Re: Flashboot for OpenBSD 5.1 is now available

[Johan Ryberg]

Yes.  I will fix this within the next 24 hours. I fully understand the
concerns and the reason.

Best regards Johan Ryberg
On May 8, 2012 4:25 AM, "Nick Holland"  wrote:

> On 05/07/12 00:52, Johan Ryberg wrote:
> > Hi.
> >
> > Not stupid at all.
> >
> > Flashboot is not intended to replace a standard OpenBSD installation and
> if
> > you want to use a normal installation on a USB stick then you are
> probably
> > best off with the installation process that you described.
> >
> > Flashboot is made for appliances with sd-card from 128 Mb (64 Mb with
> > little work). The entire file system is mounted as read only and the
> > sd-card will not wear out. The update process is also simplified since
> you
> > only has to replace the kernel (ramdisk with entire userlard) and you are
> > up and running a new version of OpenBSD in minutes.
> >
> > Later some new scripts has been added to simplify and the script that
> makes
> > a bootable usb image of the install51.iso is one example of that but that
> > is not the Flashboot core, just a little tool.
> >
> > Best regards Johan Ryberg
>
> Any possibility we could request that the project description make it
> more clear that this is NOT a mainstream, "here is how you should run
> OpenBSD from flash media" solution?  And hopefully, a "this is NOT
> supported by the OpenBSD project" notice, too?
>
> The problem is, a lot of people seem to find your project and decide,
> "oh, this is how I should run OpenBSD from flash media", and then force
> fit a Flashboot install into a "tiny" 2GB flash media, instead of just
> doing a normal install and getting a normal system.
>
> I'm not denying there are places where either tiny amounts of storage
> are available or where the ability to wack a power switch and have ZERO
> concern for file system integrity (or waiting for an fsck after such an
> event) are highly beneficial, but there are an awful lot of people who
> believe this is The Way Things Should Be Done, then shoot themselves in
> the foot because they have no idea what they are doing or how to support
> the thing they have made.  And then they run to the OpenBSD lists
> looking for support, confusing "based on OpenBSD" with "is OpenBSD".
>
> Nick.
>
> > On May 7, 2012 12:31 AM, "cody chandler" 
> wrote:
> >
> >> Hello,
> >>
> >> I have a possible stupid question.  How is the install hard if I simply
> >> direct the install drive to /dev/sd0?  I have a 32Gb usb stick and have
> >> 11Gigs for OBSD and the rest is fat32.  I'm not seeing how the default
> >> installer is lacking options for install.
> >>
> >> Thank you
> >> Cody
> >> On May 6, 2012 6:09 PM, "Johan Ryberg"  wrote:

Licitaciones Públicas para PEMEX

[Lic.Blanca Solis]

[IMAGE]
Pms de Mixico prestigiada firma de Capacitacisn presenta:
Licitaciones Pzblicas para PEMEX, CFE y Salud
Un programa diseqado para brindar soluciones contundentes a obstaculos
que se puedan enfrenta en sus procesos de Licitaciones.
28 de Mayo en Mixico D.F. !Reciba la informacisn completa de este
programa!

Por favor responda este e-mail con los datos siguientes y en breve
recibira temario del evento, reseqa del expositor y precio de Inversisn.

Empresa
Nombre
Telifono
Email
Nzmero de Interesados
Si lo prefiere comunmquese a los telifonos donde con gusto uno de
nuestros ejecutivos le atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas
Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la
STPS Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.Este Mensaje ha sido
enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un
usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJALICITACIONES

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJALICITACIONES
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
imagelicitaciones003.jpg]

Построение эффективной системы безопасности

[vadim]

Gdp`bqrbsire!
Ophck`x`el B`q m` naswemhe 16 l`. b c. Jheb, ask|b. Xebwemjn, 4 on opncp`lle
+OPNBEPJH ON-MNBNLS: J WELS CNRNBHR\Q_. G`yhr` hmrepeqnb opedophrh nr
opnrhbnop`bmni derek|mnqrh opedqr`bhrekei jnmrpnkhps~yhu h op`bnnup`mhrek|m{u
npc`mnb;.
Ok`mnb{e h bmeok`mnb{e opnbepjh opedophrhi Sjp`hm{: wrn r`jne m`kncnb`
opnbepj`, wel nrkhw`erq ok`mnb` h bmeok`mnb` opnbepj` m`kncnbni, j`jhe
opnbepjh qwhr`~rq meg`jnmm{lh, j`j w`qrn dek`~rq opnbepjh opedophrh h
w`qrmncn opedophmhl`rek, j`j ondcnrnbhr|q j opnbepjh q`mqr`mvhh (Q]Q),
onf`pm{u h dpschu m`ak~d`rek|m{u npc`mnb - nrber{ m` }rh h dpsche bnopnq{ n
opnbepj`u opedophrhi, lnfmn m`irh d`mmnl op`jrhjsle.

