BTW: 5.5-pre-orders
Hi, just noticed on cvs@ that Theo has activated pre-orders for 5.5. I did so right away. @Theo and the other devs: THANK YOU for your continued efforts to make this fine OS even better! Cheers, STEFAN
Re: When are default 'set prio' priorities set?
* Maxim Khitrov m...@mxcrypt.com [2013-12-22 18:44]: On Fri, Dec 20, 2013 at 4:11 PM, Maxim Khitrov m...@mxcrypt.com wrote: I was under the impression that the packet priority was always set to 3 prior to the pf ruleset evaluation (ignoring VLAN and CARP for a moment), and that 'set prio' on an inbound rule only affected returning traffic that matched the state entry. Here's an artificial example: pass out on $wan pass in on $lan set prio 7 What will be the priority of outbound packets on the $wan interface, 3 or 7? Looking at the code in pf.c, the priority is copied to m-m_pkthdr.pf.prio, but I'm not sure where this value is initialized or reset. I think I figured this out, but I would appreciate a confirmation. The m_pkthdr.pf.prio value is set to IFQ_DEFPRIO (3) in sys/kern/uipc_mbuf.c when a new mbuf is allocated. It is not modified after that except by pf rules. Therefore, packets going out on $wan in my example will have their priority set to 7. Essentially, priorities behave the same as tags. The difference is that priorities are saved in the state entries, so all subsequent packets coming in on $lan and matching an existing state will have a priority of 7 when going out on $wan. Returning packets will keep a default priority of 3 after crossing $wan, but this will be changed to 7 when they match the state outbound on $lan. Correct? pretty much, there are a few cases (liek carp announcements) that get a higher priority by default. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
USB Ethernet ASIX AX88179 not attaching to axen
I tried an Edimax USB Ethernet adapter on my -current system. It attaches as ugen1 but not as axen0: ugen1 at uhub3 port 2 ASIX Elec. Corp. AX88179 rev 2.10/1.00 addr 3 According to axen(4) this device should be supported. But config does not find axen. Is this becaus usb is handled differently or is the driver not enabled yet? $ config -ef /bsd OpenBSD 5.5-current (GENERIC.MP) #25: Tue Mar 25 15:40:38 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Enter 'help' for information ukc find axen ukc quit Device details (lsusb) and dmesg: Bus 001 Device 003: ID 0b95:1790 ASIX Electronics Corp. Device Descriptor: bLength18 bDescriptorType 1 bcdUSB 2.10 bDeviceClass 255 Vendor Specific Class bDeviceSubClass 255 Vendor Specific Subclass bDeviceProtocol 0 bMaxPacketSize064 idVendor 0x0b95 ASIX Electronics Corp. idProduct 0x1790 bcdDevice1.00 iManufacturer 1 ASIX Elec. Corp. iProduct2 AX88179 iSerial 3 0002B5 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 39 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 248mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber0 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass255 Vendor Specific Subclass bInterfaceProtocol 0 iInterface 4 Network_Interface Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes3 Transfer TypeInterrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 11 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes2 Transfer TypeBulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes2 Transfer TypeBulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Device Status: 0x (Bus Powered) OpenBSD 5.5-current (GENERIC.MP) #25: Tue Mar 25 15:40:38 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8357658624 (7970MB) avail mem = 8126451712 (7749MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version 6QET61WW (1.31 ) date 10/26/2010 bios0: LENOVO 3626GN8 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 1197.25 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 1197.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 1197.01 MHz cpu2:
Re: USB Ethernet ASIX AX88179 not attaching to axen
On 27/03/14 3:40 AM, Remi Locherer wrote: I tried an Edimax USB Ethernet adapter on my -current system. It attaches as ugen1 but not as axen0: ugen1 at uhub3 port 2 ASIX Elec. Corp. AX88179 rev 2.10/1.00 addr 3 According to axen(4) this device should be supported. But config does not find axen. Is this becaus usb is handled differently or is the driver not enabled yet? It is not enabled in the regular kernel builds yet. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Building libav/ffmpeg x264 on 5.4
On 2014-03-26, Michael Lackner michael.lack...@unileoben.ac.at wrote: As for the other posts: Installing ffmpeg as a package can be done, but x264 would refuse to link against it. Could that be something as simple as needing to include -L/usr/local/lib in LDFLAGS when configuring x264?
Re: Netgear WG311T Atheros Chipset Wireless Problem
On 03/26/14 07:03, Wong Peter wrote: Dear all, I had bought a Netgear WG311T Atheros Chipset. The Openbsd kernel(dmesg) shows this card as ath0. Therefore, I try to configure it using /etc/hostname.ath0 with content below: inet 192.168..5.1 255.255.255.0 none media autoselect mediaopt hostap mode 11b chan 6 nwid wsm nwkey This configuration gives me an access point which its LED keeps on blinking and scan from window cannot find the particular nwid as well. I believe there is some problems with it. Please help. Thanks. What's the output of: /sbin/ifconfig ath0 scan
In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
I am attempting to run foswiki on OpenBSD. Things are installed and i am able to open /bin/Configure page of foswiki configuration screen. but the page reports few errors, complaining that following files are either not found or outdated and new versions are required. The Files are : grep, rcs, ci, co,rlog, rcsdiff I tried commands like pkg_add -Uu to upgrade packages installed, but it reports all packages are uptodate. I also tried pkg_add rcs pkg_add grep etcbut non works. So my basic question is how to I update above files to their latest version required by foswiki. Regards
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
On 2014-03-27 Thu 14:12 PM |, jignesh desai wrote: I am attempting to run foswiki on OpenBSD. Things are installed and i am able to open /bin/Configure page of foswiki configuration screen. but the page reports few errors, complaining that following files are either not found or outdated and new versions are required. The Files are : grep, rcs, ci, The webserver runs chrooted: http://www.openbsd.org/faq/faq10.html#httpdchroot
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
On 03/27/14 06:12, jignesh desai wrote: I am attempting to run foswiki on OpenBSD. Things are installed and i am able to open /bin/Configure page of foswiki configuration screen. but the page reports few errors, complaining that following files are either not found or outdated and new versions are required. The Files are : grep, rcs, ci, co,rlog, rcsdiff I tried commands like pkg_add -Uu to upgrade packages installed, but it reports all packages are uptodate. I also tried pkg_add rcs pkg_add grep etcbut non works. So my basic question is how to I update above files to their latest version required by foswiki. Regards What version of OpenBSD? The default httpd server in OpenBSD is chrooted by default so the webserver does not have access to the rest of the file system.
