Re: Is there the ability to read and write raw RAM contents?
On Mon, Mar 25, 2019 at 05:26:54PM -0400, Z Ero wrote: > I understand this would be a severe security/stability issue in many > cases but for some applications it would be interesting/useful if one > could dd and grep, etc, RAM on a live system. Is there any way to do > this on OpenBSD? Or is program memory space read write access always > protected by the kernel in every instance? > There are ways, but with restrictions. Start reading man mem -Otto
Re: what about security ?
On Mar 25, 2019 7:00 PM, Flipchan wrote: > > Check out pledge > > On March 25, 2019 11:20:13 PM GMT+01:00, Cord > wrote: > >Hi, > >what security technology can I implement to securify for example script > >that connect to any website ? > >Is there any howto for chroot ? > >Thank you. > >Cord > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. Use an unprivileged user to run the script. $ man chroot
Re: what about security ?
I am sorry but I am not a developer, i don't need library or syscall to securify my software. I am a user that just want security curl or python or ksh because some guys have hacked my openbsd desktop. Thank you. Cord. ‐‐‐ Original Message ‐‐‐ On Tuesday, March 26, 2019 1:00 AM, Flipchan wrote: > Check out pledge > > On March 25, 2019 11:20:13 PM GMT+01:00, Cord > wrote: > >> Hi, >> >> what security technology can I implement to securify for example script that >> connect to any website ? >> >> Is there any howto for chroot ? >> >> Thank you. >> >> Cord > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: what about security ?
Check out pledge On March 25, 2019 11:20:13 PM GMT+01:00, Cord wrote: >Hi, >what security technology can I implement to securify for example script >that connect to any website ? >Is there any howto for chroot ? >Thank you. >Cord -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: trackpad reversed scrolling broken on -current
The "ZAxisMapping" doesn't work for touchpads with a new kernel. For now, you can apply this workaround: Read out the scroll distance with wsconsctl (you must run it as root or create a doas(1) configuration for it). Here is an example: $ doas wsconsctl mouse.param=134 mouse.param -> 134:108 Change the parameter to the corresponding negative value: $ doas wsconsctl mouse.param=134:-108 mouse.param -> 134:-108 You can make that permanent with an entry in wsconsctl.conf. However, please note that the "param" field is for debugging and development, there are no guarantees about its future. On 3/25/19 7:20 PM, lists+m...@ggp2.com wrote: > Hello all - > > On the latest snap of -current, my reversed trackpad scrolling seems to > have broken. My xorg.conf is as follows: > > Section "InputClass" > Identifier "ws pointer" > MatchIsPointer "true" > Option "AccelerationProfile" "2" > Option "AccelerationNumerator" "5" > Option "AccelerationDenominator" "2" > Option "AccelerationThreshold" "0" > EndSection > > Section "InputClass" > Identifier "ws touchpad" > MatchIsTouchpad "true" > Option "AccelerationProfile" "2" > Option "AccelerationNumerator" "10" > Option "AccelerationDenominator" "9" > Option "AccelerationThreshold" "0" > Option "ZAxisMapping" "5 4" > EndSection > > I saw on the "following -current" page that "Using a new kernel with > touchpads requires an updated version of ws(4). The touchpad input > driver generates new types of wscons events for scrolling.", which I > think could be related. However, xev shows that the button events are > still 4 and 5 for Z axis scrolling. > > dmesg as follows (Lenovo 5th gen X1): > > OpenBSD 6.5-beta (GENERIC.MP) #830: Sun Mar 24 19:44:30 MDT 2019 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 16908881920 (16125MB) > avail mem = 16386105344 (15627MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xbf0ed000 (62 entries) > bios0: vendor LENOVO version "N1MET52W(1.37)" date 02/14/2019 > bios0: LENOVO 20HRCTO1WW > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP UEFI SSDT SSDT HPET APIC MCFG ECDT SSDT BOOT BATB > SSDT SSDT SSDT WSMT SSDT SSDT DBGP DBG2 MSDM DMAR ASF! FPDT UEFI > acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) RP02(S4) > RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) RP09(S4) RP10(S4) RP11(S4) > RP12(S4) RP13(S4) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 2399 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz, 2593.62 MHz, 06-8e-09 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 24MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz, 2593.98 MHz, 06-8e-09 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN > cpu1: 256KB 64b/line 8-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins > acpimcfg0 at acpi0 > acpimcfg0: addr 0xf000, bus 0-127 > acpiec0 at acpi0 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 2 (RP01) > acpiprt2 at acpi0: bus -1 (RP02) > acpiprt3 at acpi0: bus 4 (RP03) > acpiprt4 at acpi0: bus -1 (RP04) > acpiprt5 at acpi0: bus 5 (RP05) > acpiprt6 at acpi0: bus -1 (RP06) > acpiprt7 at acpi0: bus -1 (RP07) > acpiprt8 at acpi0: bus -1 (RP08) > acpiprt9 at acpi0: bus -1 (RP09) > acpiprt10 at acpi0: bus -1 (RP10) > acpiprt11 at acpi0: bus -1 (RP11) > acpiprt12 at acpi0: bus -1 (RP12) > acpiprt13 at acpi0: bus -1 (RP13) > acpiprt14 at acpi0: bus -1 (RP14) > acpiprt15 at acpi0: bus -1 (RP15) > acpiprt16 at acpi0: bus -1 (RP16) > acpiprt17 at acpi0: bus -1 (RP17) > acpiprt18 at acp
what about security ?
Hi, what security technology can I implement to securify for example script that connect to any website ? Is there any howto for chroot ? Thank you. Cord
Re: trackpad reversed scrolling broken on -current
On Mon, Mar 25, 2019 at 10:53:08PM +0100, Ulf Brosziewski wrote: > You can make that permanent with an entry in wsconsctl.conf. However, > please note that the "param" field is for debugging and development, > there are no guarantees about its future. Thanks yet again, Ulf. For long term plans, please don't forget about us backwards people ;) You helped me a short while ago with different sensitivities between the trackpoint/trackpad, and I've been using the specified xorg.conf with much more enjoyment since then.
Re: Is there the ability to read and write raw RAM contents?
On Mon, Mar 25, 2019 at 05:26:54PM -0400, Z Ero wrote: > I understand this would be a severe security/stability issue in many > cases but for some applications it would be interesting/useful if one > could dd and grep, etc, RAM on a live system. Is there any way to do > this on OpenBSD? Or is program memory space read write access always > protected by the kernel in every instance? > Using vmm you can save the memory of the VM as a file.
Is there the ability to read and write raw RAM contents?
I understand this would be a severe security/stability issue in many cases but for some applications it would be interesting/useful if one could dd and grep, etc, RAM on a live system. Is there any way to do this on OpenBSD? Or is program memory space read write access always protected by the kernel in every instance?
Re: Infinite spin when trying to burn a CD
Thanks for your reply. # cdio -f /dev/rcd0c tao -s 1 file.iso Maybe? Raw device and slow speed I've try it, but unfortunetly it doesn't change anything, nothing is written on the disk and it spins forever. Nevertheless, after further investigation, it seems that the problem only appear if the ISO image has a size greater than ~512k... I can blank a CD, write small ISO images (~512ko max), but if I try to write anything else, I got a CD that spin indefinitly without the possibility to eject it.
