Re: Iked, ca_getreq: no valid local certificate found
On Fri, Nov 06, 2015 at 12:24:30AM -0500, Toyam Cox wrote:
> I'm running 5.8-release.
ikectl ca in 5.8 is non-functional as LibreSSL removed support for
environment variables in openssl cnf files and this was not
noticed/fixed until after 5.8.
Here is a patch against 5.8 that adds the changes to cope with that.
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/ikectl/Makefile,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- Makefile18 Jan 2014 05:54:51 - 1.3
+++ Makefile19 Aug 2015 12:25:59 - 1.4
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.3 2014/01/18 05:54:51 martynas Exp $
+# $OpenBSD: Makefile,v 1.4 2015/08/19 12:25:59 reyk Exp $
.PATH: ${.CURDIR}/../../sbin/iked
PROG= ikectl
-SRCS= log.c ikeca.c ikectl.c parser.c
+SRCS= log.c ikeca.c ikectl.c parser.c util.c
MAN= ikectl.8
Index: ikeca.c
===
RCS file: /cvs/src/usr.sbin/ikectl/ikeca.c,v
retrieving revision 1.30
retrieving revision 1.33
diff -u -p -r1.30 -r1.33
--- ikeca.c 16 Jan 2015 06:40:17 - 1.30
+++ ikeca.c 19 Aug 2015 12:25:59 - 1.33
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikeca.c,v 1.30 2015/01/16 06:40:17 deraadt Exp $ */
+/* $OpenBSD: ikeca.c,v 1.33 2015/08/19 12:25:59 reyk Exp $ */
/*
* Copyright (c) 2010 Jonathan Gray
@@ -82,13 +82,39 @@ struct {
{ "/private", 0700 }
};
-int ca_sign(struct ca *, char *, int, char *);
+/* explicitly list allowed variables */
+const char *ca_env[][2] = {
+ { "$ENV::CADB", NULL },
+ { "$ENV::CERTFQDN", NULL },
+ { "$ENV::CERTIP", NULL },
+ { "$ENV::CERTPATHLEN", NULL },
+ { "$ENV::CERTUSAGE", NULL },
+ { "$ENV::CERT_C", NULL },
+ { "$ENV::CERT_CN", NULL },
+ { "$ENV::CERT_EMAIL", NULL },
+ { "$ENV::CERT_L", NULL },
+ { "$ENV::CERT_O", NULL },
+ { "$ENV::CERT_OU", NULL },
+ { "$ENV::CERT_ST", NULL },
+ { "$ENV::EXTCERTUSAGE", NULL },
+ { "$ENV::NSCERTTYPE", NULL },
+ { NULL }
+};
+
+int ca_sign(struct ca *, char *, int);
int ca_request(struct ca *, char *);
int ca_newpass(char *, char *);
char * ca_readpass(char *, size_t *);
int fcopy(char *, char *, mode_t);
+int fcopy_env(const char *, const char *, mode_t);
int rm_dir(char *);
int ca_hier(char *);
+voidca_setenv(const char *, const char *);
+voidca_clrenv(void);
+voidca_setcnf(struct ca *, const char *);
+
+/* util.c */
+int expand_string(char *, size_t, const char *, const char *);
int
ca_delete(struct ca *ca)
@@ -173,10 +199,13 @@ ca_request(struct ca *ca, char *keyname)
charcmd[PATH_MAX * 2];
charpath[PATH_MAX];
+ ca_setenv("$ENV::CERT_CN", keyname);
+ ca_setcnf(ca, keyname);
+
snprintf(path, sizeof(path), "%s/private/%s.csr", ca->sslpath, keyname);
- snprintf(cmd, sizeof(cmd), "env CERT_CN=%s %s req %s-new"
+ snprintf(cmd, sizeof(cmd), "%s req %s-new"
" -key %s/private/%s.key -out %s -config %s",
- keyname, PATH_OPENSSL, ca->batch, ca->sslpath, keyname,
+ PATH_OPENSSL, ca->batch, ca->sslpath, keyname,
path, ca->sslcnf);
system(cmd);
@@ -186,40 +215,40 @@ ca_request(struct ca *ca, char *keyname)
}
int
-ca_sign(struct ca *ca, char *keyname, int type, char *envargs)
+ca_sign(struct ca *ca, char *keyname, int type)
{
charcmd[PATH_MAX * 2];
charhostname[HOST_NAME_MAX+1];
charname[128];
+ const char *extensions = NULL;
strlcpy(name, keyname, sizeof(name));
- if (envargs == NULL)
- envargs = "";
-
if (type == HOST_IPADDR) {
- snprintf(cmd, sizeof(cmd), "env CERTIP=%s%s %s x509 -req"
- " -days 365 -in %s/private/%s.csr"
- " -CA %s/ca.crt -CAkey %s/private/ca.key -CAcreateserial"
- " -extfile %s -extensions x509v3_IPAddr -out %s/%s.crt"
- " -passin file:%s", name, envargs, PATH_OPENSSL,
- ca->sslpath, keyname, ca->sslpath, ca->sslpath,
- ca->extcnf, ca->sslpath, keyname, ca->passfile);
+ ca_setenv("$ENV::CERTIP", name);
+ extensions = "x509v3_IPAddr";
} else if (type == HOST_FQDN) {
if (!strcmp(keyname, "local")) {
if (gethostname(hostname, sizeof(hostname)))
err(1, "gethostname");
strlcpy(name, hostname, sizeof(name));
}
- snprintf(cmd, sizeof(cmd), "env CERTFQDN=%s%s %s x509 -req"
- " -days 365 -in %
Re: Iked, ca_getreq: no valid local certificate found
I'm running 5.8-release.