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
Hi Fred, No I have modifided config and Unchrooted it. After which i am successfully able to run http://localhost/foswiki/bin/configure page. and its this page that reports error about wrong file versions. therefore i wish to update those files to latest versions. The Files are : grep, rcs, ci, co ,rlog, rcsdiff. Infact I copied grep file from another folder into foswiki folder, after which it reported that grep is not a GNU grep, from the message i believe its looking for specific version of grep. Any further advice ? Regards From: Fred open...@crowsons.com To: jignesh desai jigs_de...@yahoo.com; misc@openbsd.org misc@openbsd.org Sent: Thursday, 27 March 2014 3:40 PM Subject: Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version? On 03/27/14 06:12, jignesh desai wrote: I am attempting to run foswiki on OpenBSD. Things are installed and i am able to open /bin/Configure page of foswiki configuration screen. but the page reports few errors, complaining that following files are either not found or outdated and new versions are required. The Files are : grep, rcs, ci, co,rlog, rcsdiff I tried commands like pkg_add -Uu to upgrade packages installed, but it reports all packages are uptodate. I also tried pkg_add rcs pkg_add grep etc but non works. So my basic question is how to I update above files to their latest version required by foswiki. Regards What version of OpenBSD? The default httpd server in OpenBSD is chrooted by default so the webserver does not have access to the rest of the file system.
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
jignesh desai said: Hi Fred, ? No I have modifided config and Unchrooted? it. ? After which i am successfully able to run? http://localhost/foswiki/bin/configure page. and its this page that reports error about wrong file versions. ? therefore i wish to update those files to latest versions.? The Files are :? grep, rcs, ci, co ,rlog, rcsdiff. ? Infact I copied grep file from another folder into foswiki folder, after which it reported that grep is not a GNU grep, from the message i believe its looking for specific version of grep. ? Any further advice ? ? 1. Use chrooted httpd. Really. 2. Either patch foswiki to use proper tools or install GNU stuff it wants. Apparently you need ggrep package. Copy everything you need to the chroot. -- Dmitrij D. Czarkoff
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
Hi,Dmitrij Any advice what to type in Pkg_add .. ??? command to install GNU stuff ? Regards From: Dmitrij D. Czarkoff czark...@gmail.com To: jignesh desai jigs_de...@yahoo.com Cc: Fred open...@crowsons.com; misc@openbsd.org misc@openbsd.org Sent: Thursday, 27 March 2014 5:06 PM Subject: Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version? jignesh desai said: Hi Fred, ? No I have modifided config and Unchrooted? it. ? After which i am successfully able to run? http://localhost/foswiki/bin/configurepage. and its this page that reports error about wrong file versions. ? therefore i wish to update those files to latest versions.? The Files are :? grep, rcs, ci, co ,rlog, rcsdiff. ? Infact I copied grep file from another folder into foswiki folder, after which it reported that grep is not a GNU grep, from the message i believe its looking for specific version of grep. ? Any further advice ? ? 1. Use chrooted httpd. Really. 2. Either patch foswiki to use proper tools or install GNU stuff it wants. Apparently you need ggrep package. Copy everything you need to the chroot. -- Dmitrij D. Czarkoff
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
On 03/27/14 10:41, jignesh desai wrote: Hi Fred, No I have modifided config and Unchrooted it. After which i am successfully able to run http://localhost/foswiki/bin/configure page. and its this page that reports error about wrong file versions. therefore i wish to update those files to latest versions. The Files are : grep, rcs, ci, co ,rlog, rcsdiff. Infact I copied grep file from another folder into foswiki folder, after which it reported that grep is not a GNU grep, from the message i believe its looking for specific version of grep. Any further advice ? Regards As Dmitrij has stated use the chroot and work out how to get Foswiki working in the chroot - it will be a valuable learning experience and then you will be able to maintain it safely. man pkg_add explains the use of the tool really well, as does all the documentation on OpenBSD - it is one of the reason's that OpenBSD is so good to use. Fred
Re: Netgear WG311T Atheros Chipset Wireless Problem
On 03/27/14 12:23, Wong Peter wrote: Hi Fred, There is no output display to the console. It cannot become hostap. Please help. dmesg and output of /sbin/ifconfig ath0 would help debug this. cheers Fred
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
jignesh desai said: Any advice what to type in Pkg_add .. ??? command to install GNU stuff ? Here is the best advice on the topic: man pkg_add If you want to get anywhere, you *must* read manuals. You may accidentally install and run foswiki (or whatever else) without getting familiar with documentation, but that will only lead to unexpected problems and actual reading of documentation when you don't have time for it. Nobody would be there handholding you. Prepare now. P.S.: Another advice - pkg_add, not Pkg_add. -- Dmitrij D. Czarkoff
Linksys wmp54g v4.1 is not support
Dear all, The Linksys wmp54g v4.1 is not support on Openbsd 4.1. Previously, it is working but it is not working after few years. Any reason for this ? Please help. Thanks. -- Linux
Encrypting httpd/nginx and friends