trackpad reversed scrolling broken on -current
Hello all - On the latest snap of -current, my reversed trackpad scrolling seems to have broken. My xorg.conf is as follows: Section "InputClass" Identifier "ws pointer" MatchIsPointer "true" Option "AccelerationProfile" "2" Option "AccelerationNumerator" "5" Option "AccelerationDenominator" "2" Option "AccelerationThreshold" "0" EndSection Section "InputClass" Identifier "ws touchpad" MatchIsTouchpad "true" Option "AccelerationProfile" "2" Option "AccelerationNumerator" "10" Option "AccelerationDenominator" "9" Option "AccelerationThreshold" "0" Option "ZAxisMapping" "5 4" EndSection I saw on the "following -current" page that "Using a new kernel with touchpads requires an updated version of ws(4). The touchpad input driver generates new types of wscons events for scrolling.", which I think could be related. However, xev shows that the button events are still 4 and 5 for Z axis scrolling. dmesg as follows (Lenovo 5th gen X1): OpenBSD 6.5-beta (GENERIC.MP) #830: Sun Mar 24 19:44:30 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16908881920 (16125MB) avail mem = 16386105344 (15627MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xbf0ed000 (62 entries) bios0: vendor LENOVO version "N1MET52W(1.37)" date 02/14/2019 bios0: LENOVO 20HRCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP UEFI SSDT SSDT HPET APIC MCFG ECDT SSDT BOOT BATB SSDT SSDT SSDT WSMT SSDT SSDT DBGP DBG2 MSDM DMAR ASF! FPDT UEFI acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) RP02(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) RP09(S4) RP10(S4) RP11(S4) RP12(S4) RP13(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz, 2593.62 MHz, 06-8e-09 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz, 2593.98 MHz, 06-8e-09 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf000, bus 0-127 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus 4 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus 5 (RP05) acpiprt6 at acpi0: bus -1 (RP06) acpiprt7 at acpi0: bus -1 (RP07) acpiprt8 at acpi0: bus -1 (RP08) acpiprt9 at acpi0: bus -1 (RP09) acpiprt10 at acpi0: bus -1 (RP10) acpiprt11 at acpi0: bus -1 (RP11) acpiprt12 at acpi0: bus -1 (RP12) acpiprt13 at acpi0: bus -1 (RP13) acpiprt14 at acpi0: bus -1 (RP14) acpiprt15 at acpi0: bus -1 (RP15) acpiprt16 at acpi0: bus -1 (RP16) acpiprt17 at acpi0: bus -1 (RP17) acpiprt18 at acpi0: bus -1 (RP18) acpiprt19 at acpi0: bus -1 (RP19) acpiprt20 at acpi0: bus -1 (RP20) acpiprt21 at acpi0: bus -1 (RP21) acpiprt22 at acpi0: bus -1 (RP22) acpiprt23 at acpi0: bus -1 (RP23) acpiprt24 at acpi0: bus -1 (RP24) acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHC_ acpipwrres1 at acpi0: WRST acpipwrres2 at acpi0: WRST acpitz0 at acpi0: critical temperature is 128 degC acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x acpithinkpad0 at acpi0 acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model "01AV494" serial 2264 type LiP oem "LGC" acpicmos0 at acpi0 "ALPS" at acpi0 not configured "INT0E0C" at acpi0 not configured acpibt
Re: video decoding and playback in OpenBSD
On Mon, Mar 25, 2019 at 06:05:58PM +0200, Mihai Popescu wrote: > Hello, > > I am trying to find some hardware for an OpenBSD multimedia computer. > I plan to attach it on a HDMI TV and play youtube on it, 1080p@30fps > or more. No 4K involved. > > My thinking is to go for an AMD A8-6500 processor, but I am not sure > if this is enough.Right now I am using and AMD Athlon II X2 B26 which > drops some frames on youtube 1080p. I've read that ffmpeg, mpv and > chromium do not use GPU in any way for decoding in OpenBSD. This surprises me, your CPU doesn't seem that slow. > I could not afford to go for performance hardware like Intel Core > I7-4770, so if you please could you make some suggestion about what > you run as a minimum requirements? Am I on the right track thinking > that more powerful CPUs will speed up decoding? I'd suggest to check where is spent most of the CPU time, in mpv or in Xorg? You could try different mpv "-vo" options, there are machines where "-vo x11" is faster than the default one. HTH
video decoding and playback in OpenBSD
Hello, I am trying to find some hardware for an OpenBSD multimedia computer. I plan to attach it on a HDMI TV and play youtube on it, 1080p@30fps or more. No 4K involved. My thinking is to go for an AMD A8-6500 processor, but I am not sure if this is enough.Right now I am using and AMD Athlon II X2 B26 which drops some frames on youtube 1080p. I've read that ffmpeg, mpv and chromium do not use GPU in any way for decoding in OpenBSD. I could not afford to go for performance hardware like Intel Core I7-4770, so if you please could you make some suggestion about what you run as a minimum requirements? Am I on the right track thinking that more powerful CPUs will speed up decoding? Thank you.
