Thank you

[Wayne Oliver]

Hi All,

Just wanted to say thanks for the hard work, OpenBSD runs better than 
any other OS on my laptop.
One thing that really stands out is suspend and resume, I have *never* 
had a Linux or Windows laptop do it properly.


Obviously everything else works great, I just wanted to point this out 
as people have the misconception that OpenBSD is not desktop/laptop 
friendly.


P.S. join is a great new addition too.

--
Wayn0

Few ldapd questions

[Predrag Punosevac]

Hi Misc,

I have been using ldapd for the past five years for centralized user
authorization and authentication for a growing university research
group. Secured connections are provided using STARTTLS even thought all
queries are done on the private network. More recently I did some more
reading and forced all openldap-clients to use FIPS approved algorithms
for higher security protection

https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf

Things appear to be working like a charm. However I am a bit confused
about doing two things with ldapd. 

By reading man pages

https://man.openbsd.org/ldapd.conf.5

it seems to me that able to deny anonymous reads from the machines with
valid certificate of authority of my LDAP server by adding some kind
filter rules. However, I am unable to find any ldapd examples. 
Secondly is there a way for ldapd to deny access to client machines
which don't present valid client certificates and keys?

Thanks for your help.
Predrag

Re: Wallpaper artwork created for OpenBSD

[Alex]

Hi Stuart, Thanks for your suggestions. I will remove them. Mingjing  On 
星期五, 2018-11-09 07:31:59 Stuart Henderson  wrote  In 
gmane.os.openbsd.misc, you wrote: > On Thu, Nov 08, 2018 at 03:52:06PM +0800, 
Alex wrote: >> Dear OpenBSD users, developers, contributors, My name is 
Mingjing a *BSD user and lover from China. My friend and I did some wallpapers 
for OpenBSD and other opensource project in the free time. For now they are 
designed only for smart phones. The pictures are 1920*1080. I put them on 
Github (https://github.com/opensourcecn/wallpapers) and we've packaged them 
into android APKs on Google Play ( http://bit.ly/2JPetLy and 
http://bit.ly/2qxX8xU). All the wallpapers released in BSD license that you can 
do what ever you want.  Feel free to use them and give me suggestions if you 
have. Thanks Mingjing > > So, you're taking OpenBSD art without permission and 
publishing it as a > "free app" with ads. Why the app needs so many 
permissions?. This is *not* under BSD license, it is copyrighted artwork. It 
would be nice if the apps were removed without the copyright owner having to 
mess around with DMCA notices...

Re: Wallpaper artwork created for OpenBSD

[Alex]

Hi  Juan, Thanks for the reply and suggestions. We don't have Google Play 
account so we ask a friend who has account for help. And I put the wallpaper in 
github so you don't need to download the app instead. About the permissions you 
mentioned I will check with my friend. If there are some permission 
inappropriate I will ask to unpublish it. Thanks Mingjing  On 星期五, 
2018-11-09 03:48:02 Juan Francisco Cantero Hurtado  wrote 
 On Thu, Nov 08, 2018 at 03:52:06PM +0800, Alex wrote: > Dear OpenBSD 
users, developers, contributors, My name is Mingjing a *BSD user and lover from 
China. My friend and I did some wallpapers for OpenBSD and other opensource 
project in the free time. For now they are designed only for smart phones. The 
pictures are 1920*1080. I put them on Github 
(https://github.com/opensourcecn/wallpapers) and we've packaged them into 
android APKs on Google Play ( http://bit.ly/2JPetLy and http://bit.ly/2qxX8xU). 
All the wallpapers released in BSD license that you can do what ever you want.  
Feel free to use them and give me suggestions if you have. Thanks Mingjing So, 
you're taking OpenBSD art without permission and publishing it as a "free app" 
with ads. Why the app needs so many permissions?. You're not even a *BSD user. 
The description contains this gem: "The copyright of the openBSD project 
belongs to: The Regents of the University of California © and we promise this 
application abide by the CC4.0 agreements." Since September you've only 
published 50+ wallpaper and crappy launchers. -- Juan Francisco Cantero Hurtado 
http://juanfra.info

Re: OpenBSD terminals and ligatures

[Philippe]

On 03/11/2018 18:58, Philippe wrote:
> Hello dear openbsd users,
> 
> I would like to install a font (Fira Code), with ligatures.


Hello again,

I know why this wasn't working: the package does not contain the
FiraCode font with ligatures.

So, the solution is:

mkdir ~/.local/share/fonts/
cd ~/.local/share/fonts
git clone https://github.com/tonsky/FiraCode
fc-cache -vf


Et voilà. After a simple restart of the X session, this works! :-)

I hoped to have the FiraCode fonts with ligatures without having to
install it by myself. I wonder why this font doesn't have ligatures in
packages, is this for compatibility reasons?


Thanks.

-- 
Philippe

Re: Wallpaper artwork created for OpenBSD

[Stuart Henderson]

In gmane.os.openbsd.misc, you wrote:
> On Thu, Nov 08, 2018 at 03:52:06PM +0800, Alex wrote:
>> Dear OpenBSD users, developers, contributors, My name is Mingjing a *BSD 
>> user and lover from China. My friend and I did some wallpapers for OpenBSD 
>> and other opensource project in the free time. For now they are designed 
>> only for smart phones. The pictures are 1920*1080. I put them on Github 
>> (https://github.com/opensourcecn/wallpapers) and we've packaged them into 
>> android APKs on Google Play ( http://bit.ly/2JPetLy and 
>> http://bit.ly/2qxX8xU). All the wallpapers released in BSD license that you 
>> can do what ever you want.  Feel free to use them and give me suggestions if 
>> you have. Thanks Mingjing
>
> So, you're taking OpenBSD art without permission and publishing it as a
> "free app" with ads. Why the app needs so many permissions?.

