Re: unable to restart nsd with doas
I am soo sorry for the noise. doas works as expected, my tar command just exited silently with an error and rcctl never run as it should. So sorry for the noise, for the history archives, doas works as expected! Am 10.02.2021 um 19:25 schrieb Leo Unglaub: Hey, i have a problem restarting nsd from a script that is run as doas. I have read the man page of doas several times, but i dont understand what i am doing wrong. Maybe someone of you could help me out. That would be so nice. My problem is": I have a script called "worker" and i invoce that script via doas sh /home/leo/bin/worker The script looks like this: #!/bin/sh tar xf /tmp/queue.tar -C /var/nsd/zonefiles/master rcctl restart nsd The tar command gets successfully executed as root and the files get extracted fine. But the rcctl command does not restart nsd. It just does nothing. Like it is not executed as root. Do you know what i am doing wrong here? My /etc/doas.conf looks like this: permit nopass leo as root cmd sh args /home/leo/bin/worker I am sure i am doing a very simple mistake here. But i cannot figure out what i am doing wrong. Could someone of you please be so kind to send me to the right direction? Thanks so much and greetings Leo
Re: acme-client error: unknown SAN entry
On Sun, Feb 7, 2021 at 4:49 PM Stuart Henderson wrote: > On 2021-02-07, David Higgs wrote: > > acme-client: /etc/ssl/primary.example.com.crt: unknown SAN entry: > > alternate.example.com > > acme-client: bad exit: revokeproc(55821): 1 > > > > (My real domain is legitimate, and not example.com.) > > > > I recently decommissioned one of the aliases for my servers, but my > nightly > > acme-client run threw an error. Although I removed the alias from > > acme-client.conf, it is obviously still present in my certificate and > seems > > to be confusing the renewal process. > > > > Does anyone know how to resolve this? I tried force-renewal (-F) without > > success but haven't tried revoking yet. Is it possible to fix without > > revocation? > > > > Thanks. > > > > --david > > > > Update to -current, or move /etc/ssl/primary.example.com.crt out the way. > For the archives: I moved the cert as suggested, manually ran my nightly script, and everything worked great. Thanks! --david
Re: httpd, PHP7.4, phpIPAM, MariaDB
Thanks for the info. I really appreciate it! On Wed, Feb 10, 2021 at 1:46 PM Stuart Henderson wrote: > On 2021/02/10 11:32, Jesse Barton wrote: > > After fully reading the /usr/local/share/doc/pkg-readmes/php-7.4 readme > I found that > > there is a third party package called pecl-libsodium so I searched for > that in openports.se and > > tried installing it > > but had no luck. I also noticed there is a pecl-mcrypt > https://openports.se/security/ > > pecl-mcrypt > > So I tried installing that also with no success. Am I missing something? > > Those examples are outdated, libsodium is in PHP core now, and as they're > now built for the various PHP versions the packages are renamed to > pecl7X-foo. > > > - various useful third-party extensions from the PECL repository have > > also been packaged. Examples include pecl-memcache (for use with > > sysutils/memcached), pecl-imagick (image manipulation using ImageMagick), > > pecl-libsodium (a wrapper for the libsodium cryptographic library), etc. > > I'll fix that for -current but won't pull it back to -stable until the > next PHP version update. >
Re: pkg_add and an authenticating proxy
try using a different command to fetch packages. take a look at man pkg_add(1) FETCH_CMD I just ran into this issue at work. I dug into fetch.c to see what it would take to extend system ftp, but ran out of cycles On Wed, Feb 10, 2021 at 2:27 PM Stephan Mending wrote: > > Hi, > I was wondering if there was any way on how to allow pkg_add to use an > authenticating http-proxy ? Unluckily I cannot > find any documentation on the matter. > > Thanks alot so far. > > Best regards, > Stephan
Re: home printer
Thanks for the analysis Ian. On Wed, Feb 10, 2021 at 8:53 AM ropers wrote: > I reject the insinuation that only blackmailers need anonymous speech. > Reality Winner is but one example to the contrary. > Without anonymous speech, there can be no free speech. > > People might deem it a no-brainer that "They" would do something like > this, but the real no-brainer is understanding that printer > steganography and the secrecy surrounding it are corrosive to > democracy, honest commerce and the rule of law. > > In any honest commercial transaction, the customer would be informed > prior to the sale about the presence of any anti-features. Especially > when those anti-features enable a government-driven privacy invasion > or warrantless metadata surveillance. The U.S. Constitution in > particular especially protects PAPERS and effects. > > In any non-kangaroo court, evidence obtained by secret mechanisms > mandated by secret laws would be inadmissible. > > Obvious technical feasibility does not entitle hackers to do whatever > they want, and neither can, under any reasonable rule of law, > governments be allowed to do whatever they want just because they > perceive some advantage to doing it, and just because they can get > away with it for a while. > > Democracies understand that the people are more trustworthy than > concentrated power, which is why democracies have the people hold > governments in check. > Tyrannies are the opposite, and have governments hold the people in check. > > Under any non-tyrannical government of laws, the introduction of > printer steganography, if carried out, would not have been secret to > start with. > In a free society, this would have been a matter of public debate, > giving the people a chance to reject the intrusion before its > introduction, and a chance to know what rules they are operating under > and what world they are living in. > > Printer steganography is the kind of chain most people will only > notice once they move and start exercising their rights. If you're > only free because you don't dissent, you're not free. > > --Ian > >
Zotac 880GITX-A-E amd64 Onboard NEC USB3 does not work.
