Re: sysupgrade fails firmware fetch

[Theo de Raadt]

Kirill A. Korinsky  wrote:

> On Sat, 17 Feb 2024 22:27:52 +0100,
> Sonic wrote:
> > 
> > Seems it's looking for a 7.5 directory (-current apparently just moved
> > to 7.5-beta) instead of the snapshot directory.
> > 
> 
> And using snapshot directory fails because wrong signature:
> 
>   ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots 
>   fw_update: failed.
>   signify: verification failed: checked against wrong key
>   Signature check of SHA256.sig failed
>   ~ $ 

The heuristic in fw_update is weak.  Every 6 months there is a chance
for someone to dig in and see if there is a better heuristic.

But be careful.  If the other side of the heuristic is broken for the
real release cycle it will be very uncomfortable.

Re: sysupgrade fails firmware fetch

[Kirill A . Korinsky]

On Sat, 17 Feb 2024 22:27:52 +0100,
Sonic wrote:
> 
> Seems it's looking for a 7.5 directory (-current apparently just moved
> to 7.5-beta) instead of the snapshot directory.
> 

And using snapshot directory fails because wrong signature:

  ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots 
  fw_update: failed.
  signify: verification failed: checked against wrong key
  Signature check of SHA256.sig failed
  ~ $ 

-- 
wbr, Kirill

Re: SoGo for OpenBSD?

[Sebastian Reitenbach]

On Saturday, February 17, 2024 11:03 CET, Mark  
wrote:

> Hi again everyone, Thanks for all your replies.
> 
> I'm aware that I could install with "pkg_add sogo", I tried many times.
> 
> My issue is its configuration.
> 
> My mail server setup consists of; Postfix, Dovecot, Postfixadmin and Nginx.
> 
> I'm looking for a way to integrate SOGo (only for its webmail interface,
> nothing more) into my mailserver.
> 
> There is no sogo.conf at all. And I'd like to use that way, instead of
> GNUStep commands.

SOGo depends on SOPE, that has two subpackages for PostgreSQL and MySQL/MariaDB.
If you want to use MariaDB as backend, you have to install the sope-mysql
subpackage, as mentioned in the SOGo README.

As also mentioned in the README, you can use the GNUstep defaults tool 
su  - _sogo
$ defaults write sogod WOPort 127.0.0.1:2
$ defaults write sogod WOWorkersCount 4
...
$ defaults read
sogod WOWorkersCount 4
sogod WOPort 127.0.0.1:2
...

If you insist on the config file,
you should be able to take the sogo.conf example file from:  
https://github.com/Alinto/sogo/blob/master/Scripts/sogo.conf
as a start, and place it in /etc/sogo/sogo.conf 

When I remember at the next update, I'll include to install it,
otherwise if someone provides patches before that time,
send them to me directly.

Sebastian

> 
> @Sebastian, is it possible to set SOGo to use /etc/sogo.conf as
> configuration file?
> 
> @Odhiambo, thank you very much for the links, the buff0k.co.za one seems to
> be helpful, even though it's for Debian.
> 
> Regards,
> 
> Mark
> 
> 
> Odhiambo Washington , 17 Şub 2024 Cmt, 11:55 tarihinde
> şunu yazdı:
> 
> >
> >
> > On Fri, Feb 16, 2024 at 4:08 PM Mark  wrote:
> >
> >> Greetings.
> >>
> >> Is there any hero here, to explain/forward me a working tutorial (never
> >> found one) for installation of SoGo (for its webmail) on an OpenBSD mail
> >> server?
> >>
> >
> > Hi Mark,
> >
> > I am new to OpenBSD, but I have used SOGo for several years on Linux and
> > FreeBSD.
> > SOGo will be the webUI for your emails and calendar once it's running.
> > For the installation, you already have the 'doas pkg_add sogo'. You will
> > then configure it.
> > There are two ways to configure it, but I find it easiest to just craft a
> > configuration file in /etc/sogo/sogo.conf.
> > I am not sure where OpenBSD puts it, but the path above is where Linux
> > puts it. FreeBSD OTOH uses
> > /usr/local/etc/sogo/sogo.conf.
> > The backend in my case is MariaDB, with Exim (MTA) and Dovecot as the
> > IMAP4 server.
> > Here is a detailed  tutorial for getting SOGo glued together with other
> > applications to create a Groupware server:
> > ```
> > https://www.buff0k.co.za/tutorial/debian-11-groupware-lemp
> > ```
> > The complete documentation for SOGo is at:
> > ```
> >
> > https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#_creating_a_user_account
> > ```
> > In case you get stuck with something specific to SOGo, then there's an ML
> > for it where the Devs are also present:
> > ```
> > https://www.sogo.nu/support.html
> > ```
> >
> > I will be available to help where I can.
> >
> >
> > --
> > Best regards,
> > Odhiambo WASHINGTON,
> > Nairobi,KE
> > +254 7 3200 0004/+254 7 2274 3223
> >  In an Internet failure case, the #1 suspect is a constant: DNS.
> > "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> > [How to ask smart questions:
> > http://www.catb.org/~esr/faqs/smart-questions.html]
> >

