Re: Hangup at "setting tty flags" after installation of puc(4) addon pci card

[Jan Stary]

On Nov 22 22:17:42, m-griepent...@t-online.de wrote:
> On 11/22/17 15:37, Jens A. Griepentrog wrote:
> > Dear Misc Listeners,
> > 
> > After the installation of a Logilink PC0017 4x serial puc(4) addon
> > card, my system initially hung at "setting tty flags" at boot.
> > After a reboot in single-user mode, from now on the hang-ups are
> > gone away also in multi-user mode but it seems to me that only two
> > of the four additional serial ports are configured. This will be no
> > drama since, in fact, I only need two additional serial ports.
> > 
> > ... schnipp ...
> 
> I have to correct myself, the hangups occur again from time to time
> when booting in multi-user mode and disappear after some intermediate
> reboots in single-user mode. I will disassemble that addon card soon.

https://marc.info/?l=openbsd-misc&m=148852721016079&w=2

Re: public key-only accounts

[Jan Stary]

On Nov 22 15:33:04, kgo...@gmail.com wrote:
> On Tue, Nov 21, 2017 at 1:50 AM, Jan Stary  wrote:
> >   Running security(8):
> >
> >   Checking the /etc/master.passwd file:
> >   Login maxa is off but still has a valid shell and alternate access files 
> > in
> >home directory are still readable.
> >
> >
> > According to master.passwd(5)
> >
> >  login accounts not allowing password authentication but allowing
> >  other authentication methods, for example public key 
> > authentication,
> >  conventionally have 13 asterisks in the password field.
> >
> > but adduser did not put 13 asterisks in the password field (just '*')
> > and security(8)'s check_passwd() seems to have no notion of
> > '13 asterisks in the password field' - the login is just considered 'off'
> > if $pwd !~ /^\$[0-9a-f]+\$/
> >
> > Is the info in master.passwd(5) still valid?
> > Should adduser put '*' as the passwd for such accounts?
> > (I do see accounts with 13 asterisks for passwd, e.g. _postgresql.)
> 
> The 13 asterisks trick does work.

Yes it does - changing the user's passwd to 13 asterisks with vipw
makes security(8) recognize it as such.

> length $pwd != 13 &&

Yes, that's what I missed. Thanks.

> It does make sense to me that adduser(8) should put in 13 asterisks
> instead of 1 but until now I have remained silent because I did not
> have any diff to submit.
> 
> In the meantime I have been using vipw(8) to manually set the 13
> asterisks on the appropriate accounts.  In my case I am using such
> accounts for remote backups via SSH, and I had the same issue with
> security notifications.  I did not want to just ignore the messages
> because that leads to bad habits.

I believe now that it's intended: an account with a passwd of '*'
is not supposed to log in; if he is, like with a ssh key,
explicitly change it to '*' with vipw.

Jan

Re: Any advice on a dedicated remote access server

[lists]

Wed, 22 Nov 2017 10:36:17 -0700 
> Well, I screwed up things by taking a long break from everything and
> leaving things on auto-pilot. The company which had earlier bought the
> server company I use shut down the server service.
> 
> I'm located right now in Washington state in the US.
> But I'm also concerned about how much the quacks in power here are
> trying to screw up Internet access and working against encryption.
> So I'm seriously thinking that getting something outside of the US would
> be a good thing.
> 
> I run very little traffic, web server, email, PostgreSQL.
> So I want something cheap, don't want any management, definitely 2 IP's
> but would like to be able to add a few more for https.
> 
> I apologize for this message probably coming out at a hideous width, but
> I am using the horrible Godaddy email service which is my emergency
> email in cases of disaster.
> 
> Thanks for any help.
> Chris Bennett
> 

Hi Chris,

Check these out:  inexpensive, Canada and France locations, self support
business sufficient servers that run well virtio(4) OpenBSD on KVM/Qemu.

https://www.soyoustart.com/us/essential-servers/

Good networking and plenty of CPU power & storage options for the task..
not related to the company, neither affiliate, long time industry admin.

Kind regards,
Anton Lazarov

Re: Hangup at "setting tty flags" after installation of puc(4) addon pci card

[Nick Holland]

On 11/22/17 09:37, Jens A. Griepentrog wrote:
> Dear Misc Listeners,
> 
> After the installation of a Logilink PC0017 4x serial puc(4) addon card,
> my system initially hung at "setting tty flags" at boot. After a reboot
> in single-user mode, from now on the hang-ups are gone away also in
> multi-user mode but it seems to me that only two of the four
> additional serial ports are configured. This will be no drama since,
> in fact, I only need two additional serial ports.
> 
> Please, find below the corresponding output of dmesg or pcidump.
> 
> Thank you very much and with best regards,
> Jens

I've ... had the same troubles with similar cards.  I don't think I ever
put one in a MP machine before, but what I found is that the machines I
wanted to use it with (old PII/PIII/celeron systems) refused to finish
booting, hanging exactly as you describe.  On a P4 system, they WOULD
boot, but took me a while to realize there was something wrong -- very
high power consumption, fans running too fast/system running too hot,
and a very high interrupt load for no obvious reason.  Remove the card,
the machine would return to "normal" operation.  And that was on cards
where the ports were recognized properly (and also several years ago).