This is *not* under BSD license, it is copyrighted artwork.

It would be nice if the apps were removed without the copyright owner
having to mess around with DMCA notices...

Re: Wallpaper artwork created for OpenBSD

[Juan Francisco Cantero Hurtado]

On Thu, Nov 08, 2018 at 03:52:06PM +0800, Alex wrote:
> Dear OpenBSD users, developers, contributors, My name is Mingjing a *BSD user 
> and lover from China. My friend and I did some wallpapers for OpenBSD and 
> other opensource project in the free time. For now they are designed only for 
> smart phones. The pictures are 1920*1080. I put them on Github 
> (https://github.com/opensourcecn/wallpapers) and we've packaged them into 
> android APKs on Google Play ( http://bit.ly/2JPetLy and 
> http://bit.ly/2qxX8xU). All the wallpapers released in BSD license that you 
> can do what ever you want.  Feel free to use them and give me suggestions if 
> you have. Thanks Mingjing

So, you're taking OpenBSD art without permission and publishing it as a
"free app" with ads. Why the app needs so many permissions?.

You're not even a *BSD user. The description contains this gem: "The
copyright of the openBSD project belongs to: The Regents of the
University of California © and we promise this application abide by the
CC4.0 agreements."

Since September you've only published 50+ wallpaper and crappy
launchers.


-- 
Juan Francisco Cantero Hurtado http://juanfra.info

Re: "relay as" domain rewrite in new smtpd.conf syntax

[Gilles Chehade]

On Thu, Nov 08, 2018 at 12:40:51PM -0500, Allan Streib wrote:
> Prior to 6.4, in smtpd.conf(5), the relay directive supported the "as"
> parameter:
> 
> If the as parameter is specified, smtpd(8) will rewrite the sender
> advertised in the SMTP session. address may be a user, a domain
> prefixed with ???@???, or an email address, causing smtpd(8) to rewrite
> the user-part, the domain-part, or the entire address, respectively.
> 
> In the new smtpd.conf(5) syntax, how is that rewrite achieved,
> specifically the "@" prefix behavior to rewrite the domain part?
> 


 The relay delivery methods also support additional options:

 [...]
 
 mail-from mailaddr
 Use mailaddr as the MAIL FROM address within the SMTP
 transaction.


so this would be something like:

   action relay_00 relay mail-from "@foobar.org"
   
   match [...] action relay_00





-- 
Gilles Chehade @poolpOrg

https://www.poolp.org tip me: https://paypal.me/poolpOrg

"relay as" domain rewrite in new smtpd.conf syntax

[Allan Streib]

Prior to 6.4, in smtpd.conf(5), the relay directive supported the "as"
parameter:

If the as parameter is specified, smtpd(8) will rewrite the sender
advertised in the SMTP session. address may be a user, a domain
prefixed with ‘@’, or an email address, causing smtpd(8) to rewrite
the user-part, the domain-part, or the entire address, respectively.

In the new smtpd.conf(5) syntax, how is that rewrite achieved,
specifically the "@" prefix behavior to rewrite the domain part?

Thanks,

Allan

[armv7] Beaglebone - libraries

[Olivier]

Hello all,

 

I just bought a beaglebone black 'rev C) and installed OpenBSD.

 

I would like to install Adafruit_BBIO (for python) however it seems that is
only for linux platform.

 

The prerequisite is : epoll.h (only for linux.)

 

I am not a hacker / developer. I would like to start to play with coding and
sensors in C or Python.

 

Do you know if: 

 

* libraries for OpenBSD exist in Python or C/C++ ?

* Adaptation is possible for Adafruit_BBIO on OpenBSD (for dummie like me) ?

 

Thanks in advance.

 

Olivier.

Re: mail doesn't read mail from /var/mail/root

[ivpgbe]

Mystery solved! The very first line is missing a space between ‘Nov’
and ‘1’ (should be two spaces). After adding it back, mail can now
parse the file.
(Also, Nov 1 is Thu, not Sun, but that wouldn’t have prevented mail from
parsing the file).
I will send a patch to tech@ adding that space back  - it would be cool
to make a contribution of a single character ;).