I'm in need of setting up several OpenBSD servers at remote locations. Each one will have a two-disk softraid(4) RAID 1 with as much as possible of application data encrypted. The machines will mainly be serving very large mysql databases, nginx/httpd, transmission and owncloud. Since none of the servers have tools for remote administration, my only option for unlocking any crypto volumes will be over ssh(4). AFAIK that means I cannot encrypt any parts of the OS itself since all partitions are required to be present for the OS to be able to boot up to a point where it can offer sshd(8), right? That means that encrypted data, which would typically reside in /var/mysql, /var/www, and /var/transmission, must reside on volumes that can be unlocked and mounted separately. However, I cannot in advance predict which service will outgrow others first, so I'd like to have them all on the same volume just like it would have been if I could simply encrypt one very large /var partition to begin with. My question: Is it trivial to have mysql, transmission and www to store all of their data on a separate volume and have it mounted to, let's say /var/ raid1c/ www/ mysql/ transmission/ while retaining various log and chroot functionality and without reducing security? Any potential caveats to watch out for? Erling
Re: Encrypting httpd/nginx and friends
On 03/27/14 14:37, Erling Westenvik wrote: That means that encrypted data, which would typically reside in /var/mysql, /var/www, and /var/transmission, must reside on volumes that can be unlocked and mounted separately. However, I cannot in advance predict which service will outgrow others first, so I'd like to have them all on the same volume just like it would have been if I could simply encrypt one very large /var partition to begin with. My question: Is it trivial to have mysql, transmission and www to store all of their data on a separate volume and have it mounted to, let's say /var/ raid1c/ www/ mysql/ transmission/ while retaining various log and chroot functionality and without reducing security? Any potential caveats to watch out for? Yes it is trivial, I have a similar setup: The system itself is installed with all services disabled. I remotely run a script that will ssh, mount the encrypted volume and start the services. The configuration and data bits are on the encrypted volume with symlinks at the appropriate places. The only issue I have is the daily mail warning me that some symlinks should be files. Gilles
Re: Seagate ST3250310AS not recognized
- Original Message - On 03/26/14 16:59, Charlie Farinella wrote: I'm trying to install OpenBSD 5.4 on a Dell Vostro 400, it's several years old but not ancient. 4GB RAM, 250GB Seagate ST3250310AS hard drive. The installation goes normally until it tries to find the hard drive and then tells me no hard drive is available. I've wiped the drive (it had ESXi on it before), repartitioned it, unpartitioned it, installed Linux, installed FreeBSD all without problem, but no matter what I do to it, OpenBSD won't see it. I would really like to get this working so any suggestions or guidance is very much appreciated. First of all, your report sucks. Normally, I try to just ignore bad reports, even when I have a possible W.A.G., but I'm going to try something new... I'm going to say you owe the project a $50 donation if I'm right. And if I'm wrong, you get to buy the 5.5 CDs when they come out and say ha ha! you were WRONG! First of all, if you hooked the drive up properly and it is seen in the bios and all, it isn't a matter of the /drive/ not being recognized, or anything on the drive left over, there's something wrong with the handling of the drive by the interface. All that stuff that goes scrolling by the screen on boot? it's important. it's called the dmesg. Read it, it will tell you why things didn't work. You may well have to interpret things, but somewhere on your dmesg, the chip that is your SATA interface will show up, and right there, it will probably give you a good idea why it isn't acting like a disk interface. And while it looks like gibberish, it's actually fairly readable. My wild guess: you have an ahci interface (this is good), configured in the BIOS for RAID (this is bad). Dell shipped a lot of machines with one disk, with the interface configured in the BIOS as a RAID. This is really just a lame BIOS-assisted OS-based RAID system, like most cheap RAID options, but if the OS doesn't support the RAID idea and it is a multi-booting system, bad things can happen when the BIOS helps you by copying one drive over your other drive, so OpenBSD (and at least some Linux kernels, I've seen) won't touch the drive if it was in the unsupported RAID configuration mode. Nick. First: Thanks to all who replied, I appreciate people trying to help. Second: Nick was right and I am very appreciative that he took the time to help. I now know more than I knew before, and have a working system. :-) Third: Our company has been using OpenBSD since version 3.2, purchasing CD sets, t-shirts and mugs over the years, I'll be sure we kick in the $50.00 donation. Thank you again. --charlie -- Charles Farinella Systems Administrator Appropriate Solutions, Inc. 603-924-6079
Re: upgrades no longer allow ftp for sets
TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No.
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? So I sent a long mail yesterday explaining this, and that's the best you two can do? How do you even retain jobs??
Re: upgrades no longer allow ftp for sets
Hello Theo, Wednesday, March 26, 2014, 3:18:59 PM, you wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. -- Best regards, Borismailto:bo...@twopoint.com
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? jirib
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014, at 09:14 AM, Jiri B wrote: On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? My educated guess is that ssh and sftp would not fit on the install disks. Though there are probably other reasons as well, including the fact that to truly be secure you'd have to verify the host keys beforehand as they could not be stored on the install disks. -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
So I sent a long mail yesterday explaining this, and that's the best you two can do? How do you even retain jobs?? Dramatic arts class on elementary school :D j.
Re: In OpenBSD how to upgrade individual system files like (grep, rcs, rlog ) to latest version?
