Re: DNS resolution when 1st nameserver does not know
Stuart Henderson wrote: > On 2024-02-15, Rudolf Sykora wrote: > > Josh Grosse wrote: > >> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote: > >> > my computer is connected to a LAN, from which it obtains its > >> > IP and also local-DNS-server IP via DHCP. The latter is then > >> > inserted into /etc/resolv.conf by, I believe, resolvd. The > >> > computer is furthermore connected via wireguard VPN to > >> > another network with its own DNS server, serving the local > >> > IPs there. The DNS server in my LAN, of course, does not > >> > know the (non-public) IPs in the remote network. However, as > >> > it comes 1st in /etc/resolv.conf, the nameserver that comes > >> > next (I manually added it to the file) --- and which would > >> > know the answer --- is never asked. I can stop resolvd and > >> > use the DNS server within the VPN for all the traffic. But > >> > I'd still prefer to have most of the work done by the local > >> > DNS server, and only if it doesn't know I would ask the > >> > server in the VPN. Is there anything simple I can do? > >> > >> Take a look at unwind(8) and unwind.conf(5). > > > > > > Ok. Creating /etc/unwind.conf with > > > > forwarder {X.X.X.X} > > > > where X.X.X.X is the IP address of the DNS server within the VPN, > > and turning on unwind with > > > > ;rcctl enable unwind > > ;rcctl start unwind > > > > does do something, in the sense that I get all the symbolic > > names resolved. But can I tell what DNS server was asked for > > the translation? --- so that I can check that it is the > > local nameserver (as obtained from the local DHCP server) > > that gets queried first and only when it does not know the > > answer, unwind asks VPN DNS server (X.X.X.X above) for the > > answer? > > you can't do "fallback if domain doesn't exist in the first resolver", > but you can tell it to always use the forwarder for certain domains. > as well as configuring the forwarder, use something like "preference > autoconf" and "force forwarder {some.domain other.domain}". Thanks. I think force forwarder {vpn.domain} works for me. Ruda
Re: Freshrss configuration httpd.conf and fastcgi
Hi Michael, On Tue, 16 Jan 2024 12:04:02 +0100 Michael Hekeler wrote: > > I'd like to setup Freshrss to work under httpd and FastCGI. > > Freshrss uses Php. > ^^^ > You need to deploy that script with php-fpm NOT via slowcgi(8) > See the file php-XX in /usr/local/share/doc/pkg-readmes/ for doing this > (where XX is your installed version). Yes, I know and have already configured php-fpm for that. I used slowcgi in order to debug the connection. At least, I read from someone on the web doing that. Is slowcgi really to avoid or is it useful for debugging? > > > As per the documentation, only the freshrss/p directory should be > > exposed. > > https://github.com/FreshRSS/FreshRSS#installation > > > > I'd like Freshrss to be access like: > > http://myserver.tld/freshrss > > > > Then you need something like: .. > > server "myserver.tld" { > > listen on * port 80 > > listen on * tls port 443 > > tls { > > certificate "/etc/ssl/myserver.tld.crt" > > key "/etc/ssl/private/myserver.tld.key" > > } > > root "/htdocs" > > location "/freshrss/*" { root "/freshrss/p" } That's what is configured. server "myserver.tld" { listen on * port 80 listen on * tls port 443 tls { certificate "/etc/ssl/myserver.tld.crt" key "/etc/ssl/private/myserver.tld.key" } root "/htdocs" directory {index "index.php" index "index.html"} location "/freshrss/*" { root "/freshrss/p" fastcgi { socket "/run/php-fpm_freshrss.sock" } } } But still get 'Not found' 404 Not Found OpenBSD httpd At htdocs, the httpd server should serve static pages. Php files are only under /freshrss. So, should I place this? directory {index "index.php" index "index.html"} It would make more sense to have a 'directory' per location, not per server, unless I haven't understood this correctly. I've read the man page several times, but I'd also need some examples that are hard to find. In another server (FreeBSD) there was a similar setup running with Lighttpd. But, it's been very difficult to set this up with OpenBSD's httpd. Thank you, Luis > > > But at http://myserver.tld/freshrss/p/i/ it shows a 403 Forbidden > > status. > > Because there is no index.html in /freshrss/p/i/ > > Please read manpages httpd.conf(5) for setting directory index other > than index.html. > > Test your setup with something like curl(1) or nc(1) not in a browser > like chrome or firefox so that you can see the response clearly and no > cache comes in the way. > > And only open your install to the internet when all is set up well. > Also test if access to configfiles is denied. >
Re: Automatic OS updates
On 15 February 2024 19:12:11 CET, b...@fea.st wrote: >So I was curious, am I the only one using automatic OS updates >in cron to keep the fish fresh and the bits dust free? > >I think I read somewhere that it's not recommended but I'm not >running a server so it seems like a good idea to me. > >/etc/crontab: > ># Example of job definition: ># . minute (0 - 59) ># | .- hour (0 - 23) ># | | .-- day of month (1 - 31) ># | | | .--- month (1 - 12) OR jan,feb,mar,apr ... ># | | | | . day of week (0 - 6) (Sunday=0 or 7) OR >sun,mon,tue,wed,thu,fri,sat ># | | | | | ># * * * * * user-name command to be executed > 0 3 * * * root sysupgrade This will stop working at the next release. Assuming you want to run -current. >30 3 * * * root pkg_add -u This will most likely run after package daemons have started. There is an example in upgrade.site(5) how to do this differently. -- Sent from a mobile device. Please excuse poor formatting.