On Thu, Nov 8, 2018, at 7:32 AM, ivp...@eml.cc wrote:
> And regardless, /usr/src/usr.bin/mail/main.c:95 unsets MAIL
> environment> variable when an '-u' flag is present, and the problem I'm 
> reporting
> persists even when I run
>
> mail -u root
>
> as root.
>
> On Thu, Nov 8, 2018, at 7:29 AM, ivp...@eml.cc wrote:
> > Yes, and I didn't change any defaults:
> >
> > # set | grep MAIL
> > MAIL=/var/mail/root
> > MAILCHECK=600
> >
> > On Thu, Nov 8, 2018, at 7:23 AM, Otto Moerbeek wrote:
> > > On Thu, Nov 08, 2018 at 07:18:57AM -0800, ivp...@eml.cc wrote:
> > >
> > > > I also tested on 6.4-release, and can confirm the same behavior.> > >
> > > Is you MAIL environment var set?
> > >
> > >  -Otto
> > >
> > > >
> > > > On Thu, Nov 8, 2018, at 7:13 AM, ivp...@eml.cc wrote:
> > > > > On Thu, Nov 8, 2018, at 6:03 AM, TronDD wrote:
> > > > > > On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
> > > > > > >Hello,
> > > > > > >
> > > > > > >I must be missing something obvious, but since installing
> > > > > > >6.4-current> > > > > > >(on a few versions in a row), I can't get 
> > > > > > >mail to read
> > > > > > >/var/mail/root.> > > > > > >
> > > > > > >After logging in, I see:
> > > > > > >
> > > > > > >>---<
> > > > > > >OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
> > > > > > >
> > > > > > >[... skipped ...]
> > > > > > >
> > > > > > >You have mail.
> > > > > > >thor# mail
> > > > > > >No mail for root
> > > > > > >thor# mail -f /var/mail/root
> > > > > > >Mail version 8.1.2 01/15/2001.  Type ? for help.
> > > > > > >"/var/mail/root": 0 messages
> > > > > > >thor# ls -l /var/mail/root
> > > > > > >-rw---  1 root  wheel   3.9K Oct 20 00:37
> > > > > > >/var/mail/root> > > > > > >thor# head /var/mail/root
> > > > > > >From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00
> > > > > > >MDT 2018> > > > > > >Return-Path: root
> > > > > > >Date: Nov 1 06:30:00 MDT 2018
> > > > > > >From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
> > > > > > >To: root
> > > > > > >Subject: Welcome to OpenBSD 6.4!
> > > > > > >
> > > > > > >This message attempts to describe the most basic initial
> > > > > > >questions that> > > > > > >a
> > > > > > >system administrator of an OpenBSD box might have.  You are
> > > > > > >urged to> > > > > > >save
> > > > > > >this message for later reference.
> > > > > > >>--<
> > > > > > >
> > > > > > >I also remember that I had this problem since the first
> > > > > > >time I> > > > > > >installed 6.4-current on my new laptop.
> > > > > > >
> > > > > > >I do receive local mail (e.g., from crontab) for a non-
> > > > > > >priveleged user> > > > > > >created during setup.
> > > > > > >
> > > > > > >Any ideas of what might be going on?
> > > > > > >
> > > > > > >Best,
> > > > > > >ivpgbe
> > > > > >
> > > > > > It's because the Welcome email that gets sent to root and
> > > > > > the user> > > > > > created during install is dated in the future.  
> > > > > > It has the
> > > > > > initial> > > > > > planned release date of Nov. 1st.  Mail(1) can't 
> > > > > > seem to see
> > > > > > into the> > > > > > future.
> > > > >
> > > > > Good catch - that explains why I would not see it after the
> > > > > install. But> > > > > today is Nov 8 (as confirmed by date(1), and it 
> > > > > still doesn't
> > > > > see it,> > > > > even after I touch(1) the file. Should I report it 
> > > > > as a bug?
> > > > >
> > > > > The mismatch between Nov 1 and the actual release is probably
> > > > > another> > > > > bug. Should I report as well?
> > > > >
> > > > > Thanks!
> > > >
>

Re: mail doesn't read mail from /var/mail/root

[ivpgbe]

And regardless, /usr/src/usr.bin/mail/main.c:95 unsets MAIL environment 
variable when an '-u' flag is present, and the problem I'm reporting persists 
even when I run

mail -u root

as root.

On Thu, Nov 8, 2018, at 7:29 AM, ivp...@eml.cc wrote:
> Yes, and I didn't change any defaults:
> 
> # set | grep MAIL
> MAIL=/var/mail/root
> MAILCHECK=600
> 
> On Thu, Nov 8, 2018, at 7:23 AM, Otto Moerbeek wrote:
> > On Thu, Nov 08, 2018 at 07:18:57AM -0800, ivp...@eml.cc wrote:
> > 
> > > I also tested on 6.4-release, and can confirm the same behavior.
> > 
> > Is you MAIL environment var set? 
> > 
> > -Otto
> > 
> > > 
> > > On Thu, Nov 8, 2018, at 7:13 AM, ivp...@eml.cc wrote:
> > > > On Thu, Nov 8, 2018, at 6:03 AM, TronDD wrote:
> > > > > On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
> > > > > >Hello,
> > > > > >
> > > > > >I must be missing something obvious, but since installing 6.4-current
> > > > > >(on a few versions in a row), I can't get mail to read 
> > > > > >/var/mail/root.
> > > > > >
> > > > > >After logging in, I see:
> > > > > >
> > > > > >>---<
> > > > > >OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
> > > > > >
> > > > > >[... skipped ...]
> > > > > >
> > > > > >You have mail.
> > > > > >thor# mail
> > > > > >No mail for root
> > > > > >thor# mail -f /var/mail/root
> > > > > >Mail version 8.1.2 01/15/2001.  Type ? for help.
> > > > > >"/var/mail/root": 0 messages
> > > > > >thor# ls -l /var/mail/root
> > > > > >-rw---  1 root  wheel   3.9K Oct 20 00:37 /var/mail/root
> > > > > >thor# head /var/mail/root
> > > > > >From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00 MDT 2018
> > > > > >Return-Path: root
> > > > > >Date: Nov 1 06:30:00 MDT 2018
> > > > > >From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
> > > > > >To: root
> > > > > >Subject: Welcome to OpenBSD 6.4!
> > > > > >
> > > > > >This message attempts to describe the most basic initial questions 
> > > > > >that
> > > > > >a
> > > > > >system administrator of an OpenBSD box might have.  You are urged to
> > > > > >save
> > > > > >this message for later reference.
> > > > > >>--<
> > > > > >
> > > > > >I also remember that I had this problem since the first time I
> > > > > >installed 6.4-current on my new laptop.
> > > > > >
> > > > > >I do receive local mail (e.g., from crontab) for a non-priveleged 
> > > > > >user
> > > > > >created during setup.
> > > > > >
> > > > > >Any ideas of what might be going on?
> > > > > >
> > > > > >Best,
> > > > > >ivpgbe
> > > > > 
> > > > > It's because the Welcome email that gets sent to root and the user 
> > > > > created during install is dated in the future.  It has the initial 
> > > > > planned release date of Nov. 1st.  Mail(1) can't seem to see into the 
> > > > > future.
> > > > 
> > > > Good catch - that explains why I would not see it after the install. 
> > > > But 
> > > > today is Nov 8 (as confirmed by date(1), and it still doesn't see it, 
> > > > even after I touch(1) the file. Should I report it as a bug? 
> > > > 
> > > > The mismatch between Nov 1 and the actual release is probably another 
> > > > bug. Should I report as well?
> > > > 
> > > > Thanks!
> > > 

