Re: OpenBSD does not recognize my wireless card on 2018 laptop.

2018-08-22 Thread Peter N. M. Hansteen 
On Wed, Aug 22, 2018 at 06:40:39AM +, Lic. Cardozo wrote:
> Hello y'all.
> 
> A totally newbie and non english speaker here.
> 
> My case is simple. Today I receive my new computer, a DELL Inspiron 7000 
> 2-in-1, with AMD Ryzen 7, etc.
> It came with Windows 10, and there everything worked fine. But I want to 
> start the *nix experience,
> so I installed openBSD 6.3 -that was easy-, and when I tried to configure de 
> wireless device, I just can't.
> I read the ifconfig man pages, internet forums, I even did research in that 
> subject in the previous weeks,
> 'cause I know that the wireless connection was difficult to set in some 
> models.
> Right now, I tried everything I can think about.
> -I can't connect with a RJ45, because that doesn't come with my machine.
> -I put all the firmware from the openBSD repository in an USB stick and 
> plugged it into the laptop
> -I mounted /dev/sd1i /mnt
> -I executed dmesg, and read that my wireless card was an Atheros...
> -I ran " fw_update -p /mnt ". Just like that or specifing the name of the 
> Atheros firmware.
> -Since that doesn't work, I extracted and copied manually the content of the 
> .tgz to /etc/firmware.
> -And no matter how many times I did it, and how many times I reboot, when I 
> run "if config", I don't seem
> to see the proper device recognized by the system.
> Any idea, 'cause I don't know what else can I do.

I think you've done the right things so far. However I suspect that this

vendor "Atheros", unknown product 0x0042 (class network subclass miscellaneous, 
rev 0x31) at pci1 dev 0 function 0 not configured
ugen0 at uhub2 port 1 "Atheros Communications product 0xe009" rev 2.01/0.01 
addr 3

means that your Atheros wifi and possibly one other Atheros device in your 
machine isn't supported (yet).

Actual developers will know more about just what it may take to get your device 
supported,
but output from pcidump(8) in some form is likely to be useful.

Until the device is supported, my best advice is to get one of the cheapo USB 
wifi dongles.
With any luck, a random part from the bargain bin at your friendly computer 
thingies outlet will
be a supported device such as urtwn(4) or similar.

Good luck!

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: protected domain for tap for vmm vms

2018-08-22 Thread Tom Smyth 
Hi Jiri

Protected domains are like protected ports on a switch
two ports that are in the bridge with the same protected domain
will not be able to communicate with each other,

Protected domains are implemented on the Bridge but not on
Switch  in OpenBSD

Bridge Protected domain does work from 6.3 and up
here is the output of my bridge config
cat /etc/hostname.bridge101
up
maxaddr 16384 timeout 300
add vio0 -stp vio0
add vlan3993 protected vlan3993 1 -stp vlan3993
add vlan3994 protected vlan3994 1 -stp vlan3994
add vlan3995 protected vlan3995 1 -stp vlan3995
add vlan3996 protected vlan3996 1 -stp vlan3996
add vlan3997 protected vlan3997 1 -stp vlan3997
add vlan3998 protected vlan3998 1 -stp vlan3998
add vlan3999 protected vlan3999 1 -stp vlan3999
add vlan4000 protected vlan4000 1 -stp vlan4000

protected  interfacename pddomainnumber

the vio0 address is the uplink and is not a member of the
protected domain
all the other ports that you want to isolate from each other
should be members of the same protected domain *1* in this
example
Hope this helps

@Mike Larkin

yes this could be implemented with Vlans and many people
do when they dont have the port isolation functionality
(necessity being the mother of invention ) ... but protected
domains allow  one to use the same vlan and minimise
the amount of vlans / simplify configuration of the (network /hardware
switches)

Hope this Helps
Tom Smyth

On 22 August 2018 at 07:08, Mike Larkin  wrote:

> On Fri, Aug 17, 2018 at 06:39:22PM +0200, jirib wrote:
> > Hello,
> >
> > I was checking bridge's protected domains and I'm curious
> > how to add VMM VM's tap into a VMM switch/bridge protected domain.
> >
> > It seems it's not implemented yet.
> >
> > I wanted to achieve this:
> >
> > - multiple VMM VMs in same switch/bridge
> > - VMs cannot talk to each other inside the bridge
> >   hence protected domain
> > - VMs can access uplink via bridge's vether
> >
> > Jiri
> >
>
> I am not a networking person but is this something VLANs can solve?
>
>


-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

Re: OpenBSD does not recognize my wireless card on 2018 laptop.

2018-08-22 Thread Solene Rapenne 
"Lic. Cardozo"  wrote:
> Hello y'all.
> 
> A totally newbie and non english speaker here.
> 
> My case is simple. Today I receive my new computer, a DELL Inspiron 7000 
> 2-in-1, with AMD Ryzen 7, etc.
> It came with Windows 10, and there everything worked fine. But I want to 
> start the *nix experience,
> so I installed openBSD 6.3 -that was easy-, and when I tried to configure de 
> wireless device, I just can't.
> I read the ifconfig man pages, internet forums, I even did research in that 
> subject in the previous weeks,
> 'cause I know that the wireless connection was difficult to set in some 
> models.
> Right now, I tried everything I can think about.
> -I can't connect with a RJ45, because that doesn't come with my machine.
> -I put all the firmware from the openBSD repository in an USB stick and 
> plugged it into the laptop
> -I mounted /dev/sd1i /mnt
> -I executed dmesg, and read that my wireless card was an Atheros...
> -I ran " fw_update -p /mnt ". Just like that or specifing the name of the 
> Atheros firmware.
> -Since that doesn't work, I extracted and copied manually the content of the 
> .tgz to /etc/firmware.
> -And no matter how many times I did it, and how many times I reboot, when I 
> run "if config", I don't seem
> to see the proper device recognized by the system.
> Any idea, 'cause I don't know what else can I do.
> 
> vendor "Atheros", unknown product 0x0042 (class network subclass 
> miscellaneous, rev 0x31) at pci1 dev 0 function 0 not configured

Hello

Your wifi card is not configured, that's why it doesn't show up in
ifconfig output. Except writing the missing driver there is nothing you
can do here. You can still buy a cheap ~10€ usb wifi card or an
usb->ethernet adapter.

Re: Qualcomm Atheros AR9485 Wireless Network Adapter

2018-08-22 Thread Stefan Sperling 
On Tue, Aug 21, 2018 at 10:29:59PM +0100, Michael Joy wrote:
> Has anyone found a way to get this working on OpenBSD?

Not working yet. There is some driver code related to this chip
in athn(4) but it's incomplete and doesn't work.

github's generated archives are not stable (was: Re: wifi gui manager)

2018-08-22 Thread Stefan Sperling 
On Wed, Aug 22, 2018 at 08:49:57AM +0300, Consus wrote:
> If you create a release
> (https://help.github.com/articles/creating-releases/) then all
> associated generated tarballs are immutable, as far as I know.

Please stop spreading this myth. It is 100% wrong.
These artifacts are not stable. If you rely on them being
stable, stop doing so now.

A friend of mine works at Github and when problems happened in
OpenBSD's ports tree last year I asked what OpenBSD could do.

Here is some of what he told us back then (I won't mention my
friend's name, this was private mail).


These are generated on the spot and cached so anything goes. You two
are likely seeing different tarballs because you're being pointed to
different frontend machines which happened to cache a different
variation of the file.

Back whenever (a few months ago by now, I think) we finally un-reverted 
a fix for git-archive for compat with OpenBSD that we had reverted
years ago as people had started relying on the auto-generated tarball
checksums.