I've since given up on the things, and been using 8 serial port to one
USB port devices, which seem to work much better.  Every once in a long
while they require a reboot of the computer or the unplugging and
replugging of the USB port to reset them, so only use them on dedicated
terminal servers.  I have a couple that cost around the $100 point, as I
recall, far less trouble than the NetMos chip cards gave me.

Nick.

> 
> $ dmesg
> OpenBSD 6.1 (GENERIC.MP) #24: Wed Oct  4 18:47:09 CEST 2017
>  
> rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 17154113536 (16359MB)
> avail mem = 16629542912 (15859MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf06f0 (62 entries)
> bios0: vendor American Megatrends Inc. version "0705" date 06/29/2010
> bios0: ASUSTeK Computer INC. P7F-M WS
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
> acpi0: wakeup devices BR1E(S4) UAR1(S4) PS2K(S4) EUSB(S4) USB0(S4) 
> USB1(S4) USB2(S4) USB3(S4) USBE(S4) USB4(S4) USB5(S4) USB6(S4) BR21(S4) 
> BR22(S4) BR23(S4) P0P1(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1867.00 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: TSC frequency 1866999600 Hz
> cpu0: smt 0, core 0, package 0
...

umb device, SIM has no PIN?

[Paul B. Henson]

I'm trying to get an LTE card working in MBIM mode with the umb device
driver, but it just keeps saying "SIM not initialized PIN required". The
SIM isn't PIN locked, as far as I know the SIM has no PIN. I've tested
the card and SIM under linux on the exact same system and was able to
get it working fine just by supplying the APN.

The card is a Sierra Wireless MC7455; to get it working with the umb
driver I did have to disable the umsm driver as for some reason that one
claimed it first. Once that driver was disabled the umb driver seemed
happy with it:

umb0 at uhub2 port 3 configuration 1 interface 12 "Sierra Wireless, 
Incorporated Sierra Wireless MC7455 Qualcomm\M-. Snapdragon? X7 LTE-A" rev 
2.10/0.06 add r 3
ugen0 at uhub2 port 3 configuration 1 "Sierra Wireless, Incorporated Sierra 
Wireless MC7455 Qualcomm\M-. Snapdragon? X7 LTE-A" rev 2.10/0.06 addr 3

After boot, the interface looked like:

umb0: flags=8810 mtu 1500
index 6 priority 0 llprio 3
roaming disabled registration unknown
state down cell-class none
SIM not initialized PIN required
status: down

I set the APN and tried to bring it up:

umb0: flags=8811 mtu 1500
index 6 priority 0 llprio 3
roaming disabled registration unknown
state down cell-class none
SIM not initialized PIN required
APN r.ispsn
status: down

But it still just says the SIM is not initialized. After a minute or two,
it starts logging these to the console:

umb0: state change timeout
umb0: state change timeout
umb0: state change timeout
umb0: state change timeout


Am I missing something? This card isn't listed explicitly as being
compatible, is there a problem with the driver and this particular card?

Under linux, the serial control interfaces were available as USB devices
so you could poke at the card with AT commands, I don't see any listed
booted under openbsd. The umb driver doesn't support accessing the card
directly for debugging and diagnostics?

Thanks...

Re: kernel reordering and config -e

[Paul B. Henson]

On Wed, Nov 22, 2017 at 04:45:59PM +, Kevin Chadwick wrote:

> I believe the second scenario would need /dev/mem access making it a
> larger change than it first appears (config with a new option could
> possibly save the original kernel file and compare the two kernel
> files).

Ah, I didn't mean that; I meant save your interactive 'config -e'
session in a file that could be played back later. IE, you run 'config
-e - /etc/ukc.conf ...', then type 'change x', 'disable y' etc,
and then when you 'quit', config would write a transcript of your
changes to /etc/ukc.conf such that 'config -e -

Re: Hangup at "setting tty flags" after installation of puc(4) addon pci card

[Jens A. Griepentrog]

On 11/22/17 22:17, Jens A. Griepentrog wrote:

On 11/22/17 15:37, Jens A. Griepentrog wrote:

Dear Misc Listeners,

After the installation of a Logilink PC0017 4x serial puc(4) addon
card, my system initially hung at "setting tty flags" at boot.
After a reboot in single-user mode, from now on the hang-ups are
gone away also in multi-user mode but it seems to me that only two
of the four additional serial ports are configured. This will be no
drama since, in fact, I only need two additional serial ports.



I have to correct myself, the hangups occur again from time to time
when booting in multi-user mode and disappear after some intermediate
reboots in single-user mode. I will disassemble that addon card soon.

With best regards,
Jens



The system configures the chip on my Logilink PC0017 card (with four
serial ports) as "NetMos Nm9865".