G`mrhe opnbndhr:
Jhqekeb ^phi ^p|ebhw - hgbeqrm{i op`jrhjs~yhi `dbnj`r, hle~yhi ank|xni no{r
p`anr{ b bnopnq`u bg`hlnnrmnxemhi q op`bnnup`mhrek|m{lh, jnmrpnkhps~yhlh h
dpschlh cnqsd`pqrbemm{lh npc`m`lh. Q`lnqrnrek|mni ~phdhweqjni op`jrhjni
g`mhl`erq ankee 10 ker.

M`xh jnmr`jr{: 38 (044) 237-90-05/233-46-69
NNN "Ahgmeq-Vemrp "M`vhnm`k|m{i"
Jheb 03187 `/ 93.
Ukraine

Re: ipsec.conf ,routers and endpoints - third try

[shadrock]

hi stuart
thanks for your answer and advice,
i am working on a modified ddns update script to signal a restart of 
isakmpd when the dynamic ip changes, will implement isakmpd else will 
follow your suggestion and use openvpn for my net to net link, i had 
already planned to use openvpn for my roadwarriors.

shadrock

Re: Flashboot for OpenBSD 5.1 is now available

[Nick Holland]

On 05/07/12 00:52, Johan Ryberg wrote:
> Hi.
> 
> Not stupid at all.
> 
> Flashboot is not intended to replace a standard OpenBSD installation and if
> you want to use a normal installation on a USB stick then you are probably
> best off with the installation process that you described.
> 
> Flashboot is made for appliances with sd-card from 128 Mb (64 Mb with
> little work). The entire file system is mounted as read only and the
> sd-card will not wear out. The update process is also simplified since you
> only has to replace the kernel (ramdisk with entire userlard) and you are
> up and running a new version of OpenBSD in minutes.
> 
> Later some new scripts has been added to simplify and the script that makes
> a bootable usb image of the install51.iso is one example of that but that
> is not the Flashboot core, just a little tool.
> 
> Best regards Johan Ryberg

Any possibility we could request that the project description make it
more clear that this is NOT a mainstream, "here is how you should run
OpenBSD from flash media" solution?  And hopefully, a "this is NOT
supported by the OpenBSD project" notice, too?

The problem is, a lot of people seem to find your project and decide,
"oh, this is how I should run OpenBSD from flash media", and then force
fit a Flashboot install into a "tiny" 2GB flash media, instead of just
doing a normal install and getting a normal system.

I'm not denying there are places where either tiny amounts of storage
are available or where the ability to wack a power switch and have ZERO
concern for file system integrity (or waiting for an fsck after such an
event) are highly beneficial, but there are an awful lot of people who
believe this is The Way Things Should Be Done, then shoot themselves in
the foot because they have no idea what they are doing or how to support
the thing they have made.  And then they run to the OpenBSD lists
looking for support, confusing "based on OpenBSD" with "is OpenBSD".

Nick.

> On May 7, 2012 12:31 AM, "cody chandler"  wrote:
> 
>> Hello,
>>
>> I have a possible stupid question.  How is the install hard if I simply
>> direct the install drive to /dev/sd0?  I have a 32Gb usb stick and have
>> 11Gigs for OBSD and the rest is fat32.  I'm not seeing how the default
>> installer is lacking options for install.
>>
>> Thank you
>> Cody
>> On May 6, 2012 6:09 PM, "Johan Ryberg"  wrote:

Re: NAT within VPN does not work (pf, isakmpd, rdomains)

[Bornkessel, Bernd [ICP DE - Schwalbach]]

Hi,

in the mean time I did a release upgrade to 5.1 which unfortunately did not
change anything (well, I didn't expect it to change anything as there is
nothing related in the release notes).

Coming back to VPN I'm stuck with another issue regarding NAT.