On 2014-03-27 Thu 19:47 PM |, jignesh desai wrote: ? Any advice what to type in Pkg_add .. ??? ? command to install GNU stuff ? There are other wikis already ported come with specific instructions on how to use them on OpenBSD. If you have the ports tree installed, do this: $ cd /usr/ports $ make search key=wiki ... www/dokuwiki www/mediawiki www/moinmoin www/pmwiki www/trac www/twiki ... See: http://www.openbsd.org/faq/faq15.html#PkgFind http://www.openbsd.org/faq/faq15.html#PortsSearch
Re: upgrades no longer allow ftp for sets
Em 27-03-2014 11:28, Shawn K. Quinn escreveu: On Thu, Mar 27, 2014, at 09:14 AM, Jiri B wrote: On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? My educated guess is that ssh and sftp would not fit on the install disks. Though there are probably other reasons as well, including the fact that to truly be secure you'd have to verify the host keys beforehand as they could not be stored on the install disks. Yes, and although the crypto algorithms that ssh uses are better than tls/ssl, there also side channel attacks on them to infer things, although things would be better obfuscated. So if you can't authenticate the host, nor the client in the installation, there isn't really a point in having sftp on the installer. I believe that it would even hurt security since you could be much more susceptible to impersonation attacks since many many people blindly accepts ssh host keys. Signify, provided you trust the initial key, completely solves the problem of the insecure medium. If you want to obfuscate what you are installing, you're better off using a proxy. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Lost battery and A/C info on March 26 snapshot
Upgrading from March 25 snapshot to March 26 snapshot caused me to lose status on the battery and A/C for my laptop. Dmesg's are below, acpidump from both snapshots are attached. If there's any other needed info please let me know and I'll get that when possible. OpenBSD 5.5-current (GENERIC.MP) #25: Tue Mar 25 15:40:38 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4209770496 (4014MB) avail mem = 4088979456 (3899MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdbeda000 (35 entries) bios0: vendor Phoenix Technologies LTD version V1.04 date 10/22/2009 bios0: Gateway NV53 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT APIC MCFG HPET acpi0: wakeup devices LID0(S3) SLPB(S3) PB2_(S4) PB3_(S4) PB4_(S4) PB5_(S4) PB6_(S4) PB7_(S4) PB9_(S4) PB10(S4) OHC0(S3) OHC1(S3) OHC2(S3) OHC3(S3) OHC4(S3) EHC0(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) II Dual-Core M300, 2000.93 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: AMD erratum 721 detected and fixed cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu0: mwait min=64, max=64, C-substates=0.0.0.0.0, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) II Dual-Core M300, 2000.04 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu1: AMD erratum 721 detected and fixed cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-9 acpihpet0 at acpi0: 14318180 Hz acpi0: unable to load \\_SB_.PCI0._INI.EXH2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PB2_) acpiprt2 at acpi0: bus -1 (PB3_) acpiprt3 at acpi0: bus 3 (PB4_) acpiprt4 at acpi0: bus -1 (PB5_) acpiprt5 at acpi0: bus 9 (PB6_) acpiprt6 at acpi0: bus -1 (PB7_) acpiprt7 at acpi0: bus -1 (PB9_) acpiprt8 at acpi0: bus -1 (PB10) acpiprt9 at acpi0: bus 10 (P2P_) acpiprt10 at acpi0: bus 1 (AGP_) acpiec0 at acpi0 acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpitz0 at acpi0: critical temperature is 95 degC acpitz1 at acpi0: critical temperature is 95 degC acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpibtn2 at acpi0: SLPB acpibat0 at acpi0: BAT0 model AS09A61 serial 4548 type LION oem 494453 acpiac0 at acpi0: AC unit online acpivideo0 at acpi0: VGA_ acpivideo1 at acpi0: VGA_ acpivout0 at acpivideo1: LCD_ cpu0: 2000 MHz: speeds: 2000 1400 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 AMD RS880 Host rev 0x00 ppb0 at pci0 dev 1 function 0 vendor Acer, unknown product 0x9602 rev 0x00 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 5 function 0 ATI Mobility Radeon HD 4200 rev 0x00 drm0 at radeondrm0 radeondrm0: apic 2 int 18 azalia0 at pci1 dev 5 function 1 ATI Radeon HD 4200 HD Audio rev 0x00: msi azalia0: no supported codecs ppb1 at pci0 dev 4 function 0 AMD RS780 PCIE rev 0x00: msi pci2 at ppb1 bus 3 bge0 at pci2 dev 0 function 0 Broadcom BCM5784 rev 0x10, BCM5784 A1 (0x5784100): msi, address 00:26:2d:6f:6b:e2 brgphy0 at bge0 phy 1: BCM5784 10/100/1000baseT PHY, rev. 4 ppb2 at pci0 dev 6 function 0 AMD RS780 PCIE rev 0x00: msi pci3 at ppb2 bus 9 athn0 at pci3 dev 0 function 0 Atheros AR9281 rev 0x01: apic 2 int 18 athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 70:1a:04:80:80:93 ahci0 at pci0 dev 17 function 0 ATI SBx00 SATA rev 0x00: apic 2 int 22, AHCI 1.1 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, Hitachi HTS54505, PB4O SCSI3 0/direct fixed naa.5000cca59ec6ae72 sd0: 476940MB, 512 bytes/sector, 976773168 sectors cd0 at scsibus0 targ 1 lun 0: HL-DT-ST, DVDRAM GT30N, 1.01 ATAPI 5/cdrom removable ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 2 int 16, version 1.0, legacy support ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 2 int 16, version 1.0, legacy support ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 17 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 ATI EHCI root
xfce terminal and zsh
Hi, I'm using 5.4 with XFCE and ZSH shell. When I'm on the XFCE terminal, and type, for example cd and press tab key, I get cdcd. It is repeating the first two or three characters. Does anyone faced the same behavior. Regards, -- Leonardo M. Ramé Medical IT - Griensu S.A. Av. Colón 636 - Piso 8 Of. A X5000EPT -- Córdoba Tel.: +54(351)4246924 +54(351)4247788 +54(351)4247979 int. 19 Cel.: +54 9 (011) 40871877
Re: BTW: 5.5-pre-orders
On 03/27/14 07:29, Stefan Wollny wrote: Hi, just noticed on cvs@ that Theo has activated pre-orders for 5.5. I did so right away. @Theo and the other devs: THANK YOU for your continued efforts to make this fine OS even better! Cheers, STEFAN http://shop.openbsdeurope.com/ is also taking pre-orders for 5.5 :~) Thanks to all the devs for their great work on getting another release ready! Cheers Fred
192.43.244.163 (lists.openbsd.org) not being able to go through spamd
Hi, I'm using spamd in greylisting mode to fight against spam. I saw in my /var/log/daemon that it couldn't go through spamd and keep being rejected (and then go through my MX2). It's just to let you know in case you changed something on it recently (sendmail - smtpd ?). I fixed the problem with pfctl -t nospamd -Ta 192.43.244.163. I don't think the problem was on my side because at the same time another MTA got whitelisted. What I'm using is : $ grep spamd /etc/rc.conf.local spamd_flags=-v -G 3:4:864 Cheers, -- Vigdis
Re: Linksys wmp54g v4.1 is not support
Hi, Wong Peter wrote: The Linksys wmp54g v4.1 is not support on Openbsd 4.1. Previously, it is working but it is not working after few years. 4.1 ar eyou sure? And when did it use to work? Which older version? Try with current OpenBSD 5.4 And report the dmesg. Riccardo
Re: upgrades no longer allow ftp for sets
Hello misc, Thursday, March 27, 2014, 9:14:00 AM, Jiri wrote: JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. -- Best regards, Borismailto:bo...@twopoint.com
Re: upgrades no longer allow ftp for sets
On 27 March 2014 11:30, Boris Goldberg bo...@twopoint.com wrote: Hello misc, Thursday, March 27, 2014, 9:14:00 AM, Jiri wrote: JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. -- Best regards, Borismailto:bo...@twopoint.com 1) It's not useful. 2) It's too complicated. 3) It's impossible to fit on the install media. Ken
Re: upgrades no longer allow ftp for sets
JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). psftp Great, so you can't even use the right example. Classy. As it happens, sftp is just a wrapper around ssh, and ssh itself statically linked is: textdatabss dec hex 1445154 24580 52312 1522046 17397e So, even bigger than openssl. BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. First off, you are suggesting that we double the size of the large thing on the install media. You are showing that you can't do any research at all, but want to throw ideas out. My main reason is Taste. I'll stand against the addition of useless stuff that people can't use correctly. You are throwing sftp out there as an idea, without any deep consideration. I don't know who you are asking us to keep serving your needs. Never heard of you before.