Following /src/sys/dev/pci/pucdata.c it expects six serial ports
...
/* NetMos 6S PCI 16C650 : 6S
 * Shows up as three PCI devices, two with a single serial
 * port and one with four serial ports (on a special ISA
 * extender chip).
 */
{   /* "NetMos NM9865 6 UART: 1 UART" */
{   PCI_VENDOR_NETMOS, PCI_PRODUCT_NETMOS_NM9865, 0xa000, 0x1000 },
{   0x, 0x,   0x, 0x },
{
{ PUC_COM_POW2(0), 0x10, 0x },
},
},
{   /* "NetMos NM9865 6 UART: 4 UART ISA" */
{   PCI_VENDOR_NETMOS, PCI_PRODUCT_NETMOS_NM9865, 0xa000, 0x3004 },
{   0x, 0x,   0x, 0x },
{
{ PUC_COM_POW2(0), 0x10, 0x },
{ PUC_COM_POW2(0), 0x14, 0x },
{ PUC_COM_POW2(0), 0x18, 0x },
{ PUC_COM_POW2(0), 0x1c, 0x },
},
},
...
but finds only two of four
...
puc0 at pci7 dev 2 function 0 "NetMos Nm9865" rev 0x00: ports: 1 com
com4 at puc0 port 0 apic 7 int 21: st16650, 32 byte fifo
puc1 at pci7 dev 2 function 1 "NetMos Nm9865" rev 0x00: ports: 1 com
com5 at puc1 port 0 apic 7 int 22: st16650, 32 byte fifo
"NetMos Nm9865" rev 0x00 at pci7 dev 2 function 2 not configured
...
and shows three PCI devices
...
 7:2:0: NetMos Nm9865
0x: Vendor ID: 9710 Product ID: 9865
0x0004: Command: 0107 Status: 0290
0x0008: Class: 07 Subclass: 00 Interface: 02 Revision: 00
0x000c: BIST: 00 Header Type: 80 Latency Timer: 40 Cache Line 
Size: 08

0x0010: BAR io addr: 0xec00/0x0008
0x0014: BAR mem 32bit addr: 0xfbeff000/0x1000
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR mem 32bit addr: 0xfbefe000/0x1000
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: a000 Product ID: 1000
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0e Min Gnt: 00 Max Lat: 00
0x0048: Capability 0x01: Power Management
State: D0
 7:2:1: NetMos Nm9865
0x: Vendor ID: 9710 Product ID: 9865
0x0004: Command: 0107 Status: 0290
0x0008: Class: 07 Subclass: 00 Interface: 02 Revision: 00
0x000c: BIST: 00 Header Type: 80 Latency Timer: 40 Cache Line 
Size: 08

0x0010: BAR io addr: 0xe880/0x0008
0x0014: BAR mem 32bit addr: 0xfbefd000/0x1000
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR mem 32bit addr: 0xfbefc000/0x1000
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: a000 Product ID: 1000
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 02 Line: 03 Min Gnt: 00 Max Lat: 00
0x0048: Capability 0x01: Power Management
State: D0
 7:2:2: NetMos Nm9865
0x: Vendor ID: 9710 Product ID: 9865
0x0004: Command: 0107 Status: 0290
0x0008: Class: 07 Subclass: 80 Interface: 00 Revision: 00
0x000c: BIST: 00 Header Type: 80 Latency Timer: 40 Cache Line 
Size: 08

0x0010: BAR io addr: 0xe080/0x0008
0x0014: BAR io addr: 0xe800/0x0008
0x0018: BAR io addr: 0xe480/0x0008
0x001c: BAR io addr: 0xe400/0x0008
0x0020: BAR mem 32bit addr: 0xfbefb000/0x1000
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: a000 Product ID: 3002
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 03 Line: 07 Min Gnt: 00 Max Lat: 00
0x0048: Capability 0x01: Power Management
State: D0
...

But the imprint on the chip of my Logilink PC0017 card (with four
serial ports) is "MosChip MCS9865" which would correspond to
...
/* "MosChip MCS9865 Quad Ser

Re: Hangup at "setting tty flags" after installation of puc(4) addon pci card

[Jens A. Griepentrog]

On 11/22/17 15:37, Jens A. Griepentrog wrote:

Dear Misc Listeners,

After the installation of a Logilink PC0017 4x serial puc(4) addon
card, my system initially hung at "setting tty flags" at boot.
After a reboot in single-user mode, from now on the hang-ups are
gone away also in multi-user mode but it seems to me that only two
of the four additional serial ports are configured. This will be no
drama since, in fact, I only need two additional serial ports.

... schnipp ...


I have to correct myself, the hangups occur again from time to time
when booting in multi-user mode and disappear after some intermediate
reboots in single-user mode. I will disassemble that addon card soon.

With best regards,
Jens

Re: public key-only accounts

[Kenneth Gober]

On Tue, Nov 21, 2017 at 1:50 AM, Jan Stary  wrote:
>   Running security(8):
>
>   Checking the /etc/master.passwd file:
>   Login maxa is off but still has a valid shell and alternate access files in
>home directory are still readable.
>
>
> According to master.passwd(5)
>
>  login accounts not allowing password authentication but allowing
>  other authentication methods, for example public key authentication,
>  conventionally have 13 asterisks in the password field.
>
> but adduser did not put 13 asterisks in the password field (just '*')
> and security(8)'s check_passwd() seems to have no notion of
> '13 asterisks in the password field' - the login is just considered 'off'
> if $pwd !~ /^\$[0-9a-f]+\$/
>
> Is the info in master.passwd(5) still valid?
> Should adduser put '*' as the passwd for such accounts?
> (I do see accounts with 13 asterisks for passwd, e.g. _postgresql.)