Re: mail doesn't read mail from /var/mail/root

[ivpgbe]

Yes, and I didn't change any defaults:

# set | grep MAIL
MAIL=/var/mail/root
MAILCHECK=600

On Thu, Nov 8, 2018, at 7:23 AM, Otto Moerbeek wrote:
> On Thu, Nov 08, 2018 at 07:18:57AM -0800, ivp...@eml.cc wrote:
> 
> > I also tested on 6.4-release, and can confirm the same behavior.
> 
> Is you MAIL environment var set? 
> 
>   -Otto
> 
> > 
> > On Thu, Nov 8, 2018, at 7:13 AM, ivp...@eml.cc wrote:
> > > On Thu, Nov 8, 2018, at 6:03 AM, TronDD wrote:
> > > > On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
> > > > >Hello,
> > > > >
> > > > >I must be missing something obvious, but since installing 6.4-current
> > > > >(on a few versions in a row), I can't get mail to read /var/mail/root.
> > > > >
> > > > >After logging in, I see:
> > > > >
> > > > >>---<
> > > > >OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
> > > > >
> > > > >[... skipped ...]
> > > > >
> > > > >You have mail.
> > > > >thor# mail
> > > > >No mail for root
> > > > >thor# mail -f /var/mail/root
> > > > >Mail version 8.1.2 01/15/2001.  Type ? for help.
> > > > >"/var/mail/root": 0 messages
> > > > >thor# ls -l /var/mail/root
> > > > >-rw---  1 root  wheel   3.9K Oct 20 00:37 /var/mail/root
> > > > >thor# head /var/mail/root
> > > > >From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00 MDT 2018
> > > > >Return-Path: root
> > > > >Date: Nov 1 06:30:00 MDT 2018
> > > > >From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
> > > > >To: root
> > > > >Subject: Welcome to OpenBSD 6.4!
> > > > >
> > > > >This message attempts to describe the most basic initial questions that
> > > > >a
> > > > >system administrator of an OpenBSD box might have.  You are urged to
> > > > >save
> > > > >this message for later reference.
> > > > >>--<
> > > > >
> > > > >I also remember that I had this problem since the first time I
> > > > >installed 6.4-current on my new laptop.
> > > > >
> > > > >I do receive local mail (e.g., from crontab) for a non-priveleged user
> > > > >created during setup.
> > > > >
> > > > >Any ideas of what might be going on?
> > > > >
> > > > >Best,
> > > > >ivpgbe
> > > > 
> > > > It's because the Welcome email that gets sent to root and the user 
> > > > created during install is dated in the future.  It has the initial 
> > > > planned release date of Nov. 1st.  Mail(1) can't seem to see into the 
> > > > future.
> > > 
> > > Good catch - that explains why I would not see it after the install. But 
> > > today is Nov 8 (as confirmed by date(1), and it still doesn't see it, 
> > > even after I touch(1) the file. Should I report it as a bug? 
> > > 
> > > The mismatch between Nov 1 and the actual release is probably another 
> > > bug. Should I report as well?
> > > 
> > > Thanks!
> > 

Re: mail doesn't read mail from /var/mail/root

[Otto Moerbeek]

On Thu, Nov 08, 2018 at 07:18:57AM -0800, ivp...@eml.cc wrote:

> I also tested on 6.4-release, and can confirm the same behavior.

Is you MAIL environment var set? 

-Otto

> 
> On Thu, Nov 8, 2018, at 7:13 AM, ivp...@eml.cc wrote:
> > On Thu, Nov 8, 2018, at 6:03 AM, TronDD wrote:
> > > On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
> > > >Hello,
> > > >
> > > >I must be missing something obvious, but since installing 6.4-current
> > > >(on a few versions in a row), I can't get mail to read /var/mail/root.
> > > >
> > > >After logging in, I see:
> > > >
> > > >>---<
> > > >OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
> > > >
> > > >[... skipped ...]
> > > >
> > > >You have mail.
> > > >thor# mail
> > > >No mail for root
> > > >thor# mail -f /var/mail/root
> > > >Mail version 8.1.2 01/15/2001.  Type ? for help.
> > > >"/var/mail/root": 0 messages
> > > >thor# ls -l /var/mail/root
> > > >-rw---  1 root  wheel   3.9K Oct 20 00:37 /var/mail/root
> > > >thor# head /var/mail/root
> > > >From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00 MDT 2018
> > > >Return-Path: root
> > > >Date: Nov 1 06:30:00 MDT 2018
> > > >From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
> > > >To: root
> > > >Subject: Welcome to OpenBSD 6.4!
> > > >
> > > >This message attempts to describe the most basic initial questions that
> > > >a
> > > >system administrator of an OpenBSD box might have.  You are urged to
> > > >save
> > > >this message for later reference.
> > > >>--<
> > > >
> > > >I also remember that I had this problem since the first time I
> > > >installed 6.4-current on my new laptop.
> > > >
> > > >I do receive local mail (e.g., from crontab) for a non-priveleged user
> > > >created during setup.
> > > >
> > > >Any ideas of what might be going on?
> > > >
> > > >Best,
> > > >ivpgbe
> > > 
> > > It's because the Welcome email that gets sent to root and the user 
> > > created during install is dated in the future.  It has the initial 
> > > planned release date of Nov. 1st.  Mail(1) can't seem to see into the 
> > > future.
> > 
> > Good catch - that explains why I would not see it after the install. But 
> > today is Nov 8 (as confirmed by date(1), and it still doesn't see it, 
> > even after I touch(1) the file. Should I report it as a bug? 
> > 
> > The mismatch between Nov 1 and the actual release is probably another 
> > bug. Should I report as well?
> > 
> > Thanks!
> 

Re: mail doesn't read mail from /var/mail/root

[ivpgbe]

I also tested on 6.4-release, and can confirm the same behavior.