On Thu, Nov 5, 2015 at 8:07 PM, Jonathan Gray wrote:
> Which release or snapshot are you running? For the version of the file
> Reyk pointed you at you'll need a -current snapshot.
>
> On Thu, Nov 05, 2015 at 12:58:29PM -0500, Toyam Cox wrote:
>> This got me past that error pretty handidly.
>>
>> However, now it is complaining about no index.txt. The path given
>> doesn't help me know where to put the index.txt
>>
>> Getting Private key
>> Using configuration from /etc/ssl/ikeca.cnf
>> index.txt: No such file or directory
>> unable to open 'index.txt'
>> 250120122244:error:02001002:system library:fopen:No such file or
>> directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('index.txt',
>> 'r')
>> 250120122244:error:20074002:BIO routines:FILE_CTRL:system
>> lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
>>
>> On Thu, Nov 5, 2015 at 7:48 AM, Reyk Floeter wrote:
>> > Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry.
>> >
>> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca.cnf
>> >
>> > The openssl.cnf version broke and we somehow didn't install ikeca.cnf by
>> > default.
>> >
>> > Reyk
>> >
>> >> On 05.11.2015, at 08:28, Toyam Cox wrote:
>> >>
>> >> Ho misc@,
>> >>
>> >> I have been (loosely) following the guide at
>> >> http://puffysecurity.com/wiki/openikedoffshore.html and have run into
>> >> a roadblock.
>> >>
>> >> I have packets going between my two hosts on different networks, the
>> >> configuration files on both are good, and both have the ca installed.
>> >>
>> >> However on my remote host, I get (ips and hostnames redacted):
>> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
>> >> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
>> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
>> >> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
>> >> bytes
>> >> Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
>> >> certificate found
>> >>
>> >> This is coupled with, as I create the ca key...
>> >> # ikectl ca vpn1 create
>> >> CA passphrase:
>> >> Retype CA passphrase:
>> >> [stuff-happens-and-inputs]
>> >> Getting Private key
>> >> Using configuration from /etc/ssl/openssl.cnf
>> >> variable lookup failed for ca::default_ca
>> >> 24387713617796:error:0E06D06C:configuration file
>> >> routines:NCONF_get_string:no
>> >> value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
>> >> name=default_ca
>> >>
>> >> I've checked the mail logs for misc@ and found a person in August with
>> >> this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2
>> >>
>> >> Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me.
>> >> Variable lookup still failed.
>> >>
>> >> Thank you for any help.
dhcpd exiting with strange error message.
I'm having trouble with dhcpd on my firewall/server serving a mix of
Windows and Linux clients. After running OK for several minutes/hours, it
keeps crashing with the following error and I can't seem to find the problem.
eg.
Nov 6 08:25:34 janus dhcpd[11758]: DHCPREQUEST for 192.168.7.36 from
b4:ae:2b:2f:b6:bf via em0
Nov 6 08:25:34 janus dhcpd[11758]: DHCPACK on 192.168.7.36 to
b4:ae:2b:2f:b6:bf via em0
Nov 6 08:25:46 janus dhcpd[24427]: Can't open f: No such file or directory
Nov 6 08:25:46 janus dhcpd[24427]: exiting.
When the client's lease expires they obviously cannot obtain a new address :-(
I have set:
dhcpd_flags="em0"
in /etc/rc.conf.local
I have appended my dhcpd.conf file and dmesg below.
I realise I'm running 5.7 and have not yet upgraded to 5.8 (this is
scheduled) but I've checked the errata and don't see anyhing pertaining
to dhcpd there.
Any pointers would be greatly appreciated.