The 13 asterisks trick does work.  Look at security(8) again, but one
line higher:

length $pwd != 13 &&

It does make sense to me that adduser(8) should put in 13 asterisks
instead of 1 but until now I have remained silent because I did not
have any diff to submit.

In the meantime I have been using vipw(8) to manually set the 13
asterisks on the appropriate accounts.  In my case I am using such
accounts for remote backups via SSH, and I had the same issue with
security notifications.  I did not want to just ignore the messages
because that leads to bad habits.

-ken

Re: PATCH: cwm move window to {top,bottom}{left,right} corners

[Julien Steinhauser]

A long time ago sent Dimitris Papastamos a patch to misc which
let one send X clients to corners.[0]

I think it is useful so thank you Dimitris!
With some minor editing it still builds on current.

I have no use of window-move-{up,down,right,left}{,-big} but X client
corner warping is done on a regular basis.

At the time it did not receive the attention it (IMO) deserves.
Maybe was it because "feature" was written on the first line? ;)
I know featuritis is considered a disease around here and
I'm happy it is but here is an updated version anyway.

This version lacks the keybindings from the initial patch,
it also lacks for now a change in the man pages.
I use it with the following in ~/.cwmrc:

bind-key 4S-Leftwindow-movebottomleft
bind-key 4S-Right   window-movebottomright
bind-key 4S-XF86Backwindow-movetopleft
bind-key 4S-XF86Forward window-movetopright

I know these are not standards keys found on every keyboard,
but Thinkpads are not exotic beasts in this land so it might
be an helpful start to some of you and every declinaison of h j k l
was already in use in the default config.

OK?

[0] https://marc.info/?l=openbsd-misc&m=140344759017419&w=2

Index: calmwm.h
===
RCS file: /cvs/xenocara/app/cwm/calmwm.h,v
retrieving revision 1.341
diff -u -p -r1.341 calmwm.h
--- calmwm.h14 Jul 2017 17:23:38 -  1.341
+++ calmwm.h22 Nov 2017 19:21:47 -
@@ -54,6 +54,10 @@
 #define CWM_DOWN   0x0002
 #define CWM_LEFT   0x0004
 #define CWM_RIGHT  0x0008
+#define CWM_TOP_LEFT0x0100
+#define CWM_BOTTOM_LEFT 0x0200
+#define CWM_TOP_RIGHT  0x0400
+#define CWM_BOTTOM_RIGHT   0x0800
 #define CWM_BIGAMOUNT  0x0010
 #define DIRECTIONMASK  (CWM_UP | CWM_DOWN | CWM_LEFT | CWM_RIGHT)
 
@@ -476,6 +480,7 @@ void 
kbfunc_client_toggle_hmaximize(v
 voidkbfunc_client_toggle_vmaximize(void *, struct cargs *);
 voidkbfunc_client_htile(void *, struct cargs *);
 voidkbfunc_client_vtile(void *, struct cargs *);
+voidkbfunc_client_move_edge(void *, struct cargs *);
 voidkbfunc_client_cycle(void *, struct cargs *);
 voidkbfunc_client_toggle_group(void *, struct cargs *);
 voidkbfunc_client_movetogroup(void *, struct cargs *);
Index: conf.c
===
RCS file: /cvs/xenocara/app/cwm/conf.c,v
retrieving revision 1.233
diff -u -p -r1.233 conf.c
--- conf.c  14 Jul 2017 17:23:38 -  1.233
+++ conf.c  22 Nov 2017 19:21:48 -
@@ -67,6 +67,14 @@ static const struct {
{ "window-delete", kbfunc_client_delete, CWM_CONTEXT_CC, 0 },
{ "window-htile", kbfunc_client_htile, CWM_CONTEXT_CC, 0 },
{ "window-vtile", kbfunc_client_vtile, CWM_CONTEXT_CC, 0 },
+   { "window-movetopleft", kbfunc_client_move_edge, CWM_CONTEXT_CC,
+   (CWM_TOP_LEFT) },
+   { "window-movebottomleft", kbfunc_client_move_edge, CWM_CONTEXT_CC,
+   (CWM_BOTTOM_LEFT) },
+   { "window-movetopright", kbfunc_client_move_edge, CWM_CONTEXT_CC,
+   (CWM_TOP_RIGHT) },
+   { "window-movebottomright", kbfunc_client_move_edge, CWM_CONTEXT_CC,
+   (CWM_BOTTOM_RIGHT) },
{ "window-stick", kbfunc_client_toggle_sticky, CWM_CONTEXT_CC, 0 },
{ "window-fullscreen", kbfunc_client_toggle_fullscreen, CWM_CONTEXT_CC, 
0 },
{ "window-maximize", kbfunc_client_toggle_maximize, CWM_CONTEXT_CC, 0 },
@@ -666,6 +674,51 @@ conf_grab_mouse(Window win)
BUTTONMASK, GrabModeAsync, GrabModeSync,
None, None);
}
+   }
+}
+
+void
+kbfunc_client_move_edge(void *ctx, struct cargs *cargs)
+{
+   struct client_ctx   *cc = ctx;
+   struct screen_ctx   *sc = cc->sc;
+   struct geom xine;
+   int  flags;
+
+   /*
+* pick screen that the middle of the window is on.
+* that's probably more fair than if just the origin of
+* a window is poking over a boundary
+*/
+   xine = screen_area(sc,
+   cc->geom.x + cc->geom.w / 2,
+   cc->geom.y + cc->geom.h / 2, CWM_GAP);
+
+   flags = cargs->flag;
+
+   switch (flags) {
+   case CWM_TOP_LEFT:
+cc->geom.x = xine.x;
+cc->geom.y = xine.y;
+client_move(cc);
+break;
+   case CWM_BOTTOM_LEFT:
+cc->geom.x = xine.x;
+cc->geom.y = xine.y + xine.h - cc->geom.h - cc->bwidth * 2;
+client_move(cc);
+break;
+   case CWM_TOP_RIGHT:
+cc->geom.x = xine.x + xine.w - cc->geom.w - cc->bwidth * 2;
+cc->geom.y = xi