Hi, My main OpenBSD system is a Mini-ITX PC that I built myself using the Zotac 880GITX-A-E amd64 AM3 motherboard. It is running an AMD Phenom II X2 555 processor and AMD RS880 / RS780 chipset. The onboard NEC USB3 PCI-E chip does not work. I have tested it with a Samsung M3 1TB external USB3 HDD. I have been unable to use this hard drive with any version of OpenBSD from 6.1 to 6.8 on USB3. The drive works fine plugged into a USB2 port. The drive powers up but is undetected by usbdevs or dmesg. USB3 is enabled in the system BIOS / UEFI. dmesg, pcidump and usbdevs below: OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8304394240 (7919MB) avail mem = 8037658624 (7665MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f800 (49 entries) bios0: vendor American Megatrends Inc. version "080015" date 04/13/2011 bios0: ZOTAC RS880P acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB SRAT HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE7(S4) PCE9(S4) PCEA(S4) SBAZ(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4) UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X2 555 Processor, 3200.42 MHz, 10-04-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: AMD erratum 721 detected and fixed cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Phenom(tm) II X2 555 Processor, 3200.00 MHz, 10-04-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu1: AMD erratum 721 detected and fixed cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus -1 (PCE2) acpiprt3 at acpi0: bus -1 (PCE3) acpiprt4 at acpi0: bus 2 (PCE4) acpiprt5 at acpi0: bus -1 (PCE5) acpiprt6 at acpi0: bus 4 (PCE7) acpiprt7 at acpi0: bus -1 (PCE9) acpiprt8 at acpi0: bus -1 (PCEA) acpiprt9 at acpi0: bus -1 (PE20) acpiprt10 at acpi0: bus -1 (PE21) acpiprt11 at acpi0: bus -1 (PE22) acpiprt12 at acpi0: bus -1 (PE23) acpiprt13 at acpi0: bus 3 (PCE6) acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 acpibtn0 at acpi0: PWRB acpicpu0 at acpi0: C1(@1 halt!), PSS acpicpu1 at acpi0: C1(@1 halt!), PSS cpu0: 3200 MHz: speeds: 3200 2500 2100 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD RS880 Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "AMD RS780 PCIE" rev 0x00 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 5 function 0 "ATI Radeon HD 4250" rev 0x00 drm0 at radeondrm0 radeondrm0: apic 2 int 18 azalia0 at pci1 dev 5 function 1 "ATI Radeon HD 4200 HD Audio" rev 0x00: msi azalia0: no supported codecs ppb1 at pci0 dev 4 function 0 "AMD RS780 PCIE" rev 0x00: msi pci2 at ppb1 bus 2 athn0 at pci2 dev 0 function 0 "Atheros AR9285" rev 0x01: apic 2 int 16 athn0: AR9285 rev 2 (1T1R), ROM rev 14, address e0:b9:a5:60:58:7e ppb2 at pci0 dev 6 function 0 "AMD RS780 PCIE" rev 0x00: msi pci3 at ppb2 bus 3 re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:01:2e:38:d8:06 rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ppb3 at pci0 dev 7 function 0 "AMD RS780 PCIE" rev 0x00: msi pci4 at ppb3 bus 4 xhci0 at pci4 dev 0 function 0 "NEC xHCI" rev 0x03: msi, xHCI 0.96 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "NEC xHCI root hub" rev 3.00/1.00 addr 1 ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int 19, AHCI 1.2 ahci0: port
Re: Installation overwritten... Accidental disklabel and newfs