# $OpenBSD: dhcpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#
# Network: 192.168.1.0/255.255.255.0
# Domain name: my.domain
# Name servers: 192.168.1.3 and 192.168.1.5
# Default router: 192.168.1.1
# Addresses:192.168.1.32 - 192.168.1.127
#
option domain-name-servers 192.168.7.1;
subnet 192.168.7.0 netmask 255.255.255.0 {
option routers 192.168.7.1;
range 192.168.7.32 192.168.7.127;
host DocuCentre {
fixed-address 192.168.7.100;
}
# host pxe-client {
# hardware ethernet 02:03:04:05:06:07;
# filename "pxeboot";
# next-server 192.168.1.1;
# }
}
=
OpenBSD 5.7 (GENERIC.MP) #881: Sun Mar 8 11:04:17 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1046020096 (997MB)
avail mem = 1014312960 (967MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf (50 entries)
bios0: vendor Dell Inc. version "1.0.13" date 03/21/2008
bios0: Dell Inc. Vostro 200
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET MCFG SLIC OSFR APIC SSDT
acpi0: wakeup devices PEX0(S5) PEX1(S5) PEX2(S5) PEX3(S5) PEX4(S5) PEX5(S5)
HUB0(S5) IGBE(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3)
EHC1(S3) EHC2(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz, 2394.31 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.0.0, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz, 2394.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF
cpu1: 2MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEX0)
acpiprt2 at acpi0: bus -1 (PEX1)
acpiprt3 at acpi0: bus -1 (PEX2)
acpiprt4 at acpi0: bus -1 (PEX3)
acpiprt5 at acpi0: bus -1 (PEX4)
acpiprt6 at acpi0: bus -1 (PEX5)
acpiprt7 at acpi0: bus 2 (HUB0)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature is 120 degC
acpibtn0 at acpi0: PWRB
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2000, 1600, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82G33 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 "Intel 82G33 Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1024x768
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
em0 at pci0 dev 25 function 0 "Intel ICH9 IFE" rev 0x02: msi, address
00:21:70:06:49:0b
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 4 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 4 int 21
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 4 int 19
ehci0 at p
Is the OpenBSD User Group in Berkeley, Ca still operating as of 11/05/2015?
http://www.buug.org I'm currently at Au Coquelet. If this specific group is non-operational, are there individuals that are interested in reviving this openBSD gathering in the bay area. There is a freebsd meet up at hacker dojo in mountain view which I attended but I'm curious and interested to see the level of interest in a dedicated OpenBSD gathering in the bay area. I'd be happy to organize and facilitate if needed/wanted. Danny
Spell Julius Fucik's name correctly in lyrics.html
In the Humppa Negala section of lyrics.html his name is spelled incorrectly as Julius Fucik: "Section of "Enter The Gladiators" (circus theme) composed by Julius Fucik." His name should be spelled correctly as Julius Fučík. Also, in the "I'm still here" section of lyrics.html, Jonathan Lewis is spelled incorrectly as "Jonathan D. Lewis".
dpb - um, priority?
dpb's great, especially since I rtfm'd enough to find the -I flag. But I'm trying to build and install ports on a machine and use it for something else at the same time. It's not like I've got a lot of machines. It seems like priority or niceness would need to get set on each process that's spawned. As far as I can see the same number would work everywhere. Or maybe have it take the number from an environment variable so it could be changed easily during the run. I always liked the ports system. it's always amazed me that all the pieces fit together and it works. I've rarely had trouble with it except when I try to circumvent it by using a newer version of something. I guess in that case I should make the newer version into a port. -- Credit is the root of all evil. - AB1JX
Re: Iked, ca_getreq: no valid local certificate found
Which release or snapshot are you running? For the version of the file
Reyk pointed you at you'll need a -current snapshot.
On Thu, Nov 05, 2015 at 12:58:29PM -0500, Toyam Cox wrote:
> This got me past that error pretty handidly.
>
> However, now it is complaining about no index.txt. The path given
> doesn't help me know where to put the index.txt
>
> Getting Private key
> Using configuration from /etc/ssl/ikeca.cnf
> index.txt: No such file or directory
> unable to open 'index.txt'
> 250120122244:error:02001002:system library:fopen:No such file or
> directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('index.txt',
> 'r')
> 250120122244:error:20074002:BIO routines:FILE_CTRL:system
> lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
>
> On Thu, Nov 5, 2015 at 7:48 AM, Reyk Floeter wrote:
> > Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry.
> >
> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca.cnf
> >
> > The openssl.cnf version broke and we somehow didn't install ikeca.cnf by
> > default.