Re: Automatic OS updates
I personally have this running on a desktop PC running OpenBSD 7.4-current since a few releases back. While it's been convenient, it has bitten me in the butt when something broke, since we are talking about -current. I wouldn't recommend this on anything you need in a functional state, but then you wouldn't be running -current unless you are aware of the risks. ;-) On Thu, Feb 15, 2024 at 1:16 PM wrote: > > So I was curious, am I the only one using automatic OS updates > in cron to keep the fish fresh and the bits dust free? > > I think I read somewhere that it's not recommended but I'm not > running a server so it seems like a good idea to me. > > /etc/crontab: > > # Example of job definition: > # . minute (0 - 59) > # | .- hour (0 - 23) > # | | .-- day of month (1 - 31) > # | | | .--- month (1 - 12) OR jan,feb,mar,apr ... > # | | | | . day of week (0 - 6) (Sunday=0 or 7) OR > sun,mon,tue,wed,thu,fri,sat > # | | | | | > # * * * * * user-name command to be executed > 0 3 * * * root sysupgrade > 30 3 * * * root pkg_add -u >
Automatic OS updates
So I was curious, am I the only one using automatic OS updates in cron to keep the fish fresh and the bits dust free? I think I read somewhere that it's not recommended but I'm not running a server so it seems like a good idea to me. /etc/crontab: # Example of job definition: # . minute (0 - 59) # | .- hour (0 - 23) # | | .-- day of month (1 - 31) # | | | .--- month (1 - 12) OR jan,feb,mar,apr ... # | | | | . day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 0 3 * * * root sysupgrade 30 3 * * * root pkg_add -u
Re: How to check Health Information of SMART on an NVME disk?
Am Do., 15. Feb. 2024 um 18:35 Uhr schrieb Mikolaj Kucharski : > > === START OF READ SMART DATA SECTION === > > Current Drive Temperature: 0 C > > Drive Trip Temperature:0 C > > > > Read defect list: asked for grown list but didn't get it > > Error Counter logging not supported > > > > Device does not support Self Test logging The smartmontools wiki declares support for NVME as experimental and says "Currently OpenBSD NVMe driver does not provide NVMe pass-through functionality" https://www.smartmontools.org/wiki/NVMe_Support#SmartmontoolsNVMesupport1 Best Martin
Re: do all headphone amps work?
I haven't used a USB sound card but it looks to me like there's a standard device class for them from the USB IF (like CDC, HID, MSC etc.) so I would expect it to work unless they're doing something strange. If they don't have special drivers that are needed to make it on Windows they probably aren't. --Stephen On Thu, Feb 15, 2024 at 11:35:53AM -, beecdadd...@danwin1210.de wrote: > hi list > I have a question: do all headphones amps work on OpenBSD? I think USB > does it have some sort of driver? what do I look for? > any tips? > does sound sound well on OpenBSD? does it depend on driver/headphones? > I don't want to waste money if they don't work > > thanks best regards >
How to check Health Information of SMART on an NVME disk?