Thanks for the answers. I will make a note of this command. I have now installed 6.8 and am gradually getting my settings and software back. Regards Ed Gray https://www.linkedin.com/in/ed-gray-55079422 On Wed, 10 Feb 2021 at 19:25, Ian Darwin wrote: > > The device nodes don't exist until the install or upgrade program detects > > the disk and creates them. > > > > Likewise for wd0 as although outdated for ahci disks. > > > > Dmesg identifies the disk as: > > sd0 at scsibus0 targ0 lun0 ATA ST1000DM003... > > sd0 953869mb > > > > This is why I had to run the install program and accidentally went too > far. > > > > It would be helpful to be able to use disklabel and other tools such as > > newfs, growfs without running through the installer. > > > When booted into the installer, just do CTRL/C to kill the install script > Then do: > cd /dev; sh MAKEDEV sd0 wd0 sd1 # or whatever devices you need > Porblem solved: you can now do "disklabel and other tools" without > risk of destroying your filesystesms. At least, not having the installer > do it. With these tools most people are quite capable of destroying > filesystems. >
pkg_add and an authenticating proxy
Hi, I was wondering if there was any way on how to allow pkg_add to use an authenticating http-proxy ? Unluckily I cannot find any documentation on the matter. Thanks alot so far. Best regards, Stephan
Re: httpd, PHP7.4, phpIPAM, MariaDB
On 2021/02/10 11:32, Jesse Barton wrote: > After fully reading the /usr/local/share/doc/pkg-readmes/php-7.4 readme I > found that > there is a third party package called pecl-libsodium so I searched for that > in openports.se and > tried installing it > but had no luck. I also noticed there is a pecl-mcrypt > https://openports.se/security/ > pecl-mcrypt > So I tried installing that also with no success. Am I missing something? Those examples are outdated, libsodium is in PHP core now, and as they're now built for the various PHP versions the packages are renamed to pecl7X-foo. > - various useful third-party extensions from the PECL repository have > also been packaged. Examples include pecl-memcache (for use with > sysutils/memcached), pecl-imagick (image manipulation using ImageMagick), > pecl-libsodium (a wrapper for the libsodium cryptographic library), etc. I'll fix that for -current but won't pull it back to -stable until the next PHP version update.
Re: httpd, PHP7.4, phpIPAM, MariaDB
On 2021/02/10 09:35, Jesse Barton wrote: > Thanks Stuart that's super helpful I'm new to openbsd and must have > completely missed that > those readmes existed. I got everything working last night minus a SAML > integration I'm trying > to setup that says it requires php-mcrypt but I noticed that php-mcrypt is > marked obsolete in > ports. Looks like it's deprecated as a whole. Is there an alternative anyone > recommends I use? mcrypt was removed from php core in 7.2 (2017) - the mcrypt library itself hasn't been updated in over a decade. I think most people use the openssl functions now, that is the way xmlseclibs (used by php-saml) went. There is a pecl extension compatible with (pecl73-mcrypt etc) but better to move away from it if you can.
Re: Installation overwritten... Accidental disklabel and newfs
> The device nodes don't exist until the install or upgrade program detects > the disk and creates them. > > Likewise for wd0 as although outdated for ahci disks. > > Dmesg identifies the disk as: > sd0 at scsibus0 targ0 lun0 ATA ST1000DM003... > sd0 953869mb > > This is why I had to run the install program and accidentally went too far. > > It would be helpful to be able to use disklabel and other tools such as > newfs, growfs without running through the installer. When booted into the installer, just do CTRL/C to kill the install script Then do: cd /dev; sh MAKEDEV sd0 wd0 sd1 # or whatever devices you need Porblem solved: you can now do "disklabel and other tools" without risk of destroying your filesystesms. At least, not having the installer do it. With these tools most people are quite capable of destroying filesystems.