But at some point you have to bite the bullet, as a change in any of
git, tar, zip, libz and maybe more can end up with the bytes changed
for a tarball/zipfile that means the same. git has had multiple changes
over the years related to non-ASCII filenames. It's basically a miracle
that we didn't change the tarball checksums when we upgraded the whole
fileserver fleet from Ubuntu to Debian one by one.
"

Re: wifi gui manager

2018-08-22 Thread Consus 
On 00:22 Wed 22 Aug, Anthony J. Bentley wrote:
> Consus writes:
> > On 18:07 Tue 21 Aug, Stuart Henderson wrote:
> > > On 2018-08-21, Consus  wrote:
> > > > On 15:05 Tue 21 Aug, Stuart Henderson wrote:
> > > >> > Also what's wrong with gitlab/github?
> > > >> 
> > > >> They encourage devs to be lazy and not produce proper stable release 
> > > >> ass
> > ets.
> > > >> Lots of mess in the ports tree from people who just tag something on 
> > > >> git
> > hub,
> > > >> don't produce a stable tarball, don't generate autoconf scripts etc.
> > > >
> > > > What do you mean by "stable tarball"? If a tag contains stable version
> > > > of code you just download the tarball that is generated for the tag.
> > > 
> > > So you are part of the problem!
> > > 
> > > I mean a tarball that is generated once and not change, rather than 
> > > somethi
> > ng
> > > which changes depending on what software is installed on the cluster node.
> >
> > If you create a release
> > (https://help.github.com/articles/creating-releases/) then all
> > associated generated tarballs are immutable, as far as I know.
> 
> They're not immutable.

The ones that you associate with with release? You sure?

Re: wifi gui manager

2018-08-22 Thread Stefan Sperling 
On Wed, Aug 22, 2018 at 10:50:46AM +0300, Consus wrote:
> On 00:22 Wed 22 Aug, Anthony J. Bentley wrote:
> > > If you create a release
> > > (https://help.github.com/articles/creating-releases/) then all
> > > associated generated tarballs are immutable, as far as I know.
> > 
> > They're not immutable.
> 
> The ones that you associate with with release? You sure?

You have to create your own release archive and upload it.
Github will host it for you. But *you* have to generate it,
publish the checksum, and then never change the archive again.

Github doesn't create an archive when you click the 'release'
bwutton, they create or re-create an archive when someone
clicks the 'download' button.

Re: protected domain for tap for vmm vms

2018-08-22 Thread Carlos Cardenas 
On Wed, Aug 22, 2018 at 08:16:30AM +0100, Tom Smyth wrote:
> Hi Jiri
> 
> Protected domains are like protected ports on a switch
> two ports that are in the bridge with the same protected domain
> will not be able to communicate with each other,
> 
> Protected domains are implemented on the Bridge but not on
> Switch  in OpenBSD
> 
> Bridge Protected domain does work from 6.3 and up
> here is the output of my bridge config
> cat /etc/hostname.bridge101
> up
> maxaddr 16384 timeout 300
> add vio0 -stp vio0
> add vlan3993 protected vlan3993 1 -stp vlan3993
> add vlan3994 protected vlan3994 1 -stp vlan3994
> add vlan3995 protected vlan3995 1 -stp vlan3995
> add vlan3996 protected vlan3996 1 -stp vlan3996
> add vlan3997 protected vlan3997 1 -stp vlan3997
> add vlan3998 protected vlan3998 1 -stp vlan3998
> add vlan3999 protected vlan3999 1 -stp vlan3999
> add vlan4000 protected vlan4000 1 -stp vlan4000
> 
> protected  interfacename pddomainnumber
> 
> the vio0 address is the uplink and is not a member of the
> protected domain
> all the other ports that you want to isolate from each other
> should be members of the same protected domain *1* in this
> example
> Hope this helps
> 
> @Mike Larkin
> 
> yes this could be implemented with Vlans and many people
> do when they dont have the port isolation functionality
> (necessity being the mother of invention ) ... but protected
> domains allow  one to use the same vlan and minimise
> the amount of vlans / simplify configuration of the (network /hardware
> switches)

Howdy Tom and Jiri.