Re: kernel_relinking failed

[Kevin Chadwick]

On Wed, 22 Nov 2017 17:58:48 + (UTC)


> Of course, it is senseless to reorder kernel more than one time when
> the computer is up. But for the above reason, it is obviously
> not necessary to do it after any boot. You can do it manually
> from time to time, when the computer is up and you do not need it.
> 

I disagree, in fact rebooting servers after say an unexpected
behaviour or to get a reorder is a good thing. If you do it manually
you are unlikely to do it when you should. I still don't see why
exactly. 

> The question that remains, is, if it is not a problem to do it
> at any reboot. It depends on your hardware and on how you
> use OpenBSD.
>
Even on an 366mhz i386 it does not take very long??

> I like silent, slow computers. reorder_kernel is
> disabled when /usr/share is on a nfs mounted, namely, for a diskless
> machine, but there are other situations, for example when you
> boot from slow flash memory attached to USB and want it also
> readonly.
> 

Fair enough I get that but personally I would dump the 10,000 write
flash memory.
 
> 
> I mean something else: the complexity of the booting process.
> And of course I want to have the computer booted as soon as
> possible, and the slow reorder_kernel and library reordering
> is now part of the booting process.
> 

Actually it is a separate forked process ran at the very end, so not
really.

> > The script is in /usr/libexec if you must but to quote Theo to me a
> > number of times. "You own the pieces"  
> 
> If I disable KARL changing the file with the checksum, running
> /usr/libexec/reorder_kernel.sh has no effect. It remains to
> comment out its call in rc. The reordering of libraries can be
> disabled, but the definition of the procedure is embedded in rc
> and cannot be run manually.

Of course it can, check out the log maybe. I had to get a fresh tarball
from base62.tgz one time when I screwed it up though.

Re: cvs diff FAQ Ports Testing

[Theo Buehler]

> if I understand correctly: provide a short explanation, isn't-it?!

exactly.

> > yeah, the spacing around = in that file is somewhat arbitrary and
> > inconsistent. i'll have to think a bit what to do there. this one patch
> > doesn't really solve the problem, so i won't commit it as-is.
> OK.
> How can i help?

on second thought: i committed your diff. this tab looked too odd. the
other whitespace is somewhat inconsistent, but it isn't too bad. i'll
let it be. thanks, but i don't think you can help with that.

Re: cvs diff FAQ Ports Testing

[Stephane HUC "PengouinBSD"]

Le 11/22/17 à 19:57, Theo Buehler a écrit :
> (...)
> it would be more helpful if you said what you intend to do, like "remove
> an extra closing parenthesis".

if I understand correctly: provide a short explanation, isn't-it?!

> (...)
>
>> Previously, i mailed other diff, who has remained unanswered.
> yeah, the spacing around = in that file is somewhat arbitrary and
> inconsistent. i'll have to think a bit what to do there. this one patch
> doesn't really solve the problem, so i won't commit it as-is.
OK.
How can i help?

-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<

Stephane HUC as PengouinBSD or CIOTBSD
b...@stephane-huc.net

Re: cvs diff FAQ Ports Testing

[Theo Buehler]

> A new diff for page FAQ > Ports > Testing.

thanks, i committed this one. note that the path to the file is already
listed four times below, so the above info is not particularly useful :)

it would be more helpful if you said what you intend to do, like "remove
an extra closing parenthesis".

> Index: faq/ports/testing.html
> ===
> RCS file: /cvs/www/faq/ports/testing.html,v
> retrieving revision 1.37
> diff -u -p -r1.37 testing.html
> --- faq/ports/testing.html16 Oct 2017 21:21:27 -  1.37
> +++ faq/ports/testing.html22 Nov 2017 17:55:43 -


> Previously, i mailed other diff, who has remained unanswered.

yeah, the spacing around = in that file is somewhat arbitrary and
inconsistent. i'll have to think a bit what to do there. this one patch
doesn't really solve the problem, so i won't commit it as-is.

