Re: doas and args matching
Alexander Hall writes: There's a good chance i'm misunderstanding, but doesn't this run into the same issue? Namely, that (as far as i'm aware) it's not possible to specify that a doas-permitted command be allowed to run with arbitrary arguments (or range of arguments), rather than only the arguments specified in doas.conf? Just leaving out the "args ..." from the config should accomplish that. Not on 7.1, unless i'm doing something wrong? /etc/doas.conf: permit nopass alexis as root cmd /sbin/wsconsctl $ /sbin/wsconsctl display.brightness=50 wsconsctl: /dev/ttyC0: Permission denied Hence the OP's question, and my suggested kludge. Alexis.
Re: serial console works only if system is booted from it
On Thu, 28 Jul 2022 15:11:58 -0500, Andrew Daugherity wrote: > This is probably worth a mention in the ttys(5) man page. It's one of > those things that once you've worked through it, you know, but it's > not at all obvious that HUP-ing init applies changes from every other > column but NOT any flags changes. I think the wording NetBSD has [1] > is decent: > "Nota Bene: Sending SIGHUP to init(8) does not change the state of the > various tty(4) device flags listed above; the ttyflags(8) program must > be run for changes in those flags to take effect on the devices." How does this look? I couldn't resist making some other minor tweaks while there. - todd Index: libexec/getty/ttys.5 === RCS file: /cvs/src/libexec/getty/ttys.5,v retrieving revision 1.13 diff -u -p -u -r1.13 ttys.5 --- libexec/getty/ttys.58 Feb 2020 01:09:57 - 1.13 +++ libexec/getty/ttys.529 Jul 2022 01:46:57 - @@ -1,4 +1,5 @@ .\"$OpenBSD: ttys.5,v 1.13 2020/02/08 01:09:57 jsg Exp $ +.\" .\" Copyright (c) 1985, 1991, 1993 .\"The Regents of the University of California. All rights reserved. .\" @@ -42,6 +43,7 @@ and control the use of terminal special This information is read with the .Xr getttyent 3 library routines. +.Pp There is one line in the .Nm file per special device file. @@ -54,24 +56,29 @@ are delimited by hash marks and newlines. Any unspecified fields will default to null. .Pp +Each line in +.Nm +is of the format: +.Dl tty command type flags +.Pp The first field is the name of the terminal special file as it is found in .Pa /dev . .Pp -The second field of the file is the command to execute for the line, +The second field is the command to execute for the line, usually .Xr getty 8 , which initializes and opens the line, setting the speed, waiting for a user name and executing the .Xr login 1 -program. +utility. It can be, however, any desired command, for example the start up for a window system terminal emulator or some other daemon process, and can contain multiple words if quoted. .Pp The third field is the type of terminal usually connected to that -TTY line, normally the one found in the -.Xr termcap 5 +tty line, normally the one found in the +.Xr terminfo 5 database file. The environment variable .Dv TERM @@ -87,7 +94,7 @@ entry (see or specify a window system process that .Xr init 8 will maintain for the terminal line. -The following is a list of permitted flags for each TTY: +The following is a list of permitted flags for each tty: .Bl -tag -width xxx .It Ar on Specify that @@ -98,7 +105,7 @@ The opposite of on. .It Ar secure If .Ar on -is also specified, allows users with a UID of 0 to log in on this line. +is also specified, allows users with a user ID of 0 to log in on this line. If set for the .Ar console entry, then @@ -130,11 +137,21 @@ will execute .Em before starting the command specified by the second field. .Pp -Changes to the ttys file take effect after it has been reloaded by +Changes to the +.Nm +file take effect after it has been reloaded by .Xr init 8 , which can be triggered by sending it a .Dv HUP signal. +Reloading the +.Nm +file does +.Em not +change the state of the device-specific terminal flags described above. +The +.Xr ttyflags 8 +utility can be used to set those flags. .Sh FILES .Bl -tag -width /etc/ttys -compact .It Pa /etc/ttys
Re: necessity to specify CVSROOT each time cvs is run?