Re: Installation overwritten... Accidental disklabel and newfs
On Wed, Feb 10, 2021 at 07:11:53PM +, Ed Gray wrote: > Hi Otto, > > Thanks for your reply. This is what I see on a shell from bad.rd when I try > to access the first SATA HDD. > > # disklabel sd0 > disklabel: /dev/rsd0: no such file or directory > > # disklabel sd0c > disklabel: /dev/rsd0c: no such file or directory > > Same for rsd0 and rsd0c. > > The device nodes don't exist until the install or upgrade program detects > the disk and creates them. > > Likewise for wd0 as although outdated for ahci disks. > > Dmesg identifies the disk as: > sd0 at scsibus0 targ0 lun0 ATA ST1000DM003... > sd0 953869mb > > This is why I had to run the install program and accidentally went too far. A cd /dev; ./MAKEDEV sd0 would have been enough to continue. -Otto > > It would be helpful to be able to use disklabel and other tools such as > newfs, growfs without running through the installer. > > In my case I forgot that the installer continues automatically with the > next command and also used the wrong switch to disklabel. > > It's a good thing I take backups seriously nowadays. > > Regards > Ed Gray > > On Wed, 10 Feb 2021, 3:52 pm Otto Moerbeek, wrote: > > > On Wed, Feb 10, 2021 at 03:35:06PM +, Ed Gray wrote: > > > > > Okay, thanks Stuart. > > > > > > I have left testdisk running a deep scan and will see if it finds my > > /var. > > > I know I'll still have to mount the partitions and I don't know if an > > fsck > > > would be able to fix any damage done by newfs. > > > > > > I think at this point I'm better off starting again as like others I've > > > done many upgrades. It's probably not worth trying to fix for the sake of > > > getting a few configuration files and settings back and maybe some files > > I > > > have elsewhere. > > > > > > I would be interested in finding out a way to access my SATA HDD (sd0) > > with > > > disklabel and other tools on the ramdisk without first running the > > install > > > or upgrade programs. > > > > If you starft a shell on the initial prompt of a bsd.rd boot you get a > > shell and a fine selection of commands that are useful for recovery. > > > > -Otto > > > > > > > > Regards > > > Ed Gray > > > > > > On Wed, 10 Feb 2021, 8:33 am Stuart Henderson, > > wrote: > > > > > > > On 2021-02-09, Ed Gray wrote: > > > > > I have backups and will probably not have lost anything important > > but I > > > > > just wondered if anyone had any suggestions as to whether this is > > fixable > > > > > and what steps to take before I give up and re-install? I followed a > > > > how-to > > > > > I found which suggested using scan_ffs to rebuild my disklabel but > > it's > > > > > finding some of the volumes and not all of them. > > > > > > > > If you were able to recover /var, check in /var/backups where you will > > > > hopefully find some disklabel.* files. > > > > > > > > scan_ffs does not support FFS2, previously used only for large > > > > filesystems but on newer installations now used for all filesystems. > > > > > > > > > > > > > >
Re: Installation overwritten... Accidental disklabel and newfs
Hi Otto, Thanks for your reply. This is what I see on a shell from bad.rd when I try to access the first SATA HDD. # disklabel sd0 disklabel: /dev/rsd0: no such file or directory # disklabel sd0c disklabel: /dev/rsd0c: no such file or directory Same for rsd0 and rsd0c. The device nodes don't exist until the install or upgrade program detects the disk and creates them. Likewise for wd0 as although outdated for ahci disks. Dmesg identifies the disk as: sd0 at scsibus0 targ0 lun0 ATA ST1000DM003... sd0 953869mb This is why I had to run the install program and accidentally went too far. It would be helpful to be able to use disklabel and other tools such as newfs, growfs without running through the installer. In my case I forgot that the installer continues automatically with the next command and also used the wrong switch to disklabel. It's a good thing I take backups seriously nowadays. Regards Ed Gray On Wed, 10 Feb 2021, 3:52 pm Otto Moerbeek, wrote: > On Wed, Feb 10, 2021 at 03:35:06PM +, Ed Gray wrote: > > > Okay, thanks Stuart. > > > > I have left testdisk running a deep scan and will see if it finds my > /var. > > I know I'll still have to mount the partitions and I don't know if an > fsck > > would be able to fix any damage done by newfs. > > > > I think at this point I'm better off starting again as like others I've > > done many upgrades. It's probably not worth trying to fix for the sake of > > getting a few configuration files and settings back and maybe some files > I > > have elsewhere. > > > > I would be interested in finding out a way to access my SATA HDD (sd0) > with > > disklabel and other tools on the ramdisk without first running the > install > > or upgrade programs. > > If you starft a shell on the initial prompt of a bsd.rd boot you get a > shell and a fine selection of commands that are useful for recovery. > > -Otto > > > > > Regards > > Ed Gray > > > > On Wed, 10 Feb 2021, 8:33 am Stuart Henderson, > wrote: > > > > > On 2021-02-09, Ed Gray wrote: > > > > I have backups and will probably not have lost anything important > but I > > > > just wondered if anyone had any suggestions as to whether this is > fixable > > > > and what steps to take before I give up and re-install? I followed a > > > how-to > > > > I found which suggested using scan_ffs to rebuild my disklabel but > it's > > > > finding some of the volumes and not all of them. > > > > > > If you were able to recover /var, check in /var/backups where you will > > > hopefully find some disklabel.* files. > > > > > > scan_ffs does not support FFS2, previously used only for large > > > filesystems but on newer installations now used for all filesystems. > > > > > > > > > >