Re: kernel_relinking failed

[Roderick]

On Wed, 22 Nov 2017, Kevin Chadwick wrote:


I would preffer to run the script for relinking kernel from
time to time manually, and not run it at boot time. The same
for reordering libraries.


Why exactly?


A laptop that does not go to the internet is rebooted more than
a home PC with internet connection behind a router, the home PC
more than a server continously and directly exposed to the internet.
The less you need security, the most you are enjoying the security
benefit of KARL.

Of course, it is senseless to reorder kernel more than one time when
the computer is up. But for the above reason, it is obviously
not necessary to do it after any boot. You can do it manually
from time to time, when the computer is up and you do not need it.

The question that remains, is, if it is not a problem to do it
at any reboot. It depends on your hardware and on how you
use OpenBSD. I like silent, slow computers. reorder_kernel is
disabled when /usr/share is on a nfs mounted, namely, for a diskless
machine, but there are other situations, for example when you
boot from slow flash memory attached to USB and want it also
readonly.


Fair enough but doesn't apply here. Systemd sacrifices in many
usability areas for boot speed which is rarely faster


I mean something else: the complexity of the booting process.
And of course I want to have the computer booted as soon as
possible, and the slow reorder_kernel and library reordering
is now part of the booting process.


The script is in /usr/libexec if you must but to quote Theo to me a
number of times. "You own the pieces"


If I disable KARL changing the file with the checksum, running
/usr/libexec/reorder_kernel.sh has no effect. It remains to
comment out its call in rc. The reordering of libraries can be
disabled, but the definition of the procedure is embedded in rc
and cannot be run manually.

Rodrigo.

cvs diff FAQ Ports Testing

[Stephane HUC "PengouinBSD"]

Hi, all...

A new diff for page FAQ > Ports > Testing.

Index: faq/ports/testing.html
===
RCS file: /cvs/www/faq/ports/testing.html,v
retrieving revision 1.37
diff -u -p -r1.37 testing.html
--- faq/ports/testing.html  16 Oct 2017 21:21:27 -  1.37
+++ faq/ports/testing.html  22 Nov 2017 17:55:43 -
@@ -196,7 +196,7 @@ that all files can be easily packaged up

 
 The port should never install files outside of the fake directory
-such as into /usr/local).
+such as into /usr/local.

 
 GNU libtool occasionally has trouble relinking libraries during the fake



Previously, i mailed other diff, who has remained unanswered.

Is correct|normal the tabulation in TT text?
(into FAQ > Ports > SpecialTopics)

Index: faq/ports/specialtopics.html
===
RCS file: /cvs/www/faq/ports/specialtopics.html,v
retrieving revision 1.71
diff -u -p -r1.71 specialtopics.html
--- faq/ports/specialtopics.html12 Oct 2017 16:44:00 -  1.71
+++ faq/ports/specialtopics.html22 Nov 2017 17:55:43 -
@@ -325,7 +325,7 @@ Make sure you read the section about tro

 This script is normally run during the configure stage of ports building.
 To invoke the configure script, one only has to set
-CONFIGURE_STYLE=   gnu
+CONFIGURE_STYLE=gnu
 which will automatically invoke ${WRKSRC}/configure.

 

-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<

Stephane HUC as PengouinBSD or CIOTBSD
b...@stephane-huc.net

Any advice on a dedicated remote access server

[webmaster]

Well, I screwed up things by taking a long break from everything and
leaving things on auto-pilot. The company which had earlier bought the
server company I use shut down the server service.

I'm located right now in Washington state in the US.
But I'm also concerned about how much the quacks in power here are
trying to screw up Internet access and working against encryption.
So I'm seriously thinking that getting something outside of the US would
be a good thing.

I run very little traffic, web server, email, PostgreSQL.
So I want something cheap, don't want any management, definitely 2 IP's
but would like to be able to add a few more for https.

I apologize for this message probably coming out at a hideous width, but
I am using the horrible Godaddy email service which is my emergency
email in cases of disaster.

Thanks for any help.
Chris Bennett

Re: kernel reordering and config -e

[Kevin Chadwick]

On Tue, 21 Nov 2017 12:41:41 -0800

> Or would you want
> something more integrated into config where it would have a new
> command that would generate a file based on the current session, and
> a new option to process changes from a file rather than
> interactively? It looks like it would be difficult to detect errors
> in the first scenario, and I don't know if that would be an issue

I believe the second scenario would need /dev/mem access making it a
larger change than it first appears (config with a new option could
possibly save the original kernel file and compare the two kernel
files).

 -u Check to see if the kernel configuration was modified
at boot- time (i.e. boot -c was used).  If so, compare
the running kernel with the kernel to be edited
(infile).  If they seem to be the same, apply all
configuration changes performed at boot. Using this
option requires read access to /dev/mem, which may be
restricted based upon the value of the kern.allowkmem
sysctl(8).

Re: Kernel relinking fails after using config(8)

[Kevin Chadwick]

On Wed, 22 Nov 2017 10:57:32 +


> > would allow a system that needs inteldrm disabled to keep relinking
> > working?  
> 
> Having said that I probably won't need to anyway but I'm wondering,
> just in case.

Oops, apologies for missing the thread from three days ago!