On Thu, Jul 28, 2022 at 08:13:46AM -, Stuart Henderson wrote: > Either use -d, or set CVSROOT, or replace CVS/Root files with ones > containing the path to the repo (cvschroot from the cvsutils package > makes this easy). If your original checkout had been done via anoncvs > you wouldn't have needed to do this. (Also ports.tar.gz misses some > files - run "cvs up -Pd" across the whole tree to fetch them). > I already use a script to do cvs for ports. Right now, it downloads a copy of ports.tar.gz for "just in case cvs checkout fails". Which method would be preferable for the other end (the cvs server)? ports.tar.gz then cvs up or cvs checkout Either method is fine for me, but which method would be preferable? I don't get ports.tar.gz from the same server as cvs. Does a checkout put less load on the cvs server than running a comparison with cvs up? Or is the increased data with checkout more important to eliminate? -- Thanks, Chris Bennett
Re: Configuration of static ipv6 router
On 2022 jeu 28 jui - 12:20, Kevin Wallace wrote: > On 2022-07-28 11:32 AM, Nicolas Goy wrote: > > I found something weird that might be a bug. > > > ping6 fe80:b2b:11fe:161::2%vport0 > > The KAME IPv6 code uses the second word of link-local addresses for > internal bookkeeping, and clears it before sending the packet over the > wire. Addresses within fe80::/10 but outside of fe80::/32 will cause > weirdness like this. See > https://github.com/kame/kame/blob/master/IMPLEMENTATION, section 1.3.1 Is there a workaround? It seems those link local addresses are common with cisco routers. Thanks -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: serial console works only if system is booted from it
On Mon, Jul 25, 2022 at 9:01 PM Todd C. Miller wrote: > > On Sun, 24 Jul 2022 23:50:11 -0700, Kastus Shchuka wrote: > > > Apparently, restarting getty on tty00 was not enough. > > After reboot, I got login prompt on tty00 line. > > Running "ttyflags -a" as root would probably also fix it without > the need for a reboot. This is probably worth a mention in the ttys(5) man page. It's one of those things that once you've worked through it, you know, but it's not at all obvious that HUP-ing init applies changes from every other column but NOT any flags changes. I think the wording NetBSD has [1] is decent: "Nota Bene: Sending SIGHUP to init(8) does not change the state of the various tty(4) device flags listed above; the ttyflags(8) program must be run for changes in those flags to take effect on the devices." I'm pretty sure I tried 'local' on some Dell servers but it didn't work for me, on either the physical port or IPMI Serial-over-LAN; 'softcar' did the trick in my case. Without that I get the same issue -- getty only works if the device is also the boot console. Thanks, -Andrew [1] http://man.bsd.lv/NetBSD-9.2/ttys
Re: Configuration of static ipv6 router
I found something weird that might be a bug. If I do doas ifconfig vport0 inet6 fe80::2/10 Then ping6 fe80:b2b:11fe:161::2%vport0 On the tcpdump output, I see a different address 20:31:15.816576 fe80::fce1:baff:fed1:b34 > ff02::1:ff00:2: icmp6: neighbor sol: who has fe80:0:11fe:161::2 -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: testing 7.2-beta ( tftpd )
On Wed, Jul 27, 2022 at 6:39 PM Sven F. wrote: > Dear readers, > > I ran tftpd like this : > > route -T 10 exec /usr/sbin/tftpd -d -v -c -l 192.168.2.1 /var/tftpd > > when trying to upload , it created an empty file in /var/tftpd > > # ls -ld /var/tftpd/; ls -l /var/tftpd/ > drwxr-xr-x 2 _tftpd wheel 512 Jul 27 18:31 /var/tftpd/ > total 4 > -rw-rw-rw- 1 _tftpd wheel 0 Jul 27 18:34 board.json > > and log errors on stderr : > tftpd: 192.168.2.32: write request for 'board.json' > tftpd: tftp_wrq recv: Connection refused > > get does similar > tftpd: 192.168.2.32: recv: Connection refused > tftpd: 192.168.2.32: read request for 'foo' > > Am I missing something obvious ? > > Thank you for reading that far. > Another client program is able to download. So i guess it s expected
