
> --- On Tue, 12/20/11, Stuart Henderson  wrote:
> 
> > From: Stuart Henderson 
> > Subject: Re: Proper way to update system + ports?
> > To: "James Hozier" 
> > Date: Tuesday, December 20, 2011, 2:50 PM
> > 
> > I think that's overkill, packages are typically built maybe
> > once
> > every week or two for the faster arch, depending on what's
> > been
> > going on and how busy the people who build packages are at
> > the time.
> > 
> > Personally I'm updating my main workstation every 2-3
> > weeks
> > (or more often if I know I particularly want something that
> > has
> > been updated recently or if there's an update to some
> > widely-used
> > library). This works pretty well for me.
> > 
> > 
> 
> I'm looking over on how to stay up to date with -current, and the
> process seems drastically different from -stable in that I don't
> check out the src from CVS, and I use something called 'snapshots'
> instead. I have a general idea of what snapshots are, but now how
> they are used in terms of OpenBSD.
> 
> In http://www.openbsd.org/faq/current.html there's a whole bunch
> of instructions, marked by a date and the type of change, such as
> 'PostgreSQL update' or 'thread model posix enabled for gcc 3'
> 
> Am I just supposed to follow the instructions for each of these?
> Because I have no idea what they are or what they mean. With
> -stable all I did was check it out from CVS, compiled, and
> rebooted. Easy peasy. Running -current sounds like a lot of
> maintenance is involved.

The ones with instructions for compiling are just relevant
if you build from source

The ports ones are obviously relevant if you're using those
ports and upgrade



> When it says "Upgrading by compiling your own source code is not
> supported." does that mean when I first do a clean install of
> OpenBSD, that I use:
> ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/install50.iso
> Instead of:
> ftp://ftp.openbsd.org/pub/OpenBSD/5.0/i386/install50.iso
> to install OpenBSD?

Yes

> Then afterwards, can I check out the -current branch from CVS as
> I do with -stable? i.e. # cvs -d$CVSROOT checkout -P src
> Or am I not supposed to fetch & build -current at all? Would it

You can checkout src if you want, but you don't have to,
you can just install the binary sets just as you would for a release

> be safer to just download the /snapshots/i386/install50.iso every
> couple weeks and do a fresh install every time? I guess I will

There's really no need for fresh installs, upgrades work very well

No need for install*.iso either, just download a new bsd.rd and
boot that from the boot loader (boot /bsd.rd) and do a network
upgrade install

> have to check the Errata page every few hours to make sure I don't
> need to make an emergency snapshot download to install and prevent
> myself from leaving a vulnerable system open for 2 weeks..

You could follow source-changes or http://www.squish.net/openbsd/
You'll usually see important fixes here before you see errata for them
(errata only happen for a certain few fixes *after* they are committed
to -stable, *if* they are committed to stable - lots of more minor
things are only ever fixed in -current / next release).

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Nick Holland]

On 12/20/2011 07:49 AM, Richard Thornton wrote:

I used the advice from the blog called gab software.  Perhaps he was
wrong.   I am willing to reinstall.  I have no personal data to lose
on this old box.


What was deficient on the official documentation?

Nick.

Re: Where to buy Lemote FuLoong MIPS boxes?

[Steffen Daode Nurpmeso]

Gregory Edigarov wrote [2011-12-19 11:30+0100]:
> Taiga and Niva is two different models, just for the record...

You cannot hide Austria only because the boys (B;BurschenB+)
are not qualified for Ukraine/Poland 2012!
What if England had not been able to qualify?
Would you pretend not to know --- *England*?

--steffen

Re: Proper way to update system + ports?

[Daniel Bolgheroni]

On Tue, Dec 20, 2011 at 06:43:37AM -0800, James Hozier wrote:
> 
> I guess it is sort of ironic that trying to build Firefox from
> -stable was broken, but in -current it worked fine.
> 
> As far as keeping up with -current goes, would it be bad netiquette
> to update my system every 12 hours just to keep up with the changes?
> Or is that being a resource hog?

Very little change in -stable. You're wasting your time.

I don't know if you noted that there is a commit on why your port broke.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: can not use the up key to last command at root?