hardware support for HPE Smart Array E208i-p SR Gen10 (ciss ?) and HPE 561FLR-T (ix)
Hello, we have to retire some older "HP ProLiant DL360 Gen9" and want to buy the current model "HPE ProLiant DL360 Gen10" I'm unsure if the newer "HPE Smart Array E208i-p" is supported by the ciss driver (the old "HPE Smart Array H240ar" in our DL360 Gen9 worked for years like a charm) btw. I'm also checking the support of 10Gb Ethernet Adapters (to replace the old "HP Ethernet 10Gb 2-port 561T"): I think the current "HP Ethernet 10Gb 2-port 562FLR-T" and "HPE 562T" should work because they're also based on the "Intel Ethernet-Controller X540" listed in the ix driver man page anyone using these already? thanks in advance for any field reports greetings from Austria -Peter __ Peter Steiner networking and system administration feratel media technologies AG Laubichl 60 A - 5452 Pfarrwerfen FN 72841w, LG Innsbruck Telefon: +43 6468 8901-0, Fax: +43 6468 8901-2675 Internet: www.feratel.at, www.feratel.com
Re: httpd acme-client renew multiple domains
> On 25 Mar 2019, at 14:49, Solene Rapenne wrote:
>
> On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:
>>
>>
>>> On 25 Mar 2019, at 01:40, Stuart Henderson wrote:
>>>
>>> On 2019-03-23, Mischa wrote:
Hi Geir,
I have solved this with a little script.
###
#!/bin/sh
OUT=2
/usr/sbin/acme-client -v www.example.com
if test $? -eq 0
then EXT=$?
fi
/usr/sbin/acme-client -v www.example1.com
if test $? -eq 0
then EXT=$?
fi
if test $EXT -eq 0
then
echo "New certificates installed."
rcctl restart httpd
else echo "No new certificates installed."
fi
###
>>>
>>> Simpler:
>>>
>>> for i in www.example.com www.example1.com; do
>>> acme-client -v $i && reload=y
>>> done
>>> [[ -n $reload ]] && rcctl reload httpd
>>
>> Nice!! I have a couple of more domains in there, so the 'for' becomes a
>> little ugly, but I keep forgetting &&.
>> It's indeed not needed to use the actual exit code.
>>
>> Mischa
>>
>>
>
> One could easily write something like this:
>
> #!/bin/sh
>
> UPDATE=0
> for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
> do
> acme-client $domain
> if [ $? -eq 0 ]; then UPDATE=1 fi
> done
>
> if [ $UPDATE -ne 0 ]; then
> rcctl restart httpd dovecot smtpd
> fi
>
> you could also handle the exit status per domain if you want more
> informations. I did write the script for this mail, it may contains
> errors.
Hi Solene,
Love it!
Going to combine both suggestions.
Thanx!
Mischa
Re: httpd acme-client renew multiple domains
On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:
>
>
> > On 25 Mar 2019, at 01:40, Stuart Henderson wrote:
> >
> > On 2019-03-23, Mischa wrote:
> >> Hi Geir,
> >>
> >> I have solved this with a little script.
> >>
> >> ###
> >> #!/bin/sh
> >> OUT=2
> >> /usr/sbin/acme-client -v www.example.com
> >> if test $? -eq 0
> >> then EXT=$?
> >> fi
> >> /usr/sbin/acme-client -v www.example1.com
> >> if test $? -eq 0
> >> then EXT=$?
> >> fi
> >> if test $EXT -eq 0
> >> then
> >>echo "New certificates installed."
> >>rcctl restart httpd
> >> else echo "No new certificates installed."