> >
> > Reyk
> >
> >> On 05.11.2015, at 08:28, Toyam Cox wrote:
> >>
> >> Ho misc@,
> >>
> >> I have been (loosely) following the guide at
> >> http://puffysecurity.com/wiki/openikedoffshore.html and have run into
> >> a roadblock.
> >>
> >> I have packets going between my two hosts on different networks, the
> >> configuration files on both are good, and both have the ca installed.
> >>
> >> However on my remote host, I get (ips and hostnames redacted):
> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
> >> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
> >> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
> >> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
> >> bytes
> >> Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
> >> certificate found
> >>
> >> This is coupled with, as I create the ca key...
> >> # ikectl ca vpn1 create
> >> CA passphrase:
> >> Retype CA passphrase:
> >> [stuff-happens-and-inputs]
> >> Getting Private key
> >> Using configuration from /etc/ssl/openssl.cnf
> >> variable lookup failed for ca::default_ca
> >> 24387713617796:error:0E06D06C:configuration file
> >> routines:NCONF_get_string:no
> >> value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
> >> name=default_ca
> >>
> >> I've checked the mail logs for misc@ and found a person in August with
> >> this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2
> >>
> >> Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me.
> >> Variable lookup still failed.
> >>
> >> Thank you for any help.
misc@openbsd.org
On 2015-11-05, Stuart Henderson wrote:
> On 2015-11-04, Toyam Cox wrote:
>> The default setting for "do-not-query-localhost" is "yes".
>> You may want to add "do-not-query-localhost: no" to your config in the
>> "server" section.
>
> Right.
>
>> On Wed, Nov 4, 2015 at 11:25 AM, Gregory Edigarov wrote:
>>> Hello,
>>>
>>> Trying to make unbound and nsd co-exist on one server, the goal is to have
>>> unbound listen for all requests redirecting requests for local zones to nsd:
>>> nsd.conf
>
> Just to make sure, this is just a local-only zone? (this approach won't work
> correctly for zones that receive queries from other resolvers).
Expanding on this:
For people who do need this, set unbound to listen on an internal IP
address (or an alias), and nsd to listen on the external address.
Incoming queries from many resolvers will have the RD ("recursion desired")
bit cleared so Unbound (or another resolver) won't answer them. See for
yourself with 'dig +norecurse' (this is what Microsoft got wrong when
they tried to filter no-ip domains and broke them).
Re: 5.8-release building mutt from ports fails
On 2015-11-05, Tati Chevron wrote: > Or to be more general - what is the best way to manage a local > copy of the distfiles archive? dpb -F2; clean-old-distfiles -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: 5.8-release building mutt from ports fails
On Thu, Nov 05, 2015 at 10:13:48AM -0800, Philip Guenther wrote: On Thu, Nov 5, 2015 at 4:18 AM, Stuart Henderson wrote: On 2015/11/05 11:42, Tati Chevron wrote: >Is there some reason to not simply use the packages though? You'll end up >with a lot less junk installed on your system than building it yourself. I need to patch the mutt source to improve handling of keyboards with keys beyond F12. For example, at the moment adding bindings for F15-F24 fails. Fair enough. Things will go a bit smoother if you pkg_add the build dependencies though (libidn, lynx, docbook-xsl, qdbm) I'll throw a quick thumbs-up for adding FETCH_PACKAGES=yes to your mk.conf to have the ports infrastructure automatically install dependencies instead of building them. Out of interest, is there a, (simple), way to use the ports infrastructure to just fetch the source for a particular port, _and it's dependencies_, without building it? Or to be more general - what is the best way to manage a local copy of the distfiles archive? Doing a make checksum in /usr/ports pulls about 25 GB of source, which just about fits on a single layer BD-R, and then allows you to travel far away from an internet connection, and still be confident that you have everything you might need. The problem comes when updating it, (assuming that you are following each new -release), it might not be convenient/possible/desirable/efficient to start with an empty /usr/ports/distfiles and pull another 25 GB to populate it, and infact wasn't convenient for me last time, so I just manually fetched the most important changed distfiles, and added them to those of the previous release. Given a full set of distfiles for, (for example), 5.5-release, which also has some for 5.6-release and 5.7-release mixed in, what is the best way to separate out those which are now obsolete? Also, the PERMIT_PACKAGE_CDROM tag in the makefiles doesn't seem to follow any standard format. As well as, 'yes', and, 'no', there are entries that say things like, 'Stupid license', 'no fee', 'non-commercial use only', etc. There doesn't seem to be any way of automatically parsing the makefiles to eliminate distfiles which cannot legally be distributed on CD-ROM. -- Tati Chevron Perl and FORTRAN specialist. SWABSIT development and migration department. http://www.swabsit.com
Re: 5.8-release building mutt from ports fails
On Thu, Nov 05, 2015 at 10:13:48AM -0800, Philip Guenther wrote:
> I'll throw a quick thumbs-up for adding FETCH_PACKAGES=yes to your
> mk.conf to have the ports infrastructure automatically install
> dependencies instead of building them.