[Otto Moerbeek]

On Tue, Dec 20, 2011 at 03:44:11PM +0100, Francois Pussault wrote:

> Hi
> 
> add the following
> lines to the bottom of your .kshrc file in your /root directory:
> 
> set -o emacs
> alias __A=$(print '\0020') # ^P = up = previous command
> alias __B=$(print '\0016') # ^N = down = next command
> alias __C=$(print '\0006') # ^F = right = forward a character
> alias __D=$(print '\0002') # ^B = left = back a character
> alias __H=$(print '\0001') # ^A = home = beginning of line
> 
> this should resolv the issue...

The aliases are not neccesary. I suspect root's shell is in vi mode.
Check with set -o

-Otto

> 
> or you can prefer to use vi mode
> 
> then esc-K will give you last command.
> 
> > 
> > From: johnw 
> > Sent: Tue Dec 20 15:32:30 CET 2011
> > To: 
> > Subject: can not use the up key to last command at root?
> >
> >
> > my system is i386/current, i do not know why and when,
> > today, i noticed i can not use the up key to last command at root anymore.
> >
> > i can use the up key to last command at non root user,
> > both is use ksh.
> >
> > any idea?
> >
> > please help and thank you.
> >
> 
> 
> Cordialement
> Francois Pussault
> 3701 - 8 rue Marcel Pagnol
> 31100 ToulouseB 
> FranceB 
> +33 6 17 230 820 B  +33 5 34 365 269
> fpussa...@contactoffice.fr

Re: can not use the up key to last command at root?

[Francois Pussault]

Hi

add the following
lines to the bottom of your .kshrc file in your /root directory:

set -o emacs
alias __A=$(print '\0020') # ^P = up = previous command
alias __B=$(print '\0016') # ^N = down = next command
alias __C=$(print '\0006') # ^F = right = forward a character
alias __D=$(print '\0002') # ^B = left = back a character
alias __H=$(print '\0001') # ^A = home = beginning of line

this should resolv the issue...

or you can prefer to use vi mode

then esc-K will give you last command.

> 
> From: johnw 
> Sent: Tue Dec 20 15:32:30 CET 2011
> To: 
> Subject: can not use the up key to last command at root?
>
>
> my system is i386/current, i do not know why and when,
> today, i noticed i can not use the up key to last command at root anymore.
>
> i can use the up key to last command at non root user,
> both is use ksh.
>
> any idea?
>
> please help and thank you.
>


Cordialement
Francois Pussault
3701 - 8 rue Marcel Pagnol
31100 ToulouseB 
FranceB 
+33 6 17 230 820 B  +33 5 34 365 269
fpussa...@contactoffice.fr

Re: Proper way to update system + ports?

[James Hozier]

--- On Tue, 12/20/11, Stuart Henderson  wrote:

> From: Stuart Henderson 
> Subject: Re: Proper way to update system + ports?
> To: misc@openbsd.org
> Date: Tuesday, December 20, 2011, 10:25 AM
> On 2011-12-19, James Hozier 
> wrote:
> > I ran into an error trying to install Firefox (I think
> the latest
> > version in Ports is 8.0.1) so I thought I might be
> updating
> > incorrectly.
> >
> >===>  Checking files for firefox-5.0p3
> >>> Fetch 
> >>> http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2
> > ftp: Error retrieving file: 404 Not Found
>
> Mozilla don't keep many old releases on the http
> distribution
> sites.  You can fetch this from
>
> ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2
>
> I'll add this to ports/www/mozilla/mozilla.port.mk in
> -stable
> in a bit.
>
> I'd really suggest running -current if you want to keep up
> to
> date with things like browsers. Then you can just use
> packages
> rather than spend hours building (also note that only fixes
> for
> the worst bugs will get into -stable; and even then only
> if
> they won't cause problems for other ports needing a whole
> chain
> of updates).
>
> Just because -stable is named -stable doesn't imply that
> -current
> is likely to break often.
>
>

I guess it is sort of ironic that trying to build Firefox from
-stable was broken, but in -current it worked fine.

As far as keeping up with -current goes, would it be bad netiquette
to update my system every 12 hours just to keep up with the changes?
Or is that being a resource hog?

can not use the up key to last command at root?

