Re: How to have pf filter packets on combination of incoming and outgoing interface (for packets tra

[Martin Gignac]

> Not sure if it's going to be any use for your particular setup, but if
> these are coming in as AS External LSAs ("ospfctl sh da ext") and you
> have a way to get an "External route tag" set on them, you can have
> ospfd tag the routes with a route label, and then PF can match addresses
> on route labels. See "rtlabel" in ospfd.conf(5) and you can match with
> "route " in pf.conf where you would normally use an address or
> prefix.
>
> Another possibility would be if these subnets could be fed by BGP
> instead of OSPF. You can use any of the usual match rules (so criteria
> can include things like community, peer, nexthop, prefixes within a
> certain range, etc) to match incoming updates, and feed them straight
> into a PF table.

Thanks for these hints Stuart, I'll have to check them out!

-Martin

Re: OT: Yandex - was Re: Why is ftp option removed from installer?

[Patrick Dohman]

Their mirror appears to resolve correctly here in St Paul MN USA.
Incidentally why are there no African mirrors aka Kenya etc?
Regards
Patrick

> On May 8, 2018, at 2:27 PM, ropers  wrote:
> 
> On 8 May 2018 at 19:12, Leonid Bobrov  wrote:
> 
>> but in my country (Ukraine) Yandex is blocked,
>> but my ISP didn't block ftp://mirror.yandex.ru
> 
> 
> OT, but America also seems to mess with Yandex in weird ways, whereby at
> least some American users get Yandex.ru redirected to Yandex.ua, which very
> much looks like politically-motivated American sabotage of a major Russian
> digital enterprise.
> 
> Anybody else see this too? Are there any Americans (by IP-geolocation) who
> DON'T see this?
> 
> Apologies for the noise, but curiosity could not be contained.

Re: fdisk MBR contains more than one OpenBSD partition!

[Rodney Polkinghorne]

> Think of the fdisk partition as a way to mark off a part of the disk for
> OpenBSD.  It should generally be one contiguous block.  The beginning of
> *the* OpenBSD partition holds the disklabel, which is the important part
> for marking off OpenBSD disk (sub?)partitions.

I think it would it be helpful to say that in the "Each entry has a
type. ... This can be edited using disklabel(8)." paragraph of
fdisk(8).

Rodney

Is Rambler mirror shutdown?

[Leonid Bobrov]

Hi!

>From https://www.openbsd.org/anoncvs.html:
CVSROOT=anon...@openbsd.park.rambler.ru:/cvs
Location: Moscow, Russia.
Maintained by Dmitry Alenichev.
Protocols: ssh, ssh port 2022.

mazocomp$ opencvs -d anon...@openbsd.park.rambler.ru:/cvs up
ssh: connect to host openbsd.park.rambler.ru port 2022: Operation timed out
opencvs [update aborted]: the connection has been closed by the server
mazocomp$

Is that mirror ok?

Re: USB sound card not playing

[Jordan Geoghegan]

I would recommend looking here to start: 
https://www.openbsd.org/faq/faq13.html


You're going to have to configure sndiod to output to your secondary 
audio(4) device.


To quote from the above faq link:

"To change the default audio output device, for example to use an 
external DAC rather than your motherboard's onboard audio, just change 
sndiod(8) 's startup flags to use that 
device:


   #*rcctl set sndiod flags -f rsnd/1*
   #*rcctl restart sndiod*

This would make the second audio device (rsnd/1) the default."

I just followed the faq and man pages when I was trying to set up my 
Fiio E17k USB DAC, and everything has been working great.


On 05/09/18 07:06, John Wilkes wrote:

Hello Misc, I've got a set of speakers with a built-in sound card and I
want to attach them to my computer by USB. On attaching, I get the
message: uhub2 at uhub1 port 2 configuration 1 interface 0 "vendor 0x17a0
product 0x0200" rev 2.00/1.00 addr 3
uaudio0 at uhub2 port 1 configuration 1 interface 0 "Samson Technologies
StudioDock" rev 1.10/1.00 addr 4
uaudio0: audio rev 1.00, 2 mixer controls
audio1 at uaudio0
uhidev0 at uhub2 port 1 configuration 1 interface 2 "Samson Technologies
StudioDock" rev 1.10/1.00 addr 4
uhidev0: iclass 3/0
uhid0 at uhidev0: input=1, output=0, feature=0 How do I get sound to this
card? I've tried the following: aucat -f snd/1 -i track01.wav Setting
snd/0 works with the built-in audio, but no joy with the external card.
I've tried setting the link /dev/audio -> /dev/audio1, still nothing.
Looking through the archives got me 
this:http://openbsd-archive.7691.n7.nabble.com/Change-default-audiodevice-in-OpenBSD-current-td249547.html
I tried the suggestion for changing rc.conf.local(8), but nothing. Is
there anything else I can try? full dmesg below. Best regards, John
OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4158898176 (3966MB)
avail mem = 4025778176 (3839MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed750 (86 entries)
bios0: vendor Intel Corporation version
"RYBDWi35.86A.0249.2015.0529.1640" date 05/29/2015
bios0: Intel Corporation NUC5i3RYB
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT ASF! SSDT
SSDT SSDT DMAR
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
RP04(S4) PXSX(S4) RP05(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.46 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP
ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 
0xe3,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
acpitimer0: recalibrated TSC frequency 2095152072 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz
cpu3:

Re: How to have pf filter packets on combination of incoming and outgoing interface (for packets tra

[Stuart Henderson]

>> If you want PF, go back and read about it. Learn to handle it in the
>> way it was designed, don't try to blend it to whatever you used
>> before. It useless if you do that.

PF has evolved over time to fit in with what developers have needed...
Not to say that's something _anyone_ can do, but it's not set in stone
"you can only use it as designed" :)

On 2018-05-09, Martin Gignac  wrote:
> I get your point, I really do. I'm just trying to figure out a way
> *not* to have to specify each and every subnet behind a firewall
> interface as these will change dynamically over time and be learned
> via OSPF. That's why I was looking for a way to express filtering
> rules for forwarded traffic based on a combination of ingress and
> egress interfaces for cases where this is considered enough (i.e.
> specific subnets don't have to be expressed in the rule).

Not sure if it's going to be any use for your particular setup, but if
these are coming in as AS External LSAs ("ospfctl sh da ext") and you
have a way to get an "External route tag" set on them, you can have
ospfd tag the routes with a route label, and then PF can match addresses
on route labels. See "rtlabel" in ospfd.conf(5) and you can match with
"route " in pf.conf where you would normally use an address or
prefix.

Another possibility would be if these subnets could be fed by BGP
instead of OSPF. You can use any of the usual match rules (so criteria
can include things like community, peer, nexthop, prefixes within a
certain range, etc) to match incoming updates, and feed them straight
into a PF table.

Obviously it's not as simple as being able to do something like
"pass received-on vlan123 sent-on vlan456" (if there was code to support
such a thing) though..

Re: pkg_add with packages created by ports

[Marc Espie]

On Wed, May 09, 2018 at 01:08:49PM +, Mik J wrote:
>  Thank you Martijn for this quick answer.So should I do something likeexport 
> TRUSTED_PKG_PATH=/usr/ports/packages/amd64/all/

More or less, yep.

That's not done by default because you should make sure which packages you
built yourself, traceability being important.

You could also sign your own packages, which isn't that hard to do, though
generally not that useful, especially since you can install them on the
network thru a safe protocol (scp:// urls)

USB sound card not playing

[John Wilkes]