AFAIK FETCH_PACKAGES=yes is a bit broken because quirks packages in
/usr/ports/packages/$ARCH/cache/ will conflict with the installed
quirks package. pkg_add fails because of this and the dependencies
are built. One workaround is to remove the cached quirks package,
but it will eventually reappear.
The cause of the pkg_add failure during the 'make depends' step is
not directly visible unless this change to bsd.port.mk is made:
Index: bsd.port.mk
===
RCS file: /cvs/ports/infrastructure/mk/bsd.port.mk,v
retrieving revision 1.1265
diff -u -p -r1.1265 bsd.port.mk
--- bsd.port.mk 25 Apr 2014 15:28:52 - 1.1265
+++ bsd.port.mk 3 May 2014 11:12:00 -
@@ -1877,7 +1877,7 @@ check-register-all:
${_CACHE_REPO}/${_PKGFILE${_S}}:
@mkdir -p ${@D}
@${ECHO_MSG} -n "===> Looking for ${_PKGFILE${_S}} in \$$PKG_PATH - "
- @if ${SETENV} ${_TERM_ENV} PKG_CACHE=${_CACHE_REPO}
PKG_PATH=${_CACHE_REPO}:${_PKG_REPO}:${PACKAGE_REPOSITORY}/${NO_ARCH}/:${PKG_PATH}
${_PKG_ADD} -n -q ${_PKG_ADD_FORCE} -D installed -D downgrade ${_PKGFILE${_S}}
>/dev/null 2>&1; then \
+ @if ${SETENV} ${_TERM_ENV} PKG_CACHE=${_CACHE_REPO}
PKG_PATH=${_CACHE_REPO}:${_PKG_REPO}:${PACKAGE_REPOSITORY}/${NO_ARCH}/:${PKG_PATH}
${_PKG_ADD} -n -q ${_PKG_ADD_FORCE} -D installed -D downgrade ${_PKGFILE${_S}}
>/dev/null; then \
${ECHO_MSG} "found"; \
exit 0; \
else \
broadcast relay
Hi, I'm trying to relay a broadcast message. I've tried the following in pf : pass in quick proto udp from any to vlan1:broadcast port 3121 rdr-to vlan3:broadcast port 3121 pass out quick on vlan3 from any to vlan3:broadcast nat-to vlan3 with no success any chance to do it with pf? other tools? Thanks by advance, Sebastien
Re: 5.8-release building mutt from ports fails
On Thu, Nov 5, 2015 at 4:18 AM, Stuart Henderson wrote: > On 2015/11/05 11:42, Tati Chevron wrote: >> >Is there some reason to not simply use the packages though? You'll end up >> >with a lot less junk installed on your system than building it yourself. >> >> I need to patch the mutt source to improve handling of keyboards with >> keys beyond F12. For example, at the moment adding bindings for F15-F24 >> fails. > > Fair enough. Things will go a bit smoother if you pkg_add the build > dependencies though (libidn, lynx, docbook-xsl, qdbm) I'll throw a quick thumbs-up for adding FETCH_PACKAGES=yes to your mk.conf to have the ports infrastructure automatically install dependencies instead of building them. Philip Guenther
Re: VGA memory size
On Wed, Nov 04, 2015 at 02:18:28PM +0330, Mohammad BadieZadegan wrote: > Hi everybody, > I have searched more time to find a command to show the current VGA memory > size but nothing found for OpenBSD. > Is that a way to find it? > Thanks. > I'm not sure about a base utility, but you can (sometimes?) get the vga memory size via the glxinfo(1) command, ex: --snip-- Extended renderer info (GLX_MESA_query_renderer): Vendor: X.Org (0x1002) Device: AMD RV710 (0x9540) Version: 10.2.9 Accelerated: yes Video memory: 512MB Unified memory: no Preferred profile: core (0x1) Max core profile version: 3.3 Max compat profile version: 3.0 Max GLES1 profile version: 1.1 Max GLES[23] profile version: 3.0 --snip-- Cheers, -Ryan
Re: Iked, ca_getreq: no valid local certificate found
This got me past that error pretty handidly.
However, now it is complaining about no index.txt. The path given
doesn't help me know where to put the index.txt
Getting Private key
Using configuration from /etc/ssl/ikeca.cnf
index.txt: No such file or directory
unable to open 'index.txt'
250120122244:error:02001002:system library:fopen:No such file or
directory:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:255:fopen('index.txt',
'r')
250120122244:error:20074002:BIO routines:FILE_CTRL:system
lib:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bio/bss_file.c:257:
On Thu, Nov 5, 2015 at 7:48 AM, Reyk Floeter wrote:
> Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry.