Hi all, I'm running -current OpenBSD 7.4-current (GENERIC.MP) #1626: Thu Jan 25 20:05:01 MST 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP I'm wondering what are the options to monitor NVME wear. When I try to check via smartctl, I get this: > # smartctl -a /dev/sd0c > smartctl 7.4 2023-08-01 r5530 [OpenBSD 7.4 amd64] (local build) > Copyright (C) 2002-23, Bruce Allen, Christian Franke, > www.smartmontools.org > > === START OF INFORMATION SECTION === > Vendor: NVMe > Product: SAMSUNG MZVL22T0 > Revision: AL2Q > Compliance: SPC-4 > User Capacity:2,048,408,248,320 bytes [2.04 TB] > Logical block size: 512 bytes > >> Terminate command early due to bad response to IEC mode page > A mandatory SMART command failed: exiting. To continue, add one or more > '-T permissive' options. However with -T option, it's not really better: > # smartctl -T permissive -a /dev/sd0c > smartctl 7.4 2023-08-01 r5530 [OpenBSD 7.4 amd64] (local build) > Copyright (C) 2002-23, Bruce Allen, Christian Franke, > www.smartmontools.org > > === START OF INFORMATION SECTION === > Vendor: NVMe > Product: SAMSUNG MZVL22T0 > Revision: AL2Q > Compliance: SPC-4 > User Capacity:2,048,408,248,320 bytes [2.04 TB] > Logical block size: 512 bytes > >> Terminate command early due to bad response to IEC mode page > query_cmd_support response too short > > === START OF READ SMART DATA SECTION === > Current Drive Temperature: 0 C > Drive Trip Temperature:0 C > > Read defect list: asked for grown list but didn't get it > Error Counter logging not supported > > Device does not support Self Test logging Any clue what would be the best way to read for example: - Critical Warning - Available Spare - Media and Data Integrity Errors - Error Information Log Entries from Health Information of SMART? OpenBSD 7.4-current (GENERIC.MP) #1626: Thu Jan 25 20:05:01 MST 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34036183040 (32459MB) avail mem = 32983470080 (31455MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x900b (76 entries) bios0: vendor LENOVO version "N32ET75W (1.51 )" date 12/02/2021 bios0: LENOVO 20XWCTO1WW efi0 at bios0: UEFI 2.7 efi0: Lenovo rev 0x1510 acpi0 at bios0: ACPI 6.1 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT TPM2 SSDT ECDT HPET APIC SSDT SSDT SSDT NHLT SSDT SSDT SSDT LPIT WSMT SSDT DBGP DBG2 POAT SSDT BATB MCFG SSDT ASF! BGRT PTDT UEFI FPDT acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEGP(S4) XHCI(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 1920 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz, 2893.33 MHz, 06-8c-01, patch 00b4 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,AVX512IFMA,CLFLUSHOPT,CLWB,PT,AVX512CD,SHA,AVX512BW,AVX512VL,AVX512VBMI,UMIP,PKU,SRBDS_CTRL,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,DOITM,FBSDP_NO,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 20-way L2 cache, 12MB 64b/line 12-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 38MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.1.2.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz, 2893.34 MHz, 06-8c-01, patch 00b4 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,AVX512IFMA,CLFLUSHOPT,CLWB,PT,AVX512CD,SHA,AVX512BW,AVX512VL,AVX512VBMI,UMIP,PKU,SRBDS_CTRL,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,DOITM,FBSDP_NO,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 48KB 64b/line 12-way D-cache, 32KB
Re: CARP and VRRP compliance
Hello Theo, It's disheartening to see the disparity in treatment between entities like OpenBSD and larger corporations within these governance structures. However, your resolve in the face of such challenges is commendable. The creation of CARP, under the circumstances you described, not only serves as a practical solution but also as a principled stand against the monopolization of technology standards. This unwavering commitment is the reason OpenBSD is so deeply respected and cherished. Thank you for your perseverance and for setting an example of integrity in the technology community. This is why we love OpenBSD so much. Kind regards Sam On Wed, Feb 14, 2024 at 7:26 PM Theo de Raadt wrote: > Stuart Henderson wrote: > > > On 2024-02-13, Samuel Jayden wrote: > > > From the information provided in the link, it appears that CARP and > VRRP > > > protocols aren't inherently