> >> fi
> >> ###
> >
> > Simpler:
> >
> > for i in www.example.com www.example1.com; do
> > acme-client -v $i && reload=y
> > done
> > [[ -n $reload ]] && rcctl reload httpd
>
> Nice!! I have a couple of more domains in there, so the 'for' becomes a
> little ugly, but I keep forgetting &&.
> It's indeed not needed to use the actual exit code.
>
> Mischa
>
>
One could easily write something like this:
#!/bin/sh
UPDATE=0
for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
do
acme-client $domain
if [ $? -eq 0 ]; then UPDATE=1 fi
done
if [ $UPDATE -ne 0 ]; then
rcctl restart httpd dovecot smtpd
fi
you could also handle the exit status per domain if you want more
informations. I did write the script for this mail, it may contains
errors.
Re: httpd acme-client renew multiple domains
> On 25 Mar 2019, at 01:40, Stuart Henderson wrote: > > On 2019-03-23, Mischa wrote: >> Hi Geir, >> >> I have solved this with a little script. >> >> ### >> #!/bin/sh >> OUT=2 >> /usr/sbin/acme-client -v www.example.com >> if test $? -eq 0 >> then EXT=$? >> fi >> /usr/sbin/acme-client -v www.example1.com >> if test $? -eq 0 >> then EXT=$? >> fi >> if test $EXT -eq 0 >> then >>echo "New certificates installed." >>rcctl restart httpd >> else echo "No new certificates installed." >> fi >> ### > > Simpler: > > for i in www.example.com www.example1.com; do > acme-client -v $i && reload=y > done > [[ -n $reload ]] && rcctl reload httpd Nice!! I have a couple of more domains in there, so the 'for' becomes a little ugly, but I keep forgetting &&. It's indeed not needed to use the actual exit code. Mischa
Re: pppoe(4) and vlan(4)
The two mentioned modems work fine for a third ISP (easybell.de). But the two vodafone uplinks don‘t work on OpenBSD. The vodafone pppoe usernames includes a /. Maybe I‘ve to escape this character but I don‘t know how. any idea? Thomas Huber schrieb am Sa. 16. März 2019 um 22:34: > Hi, > > I just setup two of the mentioned xDSL-modem and now everything works > almost fine now. > It took a while to find proper modem settings (VPI,VCI, VLAN, VLAN-Prio) > for my ISP, don´t know if it is import for the OP. > If someone is interested I can provide further details. > Now i do the pppoe in OpenBSD and everything else like VLAN-tagging etc. > with the modem in bridge-mode. > > Thanks again for your help > Thomas > > > On Tue, 5 Mar 2019 at 22:22, Thomas Huber wrote: > >> I hooked two ADSLlinks now with a modem-router (aka. Fritzbox) which do >> the pppoe part for now. >> I also orderd a newer version of my xDSL-Modem (ALLNET BM200VDSL2V), >> that should be able to do the vlan tagging. >> I let you know how things work out when everything is in place. >> >> I start a new thread about pf load-blancer configuration... >> >> Thanks again for your support. >> Thomas >> >> >> On Tue, 26 Feb 2019 at 22:13, Thomas Huber wrote: >> >>> hmmm just played around and for ADSL-link 1 and 2 which are provided by >>> the Deutsche Telekom it is not important if it is chap or pap, works both. >>> >>> >>> >>> >>> On Tue, 26 Feb 2019 at 16:59, Stuart Henderson >>> wrote: >>> On 2019/02/26 16:38, Sebastian Benoit wrote: > Thomas Huber(miracu...@gmail.com) on 2019.02.26 14:22:33 +0100: > > with chap the tcpdump looks like this: > > > > #tcpdump -nevvs1500 -i vlan0 > > tcpdump: listening on vlan0, link-type EN10MB > > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session > > code Session, version 1, type 1, id 0x00a9, length 16 > > LCP Configure-Request Id=0x24: Magic-Number=98519 > > Max-Rx-Unit=1492 > > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session > > code Session, version 1, type 1, id 0x00a9, length 16 > > LCP Configure-Request Id=0x25: Magic-Number=98519 > > Max-Rx-Unit=1492 > > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session > > code Session, version 1, type 1, id 0x00a9, length 16 > > LCP Configure-Request Id=0x26: Magic-Number=98519 > > Max-Rx-Unit=1492 > > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session > > code