>
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca.cnf
>
> The openssl.cnf version broke and we somehow didn't install ikeca.cnf by
> default.
>
> Reyk
>
>> On 05.11.2015, at 08:28, Toyam Cox wrote:
>>
>> Ho misc@,
>>
>> I have been (loosely) following the guide at
>> http://puffysecurity.com/wiki/openikedoffshore.html and have run into
>> a roadblock.
>>
>> I have packets going between my two hosts on different networks, the
>> configuration files on both are good, and both have the ca installed.
>>
>> However on my remote host, I get (ips and hostnames redacted):
>> Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT
>> request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes
>> Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response
>> from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471
>> bytes
>> Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local
>> certificate found
>>
>> This is coupled with, as I create the ca key...
>> # ikectl ca vpn1 create
>> CA passphrase:
>> Retype CA passphrase:
>> [stuff-happens-and-inputs]
>> Getting Private key
>> Using configuration from /etc/ssl/openssl.cnf
>> variable lookup failed for ca::default_ca
>> 24387713617796:error:0E06D06C:configuration file
>> routines:NCONF_get_string:no
>> value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
>> name=default_ca
>>
>> I've checked the mail logs for misc@ and found a person in August with
>> this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2
>>
>> Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me.
>> Variable lookup still failed.
>>
>> Thank you for any help.
Re: Lenovo x250 with current
On Wed, Nov 04, 2015 at 09:21:44AM -0600, lists wrote: > Hi Misc, > > Is anyone running the Lenovo x250 with current? If so, I have some > question about screen brightness adjustment. > > Thanks, > > Jim Don't ask if you can ask, just ask!
Re: 5.8-release building mutt from ports fails
On 2015/11/05 13:00, Tati Chevron wrote: > So is the use of systrace as described in the FAQ 15.3.3, now depreciated? > > Or will these breakages still be fixed as they're discovered? I think we should probably consider it deprecated and remove it from the faq (but leave it in the manpages). No objection to fixing breakages while it's still in the tree (I committed fixes for the ones you ran into to -current). > I've just noticed that the list server is silently dropping some of my > mail... Odd. IIRC it does greylisting so they may show up later..if not then it would be worth dropping millert@ a mail with the message-ids and any logs you have.
Re: Vipw / pwd_mkdb not working
>> When I try to edit the master.passwd (as root) with vipw I get the >> following error when saving: >> >> pwd_mkdb: /etc/spwd.db.tmp to /etc/spwd.db: Operation not permitted > For now, and as quick-fix, I have disabled the pledge call from > usr.sbin/pwd_mkdb/pwd_mkdb.c > > So you can rebuild an reinstall usr.sbin/pwd_mkdb. Thanks, that fixes it. Kind regards, Martijn Rijkeboer
Re: Ethernet not working
Jay Patel wrote: > do we have a compatibility list somewhere ? or can we find via mandocs page? man alc says: The alc driver provides support for Ethernet interfaces based on the Atheros AR813x/AR815x Ethernet chipset. I think we gave up trying to document every variation of every chip some time ago. It's impossible.