RE: kernel reordering and config -e

[leo_tck]

"Ed Hynan"  wrote:
> No patch from OP yet,

Yeah, I'm sorry, my OpenBSD machine is currently air-gapped and is still
running 6.1 :(

It's been hectic IRL 'round here.

> so how about this: for someone needing config -e
> it's probably sufficient if /usr/libexec/reorder_kernel checks for
> a post-processing script, and invokes it if present and executable.
>
> If the patch is acceptable, I'll post a sample post-processing script
> that, for config -f -e, should only need one parameter change for
> specific needs.

I think that's better than my hack :)

Is it really a good idea to have the kernel file name hardcoded like
that? Granted, I usually use a symlink myself, but still...

--schaafuit.

Re: kernel reordering and config -e

[Ed Hynan]

On Mon, 20 Nov 2017, Theo de Raadt wrote:


If someone wants to solve this fully there have been some proposals
for keeping track of the instruction sequence, and attempting to
reapply it upon each relink in the build directory. There just hasn't
been any scripting changes to do that from anyone, and it isn't on my
radar as important.


How about making reorder_kernel do something like:

$ if test -f /etc/ukc.conf; then 

Hmm...  I can't seem to find a patch in there anywhere.



No patch from OP yet, so how about this: for someone needing config -e
it's probably sufficient if /usr/libexec/reorder_kernel checks for
a post-processing script, and invokes it if present and executable.

If the patch is acceptable, I'll post a sample post-processing script
that, for config -f -e, should only need one parameter change for
specific needs.

Patch (against 6.2 stable):
--- usr/libexec/reorder_kernel.orig Tue Oct  3 23:13:27 2017
+++ usr/libexec/reorder_kernel  Wed Nov 22 09:30:27 2017
@@ -30,6 +30,8 @@
 LOGFILE=$COMPILE_DIR/$KERNEL/relink.log
 PROGNAME=${0##*/}
 SHA256=/var/db/kernel.SHA256
+# optional local postprocessing, e.g. config -e
+POSTPROC=/etc/after-karl

 # Create kernel compile dir and redirect stdout/stderr to a logfile.
 mkdir -m 700 -p $COMPILE_DIR/$KERNEL
@@ -55,6 +57,11 @@
 cd $COMPILE_DIR/$KERNEL
 make newbsd
 make newinstall
+
+# optional local postprocessing, e.g. config -e
+if [[ -f $POSTPROC && -x $POSTPROC ]]; then
+   "$POSTPROC" /bsd "$SHA256" /dev/stdout
+fi

 echo "\nKernel has been relinked and is active on next reboot.\n"
 cat $SHA256

Hangup at "setting tty flags" after installation of puc(4) addon pci card

[Jens A. Griepentrog]

Dear Misc Listeners,

After the installation of a Logilink PC0017 4x serial puc(4) addon card,
my system initially hung at "setting tty flags" at boot. After a reboot
in single-user mode, from now on the hang-ups are gone away also in
multi-user mode but it seems to me that only two of the four
additional serial ports are configured. This will be no drama since,
in fact, I only need two additional serial ports.

Please, find below the corresponding output of dmesg or pcidump.

Thank you very much and with best regards,
Jens


$ dmesg
OpenBSD 6.1 (GENERIC.MP) #24: Wed Oct  4 18:47:09 CEST 2017

rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17154113536 (16359MB)
avail mem = 16629542912 (15859MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf06f0 (62 entries)
bios0: vendor American Megatrends Inc. version "0705" date 06/29/2010
bios0: ASUSTeK Computer INC. P7F-M WS
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices BR1E(S4) UAR1(S4) PS2K(S4) EUSB(S4) USB0(S4) 
USB1(S4) USB2(S4) USB3(S4) USBE(S4) USB4(S4) USB5(S4) USB6(S4) BR21(S4) 
BR22(S4) BR23(S4) P0P1(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1867.00 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 1866999600 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.73 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.73 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.73 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 7 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 7 (BR1E)
acpiprt2 at acpi0: bus -1 (BR21)
acpiprt3 at acpi0: bus -1 (BR22)
acpiprt4 at acpi0: bus -1 (BR23)
acpiprt5 at acpi0: bus -1 (P0P1)
acpiprt6 at acpi0: bus 1 (P0P3)
acpiprt7 at acpi0: bus -1 (P0P4)
acpiprt8 at acpi0: bus -1 (P0P5)
acpiprt9 at acpi0: bus -1 (P0P6)
acpiprt10 at acpi0: bus 2 (BR20)
acpiprt11 at acpi0: bus 5 (BR26)
acpiprt12 at acpi0: bus 6 (BR27)
acpicpu0 at acpi0: !C3(350@17 mwait.1@0x20), !C3(500@17 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: !C3(350@17 mwait.1@0x20), !C3(500@17 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: !C3(350@17 mwait.1@0x20), !C3(500@17 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: !C3(350@17 mwait.1@0x20), !C3(500@17 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS

"PNP0501" at acpi0 not configured
"PNP0303" at acpi0 not configured
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 1867 MHz: speeds: 1868, 1867, 1733, 1600, 1467, 
1333, 1200 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core DMI" rev 0x11
ppb0 at pci0 dev 3 function 0 "Intel Core PCIE" rev 0x11: msi
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 6450" rev 0x00
drm0 at radeondrm0
radeondrm0: msi
azalia0 at pci1 dev 0 function 1 "ATI Radeon HD 6400 Audio" rev 0x00: msi
azalia0: no supported codecs
"Intel Core Management" rev 0x11 at pci0 dev 8 function 0 not configured
"Intel Core Scratch" rev 0x11 at pci0 dev 8 function 1 not configured
"Intel Core Control" rev 0x11 at pci0 dev 8 function 2 not configured
"Intel Core Misc" rev 0x11 at pci0 dev 8 functio

Re: late ro remount to permit reorder_kernel on 6.2

[edgar]

 
 

 
 
 

 
 
 
 
 
>  
> On Nov 22, 2017 at 12:39 AM,wrote:
>  
>  
>  /usr can be mounted ro by moving all variable stuff to /var. This is 
> standard practice on embedded systems, and is also standard practice on any 
> unix system whose authors actually remember the meaning and purpose of /var. 
>
>  
>  
>
>  
>  I had neglected updating my soekris router because of this but finally 
> brought it up to 6.2 from 6.0 last week. Everything is ro except var and /. 
> Surprisingly I have had no issues. 

 
>  
>  Sent from ProtonMail Mobile On Sun, Oct 29, 2017 at 19:00, Theo de Raadt 
> wrote:  >>   >  On Sun, Oct 29, 2017 at 12:32:58PM +0100, Marko Cupa?? wrote: 
>  >   >   >  I know read-only setups are unsupported, modifying base files as  
> >   >   >  well, but if someone has an advice on what would be a better way 
> of  >   >   >  remounting local file systems read-only after kernel relinking 
> is done,  >   >   >  I'd be grateful.  >   >  You can use rc.local(8).  >   > 
>  Not really and btw. the OP uses it already.  >  The kernel relinking happens 
> at the end of rc in the background.  >  rc.local is run before. OP has all 
> the pieces. Once you start on your own road, noone else can really help. 
>  
 

Re: Intel's Management Technology is indeed vulnerable

[Lampshade]

Intel's firmware bugs:

Intel SA-00086
Intel ID:   INTEL-SA-00086
Product family: Various
Impact of vulnerability:Elevation of Privilege
Severity rating:Important
Original release:   Nov 20, 2017
Last revised:   Nov 21, 2017 

https://www.us-cert.gov/ncas/current-activity/2017/11/21/Intel-Firmware-Vulnerability

>From gadgets.ndtv.com:
Security research firm Positive Technologies has said it will demonstrate an 
exploit that allows the running of arbitrary unsigned code on any PC with an 
Intel 6th Gen 'Skylake' Core CPU or later. The security hole exists because of 
Intel's Management Engine, a tiny microprocessor that exists within the 
platform controller, or chipset, of every PC motherboard built for Intel 
processors. The Intel Management Engine (IME) was introduced to allow functions 
such as remote booting and administration, but it also handles the 
initialisation of the CPU and its power management.

Will Harris‏ on twitter comments satirically:
Intel advisory generator: "Multiple unspecified issues in unspecified component 
in unspecified platform of unspecified version allows unspecified process to 
access privileged content via unspecified vector."

Re: Kernel relinking fails after using config(8)

[Kevin Chadwick]

On Wed, 22 Nov 2017 10:36:16 +


> would allow a system that needs inteldrm disabled to keep relinking
> working?

Having said that I probably won't need to anyway but I'm wondering, just
in case.

Re: Kernel relinking fails after using config(8)

[Kevin Chadwick]

On Wed, 13 Sep 2017 19:56:25 -0600


> > Hello misc, I used config -ef on my current kernel, and after
> > rebooting, kernel relinking fails. The log only contains
> > "(SHA256) /bsd: FAILED"  
> 
> Yes, this is known.  If you take control of the kernel using various
> means, relinking deactivates.

I assume this includes compiling and running make install?

I guess updating

/var/db/kernel.SHA256 and the /usr/share/compile

would allow a system that needs inteldrm disabled to keep relinking
working?

Re: kernel_relinking failed

[Kevin Chadwick]

On Tue, 21 Nov 2017 17:11:34 + (UTC)


> I would preffer to run the script for relinking kernel from
> time to time manually, and not run it at boot time. The same
> for reordering libraries.
> 

Why exactly? If you shutdown straight away and the relinking works next
time then the window of investigating your gadget layout is as
insignificant as it can be. Doing it another way only increases that
risk.

> I also avoid to start deamons at boot time that I not need
> at the moment. See it as the opposite of the systemd ideology.

Fair enough but doesn't apply here. Systemd sacrifices in many
usability areas for boot speed which is rarely faster
(propaganda to get support?) especially with concurrency on HDD (single
head arm). I don't see an issue with relinking that decreases boot speed
slightly but may SAVE YOUR BUTT, when you least expect it to.

The script is in /usr/libexec if you must but to quote Theo to me a
number of times. "You own the pieces"

Remember, any issues with the current system like xenodm being held up
will be maintained and personally I don't see the benefit?