unable to restart nsd with doas
Hey, i have a problem restarting nsd from a script that is run as doas. I have read the man page of doas several times, but i dont understand what i am doing wrong. Maybe someone of you could help me out. That would be so nice. My problem is": I have a script called "worker" and i invoce that script via doas sh /home/leo/bin/worker The script looks like this: #!/bin/sh tar xf /tmp/queue.tar -C /var/nsd/zonefiles/master rcctl restart nsd The tar command gets successfully executed as root and the files get extracted fine. But the rcctl command does not restart nsd. It just does nothing. Like it is not executed as root. Do you know what i am doing wrong here? My /etc/doas.conf looks like this: permit nopass leo as root cmd sh args /home/leo/bin/worker I am sure i am doing a very simple mistake here. But i cannot figure out what i am doing wrong. Could someone of you please be so kind to send me to the right direction? Thanks so much and greetings Leo
Re: httpd, PHP7.4, phpIPAM, MariaDB
Nevermind, I'm a idiot. I had the package name wrong. On Wed, Feb 10, 2021 at 11:32 AM Jesse Barton wrote: > After fully reading the /usr/local/share/doc/pkg-readmes/php-7.4 readme I > found that > there is a third party package called pecl-libsodium so I searched for > that in openports.se and tried installing it > but had no luck. I also noticed there is a pecl-mcrypt > https://openports.se/security/pecl-mcrypt > So I tried installing that also with no success. Am I missing something? > > IPAM% doas pkg_add pecl-mcrypt > quirks-3.441 signed on 2021-02-10T15:19:41Z > Can't find pecl-mcrypt > > IPAM% doas pkg_add pecl-libsodium > quirks-3.441 signed on 2021-02-10T15:19:41Z > Can't find pecl-libsodium > > - various useful third-party extensions from the PECL repository have > also been packaged. Examples include pecl-memcache (for use with > sysutils/memcached), pecl-imagick (image manipulation using ImageMagick), > pecl-libsodium (a wrapper for the libsodium cryptographic library), etc. > > On Wed, Feb 10, 2021 at 9:35 AM Jesse Barton > wrote: > >> Thanks Stuart that's super helpful I'm new to openbsd and must have >> completely missed that those readmes existed. I got everything working last >> night minus a SAML integration I'm trying to setup that says it requires >> php-mcrypt but I noticed that php-mcrypt is marked obsolete in ports. Looks >> like it's deprecated as a whole. Is there an alternative anyone recommends >> I use? >> >> On Wed, Feb 10, 2021 at 2:23 AM Stuart Henderson >> wrote: >> >>> On 2021-02-09, Jesse Barton wrote: >>> > Hey OpenBSD Community, >>> > >>> > I am working on getting phpIPAM setup on a OpenBSD system but so far >>> i'm >>> > running into an issue with connecting the php site to the database. >>> > >>> > I used parts of these documentation pages to get everything working. >>> > https://www.php.net/manual/en/install.unix.openbsd.php >>> > https://phpipam.net/documents/installation/ >>> >>> See the OpenBSD documentation installed by the packages (and pointed out >>> by pkg_add when you installed them): >>> >>> /usr/local/share/doc/pkg-readmes/mariadb-server >>> /usr/local/share/doc/pkg-readmes/php-7.4 >>> >>> >>>
Re: httpd, PHP7.4, phpIPAM, MariaDB
After fully reading the /usr/local/share/doc/pkg-readmes/php-7.4 readme I found that there is a third party package called pecl-libsodium so I searched for that in openports.se and tried installing it but had no luck. I also noticed there is a pecl-mcrypt https://openports.se/security/pecl-mcrypt So I tried installing that also with no success. Am I missing something? IPAM% doas pkg_add pecl-mcrypt quirks-3.441 signed on 2021-02-10T15:19:41Z Can't find pecl-mcrypt IPAM% doas pkg_add pecl-libsodium quirks-3.441 signed on 2021-02-10T15:19:41Z Can't find pecl-libsodium - various useful third-party extensions from the PECL repository have also been packaged. Examples include pecl-memcache (for use with sysutils/memcached), pecl-imagick (image manipulation using ImageMagick), pecl-libsodium (a wrapper for the libsodium cryptographic library), etc. On Wed, Feb 10, 2021 at 9:35 AM Jesse Barton wrote: > Thanks Stuart that's super helpful I'm new to openbsd and must have > completely missed that those readmes existed. I got everything working last > night minus a SAML integration I'm trying to setup that says it requires > php-mcrypt