I've got the following pf ruleset:


match in on enc0 from 192.168.178.0/24 to 10.0.15.0/24 rdr-to 10.0.3.0/24
bitmask

match out on enc0 from 10.0.3.0/24 to 192.168.178.0/24 nat-to 10.0.15.0/24
bitmask static-port

pass in on em0 proto udp from 88.77.88.52 to 88.77.88.60 port {500 4500}

pass out on em0 proto udp from 88.77.88.60 to 88.77.88.52 port {500 4500}

pass in on em0 proto esp from 88.77.88.52 to 88.77.88.60

pass out on em0 proto esp from 88.77.88.60 to 88.77.88.52

pass in on enc0 proto ipencap from 88.77.88.52 to 88.77.88.60

pass in on enc0 from 192.168.178.0/24 to 10.0.3.0/24 rtable 2

pass out on em2 from 192.168.178.0/24 to 10.0.3.0/24

pass in on em2 from 10.0.3.0/24 to 192.168.178.0/24 rtable 0

pass out on enc0 from 10.0.15.0/24 to 192.168.178.0/24


And the following ipsec.conf:

ike esp from 10.0.15.0/24 (10.0.3.0/24) to 192.168.178.0/24 \
local 213.61.190.60 peer 213.61.190.52 \
main auth hmac-sha1 enc aes-256 group modp1024 \
quick auth hmac-sha1 enc aes-256 group none \
psk abctest


Conections in the direction to 192.168.178.0/24 are working as expected (with
Source NAT applied).

root@heimdalr:~# ping -c5 192.168.178.51 PING 192.168.178.51 (192.168.178.51)
56(84) bytes of data.
64 bytes from 192.168.178.51: icmp_req=1 ttl=126 time=3.57 ms
64 bytes from 192.168.178.51: icmp_req=2 ttl=126 time=2.16 ms
64 bytes from 192.168.178.51: icmp_req=3 ttl=126 time=3.91 ms
64 bytes from 192.168.178.51: icmp_req=4 ttl=126 time=2.21 ms
64 bytes from 192.168.178.51: icmp_req=5 ttl=126 time=2.17 ms

# tcpdump -nei em2 icmp
tcpdump: listening on em2, link-type EN10MB

22:21:29.526530 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)
22:21:29.528258 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF)
22:21:30.528943 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)
22:21:30.530913 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF)
22:21:34.462265 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)
22:21:34.467422 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF)
22:21:35.465153 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)
22:21:35.467063 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF)
22:21:36.467031 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)
22:21:36.469019 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF)
22:21:37.469058 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)
22:21:37.470902 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF)
22:21:38.471154 00:0c:29:89:77:e2 00:00:5e:00:01:1e 0800 98: 10.0.3.10 >
192.168.178.51: icmp: echo request (DF)

22:21:38.473050 00:0c:29:7c:14:2e 00:0c:29:89:77:e2 0800 98: 192.168.178.51 >
10.0.3.10: icmp: echo reply (DF) ^C
48 packets received by filter
0 packets dropped by kernel
#

State table:

# pfctl -vs state | grep icmp
all icmp 192.168.178.51:8 ((2) 192.168.178.51:8) <- 10.0.3.10:3896 ((2)
10.0.3.10:3896)   0:0
all icmp 10.0.15.10:1609 (10.0.3.10:3896) -> 192.168.178.51:8   0:0
#

Log on remote Gateway:

Number: 649
Date:   7May2012
Interface:  eth0
Source: 10.0.15.10
Destination:192.168.178.51
Protocol:   icmp
ICMP:   Echo Request
ICMP Type:  8
ICMP Code:  0
Encryption Scheme:  IKE
Encryption Methods: ESP: AES-256 + SHA1
VPN Peer Gateway:   obsd (88.77.88.60)


Unfortunately connections initiated from the remote site do not work
actually:

C:\>ping 10.0.15.10

Pinging 10.0.15.10 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.0.15.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>

In tcpdump I can see, that the packes are routed in to the correct rdomain.
There is also an echo-reply received by the OpenBSD system. But the packets
are not routed back to the remote gateway. Instead icmp unreachables are
created for the destination

# tcpdump -nei em2 icmp
tcpdump: listening on em2, link-type EN10MB
22:25:1

nginx tmp

[Luis Useche]

Hi Guys,

I was just trying to start nginx on the last snapshot and it was
failing with this message:

2012/05/07 14:46:03 [emerg] 29247#0: mkdir() "tmp/client_body_temp"
failed (2: No such file or directory)

I fixed it by creating the directory /var/www/tmp/

I don't know if it was something I missed or this directory is not
being created by default. Just raising the flag.

Thanks,
Luis.