Re: Configuration of static ipv6 router
Ok, I think I found the issue. The cisco is useing the address fe80:b2b:11fe:161::2 but for some reason, openbsd doesn't link this. I cannot ping fe80:b2b:11fe:161::2%vport0 The system is adding fe80::%vport0/64 to the routing table. I am not sure, but I think that's the cause. I tried to add it to the routing table but it says "file exists". -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: Configuration of static ipv6 router
I added this as my first line in pf.conf pass quick log on vport0 proto icmp6 When I do tcpdump -i vport0 I do see the packets 19:21:09.846069 fe80:b2b:11fe:161::2 > ff02::1:ff01:1: icmp6: neighbor sol: who has [class 0xe0] But there is nothing on tcpdump -i pflog0 It seems those packet disapears somewhere. I tried on a regular interface (without veb) but same behaviour. -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: Configuration of static ipv6 router
As additional info, here are my sysctl net.inet6.ip6.forwarding=1 net.inet6.ip6.redirect=1 net.inet6.ip6.hlim=64 net.inet6.ip6.mrtproto=0 net.inet6.ip6.maxfragpackets=200 net.inet6.ip6.log_interval=5 net.inet6.ip6.hdrnestlimit=10 net.inet6.ip6.dad_count=1 net.inet6.ip6.auto_flowlabel=1 net.inet6.ip6.defmcasthlim=1 net.inet6.ip6.use_deprecated=1 net.inet6.ip6.maxfrags=200 net.inet6.ip6.mforwarding=0 net.inet6.ip6.multipath=0 net.inet6.ip6.multicast_mtudisc=0 net.inet6.ip6.neighborgcthresh=2048 net.inet6.ip6.maxdynroutes=4096 net.inet6.ip6.dad_pending=0 net.inet6.ip6.mtudisctimeout=600 net.inet6.icmp6.redirtimeout=600 net.inet6.icmp6.nd6_delay=5 net.inet6.icmp6.nd6_umaxtries=3 net.inet6.icmp6.nd6_mmaxtries=3 net.inet6.icmp6.errppslimit=100 net.inet6.icmp6.nd6_maxnudhint=0 net.inet6.icmp6.mtudisc_hiwat=1280 net.inet6.icmp6.mtudisc_lowat=256 net.inet6.icmp6.nd6_debug=0 net.inet6.divert.recvspace=65636 net.inet6.divert.sendspace=65636 -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: Configuration of static ipv6 router
Ok, actually the ISP router is also trying the multicast after failing the unicast: Here are two packets, the first one works, the router responds (openbsd box), but the second one is ignored. first one (works is responded to): [+] Frame 12012: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface vport0, id 0 [+] Ethernet II, Src: ASUSTekC_42:5c:dc (7c:10:c9:42:5c:dc), Dst: IPv6mcast_ff:01:00:01 (33:33:ff:01:00:01) [-] Internet Protocol Version 6, Src: fe80::7e10:c9ff:fe42:5cdc, Dst: ff02::1:ff01:1 0110 = Version: 6 [+] = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) 1110 0100 0001 0010 = Flow Label: 0xe41f2 Payload Length: 32 Next Header: ICMPv6 (58) Hop Limit: 255 Source Address: fe80::7e10:c9ff:fe42:5cdc Destination Address: ff02::1:ff01:1 Source SLAAC MAC: ASUSTekC_42:5c:dc (7c:10:c9:42:5c:dc) [-] Internet Control Message Protocol v6 Type: Neighbor Solicitation (135) Code: 0 Checksum: 0xd6ae [correct] Checksum Status: Good Reserved: Target Address: 2a02:aa08::::1:1 # redacted [-] ICMPv6 Option (Source link-layer address : 7c:10:c9:42:5c:dc) Type: Source link-layer address (1) Length: 1 (8 bytes) Link-layer address: ASUSTekC_42:5c:dc (7c:10:c9:42:5c:dc) [=] second one (doesn't work, is ignored): [+] Frame 10611: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface vport0, id 0 [+] Ethernet II, Src: Cisco_4e:41:74 (00:df:1d:4e:41:74), Dst: IPv6mcast_ff:01:00:01 (33:33:ff:01:00:01) [-] Internet Protocol Version 6, Src: fe80:b2b:11fe:161::2, Dst: ff02::1:ff01:1 0110 = Version: 6 [+] 1110 = Traffic Class: 0xe0 (DSCP: CS7, ECN: Not-ECT) = Flow Label: 0x0 Payload Length: 32 Next Header: ICMPv6 (58) Hop Limit: 255 Source Address: fe80:b2b:11fe:161::2 Destination Address: ff02::1:ff01:1 [-] Internet Control Message Protocol v6 Type: Neighbor Solicitation (135) Code: 0 Checksum: 0x9de0 [correct] Checksum Status: Good Reserved: Target Address: 2a02:aa08::::1:1 # redacted [-] ICMPv6 Option (Source link-layer address : 00:df:1d:4e:41:74) Type: Source link-layer address (1) Length: 1 (8 bytes) Link-layer address: Cisco_4e:41:74 (00:df:1d:4e:41:74) [=] -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: Configuration of static ipv6 router