On Thu, Nov 8, 2018, at 7:13 AM, ivp...@eml.cc wrote:
> On Thu, Nov 8, 2018, at 6:03 AM, TronDD wrote:
> > On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
> > >Hello,
> > >
> > >I must be missing something obvious, but since installing 6.4-current
> > >(on a few versions in a row), I can't get mail to read /var/mail/root.
> > >
> > >After logging in, I see:
> > >
> > >>---<
> > >OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
> > >
> > >[... skipped ...]
> > >
> > >You have mail.
> > >thor# mail
> > >No mail for root
> > >thor# mail -f /var/mail/root
> > >Mail version 8.1.2 01/15/2001.  Type ? for help.
> > >"/var/mail/root": 0 messages
> > >thor# ls -l /var/mail/root
> > >-rw---  1 root  wheel   3.9K Oct 20 00:37 /var/mail/root
> > >thor# head /var/mail/root
> > >From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00 MDT 2018
> > >Return-Path: root
> > >Date: Nov 1 06:30:00 MDT 2018
> > >From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
> > >To: root
> > >Subject: Welcome to OpenBSD 6.4!
> > >
> > >This message attempts to describe the most basic initial questions that
> > >a
> > >system administrator of an OpenBSD box might have.  You are urged to
> > >save
> > >this message for later reference.
> > >>--<
> > >
> > >I also remember that I had this problem since the first time I
> > >installed 6.4-current on my new laptop.
> > >
> > >I do receive local mail (e.g., from crontab) for a non-priveleged user
> > >created during setup.
> > >
> > >Any ideas of what might be going on?
> > >
> > >Best,
> > >ivpgbe
> > 
> > It's because the Welcome email that gets sent to root and the user 
> > created during install is dated in the future.  It has the initial 
> > planned release date of Nov. 1st.  Mail(1) can't seem to see into the 
> > future.
> 
> Good catch - that explains why I would not see it after the install. But 
> today is Nov 8 (as confirmed by date(1), and it still doesn't see it, 
> even after I touch(1) the file. Should I report it as a bug? 
> 
> The mismatch between Nov 1 and the actual release is probably another 
> bug. Should I report as well?
> 
> Thanks!

Re: mail doesn't read mail from /var/mail/root

[ivpgbe]

On Thu, Nov 8, 2018, at 6:03 AM, TronDD wrote:
> On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
> >Hello,
> >
> >I must be missing something obvious, but since installing 6.4-current
> >(on a few versions in a row), I can't get mail to read /var/mail/root.
> >
> >After logging in, I see:
> >
> >>---<
> >OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
> >
> >[... skipped ...]
> >
> >You have mail.
> >thor# mail
> >No mail for root
> >thor# mail -f /var/mail/root
> >Mail version 8.1.2 01/15/2001.  Type ? for help.
> >"/var/mail/root": 0 messages
> >thor# ls -l /var/mail/root
> >-rw---  1 root  wheel   3.9K Oct 20 00:37 /var/mail/root
> >thor# head /var/mail/root
> >From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00 MDT 2018
> >Return-Path: root
> >Date: Nov 1 06:30:00 MDT 2018
> >From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
> >To: root
> >Subject: Welcome to OpenBSD 6.4!
> >
> >This message attempts to describe the most basic initial questions that
> >a
> >system administrator of an OpenBSD box might have.  You are urged to
> >save
> >this message for later reference.
> >>--<
> >
> >I also remember that I had this problem since the first time I
> >installed 6.4-current on my new laptop.
> >
> >I do receive local mail (e.g., from crontab) for a non-priveleged user
> >created during setup.
> >
> >Any ideas of what might be going on?
> >
> >Best,
> >ivpgbe
> 
> It's because the Welcome email that gets sent to root and the user 
> created during install is dated in the future.  It has the initial 
> planned release date of Nov. 1st.  Mail(1) can't seem to see into the 
> future.

Good catch - that explains why I would not see it after the install. But today 
is Nov 8 (as confirmed by date(1), and it still doesn't see it, even after I 
touch(1) the file. Should I report it as a bug? 

The mismatch between Nov 1 and the actual release is probably another bug. 
Should I report as well?

Thanks!

Re: mail doesn't read mail from /var/mail/root

[TronDD]

On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote:
>Hello,
>
>I must be missing something obvious, but since installing 6.4-current
>(on a few versions in a row), I can't get mail to read /var/mail/root.
>
>After logging in, I see:
>
>>---<
>OpenBSD 6.4-current (GENERIC.MP) #425: Sun Nov 4
>
>[... skipped ...]
>
>You have mail.
>thor# mail
>No mail for root
>thor# mail -f /var/mail/root
>Mail version 8.1.2 01/15/2001.  Type ? for help.
>"/var/mail/root": 0 messages
>thor# ls -l /var/mail/root
>-rw---  1 root  wheel   3.9K Oct 20 00:37 /var/mail/root
>thor# head /var/mail/root
>From dera...@do-not-reply.openbsd.org Sun Nov 1 06:30:00 MDT 2018
>Return-Path: root
>Date: Nov 1 06:30:00 MDT 2018
>From: dera...@do-not-reply.openbsd.org (Theo de Raadt)
>To: root
>Subject: Welcome to OpenBSD 6.4!
>
>This message attempts to describe the most basic initial questions that
>a
>system administrator of an OpenBSD box might have.  You are urged to
>save
>this message for later reference.
>>--<
>
>I also remember that I had this problem since the first time I
>installed 6.4-current on my new laptop.
>
>I do receive local mail (e.g., from crontab) for a non-priveleged user
>created during setup.
>
>Any ideas of what might be going on?
>
>Best,
>ivpgbe

It's because the Welcome email that gets sent to root and the user created 
during install is dated in the future.  It has the initial planned release date 
of Nov. 1st.  Mail(1) can't seem to see into the future.