As Tom highlighted up above, the main reason I haven't added protected
domains to vmd is because it's only available on bridge and not switch.  At the
moment, the network plumbing is agnostic to bridge/switch and uses
ioctls that both have (adding/removing members and placement into
rdomains).  I'm not saying it isn't possible adding protected domains to vmd,
it'll just be more work.

+--+
Carlos

> 
> Hope this Helps
> Tom Smyth
> 
> On 22 August 2018 at 07:08, Mike Larkin  wrote:
> 
> > On Fri, Aug 17, 2018 at 06:39:22PM +0200, jirib wrote:
> > > Hello,
> > >
> > > I was checking bridge's protected domains and I'm curious
> > > how to add VMM VM's tap into a VMM switch/bridge protected domain.
> > >
> > > It seems it's not implemented yet.
> > >
> > > I wanted to achieve this:
> > >
> > > - multiple VMM VMs in same switch/bridge
> > > - VMs cannot talk to each other inside the bridge
> > >   hence protected domain
> > > - VMs can access uplink via bridge's vether
> > >
> > > Jiri
> > >
> >
> > I am not a networking person but is this something VLANs can solve?

Re: wifi gui manager

2018-08-22 Thread Edward Lopez-Acosta 
Can't properly reply to the thread. I need to fix my subscription, but why
not just update the following to work on OpenBSD?

https://github.com/ghostbsd/networkmgr

Seems like a better use of resources than reinventing the wheel. Unless
there is something fundamental I am missing in the new project.

The linked project would also work for wired networks, not just wifi.

Re: wifi gui manager

2018-08-22 Thread Theo de Raadt 
Edward Lopez-Acosta  wrote:

> Can't properly reply to the thread. I need to fix my subscription, but why
> not just update the following to work on OpenBSD?
> 
> https://github.com/ghostbsd/networkmgr
> 
> Seems like a better use of resources than reinventing the wheel. Unless
> there is something fundamental I am missing in the new project.
> 
> The linked project would also work for wired networks, not just wifi.

Wow that is really awesome.  GUI to root in one easy step

cpu's in dmesg

2018-08-22 Thread Hrvoje Popovski 
Hi all,

in today's snapshot i see some strange dmesg cpu output. it feels like
cosmetic stuff only but i'm not sure ...


cpu1: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKU,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: failed to identify
,MELTDOWN
cpu2 at mainbus0cpu1: : 256KB 64b/line apid 10 (application processor)

^this   ^this

8-way L2 cache
cpu1: smt 0, core 4, package 0
cpu2: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKUcpu2:
failed to identify
,IBRS,IBPB,STIBPcpu3 at mainbus0,L1DF,SSBD: apid 14 (application processor)
^this
,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cachecpu3: Intel(R) Xeon(R) Gold 6134 CPU
^this
@ 3.20GHz, 3192.49 MHz



full dmesg

OpenBSD 6.4-beta (GENERIC.MP) #247: Wed Aug 22 00:45:14 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 33735553024 (32172MB)
avail mem = 32703938560 (31188MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x6f119000 (84 entries)
bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.12
R1.22.0 for D3383-A1x" date 06/04/2018
bios0: FUJITSU PRIMERGY RX2530 M4
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT FIDT SPMI UEFI UEFI MCEJ MCFG HPET APIC
MIGT MSCT NFIT PCAT PCCT RASF SLIT SRAT SVOS WDDT OEM4 OEM1 SSDT SSDT
SSDT DMAR HEST BERT ERST EINJ
acpi0: wakeup devices PWRB(S0) XHCI(S0) PXSX(S0) RP17(S0) PXSX(S0)
RP18(S0) PXSX(S0) RP19(S0) PXSX(S0) RP20(S0) PXSX(S0) RP01(S0) PXSX(S0)
RP02(S0) PXSX(S0) RP03(S0) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0x8000, bus 0-255
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3193.11 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKU,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.2, IBE
cpu1 at mainbus0: apid 8 (application processor)
cpu1: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKU,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVEScpu1:
failed to identify
,MELTDOWN
cpu2 at mainbus0cpu1: : 256KB 64b/line apid 10 (application processor)
8-way L2 cache
cpu1: smt 0, core 4, package 0
cpu2: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512