but I noticed that php-mcrypt is marked obsolete in ports. Looks > like it's deprecated as a whole. Is there an alternative anyone recommends > I use? > > On Wed, Feb 10, 2021 at 2:23 AM Stuart Henderson > wrote: > >> On 2021-02-09, Jesse Barton wrote: >> > Hey OpenBSD Community, >> > >> > I am working on getting phpIPAM setup on a OpenBSD system but so far i'm >> > running into an issue with connecting the php site to the database. >> > >> > I used parts of these documentation pages to get everything working. >> > https://www.php.net/manual/en/install.unix.openbsd.php >> > https://phpipam.net/documents/installation/ >> >> See the OpenBSD documentation installed by the packages (and pointed out >> by pkg_add when you installed them): >> >> /usr/local/share/doc/pkg-readmes/mariadb-server >> /usr/local/share/doc/pkg-readmes/php-7.4 >> >> >>
Re: home printer
I reject the insinuation that only blackmailers need anonymous speech. Reality Winner is but one example to the contrary. Without anonymous speech, there can be no free speech. People might deem it a no-brainer that "They" would do something like this, but the real no-brainer is understanding that printer steganography and the secrecy surrounding it are corrosive to democracy, honest commerce and the rule of law. In any honest commercial transaction, the customer would be informed prior to the sale about the presence of any anti-features. Especially when those anti-features enable a government-driven privacy invasion or warrantless metadata surveillance. The U.S. Constitution in particular especially protects PAPERS and effects. In any non-kangaroo court, evidence obtained by secret mechanisms mandated by secret laws would be inadmissible. Obvious technical feasibility does not entitle hackers to do whatever they want, and neither can, under any reasonable rule of law, governments be allowed to do whatever they want just because they perceive some advantage to doing it, and just because they can get away with it for a while. Democracies understand that the people are more trustworthy than concentrated power, which is why democracies have the people hold governments in check. Tyrannies are the opposite, and have governments hold the people in check. Under any non-tyrannical government of laws, the introduction of printer steganography, if carried out, would not have been secret to start with. In a free society, this would have been a matter of public debate, giving the people a chance to reject the intrusion before its introduction, and a chance to know what rules they are operating under and what world they are living in. Printer steganography is the kind of chain most people will only notice once they move and start exercising their rights. If you're only free because you don't dissent, you're not free. --Ian
Re: Installation overwritten... Accidental disklabel and newfs
On Wed, Feb 10, 2021 at 03:35:06PM +, Ed Gray wrote: > Okay, thanks Stuart. > > I have left testdisk running a deep scan and will see if it finds my /var. > I know I'll still have to mount the partitions and I don't know if an fsck > would be able to fix any damage done by newfs. > > I think at this point I'm better off starting again as like others I've > done many upgrades. It's probably not worth trying to fix for the sake of > getting a few configuration files and settings back and maybe some files I > have elsewhere. > > I would be interested in finding out a way to access my SATA HDD (sd0) with > disklabel and other tools on the ramdisk without first running the install > or upgrade programs. If you starft a shell on the initial prompt of a bsd.rd boot you get a shell and a fine selection of commands that are useful for recovery. -Otto > > Regards > Ed Gray > > On Wed, 10 Feb 2021, 8:33 am Stuart Henderson, wrote: > > > On 2021-02-09, Ed Gray wrote: > > > I have backups and will probably not have lost anything important but I > > > just wondered if anyone had any suggestions as to whether this is fixable > > > and what steps to take before I give up and re-install? I followed a > > how-to > > > I found which suggested using scan_ffs to rebuild my disklabel but it's > > > finding some of the volumes and not all of them. > > > > If you were able to recover /var, check in /var/backups where you will > > hopefully find some disklabel.* files. > > > > scan_ffs does not support FFS2, previously used only for large > > filesystems but on newer installations now used for all filesystems. > > > > > >
Re: httpd, PHP7.4, phpIPAM, MariaDB
Thanks Stuart that's super helpful I'm new to openbsd and must have completely missed that those readmes existed. I got everything working last night minus a SAML integration I'm trying to setup that says it requires php-mcrypt but I noticed that php-mcrypt is marked obsolete in ports. Looks like it's deprecated as a whole. Is there an alternative anyone recommends I use? On Wed, Feb 10, 2021 at 2:23 AM Stuart Henderson wrote: > On 2021-02-09, Jesse Barton wrote: > > Hey OpenBSD Community, > > > > I am working on getting phpIPAM setup on a OpenBSD system but so far i'm > > running into an issue with connecting the php site to the database. > > > > I used parts of these documentation pages to get everything working. > > https://www.php.net/manual/en/install.unix.openbsd.php > > https://phpipam.net/documents/installation/ > > See the OpenBSD documentation installed by the packages (and pointed out > by pkg_add when you installed them): > > /usr/local/share/doc/pkg-readmes/mariadb-server > /usr/local/share/doc/pkg-readmes/php-7.4 > > >