Session, version 1, type 1, id 0x00a9, length 16 > > LCP Configure-Request Id=0x27: Magic-Number=98519 > > Max-Rx-Unit=1492 > > > > > > but no connection esblished. > > > > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson wrote: > > > > > On 2019/02/26 12:36, Thomas Huber wrote: > > > > Hi Stuart, > > > > > > > > and thanks for your help. > > > > I tried yout suggestion but didn??t solve the problem. > > > > here is the tcpdump output (i just stripped the account credentials) but > > > I can not read it. > > > > Maybe you can spot something here: > > > > > > > > # tcpdump -nevvs1500 -i em0 > > > > tcpdump: listening on em0, link-type EN10MB > > > > > > Reformatted a bit: > > > > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492 > > > Auth-Prot=PAP Magic-Number=526788746 > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492 > > > Auth-Prot=PAP Magic-Number=526788746 > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id= > > > Passwd= > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id= > > > Passwd= > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492 > > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274 > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb: Magic-Number=1818005467 > > > Max-Rx-Unit=1492 > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=
Re: GMA500 drivers
On 25/03/2019 09:44, Jonathan Gray wrote:
On Mon, Mar 25, 2019 at 07:50:30AM +, Maurice McCarthy wrote:
On 23/03/2019, Normen Wohner wrote:
I have now successfully installed OpenBSD
on my Netbook, however Graphics performance
is abysmal.
I know that sadly Linux uses binary blobs for
the GMA500 as it is a licensed Powervr chip.
Any idea on how to "maybe" get faster graphics
working?
I'm willing to do the legwork.
I assume you've tried fw_update to attempt from firmware.openbsd.org ?!
As it is not listed in man 4 intel (don't know how up to date that is)
maybe someone is already porting the firmware driver from freebsd.
Otherwise I'd guess you would have to port a linux driver yourself.
Best Wishes
There is a GPLv2 driver in linux.
"experimental 2D KMS framebuffer driver for the Intel GMA500 ('Poulsbo')
and other Intel IMG based graphics devices"
No one is looking at adding support for obscure Intel PowerVR parts from
over ten years ago with no documentation and incomplete and badly
licensed code. Running fw_update won't change that.
You've bought the wrong netbook. GMA500 is a disaster of a chip that
never performed as advertised, even using the Windows driver (which had
a few rewrites by Intel but never satisfied the customer base, you'll
find plenty of griping about it on various forums). Sell it off and get
a model that has a chipset that was actually made by Intel, not
licensed. There's plenty to choose from if you're into 2010 equipment.
That's the legwork you need to achieve I'm afraid.
Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA
Hi again. Just a quick update. After adding some "bogus" partitions 0 to 2 in front of openbsd paritition 3 the BIOS no longer hangs with disklabel data. I can now install, boot and run OpenBSD from SSD on SATA. $ doas fdisk sd0 Disk: sd0 geometry: 31130/255/63 [500118192 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: EE 0 0 2 - 0 0 11 [ 1: 10 ] EFI GPT 1: 05 0 0 12 - 0 0 32 [ 11: 21 ] Extended DOS 2: 83 0 0 23 - 0 0 54 [ 22: 32 ] Linux files* *3: A6 0 1 2 - 31129 254 63 [ 64: 500103386 ] OpenBSD I tried this with the intuition that this might stop the BIOS from "seeing" the disklabel data. And fortunately it worked. To really understand what is going on I guess one would need access to the BIOS source code, or? Should this issue be reported as an "official" bug? At least other Clevo W840SU laptop users could benefit from this knowledge. Best regards, Fox
Re: GMA500 drivers
On Mon, Mar 25, 2019 at 07:50:30AM +, Maurice McCarthy wrote:
> On 23/03/2019, Normen Wohner wrote:
> > I have now successfully installed OpenBSD
> > on my Netbook, however Graphics performance
> > is abysmal.
