Re: Max Speed: configuration in smnpd.conf for display in mrtg

2019-08-28 Thread Stuart Henderson 
On 2019-08-26, Daniel Ouellet  wrote:
> Thanks Stuart,
>
> I guess I had the right oid before, but the fact that is doesn't allow
> the replacement always give me a fail at restart, I assume I wasn't
> using the right oid.
>
> Oh well.
>
> Doing the max speed in mrtg is possible, sure ,but as I have to many
> routers that do change a lot as new customers are added or removed, it
> was a lot simpler to do it in the actual router then trying to always go
> back and over write the final configuration or mrtg each time.

Can the mrtg config not just be generated by whatever is generating router 
configs?

SAD ( pkg_add does linux like stuff ie: not working, no explanation )

2019-08-28 Thread sven falempin 
Maybe obvious ? if so why no message from the software ?

[0]-[web]-[/var/www/logs]
# pkg_add php_curl
quirks-3.124 signed on 2019-04-15T12:10:16Z
Can't find php_curl
[0]-[web]-[/var/www/logs]
# cat /etc/installurl
http://cdn.openbsd.org/pub/OpenBSD

But

[0]-[web]-[/var/www/logs]
# curl --head
https://cdn.openbsd.org/pub/OpenBSD/6.5/packages/amd64/php-curl-7.2.17.tgz
HTTP/2 200
server: nginx
content-type: application/octet-stream
last-modified: Mon, 15 Apr 2019 12:09:10 GMT
etag: "5cb47466-8e35"
backend-name: 5GnZ0LBU5CzDw9NCjFbkjI--F_ftp_hostserver_de
accept-ranges: bytes
date: Wed, 28 Aug 2019 14:01:52 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-cdg20753-CDG
x-cache: MISS
x-cache-hits: 0
x-timer: S1567000912.203130,VS0,VE54
content-length: 36405
[0]-[web]-[/var/www/logs]
# date
Wed Aug 28 04:07:24 CEST 2019

LIKE WHY PLEASE ?


-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: SAD ( pkg_add does linux like stuff ie: not working, no explanation )

2019-08-28 Thread Joe Gidi 


> Maybe obvious ? if so why no message from the software ?
>
> [0]-[web]-[/var/www/logs]
> # pkg_add php_curl
> quirks-3.124 signed on 2019-04-15T12:10:16Z
> Can't find php_curl
> [0]-[web]-[/var/www/logs]
> # cat /etc/installurl
> http://cdn.openbsd.org/pub/OpenBSD
>
> But
>
> [0]-[web]-[/var/www/logs]
> # curl --head
> https://cdn.openbsd.org/pub/OpenBSD/6.5/packages/amd64/php-curl-7.2.17.tgz
> HTTP/2 200
> server: nginx
> content-type: application/octet-stream
> last-modified: Mon, 15 Apr 2019 12:09:10 GMT
> etag: "5cb47466-8e35"
> backend-name: 5GnZ0LBU5CzDw9NCjFbkjI--F_ftp_hostserver_de
> accept-ranges: bytes
> date: Wed, 28 Aug 2019 14:01:52 GMT
> via: 1.1 varnish
> age: 0
> x-served-by: cache-cdg20753-CDG
> x-cache: MISS
> x-cache-hits: 0
> x-timer: S1567000912.203130,VS0,VE54
> content-length: 36405
> [0]-[web]-[/var/www/logs]
> # date
> Wed Aug 28 04:07:24 CEST 2019
>
> LIKE WHY PLEASE ?

Maybe because underscores (_) are not the same as dashes (-)?


-- 

Joe Gidi
j...@entropicblur.com

"You cannot buy skill." -- Ross Seyfried

Re: SAD ( pkg_add does linux like stuff ie: not working, no explanation )

2019-08-28 Thread Antal Ispanovity 
2019-08-28 16:04 GMT+02:00, sven falempin :
> Maybe obvious ? if so why no message from the software ?
>
> [0]-[web]-[/var/www/logs]
> # pkg_add php_curl
> quirks-3.124 signed on 2019-04-15T12:10:16Z
> Can't find php_curl

it says the truth, there is no php_curl package.
try php-curl
(dash instead of underscore)

> [0]-[web]-[/var/www/logs]
> # cat /etc/installurl
> http://cdn.openbsd.org/pub/OpenBSD
>
> But
>
> [0]-[web]-[/var/www/logs]
> # curl --head
> https://cdn.openbsd.org/pub/OpenBSD/6.5/packages/amd64/php-curl-7.2.17.tgz
> HTTP/2 200
> server: nginx
> content-type: application/octet-stream
> last-modified: Mon, 15 Apr 2019 12:09:10 GMT
> etag: "5cb47466-8e35"
> backend-name: 5GnZ0LBU5CzDw9NCjFbkjI--F_ftp_hostserver_de
> accept-ranges: bytes
> date: Wed, 28 Aug 2019 14:01:52 GMT
> via: 1.1 varnish
> age: 0
> x-served-by: cache-cdg20753-CDG
> x-cache: MISS
> x-cache-hits: 0
> x-timer: S1567000912.203130,VS0,VE54
> content-length: 36405
> [0]-[web]-[/var/www/logs]
> # date
> Wed Aug 28 04:07:24 CEST 2019
>
> LIKE WHY PLEASE ?
>
>
> --
> --
> -
> Knowing is not enough; we must apply. Willing is not enough; we must do
>

Re: SAD ( pkg_add does linux like stuff ie: not working, no explanation )

2019-08-28 Thread Janne Johansson 
Den ons 28 aug. 2019 kl 16:06 skrev sven falempin :

> Maybe obvious ? if so why no message from the software ?
> # pkg_add php_curl
> [URLHERE] php-curl-7.2.17.tgz
>
> 
> LIKE WHY PLEASE ?
>

Given that the difference probably is - versus _ and that last sentence in
all caps, I'd say your problem is that the keyboard gives you shift or
CAPSLOCK at the wrong moments.