Re: wifi gui manager

2018-08-22 Thread edgar 
It's python.
On Aug 22, 2018 9:07 AM, Edward Lopez-Acosta  wrote:
>
> Can't properly reply to the thread. I need to fix my subscription, but why
> not just update the following to work on OpenBSD?
>
> https://github.com/ghostbsd/networkmgr
>
> Seems like a better use of resources than reinventing the wheel. Unless
> there is something fundamental I am missing in the new project.
>
> The linked project would also work for wired networks, not just wifi.

Re: wifi gui manager

2018-08-22 Thread Tomasz Rola 
On Wed, Aug 22, 2018 at 08:49:57AM +0300, Consus wrote:
> On 18:07 Tue 21 Aug, Stuart Henderson wrote:
[...]
> > They're even slower and uglier if you have to run the m4 stuff to
> > *generate* them before you can even run them, and may not work as
> > intended if they're run through a version of autoconf which they
> > weren't designed for.
> 
> That's why we should nuke autloluz in favor of something else. Just
> plain Makefiles for example. Or meson, I heard it's okay.

I always thought that autoconf had been written exactly because
"plain Makefile" was unable to make it. It is not really that slow,
unless one insists on recreating config and Make* files every time
they want to compile a project - like, they would expect their system
changed and installed some new stuff during five minutes between
compiles.

BTW, I sometimes compile from sources (not ports, just source*tgz from
the respective websites) and I usually find that config script
provided is ok, so I had to regenerate one such file maybe two years
ago (via autoconf).

HTH

-- 
Regards,
Tomasz Rola

--
** A C programmer asked whether computer had Buddha's nature.  **
** As the answer, master did "rm -rif" on the programmer's home**
** directory. And then the C programmer became enlightened...  **
** **
** Tomasz Rola  mailto:tomasz_r...@bigfoot.com **

Re: wifi gui manager

2018-08-22 Thread edgar 


On Aug 22, 2018 9:10 AM, Theo de Raadt  wrote:
>
> Edward Lopez-Acosta  wrote:
>
> > Can't properly reply to the thread. I need to fix my subscription, but why
> > not just update the following to work on OpenBSD?
> > 
> > https://github.com/ghostbsd/networkmgr
> > 
> > Seems like a better use of resources than reinventing the wheel. Unless
> > there is something fundamental I am missing in the new project.
> > 
> > The linked project would also work for wired networks, not just wifi.
>
> Wow that is really awesome.  GUI to root in one easy step
>

I'm curious why you have to be root to set up networking, but the operator 
group can shut the machine off.

Re: Let's Encrypt Error with cgit, httpd, acme-client

2018-08-22 Thread Parikh, Samir 
Anthony J. Bentley wrote on 22/08/18 01:37:
> Do you see anything in /var/www/logs/access.log? Here's what I see:
>
> example.com 66.133.109.36 - - [21/Aug/2018:23:03:35 -0600] "GET
> /.well-known/acme-challenge/YXRuZWJ1c2FvdGV1Ym5hc290ZGFvZXNudGh1YW9lc25
> HTTP/1.1" 200 87

Thanks for your reply! I do see the following:

# grep well-known /var/www/logs/access.log
localhost 64.78.149.164 - - [21/Aug/2018:19:40:39 +] "GET
/.well-known/acme-challenge/5HgvXSBECEtZGTGaMh3b64LVQ1RG7OQGBp-iJBt0CjY
HTTP/1.1" 500 0
git.example.com 64.78.149.164 - - [21/Aug/2018:19:41:24 +] "GET
/.well-known/acme-challenge/ccmy5LbVl6-mIft2IhlL2NooxHx33dag7QntuZ5RGW0
HTTP/1.1" 500 0
git.example.com 64.78.149.164 - - [22/Aug/2018:17:19:43 +] "GET
/.well-known/acme-challenge/tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0
HTTP/1.1" 500 0

Does that mean that the acme-client is able to at least reach Let's Encrypt?