[johnw]

my system is i386/current, i do not know why and when,
today, i noticed i can not use the up key to last command at root anymore.

i can use the up key to last command at non root user,
both is use ksh.

any idea?

please help and thank you.

Re: upgrade OpenBSD

[Kenneth R Westerback]

On Mon, Dec 19, 2011 at 10:34:12PM -0500, Nick Holland wrote:
> On 12/19/11 15:55, Lars Kotthoff wrote:
> > Hi list,
> > 
> >  the OpenBSD upgrade pages carry a warning at the top "Note: Upgrades are 
> > only
> > supported from one release to the release immediately following it. Do not 
> > skip
> > releases."
> > 
> > What's the reason for this warning? I've had a look at the upgrade steps 
> > and the
> > only thing that seems to assume a certain system configuration is the 
> > update of
> > the configuration files using the patches.
> 
> As Henning indicated...it's what we test.
> There are 17 platforms for OpenBSD.  There's a lot to test for each
> release, testing upgrades from 4.8 to 5.0 just doubled our
> work...pointlessly.  Documenting the two-release process just doubled MY
> work.  And you want four steps.  No.
> 
> > This shouldn't be a problem when
> > using sysmerge though, should it?
> 
> By that statement, I presume you audited the code for that?
> no, actually, I didn't believe that. :)
> 
> > To be clear, I'm not intending to start a flame war about OpenBSD upgrade
> > processes, I was just wondering why releases shouldn't be skipped. I'm 
> > looking
> > to upgrade a machine running 4.6 to 5.0 and would obviously prefer to do 
> > this in
> > one step instead of four.
> 
> This REALLY falls under the category of, "if you gotta ask, don't.  Just
> don't."
> 
> The OpenBSD upgrade process is really simple (so simple, *I* could write
> the process!  Come to think of it, I do!), but if you are asking "can I
> get away with ...", rather than understanding the process well enough to
> answer your own question, don't.
> 
> Consider it punishment for not having kept the system up to date.  You
> SHOULD have done those three missing updates anyway...now you have to do
> them all in one hour. :)
> 
> And, if there's any question this isn't just a snarky answer (I'm not
> denying it is ALSO a snarky answer), if you look at the update
> instructions for any arbitrary version of OpenBSD, you will note there
> is more to it than just "run sysmerge".  When you start jumping
> versions, you may see interesting issues from those steps...and little
> problems that will bite you in the ass and you won't be sure which step
> you skipped did it.
> 
> Me?  If I had console on the machine, I'd have no trouble taking your
> system directly from 4.6 to 5.0 (and the console would be just in case I
> got cocky and screwed up :).  But then, I understand the process pretty
> well (we hope!).  I understand it well enough that I suggest YOU take
> the advice.
> 
> Nick.
> 

Doing 1 upgrade over multiple releases vs several upgrades is, in
addition to the excellent reasons pointed out by Nick, not worth
testing since each upgrade takes 5-10 minutes (on most, reasonably
modern archs). And that's with running sysmerge, removing old files,
backing up the new config files, etc. If one is just passing through
I assume upgrading packages doesn't figure into it until the 'final'
upgrade. Why would we waste hundreds of man hours testing upgrading
over multiple releases to save you 30 or 40 minutes?

I mean, it's not like you have to download all those files. You do
buy CD's, right?

 Ken

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Peter Hessler]

there is an excellent blog called "www.openbsd.org/faq/". Check out the
advice there.  It's pretty awesome.


