Re: 6.6/packages/i386/SHA256.sig to be verified with 'openbsd-65-pkg.pub'?
On 10 Nov 2019, Stuart Henderson wrote: > On 2019-11-10, wrote: > > That doesn't seem right. Did you folks use the wrong key when signing > > the file, or is there a particular reason to do it this way that me's > > not aware of...? > > Thanks for the report, yes i386 (and mips64) had the wrong key. I guess > not many people are doing fresh installs on these. > > Re-signed packages should be available sometime soon, but there are no > changes to the package contents, there's no need to reinstall if you > already have them. > > > I did a fresh install on a Thinkpad i386 a couple of weeks ago and was very grateful to have it, so I hope it doesn't disappear any time soon. -- Anthony Campbellhttp://www.acampbell.uk
RE: 6.6/packages/i386/SHA256.sig to be verified with 'openbsd-65-pkg.pub'?
Morning, theo wrote: > wrote: > >> That doesn't seem right. Did you folks use the wrong key when signing >> the file, or is there a particular reason to do it this way that me's >> not aware of...? > > These files have now been replaced. Does it look right? Me's afraid not: SHA256.sig is now rather short, ending at the hash of aqsis-1.8.2p10.tgz (tried to fetch it from both ftp.eu and the CDN: same result). It's a bad week over here, too *sigh*. --zeur. -- Friggin' Machines!
Re: build error on octeon, 6.6
On 2019-11-08 14:38, Christian Groessler wrote: On 2019-11-08 14:15, Christian Groessler wrote: I've added 8GB swap, but am still getting the same error: I've noticed that my /tmp partition might be too small (64M). I'm going to reinstall with bigger /tmp (1GB) and try again... This fails as well, with the same error. Now I'm going to rebuild again, capturing the "make" output, and try to replicate the problem manually. regards, chris
Re: build error on octeon, 6.6
On 2019-11-08 14:50, Janne Johansson wrote: I wonder if this part is relevant: c++: error: unable to execute command Is there any permissions on /net that prevents execution? The complete line is: c++: error: unable to execute command: Segmentation fault I would have expected a "permission denied" error if there's a permission problem. I will try to execute the failing command manually to see if I can nail it down. regards, chris
10Gbit network work only 1Gbit
Hello @misc, We have an interesting problem, we run a lot of OpenBSD router/firewalls in many places. We have a larger network than our client, 300-400 local wired or wireless endpoint, 20+ VLAN, 20+ switches. Network structure: * Main switch - 2x Cisco Nexus 3k switch in HA mode (vPC dedicated 2x40Gbit Peer link, keepalive link) * access switch - 10+ Cisco 3750X + C3KX-SM-10G 10Gbit module. some 3750x stacked (2 or 3 switch) * Main and access switches have redundant 10Gbit fiber link (LACP) * when is possible jumbo frame is enabled (mtu 9000) Firewall/router: * 2x Dell 2950 - 2x Xeon X5460 (8 core), 8Gb Memory, 2x10Gbit SFP+ network card * redundant design - CARP, pfsync, ifstated, etc master-backup configuration * HP NC550SFP network card, oce driver (mtu 9000) * dual SFP+ port have LACP link to Nexus switches (2x10Gbit access link) - use openbsd trunk interface * all vlan used openbsd pseudo-device over trunk interface (VLANs not have have IP address, only up) * all network subnets defined in CARP interfaces, only managment VLAN have address on VLAN interface. * some vether virtual interface for VPN, DNS, etc ... * some tun and tap interface for VPN * enc interface for ipsec * one bridge interface for openVPN (during termination) * OpenBSD 6.3 64bit PF: * global block rule (block all) * ruleset-optimization none * optimization aggressive * reassemble no * block-policy drop * scrub enabled * antispoof enabled * regulating traffic between subnets with pf pass in/out rules * pf.conf currently 1500+ lines * the number of connections during the day in PF 10 000+ Problem: We see that network traffic is limited to 1Gbit on firewall. Not in one link, not IP-to-IP, to the whole firewall! example: * i make test traffic form VLAN 2 to VLAN 12 witch iperf. test PC-s have 1Gbit ethernet cards. Speed is okay, ~800Mbit/sec * i make anoter traffic from VLAN 2 to VLan20 with iperf, from another PC-s (they also have 1gbit ethernet cards) speed is not good! ~60-80Mbit/sec * if i stopped first speed test (2->12), second test speed is okay! (2->20) * but i make test from completely different VLANs, 2->12 and 20->30, the result is so. This is firewall (openbsd) limitation, but we don't understand why? I know openbsd VLAN interface has a speed problem, this is it? I know it's so difficult to make a mistake from some information, what should we look at? -- Üdvözlettel, Szél Gábor WanTax Kft. tel.: +36 20 3838 171 fax: +36 82 357 585 email: gabor.s...@wantax.hu web: http://wantax.hu web: http://halozatom.hu