-- 
May the most significant bit of your life be positive.

What is you motivational to use OpenBSD

2019-08-28 Thread Mohamed salah 
I wanna put something in discussion, what's your motivational to use
OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
fine on openbsd and you love this os so much what will do?

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Raul Miller 
I would fix the issue, or use something else to get that done or
abandon that project.

(I am not sure why you would imagine that using OpenBSD implies not
using other operating systems. It's *because* I use other operating
systems that I like using OpenBSD.)

Thanks,

-- 
Raul

On Wed, Aug 28, 2019 at 10:41 AM Mohamed salah
 wrote:
>
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Christopher Turkel 
I use OpenBSD because it can do everything I want it to do and it’s easy to
use.

On Wednesday, August 28, 2019, Raul Miller  wrote:

> I would fix the issue, or use something else to get that done or
> abandon that project.
>
> (I am not sure why you would imagine that using OpenBSD implies not
> using other operating systems. It's *because* I use other operating
> systems that I like using OpenBSD.)
>
> Thanks,
>
> --
> Raul
>
> On Wed, Aug 28, 2019 at 10:41 AM Mohamed salah
>  wrote:
> >
> > I wanna put something in discussion, what's your motivational to use
> > OPENBSD what not other bsd's what not gnu/Linux, if something doesn't
> work
> > fine on openbsd and you love this os so much what will do?
>
>

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Mike 
On 8/28/2019 10:32 AM, Mohamed salah wrote:
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?
> 

I run a few different OS's here.  The reason I choose OpenBSD for the
tasks I use it for:

It just works.

It doesn't carry a lot of extra baggage.

It just works.

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Mohamed Fouad 
OpenBSD community is formed around the idea of doing things in a simple but
correct manner; the community also rejects all stupid ideas that many
others may accept because it is a bit more convenient. That's a good
community to learn from.

A community that got a good taste for sensible ideas.

On Wed, 28 Aug 2019, 11:42 Mohamed salah  I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?
>

Re: What is you motivational to use OpenBSD

2019-08-28 Thread U'll Be King of the Stars 

On 28/08/2019 15:32, Mohamed salah wrote:

I wanna put something in discussion, what's your motivational to use
OPENBSD what not other bsd's what not gnu/Linux
Of all the things that naturally pull me towards BSD, I can not think of 
anything that OpenBSD does better than the other BSD's.


Conversely OpenBSD is not very good at being a file server.  It's also 
not very good at SMP.  These issues have been known for a long time and 
it doesn't take much research to find out these facts when evalutation 
technologies for specific important use cases.  I understand that the 
SMP deficiencies are being worked on.  I don't know about the lack of 
file server functionality however.


In other words, I don't know how important it is for the OpenBSD project 
that it eventually becomes a top contender when evaluating an OS for a 
file server or NAS.


I also use NetBSD.  NetBSD and OpenBSD are both excellent and often I 
enjoy using NetBSD more.


I use OpenBSD for many reasons.  Here are a few, and many of them apply 
equally well to my use of NetBSD:


-   The /community/ of /any/ software that I have the luxury of choosing 
is a critical factor.  It is equally as important as the technology 
itself.  OpenBSD's community has been wonderful to work with.  I mostly 
interact on the the misc@openbsd.org mailing list and the #OpenBSD IRC 
channel on freenode.


-   Its out-of-the box pf firewall.  This has a LOT of community 
knowledge, which is a huge advantage.  Not only is this important to 
implement 100% correctly, but it's important that you understand all the 
relevant lurking unknowns so that you don't have false confidence in a 
misconfigured firewall.  This is one area where a large community of 
experts is extremely helpful.


-   I would prefer to use a simply configured OS instead of an appliance 
like OPNSence or pfSense.  I don't think they add much value.


However, if I was a network or security engineer in a large 
enterprise, I'd probaby be working very differently.  Based on my 
experiences working in large corporate enterprises so far, i.e., based 
on my observations, I'd probably be using an appliance from Cisco, 
Juniper, F5, etc.


This is not a negative point against choosing OpenBSD.  I've never 
been in a position of influence in a large, corporate enterprise's 
network division (I'm not a network engineer professionally).


It's an observation, not something I would /necessarily/ choose. 
To be fair, I have seen many amazing things that these expensive devices 
from Cisco, Juniper, and F5 can do too.


On the other hand the libre nature of OpenBSD is one its major 
benefits.  If you ever need to audit your security infrastructure then 
OpenBSD puts you in a good place right from the beginning.


-   OpenBSD's documentation is excellent.  Documentation is clear and 
complete.  Man pages exist and are meaningful.  In fact, I use OpenBSD's 
(and other *BSD's) coding standards and documentation style as a model 
for my own projects, even they have nothing in particular to do with *BSD.


-   OpenBSD has a concise base system that is understandable, learnable 
without too much congitive stress, and (usually) fast to install.


-   As somebody else has mentioned, they use OpenBSD precisely *because* 
they also use other operating systems.  It is the same for me.  It is 
important to learn how different OS'es do similar functions.  Moreover, 
I am starting to learn how to write my software to be more portable. 
Portable software is, by its nature, of a higher standard than software 
that runs only on GNU/Linux, for example.  I'm still a beginner as far 
as this is concerned.  It means expanding beyond *nix too.


(This blind adherence to "the Unix philosophy" as though its 
superiority in OS design is axiomatically true has had a negative effect 
on the collective imagination of many people.)


-   OpenBSD runs on architectures other than x86_64 that I am interested 
in.  For example, PowerPC-based Apple Macintosh systems and SPARC-based 
systems.  This ties in intimimately with my previous point re: support 
of architectures.