On 2022 jeu 28 jui - 16:14, Nicolas Goy wrote: > On 2022 jeu 28 jui - 15:52, Nicolas Goy wrote: > > On 2022 jeu 28 jui - 13:18, Nicolas Goy wrote: > > > > > > - I can ping internet from my router, but it cuts every 10 seconds or > > > so. If I inspect the traffic, I see that the ISP router is sending > > > neighbor discovery with my router address, and that my router does not > > > respond. > > > > > > > This seems to be the main issue, (I'll figure out the second one after > > that, using nd proxy or other method), I watched the network for some time > > now, and the openbsd router is never responding to neighbor solicitation > > on the wan interface. > > > > When I use tcpdump, I see that on the wan interface, neighbor > > solicitation has an added [class 0xe0] at the end of the line which is > > not present on working solicitations. > > > > After more analyse, I realized that the dst of the ISP/Cisco neighbor solicitation is the actual IP, while usually it's ff02::1:ff01:1 it seems to do unicast solicitation. -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: Configuration of static ipv6 router
On 2022 jeu 28 jui - 15:52, Nicolas Goy wrote: > On 2022 jeu 28 jui - 13:18, Nicolas Goy wrote: > > > > - I can ping internet from my router, but it cuts every 10 seconds or > > so. If I inspect the traffic, I see that the ISP router is sending > > neighbor discovery with my router address, and that my router does not > > respond. > > > > This seems to be the main issue, (I'll figure out the second one after > that, using nd proxy or other method), I watched the network for some time > now, and the openbsd router is never responding to neighbor solicitation > on the wan interface. > > When I use tcpdump, I see that on the wan interface, neighbor > solicitation has an added [class 0xe0] at the end of the line which is > not present on working solicitations. > I forgot to mention that the WAN port is a vport with veb, I don't know if that can affect the ndp protocol. -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: necessity to specify CVSROOT each time cvs is run?
On 2022/07/28 14:01, rsyk...@disroot.org wrote: > Stuart Henderson wrote: > > On 2022-07-28, rsyk...@disroot.org wrote: > > > Dear list, > > > > > > > > > I have a ports tree. (Most probably first obtained > > > by downloading a .tar file.) I am able to update it > > > with, e.g., > > > > > > ; CVSROOT=anon...@ftp.hostserver.de:/cvs > > > ; cvs -d $CVSROOT -q up -Pd -rOPENBSD_7_1 > > > > > > After that I thought -- based on what I read at > > > https://www.openbsd.org/anoncvs.html#CVSROOT > > > -- that running just > > > > > > ; cvs -q up -Pd -rOPENBSD_7_1 > > > > > > should work, but it does not: > > > > > > cvs update: in directory .: > > > cvs update: ignoring CVS/Root because it specifies a non-existent > > > repository /cvs > > > cvs update: No CVSROOT specified! Please use the `-d' option > > > cvs [update aborted]: or set the CVSROOT environment variable. > > > > > > Thanks for comments. > > > > Either use -d, or set CVSROOT, or replace CVS/Root files with ones > > containing the path to the repo (cvschroot from the cvsutils package > > makes this easy). If your original checkout had been done via anoncvs > > you wouldn't have needed to do this. (Also ports.tar.gz misses some > > files - run "cvs up -Pd" across the whole tree to fetch them). > > Ok. Now I perhaps gained some of the missing understanding, but > still not full. > > So if I obtain the tree by downloading a .tar, it is not enough > to just supply -d to cvs once and next time run cvs without the -d; > I must set up the CVSROOT env variable or