> > I know that sadly Linux uses binary blobs for
> > the GMA500 as it is a licensed Powervr chip.
> > Any idea on how to "maybe" get faster graphics
> > working?
> > I'm willing to do the legwork.
> >
>
> I assume you've tried fw_update to attempt from firmware.openbsd.org ?!
>
> As it is not listed in man 4 intel (don't know how up to date that is)
> maybe someone is already porting the firmware driver from freebsd.
> Otherwise I'd guess you would have to port a linux driver yourself.
>
> Best Wishes
>
There is a GPLv2 driver in linux.
"experimental 2D KMS framebuffer driver for the Intel GMA500 ('Poulsbo')
and other Intel IMG based graphics devices"
No one is looking at adding support for obscure Intel PowerVR parts from
over ten years ago with no documentation and incomplete and badly
licensed code. Running fw_update won't change that.
Re: GMA500 drivers
On 23/03/2019, Normen Wohner wrote: > I have now successfully installed OpenBSD > on my Netbook, however Graphics performance > is abysmal. > I know that sadly Linux uses binary blobs for > the GMA500 as it is a licensed Powervr chip. > Any idea on how to "maybe" get faster graphics > working? > I'm willing to do the legwork. > I assume you've tried fw_update to attempt from firmware.openbsd.org ?! As it is not listed in man 4 intel (don't know how up to date that is) maybe someone is already porting the firmware driver from freebsd. Otherwise I'd guess you would have to port a linux driver yourself. Best Wishes
Re: FDE with keydrive imponderabilities
Hi, I wonder if you’re not using fdisk for an MBR setup and disklabel for GPT. Why won’t you use 64 as the starting offset of the RAID partition ? -- Envoyé de mon iPhone > Le 22 mars 2019 à 23:26, Normen Wohner a écrit : > > I thought you might be able to help me with a setup concerning > Full Disk Encryption on OpenBSD 6.4 where I am at my whits end. > I am trying to install on a Sony Vaio VPC P11S1E netbook. > It is a 32-bit x86 machine with an internal SSD and SD card reader. > > During boot of the installer my internal disk shows up as wd0. > I have no Idea why it would be IDE but be that as it may. > Plugging in any USB drive shows as sd0 while the SD card-reader > shows two devices, respectively some controller on sd0 and the > actual drive on sd1. > > I really hope to find anything else I could try. > > What I have tried thus far. > booting into the installer, > once everything is in ramdisk is at the Install > etc. prompt I unplug the boot USB and proceed with: > > (S)hell > > > # dd if=/dev/zero of=/dev/wd0 bs=1m count=8 > to erase previous RAID attempt > > # fdisk -iy wd0 > # disklabel -E wd0 >> z >> a a > offset: [64] 1024 > size: [n] > FS type: [4.2BSD] RAID >> w >> q > returns: 'No label changes.' > > # cd /dev > # sh MAKEDEV sd1 > # sh MAKEDEV sd2 > # cd / > > after that either > Route 1: > plugging in SD card > > # fdisk -iy sd1 > # disklabel -E sd1 >> z >> a a > offset: [64] 1024 > size: [n] 1m > FS type: [4.2BSD] RAID >> w >> q > returns: 'No label changes.' > > # dd if=/dev/random of=/dev/sd1a > > # bioctl -c C -k sd1a -l wd0a softraid0 > returns: 'Error sd1 did not quit correctly' > > > This Error remains consistend between boots, > even after restarting to the Installer > > alternatively > Route 2: > plugging in USB stick > # fdisk -iy sd0 > # disklabel -E sd0 >> z >> a a > offset: [64] 1024 > size: [n] 1m > FS type: [4.2BSD] RAID >> w >> q > returns: No label changes. > > # dd if=/dev/random of=/dev/sd0a > > # bioctl -c C -k sd0a -l wd0a softraid0 > returns: softraid0: CRYPTO volume attached as sd2 > #exit > (I)nstall to sd2 > ... > hangs in BIOS after reboot whenever > the Keydrive is plugged in. >