Andrew
--
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Vivek Vinod 


I'm going to be hated for this But I don't feel like logging into my 
servers everyday to check if all is well. Some (*BSDs) I've not logged into for 
years and also forgotten my passwords. 

With OpenBSD on public IPs, I'm safe(r) than the GNU/Linux (worst offender) or 
Windows (2nd worst) or FreeBSD (1 incident in 3 years) counterparts. 

Then again, I feel OpenBSD has made me start to question everything... which 
has led me to better work choices. 

Please excuse my brevity - Sent from my mobile



  Original Message  



From: mohamed.ahmed.fouad@gmail.com
Sent: 28 August 2019 9:34 PM
To: mohamed.a.sala...@gmail.com
Cc: misc@openbsd.org
Subject: Re: What is you motivational to use OpenBSD


OpenBSD community is formed around the idea of doing things in a simple but
correct manner; the community also rejects all stupid ideas that many
others may accept because it is a bit more convenient. That's a good
community to learn from.

A community that got a good taste for sensible ideas.

On Wed, 28 Aug 2019, 11:42 Mohamed salah  I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?
>

Re: What is you motivational to use OpenBSD

2019-08-28 Thread prx 
see : https://why-openbsd.rocks/fact/

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Dave Anderson 
On Wed, 28 Aug 2019, Mohamed salah wrote:

>I wanna put something in discussion, what's your motivational to use
>OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
>fine on openbsd and you love this os so much what will do?

The emphasis on security and correctness.

-- 
Dave Anderson

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Solene Rapenne 
On Wed, Aug 28, 2019 at 04:32:29PM +0200, Mohamed salah wrote:
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?

What I really like in the OpenBSD team is the ability to take correct
decisions and not trying to be consumer friendly or following a trend.

I say consumer friendly instead of user friendly, because OpenBSD _is_
user friendly, as far as you do your homeworks and learn how to read the
documentation. The system come with sane defaults and every user can
easily enjoy their own system for their own use.

Consumers don't want to think or make the effort.

Some of the decisions are the following:

Microphone on laptop?
disabled by default, change requires root

Webcam?
only for root by default

Disable SMT?
default setting

Sacrifice startup speed for security (randomization)?
done

The list could be extended with unmaintained code removal (tmpfs,
bluetooth, linux emulation etc...)

Those choices would be considered bold or even harmful to users on some
others systems I've been slightly involved.

But in the end, they are beneficial for the end user.

ldapd hangs/stalls

2019-08-28 Thread Allan Streib 
Running a rather busy ldapd host, and seeing some hangs in responses to
queries.

Some (possibly irrelevant) messages in /var/log/daemon

  Aug 28 12:47:51 ldap02 ldapd[39626]: filter type 5 not implemented
  Aug 28 12:48:19 ldap02 last message repeated 13 times
  Aug 28 12:49:41 ldap02 last message repeated 132 times

Are there some limits I should consider raising?

I have tried (as a guess) raising kern.somaxconn without much improvement.

Everything is at defaults right now.

$ doas sysctl -a
kern.ostype=OpenBSD
kern.osrelease=6.5
kern.osrevision=201905
kern.version=OpenBSD 6.5 (GENERIC.MP) #1: Mon May 27 18:27:59 CEST 2019