Hello Misc, I've got a set of speakers with a built-in sound card and I
want to attach them to my computer by USB. On attaching, I get the
message: uhub2 at uhub1 port 2 configuration 1 interface 0 "vendor 0x17a0
product 0x0200" rev 2.00/1.00 addr 3
uaudio0 at uhub2 port 1 configuration 1 interface 0 "Samson Technologies
StudioDock" rev 1.10/1.00 addr 4
uaudio0: audio rev 1.00, 2 mixer controls
audio1 at uaudio0
uhidev0 at uhub2 port 1 configuration 1 interface 2 "Samson Technologies
StudioDock" rev 1.10/1.00 addr 4
uhidev0: iclass 3/0
uhid0 at uhidev0: input=1, output=0, feature=0 How do I get sound to this
card? I've tried the following: aucat -f snd/1 -i track01.wav Setting
snd/0 works with the built-in audio, but no joy with the external card.
I've tried setting the link /dev/audio -> /dev/audio1, still nothing.
Looking through the archives got me 
this:http://openbsd-archive.7691.n7.nabble.com/Change-default-audiodevice-in-OpenBSD-current-td249547.html
I tried the suggestion for changing rc.conf.local(8), but nothing. Is
there anything else I can try? full dmesg below. Best regards, John
OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4158898176 (3966MB)
avail mem = 4025778176 (3839MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed750 (86 entries)
bios0: vendor Intel Corporation version
"RYBDWi35.86A.0249.2015.0529.1640" date 05/29/2015
bios0: Intel Corporation NUC5i3RYB
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT ASF! SSDT
SSDT SSDT DMAR
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
RP04(S4) PXSX(S4) RP05(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.46 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP
ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 
0xe3,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
acpitimer0: recalibrated TSC frequency 2095152072 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 2095.15 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimadt0: bogus nmi for apid 0
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpihpet0: recalibrated TSC frequency 2095138048 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 1 

Re: How to have pf filter packets on combination of incoming and outgoing interface (for packets tra

[Martin Gignac]

> If you want PF, go back and read about it. Learn to handle it in the
> way it was designed, don't try to blend it to whatever you used
> before. It useless if you do that.

I get your point, I really do. I'm just trying to figure out a way
*not* to have to specify each and every subnet behind a firewall
interface as these will change dynamically over time and be learned
via OSPF. That's why I was looking for a way to express filtering
rules for forwarded traffic based on a combination of ingress and
egress interfaces for cases where this is considered enough (i.e.
specific subnets don't have to be expressed in the rule).

Regards,
-Martin

Able to boot laptop from installer kernel but not from installed kernel

[Martin Gignac]

Hello,

I'm currently running Windows 10 on an HP ZBook 15 G4 and I am trying
to install OpenBSD 6.3 to a USB key so that I can boot it on this
laptop during times when I need something better than Windows for
network troubleshooting (such as proper VLAN support).

Unfortunately, while the install goes well I am unable to properly
boot from the key. Here's a summary of what I did:

1. Put 'install63.fs' on a USB key.

2. Boot laptop from key. No problems here.

3. Run the installer and install to a second, connected USB key using
the 'whole disk (G)PT' option at the partitioning step.

4. Reboot and try to boot from the newly-installed key.

5. While a lot of "acpitzX" messages are flying by suddenly there is a
panic, lots of stuff gets written to the screen, and then I arrive at
the 'ddb>' prompt.

6. If I boot again and disable ACPI from the kernel config then the
panic doesn't occur, but many "uhubX: device problem, disabling port
X" lines eventually appear in succession, and the boot process
suddenly stops at "scsibus4 at softraid0: 256 targets" and stays there
forever.

Since the key with 'install63.fs' booted just fine I'm pretty sure
there's a way I can get OpenBSD to boot on this laptop, but I don't
know the differences between the kernel used during install and the
"normal" kernel so I don't know why the normal one has issues. I'm
also completely clueless about the kernel debugger so I don't know
where to start to find the cause of my problem.

Does anybody have any advice on how I can get OpenBSD to boot properly
from the USB key on my laptop?

Thanks,
-Martin

P.S. If it helps, here is the output of 'dmesg' as run from the installer shell:

OpenBSD 6.3 (RAMDISK_CD) #98: Sat Mar 24 14:26:39 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 34258653184 (32671MB)
avail mem = 33216593920 (31677MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x8d764000 (35 entries)
bios0: vendor HP version "P70 Ver. 01.18" date 03/20/2018
bios0: HP HP ZBook 15 G4
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT UEFI SSDT TPM2 SSDT SSDT SSDT MSDM SLIC
WSMT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT DBGP DBG2 DMAR
NHLT SSDT ASF! FPDT BGRT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz, 2694.76 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG1)
acpiprt2 at acpi0: bus -1 (PEG2)
acpiprt3 at acpi0: bus 1 (PEG0)
acpiprt4 at acpi0: bus 2 (RP01)
acpiprt5 at acpi0: bus 3 (RP02)
acpiprt6 at acpi0: bus -1 (RP03)
acpiprt7 at acpi0: bus -1 (RP04)
acpiprt8 at acpi0: bus 4 (RP05)
acpiprt9 at acpi0: bus -1 (RP06)
acpiprt10 at acpi0: bus -1 (RP07)
acpiprt11 at acpi0: bus -1 (RP08)
acpiprt12 at acpi0: bus 111 (RP09)
acpiprt13 at acpi0: bus -1 (RP10)
acpiprt14 at acpi0: bus -1 (RP11)
acpiprt15 at acpi0: bus -1 (RP12)
acpiprt16 at acpi0: bus -1 (RP13)
acpiprt17 at acpi0: bus -1 (RP14)
acpiprt18 at acpi0: bus -1 (RP15)
acpiprt19 at acpi0: bus -1 (RP16)
acpiprt20 at acpi0: bus -1 (RP17)
acpiprt21 at acpi0: bus -1 (RP18)
acpiprt22 at acpi0: bus -1 (RP19)
acpiprt23 at acpi0: bus -1 (RP20)
acpiprt24 at acpi0: bus -1 (RP21)
acpiprt25 at acpi0: bus -1 (RP22)
acpiprt26 at acpi0: bus -1 (RP23)
acpiprt27 at acpi0: bus -1 (RP24)
acpiec0 at acpi0
acpicpu at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"HPQ6007" at acpi0 not configured
"INT3F0D" at acpi0 not configured
"HPQ8002" at acpi0 not configured
"SYN305A" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C0A" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"PNP0C0E" at acpi0 not configured

Re: Syspatches 006 and 007 missing on ftp2.eu.openbsd.org

[Kapetanakis Giannis]

On 09/05/18 13:36, Stuart Henderson wrote:
> On 2018/05/09 12:06, Jan Vlach wrote:
>> Hello Mirrors discuss list,
>>
>> it seems that ftp2.eu.openbsd.org is missing syspatches 6 and 7 in
>> https://ftp2.eu.openbsd.org/pub/OpenBSD/syspatch/6.3/amd64 
>>
>> Latest snapshot in /pub/OpenBSD/snapshots/amd64 is from 2018-05-04
>> versus 2018-05-09 on ftp.eu (for example)
>>
>> Is the sync broken or just slow? Could the responsible sysadm check it,
>> please?
>>
>> Thank you,
>> Jan
>>
> 
> The fanout server for all L2 mirrors seems to be down at the moment
> (at least from the mirror I'm able to check from, and phessler reported
> this to the maintainer yesterday as well), at this point your best bet
> is probably to fetch patches from whichever mirror you can find that has
> them.
> 


You can use:
https://ftp.cc.uoc.gr/pub/OpenBSD/syspatch/6.3/amd64/

G

Re: pkg_add with packages created by ports

[Mik J]

 Thank you Martijn for this quick answer.So should I do something likeexport 
TRUSTED_PKG_PATH=/usr/ports/packages/amd64/all/

Le mercredi 9 mai 2018 à 15:04:29 UTC+2, Martijn van Duren 
 a écrit :  
 
 On 05/09/18 15:00, Mik J wrote:
> Hello, 
> 
> I probably miss something in what I'm doing.
> I install packages through ports, for example I want to install php.Many 
> other packages are also built but not installed (php-imap, php-curl...)
> So when I want to install this kind of packages I dopkg_add 
> /usr/ports/packages/amd64/all/php-imap...
> And the problem is that pkg_add says it's not signed.The workaround is to use 
> -D unsigned but how is it supposed to work in the best practices ?
> Since I did myself build the package from the ports I should trust it, no ?
> Thank you
> 

See pkg_add(1): TRUSTED_PKG_PATH
  

pkg_add with packages created by ports

[Mik J]

Hello, 

I probably miss something in what I'm doing.
I install packages through ports, for example I want to install php.Many other 
packages are also built but not installed (php-imap, php-curl...)
So when I want to install this kind of packages I dopkg_add 
/usr/ports/packages/amd64/all/php-imap...
And the problem is that pkg_add says it's not signed.The workaround is to use 
-D unsigned but how is it supposed to work in the best practices ?
Since I did myself build the package from the ports I should trust it, no ?
Thank you

Re: fdisk MBR contains more than one OpenBSD partition!