use the cvschroot command. > > If you get the original tree by cvs (with some -d), the next > time you can run cvs without the -d (and without the need to set up > the environmental CVSROOT). > > But then, one last thing: if I obtain a tree with a certain cvs -d > CVSROOT1, then run cvs -d CVSROOT2, and finally run cvs without -d, > what CVSROOT will be used in the last case? I hope it will be > CVSROOT1, won't it? (Otherwise I would not understand why starting > with a .tar and running subsequently cvs -d is not enough to then > run cvs without the -d...) Yes To make things easier for me, I use a shell alias "acvs" $ alias acvs acvs='/usr/bin/cvs -d $CVSROOT ' (and a corresponding one that I use for the private server rather than anonymous cvs)
Re: Configuration of static ipv6 router
On 2022 jeu 28 jui - 13:18, Nicolas Goy wrote: > > - I can ping internet from my router, but it cuts every 10 seconds or > so. If I inspect the traffic, I see that the ISP router is sending > neighbor discovery with my router address, and that my router does not > respond. > This seems to be the main issue, (I'll figure out the second one after that, using nd proxy or other method), I watched the network for some time now, and the openbsd router is never responding to neighbor solicitation on the wan interface. When I use tcpdump, I see that on the wan interface, neighbor solicitation has an added [class 0xe0] at the end of the line which is not present on working solicitations. -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: necessity to specify CVSROOT each time cvs is run?
On Thu, Jul 28, 2022 at 02:01:54PM +0200, rsyk...@disroot.org wrote: | Ok. Now I perhaps gained some of the missing understanding, but | still not full. | | So if I obtain the tree by downloading a .tar, it is not enough | to just supply -d to cvs once and next time run cvs without the -d; | I must set up the CVSROOT env variable or use the cvschroot command. | | If you get the original tree by cvs (with some -d), the next | time you can run cvs without the -d (and without the need to set up | the environmental CVSROOT). | | But then, one last thing: if I obtain a tree with a certain cvs -d | CVSROOT1, then run cvs -d CVSROOT2, and finally run cvs without -d, | what CVSROOT will be used in the last case? I hope it will be | CVSROOT1, won't it? (Otherwise I would not understand why starting | with a .tar and running subsequently cvs -d is not enough to then | run cvs without the -d...) Basically, yes. What you could do is update all the CVS/Root files to point at a new CVSROOT. For example .. on my machine I have the following: [weerd@pom] $ cat /usr/src/CVS/Root /home/OpenBSD/cvs/ (note that this file is duplicated throughout the tree with the exact same contents; check `md5 -r $(find /usr/src -name Root | head -n 20)` output) Let's say I have /home/weerd/CVSROOT with the new CVSROOT. Now I can for X in `find /usr/src -name Root` do cp /home/weerd/CVSROOT ${X} done (NB: this is safe for a /usr/src checkout, be wary of other repositories that may have files named Root elsewhere than under CVS/ or with paths with spaces) Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: doas and args matching
On July 28, 2022 5:09:54 AM GMT+02:00, Alexis wrote: > >Alexander Hall writes: > >> Better yet, the wrapper could be allowed with no argument restrictions >> and just do >> >> wsconsctl "display.brightness=$1" >> >> or even (maybe; untested) >> >> wsconsctl "display.brightness${1%%[!+-]*}=${1#[+-]}" >> >> for moar fanziness. > >There's a good chance i'm misunderstanding, but doesn't this run into the same >issue? Namely, that (as far as i'm aware) it's not possible to specify that a >doas-permitted command be allowed to run with arbitrary arguments (or range of >arguments), rather than only the arguments specified in doas.conf? Just leaving out the "args ..." from the config should accomplish that. /Alexander > > >Alexis.