Re: Installation overwritten... Accidental disklabel and newfs
Okay, thanks Stuart. I have left testdisk running a deep scan and will see if it finds my /var. I know I'll still have to mount the partitions and I don't know if an fsck would be able to fix any damage done by newfs. I think at this point I'm better off starting again as like others I've done many upgrades. It's probably not worth trying to fix for the sake of getting a few configuration files and settings back and maybe some files I have elsewhere. I would be interested in finding out a way to access my SATA HDD (sd0) with disklabel and other tools on the ramdisk without first running the install or upgrade programs. Regards Ed Gray On Wed, 10 Feb 2021, 8:33 am Stuart Henderson, wrote: > On 2021-02-09, Ed Gray wrote: > > I have backups and will probably not have lost anything important but I > > just wondered if anyone had any suggestions as to whether this is fixable > > and what steps to take before I give up and re-install? I followed a > how-to > > I found which suggested using scan_ffs to rebuild my disklabel but it's > > finding some of the volumes and not all of them. > > If you were able to recover /var, check in /var/backups where you will > hopefully find some disklabel.* files. > > scan_ffs does not support FFS2, previously used only for large > filesystems but on newer installations now used for all filesystems. > > >
pgmodeler is not finding the libraries on -current
Hello, I'm struggling to make working the pgmodeler 0.9.3 application on OpenBSD -current When I try to run pgmodeler I get the following errors: ~ > pgmodeler ld.so: pgmodeler: can't load library 'libpgmodeler_ui.so.2.0' Killed ~ > pgmodeler ld.so: pgmodeler: can't load library 'libpgconnector.so.2.0' Killed ~ > pgmodeler ld.so: pgmodeler: can't load library 'libpgmodeler.so.2.0' Killed ~ > pgmodeler ld.so: pgmodeler: can't load library 'libpgmodeler.so.2.0' Killed And I see all the libraries there: ~ > ls -lah /usr/local/lib/pgmodeler/ total 19096 drwxr-xr-x3 root wheel 512B Feb 10 01:42 . drwxr-xr-x 109 root wheel 55.0K Feb 10 01:42 .. -rw-r--r--1 root bin 485K Feb 9 01:49 libobjrenderer.so.1.1 -rw-r--r--1 root bin 231K Feb 9 01:49 libparsers.so.2.0 -rw-r--r--1 root bin 178K Feb 9 01:49 libpgconnector.so.2.0 -rw-r--r--1 root bin 2.1M Feb 9 01:49 libpgmodeler.so.2.0 -rw-r--r--1 root bin 6.0M Feb 9 01:49 libpgmodeler_ui.so.2.0 -rw-r--r--1 root bin 143K Feb 9 01:49 libutils.so.1.1 drwxr-xr-x2 root wheel 512B Feb 10 01:42 plugins OpenBSD Version: ~ > sysctl kern.version kern.version=OpenBSD 6.9-beta (GENERIC.MP) #324: Tue Feb 9 17:20:54 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP I'm not sure what could be the problem. I even tried to compile the port and didn't work. Thanks in advance. -- Jose Figueroa
Re: Bootloader on USB stick fails with "root device not found"
On Wed, Feb 10, 2021 at 01:00:33PM +, Frank Beuth wrote: > On Tue, Feb 02, 2021 at 10:50:39PM +0100, Stefan Sperling wrote: > > The idea of protecting key disks with a passphrase (two-factor auth) has > > been raised before. It has not been implemented yet, simply because nobody > > has done the work. A search of the mailing list archives should yield > > some prior discussion. > > How about backup keys, so I can have a backup passphrase stored somewhere > safely that works even if I lose my keydisk? Well, even if two-factor auth were already available, if you lose the key disk then you should also lose access to the encrypted data. Otherwise it's not two-factor auth. A scheme where either a passphrase or a key disk could be used to unlock the volume would be redundant and even dangerously confusing for users who expect actual two-factor auth. The current way to back up a keydisk is by saving an image with dd and storing this somewhere securely. This image can be very small since only the key disk's RAID disklabel slice needs to be copied, not the entire physical key disk. See the FAQ entry "Using a Keydisk" here: https://www.openbsd.org/faq/faq14.html#softraid
Re: Bootloader on USB stick fails with "root device not found"
On Tue, Feb 02, 2021 at 10:50:39PM +0100, Stefan Sperling wrote: The idea of protecting key disks with a passphrase (two-factor auth) has been raised before. It has not been implemented yet, simply because nobody has done the work. A search of the mailing list archives should yield some prior discussion. How about backup keys, so I can have a backup passphrase stored somewhere safely that works even if I lose my keydisk? FWIW I ran into the same problem as the OP when trying to put the bootloader on external media.