interoperable. > > > > They are different protocols - they *had* to be different because VRRP > > was subject to patents. And if carp was changed now, it wouldn't be > > interoperable with existing carp installations. > > > > > While Cisco may have attempted to address this by introducing a command > > > like "disable-loop-detection carp" in its Nexus 1000V virtual router > > > product, this solution unfortunately doesn't extend to standard router > > > hardware, rendering it ineffective in many scenarios. > > > > That's not about interop beteeen carp and vrrp speakers, it's about > > using carp (or vrrp or hsrp or similar) on a port attached to the > > 'virtual switch'. See 'Information About Redundant Routing Protocols' on > > > https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/layer_2_switching/configuration/guide/n1000v_l2/n1000v_l2_7redundantroutingprot.html > > > > > Is it feasible to achieve CARP and VRRP interoperability through a > > > user-space application? > > > > No. They are different protocols. For what you want to do, running VRRP > > on the OpenBSD box might make some sense though. There are various > > existing userland implementations of VRRP that might be able to run > > on OpenBSD, probably with some work to port them - e.g. freevrrpd, > > frr-vrrpd, vrrpd. Nothing already in the ports tree (if someone wanted > > to try I'd suggest starting by looking at freevrrpd). > > This was my experience: > > VRRP was the first patent-encumbered protocol squeezed through the IETF > process. > > The backers of that change in process were employees and laywers at a few > major companies, but also tightly integrated into the IETF approval > process. > > When we objected to the VRRP situation, they circled the wagons, not just > to defend the VRRP patent, but to protect a future of patent's being OK in > IETF processes. > > In response, OpenBSD carefully developed a similar mechanism called CARP, > and the acronymn actually expands to "Cisco Asshole Redundancy Protocol", > because the main traitors inside IETF were Cisco employees. > > Then we asked IETF for numbers to make this a unique protocol. Unlike > a recent threads where Tatu asked IETF for port 22 and they just gave it > to him, the various number authorities inside IETF demanded that we follow > the most stringent procedures for CARP. Even to this day, IETF provides > the various prototol numbers to some large corporate industry members > without > forcing them down those stringent procedures. > > As a result, we simply squatted on the VRRP numbers. We gave them plenty > of warning we would be doing this. Over the following years, we heard some > real anger IETF decision makers internally, but none of them re-visited our > request for seperate numbers. We never got numbers. So CARP will stay > where it is. > > One major bug was in VRRP on some HP product was found in the first year. > CARP packets were incorrectly parsed as VRRP packets. I don't remember > the details, but I think it rebooted that HP device, probably a switch. > > Oh well. > >
Re: CARP and VRRP compliance
Greetings, I have now attained a deeper understanding of the topic at hand; thank you for your insights. It appears that my requirements necessitate communication between a Cisco router and VRRP, rather than CARP. Upon reviewing the open-source projects you've recommended, here are my findings: The vrrpd project seems quite distant from being readily compilable. It exhibits a classic Linux developer's perspective, showing no inclination towards ensuring compatibility with operating systems outside the Linux realm. I am still engaged with frr-vrrpd, yet, to my dismay, I haven't managed to compile it thus far. With freevrrpd, I am tantalizingly closer to a resolution. By crafting minor patches, I've successfully compiled it, albeit necessitating the deactivation of netgraph code. Upon conducting a VRRP test between OpenBSD + freevrrpd and a Cisco Router, I observed that both devices persisted in identifying themselves as the master. Monitoring the relevant interface with tcpdump allowed me to perceive packets emanating from the Cisco Router; however, there was a conspicuous absence of VRRP packets from the OpenBSD system. It seems plausible that disabling the netgraph code contributed to this predicament. Should there