Re: 6.4 - Unable to boot after successfully installed

[Luthing]

OK you were all right...
After let the default partionning values, I'm able to boot normally.

I would thank Stefan and Kenneth about their detailed replies.
Many thanks for your help, and faq is answering my new questions about that.

Cheers
Luthing



--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

Re: ikev2 and road warriors setup

[Radek]

I've been playing around with netcat. 
I noticed that the netcat process on my VPN_server does not show any "X" on 
stdout for ports 4500 and 1701.

May it be relevant to my VPN issue?

VPN_serv is A.B.C.77/23 (it is not behind NAT):

$ pfctl -s rules
pass all flags S/SA

$ nc -u -l 500


X.Y.Z.11/29$ nc -vuz A.B.C.77 4500
A.B.C.69/23$ nc -vuz A.B.C.77 4500
$ nc -u -l 4500
NOTHING IS HERE

$ nc -u -l 4499


$ nc -u -l 4501


X.Y.Z.11/29$ nc -vuz A.B.C.77 1701
A.B.C.69/23$ nc -vuz A.B.C.77 1701
$ nc -u -l 1701
NOTHING IS HERE

$ nc -u -l 22


$ nc -u -l 1234


On Wed, 7 Nov 2018 12:17:09 +0100
Radek  wrote:

> Yesterday I tried this scenario:
> 
> Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119
> VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed
> VPN_IKEv2 - A.B.C.77/23, not NATed
> 
> I connected Win7_warrior to VPN_L2TP and then to VPN_IKEv2. I was having two 
> active VPN conn in one time.
> Next, I disconnected VPN_L2TP. VPN_IKEv2 was still active and was working 
> fine. 
> 
> When I disconnected VPN_IKEv2 and was trying to connect VPN_IKEv2 omitting 
> VPN_L2TP - I got 809.
> 
> Removing home_router which is between Win7_warrior and 1.2.3.119 does not 
> change anything.
>  
> Another thing:
> I install VPN_IKEv2 OS via PXEboot and get private IP from dhcp server. Then 
> I move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. 
> Maybe I missed something in network conf that is important for OpenIKED?
> 
> Any idea?
> 
> 
> On Tue, 6 Nov 2018 11:21:52 +0100
> Radek  wrote:
> 
> > Hello Kim,
> > 
> > > My question was concerning the VPN_server, is the server NATed?
> > A.B.C.0/23 is not NATed, it is a public pool. VPN_server is not NATed.
> > 
> > > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall 
> > > ...
> > I only have switches in my building.
> > All routers/firewalls of my network are in another building, I do not know 
> > the whole network structure, devices, security policies... but I have never 
> > noticed that any ports were blocked.
> > 
> > I can setup a IKEV2 site-to-site VPN A.B.C.D/23 <--> !A.B.C.0/23 and it 
> > works like a charm.
> > https://community.riocities.com/openike_openbsd.html
> > But I can not setup a VPN_server for road warriors.
> > 
> > I have just set up a VPN_L2TP_serv on Mikrotik (A.B.C.75/23). I can connect 
> > my Win7_warrior from !A.B.C.0/23 (currently testing on GSM network).
> > L2TP and IKEV2 use 500, 4500 ports. If L2TP works fine so I conclude that 
> > it is not any Router/FW problem. 
> > 
> > On Tue, 6 Nov 2018 07:48:37 +0100
> > Kim Zeitler  wrote:
> > 
> > > Good morning Radek,
> > > 
> > > I have a suspicion ...
> > > 
> > > > For (1), (2) and (3) VPN is working just fine with Win7_warrior and 
> > > > puffy_warrior if they are connecting from A.B.C.0/23 (it does not 
> > > > matter if warrior has public IP or it is behind NAT). The rest of the 
> > > > world fails to connect the VPN_server.
> > > My question was concerning the VPN_server, is the server NATed?
> > > How is A.B.C.0/23 connected to the 'rest' of the world? Router/Firewall 
> > > ...
> > > 
> > > Cheers,
> > > Kim
> > > 
> > > 
> > 
> > 
> > -- 
> > radek
> 
> 
> -- 
> radek


-- 
radek

Re: iridium-browser + unveil

[Stefan Wollny]

Am 08.11.18 um 12:47 schrieb Florian Obser:
> The point of unveil in chrome is that it can't exfiltrate your ssh
> private key.

Got it!

Thank you for making things clear.

Re: Munin node over IPv6

[Alarig Le Lay]

On jeu.  8 nov. 12:32:31 2018, Florian Obser wrote:
> > can you try the following:
> > 
> > host ::1 (or even host :::1 it seems that a bug requires to add an extra 
> > colon)

With explicit IPv6 addresses and without the INET6 pkg installed, munin
crashes

> I believe one needs p5-IO-Socket-INET6 installed.
> I have host * in my config and that gives me:
> 
> tcp  0  0  *.4949 *.*LISTEN
> tcp6 0  0  *.4949 *.*LISTEN