sysupgrade fails firmware fetch

[Sonic]

Today "sysupgrade -s" failed to fetch updated firmware:
=
Verifying sets.
Fetching updated firmware.
fw_update: failed.
Cannot fetch http://firmware.openbsd.org/firmware/7.5//SHA256.sig (404
Not Found)
Upgrading.
=

Seems it's looking for a 7.5 directory (-current apparently just moved
to 7.5-beta) instead of the snapshot directory.

Re: No dhcp renewal of IP

[Kenneth Gober]

On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes  wrote:

> The interface ure0 is the gateway to the Internet, connected to the ISP.
>
> Somehow, when this interface loses the IP, the lease is not renewed.
>

This is the rule I would use in my pf.conf to allow my router to send DHCP
requests to my ISP:

pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any
port bootps

I need this because I block all inbound *and* outbound traffic on my router
by default.
Without seeing your PF configuration it's unclear whether this rule would
help you and
I do not recommend you ever copy/paste settings on your router that you
don't understand.
But if you do understand what this rule does and can guess why you need it,
feel free to try it.

-ken

Re: No dhcp renewal of IP

[Odd Martin Baanrud]

Hello Luis,

Do you have pf enabled on the router, and block all incomming traffic by 
default?
If so, you need to permit the dhcp server to give response to your client, with 
a rule like this:
pass in quick on ure0 inet proto udp from port 67 to port 68

Regards, Martin

No dhcp renewal of IP

[Luis Mendes]

Hi,


The interface ure0 is the gateway to the Internet, connected to the ISP.

-
$ cat hostname.ure0 
inet autoconf
-

Somehow, when this interface loses the IP, the lease is not renewed.

-
# rcctl get dhcpd
dhcpd_class=daemon
dhcpd_execdir=
dhcpd_flags=em0
dhcpd_logger=
dhcpd_rtable=0
dhcpd_timeout=30
dhcpd_user=root

-
$ cat dhcpd.conf 
option  domain-name "home.lan";
option  domain-name-servers 192.168.1.253;
max-lease-time 4800;
default-lease-time 1200;

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.253;

range 192.168.1.100 192.168.1.200;

host c1 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.7;
}
host c2 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.12;
option  domain-name-servers 192.168.1.253;
}
host c3 {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.20;

}
}
-

The file /var/log/daemon show many 'sendto: Permission denied' for
dhcpleased

-
Feb 17 05:19:32 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:29:43 comp1 last message repeated 9 times
Feb 17 05:34:12 comp1 last message repeated 5 times
Feb 17 05:34:45 comp1 dhcpleased[11074]: sendto: Permission denied
Feb 17 05:34:45 comp1 dhcpleased[11074]: bpf_send_packet: writev:
Network is down Feb 17 05:35:32 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:36:36 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:38:40 comp1 last message repeated 2 times
Feb 17 05:45:23 comp1 last message repeated 9 times
Feb 17 05:46:00 comp1 dhcpleased[11074]: sendto: Permission denied
Feb 17 05:46:00 comp1 dhcpleased[11074]: bpf_send_packet: writev:
Network is down Feb 17 05:46:54 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:47:21 comp1 ntpd[59884]: DNS lookup tempfail
Feb 17 05:48:31 comp1 last message repeated 2 times
Feb 17 05:51:11 comp1 last message repeated 2 times
Feb 17 05:51:37 comp1 dhcpleased[11074]: sendto: Permission denied
Feb 17 05:51:37 comp1 dhcpleased[11074]: bpf_send_packet: writev:
Network is down Feb 17 05:51:42 lenovo ntpd[59884]: DNS lookup tempfail
-