exist an equivalent to netgraph within OpenBSD, I am eager to explore that avenue. Thanks. Sam On Wed, Feb 14, 2024 at 2:06 PM Stuart Henderson wrote: > On 2024-02-13, Samuel Jayden wrote: > > From the information provided in the link, it appears that CARP and VRRP > > protocols aren't inherently interoperable. > > They are different protocols - they *had* to be different because VRRP > was subject to patents. And if carp was changed now, it wouldn't be > interoperable with existing carp installations. > > > While Cisco may have attempted to address this by introducing a command > > like "disable-loop-detection carp" in its Nexus 1000V virtual router > > product, this solution unfortunately doesn't extend to standard router > > hardware, rendering it ineffective in many scenarios. > > That's not about interop beteeen carp and vrrp speakers, it's about > using carp (or vrrp or hsrp or similar) on a port attached to the > 'virtual switch'. See 'Information About Redundant Routing Protocols' on > > https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/layer_2_switching/configuration/guide/n1000v_l2/n1000v_l2_7redundantroutingprot.html > > > Is it feasible to achieve CARP and VRRP interoperability through a > > user-space application? > > No. They are different protocols. For what you want to do, running VRRP > on the OpenBSD box might make some sense though. There are various > existing userland implementations of VRRP that might be able to run > on OpenBSD, probably with some work to port them - e.g. freevrrpd, > frr-vrrpd, vrrpd. Nothing already in the ports tree (if someone wanted > to try I'd suggest starting by looking at freevrrpd). > > -- > Please keep replies on the mailing list. > >
Re: DNS resolution when 1st nameserver does not know
On 2024-02-15, Rudolf Sykora wrote: > Josh Grosse wrote: >> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote: >> > my computer is connected to a LAN, from which it obtains its >> > IP and also local-DNS-server IP via DHCP. The latter is then >> > inserted into /etc/resolv.conf by, I believe, resolvd. The >> > computer is furthermore connected via wireguard VPN to >> > another network with its own DNS server, serving the local >> > IPs there. The DNS server in my LAN, of course, does not >> > know the (non-public) IPs in the remote network. However, as >> > it comes 1st in /etc/resolv.conf, the nameserver that comes >> > next (I manually added it to the file) --- and which would >> > know the answer --- is never asked. I can stop resolvd and >> > use the DNS server within the VPN for all the traffic. But >> > I'd still prefer to have most of the work done by the local >> > DNS server, and only if it doesn't know I would ask the >> > server in the VPN. Is there anything simple I can do? >> >> Take a look at unwind(8) and unwind.conf(5). > > > Ok. Creating /etc/unwind.conf with > > forwarder {X.X.X.X} > > where X.X.X.X is the IP address of the DNS server within the VPN, > and turning on unwind with > > ;rcctl enable unwind > ;rcctl start unwind > > does do something, in the sense that I get all the symbolic > names resolved. But can I tell what DNS server was asked for > the translation? --- so that I can check that it is the > local nameserver (as obtained from the local DHCP server) > that gets queried first and only when it does not know the > answer, unwind asks VPN DNS server (X.X.X.X above) for the > answer? you can't do "fallback if domain doesn't exist in the first resolver", but you can tell it to always use the forwarder for certain domains. as well as configuring the forwarder, use something like "preference autoconf" and "force forwarder {some.domain other.domain}". -- Please keep replies on the mailing list.
Re: do all headphone amps work?
El Thu, 15 Feb 2024 11:35:53 - beecdadd...@danwin1210.de escribió: > hi list > I have a question: do all headphones amps work on OpenBSD? I think USB > does it have some sort of driver? what do I look for? > any tips? > does sound sound well on OpenBSD? does it depend on driver/headphones? > I don't want to waste money if they don't work > > thanks best regards > I'm using a Behringer U-Phoria UM2 with a Behringer BH-470 headphones and not problem here, work fine. -- * Dios en su cielo, todo bien en la Tierra
Re: How to set up dev environment for ESP32 MCUs?