r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

kern.maxvnodes=41633
kern.maxproc=1310
kern.maxfiles=7030
kern.argmax=262144
kern.securelevel=1
kern.hostname=[redacted]
kern.hostid=0
kern.clockrate=tick = 1, tickadj = 40, hz = 100, profhz = 100, stathz = 100
kern.posix1version=200809
kern.ngroups=16
kern.job_control=1
kern.saved_ids=1
kern.boottime=Thu Jun 27 17:36:01 2019
kern.domainname=
kern.maxpartitions=16
kern.rawpartition=2
kern.maxthread=1950
kern.nthreads=122
kern.osversion=GENERIC.MP#1
kern.somaxconn=128
kern.sominconn=80
kern.nosuidcoredump=1
kern.fsync=1
kern.sysvmsg=1
kern.sysvsem=1
kern.sysvshm=1
kern.msgbufsize=98256
kern.malloc.buckets=16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072,262144,524288
kern.malloc.bucket.16=(calls = 108817 total_allocated = 768 total_free = 127 
elements = 256 high watermark = 1280 could_free = 0)
kern.malloc.bucket.32=(calls = 124260 total_allocated = 896 total_free = 419 
elements = 128 high watermark = 640 could_free = 81)
kern.malloc.bucket.64=(calls = 205096 total_allocated = 1728 total_free = 78 
elements = 64 high watermark = 320 could_free = 14)
kern.malloc.bucket.128=(calls = 429562 total_allocated = 1920 total_free = 234 
elements = 32 high watermark = 160 could_free = 52250)
kern.malloc.bucket.256=(calls = 79465 total_allocated = 544 total_free = 354 
elements = 16 high watermark = 80 could_free = 44064)
kern.malloc.bucket.512=(calls = 47604 total_allocated = 4320 total_free = 39 
elements = 8 high watermark = 40 could_free = 5737)
kern.malloc.bucket.1024=(calls = 1215544 total_allocated = 88 total_free = 10 
elements = 4 high watermark = 20 could_free = 0)
kern.malloc.bucket.2048=(calls = 1069269 total_allocated = 1060 total_free = 13 
elements = 2 high watermark = 10 could_free = 282412)
kern.malloc.bucket.4096=(calls = 114423 total_allocated = 68 total_free = 1 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.8192=(calls = 7233 total_allocated = 60 total_free = 2 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.16384=(calls = 4530 total_allocated = 7 total_free = 0 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.32768=(calls = 12 total_allocated = 10 total_free = 0 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.65536=(calls = 263551 total_allocated = 2 total_free = 0 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.131072=(calls = 2 total_allocated = 2 total_free = 0 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.262144=(calls = 0 total_allocated = 0 total_free = 0 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.bucket.524288=(calls = 3 total_allocated = 3 total_free = 0 
elements = 1 high watermark = 5 could_free = 0)
kern.malloc.kmemnames=free,,devbuf,,pcb,rtableifaddr,soopts,sysctl,counters,,ioctlops,iov,mount,,NFS_req,NFS_mount,,vnodes,namecache,UFS_quota,UFS_mount,shm,VM_map,sem,dirhash,ACPI,VM_pmapfile,file_desc,sigio,proc,subproc,VFS_cluster,,,MFS
_node,,,Export_Host,NFS_srvsock,,NFS_daemon,ip_moptions,in_multi,ether_multi,mrt,ISOFS_mount,ISOFS_node,MSDOSFS_mount,MSDOSFS_fat,MSDOSFS_node,ttys,exec,miscfs_mount,fusefs_mount,pfkey_data,tdb,xform_data,,pagedep,inodedep,newblk,,,indirdep,,,
,,VM_swap,,UVM_amap,UVM_aobj,,USB,USB_device,USB_HC,witness,memdesc,,,crypto_data,,IPsec_credsemuldata,ip6_options,NDP,,,temp,NTFS_mount,NTFS_node,NTFS_fnode,NTFS_dir,NTFS_hash,NTFS_attr,NTFS_data,NTFS_decomp,NTFS_vrun,kqueue,,SYN_
cache,UDF_mount,UDF_file_entry,UDF_file_id,,AGP_Memory,DRM
kern.malloc.kmemstat.free=(inuse = 0, calls = 0, memuse = 0K, limblocks = 0, 
mapblocks = 0, maxused = 0K, limit = 78644K, spare = 0, sizes = (none))
kern.malloc.kmemstat.devbuf=(inuse = 5883, calls = 2142582, memuse = 4849K, 
limblocks = 0, mapblocks = 0, maxused = 4857K, limit = 78644K, spare = 0, sizes 
= (16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072))
kern.malloc.kmemstat.pcb=(inuse = 98, calls = 23509, memuse = 25K, limblocks = 
0, mapblocks = 0, maxused = 27K, limit = 78644K, spare = 0, sizes = 
(16,32,128,1024,2048,4096))
kern.malloc.kmemstat.rtable=(inuse = 419, calls = 2142, memuse = 12K, limblocks 
= 0, mapblocks = 0, maxused = 12K, limit = 78644K, spare = 0, sizes = 
(16,32,64,128,256))
kern.ma

Re: ldapd hangs/stalls

2019-08-28 Thread Allan Streib 
Allan Streib  writes:

> Running a rather busy ldapd host, and seeing some hangs in responses to
> queries.


I see that fstat -u _ldapd always ends at FD 119 when the hang occurs:

[...]
_ldapd   ldapd  42641  112* internet stream tcp 0x0 172.16.0.169:389 <-- 
172.16.0.38:44708
_ldapd   ldapd  42641  113* internet stream tcp 0x0 172.16.0.169:389 <-- 
172.16.0.45:43392
_ldapd   ldapd  42641  114* internet stream tcp 0x0 172.16.0.169:389 <-- 
172.16.0.26:54300
_ldapd   ldapd  42641  115* internet stream tcp 0x0 172.29.202.69:389 <-- 
172.29.200.100:36250
_ldapd   ldapd  42641  116* internet stream tcp 0x0 172.29.202.69:389 <-- 
172.29.200.109:45362
_ldapd   ldapd  42641  117* internet stream tcp 0x0 172.29.202.69:389 <-- 
172.29.200.108:47864
_ldapd   ldapd  42641  118* internet stream tcp 0x0 172.29.202.69:389 <-- 
172.29.200.104:56746
_ldapd   ldapd  42641  119* internet stream tcp 0x0 172.29.202.69:389 <-- 
172.29.200.106:40436


I tried the following:

Gave _ldapd a login class of "ldap"

Added to login.conf:

ldap:\
:openfiles=512:\
:tc=daemon:

restart ldapd.

Still hangs with fstat output the same.

$ vmstat
 procsmemory   pagediskstraps  cpu
 r   s   avm fre  flt  re  pi  po  fr  sr sd0 sd1  int   sys   cs us sy id
 1  70   44M  22728M5   0   0   0   0   0   0   0   2579   84  0  0 100



$ netstat -m 
444 mbufs in use:
220 mbufs allocated to data
168 mbufs allocated to packet headers
56 mbufs allocated to socket names and addresses
180/520 mbuf 2048 byte clusters in use (current/peak)
0/30 mbuf 2112 byte clusters in use (current/peak)
0/64 mbuf 4096 byte clusters in use (current/peak)
0/72 mbuf 8192 byte clusters in use (current/peak)
0/42 mbuf 9216 byte clusters in use (current/peak)
0/50 mbuf 12288 byte clusters in use (current/peak)
0/40 mbuf 16384 byte clusters in use (current/peak)
0/16 mbuf 65536 byte clusters in use (current/peak)
4520/5008/524288 Kbytes allocated to network (current/peak/max)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Pierre Emeriaud 
Le mer. 28 août 2019 à 16:38, Mohamed salah
 a écrit :
>
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?

Almost everything I need is in base. Software (routing daemons, dns
servers, pf), and documentation (man pages, config examples) is here.
I can rely almost exclusively on this to get what I want to do, no
need to google for outdated howtos.