Re: xfce terminal and zsh
On Thu, Mar 27, 2014 at 10:25:39AM -0300 or thereabouts, Leonardo M. Ramé wrote: Hi, I'm using 5.4 with XFCE and ZSH shell. When I'm on the XFCE terminal, and type, for example cd and press tab key, I get cdcd. It is repeating the first two or three characters. Does anyone faced the same behavior. Regards, -- Leonardo M. Ramé Negative. I have the same setup but with the grml zshrc. wget -O ~/.zshrc http://git.grml.org/f/grml-etc-core/etc/zsh/zshrc See http://grml.org/zsh for documentation. Regards Moss
Re: Encrypting httpd/nginx and friends
On Thu, Mar 27, 2014 at 02:44:34PM +0100, Gilles Chehade wrote: I remotely run a script that will ssh, mount the encrypted volume and start the services. Which implies that the ssh user must be given sudo access without password? The configuration and data bits are on the encrypted volume with symlinks at the appropriate places. Like this? # /etc/rc.d/httpd stop # mv /var/www /raid1c/ mv: www/dev/log: Operation not supported # ln -s /raid1c/www /var/www # /etc/rc.d/httpd start It is working at least. Guess I'm just afraid of doing something terribly wrong. Thanks! Erling
Re: upgrades no longer allow ftp for sets
Em 27-03-2014 12:43, Theo de Raadt escreveu: JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). psftp Great, so you can't even use the right example. Classy. As it happens, sftp is just a wrapper around ssh, and ssh itself statically linked is: textdatabss dec hex 1445154 24580 52312 1522046 17397e So, even bigger than openssl. BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. First off, you are suggesting that we double the size of the large thing on the install media. You are showing that you can't do any research at all, but want to throw ideas out. My main reason is Taste. I'll stand against the addition of useless stuff that people can't use correctly. You are throwing sftp out there as an idea, without any deep consideration. I don't know who you are asking us to keep serving your needs. Never heard of you before. Even if the size wasn't an issue, using ssh on the installer would only be really secure if associated with DNSSEC and SSHFP records for the server. There are sysadmins that blindly trust host keys, ssl certificates, so imagine a regular user trying to install OpenBSD and being prompted for an unknonw host key. And we are just talking about the installer side. Imagine the headache of configuring mirrors with sftp. Even if all mirrors host keys were somehow compressed and putted in the installer, this wouldn't solve the issue when installing from a personal mirror, and such. Please stop. It's bad enough having ftp. Yesterday I did a http install, very fast, and the best part, very easy. With 5.5 on the horizon, signify and all the good things that will come with it, the install process will be much more reliable. Just take as example all the linuxes installation and updates processes. They all use http, with no tls/ssl. I can't remember if any of them have ssl enabled on their mirrors. sftp? Good luck finding one. I hope that this is elaborate enough. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
Geez, all you complainers and/or suggesters get over it. The OpenBSD project makes decisions, sometimes you like them, some times you don't. Get used to it. If you feel that strongly about it quit using OpenBSD or code something really good and efficient then present it. FWIW, Anyone who is responsible for border firewalls deplores FTP protocol. diana Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005)
Re: upgrades no longer allow ftp for sets
previously on this list Kenneth Westerback contributed: 1) It's not useful. 2) It's too complicated. 3) It's impossible to fit on the install media. 4) With the advent of signify and one of it's goals being efficiency it would be a solution that needlessly wastes resources of many types.