Re: xenocara won't build on vax (5.1-stable)

[Maurice Janssen]

On 05/07/2012 08:45 AM, Matthieu Herrb wrote:

On Sun, May 06, 2012 at 09:57:21PM +0200, Maurice Janssen wrote:

Hi,

I'm having some trouble building xenocara on a Vaxstation running
5.1-stable.
The xenocare source directory is mounted over NFS, in case it matters.
The sources are a clean anoncvs checkout and also used by some other
platforms (without any problems), so I am pretty sure the tree is OK.

I followed the exact steps from FAQ 5.5 and after about 6 hours the
build fails.  Below are the last lines of make build.

Anybody got an idea what might be wrong?


This is a known  issue with OpenBSD's pkg-config(1).


Hmm, deja vu...


The current version does not produce the list of libraries needed by
sxpm in the correct order. The work around is to use the OpenBSD 4.9
version.


Thanks, I'm sure this will help (like 6 months ago, when I asked the 
same question for 5.0-stable...)


Maurice

Re: OpenBSD 5.1 i386- ports vs packages

[Dimitry T]

Nick, thanks! Sorry for maybe stupid question. I am a beginner in openbsd
world.

> Date: Mon, 7 May 2012 13:44:49 -0400
> From: n...@holland-consulting.net
> To: misc@openbsd.org
> Subject: Re: OpenBSD 5.1 i386- ports vs packages
>
> On 05/07/2012 01:29 PM, Dimitry T wrote:
> > Thank you all for the detailed answers. Is there any changes in compiling
if
> > recompile kernel with option machine i686, now uname shows i386?
>
> Sure.  Big change.  You hurt yourself.  Usually badly.
>
> http://www.openbsd.org/faq/faq5.html#WhySrc
> http://www.openbsd.org/faq/faq5.html#Why
> Read the rest of this page, as long as you are here.
>
> Nick.

Re: OpenBSD 5.1 i386- ports vs packages

[Dimitry T]

P.S Is there any changes in performance if change in kernel conf i386 to
i686?




"Some reasons why you should not build a custom kernel:

You do not need to, normally.
  You will not get a faster system."

Can this applies to my question?

> From: dimitryr...@hotmail.com
> To: misc@openbsd.org
> Subject: Re: OpenBSD 5.1 i386- ports vs packages
> Date: Mon, 7 May 2012 17:29:36 +
>
> Thank you all for the detailed answers. Is there any changes in compiling
if
> recompile kernel with option machine i686, now uname shows i386?
>
> > Date: Mon, 7 May 2012 14:03:40 +0100
> > From: kevlar...@yahoo.co.uk
> > To: misc@openbsd.org
> > Subject: Re: OpenBSD 5.1 i386- ports vs packages
> >
> > On Sun, 6 May 2012 04:03:46 +0200
> > ropers wrote:
> >
> > > As for security, since the Openbsd.org packages and ports both come
> > > from the same source, there's no security advantage of ports over
> > > packages unless you don't trust OpenBSD.org and actually read all of
> > > the source code you compile (and, by the way, do the same for your
> > > whole compiler toolchain).
> >
> > With one exception. If you are running stable rather than current,
> > only security fixes for server packages like dovecot are pushed into
> > ports and so building may be desired as the devs valuable time is spent
> > moving forwards. In current (snapshots are almost current) there are
> > pre-built snapshot packages and a snapshot ISO to upgrade from so you
> > should though it's not always guaranteed be able to just upgrade to the
> > latest snapshot base (install51.iso) and update to the latest snapshot
> > packages. If it fails try again a few days later. You could image or
> > use an identical test machine/partition for that if the stable branch
> > level of guarantee is required.

Re: Ftpd chroot in a user folder name

[Wesley]

I already read man pages of ftpd ;-)
All are well explained. Need to play with /etc/ftpchroot and 
/etc/ftpusers, /etc/login.conf (ftp-dir and ftp-chroot)


I can chroot to for example /var/www/htdocs but all users will see the 
others folders, it is a problem.
I just want that for example user named : "site1" can access (chroot) 
only his folder /var/www/htdocs/site1
It is why i tried something like : ftp-dir=/var/www/htdocs/%u (but the 
"%u" is misunderstood)


Any idea ? or a better way to achieve this ?

Thank you very much.

--
Wesley


The ftpd manpage says

  ftp-chroot  A boolean value.  If set, users in this class will be
  automatically chrooted to the user's login directory.

ftpd wants to chroot to the user's login directory... so what is the
login directory?  Is ftpd chrooting to the user's home directory?  If
so, it is doing exactly what you told it to do.

Nicolai

Re: OpenBSD 5.1 i386- ports vs packages

[Nick Holland]

On 05/07/2012 01:29 PM, Dimitry T wrote:

Thank you all for the detailed answers. Is there any changes in compiling if
recompile kernel with option machine i686, now uname shows i386?