Hi David, On 2024-02-14 21:43:02, David Demelier wrote: > On Sun, 2024-02-11 at 13:32 +0800, Sadeep Madurange wrote: > > Has anyone set up the ESP-IDF for programming ESP32 MCUs? > > > > Should I install dependencies like libmpc using pkg_add, and then > > install the ESP-IDF from their GitHub or put things together using > > xtensa-esp32-elf/* ports and use CMake without the ESP-IDF? > > OpenBSD ports team did a great job building xtensa-/riscv32- > toolchains in the tree. You can use it as-is to build an image file an > ESP32 MCU, but just like that you'll end up with bare metal code and > have to write lot of things to do basic things, but it's doable. > > Unfortunately the version of these toolchains in the tree are not > compatible with esp-idf 5.1.2, in fact espressif provide toolchains > that are versioned against specific version of their idf environment. > Example: 5.1.2 requires 12.2.0_20230208, you can try building some > code from 5.1.2 with the toolchain in the ports tree, most of the > parts work but some don't. > > Also if you want to use esp-idf, you also have to install various > python packages that are listed in > tools/requirements/requirements.core.txt, some of them are packaged, > some aren't so use pip3 --user if needed. Then setup some environment > variables: > > export IDF_PATH=path/to/esp-idf-repo > export IDF_PYTHON_CHECK_CONSTRAINTS=no > > And add the desired toolchain in your PATH, e.g. /usr/local/xtensa- > esp32s3-elf/bin. > > Finally, you can try to build an example project: > > cmake -S examples/get-started/blink -B build -DPYTHON=python3 - > DIDF_TARGET=esp32s3 -DPYTHON_DEPS_CHECKED=On > > There are some effort to use LLVM/clang at some point, but it's not > ready nor officially supported AFAIK. Officially, the only way to get > a compatible mixed version of their toolchains is to use their fork of > crosstool-ng and as I can tell it's near to impossible of using it on > OpenBSD, it uses large number of hardcoded GNUisms. Setting up their Python dependencies was a nightmare, but I got close to building my code using CMake (like you suggested) but, the toolchain available in the ports tree can't compile the latest ESP-IDF components. I tried a few older versions of the ESP-IDF too. None of them worked and going any farther back means I have to make code changes. I might be punching above my weight with the bare metal approach you mentioned. But I will look into it. Thanks for the detailed explanation. -- Sadeep Madurange PGP: 103BF9E3E750BF7E
Re: do all headphone amps work?
hi Beec? my username is supposed to be like BSD addict but that was boring yes I was wondering about specification or whatever if they follow.. I plan to buy expensive combo at least expensive to me and I wouldn't change OS.. and not sure if they would do refund thanks good to know On Thu, February 15, 2024 1:13 pm, Shokara Kou wrote: > Hi Beec, > > > I don't know if they all work, but I'm assuming all DACs and DAC+Amp > combos work if they follow the USB audio specification (which should be > most if not all of them), which is the uaudio(4) driver on OpenBSD. > > > My headphone amp (Monolith Liquid Spark) connects to a cheap USB > audio adapter I already had (C-Media Electronics Inc., USB Audio Device) > and still sounds amazing in OpenBSD with my headphones, or at least I > don't notice any buffer underruns or other audio issues. > > I think you'll only have issues with Bluetooth headphones unless > you can plug them in directly to an audio jack or USB-audio compliant > adapter. > > If you do have an issue, you should still be able to get a refund > and/or try another replacement. > > Regards, > Shokara Kou > >
Re: Improve support of Go
On 2024-02-15, Kirill A Korinsky wrote: > Here my point: it is deprected, but still in use for some large applications > like Docker That is using syscall from golang.org/x/sys/unix, not from go itself. The vendored copy of x/sys/unix in docker-cli in the current ports tree defines EBADMSG for some arch but not others. The newer vendored copy in 25.0.3 defines it for all openbsd archs.
Re: DNS resolution when 1st nameserver does not know
Josh Grosse wrote: > On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote: > > my computer is connected to a LAN, from which it obtains its > > IP and also local-DNS-server IP via DHCP. The latter is then > > inserted into /etc/resolv.conf by, I believe, resolvd. The > > computer is furthermore connected via wireguard VPN to > > another network with its own DNS server, serving the local > > IPs there. The DNS server in my LAN, of course, does not > > know the (non-public) IPs in the remote network. However, as > > it comes 1st in /etc/resolv.conf, the nameserver that comes > > next (I manually added it to the file) --- and which would > > know the answer --- is never asked. I can stop resolvd and > > use the DNS server within the VPN for all the traffic. But > > I'd still prefer to have most of