# dhcpleasectl ure0
.
ure0 [Bound]
inet 8.x.x.x netmask 255.255.255.0
default gateway 8.x.x.1
nameservers 100.x.x.x 100.x.x.z
lease 60 minutes
dhcp server 15.x.x.x

-

# rcctl ls failed
shows nothing
-
# rcctl ls stopped | grep dh
dhcrelay
dhcrelay6
-

I must be missing some configuration, but can't find out what.
I've searched the web and it seems that I could add a '!dhclient' line
to file /etc/hostname.ure0, but it's not the default way of doing this.

What is wrong?

Thanks,


Luis Mendes

Re: Out of memory error when build OpenBSD Base/LLVM

[Kenneth Gober]

On Sat, Feb 17, 2024 at 10:07 AM Shivam Gupta 
wrote:

> I recently installed OpenBSD OS on my ASUS laptop quad core pentium with 4
> GB RAM and 1 TB HDD.
>
> I was following the guide to build the system from source. But in `make
> build` step it gets a memory error when building LLVM.
>

I have built OpenBSD 7.4/i386 on a VM with 512MB RAM, and 7.4/amd64 on a
VM with 1GB RAM, so 4GB ought to be plenty.  Both VMs were configured with
two CPU cores.

Maybe the build process is trying to do too many things at once, and your
slow
CPUs are exposing race conditions not normally seen? Try booting bsd.sp and
see if the build completes using only one CPU.

-ken

Out of memory error when build OpenBSD Base/LLVM

[Shivam Gupta]

Hi All,

I recently installed OpenBSD OS on my ASUS laptop quad core pentium with 4
GB RAM and 1 TB HDD.

I was following the guide to build the system from source. But in `make
build` step it gets a memory error when building LLVM. I tried other ways
like make -j1 changing some build configuration in llvm's CMakelists.txt
but nothing works.

So I am seeking help if anything could be done here to complete the make
build on this ASUS laptop.

I do have another better ASUS TUF F15 laptop but there is some issue in the
installation, kernel panic after I login in fresh install. So I am trying
on this old laptop.

Thanks,
Shivam

Re: Automatic OS updates

[bsd]

On Fri, Feb 16, 2024, at 17:09, Jan Stary wrote:
> And this saves you what, ten keystrokes a day?

Yes, it felt silly typing the same things every day and waiting for
the computer to update.

(If an update takes 4 minutes per day to babysit, that's about 
2 hours per month)

On Fri, Feb 16, 2024, at 21:10, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> Blind updating out of cron is utter madness.  If there are any merge
> errors in /etc (think sshd_config for starters), you can end up
> with a machine you cannot log in to, or that's just acting out
> destructively.

Yeah!  But you guys are sysadmins, I'm basically a 'gamer', I mostly
use my OpenBSD computer for an online game.

Thus an upgrade problem mostly risks me being late for a 'war',
which is not the end of the world.

SSH not coming back up is a non-issue, I have screen and keyboard
connected.  (I'll probably turn off auto-updates when traveling tho
as remote access is nice although non-essential.)

I also have a second computer I can boot up if this one doesn't work.

Re: Automatic OS updates

[bsd]

On Thu, Feb 15, 2024, at 21:52, Florian Obser wrote:
> >  0  3  *  *  * root  sysupgrade 
> 
> This will stop working at the next release. Assuming you want to run -current.

Thanks, changed to 'sysupgrade -s'.

> >30  3  *  *  * root  pkg_add -u
> 
> This will most likely run after package daemons have started. There is an 
> example in upgrade.site(5) how to do this differently.