Sure.  Big change.  You hurt yourself.  Usually badly.

http://www.openbsd.org/faq/faq5.html#WhySrc
http://www.openbsd.org/faq/faq5.html#Why
Read the rest of this page, as long as you are here.

Nick.

Re: kqemu in 5.1

[Weldon Goree]

On Mon, 2012-05-07 at 15:21 +0300, lilit-aibolit wrote:
> 
> qemu-0.14.1p4.tgz and kqemu-1.3.0pre11p3.tgz in packages.
> is this not work?


http://www.openbsd.org/cgi-bin/cvsweb/ports/emulators/kqemu/Attic/Makefile

Also, it's not in packages for 5.1 (I think it got yanked after the
freeze for 5.0, so it's still in 5.0, but doesn't work):

ftp://ftp.openbsd.org/pub/OpenBSD/5.1/packages/i386/


kpoppassd-0.5p2.tgz 
kpovmodeller-3.5.10p6.tgz   krb5-auth-dialog-3.2.1p1.tgz

Qemu is still there, and still (slowly) works.

Weldon

Re: OpenBSD 5.1 i386- ports vs packages

[Dimitry T]

Thank you all for the detailed answers. Is there any changes in compiling if
recompile kernel with option machine i686, now uname shows i386?

> Date: Mon, 7 May 2012 14:03:40 +0100
> From: kevlar...@yahoo.co.uk
> To: misc@openbsd.org
> Subject: Re: OpenBSD 5.1 i386- ports vs packages
>
> On Sun, 6 May 2012 04:03:46 +0200
> ropers wrote:
>
> > As for security, since the Openbsd.org packages and ports both come
> > from the same source, there's no security advantage of ports over
> > packages unless you don't trust OpenBSD.org and actually read all of
> > the source code you compile (and, by the way, do the same for your
> > whole compiler toolchain).
>
> With one exception. If you are running stable rather than current,
> only security fixes for server packages like dovecot are pushed into
> ports and so building may be desired as the devs valuable time is spent
> moving forwards. In current (snapshots are almost current) there are
> pre-built snapshot packages and a snapshot ISO to upgrade from so you
> should though it's not always guaranteed be able to just upgrade to the
> latest snapshot base (install51.iso) and update to the latest snapshot
> packages. If it fails try again a few days later. You could image or
> use an identical test machine/partition for that if the stable branch
> level of guarantee is required.

Re: Ftpd chroot in a user folder name

[Nicolai]

On Mon, May 07, 2012 at 04:24:37PM +0400, Wesley wrote:

> Test it, the chroot is not possible, the "%u" is not accepted.

That sentence implies a dozen different things depending on who you
ask.  Why make people guess?  It's better to just paste output / error
messages.

I haven't served FTP in many years, but you should look into the file
/etc/ftpchroot

The ftpd manpage says

  ftp-chroot  A boolean value.  If set, users in this class will be
  automatically chrooted to the user's login directory.

ftpd wants to chroot to the user's login directory... so what is the
login directory?  Is ftpd chrooting to the user's home directory?  If
so, it is doing exactly what you told it to do.

Nicolai

Re: Ftpd chroot in a user folder name

[Manolis Tzanidakis]

Hey there,

On Mon (07/05/12), Wesley wrote:

> Is it possible to tell ftpd to chroot in /var/www/htdocs/%u ?
> (doesn't work)
> I need ftp for multiple folders located in /var/www/htdocs/*

Not a direct answer: you should switch to sftp. It offers chroot the way
you want to set it up and is secure.

[shameless plug: you could read my article about it, here:
http://olex.openlogic.com/wazi/2011/stop-using-ftp-how-to-transfer-files-securely/
it's linux-based due to that site's restrictions, but the configuration
is the same. sshd_config(5) offers the complete documentation btw.]

-- 
Manolis Tzanidakis
http://mtzanidakis.com/
mtzanidakis[at]gmail[dot]com

Re: Why does the ports system delete distfiles?

[Marc Espie]

On Mon, May 07, 2012 at 12:02:55AM -0400, Alan Corey wrote:
> Yeah, at one point when I was getting 5.0 set up I actually took my
> laptop somewhere with a WiFi connection.  I must have already
> installed databases/sqlports because I extracted a list of distfiles
> from that, matched it against what I already had from 4.7, then put
> the site url on the beginning of each line and .tar.gz on the end
> and fed it to wget.  I got about 100 megs of distfiles in about 15
> minutes and saved about 10 hours of downloading by modem.  Of course
> they aren't all tar.gz and the site didn't work for all of them, but
> it helped.  I'm still working on parts of LibreOffice.