Re: ldapd hangs/stalls

2019-08-28 Thread Claudio Jeker 
On Wed, Aug 28, 2019 at 03:17:05PM -0400, Allan Streib wrote:
> Allan Streib  writes:
> 
> > Running a rather busy ldapd host, and seeing some hangs in responses to
> > queries.
> 
> 
> I see that fstat -u _ldapd always ends at FD 119 when the hang occurs:
> 
> [...]
> _ldapd   ldapd  42641  112* internet stream tcp 0x0 172.16.0.169:389 <-- 
> 172.16.0.38:44708
> _ldapd   ldapd  42641  113* internet stream tcp 0x0 172.16.0.169:389 <-- 
> 172.16.0.45:43392
> _ldapd   ldapd  42641  114* internet stream tcp 0x0 172.16.0.169:389 <-- 
> 172.16.0.26:54300
> _ldapd   ldapd  42641  115* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.100:36250
> _ldapd   ldapd  42641  116* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.109:45362
> _ldapd   ldapd  42641  117* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.108:47864
> _ldapd   ldapd  42641  118* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.104:56746
> _ldapd   ldapd  42641  119* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.106:40436
> 
> 
> I tried the following:
> 
> Gave _ldapd a login class of "ldap"
> 
> Added to login.conf:
> 
> ldap:\
> :openfiles=512:\
> :tc=daemon:
> 
> restart ldapd.
> 
> Still hangs with fstat output the same.
> 

I guess the problem is in the error handling of one of the filter codes
which leaks an fd. At least I suspect that the error message about filter
type is suggesting that.

-- 
:wq Claudio

Re: Max Speed: configuration in smnpd.conf for display in mrtg

2019-08-28 Thread Daniel Ouellet 
On 8/28/19 5:44 AM, Stuart Henderson wrote:
> On 2019-08-26, Daniel Ouellet  wrote:
>> Thanks Stuart,
>>
>> I guess I had the right oid before, but the fact that is doesn't allow
>> the replacement always give me a fail at restart, I assume I wasn't
>> using the right oid.
>>
>> Oh well.
>>
>> Doing the max speed in mrtg is possible, sure ,but as I have to many
>> routers that do change a lot as new customers are added or removed, it
>> was a lot simpler to do it in the actual router then trying to always go
>> back and over write the final configuration or mrtg each time.
> 
> Can the mrtg config not just be generated by whatever is generating router 
> configs?

Nope. Way more Cisco routers and time to time changes are done on
increase access based on new contracts.

If it was simple and possible it would have been done long ago.

I am just not sure why the bandwidth command on Cisco allow to use the
effective bandwidth oppose to be fix on the interface bandwidth and
snmpd doesn't allow to overwrite the same things.

The fact that it is possible may not be an RFC fix things in the OID
definitions, but it is what it is.

When I get some time I will look if I can change the snmpd to may be
allow it or not.

For now every time this apply I manually changes it.

Not the end of the world, just very annoying, but I can deal with it.

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Daniel Ouellet 
On 8/28/19 10:32 AM, Mohamed salah wrote:
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?

- Simplicity.
- Clean
- Lean and Slim
- Work as advertise
- Secure

And the most important fact a few decades ago got me turn to OpenBSD
without ever turning back is the man page.

I can't say how many times I wasted trying to figure out how to get shit
working on other Linux flavors and simply give up.

I have to say I am short of time and anything that make me save some it
a plus for me. So when I discover OpenBSD totally by mistake, I never
look back.

My son tells me that some Linux have improved their man page some today,
but some to me mean nothing and I really could case less.

However searching for ever and reading a lots of stuff that you realize
simply doesn't apply drives me nuts.

I am sure the list is difference for everyone, instead of asking just
try it and see for yourself.

No one will know more then you what you are looking for or like.

Re: ldapd hangs/stalls

2019-08-28 Thread Allan Streib 
Claudio Jeker  writes:

> I guess the problem is in the error handling of one of the filter codes
> which leaks an fd. At least I suspect that the error message about filter
> type is suggesting that.

I guess a possibility. But why stopping at FD 119 in the fstat output? I
have several hundred hosts that might be connecting and issuing
queries. Feels to me more like a limit is being hit.

Allan

Re: Re :dhcrelay

2019-08-28 Thread Sebastian Benoit 
shadrock uhuru(niyal...@gmail.com) on 2019.08.25 17:14:48 +0100:
> > To:
> > shadrock uhuru 
> > CC:
> > misc@openbsd.org
> >
> >
> > shadrock uhuru(niyal...@gmail.com) on 2019.08.23 18:46:32 +0100:
> >> hi eveyone
> >> if i have a dhcp server in subnet A connected to interface em0 (lan) and
> >> subnet B connected to interface iwn0 (wireless zone) on the router
> >> with dhcrelay -i em0 running on the router should the wireless subnet be
> >> able?? to get its dhcp address from the dhcp server on the lan ?
> > No, you would need to run 
> >
> >dhcrelay -i iwn0 
> >
> > to do that.
> >
> > Subject:
> > Re: dhcrelay
> > From:
> > Sebastian Benoit 
> > Date:
> > 8/23/19, 10:12 PM
> >
> thank Sebastian
> i have two samba?? active domain controllers with dhcp installed on each,
> is it possible to do this
> 
> dhcrelay -i iwn0  

Yes.

But why did you not just read the manpage and try it out?

Re: ldapd hangs/stalls

2019-08-28 Thread Allan Streib 
Allan Streib  writes:

> I see that fstat -u _ldapd always ends at FD 119 when the hang occurs:
>
> [...]
> _ldapd   ldapd  42641  117* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.108:47864
> _ldapd   ldapd  42641  118* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.104:56746
> _ldapd   ldapd  42641  119* internet stream tcp 0x0 172.29.202.69:389 <-- 
> 172.29.200.106:40436
>
> I tried the following:
>
> Gave _ldapd a login class of "ldap"
>
> Added to login.conf:
>
> ldap:\
> :openfiles=512:\
> :tc=daemon:
>
> restart ldapd.
>
> Still hangs with fstat output the same.