Thanks, very helpful, now using /upgrade.site to update packages
after sysupgrades.

Re: SoGo for OpenBSD?

[Odhiambo Washington]

On Sat, Feb 17, 2024 at 2:56 PM Mark  wrote:

> Thanks Odhiambo,
>
> As I said, I already have a mail server setup, it's ready and working
> correctly. I only want to integrate SOGo into that mail server.
>
> My mail server is running: Dovecot, Postfix, Postfixadmin (domains and
> users stored in MariaDB).
>

TBH, I am not sure how to configure sogod in OpenBSD. I am used to a
sogo.conf placed in /etc/sogo/sogo.conf or /usr/local/etc/sogo/sogo.conf
Hoping the port maintainer can tell us where such a file needs to go, then
the rest is pretty easy to deal with.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: SoGo for OpenBSD?

[Mark]

Thanks Odhiambo,

As I said, I already have a mail server setup, it's ready and working
correctly. I only want to integrate SOGo into that mail server.

My mail server is running: Dovecot, Postfix, Postfixadmin (domains and
users stored in MariaDB).

That's all.


Odhiambo Washington , 17 Şub 2024 Cmt, 14:53 tarihinde
şunu yazdı:

>
>
> On Sat, Feb 17, 2024 at 1:06 PM Mark  wrote:
>
>> Hi again everyone, Thanks for all your replies.
>>
>> I'm aware that I could install with "pkg_add sogo", I tried many times.
>>
>> My issue is its configuration.
>>
>> My mail server setup consists of; Postfix, Dovecot, Postfixadmin and
>> Nginx.
>>
>> I'm looking for a way to integrate SOGo (only for its webmail interface,
>> nothing more) into my mailserver.
>>
>> There is no sogo.conf at all. And I'd like to use that way, instead of
>> GNUStep commands.
>>
>> @Sebastian, is it possible to set SOGo to use /etc/sogo.conf as
>> configuration file?
>>
>> @Odhiambo, thank you very much for the links, the buff0k.co.za one seems
>> to
>> be helpful, even though it's for Debian.
>>
>
> Hi Mark,
>
> I knew that the buff0k.co.za was Debian. However, the only difference
> with OpenBSD are the installation commands.
> The configurations are pretty identical as long as you conform with the
> standard paths USDed by OBSD.
> @Sebastian mentioned that the pkg installs a readme
> in /usr/local/share/doc/pkg-readmes/sogo.
>
> I have looked at it too. I installed SOGo on my VM, but one thing that I
> do not understand is how it will be able to interact with mariadb,
> given that I have seen the SOPE component only linked against PostgreSQL
> and not MySQL.
> @Sebastian Reitenbach  could you kindly
> enlighten me on that aspect? How do I have SOPE linked to mysqlclient? Or
> both mysqlclient and libpq?
>
> To install a "Complete Mail Server on OpenBSD" you can also use the guide
> below:
>
> https://docs.vultr.com/an-openbsd-e-mail-server-using-opensmtpd-dovecot-rspamd-and-rainloop
> Here, you can ignore the RainLoop webmail as you will use SOGo.
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>

Re: SoGo for OpenBSD?

[Odhiambo Washington]

On Sat, Feb 17, 2024 at 1:06 PM Mark  wrote:

> Hi again everyone, Thanks for all your replies.
>
> I'm aware that I could install with "pkg_add sogo", I tried many times.
>
> My issue is its configuration.
>
> My mail server setup consists of; Postfix, Dovecot, Postfixadmin and Nginx.
>
> I'm looking for a way to integrate SOGo (only for its webmail interface,
> nothing more) into my mailserver.
>
> There is no sogo.conf at all. And I'd like to use that way, instead of
> GNUStep commands.
>
> @Sebastian, is it possible to set SOGo to use /etc/sogo.conf as
> configuration file?
>
> @Odhiambo, thank you very much for the links, the buff0k.co.za one seems
> to
> be helpful, even though it's for Debian.
>

Hi Mark,

I knew that the buff0k.co.za was Debian. However, the only difference with
OpenBSD are the installation commands.
The configurations are pretty identical as long as you conform with the
standard paths USDed by OBSD.
@Sebastian mentioned that the pkg installs a readme
in /usr/local/share/doc/pkg-readmes/sogo.