Thanks
Samir



This e-mail, and any attachments are strictly confidential and intended for the 
addressee(s) only. The content may also contain legal, professional or other 
privileged information. If you are not the intended recipient, please notify 
the sender immediately and then delete the e-mail and any attachments. You 
should not disclose, copy or take any action in reliance on this transmission.

You may report the matter by contacting us via our UK Contacts 
Page or our US Contacts 
Page (accessed by clicking on the 
appropriate link)

Please ensure you have adequate virus protection before you open or detach any 
documents from this transmission. National Grid plc and its affiliates do not 
accept any liability for viruses. An e-mail reply to this address may be 
subject to monitoring for operational reasons or lawful business practices.

For the registered information on the UK operating companies within the 
National Grid group please use the attached link: 
https://www.nationalgrid.com/group/about-us/corporate-registrations

Re: Let's Encrypt Error with cgit, httpd, acme-client

2018-08-22 Thread Parikh, Samir 
flipchan wrote on 22/08/18 01:19:
> Try removing all keys in the ssl directory aswell as
> /etc/acme/letsencrypt-privkey.pem

Thank you for your suggestion! I tried that and still received a similar
error:

# acme-client -vAD git.example.com
acme-client: /etc/ssl/private/git.example.com.key: domain key exists
(not creating)
acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 23.203.86.101
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: git.example.com
acme-client: /var/www/acme/tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0:
created
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118:
challenge
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118:
status
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118:
bad response
acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid",
"error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid
response from
http://git.example.com/.well-known/acme-challenge/tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0:
\"\u003c!DOCTYPE
html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta
http-equiv=\"Content-Type\" content=\"text/html;
charset=utf-8\"/\u003e\n\u003ctitle\u003e500 Internal Server Er\"",
"status": 403 }, "uri":
"https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118";,
"token": "tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0",
"keyAuthorization":
"tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0.JoZcpmrIKNVhHlsofYyIPvX9025UcWhHyj-vQAnrTkg",
"validationRecord": [ { "url":
"http://git.example.com/.well-known/acme-challenge/tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0";,
"hostname": "git.example.com", "port": "80", "addressesResolved": [
"144.202.9.26" ], "addressUsed": "144.202.9.26" } ] }] (1039 bytes)
acme-client: bad exit: netproc(80489): 1



This e-mail, and any attachments are strictly confidential and intended for the 
addressee(s) only. The content may also contain legal, professional or other 
privileged information. If you are not the intended recipient, please notify 
the sender immediately and then delete the e-mail and any attachments. You 
should not disclose, copy or take any action in reliance on this transmission.

You may report the matter by contacting us via our UK Contacts 
Page or our US Contacts 
Page (accessed by clicking on the 
appropriate link)

Please ensure you have adequate virus protection before you open or detach any 
documents from this transmission. National Grid plc and its affiliates do not 
accept any liability for viruses. An e-mail reply to this address may be 
subject to monitoring for operational reasons or lawful business practices.