Configuration of static ipv6 router
Hello, My ISP gave me a /56 and told me it was statically routed (no DHCPv6-PD). Let's say this prefix 2a02:aa08::YY00::/56 is now x00::/56 What I want to do, is to split this prefix into /64 and use the /64 for my vlans. So what I did is on my interfaces I have the following ips: wan x00::1:1/64 vlan1 x01::1:1/64 vlan2 x02::1:1/64 ... The ISP router is at x00::1 so I did route add -inet6 default x00::1 In pf.conf I have a pass all for icmpv6 >From this point I have two issues: - I can ping internet from my router, but it cuts every 10 seconds or so. If I inspect the traffic, I see that the ISP router is sending neighbor discovery with my router address, and that my router does not respond. So on my wan interface I see tons of neighbor advertisement from the ISP router at x00::1 with flags router/solicited/override set, I also see neighbor solicitation from the ISP router to my router. There is also neighbor solicitation from my router to the ISP router, but what I don't see is the neighbord advertisement from my router TO the ISP router. So I guess the ISP router is removing the NDP entry of my router after some times, and put it back when it sees the neighbor solicitation again. How can I make so that my openbsd router will respond to the neighbor solicitation from the ISP router? - The second issue is how do I tell the ISP (cisco) router that I am the router for the /64 in the /56? If I ping from an inside host, the packet gets router into the WAN interface, and I see that the ISP router is doing neighbor solicitation for the source addrress, like this: ping from x01::10:1 to external ip E packet reaches x01::1:1, is routed by the openbsd router, and is visible on wan ISP router sees the packet on the WAN inteface and sends a neighbor solicitation for x01::1:1 which is not answered because x01::1:1 is on another subnet behind the openbsd router. Any idea for those two issues? -- Nicolas Goy Engineer & Developer https://www.kuon.ch https://www.goyman.com
Re: necessity to specify CVSROOT each time cvs is run?
On 2022-07-28, rsyk...@disroot.org wrote: > Dear list, > > > I have a ports tree. (Most probably first obtained > by downloading a .tar file.) I am able to update it > with, e.g., > > ; CVSROOT=anon...@ftp.hostserver.de:/cvs > ; cvs -d $CVSROOT -q up -Pd -rOPENBSD_7_1 > > After that I thought -- based on what I read at > https://www.openbsd.org/anoncvs.html#CVSROOT > -- that running just > > ; cvs -q up -Pd -rOPENBSD_7_1 > > should work, but it does not: > > cvs update: in directory .: > cvs update: ignoring CVS/Root because it specifies a non-existent repository > /cvs > cvs update: No CVSROOT specified! Please use the `-d' option > cvs [update aborted]: or set the CVSROOT environment variable. > > Thanks for comments. Either use -d, or set CVSROOT, or replace CVS/Root files with ones containing the path to the repo (cvschroot from the cvsutils package makes this easy). If your original checkout had been done via anoncvs you wouldn't have needed to do this. (Also ports.tar.gz misses some files - run "cvs up -Pd" across the whole tree to fetch them). -- Please keep replies on the mailing list.
Re: necessity to specify CVSROOT each time cvs is run?
On Thu, Jul 28, 2022 at 09:26:40AM +0200, rsyk...@disroot.org wrote: > Dear list, > > > I have a ports tree. (Most probably first obtained > by downloading a .tar file.) I am able to update it > with, e.g., > > ; CVSROOT=anon...@ftp.hostserver.de:/cvs > ; cvs -d $CVSROOT -q up -Pd -rOPENBSD_7_1 > > After that I thought -- based on what I read at > https://www.openbsd.org/anoncvs.html#CVSROOT > -- that running just > > ; cvs -q up -Pd -rOPENBSD_7_1 > > should work, but it does not: > > cvs update: in directory .: > cvs update: ignoring CVS/Root because it specifies a non-existent repository > /cvs looking at the line above, it looks like cvs is unhappy with whatever you have in your CVS/Root file. you can set things like this per user in your ~/.cvsrc file. jmc > cvs update: No CVSROOT specified! Please use the `-d' option > cvs [update aborted]: or set the CVSROOT environment variable. > > Thanks for comments. > > > Best regards, > Ruda >