But with the pkg, it works:

root@kaiminus:~ # telnet guinch.swordarmor.fr 4949
Trying 2a00:5884:102:1::9...
Connected to guinch.swordarmor.fr.
Escape character is '^]'.
# munin node at guinch.swordarmor.fr
list
amavis cpu df df_inode if_enc0 if_errcoll_enc0 if_errcoll_tun0 if_errcoll_tun10 
if_errcoll_tun11 if_errcoll_tun12 if_errcoll_tun13 if_errcoll_tun2 
if_errcoll_tun3 if_errcoll_tun4 if_errcoll_tun5 if_errcoll_tun6 if_errcoll_tun7 
if_errcoll_tun8 if_errcoll_tun9 if_errcoll_vio0 if_pps_enc0 if_pps_tun0 
if_pps_tun10 if_pps_tun11 if_pps_tun12 if_pps_tun13 if_pps_tun2 if_pps_tun3 
if_pps_tun4 if_pps_tun5 if_pps_tun6 if_pps_tun7 if_pps_tun8 if_pps_tun9 
if_pps_vio0 if_tun0 if_tun10 if_tun11 if_tun12 if_tun13 if_tun2 if_tun3 if_tun4 
if_tun5 if_tun6 if_tun7 if_tun8 if_tun9 if_vio0 load memory netstat open_files 
processes systat uptime users vmstat

Thank you very much to the both of you!

-- 
Alarig
(but I think you’re real)

Re: iridium-browser + unveil

[Florian Obser]

On Thu, Nov 08, 2018 at 09:45:38AM +0100, Stefan Wollny wrote:
> Am 08.11.18 um 09:03 schrieb Stefan Wollny:
> > Hi there,
> > 
> > just a little nit with the iridium-browser unveiled:
> > 
> > I changed the 'exec' command in /usr/local/bin/iridium like so:
> > - LANG=${_l} exec "/usr/local/iridium/iridium" "${@}"
> > + LANG=${_l} exec "/usr/local/iridium/iridium" "--enable-unveil" "${@}"
> > 
> > With this change I can browse the web as before. BUT: My startpage is a
> > html-file in the users home directory containing a huge collection of
> > links to web sites. I use this file at home and at work where I am
> > forced to use the most popular unsafe OS. With iridium unveiled this
> > page is no longer accessible instead I get 'ERR_FILE_NOT_FOUND'.
> > 
> > Switching back to the exec without "--enable-unveil" and iridium finds
> > the file again. Easily reproducible.
> > 
> > With other browsers (e.g. FF, otter, netsurf, links+) this particular
> > file is accessible. No reason not to enable unveil on iridium in
> > particular as it just has been updated (in ports).
> > 
> Found an easy solution: While access to the user's home directory is not
> permitted, access to the subfolders _is_ allowed. Simply copied that
> particular file to ~/Downloads/, changed the path in iridium's settings
> and we're back to familiar operations. :-)
> 
> Now: How to give permission to access my home directory?
> 

I'm afraid you are missing the point. If you want it to have access to
your home directory run it without --enable-unveil. For all intents
and purposes that's the same thing as "giving permission to ~/"

The point of unveil in chrome is that it can't exfiltrate your ssh
private key.

-- 
I'm not entirely sure you are real.

Re: iridium-browser + unveil

[Florian Obser]

On Thu, Nov 08, 2018 at 10:52:11AM +0200, Dumitru Moldovan wrote:
> On Thu, 8 Nov 2018 09:03:51 +0100, Stefan Wollny  wrote:
> > 
> > I changed the 'exec' command in /usr/local/bin/iridium like so:
> > - LANG=${_l} exec "/usr/local/iridium/iridium" "${@}"
> > + LANG=${_l} exec "/usr/local/iridium/iridium" "--enable-unveil" "${@}"
> > 
> > With this change I can browse the web as before. BUT: My startpage is a
> > html-file in the users home directory containing a huge collection of
> > links to web sites. I use this file at home and at work where I am
> > forced to use the most popular unsafe OS. With iridium unveiled this
> > page is no longer accessible instead I get 'ERR_FILE_NOT_FOUND'.
> 
> With unveil enabled, your browser can only download files to your ~/Downloads 
> sub-dir, and can only upload files from your ~/Uploads sub-dir.  So maybe put 
> your HTML file in ~/Uploads and use the new location as the start page?
> 
> Disclaimer: I am not a user of Iridium or Chromium with unveil, but this is 
> what I remember from Bob Beck's presentation on the subject at EuroBSDCon in 
> September.  Hope I got the sub-dirs right!  Thinking about it, there should 
> be write access to ~/.cache as well, maybe even /tmp, but these are just 
> extra details.
> 

It's only ~/Downloads

-- 
I'm not entirely sure you are real.

Re: Munin node over IPv6

[Florian Obser]

On Thu, Nov 08, 2018 at 12:21:58PM +0100, Solene Rapenne wrote:
> Alarig Le Lay  wrote:
> > Hi,
> > 
> > I would like to pull my munin node over IPv6, but the process is only
> > listening on IPv4.
> > 
> > guinch# grep '^host' /etc/munin/munin-node.conf
> > host *
> > guinch# netstat -af inet | grep 4949
> > tcp  0  0  *.4949 *.*LISTEN
> > guinch# netstat -af inet6 | grep 4949
> > guinch#
> > 
> > This configuration works on other OSes.
> > How could I make it on OpenBSD?
> > 
> > Thanks,
> 
> can you try the following:
> 
> host ::1 (or even host :::1 it seems that a bug requires to add an extra 
> colon)
> 

I believe one needs p5-IO-Socket-INET6 installed.
I have host * in my config and that gives me:

tcp  0  0  *.4949 *.*LISTEN
tcp6 0  0  *.4949 *.*LISTEN

Cheers,
Florian

-- 
I'm not entirely sure you are real.