[Rudolf Sykora]

> So please describe more in detail what kind of backuping you want.

I just want to regularly rsync /home to the "backup" partition
with some history (along the lines of

https://netfuture.ch/2013/08/simple-versioned-timemachine-like-backup-using-rsync/
).

This partition (or part of it) will later also be backed up to some
other machine.

The partition will be mounted read-only most of the time; only for
back-up it will remounted.

I would prefer that the backup partition be readable / mountable from
other machines. That's why I tried a separate MBR partition rather
than an OpenBSD disklabel one.

Ruda

Re: fdisk MBR contains more than one OpenBSD partition!

[Nick Holland]

On 05/09/18 05:06, Rudolf Sykora wrote:
> Hello misc,
> 
> I wanted to use a MBR partition for backup purposes,
> so I (almost) created (using fdisk) another OpenBSD MBR (A6)
> partiotion, but then I got the message
> 
> MBR contains more than one OpenBSD partition!
> Write MBR anyway? [n]
> 
> So am I doing it wrong?

yep.
In addition to "same disk backups"? [insert template rant here] ...

Think of the fdisk partition as a way to mark off a part of the disk for
OpenBSD.  It should generally be one contiguous block.  The beginning of
*the* OpenBSD partition holds the disklabel, which is the important part
for marking off OpenBSD disk (sub?)partitions.  When you think about
that, the reason for ONE OpenBSD partition starts becoming more clear.

IF possible, just enlarge your existing OpenBSD partition to include the
new disk space.  disklabel, done.

If not ... just make the fdisk partition something else, and create an
OpenBSD partition in that space using disklabel, format it as normal.
And don't ever us an OS on the machine of the type of the fdisk
partition you picked. :)

Nick.

Re: fdisk MBR contains more than one OpenBSD partition!

[Raimo Niskanen]

On Wed, May 09, 2018 at 09:06:24AM +, Rudolf Sykora wrote:
> Hello misc,
> 
> I wanted to use a MBR partition for backup purposes,
> so I (almost) created (using fdisk) another OpenBSD MBR (A6)
> partiotion, but then I got the message
> 
> MBR contains more than one OpenBSD partition!
> Write MBR anyway? [n]
> 
> So am I doing it wrong?

Well.  Yes.

The BSD's has got a disk label of their own, and OpenBSD has got it's
disklabel inside the MBR:s OpenBSD partition, when MBR is used.  So
there is supposed to be only one OpenBSD partition containing the BSD
disklabel describing the OpenBSD view of the disk's partitioning.

If you have more than one it might work, if all parts of the system selects
to use the same OpenBSD MBR partition, and only warns about the second.
But only that one MBR partition, with its BSD disklabel, will be used.

I have heard of variants where you set one MBR partition at the time to A6
and the other to something else, which it messy.

And it is not intended to operate that way.

You could use one OpenBSD MBR partition and in the BSD disklabel allocate a
big partition of type RAID.  Then use that partition in softraid as RAID 0
or CONCAT - they might allow using a single chunk.  Or as CRYPTO with a
dummy encryption key.

On the new softraid disk you create an MBR OpenBSD partition and so on...

See softraid(4), bioctl(8) and
https://www.openbsd.org/faq/faq14.html#softraid

Whether that is a good suggestions depends very much on what kind of backup
you have in mind.  There are probably many other more BSD:ish ways to do it
than you think.

So please describe more in detail what kind of backuping you want.

> 
> Thanks for comments!
> 
> Ruda

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Syspatches 006 and 007 missing on ftp2.eu.openbsd.org

[Stuart Henderson]

On 2018/05/09 12:06, Jan Vlach wrote:
> Hello Mirrors discuss list,
> 
> it seems that ftp2.eu.openbsd.org is missing syspatches 6 and 7 in
> https://ftp2.eu.openbsd.org/pub/OpenBSD/syspatch/6.3/amd64 
> 
> Latest snapshot in /pub/OpenBSD/snapshots/amd64 is from 2018-05-04
> versus 2018-05-09 on ftp.eu (for example)
> 
> Is the sync broken or just slow? Could the responsible sysadm check it,
> please?
> 
> Thank you,
> Jan
> 

The fanout server for all L2 mirrors seems to be down at the moment
(at least from the mirror I'm able to check from, and phessler reported
this to the maintainer yesterday as well), at this point your best bet
is probably to fetch patches from whichever mirror you can find that has
them.