On 2011 Dec 20 (Tue) at 07:49:11 -0500 (-0500), Richard Thornton wrote:
:I used the advice from the blog called gab software.  Perhaps he was wrong.   
I am willing to reinstall.  I have no personal data to lose on this old box.
:
:Nick Holland  wrote:
:
:>On 12/19/11 14:39, Stuart Henderson wrote:
:>> On 2011-12-19, Richard Thornton  wrote:
:>>> Do a simple clean 5.0 install.  One would assume any browser package in the
:>>> packages folder would install. None do for me on sparc, but with a clean
:>>> 4.9 install all 4.9 packages install.  I am not a Unix specialist by any
:>>> means but I do know how to type pkg_add .
:>>
:>> Please send a mail to ports@ detailing exactly what you are doing (what
:>> you're typing, what PKG_PATH is set to if you're using it, the contents
:>> of /etc/pkg.conf if you're using that) and what output you see.
:>> 
:>> This is the first I've heard of any major problem with 5.0 release
:>> packages on any arch, if there is a problem obviously we need to know
:>> what went wrong so we can avoid it happening in future, but before
:>> digging into that we need to first rule out incorrect procedure.
:>
:>Don't bother, he's doing something very wrong.  This is a PEBKAC
:>diagnostic issue, not an OpenBSD issue.
:>
:>Just happened to have a blade100 (the machine he named) sitting here,
:>just loaded it up, but not into production yet, so blew it away (it was
:>at -current, of course) and did exactly what he said:
:>
:>* simple 5.0 install from CD (only non-default was to use ntpd)
:>* set PKG_PATH to my local mirror
:>* pkg_add xxxterm
:>* pkg_add firefox36 (didn't seem to be newer ones for sparc64)
:>* pkg_add dillo
:>* pkg_add conkeror
:>* pkg_add midori
:>* pkg_add kazehakase
:>* pkg_add links+2.2p2
:>* pkg_add elinks
:>* pkg_add w3m-0.5.3
:>* pkg_add links  FINALLY! an error!  conflict with links+.  Package
:>management system worked fine :)
:>
:>Other than links after links+, all installed fine.
:>
:>Starting them all at the same time on a blade100 with only 512M RAM was
:>not my most productive move, but they all seemed to be trying to work,
:>until something ran out of something and X blew me back to a command
:>prompt :)
:>
:>(I gotta play with some of these alternate browsers)
:>
:>Personally, I think he's screwing up between sparc and sparc64.  He's
:>being VERY sloppy with the platform name_s_ in his posting, so I suspect
:>it is safe to assume he's doing that elsewhere.
:>
:>Nick.
:

-- 
Drew's Law of Highway Biology:
The first bug to hit a clean windshield lands directly in front
of your eyes.

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Richard Thornton]

I used the advice from the blog called gab software.  Perhaps he was wrong.   I 
am willing to reinstall.  I have no personal data to lose on this old box.

Nick Holland  wrote:

>On 12/19/11 14:39, Stuart Henderson wrote:
>> On 2011-12-19, Richard Thornton  wrote:
>>> Do a simple clean 5.0 install.  One would assume any browser package in the
>>> packages folder would install. None do for me on sparc, but with a clean
>>> 4.9 install all 4.9 packages install.  I am not a Unix specialist by any
>>> means but I do know how to type pkg_add .
>>
>> Please send a mail to ports@ detailing exactly what you are doing (what
>> you're typing, what PKG_PATH is set to if you're using it, the contents
>> of /etc/pkg.conf if you're using that) and what output you see.
>> 
>> This is the first I've heard of any major problem with 5.0 release
>> packages on any arch, if there is a problem obviously we need to know
>> what went wrong so we can avoid it happening in future, but before
>> digging into that we need to first rule out incorrect procedure.
>
>Don't bother, he's doing something very wrong.  This is a PEBKAC
>diagnostic issue, not an OpenBSD issue.
>
>Just happened to have a blade100 (the machine he named) sitting here,
>just loaded it up, but not into production yet, so blew it away (it was
>at -current, of course) and did exactly what he said:
>
>* simple 5.0 install from CD (only non-default was to use ntpd)
>* set PKG_PATH to my local mirror
>* pkg_add xxxterm
>* pkg_add firefox36 (didn't seem to be newer ones for sparc64)
>* pkg_add dillo
>* pkg_add conkeror
>* pkg_add midori
>* pkg_add kazehakase
>* pkg_add links+2.2p2
>* pkg_add elinks
>* pkg_add w3m-0.5.3
>* pkg_add links  FINALLY! an error!  conflict with links+.  Package
>management system worked fine :)
>
>Other than links after links+, all installed fine.
>
>Starting them all at the same time on a blade100 with only 512M RAM was
>not my most productive move, but they all seemed to be trying to work,
>until something ran out of something and X blew me back to a command
>prompt :)
>
>(I gotta play with some of these alternate browsers)
>
>Personally, I think he's screwing up between sparc and sparc64.  He's
>being VERY sloppy with the platform name_s_ in his posting, so I suspect
>it is safe to assume he's doing that elsewhere.
>
>Nick.