Re: Vipw / pwd_mkdb not working
On Thu, Nov 05, 2015 at 02:21:47PM +0100, Martijn Rijkeboer wrote: > Hi, > > When I try to edit the master.passwd (as root) with vipw I get the > following error when saving: > > pwd_mkdb: /etc/spwd.db.tmp to /etc/spwd.db: Operation not permitted Hi, We are aware of this problem introduced by sys/kern/kern_pledge.c 1.103. We are discuting about what will the better way to deal with this problem. > Any suggestions on how to fix this? For now, and as quick-fix, I have disabled the pledge call from usr.sbin/pwd_mkdb/pwd_mkdb.c So you can rebuild an reinstall usr.sbin/pwd_mkdb. Sorry for the inconvenience. -- Sebastien Marie
Vipw / pwd_mkdb not working
Hi, When I try to edit the master.passwd (as root) with vipw I get the following error when saving: pwd_mkdb: /etc/spwd.db.tmp to /etc/spwd.db: Operation not permitted Any suggestions on how to fix this? OS: OpenBSD 5.8-current (GENERIC.MP) #1568: Wed Nov 4 20:48:36 MST 2015 Arch: AMD64 Kind regards, Martijn Rijkeboer
Re: 5.8-release building mutt from ports fails
On Thu, Nov 05, 2015 at 11:13:19AM +, Stuart Henderson wrote: On 2015-11-04, Tati Chevron wrote: On a freshly installed 5.8-release, I am unable to build mutt from source using the ports tree. You could remove the USE_SYSTRACE line from mk.conf. I tried this on Chris's suggestion, and the build completes, but it's always built with systrace enabled on previous releases. Is there some reason to not simply use the packages though? You'll end up with a lot less junk installed on your system than building it yourself. I need to patch the mutt source to improve handling of keyboards with keys beyond F12. For example, at the moment adding bindings for F15-F24 fails. -- Tati Chevron Perl and FORTRAN specialist. SWABSIT development and migration department. http://www.swabsit.com
Re: 5.8-release building mutt from ports fails
On Thu, Nov 05, 2015 at 12:18:23PM +, Stuart Henderson wrote: On 2015/11/05 11:42, Tati Chevron wrote: >Is there some reason to not simply use the packages though? You'll end up >with a lot less junk installed on your system than building it yourself. I need to patch the mutt source to improve handling of keyboards with keys beyond F12. For example, at the moment adding bindings for F15-F24 fails. Fair enough. Things will go a bit smoother if you pkg_add the build dependencies though (libidn, lynx, docbook-xsl, qdbm) Have you tried to get this diff upstream at all? It shouldn't be too controversial and would help other users and make things easier for you. Not yet, but you're right, I probably should do. On 2015-11-04, Tati Chevron wrote: But what's changed to cause this new behaviour? cp(1) changed from using chflags to chflagsat to preserve nanosecond precision in timestamps. I think most ports developers stopped using systrace when the support to run "make fake" as non-root was added, so as you're finding out it's more likely to break now (it also slows down builds a fair bit, and can cause the build to behave differently than without systrace e.g. autoconf checks could behave differently, or bad codepaths could be taken in programs when system calls fail that they aren't expecting). So is the use of systrace as described in the FAQ 15.3.3, now depreciated? Or will these breakages still be fixed as they're discovered? I've just noticed that the list server is silently dropping some of my mail... Odd. -- Tati Chevron Perl and FORTRAN specialist. SWABSIT development and migration department. http://www.swabsit.com
Re: Iked, ca_getreq: no valid local certificate found
Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry. http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca .cnf The openssl.cnf version broke and we somehow didn't install ikeca.cnf by default. Reyk > On 05.11.2015, at 08:28, Toyam Cox wrote: > > Ho misc@, > > I have been (loosely) following the guide at > http://puffysecurity.com/wiki/openikedoffshore.html and have run into > a roadblock. > > I have packets going between my two hosts on different networks, the > configuration files on both are good, and both have the ca installed. > > However on my remote host, I get (ips and hostnames redacted): > Nov 5 01:38:14 hostname iked[7047]: ikev2_msg_send: IKE_SA_INIT > request from $local_wan:500 to $remote.168:500 msgid 0, 534 bytes > Nov 5 01:38:14 hostname iked[7047]: ikev2_recv: IKE_SA_INIT response > from responder $remote8:500 to $local:500 policy 'policy1' id 0, 471 > bytes > Nov 5 01:38:14 hostname iked[12679]: ca_getreq: no valid local > certificate found > > This is coupled with, as I create the ca key... > # ikectl ca vpn1 create > CA passphrase: > Retype CA passphrase: > [stuff-happens-and-inputs] > Getting Private key > Using configuration from /etc/ssl/openssl.cnf > variable lookup failed for ca::default_ca > 24387713617796:error:0E06D06C:configuration file > routines:NCONF_get_string:no > value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:3 23:group=ca > name=default_ca > > I've checked the mail logs for misc@ and found a person in August with > this problem, http://marc.info/?l=openbsd-misc&m=133675466519976&w=2 > > Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me. > Variable lookup still failed. > > Thank you for any help.
Re: Iked, ca_getreq: no valid local certificate found
Em 05-11-2015 05:28, Toyam Cox escreveu: > Unfortunately, editing /etc/ssl/x509v3.cnf didn't work for me. > Variable lookup still failed. You need to recreate the certs. Each time you create one, you'll need to edit x509v3 to match the cert being created. At least this did the trick for me. Cheers, Giancarlo Razzolini
Re: 5.8-release building mutt from ports fails
On 2015/11/05 11:42, Tati Chevron wrote: > >Is there some reason to not simply use the packages though? You'll end up > >with a lot less junk installed on your system than building it yourself. > > I need to patch the mutt source to improve handling of keyboards with > keys beyond F12. For example, at the moment adding bindings for F15-F24 > fails. Fair enough. Things will go a bit smoother if you pkg_add the build dependencies though (libidn, lynx, docbook-xsl, qdbm) Have you tried to get this diff upstream at all? It shouldn't be too controversial and would help other users and make things easier for you. On 2015-11-04, Tati Chevron wrote: > But what's changed to cause this new behaviour? cp(1) changed from using chflags to chflagsat to preserve nanosecond precision in timestamps. I think most ports developers stopped using systrace when the support to run "make fake" as non-root was added, so as you're finding out it's more likely to break now (it also slows down builds a fair bit, and can cause the build to behave differently than without systrace e.g. autoconf checks could behave differently, or bad codepaths could be taken in programs when system calls fail that they aren't expecting).