Re: Munin node over IPv6

[Solene Rapenne]

Alarig Le Lay  wrote:
> Hi,
> 
> I would like to pull my munin node over IPv6, but the process is only
> listening on IPv4.
> 
> guinch# grep '^host' /etc/munin/munin-node.conf
> host *
> guinch# netstat -af inet | grep 4949
> tcp  0  0  *.4949 *.*LISTEN
> guinch# netstat -af inet6 | grep 4949
> guinch#
> 
> This configuration works on other OSes.
> How could I make it on OpenBSD?
> 
> Thanks,

can you try the following:

host ::1 (or even host :::1 it seems that a bug requires to add an extra colon)

Munin node over IPv6

[Alarig Le Lay]

Hi,

I would like to pull my munin node over IPv6, but the process is only
listening on IPv4.

guinch# grep '^host' /etc/munin/munin-node.conf
host *
guinch# netstat -af inet | grep 4949
tcp  0  0  *.4949 *.*LISTEN
guinch# netstat -af inet6 | grep 4949
guinch#

This configuration works on other OSes.
How could I make it on OpenBSD?

Thanks,
-- 
Alarig

Re: 'auto-join' to the wifi

[Stefan Sperling]

On Thu, Nov 08, 2018 at 01:12:35PM +0500, Артур Истомин wrote:
> There is example for hostname.if for auto-join to wifi network 
> https://www.mail-archive.com/source-changes@openbsd.org/msg99921.html
> 
> But what if I have different networks with dynamic and static IPs or another 
> different options? For example:
> 
> join home wpakey password <-- has static IP and 'wpaprotos wpa1' 
> option

Adding the 'wpaprotos wpa1' option on the same line is supposed to work.
Unfornately this is broken right now, see:
https://marc.info/?l=openbsd-bugs=154118247412508=2

Regarding IP addresses: Wifi doesn't know about IP addresses!
All 'join' will take care of is setting interface status to 'active'.
So you need to handle such differences yourself in some way.

> join work wpakey mekmitasdigoat
> dhcp
> inet6 autoconf
> up
> 
> Thanks!
> 

'auto-join' to the wifi

[Артур Истомин]

There is example for hostname.if for auto-join to wifi network 
https://www.mail-archive.com/source-changes@openbsd.org/msg99921.html

But what if I have different networks with dynamic and static IPs or another 
different options? For example:

join home wpakey password <-- has static IP and 'wpaprotos wpa1' option
join work wpakey mekmitasdigoat
dhcp
inet6 autoconf
up

Thanks!

Re: iridium-browser + unveil

[Dumitru Moldovan]

On Thu, 8 Nov 2018 09:03:51 +0100, Stefan Wollny  wrote:
> 
> I changed the 'exec' command in /usr/local/bin/iridium like so:
> - LANG=${_l} exec "/usr/local/iridium/iridium" "${@}"
> + LANG=${_l} exec "/usr/local/iridium/iridium" "--enable-unveil" "${@}"
> 
> With this change I can browse the web as before. BUT: My startpage is a
> html-file in the users home directory containing a huge collection of
> links to web sites. I use this file at home and at work where I am
> forced to use the most popular unsafe OS. With iridium unveiled this
> page is no longer accessible instead I get 'ERR_FILE_NOT_FOUND'.

With unveil enabled, your browser can only download files to your ~/Downloads 
sub-dir, and can only upload files from your ~/Uploads sub-dir.  So maybe put 
your HTML file in ~/Uploads and use the new location as the start page?

Disclaimer: I am not a user of Iridium or Chromium with unveil, but this is 
what I remember from Bob Beck's presentation on the subject at EuroBSDCon in 
September.  Hope I got the sub-dirs right!  Thinking about it, there should be 
write access to ~/.cache as well, maybe even /tmp, but these are just extra 
details.

Re: iridium-browser + unveil

[Stefan Wollny]

Am 08.11.18 um 09:03 schrieb Stefan Wollny:
> Hi there,
> 
> just a little nit with the iridium-browser unveiled:
> 
> I changed the 'exec' command in /usr/local/bin/iridium like so:
> - LANG=${_l} exec "/usr/local/iridium/iridium" "${@}"
> + LANG=${_l} exec "/usr/local/iridium/iridium" "--enable-unveil" "${@}"
> 
> With this change I can browse the web as before. BUT: My startpage is a
> html-file in the users home directory containing a huge collection of
> links to web sites. I use this file at home and at work where I am
> forced to use the most popular unsafe OS. With iridium unveiled this
> page is no longer accessible instead I get 'ERR_FILE_NOT_FOUND'.
> 
> Switching back to the exec without "--enable-unveil" and iridium finds
> the file again. Easily reproducible.
> 
> With other browsers (e.g. FF, otter, netsurf, links+) this particular
> file is accessible. No reason not to enable unveil on iridium in
> particular as it just has been updated (in ports).
> 
Found an easy solution: While access to the user's home directory is not
permitted, access to the subfolders _is_ allowed. Simply copied that
particular file to ~/Downloads/, changed the path in iridium's settings
and we're back to familiar operations. :-)

Now: How to give permission to access my home directory?

iridium-browser + unveil

[Stefan Wollny]

Hi there,

just a little nit with the iridium-browser unveiled:

I changed the 'exec' command in /usr/local/bin/iridium like so:
- LANG=${_l} exec "/usr/local/iridium/iridium" "${@}"
+ LANG=${_l} exec "/usr/local/iridium/iridium" "--enable-unveil" "${@}"

With this change I can browse the web as before. BUT: My startpage is a
html-file in the users home directory containing a huge collection of
links to web sites. I use this file at home and at work where I am
forced to use the most popular unsafe OS. With iridium unveiled this
page is no longer accessible instead I get 'ERR_FILE_NOT_FOUND'.

Switching back to the exec without "--enable-unveil" and iridium finds
the file again. Easily reproducible.

With other browsers (e.g. FF, otter, netsurf, links+) this particular
file is accessible. No reason not to enable unveil on iridium in
particular as it just has been updated (in ports).

Best,
STEFAN