Next time just use dpb -F and save you a lot of pain and manual fucking around.

Re: systat total freeze

[frantisek holop]

hmm, on Sun, May 06, 2012 at 12:38:49PM -0700, Philip Guenther said that
> On Sun, May 6, 2012 at 3:38 AM, frantisek holop  wrote:
> ...
> > however on the other notebook systat froze the system solid.
> > i have no idea how to reproduce this, obviously, running
> > systat now works fine.
> 
> Could you see the machine's console and see whether it paniced?
> 
> For those that are interested in debugging from a kernel crash dump
> but that have Sandybridge video chipsets and similar that are unable
> to return to the console once they go into X, it's often still
> possible to type blindly into ddb and trigger a kernel core dump.
> Just type "boot crash".  If it works, the system will pause a moment
> and then you'll see a pile of disk activity.  You'll need your swap
> partition to be somewhat bigger than your total memory, and then
> you'll need somewhat more than that free on your /var partition.
> Check out the crash(8) manpage for some info on what you can do with a
> kernel crash dump.

would ddb would show up in xconsole?

i will try the blind method next time.

-f
-- 
i used to be a sci fi fan.  then i started living it.

keyboard question

[Peter J. Philipp]

Hi,

I have a USB Keyboard that when I unplug it and plug it back in it doesn't
come back as recognized by the system.  So I have to log in from the net-
book and reboot.  Is this common to all OpenBSD workstations or just mine?

Here is some info:

jupiter$ dmesg|grep -i nova
uhidev0 at uhub6 port 1 configuration 1 interface 0 "NOVATEK USB Keyboard" rev 
1.10/1.12 addr 2
uhidev1 at uhub6 port 1 configuration 1 interface 1 "NOVATEK USB Keyboard" rev 
1.10/1.12 addr 2

I noticed it shows up twice in dmesg here.. but not in usbdevs:

jupiter$ usbdevs
addr 1: EHCI root hub, Intel
addr 1: EHCI root hub, Intel
 addr 2: product 0x0819, Logitech
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
 addr 2: EPSON Scanner, EPSON
addr 1: UHCI root hub, Intel
 addr 2: USB Keyboard, NOVATEK
 addr 3: USB-PS/2 Optical Mouse, Logitech
addr 1: UHCI root hub, Intel

Here is a dmesg:

OpenBSD 5.1 (GENERIC.MP) #207: Sun Feb 12 09:42:14 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8579973120 (8182MB)
avail mem = 8337412096 (7951MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf06f0 (79 entries)
bios0: vendor American Megatrends Inc. version "0805" date 02/24/2010
bios0: ASUSTeK Computer INC. P6T SE
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET OSFR SSDT
acpi0: wakeup devices NPE2(S4) NPE4(S4) NPE5(S4) NPE6(S4) NPE8(S4) NPE9(S4) 
NPEA(S4) P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) 
EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) P0P5(S4) P0P6(S4) 
P0P7(S4) P0P8(S4) P0P9(S4) NPE1(S4) NPE3(S4) NPE7(S4) GBE_(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 3368.06 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu3: 256KB 64b/line 8-way L2 cache
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu4: 256KB 64b/line 8-way L2 cache
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu5: 256KB 64b/line 8-way L2 cache
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz
cpu6: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu6: 256KB 64b/line 8-way L2 cache
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu7: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu7: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 9 pa 0xfec8a000, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (NPE2)
acpiprt2 at acpi0: bus -1 (NPE4)
acpiprt3 at acpi0: bus

Fab Faya Newsletter 14 - Bamboo Brasov / Bucarest / Romania

[Fab Faya Official newsletter]

Newsletter #14

















http://www.fabfaya.com
i...@fabfaya.com
Fab Faya Official website

Don't want to receive this e-mail ?
Send your adress with the word "Delete"
and your e-mail adress to newslett...@fabfaya.com

Re: OpenBSD 5.1 i386- ports vs packages

[Kevin Chadwick]

On Sun, 6 May 2012 04:03:46 +0200
ropers wrote:

> As for security, since the Openbsd.org packages and ports both come
> from the same source, there's no security advantage of ports over
> packages unless you don't trust OpenBSD.org and actually read all of
> the source code you compile (and, by the way, do the same for your
> whole compiler toolchain).