Re: Suspend and Hibernate Issues with 3/5 Snapshot and ThinkPad T42p
While I received some replies off list about the continued depreciation of APM (rightly so) and the ongoing development and difficultly of doing ACPI work remotely, I figured I'd give this a spin with past releases anyway, so: ACPI hibernate doesn't work from 5.2 through -current, but APM hibernate does with the exception of -current (which also is the first release where ACPI is enabled by default for this machine). I also came across http://marc.info/?l=openbsd-miscm=134306539306957w=2 from mlarkin@ and figured I'd try it, but there was no change. FWIW, since someone else asked off list, when suspending with ACPI and -current, the messages from the non-functional resumed iwi are: iwi0: timeout waiting for firmware initialization to complete iwi0: could not load boot firmware I also get the following upon ACPI resume and the screen is slightly corrupted on the edges: drm: AGP mode requested: 2 radeondrm0: GTT: 256M 0xD000 - 0xDFFF Lastly, I often routinely get the following from iwi upon startup (didn't happen in the past), but it still works: iwi0: timeout waiting for master Cheers. On Thu, Mar 20, 2014 at 7:15 PM, Daniel Melameth dan...@melameth.com wrote: Hrm, I'll work on this and report back, but dissecting the tree and venturing down the ACPI and APM rabbit holes is likely beyond my ability. On Thu, Mar 20, 2014 at 6:39 PM, Kenneth Westerback kwesterb...@gmail.com wrote: 5.2 to 5.5 is a big jump. Can you try 5.3 and/or 5.4 to narrow down when the problem began? Bisecting the tree would be the next step. :-) Ken On 20 March 2014 20:34, Daniel Melameth dan...@melameth.com wrote: With OpenBSD 5.2, I had no issue doing suspend and hibernate: when I closed the lid, it suspended, when I hit Fn+F12 the BIOS took over, with it's own pretty text interface, and hibernated the system. iwi(4) also worked flawlessly with suspend/hibernate. Fast forward to upgrading to 5.5 with ACPI: setting machdep.lidsuspend=1 allows the system to suspend when I close the lid, but iwi(4) is broken upon resume (iwi0: could not load boot firmware) and Fn+F12 or ZZZ leaves me with a blank screen and an eternal flashing moon LED (swap is RAM + 1GB). If I disable ACPI in UKC, which is enabled by default, everything works as it did in 5.2 with the exception of hibernate which behaves as if ACPI was enabled. Any recommendations on how to fix? Thanks. dmesg with ACPI enabled (default): OpenBSD 5.5 (GENERIC) #276: Wed Mar 5 09:57:06 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,EST,TM2,PERF real mem = 2146332672 (2046MB) avail mem = 2098974720 (2001MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/18/07, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version 1RETDRWW (3.23 ) date 06/18/2007 bios0: IBM 2373C61 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA BOOT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) PCI0(S3) PCI1(S4) DOCK(S4) USB0(S3) USB1(S3) AC9M(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: PUBS, resource for USB0, USB1, USB7 acpitz0 at acpi0: critical temperature is 93 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model IBM-08K8198 serial 153 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: DOCK not docked (0) bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0: (uniprocessor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: Enhanced SpeedStep 1999 MHz: speeds: 2000, 1800, 1600, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82855PM Host rev 0x03 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xd000, size 0x1000 ppb0 at pci0 dev 1 function 0 Intel 82855PM AGP rev 0x03 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 0 function 0 ATI Radeon Mobility M10 rev 0x80 drm0 at radeondrm0 radeondrm0: irq 11 uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 2:0:0: mem address conflict
Re: xfce terminal and zsh
On 2014-03-27 15:41:16 +, Maurice McCarthy wrote: On Thu, Mar 27, 2014 at 10:25:39AM -0300 or thereabouts, Leonardo M. Ramé wrote: Hi, I'm using 5.4 with XFCE and ZSH shell. When I'm on the XFCE terminal, and type, for example cd and press tab key, I get cdcd. It is repeating the first two or three characters. Does anyone faced the same behavior. Regards, -- Leonardo M. Ramé Negative. I have the same setup but with the grml zshrc. wget -O ~/.zshrc http://git.grml.org/f/grml-etc-core/etc/zsh/zshrc See http://grml.org/zsh for documentation. Thanks!, I'll try it. -- Leonardo M. Ramé Medical IT - Griensu S.A. Av. Colón 636 - Piso 8 Of. A X5000EPT -- Córdoba Tel.: +54(351)4246924 +54(351)4247788 +54(351)4247979 int. 19 Cel.: +54 9 (011) 40871877
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014 at 1:37 PM, Diana Eichert deich...@wrench.com wrote: FWIW, Anyone who is responsible for border firewalls deplores FTP protocol. And its cousin, FTPS, which, although encrypted, has the same dual port problem yet not curable via a proxy. Chris
trunk device on bridge
Hi, im running OpenBSD 5.5 (GENERIC.MP) #300: Wed Feb 26 16:28:46 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Right now i'm trying some network fun. I am using a thinkpad x201 where i combined iwn0 and em0 to a trunk failover device. that works without problems. now i want to add trunk0 to bridge0 to be able to add an vether and other taps. i can create that bridge and add the devices but after that nothing happens. $ cat /etc/hostname.em0 up $ cat /etc/hostname.iwn0 nwid ssid wpakey secret up $ cat /etc/hostname.trunk0 trunkproto failover trunkport em0 trunkport iwn0 $ cat /etc/hostname.vether0 up dhcp $ cat /etc/hostname.bridge0 add trunk0 add vether0 up tcpdump -i iwn0 does not show the dhcp requests from vether0 (iwn0 is master at trunk0). there isn't any traffic going though the bridge. is there a limitiation of adding trunk devices to bridges or am i doing the bridging wrong ? i am afraid the solution is quite obvious, but i am guessing for serveral days now thanks
Re: unlink utility
On Wed, Mar 26, 2014 at 06:25:16PM +0100, Dmitrij Czarkoff wrote: Theo de Raadt wrote: but given that 'unlink' is already used in some scripts I would like to see some proof of that. The use that triggered my original mail was in tests for devel/py-dulwich. Oh, python code. not surprised... ;p
Re: dhclient
On Wed, Mar 26, 2014 at 3:13 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: Using pkill(1) correctly should be more efficient than opening a file, reading its contents, then passing those as an argument to kill(1). None of the mechanisms removes the race. However, of all the mechanisms, pidfiles are the worst. They even persist over reboot. Sometimes i feel curse (or maybe just tired) : main::(/bin/check_network.pl:164): my $src = system('/usr/bin/pkill -HUP -f dhclient: trunk0'); DB2 n main::(/bin/check_network.pl:165):if ($src) { DB2 p $src 33024 Of course pkill is supposed to return 0,1,2 or 3 and it does in the shell I wont even try to think further about that. All i wanted was to ask again for a lease , i guess i will just relaunch because -HUP is a lie, the pid change . Simplicity shall prevail ? IMHO , lets remove the HUP signal for dhclient i do not like it anymore !!! Best regards, -- mans says : Conversely, if the interface is later manipulated to add or delete addresses then dhclient will automatically exit. It thus automatically exits whenever a new dhclient is run on the same interface. -- - () ascii ribbon campaign - against html e-mail /\
Re: Building libav/ffmpeg x264 on 5.4
Since ffmpeg is linked against x264 you could just use it to read and encode stuff to mp4. There is a guide[1] about how to do 2 pass, use presets and the rest. You can also use -x264opts to pass options directly to libx264 (but it doesn't support everything). [1] https://trac.ffmpeg.org/wiki/x264EncodingGuide 2014-03-27 4:17 GMT-04:00 Stuart Henderson s...@spacehopper.org: On 2014-03-26, Michael Lackner michael.lack...@unileoben.ac.at wrote: As for the other posts: Installing ffmpeg as a package can be done, but x264 would refuse to link against it. Could that be something as simple as needing to include -L/usr/local/lib in LDFLAGS when configuring x264?