Re: build error on octeon, 6.6
Somewhere in his error output it says: Target: mips64-unknown-openbsd6.6 This would not work with octeon AFAIK. Maybe this is the reason the build fails ? It would at least make sense regarding the "unable to execute command" message. On Fri, 2019-11-08 at 14:50 +0100, Janne Johansson wrote: > I wonder if this part is relevant: > c++: error: unable to execute command > > Is there any permissions on /net that prevents execution? > > I seems it wants to run stuff from here: > > ... > *** Error 254 in > /net/sirius/temp/routie-build/6.6/src/gnu/usr.bin/clang/libLLVM > (:67 'AMDGPUTargetMachine.o': @c++ -O2 -pipe -...) > *** Error 1 in /net/sirius/temp/routie-build/6.6/src/gnu/usr.bin/clang > > > > I've noticed that my /tmp partition might be too small (64M). I'm going > > to reinstall with bigger /tmp (1GB) and try again... > > > >
Unison on 6.6 - compatibility
I just fired up a 6.6/amd64 host that I will use to replace an existing 6.5/amd64 remote fileserver. I've been using Unison to synch files between this remote server and a Windows fileserver. It seems with the bump to OCAML 4.09 Unison is throwing an error, "input_value: ill-formed message", when trying to sync the hosts. From my reading, this is the result of OCAML version mismatches. I've tried various combinations of Unison on both ends to no avail. The latest Windows binary I have is compiled with OCAML 4.0.7. It seems my options are, + Keep the host at 6.5 (until Unison Window's binaries catch up.) + Compile Unison on Windows with a compatible OCAML. + Build Unison on 6.6 with a lower OCAML version (4.07 seems to work.) Any advice would be appreciated. -Steve S.
Re: Unison on 6.6 - compatibility
On Mon 11/11/2019 14:31, Steven Surdock wrote: > I just fired up a 6.6/amd64 host that I will use to replace an existing > 6.5/amd64 remote fileserver. I've been using Unison to synch files between > this remote server and a Windows fileserver. It seems with the bump to OCAML > 4.09 Unison is throwing an error, "input_value: ill-formed message", when > trying to sync the hosts. From my reading, this is the result of OCAML > version mismatches. I've tried various combinations of Unison on both ends > to no avail. The latest Windows binary I have is compiled with OCAML 4.0.7. > It seems my options are, > > + Keep the host at 6.5 (until Unison Window's binaries catch up.) > + Compile Unison on Windows with a compatible OCAML. > + Build Unison on 6.6 with a lower OCAML version (4.07 seems to work.) > > Any advice would be appreciated. Ports related questions belong on ports@. That said: $ cat /usr/local/share/doc/pkg-readmes/unison $OpenBSD: README,v 1.4 2019/09/22 18:29:54 chrisz Exp $ +--- | Running unison on OpenBSD +--- Unison uses native OCaml marshalling in its prococol. This means that unison might not work when the OCaml versions of two instances are out of sync. One way to work around this limitation of unison is to use the OPAM OCaml package manager to build unison with the same version of the OCaml compiler on all machines: doas pkg_add opam OPAMROOT=~/opam_unison opam init --no-setup --compiler ocaml-base-compiler.4.09.0 opam install unison lablgtk # To build without the gui, remove lablgtk $(opam var bin)/unison
FU: RE: 6.6/packages/i386/SHA256.sig to be verified with 'openbsd-65-pkg.pub'?
Evening, mewrote: > theo wrote: >> >> These files have now been replaced. Does it look right? > > Me's afraid not: SHA256.sig is now rather short, ending at the hash of > aqsis-1.8.2p10.tgz (tried to fetch it from both ftp.eu and the CDN: same > result). ...which now appears to have been fixed. Thanks! --zeurkous. -- Friggin' Machines!
Re: 10Gbit network work only 1Gbit
... > Firewall/router: ... > * OpenBSD 6.3 64bit ... I recommend updating to a modern version of OpenBSD before spending time investigating the issue further.