With one exception. If you are running stable rather than current,
only security fixes for server packages like dovecot are pushed into
ports and so building may be desired as the devs valuable time is spent
moving forwards. In current (snapshots are almost current) there are
pre-built snapshot packages and a snapshot ISO to upgrade from so you
should though it's not always guaranteed be able to just upgrade to the
latest snapshot base (install51.iso) and update to the latest snapshot
packages. If it fails try again a few days later. You could image or
use an identical test machine/partition for that if the stable branch
level of guarantee is required.

Re: xenocara won't build on vax (5.1-stable)

[Laurence Rochfort]

I'd love to get my hands on a vaxstation.

Does anybody know of a reasonably priced source on the UK?
On May 7, 2012 7:50 AM, "Matthieu Herrb"  wrote:

> On Sun, May 06, 2012 at 09:57:21PM +0200, Maurice Janssen wrote:
> > Hi,
> >
> > I'm having some trouble building xenocara on a Vaxstation running
> > 5.1-stable.
> > The xenocare source directory is mounted over NFS, in case it matters.
> > The sources are a clean anoncvs checkout and also used by some other
> > platforms (without any problems), so I am pretty sure the tree is OK.
> >
> > I followed the exact steps from FAQ 5.5 and after about 6 hours the
> > build fails.  Below are the last lines of make build.
> >
> > Anybody got an idea what might be wrong?
>
> >
> > Thanks,
> > Maurice
> >
> >
> >
> >
> > Making all in sxpm
> > if gcc -DHAVE_CONFIG_H -I. -I/usr/xenocara/lib/libXpm/sxpm -I..
>  -I/usr/xenocara/lib/libXpm/include   -Wall -Wpointer-arith
> -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
> -Wnested-externs -fno-strict-aliasing -Wbad-function-cast -Wformat=2
> -I/usr/X11R6/include -O2 -pipe -MT sxpm.o -MD -MP -MF ".deps/sxpm.Tpo" -c
> -o sxpm.o /usr/xenocara/lib/libXpm/sxpm/sxpm.c;  then mv -f
> ".deps/sxpm.Tpo" ".deps/sxpm.Po"; else rm -f ".deps/sxpm.Tpo"; exit 1; fi
> > /bin/sh ../libtool --tag=CC --mode=link gcc -Wall -Wpointer-arith
> > -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
> > -Wnested-externs -fno-strict-aliasing -Wbad-function-cast -Wformat=2
> > -I/usr/X11R6/include -O2 -pipe-o sxpm  sxpm.o -L/usr/X11R6/lib
> > -pthread -lXext -lXdmcp -lXau -lpthread-stubs -lxcb -lX11 -lSM -lICE
> > -lXt ../src/libXpm.la
>
> This is a known  issue with OpenBSD's pkg-config(1).
>
> The current version does not produce the list of libraries needed by
> sxpm in the correct order. The work around is to use the OpenBSD 4.9
> version.
>
> But the fact that this issue has been present for more than one year
> shows the level of interest on X for vax among developers.
>
> > mkdir .libs
> > gcc -Wall -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes
> -Wmissing-declarations -Wnested-externs -fno-strict-aliasing
> -Wbad-function-cast -Wformat=2 -I/usr/X11R6/include -O2 -pipe -o sxpm
> sxpm.o -pthread  -L/usr/X11R6/lib /usr/X11R6/lib/libXext.a
> /usr/X11R6/lib/libXt.a /usr/X11R6/lib/libSM.a /usr/X11R6/lib/libICE.a
> ../src/.libs/libXpm.a -pthread /usr/X11R6/lib/libX11.a
> /usr/X11R6/lib/libXdmcp.a /usr/X11R6/lib/libXau.a -lpthread-stubs -lxcb
> > sxpm.o: warning: sprintf() is often misused, please use snprintf()
> > Error.o: warning: sprintf() is often misused, please use snprintf()
> > Initialize.o: warning: strcat() is almost always misused, please use
> strlcat()
> > Initialize.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > Intrinsic.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > NextEvent.o: warning: sprintf() is often misused, please use snprintf()
> > Shell.o: warning: strcpy() is almost always misused, please use strlcpy()
> > TMaction.o: warning: strcat() is almost always misused, please use
> strlcat()
> > TMprint.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > TMprint.o: warning: sprintf() is often misused, please use snprintf()
> > Converters.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > ResConfig.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > sm_client.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > sm_misc.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > process.o: warning: sprintf() is often misused, please use snprintf()
> > authutil.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > authutil.o: warning: strcat() is almost always misused, please use
> strlcat()
> > RdFToI.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > scan.o: warning: sprintf() is often misused, please use snprintf()
> > Font.o: warning: strcpy() is almost always misused, please use strlcpy()
> > FSWrap.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > GetAtomNm.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > IntAtom.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > KeysymStr.o: warning: sprintf() is often misused, please use snprintf()
> > SetHints.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > XlibInt.o: warning: sprintf() is often misused, please use snprintf()
> > XlibInt.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > lcWrap.o: warning: strcpy() is almost always misused, please use
> strlcpy()
> > lcWrap.o: warning: strcat() is almost always misused, please use
> strlcat()
> > ErrDes.o: warning: sprintf() is often misused, please use snprintf()
> > lcUTF8.o: warning: sprintf() is often misused, please use snprintf()
> > lcGenConv.o: warning: strcpy() is almost alw