Re: dhclient
On Thu, Mar 27, 2014 at 2:28 PM, sven falempin sven.falem...@gmail.com wrote: Sometimes i feel curse (or maybe just tired) : main::(/bin/check_network.pl:164): my $src = system('/usr/bin/pkill -HUP -f dhclient: trunk0'); DB2 n main::(/bin/check_network.pl:165):if ($src) { DB2 p $src 33024 Of course pkill is supposed to return 0,1,2 or 3 and it does in the shell perldoc -f system ... The return value is the exit status of the program as returned by the wait call. To get the actual exit value, shift right by eight (see below). See also exec. This is not what you 33024 8 == 129 I wont even try to think further about that. All i wanted was to ask again for a lease , i guess i will just relaunch because -HUP is a lie, the pid change . Simplicity shall prevail ? IMHO , lets remove the HUP signal for dhclient i do not like it anymore !!! Best regards, -- mans says : Conversely, if the interface is later manipulated to add or delete addresses then dhclient will automatically exit. It thus automatically exits whenever a new dhclient is run on the same interface. -- - () ascii ribbon campaign - against html e-mail /\
Re: dhclient
On Thu, Mar 27, 2014 at 3:00 PM, Philip Guenther guent...@gmail.com wrote: On Thu, Mar 27, 2014 at 2:28 PM, sven falempin sven.falem...@gmail.com wrote: Sometimes i feel curse (or maybe just tired) : main::(/bin/check_network.pl:164): my $src = system('/usr/bin/pkill -HUP -f dhclient: trunk0'); DB2 n main::(/bin/check_network.pl:165):if ($src) { DB2 p $src 33024 Of course pkill is supposed to return 0,1,2 or 3 and it does in the shell perldoc -f system ... The return value is the exit status of the program as returned by the wait call. To get the actual exit value, shift right by eight (see below). See also exec. This is not what you 33024 8 == 129 (Stupid gmail control-enter==Send) So, why is it returning 129? Well, since you gave system() a single string it's actually invoked via the shell. Why would the shell report a status of 129? ?The exit status of the last non-asynchronous command executed. If the last command was killed by a signal, $? is set to 128 plus the signal number. So, pkill is dying with signal 1 == HUP. Hey, wait a minute, pkill's criteria matches its own command line, so it will kill itself! Time to be more clever about the criteria... Philip Guenther
Re: dhclient
On 03/27/14 23:07, Philip Guenther wrote: On Thu, Mar 27, 2014 at 3:00 PM, Philip Guenther guent...@gmail.com wrote: On Thu, Mar 27, 2014 at 2:28 PM, sven falempin sven.falem...@gmail.com wrote: Sometimes i feel curse (or maybe just tired) : main::(/bin/check_network.pl:164): my $src = system('/usr/bin/pkill -HUP -f dhclient: trunk0'); DB2 n main::(/bin/check_network.pl:165):if ($src) { DB2 p $src 33024 Of course pkill is supposed to return 0,1,2 or 3 and it does in the shell perldoc -f system ... The return value is the exit status of the program as returned by the wait call. To get the actual exit value, shift right by eight (see below). See also exec. This is not what you 33024 8 == 129 (Stupid gmail control-enter==Send) So, why is it returning 129? Well, since you gave system() a single string it's actually invoked via the shell. Why would the shell report a status of 129? ?The exit status of the last non-asynchronous command executed. If the last command was killed by a signal, $? is set to 128 plus the signal number. So, pkill is dying with signal 1 == HUP. Hey, wait a minute, pkill's criteria matches its own command line, so it will kill itself! Time to be more clever about the criteria... If I'm not totally mistaken, pkill is expected not to kill itself, just as pgrep is expected not to list itself either. /Alexander Philip Guenther
Re: dhclient
On 03/27/14 23:26, Alexander Hall wrote: On 03/27/14 23:07, Philip Guenther wrote: On Thu, Mar 27, 2014 at 3:00 PM, Philip Guenther guent...@gmail.com wrote: On Thu, Mar 27, 2014 at 2:28 PM, sven falempin sven.falem...@gmail.com wrote: Sometimes i feel curse (or maybe just tired) : main::(/bin/check_network.pl:164): my $src = system('/usr/bin/pkill -HUP -f dhclient: trunk0'); DB2 n main::(/bin/check_network.pl:165):if ($src) { DB2 p $src 33024 Of course pkill is supposed to return 0,1,2 or 3 and it does in the shell perldoc -f system ... The return value is the exit status of the program as returned by the wait call. To get the actual exit value, shift right by eight (see below). See also exec. This is not what you 33024 8 == 129 (Stupid gmail control-enter==Send) So, why is it returning 129? Well, since you gave system() a single string it's actually invoked via the shell. Why would the shell report a status of 129? ?The exit status of the last non-asynchronous command executed. If the last command was killed by a signal, $? is set to 128 plus the signal number. So, pkill is dying with signal 1 == HUP. Hey, wait a minute, pkill's criteria matches its own command line, so it will kill itself! Time to be more clever about the criteria... If I'm not totally mistaken, pkill is expected not to kill itself, just as pgrep is expected not to list itself either. Ah, but it could be killing the shell that system() spawns to run pkill! If so (and even if not), lession to learn (#2): Don't invoce system() with a single argument unless you really need the shell parsing. /Alexander