OK I apparently misunderstand how login.conf works. I had assumed that
the above would give the "ldap" class an openfiles limit of 512 and
everything else as defined for the "daemon" class. My daemon entry
looked like this:

daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,a:\
:tc=default:

However apprently the daemon class openfiles-cur=128 was being enforced;
I changed that to 512 as a test, restarted ldapd, and now fstat is
showing around 170 FDs for _ldapd and that seems to be where it's
stabilizing, and the hangs are not occuring.

The login.conf man page says that tc "Interpolate/expands records from
corresponding login.conf. See getcap(3)."

What I'm seeing seems to indicate it's working backwards from what the
"Override resource limits" comment indicates above the bgpd and unbound
classes, which I used as a model, but maybe I'm missing something?

I include the entire login.conf below, with my current openfiles-cur
setting for the daemon class.

Allan





# $OpenBSD: login.conf,v 1.9 2017/02/06 18:11:33 sthen Exp $

#
# Sample login.conf file.  See login.conf(5) for details.
#

#
# Standard authentication styles:
#
# passwdUse only the local password file
# chpassDo not authenticate, but change users password (change
#   the YP password if the user has one, else change the
#   local password)
# lchpass   Do not login; change user's local password instead
# radiusUse radius authentication
# rejectUse rejected authentication
# skey  Use S/Key authentication
# activ ActivCard X9.9 token authentication
# cryptoCRYPTOCard X9.9 token authentication
# snk   Digital Pathways SecureNet Key authentication
# tis   TIS Firewall Toolkit authentication
# token Generic X9.9 token authentication
# yubikey   YubiKey authentication
#

# Default allowed authentication styles
auth-defaults:auth=passwd,skey:

# Default allowed authentication styles for authentication type ftp
auth-ftp-defaults:auth-ftp=passwd:

#
# The default values
# To alter the default authentication types change the line:
#   :tc=auth-defaults:\
# to be read something like: (enables passwd, "myauth", and activ)
#   :auth=passwd,myauth,activ:\
# Any value changed in the daemon class should be reset in default
# class.
#
default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin 
/usr/local/sbin:\
:umask=022:\
:datasize-max=768M:\
:datasize-cur=768M:\
:maxproc-max=256:\
:maxproc-cur=128:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
:localcipher=blowfish,a:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:

#
# Settings used by /etc/rc and root
# This must be set properly for daemons started as root by inetd as well.
# Be sure reset these values back to system defaults in the default class!
#
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-max=1024:\
:openfiles-cur=512:\
:stacksize-cur=8M:\
:localcipher=blowfish,a:\
:tc=default:

#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
:datasize-cur=1536M:\
:datasize-max=infinity:\
:maxproc-max=512:\
:maxproc-cur=256:\
:ignorenologin:\
:requirehome@:\
:tc=default:

#
# Authpf accounts get a special motd and shell
#
authpf:\
:welcome=/etc/motd.authpf:\
:shell=/usr/sbin/authpf:\
:tc=default:

#
# Building ports with DPB uses raised limits
#
pbuild:\
:datasize-max=infinity:\
:datasize-cur=4096M:\
:maxproc-max=1024:\
:maxproc-cur=256:\
:tc=default:

#
# Override resource limits for certain daemons started by rc.d(8)
#
bgpd:\
:openfiles=512:\
:tc=daemon:

unbound:\
:openfiles=512:\
:tc=daemon:

ldap:\
:openfiles=512:\
:tc=daemon:

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Edgar Pettijohn 
It's easy to upgrade. I'm never worried that upgrading will break something. As 
far as BSD's go it's the easiest to get a desktop going. Since x is in base you 
just have to do a few pkg_add's. And those packages will be built the way you 
expect 9 out of 10 times. 

Edgar
On Aug 28, 2019 3:37 PM, Daniel Ouellet  wrote:
>
> On 8/28/19 10:32 AM, Mohamed salah wrote:
> > I wanna put something in discussion, what's your motivational to use
> > OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> > fine on openbsd and you love this os so much what will do?
>
> - Simplicity.
> - Clean
> - Lean and Slim
> - Work as advertise
> - Secure
>
> And the most important fact a few decades ago got me turn to OpenBSD
> without ever turning back is the man page.
>
> I can't say how many times I wasted trying to figure out how to get shit
> working on other Linux flavors and simply give up.
>
> I have to say I am short of time and anything that make me save some it
> a plus for me. So when I discover OpenBSD totally by mistake, I never
> look back.
>
> My son tells me that some Linux have improved their man page some today,
> but some to me mean nothing and I really could case less.
>
> However searching for ever and reading a lots of stuff that you realize
> simply doesn't apply drives me nuts.
>
> I am sure the list is difference for everyone, instead of asking just
> try it and see for yourself.
>
> No one will know more then you what you are looking for or like.
>