Syspatches 006 and 007 missing on ftp2.eu.openbsd.org

[Jan Vlach]

Hello Mirrors discuss list,

it seems that ftp2.eu.openbsd.org is missing syspatches 6 and 7 in
https://ftp2.eu.openbsd.org/pub/OpenBSD/syspatch/6.3/amd64 

Latest snapshot in /pub/OpenBSD/snapshots/amd64 is from 2018-05-04
versus 2018-05-09 on ftp.eu (for example)

Is the sync broken or just slow? Could the responsible sysadm check it,
please?

Thank you,
Jan

Re: mail sign/encrypt

[Stuart Longland]

On 09/05/18 19:44, Rudolf Sykora wrote:
> I want a small thing, hence Thunderbird is out.
> Similarly, mutt does way too many things (it's not just MUA),
> similarly (al)pine. (And both use ncurses, which I also
> want to avoid).
> 
> For me mmh, mblaze or similar (eg. plan9 tools) is the way to go.
> Even snail is way too complex.

Agreed, it depends on your use case, but for sure Thunderbird is a
heavy-weight.  Turn on message filtering, and it has a particularly
nasty memory-leak I find: brings my desktop at work (with 16GB RAM) to
its knees after about 3 days running.

> So for now I sign and send email (prepared in message.txt) with this:
> 
> openssl smime -sign -in message.txt -text -signer sec/certCVUT.mycrt.pem \
> -inkey sec/certCVUT.mykey.pem -certfile sec/certCVUT.caChain.pem \
> -from rudolf.syk...@cvut.cz -to rsyk...@disroot.org \
> -subject "HI" | sendmail -t
> 
> where certCVUT.mycrt.pem contains my certificate,
> certCVUT.mykey.pem contains my private key, and
> certCVUT.caChain.pem contains the chain of ca's.
> All these can be obtained from the .p12 file using
> appropriate openssl commands.

As I say, it depends on whether you're after S/MIME or OpenPGP; and
Tony's advice was for OpenPGP.  Thunderbird on its own can do S/MIME.

For completeness; signing and encrypting an email using GnuPG and sendmail:

prepare message.txt; headers.txt, then

$ gpg --encrypt --clear-sign -a -r rsyk...@disroot.org < message.txt \
  | cat headers.txt - \
  | sendmail -t

would probably do the trick.  (Untested)
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: mail sign/encrypt

[Rudolf Sykora]

> > I'd suggest Thunderbird + Enigmail

I want a small thing, hence Thunderbird is out.
Similarly, mutt does way too many things (it's not just MUA),
similarly (al)pine. (And both use ncurses, which I also
want to avoid).

For me mmh, mblaze or similar (eg. plan9 tools) is the way to go.
Even snail is way too complex.

So for now I sign and send email (prepared in message.txt) with this:

openssl smime -sign -in message.txt -text -signer sec/certCVUT.mycrt.pem \
-inkey sec/certCVUT.mykey.pem -certfile sec/certCVUT.caChain.pem \
-from rudolf.syk...@cvut.cz -to rsyk...@disroot.org \
-subject "HI" | sendmail -t

where certCVUT.mycrt.pem contains my certificate,
certCVUT.mykey.pem contains my private key, and
certCVUT.caChain.pem contains the chain of ca's.
All these can be obtained from the .p12 file using
appropriate openssl commands.

Thanks
Ruda

fdisk MBR contains more than one OpenBSD partition!

[Rudolf Sykora]

Hello misc,

I wanted to use a MBR partition for backup purposes,
so I (almost) created (using fdisk) another OpenBSD MBR (A6)
partiotion, but then I got the message

MBR contains more than one OpenBSD partition!
Write MBR anyway? [n]

So am I doing it wrong?

Thanks for comments!

Ruda

Re: Failed syspatch 63-007 on i386 (verified but gzip i/o error)

[Raphael]

On Tue, May 08, 2018 at 02:57:04PM -0600, Theo de Raadt wrote:
> A replacement file is moving it's way out to mirrors now...

 thanks!