the work done by the local > > DNS server, and only if it doesn't know I would ask the > > server in the VPN. Is there anything simple I can do? > > Take a look at unwind(8) and unwind.conf(5). Ok. Creating /etc/unwind.conf with forwarder {X.X.X.X} where X.X.X.X is the IP address of the DNS server within the VPN, and turning on unwind with ;rcctl enable unwind ;rcctl start unwind does do something, in the sense that I get all the symbolic names resolved. But can I tell what DNS server was asked for the translation? --- so that I can check that it is the local nameserver (as obtained from the local DHCP server) that gets queried first and only when it does not know the answer, unwind asks VPN DNS server (X.X.X.X above) for the answer? Thanks. Ruda
Re: Improve support of Go
On Thu, 15 Feb 2024 15:09:01 +0100, Joel Sing wrote: > > The operating system specific parts of the Go syscall package are effectively > deprecated/frozen (and have been for nearly 10 years, hence not being > updated): > > https://pkg.go.dev/syscall > > > https://go.googlesource.com/proposal/+/refs/heads/master/design/freeze-syscall.md > > On the other hand, golang.org/x/sys/unix is maintained and updated > semi-regularly: > > https://pkg.go.dev/golang.org/x/sys/unix > > With the exception of the OpenBSD syscall numbers: > > > https://cs.opensource.google/go/x/sys/+/master:unix/zsysnum_openbsd_amd64.go;l=8 > Anyway, some systems are rebuild qutie often. For example Solaris [1] or FreeBSD [2]. And current state of syscall numbers for OpenBSD misses a lot [3]. Here my point: it is deprected, but still in use for some large applications like Docker, and we have two options here: (1) update it / fix it in Go, (2) patch each application by replacing Syscall.EBADMSG for example [4]. From my point of view move by (1) seems the simpler way which allows to reduce number of hacks / patches in ports. Footnotes: [1] https://github.com/golang/go/commit/ea14b633627f467a2e35eb7f67df6f3ed60469c0 [2] https://go-review.googlesource.com/c/go/+/563835 [3] https://github.com/catap/go/commit/c9cb73913d79e490f167ff1c0a651d69c700f02a [4] https://github.com/search?q=repo%3Aopenbsd%2Fports%20EBADMSG=code -- wbr, Kirill
Re: Improve support of Go
On 24-02-13 08:17:20, Theo de Raadt wrote: > Stuart Henderson wrote: > > > On 2024/02/13 07:36, Theo de Raadt wrote: > > > Stuart Henderson wrote: > > > > > > > On 2024-02-13, Kirill A Korinsky wrote: > > > > > Good day, > > > > > > > > > > I'm updating go's syscall table to modern OpenBSD (7.4). > > > > > > > > Save your time. Post-7.4 you cannot call syscall() any more. > > > > > > The result seems to have nothing to do with syscalls. > > > > > > It is the same as the build process for kdump: It is finding cpp > > > definitions > > > most of which are argument flags, but also a few structs in /usr/include, > > > and > > > making them available at some level inside the go ecosystem. So if in go > > > you > > > call a system call via the regular stub API, you may need those flags. > > > you may > > > also need them for some other higher-level function call? go doesn't pull > > > from /usr/include otherwise, does it? > > > > > > > > > > Oh, yes those are still needed then, I'd forgotten they were part of the > > same thing from last time I tried to get them updated ... > > there probably needs to be a formal process to update at least once a year, > or just before a release, and also upstream. The operating system specific parts of the Go syscall package are effectively deprecated/frozen (and have been for nearly 10 years, hence not being updated): https://pkg.go.dev/syscall https://go.googlesource.com/proposal/+/refs/heads/master/design/freeze-syscall.md On the other hand, golang.org/x/sys/unix is maintained and updated semi-regularly: https://pkg.go.dev/golang.org/x/sys/unix With the exception of the OpenBSD syscall numbers: https://cs.opensource.google/go/x/sys/+/master:unix/zsysnum_openbsd_amd64.go;l=8
Re: DNS resolution when 1st nameserver does not know
On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote: > my computer is connected to a LAN, from which it obtains its > IP and also local-DNS-server IP via DHCP. The latter is then > inserted into /etc/resolv.conf by, I believe, resolvd. The > computer is furthermore connected via wireguard VPN to > another network with its own DNS server, serving the local > IPs there. The DNS server in my LAN, of course, does not > know the (non-public) IPs in the remote network. However, as > it comes 1st in /etc/resolv.conf, the nameserver that comes > next (I manually added it to the file) --- and which would > know the answer --- is never asked. I can stop resolvd and > use the DNS server within the VPN for all the traffic. But > I'd still prefer to have most of the work done by the local > DNS server, and only if it doesn't know I would ask the > server in the VPN. Is there anything simple I can do? Take a look at unwind(8) and unwind.conf(5).