Re: amdgpu unstable atm
On Mon, Feb 01, 2021 at 08:05:45PM +0900, rgc wrote: > misc@ > > it's been a few days > some crashes still occured .. > one time i've already killed firefox-esr and was just using stterm when X > crashed. > > in the meantime, i've done a BIOS update. > i have SVM (AMDs vmm support) enabled which automatically shares 1Gb to iGPU. > and running pkg_add -u and sysupgrade every other day. > > kern.version=OpenBSD 6.8-current (GENERIC.MP) #302: Sat Jan 30 21:51:53 MST > 2021 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > running spyder3 and firefox-esr at the same time, no issues so far misc@ now running 6.9-beta kern.version=OpenBSD 6.9-beta (GENERIC.MP) #321: Mon Feb 8 14:21:26 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP sysupgraded this morning logged in xenodm, running stterm, tmux, spyder3, firefox-esr left it as-is ... went to work. checked it later in the day, saw the console login prompt, pressing a key shutdown the system. hmmn. i was downstairs (WFH nowadays) so i would have known if there was a power failure. as i type this i am sysupgrading ~ rgc
Re: home printer
On 10/2/21 7:49 pm, Greg Thomas wrote:
> Does anyone have examples of steganography in monochrome laser
> printers?
^
https://duckduckgo.com/?t=ffsb&q=steganography+in+monochrome+laser+printers&ia=web
Second hit is https://en.wikipedia.org/wiki/Machine_Identification_Code
which doesn't say specifically that mono printers _do_ implement such
stenography, but doesn't rule it out either and hypothesises a few
methods by which it could be done.
Colour printers doing this is a no-brainer, because authorities want to
be able to trace the source of counterfeit documents such as bank notes,
etc.
Not all "protected" documents need colour to be counterfeited though,
and so I think we can safely assume that mono printers also do the same
thing.
Question is, are you printing sensitive material that often that using
such a printer poses an unacceptable risk?
You can lose sleep over the fact that most computer print-outs are
traceable, you can set out to design an "untraceable" printer, or you
can accept that there are many pieces of paper flying around the planet,
too many for law enforcement to sit and scrutinise each and every one.
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
Re: home printer
Does anyone have examples of steganography in monochrome laser printers? On Tue, Feb 9, 2021 at 10:53 PM Stuart Longland wrote: > On 9/2/21 6:43 am, ropers wrote: > > * Printer steganography -- which I've positively confirmed is indeed > there, > > and which I neither asked for, nor was at any time told anything about > by > > Xerox, especially not pre-purchase. > > I think this is situation normal for any printer made this decade. > Don't like it? You have three choices: > > 1. Find a way to coax an ancient parallel port printer to work with your > modern Unix workstation. > 2. Make your own printer. > 3. Don't print. > > (1) could be achieved two ways: > > (1a) using either a standard LPT-to- adaptor. (e.g. > LPT-to-USB, there are also LPT print servers that present an lpd interface) > (1b) with off-the-shelf modules to interface to the Centronics interface > on the printer (which is 5V TTL IIRC) to one of the myriad of 5V-TTL > compatible microcontroller dev boards out there and doing some hacking > of the print spooler in OpenBSD along with some firmware development. > > (2) has been done various ways (e.g. HomoFaciens on YouTube did a > junk-box printer using a pen, scrap motors, hand-made optical encoders > and an Arduino dev board)… admittedly resolution and print speed are > both poor in such systems unless you're very mechanically and > electronically skilled. You may also have to forgo conveniences such as > an automatic sheet feeder or out-of-pigment notifications. > > Many people are doing (3) now, having decided they don't use a printer > often enough to justify the cost of maintaining one. > -- > Stuart Longland (aka Redhatter, VK4MSL) > > I haven't lost my mind... > ...it's backed up on a tape somewhere. > >
Re: Installation overwritten... Accidental disklabel and newfs
On 2021-02-09, Ed Gray wrote: > I have backups and will probably not have lost anything important but I > just wondered if anyone had any suggestions as to whether this is fixable > and what steps to take before I give up and re-install? I followed a how-to > I found which suggested using scan_ffs to rebuild my disklabel but it's > finding some of the volumes and not all of them. If you were able to recover /var, check in /var/backups where you will hopefully find some disklabel.* files. scan_ffs does not support FFS2, previously used only for large filesystems but on newer installations now used for all filesystems.
Re: httpd, PHP7.4, phpIPAM, MariaDB
On 2021-02-09, Jesse Barton wrote: > Hey OpenBSD Community, > > I am working on getting phpIPAM setup on a OpenBSD system but so far i'm > running into an issue with connecting the php site to the database. > > I used parts of these documentation pages to get everything working. > https://www.php.net/manual/en/install.unix.openbsd.php > https://phpipam.net/documents/installation/ See the OpenBSD documentation installed by the packages (and pointed out by pkg_add when you installed them): /usr/local/share/doc/pkg-readmes/mariadb-server /usr/local/share/doc/pkg-readmes/php-7.4