Re: 5.8-release building mutt from ports fails
On 2015-11-04, Tati Chevron wrote: > On a freshly installed 5.8-release, I am unable to build mutt from source > using the ports tree. You could remove the USE_SYSTRACE line from mk.conf. Is there some reason to not simply use the packages though? You'll end up with a lot less junk installed on your system than building it yourself.
misc@openbsd.org
On 2015-11-04, Toyam Cox wrote: > The default setting for "do-not-query-localhost" is "yes". > You may want to add "do-not-query-localhost: no" to your config in the > "server" section. Right. > On Wed, Nov 4, 2015 at 11:25 AM, Gregory Edigarov wrote: >> Hello, >> >> Trying to make unbound and nsd co-exist on one server, the goal is to have >> unbound listen for all requests redirecting requests for local zones to nsd: >> nsd.conf Just to make sure, this is just a local-only zone? (this approach won't work correctly for zones that receive queries from other resolvers). >> server: >> server-count: 1 >> database: "/var/lib/nsd3/nsd.db" Don't use 'database', just let it run in memory. I've had problems with this before, I think it may assume UBC.
Re: Ethernet not working
do we have a compatibility list somewhere ? or can we find via mandocs page? Thanks, On Wed, Nov 4, 2015 at 5:42 PM, Atanas Vladimirov wrote: > On 04.11.2015 11:44, Jonathan Gray wrote: > >> On Wed, Nov 04, 2015 at 10:15:11AM +0100, Stefan Sperling wrote: >> >>> On Wed, Nov 04, 2015 at 01:53:33PM +0530, Jay Patel wrote: >>> > "Attansic Technology AR8172" rev 0x10 at pci1 dev 0 function 0 not >>> configured >>> >>> That's your ethernet device. The 'not configured' message means >>> there is no driver support in OpenBSD for this device yet. >>> >>> It looks like Linux has a driver for it, called alx. >>> >>> FreeBSD does not have a driver for this device either. >>> >> >> FreeBSD and NetBSD had sizable patches to alc(4) to support >> that and related variants. Anyone interested in making >> these parts work should look at those patches. >> > > Someone with good skills in programming can make better patch (as Jonathan > suggested from the following thread [0]). > > [0] http://marc.info/?l=openbsd-tech&m=142774177502625&w=2
Intel I218-V NIC -- hardware initialization failed
Hi! I'm trying out a Lenovo E450, and the wired NIC gives me this error in dmesg: em0 at pci0 dev 25 function 0 "Intel I218-V" rev 0x04: msi em0: Hardware Initialization Failed em0: Unable to initialize the hardware I've read some shenanigans about the I217 in the archives of not working for someone, but I'm not sure what difference does that one digit mean. Is there a patch floating around that needs testing and not committed yet? I've attached the dmesg, pcidump and usbdevs output. Daniel dmesg: OpenBSD 5.8-current (GENERIC.MP) #1566: Tue Nov 3 23:35:49 MST 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 4198158336 (4003MB) avail mem = 4066795520 (3878MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xbcdfd000 (62 entries) bios0: vendor LENOVO version "J5ET41WW (1.12 )" date 12/08/2014 bios0: LENOVO 20DC008DHV acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA SSDT UEFI POAT BATB FPDT UEFI acpi0: wakeup devices LID_(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz, 1596.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz, 1596.31 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz, 1596.31 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz, 1596.31 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 4 (EXP3) acpiprt4 at acpi0: bus 5 (EXP6) acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: AMD3, resource for PEG_ acpipwrres2 at acpi0: AMD2, resource for PEG_ acpitz0 at acpi0: critical temperature is 127 degC acpibtn0 at acpi0: LID_ acpibat0 at acpi0: BAT0 model "LNV-45N1" serial 11250 type LION oem "LGC" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 cpu0: Enhanced SpeedStep 1596 MHz: speeds: 1701, 1700, 1600, 1500, 1400, 1300, 1200, 1100, 1000, 900, 800, 782 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x0b inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b drm0 at inteldrm0 inteldrm0: msi inteldrm0: 1366x768 wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emula