Re: ldapd hangs/stalls

2019-08-28 Thread Edgar Pettijohn 


On Aug 28, 2019 5:39 PM, Allan Streib  wrote:
>
> Allan Streib  writes:
>
> > I see that fstat -u _ldapd always ends at FD 119 when the hang occurs:
> >
> > [...]
> > _ldapd   ldapd  42641  117* internet stream tcp 0x0 172.29.202.69:389 
> > <-- 172.29.200.108:47864
> > _ldapd   ldapd  42641  118* internet stream tcp 0x0 172.29.202.69:389 
> > <-- 172.29.200.104:56746
> > _ldapd   ldapd  42641  119* internet stream tcp 0x0 172.29.202.69:389 
> > <-- 172.29.200.106:40436
> >
> > I tried the following:
> >
> > Gave _ldapd a login class of "ldap"
> >
> > Added to login.conf:
> >
> > ldap:\
> > :openfiles=512:\
> > :tc=daemon:
> >
> > restart ldapd.
> >
> > Still hangs with fstat output the same.
>
> OK I apparently misunderstand how login.conf works. I had assumed that
> the above would give the "ldap" class an openfiles limit of 512 and
> everything else as defined for the "daemon" class. My daemon entry
> looked like this:
>
> daemon:\
>     :ignorenologin:\
>     :datasize=infinity:\
>     :maxproc=infinity:\
>     :openfiles-max=1024:\
>     :openfiles-cur=128:\
>     :stacksize-cur=8M:\
>     :localcipher=blowfish,a:\
>     :tc=default:
>
> However apprently the daemon class openfiles-cur=128 was being enforced;
> I changed that to 512 as a test, restarted ldapd, and now fstat is
> showing around 170 FDs for _ldapd and that seems to be where it's
> stabilizing, and the hangs are not occuring.
>
> The login.conf man page says that tc "Interpolate/expands records from
> corresponding login.conf. See getcap(3)."
>
> What I'm seeing seems to indicate it's working backwards from what the
> "Override resource limits" comment indicates above the bgpd and unbound
> classes, which I used as a model, but maybe I'm missing something?
>
> I include the entire login.conf below, with my current openfiles-cur
> setting for the daemon class.
>
> Allan
>
>
>
>
>
> # $OpenBSD: login.conf,v 1.9 2017/02/06 18:11:33 sthen Exp $
>
> #
> # Sample login.conf file.  See login.conf(5) for details.
> #
>
> #
> # Standard authentication styles:
> #
> # passwd    Use only the local password file
> # chpass    Do not authenticate, but change users password (change
> #   the YP password if the user has one, else change the
> #   local password)
> # lchpass   Do not login; change user's local password instead
> # radius    Use radius authentication
> # reject    Use rejected authentication
> # skey  Use S/Key authentication
> # activ ActivCard X9.9 token authentication
> # crypto    CRYPTOCard X9.9 token authentication
> # snk   Digital Pathways SecureNet Key authentication
> # tis   TIS Firewall Toolkit authentication
> # token Generic X9.9 token authentication
> # yubikey   YubiKey authentication
> #
>
> # Default allowed authentication styles
> auth-defaults:auth=passwd,skey:
>
> # Default allowed authentication styles for authentication type ftp
> auth-ftp-defaults:auth-ftp=passwd:
>
> #
> # The default values
> # To alter the default authentication types change the line:
> #   :tc=auth-defaults:\
> # to be read something like: (enables passwd, "myauth", and activ)
> #   :auth=passwd,myauth,activ:\
> # Any value changed in the daemon class should be reset in default
> # class.
> #
> default:\
>     :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin 
> /usr/local/sbin:\
>     :umask=022:\
>     :datasize-max=768M:\
>     :datasize-cur=768M:\
>     :maxproc-max=256:\
>     :maxproc-cur=128:\
>     :openfiles-max=1024:\
>     :openfiles-cur=512:\
>     :stacksize-cur=4M:\
>     :localcipher=blowfish,a:\
>     :tc=auth-defaults:\
>     :tc=auth-ftp-defaults:
>
> #
> # Settings used by /etc/rc and root
> # This must be set properly for daemons started as root by inetd as well.
> # Be sure reset these values back to system defaults in the default class!
> #
> daemon:\
>     :ignorenologin:\
>     :datasize=infinity:\
>     :maxproc=infinity:\
>     :openfiles-max=1024:\
>     :openfiles-cur=512:\
>     :stacksize-cur=8M:\
>     :localcipher=blowfish,a:\
>     :tc=default:
>
> #
> # Staff have fewer restrictions and can login even when nologins are set.
> #
> staff:\
>     :datasize-cur=1536M:\
>     :datasize-max=infinity:\
>     :maxproc-max=512:\
>     :maxproc-cur=256:\
>     :ignorenologin:\
>     :requirehome@:\
>     :tc=default:
>
> #
> # Authpf accounts get a special motd and shell
> #
> authpf:\
>     :welcome=/etc/motd.authpf:\
>     :shell=/usr/sbin/authpf:\
>     :tc=default:
>
> #
> # Building ports with DPB uses raised limits
> #
> pbuild:\
>     :datasize-max=infinity:\
>     :datasize-cur=4096M:\
>     :maxproc-max=1024:\
>     :maxproc-cur=256:\
>     :tc=default:
>
> #
> # Override resource limits for certain

Re: ldapd hangs/stalls

2019-08-28 Thread Allan Streib 
Edgar Pettijohn  writes:

> May need to use rcctl to change it's class to ldap.
>
> Untested:
> rcctl set ldapd class ldap

I will try that.

I had used usermod to set the class on the _ldapd user.

$ userinfo _ldapd
login   _ldapd
passwd  *
uid 100
groups  _ldapd
change  NEVER
class   ldap
gecos   LDAP Daemon
dir /var/empty
shell   /sbin/nologin
expire  NEVER

Re: ldapd hangs/stalls

2019-08-28 Thread Allan Streib 
Edgar Pettijohn  writes:

>
> May need to use rcctl to change it's class to ldap.
>
> Untested:
> rcctl set ldapd class ldap

Yes, that's it.

Only the class can't be changed with rcctl, it gives an error:

rcctl: "ldapd_class" is a read-only variable set in login.conf(5)

That gave me the clue that the class name in login.conf needs to be
"ldapd" not "ldap".

I changed that and now it's all working as expected.

Thanks!