For the registered information on the UK operating companies within the 
National Grid group please use the attached link: 
https://www.nationalgrid.com/group/about-us/corporate-registrations

Re: Let's Encrypt Error with cgit, httpd, acme-client

2018-08-22 Thread trondd 
On Wed, August 22, 2018 1:23 pm, Parikh, Samir wrote:
> flipchan wrote on 22/08/18 01:19:
>> Try removing all keys in the ssl directory aswell as
>> /etc/acme/letsencrypt-privkey.pem
>
> Thank you for your suggestion! I tried that and still received a similar
> error:
>
> # acme-client -vAD git.example.com
> acme-client: /etc/ssl/private/git.example.com.key: domain key exists
> (not creating)
> acme-client: /etc/acme/letsencrypt-privkey.pem: generated RSA account key
> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
> acme-client: acme-v01.api.letsencrypt.org: DNS: 23.203.86.101
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
> req-auth: git.example.com
> acme-client: /var/www/acme/tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0:
> created
> acme-client:
> https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118:
> challenge
> acme-client:
> https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118:
> status
> acme-client:
> https://acme-v01.api.letsencrypt.org/acme/challenge/qG_m-oh4J3c4mTSsdOoVZmOg3EpLwXQn1zRHgDTtwgM/6689241118:
> bad response
> acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid",
> "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid
> response from
> http://git.example.com/.well-known/acme-challenge/tkQw_0qDhDjEgxvy5WNZKuyhjPQwRHvIgT3nbGrCAI0:
> \"\u003c!DOCTYPE
> html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta
> http-equiv=\"Content-Type\" content=\"text/html;
> charset=utf-8\"/\u003e\n\u003ctitle\u003e500 Internal Server Er\"",
> "status": 403 }, "uri":

Clearly, Let's Encrypt can't access teh file on your server.  The easiest
way to debug is to drop an html file into /acme and go to your server
/.well-known/acme-challenge/file.html in a browser and see what happens.

I could reproduce the 500 error in a browser with your config.  I had to
do 2 things to fix it (which may or may not break cgit).

Wrap your general root "/cgi-bin/cgit.cgi" and fastcgi socket in a
location "*" {} block and then move that block to the bottom of the server
block under location ".well-known..."

This works for me (you might need to fix the "request strip" line as I am
on some version of -current).  The cgit location might need to move as
well, I didn't test further.

server "localhost" {
listen on 127.0.0.1 port 80
#serve the cgit static files directly
location "/cgit.*" {
root "/cgit"
no fastcgi
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
# cgit CGI
location "*" {
root "/cgi-bin/cgit.cgi"
fastcgi socket "/run/slowcgi.sock"
}
}

Re: wifi gui manager

2018-08-22 Thread Chris Bennett 
On Wed, Aug 22, 2018 at 04:29:38PM +, ed...@pettijohn-web.com wrote:
> 
> I'm curious why you have to be root to set up networking, but the operator 
> group can shut the machine off.
> 

Well, there are probably additional reasons too, but my father happily
runs OpenBSD. Of course, he needs to be able to turn the computer off.
But he does not in any way understand networking.
I've been places where ifconfig urtwn0 scan produces about 50 wifi
connections. Which ones are safe? Which ones are evil, trick connections
in order to screw over anybody that connects? Or perhaps to let all
through safely but make the data rate "spamd slow".

After all the years he has used OpenBSD, he still hasn't read the FAQ.
Things work, dad happy. :-}

Chris Bennett

Re: wifi gui manager

2018-08-22 Thread Theo de Raadt 
Chris Bennett  wrote:

> On Wed, Aug 22, 2018 at 04:29:38PM +, ed...@pettijohn-web.com wrote:
> > 
> > I'm curious why you have to be root to set up networking, but the operator 
> > group can shut the machine off.
> > 
> 
> Well, there are probably additional reasons too, but my father happily
> runs OpenBSD. Of course, he needs to be able to turn the computer off.
> But he does not in any way understand networking.
> I've been places where ifconfig urtwn0 scan produces about 50 wifi
> connections. Which ones are safe? Which ones are evil, trick connections
> in order to screw over anybody that connects? Or perhaps to let all
> through safely but make the data rate "spamd slow".
> 
> After all the years he has used OpenBSD, he still hasn't read the FAQ.
> Things work, dad happy. :-}

that is why "join" was added.