Re: 10Gbit network work only 1Gbit
On 11.11.2019. 13:42, Szél Gábor wrote: > Hello @misc, > Hi, > We have an interesting problem, we run a lot of OpenBSD router/firewalls > in many places. > > We have a larger network than our client, 300-400 local wired or > wireless endpoint, 20+ VLAN, 20+ switches. > Network structure: > > * Main switch - 2x Cisco Nexus 3k switch in HA mode (vPC dedicated > 2x40Gbit Peer link, keepalive link) > * access switch - 10+ Cisco 3750X + C3KX-SM-10G 10Gbit module. > some 3750x stacked (2 or 3 switch) > * Main and access switches have redundant 10Gbit fiber link (LACP) > * when is possible jumbo frame is enabled (mtu 9000) > > Firewall/router: > > * 2x Dell 2950 - 2x Xeon X5460 (8 core), 8Gb Memory, 2x10Gbit SFP+ > network card hardware is really old, if you can, buy something newer > * redundant design - CARP, pfsync, ifstated, etc master-backup> > configuration > * HP NC550SFP network card, oce driver (mtu 9000) if you can change oce with ix. ixl is not so bad .. . > * dual SFP+ port have LACP link to Nexus switches (2x10Gbit access > link) - use openbsd trunk interface > * all vlan used openbsd pseudo-device over trunk interface (VLANs not > have have IP address, only up) update to openbsd 6.6 or snapshot and insted of trunk use aggr. why vlan interfaces don't have ip address ? > * all network subnets defined in CARP interfaces, only managment VLAN > have address on VLAN interface. who is parent interface for carp ? > * some vether virtual interface for VPN, DNS, etc ... vether implies that you have bridge? bridge is slow.. > * some tun and tap interface for VPN > * enc interface for ipsec ipsec is performance killer big time ... even for traffic that doesn't go through ipsec tunnel .. if you can move ipsec or any vpn stuff to other boxes that you speed up your firewalls ... > * one bridge interface for openVPN (during termination) vether is in that bridge? > * OpenBSD 6.3 64bit please, update boxes regularly.. you have carp and pfsync, you can do that without any problem .. > > PF: > > * global block rule (block all) > * ruleset-optimization none > * optimization aggressive > * reassemble no > * block-policy drop > * scrub enabled > * antispoof enabled > * regulating traffic between subnets with pf pass in/out rules > * pf.conf currently 1500+ lines > * the number of connections during the day in PF 10 000+ > > Problem: > > We see that network traffic is limited to 1Gbit on firewall. Not in one > link, not IP-to-IP, to the whole firewall! > yes ... ipsec, trunk, pf are for whole firewall .. and even if you have fastest box in the world you will not get performance that you want .. > example: > > * i make test traffic form VLAN 2 to VLAN 12 witch iperf. > test PC-s have 1Gbit ethernet cards. > Speed is okay, ~800Mbit/sec > * i make anoter traffic from VLAN 2 to VLan20 with iperf, from another > PC-s > (they also have 1gbit ethernet cards) > speed is not good! ~60-80Mbit/sec > * if i stopped first speed test (2->12), second test speed is okay! > (2->20) > * but i make test from completely different VLANs, 2->12 and 20->30, > the result is so. if you disable pf on vlan intefaces (set skip on vlan2/vlan12) do you get better performace? and after that for disable ipsec and try testing again... do you see differences ? > This is firewall (openbsd) limitation, but we don't understand why? > > I know openbsd VLAN interface has a speed problem, this is it? not in OpenBSD 6.6 > I know it's so difficult to make a mistake from some information, what > should we look at? > OpenBSD is great router and firewall that can do so much for you .. but please you really need to rethink your hardware and setup ..
Re: 10Gbit network work only 1Gbit
> * OpenBSD 6.3 64bit Oh come on.
Re: After sysupgrade to 6.6 from 6.5, xfce display alternates between desktop and app
"Jon Fineman" wrote: > So I read through the two threads below which both point to the third link > about xfwm4 composter. > I am not sure if I have the exact same issue. While you could say my screen > flickers - what it really > does is randomly (to my eyes) show the desktop and then show any open apps I > might have while hiding > the title bar. If I click around or move the cursor around the title bar area > it will alternate between the desktop > and apps. If I leave the display alone every 1-4 seconds the display will > flip. > > Via .xsessions turning the composter off or setting it to xpresent freezes > the screen to show just > the desktop. Clicking doesn't change the view or bring forward or hide any > apps. > However I found if I switch to a non XFCE tty and back the display will > change to what I tried to click on. > > Any thoughts on what I might experiment with or investigate further? > > Thanks. > > Jon > > I was able to resolve this. I turned off the compositor via the GUI. I added this section in /etc/X11.xorg.conf to force TearFree: Section "Device" Identifier "graphicsdriver" Driver "AMDGPU" Option "TearFree" "true" EndSection