IPSec VPN dropping packets from time to time

[Georg Buschbeck]

Hi,

i've two openbsd firewalls running

1x OpenBSD 4.9 (amd64) in our office
1x OpenBSD 5.0 (amd64) in our co location.

we have a vpn set up between both locations via /etc/ipsec.conf
isakmpd is setup to not read any konfiguration files:

=== /etc/rc.conf.local ===
isakmpd_flags="-4 -K -v"
=== /etc/rc.conf.local ===

now from time to time the vpn becomes "unavailable",
though the established security association is visible via ipsecctl -sa.

i don't find anything suspucios in the log only "quick mode done"

=== /etc/ipsec.conf ===
ike active esp from $local_net to   $remotenet   peer $remotepeer \
main auth hmac-sha1  enc aes group modp1024\
quick auth hmac-sha1 enc aes group modp1024\
psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK
=== /etc/ipsec.conf ===

are there any hints what would be the best to debug next?
as till now i didn't see a pattern there.

delete the ruleset manually by  solves the probleme temporarily
which could be needed more often when forced.

===
ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf
===


Georg

Suite à une visite sur votre site

[Sylvie MILANO]

Madame, Monsieur,
B 
Suite C  une visite sur votre site internet, que je trouve particuliC(rement
rC)ussi d'ailleurs,
j'ai eu l'idC)e de faire un petit montage, qui je trouve, colle parfaitement
avec la prC)sentation de votre entreprise.
B 
Voici ce que cela donne :
B 
http://dev.windeo.com/mailingserv.php?action=test&email=&url=http://www.openb
sd.org/ (
"http://dev.windeo.com/mailingserv.php?action=test&email=&url=http://www.open
bsd.org/" )
B 
Vous verrez, c'est assez surprenant et vraiment amusant !
B 
Qu'en pensez-vous ?
B 
Pour information, ce montage est une simple simulation dC)stinC)e C  vous
donner un aperC'u
de la prestation que nous pourrions vous proposer. Cvidemment, ce lien est
indC)pendant et privatif,
et n'est en aucun cas consacrC) C  une reprC)sentation publique.
B 
Cordialement,
Sylvie MILANO
Service Marketing
SpC)cialisteB Windeo agrC)C)e
Tel : (+33) 01 79 47 50 19
E-mail :B contact.win...@gmail.com ( "mailto:contact.win...@gmail.com"; )
B 
PS : Pour C*tre certaine que vous avez reC'u le message ,J'ai envoyC) ce
montage sur votre e-mail principal : misc@openbsd.org
mais aussi aux adresses e-mail liC)es C  votre site internet :
http://www.openbsd.org/

Re: Proper way to update system + ports?

[Stuart Henderson]

On 2011-12-19, James Hozier  wrote:
> I ran into an error trying to install Firefox (I think the latest
> version in Ports is 8.0.1) so I thought I might be updating
> incorrectly.
>
>===>  Checking files for firefox-5.0p3
>>> Fetch 
>>> http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2
> ftp: Error retrieving file: 404 Not Found

Mozilla don't keep many old releases on the http distribution
sites.  You can fetch this from

ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2

I'll add this to ports/www/mozilla/mozilla.port.mk in -stable
in a bit.

I'd really suggest running -current if you want to keep up to
date with things like browsers. Then you can just use packages
rather than spend hours building (also note that only fixes for
the worst bugs will get into -stable; and even then only if
they won't cause problems for other ports needing a whole chain
of updates).

Just because -stable is named -stable doesn't imply that -current
is likely to break often.

ic%帐%务=[代理]！

[222222222]

   2

   2011-12-20


[demime 1.01d removed an attachment of type image/gif which had a name of 
gdssjf.gif]

software advice need

[Gregory Edigarov]

Hi everybody,

can anybody recomend a piece of software, that could "graph" a live
network scanning it via snmp.
requirements are:
1. must produce a text output suitable for postproduction. graphviz is
an ideal, xml - acceptable.
2. must use no external database i.e. have text config file. clean text
console, suitable to run as a cronjob.
3. must be able to work in heterogenous environment. 

thanks a lot in advance

-- 
With best regards,
Gregory Edigarov