DNS resolution when 1st nameserver does not know
Dear list, my computer is connected to a LAN, from which it obtains its IP and also local-DNS-server IP via DHCP. The latter is then inserted into /etc/resolv.conf by, I believe, resolvd. The computer is furthermore connected via wireguard VPN to another network with its own DNS server, serving the local IPs there. The DNS server in my LAN, of course, does not know the (non-public) IPs in the remote network. However, as it comes 1st in /etc/resolv.conf, the nameserver that comes next (I manually added it to the file) --- and which would know the answer --- is never asked. I can stop resolvd and use the DNS server within the VPN for all the traffic. But I'd still prefer to have most of the work done by the local DNS server, and only if it doesn't know I would ask the server in the VPN. Is there anything simple I can do? Thank you for your comments. Best regards, Ruda
Re: httpd generating: read_errdoc entries in syslog
> Hi, > > I have a custom error template that I use for the error documents for > httpd, as described in: man httpd.conf > > In /var/www I have created: > > /err root:daemon chmod 0755 > > Within /var/www/err I have created: > > err.html www:www chmod 0444 > > In my httpd.conf I have a global configuration that points to this: > > /etc/httpd.conf > . . . > errdocs "/err" > > When I cause an error with httpd, the error document template I have > created gets rendered to the client, but I get entries in syslog like > the following: > > serv1 httpd[23368]: read_errdoc: open: No such file or directory > If you have err.html mand trigger a 404 status then httpd: (1) tries to serve 404.html -> this causes the above log entry an then (2): try to serve err.html -> this is fine if you rename err.html to 404.html then httpd serves 404.html in step 1 Are you sure you caused 404? Maybe you caused any other status code in your tests?
do all headphone amps work?
hi list I have a question: do all headphones amps work on OpenBSD? I think USB does it have some sort of driver? what do I look for? any tips? does sound sound well on OpenBSD? does it depend on driver/headphones? I don't want to waste money if they don't work thanks best regards
Re: KeyTrap DNS vulnerability
On Wed, February 14, 2024 4:44 am, Peter J. Philipp wrote: > ... > > * I'm not a cryptographer, mathematician nor do I program DNS on the > recursive end. I program on the authoritative server end, where you can't > do anything about something like a MITM anyhow. Donald Knuth and other > books using algorithmic approaches may be good reading for this. if you have I2P instead or even Tor (hidden services only, not clearweb) you don't need broken DNS
Re: Installing shellinabox on OpenBSD
> Use a UBS drive and run it from that... > > You don't need to install it on the window machine. > > Anyway in 2024 still not have a decent native ssh client on Window say how > interested Microsoft are in making a secure OS really... Microsoft has builtin OpenSSH since 2018 No need for putty or powershell or whatever Just open cmd: Microsoft Windows [Version 10.0.19045.4046] (c) Microsoft Corporation. Alle Rechte vorbehalten. U:\>ssh -V OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
Re: relayd fallback when using tag/tagged
> Hello, > > I'm trying to configure relayd(8) to use tags, to allow legit host names > only and modify HTTP headers, and fallback. But I can't have it working > properly. I don't understand exactly what you want to achieve. Do you want: A. Requests with http header "www.example" going to primary. And going to fallback if primary is down. And block all other requests. or: B. Request with http header "www.example" going to primary. And all other going to fallback. And block nothing (=all requests are served either by primary or by fallback) If A) then put both servers in the table and let HCE decide which host is up. Something like that (header check ignored in example): table {192.0.2.4 192.0.2.7} redirect www { listen on 192.0.2.30 port 80 forward to check http “/” code 200 } If B) then you need an an additional pass rule in your protocol. Something like that (to be honest I don't know why you need the tag here so I ignored that in that example): http protocol www { pass request quick header "Host" value "www.example" \ forward to pass request forward to block } > > Using such a configuration: > #-8<--- > table { 192.0.2.4 } > table { 192.0.2.7} > http protocol www { > block > match request header "Host" value "www.example" tag "example" > pass request tagged "example" forward to > } > relay www { > listen on 192.0.2.30 port 80 > protocol www > forward to port 80 check http "/" code 200 > forward to port 80 > } > #-8<--- > forwards all tagged HTTP traffic to the primary server. But if it is turned > off, relayd(8) only replies with error rather than sending the traffic to > the fallback server. > > Removing tags and using a simple "pass" directive in protocol (as described > in the man page) does work as expected regarding the fallback server. > > Is there a way to use both tags and fallback with relayd(8) to mimic > Apache's Failover[1] configuration with "ProxyPass" and "BalancerMember > (...) status=+H" ? > > Thank you, > Joel C. > > [1] https://httpd.apache.org/docs/trunk/howto/reverse_proxy.html#failover >