Re: Ftpd chroot in a user folder name

[Wesley]

I tried this in /etc/login.conf

:ftp-dir=/var/www/htdocs/%u:\
:ftp-chroot=1:\
:tc=auth-ftp-defaults:

and cap_mkdb /etc/login.conf
Test it, the chroot is not possible, the "%u" is not accepted.

Any idea?


Le 2012-05-07 16:17, Wesley a C)critB :

Hi,

Is it possible to tell ftpd to chroot in /var/www/htdocs/%u ? 
(doesn't work)

I need ftp for multiple folders located in /var/www/htdocs/*

Thank you very much.

Wesley.

Re: kqemu in 5.1

[lilit-aibolit]

04.05.2012 13:28, Weldon Goree P?P8QP5Q:

On 05/04/12 06:12, Jes wrote:

Hi all:

I can't find kqemu between snapshots packages, ports, or even in 5.1
packages. I think I've read something about kqemu is deprecated in
newer versions of qemu (1.0.1) Is this correct? Because performance
without kqemu is horrible. Any solution?




Yes, it was killed upstream since Linux now comes with its own
hypervisor (KVM).

AFAIK OpenBSD currently does not have a working hypervisor since it also
can't be dom0 on xen until such time as xen stops randomly overwriting
register contents at unpredictable times.

So, as of now, any virtualization will have to be of the plain qemu or
bochs variety. Sorry.

Best,
Weldon


.



qemu-0.14.1p4.tgz and kqemu-1.3.0pre11p3.tgz in packages.
is this not work?

Ftpd chroot in a user folder name

[Wesley]

Hi,

Is it possible to tell ftpd to chroot in /var/www/htdocs/%u ? (doesn't 
work)

I need ftp for multiple folders located in /var/www/htdocs/*

Thank you very much.

Wesley.

Intel 6250 Wimax ?

[Любомир Григоров]

Hello list, I want to ask if the driver for OpenBSD has support for Wimax
and if there is a Wimax stack at all on OpenBSD?

I know external USB dongles are known to work on FreeBSD and OpenBSD, but
my Intel 6250 seems has no support.

Cheers.

-- 
Lyubomir Grigorov (bgalakazam)

Re: Huawei EM770W modem in GPS mode

[Baurzhan Muftakhidinov]

Will try latest snapshot to see how it works.

For those who interested in Huawei EM770W GPS function:
I finally managed to make GPS work in Linux.
Direct echo 'AT^WPDGP' > /dev/ttyUSB0 did not work, so I used wvdial to pass
this command to device.
so, /dev/ttyUSB3 is your GPS device.

Cheers,

On Sat, May 5, 2012 at 8:12 PM, Baurzhan Muftakhidinov
 wrote:
> Hello,
>
> I am using OpenBSD 5.1, i386 version.
>
> I own an Acer ao532h netbook which comes with Huawei EM770W,
> a 3G modem, connected via mini PCI-e bus.
>
> I succeeded to make it work as GPS receiver as following
> 1) echo "AT^WPDGP" > /dev/cuaU0
> 2) GPS data in NMEA format is being received from /dev/cuaU3.
> I get these data simply by 'cat /dev/cuaU3'.
> 3) To stop GPS data, you need to do B "echo "AT^WPEND" > /dev/cuaU0"
>
> However, it is not possible to undo that command, i.e. when you press
> Ctrl+C to interrupt the cat /dev/cuaU3, it simply hangs, and system itself
> freezes. If I send halt or reboot in another terminal, the X server
> stops working,
> but system remains at console login prompt mode, and don't react to
> keyboard.
>
> This behavior is specific to /dev/cuaU3 only, cuaU1,2 and 4 works fine with
cat.
>
> Any advices on what kind of issue this could be are very welcome!