Re: dhclient
On 2014-03-27 17:07, Philip Guenther wrote: On Thu, Mar 27, 2014 at 3:00 PM, Philip Guenther guent...@gmail.com wrote: On Thu, Mar 27, 2014 at 2:28 PM, sven falempin sven.falem...@gmail.com [1] wrote: Sometimes i feel curse (or maybe just tired) : main::(/bin/check_network.pl:164): my $src = system('/usr/bin/pkill -HUP -f dhclient: trunk0'); DBn main::(/bin/check_network.pl:165): if ($src) { DBp $src 33024 Of course pkill is supposed to return 0,1,2 or 3 and it does in the shell perldoc -f system ... The return value is the exit status of the program as returned by the wait call. To get the actual exit value, shift right by eight (see below). See also exec. This is not what you 33024 8 == 129 (Stupid gmail control-enter==Send) So, why is it returning 129? Well, since you gave system() a single string it's actually invoked via the shell. Why would the shell report a status of 129? ? The exit status of the last non-asynchronous command executed. If the last command was killed by a signal, $? is set to 128 plus the signal number. So, pkill is dying with signal 1 == HUP. Hey, wait a minute, pkill's criteria matches its own command line, so it will kill itself! Time to be more clever about the criteria... Which goes back quite neatly to my comment about correct pkill usage not necessarily being self-evident. I thought pgrep/pkill specifically excluded themselves? Oh - it's killing the subshell that invokes pkill, isn't it? Which propagates the signal through the process group, which includes pkill... argh! Yup, confirmed: # sh -c pgrep -lf pgrep 31775 sh -c pgrep -lf pgrep but... # sh -c pgrep -lfx pgrep # Perhaps more useful than the -x option in this case is the fact that pgrep/pkill take REs as patterns, so just use ^: my $src = system('/usr/bin/pkill -HUP -f ^dhclient: trunk0'); -Adam Links: -- [1] mailto:sven.falem...@gmail.com
Re: dhclient
On 03/27/14 23:36, Adam Thompson wrote: my $src = system('/usr/bin/pkill -HUP -f ^dhclient: trunk0'); my $src = system('/usr/bin/pkill', '-HUP', '-f', '^dhclient: trunk0'); /Alexander
Re: dhclient
On Thu, Mar 27, 2014 at 6:42 PM, Alexander Hall alexan...@beard.se wrote: On 03/27/14 23:36, Adam Thompson wrote: my $src = system('/usr/bin/pkill -HUP -f ^dhclient: trunk0'); my $src = system('/usr/bin/pkill', '-HUP', '-f', '^dhclient: trunk0'); /Alexander Thank you all, i'll put the begin of line next time i use pkill in the spawned subshell. -- - () ascii ribbon campaign - against html e-mail /\
Re: dhclient
On 03/27/14 23:58, sven falempin wrote: On Thu, Mar 27, 2014 at 6:42 PM, Alexander Hall alexan...@beard.se wrote: On 03/27/14 23:36, Adam Thompson wrote: my $src = system('/usr/bin/pkill -HUP -f ^dhclient: trunk0'); my $src = system('/usr/bin/pkill', '-HUP', '-f', '^dhclient: trunk0'); /Alexander Thank you all, i'll put the begin of line next time i use pkill in the spawned subshell. Not sure if you're being ironic or not, and the ^ is a good thing anyway, but the reason for passing multiple parameters to system() rather than just a single expression, is to avoid creating a subshell at all.
Re: dhclient
On Thu, Mar 27, 2014 at 6:58 PM, sven falempin sven.falem...@gmail.com wrote: On Thu, Mar 27, 2014 at 6:42 PM, Alexander Hall alexan...@beard.se wrote: On 03/27/14 23:36, Adam Thompson wrote: my $src = system('/usr/bin/pkill -HUP -f ^dhclient: trunk0'); my $src = system('/usr/bin/pkill', '-HUP', '-f', '^dhclient: trunk0'); /Alexander Because you was all so helpful, i now have the reflex to ask, nevertheless it is not that good to abuse good think, Because i saw pkill -HUP was kinda restarting the dhclient, and because i did read the manpage, AND alexander mail I simply did: system('/sbin/dhclient', '-l', '/run/dhclient.leases.trunk0', 'trunk0'); (instead of sendind -HUP) how foolish of me ! The dhclient start, get a lease ... and die (leaving the trunk0 unconfigured) logs : DB7 DHCPDISCOVER on trunk0 to 255.255.255.255 port 67 interval 3 DHCPDISCOVER on trunk0 to 255.255.255.255 port 67 interval 6 DHCPOFFER from 10.0.0.254 (96:4f:87:9c:ad:67) DHCPREQUEST on trunk0 to 255.255.255.255 port 67 DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) bound to 10.0.0.101 -- renewal in 21600 seconds. main::(/etc/network.pl:202): }); DB7 n route: writing to routing socket: Network is unreachable add host 10.0.0.171: gateway 10.0.0.254: Network is unreachable DB7 q # ifconfig trunk0 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr fe:e1:ba:d1:b4:76 priority: 0 trunk: trunkproto roundrobin trunkport tun1 active trunkport tun0 master,active groups: trunk media: Ethernet autoselect status: active inet6 fe80::200:24ff:fed0:8ed0%trunk0 prefixlen 64 scopeid 0xb -- - () ascii ribbon campaign - against html e-mail /\