Allan

Package -stable updates

2019-08-28 Thread Steven Shockley 
So, many thanks to everyone who put together the new -stable updates for
packages.  Is there a command I can put in the crontab that will only
output if there are updates?  Similar to what syspatch or openup does.
I tried pkg_add -unx, but that still tells me to delete old files and
prints the quirks line even if there are no updates.

OpenBSD 6.6 snapshot #262 - no USB mouse

2019-08-28 Thread dmitry.sensei 
The USB mouse has stopped working. Only the touchpad works



-- 
Dmitry Orlov
[34.414] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem
(Operation not permitted)
Check that you have set 'machdep.allowaperture=1'
in /etc/sysctl.conf and reboot your machine
refer to xf86(4) for details
[34.414]linear framebuffer access unavailable
[34.474] (--) Using wscons driver on /dev/ttyC4
[34.540] 
X.Org X Server 1.20.5
X Protocol Version 11, Revision 0
[34.540] Build Operating System: OpenBSD 6.6 amd64 
[34.540] Current Operating System: OpenBSD ORLOV-NB.sharifa.local 6.6 
GENERIC.MP#262 amd64
[34.540] Build Date: 28 August 2019  07:10:52PM
[34.540]  
[34.540] Current version of pixman: 0.38.4
[34.540]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[34.540] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[34.540] (==) Log file: "/var/log/Xorg.0.log", Time: Thu Aug 29 09:29:26 
2019
[34.564] (==) Using system config directory 
"/usr/X11R6/share/X11/xorg.conf.d"
[34.580] (==) No Layout section.  Using the first Screen section.
[34.580] (==) No screen section available. Using defaults.
[34.580] (**) |-->Screen "Default Screen Section" (0)
[34.580] (**) |   |-->Monitor ""
[34.604] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[34.604] (==) Automatically adding devices
[34.604] (==) Automatically enabling devices
[34.604] (==) Not automatically adding GPU devices
[34.611] (==) Max clients allowed: 256, resource mask: 0x1f
[34.940] (==) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
[34.941] (==) ModulePath set to "/usr/X11R6/lib/modules"
[34.941] (II) The server relies on wscons to provide the list of input 
devices.
If no devices become available, reconfigure wscons or disable 
AutoAddDevices.
[34.990] (II) Loader magic: 0xdc94ca7
[34.990] (II) Module ABI versions:
[34.990]X.Org ANSI C Emulation: 0.4
[34.990]X.Org Video Driver: 24.0
[34.990]X.Org XInput driver : 24.1
[34.990]X.Org Server Extension : 10.0
[35.017] (--) PCI:*(0@1:2:0) 8086:0166:103c:179c rev 9, Mem @ 
0xd400/4194304, 0xc000/268435456, I/O @ 0x4000/64
[35.018] (II) LoadModule: "glx"
[35.049] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[35.452] (II) Module glx: vendor="X.Org Foundation"
[35.452]compiled for 1.20.5, module version = 1.0.0
[35.452]ABI class: X.Org Server Extension, version 10.0
[35.453] (==) Matched modesetting as autoconfigured driver 0
[35.453] (==) Assigned the driver to the xf86ConfigLayout
[35.453] (II) LoadModule: "modesetting"
[35.453] (II) Loading /usr/X11R6/lib/modules/drivers/modesetting_drv.so
[35.496] (II) Module modesetting: vendor="X.Org Foundation"
[35.496]compiled for 1.20.5, module version = 1.20.5
[35.496]Module class: X.Org Video Driver
[35.496]ABI class: X.Org Video Driver, version 24.0
[35.496] (II) modesetting: Driver for Modesetting Kernel Drivers: kms
[35.514] (**) modeset(0): claimed PCI slot 0@1:2:0
[35.514] (II) modeset(0): using default device
[35.530] (II) modeset(0): Creating default Display subsection in Screen 
section
"Default Screen Section" for depth/fbbpp 24/32
[35.531] (==) modeset(0): Depth 24, (==) framebuffer bpp 32
[35.531] (==) modeset(0): RGB weight 888
[35.531] (==) modeset(0): Default visual is TrueColor
[35.531] (II) Loading sub module "glamoregl"
[35.531] (II) LoadModule: "glamoregl"
[35.544] (II) Loading /usr/X11R6/lib/modules/libglamoregl.so
[35.754] (II) Module glamoregl: vendor="X.Org Foundation"
[35.754]compiled for 1.20.5, module version = 1.0.1
[35.754]ABI class: X.Org ANSI C Emulation, version 0.4
[36.739] (II) modeset(0): glamor X acceleration enabled on Mesa DRI 
Intel(R) Ivybridge Mobile 
[36.739] (II) modeset(0): glamor initialized
[36.740] (II) modeset(0): Output LVDS-1 has no monitor section
[36.742] (II) modeset(0): Output VGA-1 has no monitor section
[36.744] (II) modeset(0): Output HDMI-1 has no monitor section
[36.751] (II) modeset(0): Output DP-1 has no monitor section
[36.753] (II) modeset(0): Output HDMI-2 has no monitor section
[36.756] (II) modeset(0): Output HDMI-3 has no monitor section
[36.756] (II) modeset(0): Output DP-2 has no monitor section
[36.756] (II) modeset(0): Output DP-3 has no

Re: Package -stable updates

2019-08-28 Thread Consus 
On 19:59 Wed 28 Aug, Steven Shockley wrote:
> So, many thanks to everyone who put together the new -stable updates for
> packages.  Is there a command I can put in the crontab that will only
> output if there are updates?  Similar to what syspatch or openup does.
> I tried pkg_add -unx, but that still tells me to delete old files and
> prints the quirks line even if there are no updates.

I use

0 7 * * * pkg_add -un | grep -v 'signed on'

and it works okay, no warnings about deleting old files.

Though removing quirks line would be nice.