I have looked at it too. I installed SOGo on my VM, but one thing that I do
not understand is how it will be able to interact with mariadb,
given that I have seen the SOPE component only linked against PostgreSQL
and not MySQL.
@Sebastian Reitenbach  could you kindly
enlighten me on that aspect? How do I have SOPE linked to mysqlclient? Or
both mysqlclient and libpq?

To install a "Complete Mail Server on OpenBSD" you can also use the guide
below:
https://docs.vultr.com/an-openbsd-e-mail-server-using-opensmtpd-dovecot-rspamd-and-rainloop
Here, you can ignore the RainLoop webmail as you will use SOGo.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: SoGo for OpenBSD?

[Mark]

Hi again everyone, Thanks for all your replies.

I'm aware that I could install with "pkg_add sogo", I tried many times.

My issue is its configuration.

My mail server setup consists of; Postfix, Dovecot, Postfixadmin and Nginx.

I'm looking for a way to integrate SOGo (only for its webmail interface,
nothing more) into my mailserver.

There is no sogo.conf at all. And I'd like to use that way, instead of
GNUStep commands.

@Sebastian, is it possible to set SOGo to use /etc/sogo.conf as
configuration file?

@Odhiambo, thank you very much for the links, the buff0k.co.za one seems to
be helpful, even though it's for Debian.

Regards,

Mark


Odhiambo Washington , 17 Şub 2024 Cmt, 11:55 tarihinde
şunu yazdı:

>
>
> On Fri, Feb 16, 2024 at 4:08 PM Mark  wrote:
>
>> Greetings.
>>
>> Is there any hero here, to explain/forward me a working tutorial (never
>> found one) for installation of SoGo (for its webmail) on an OpenBSD mail
>> server?
>>
>
> Hi Mark,
>
> I am new to OpenBSD, but I have used SOGo for several years on Linux and
> FreeBSD.
> SOGo will be the webUI for your emails and calendar once it's running.
> For the installation, you already have the 'doas pkg_add sogo'. You will
> then configure it.
> There are two ways to configure it, but I find it easiest to just craft a
> configuration file in /etc/sogo/sogo.conf.
> I am not sure where OpenBSD puts it, but the path above is where Linux
> puts it. FreeBSD OTOH uses
> /usr/local/etc/sogo/sogo.conf.
> The backend in my case is MariaDB, with Exim (MTA) and Dovecot as the
> IMAP4 server.
> Here is a detailed  tutorial for getting SOGo glued together with other
> applications to create a Groupware server:
> ```
> https://www.buff0k.co.za/tutorial/debian-11-groupware-lemp
> ```
> The complete documentation for SOGo is at:
> ```
>
> https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#_creating_a_user_account
> ```
> In case you get stuck with something specific to SOGo, then there's an ML
> for it where the Devs are also present:
> ```
> https://www.sogo.nu/support.html
> ```
>
> I will be available to help where I can.
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
>  In an Internet failure case, the #1 suspect is a constant: DNS.
> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>

Re: SoGo for OpenBSD?

[Odhiambo Washington]

On Fri, Feb 16, 2024 at 4:08 PM Mark  wrote:

> Greetings.
>
> Is there any hero here, to explain/forward me a working tutorial (never
> found one) for installation of SoGo (for its webmail) on an OpenBSD mail
> server?
>

Hi Mark,

I am new to OpenBSD, but I have used SOGo for several years on Linux and
FreeBSD.
SOGo will be the webUI for your emails and calendar once it's running.
For the installation, you already have the 'doas pkg_add sogo'. You will
then configure it.
There are two ways to configure it, but I find it easiest to just craft a
configuration file in /etc/sogo/sogo.conf.
I am not sure where OpenBSD puts it, but the path above is where Linux puts
it. FreeBSD OTOH uses
/usr/local/etc/sogo/sogo.conf.
The backend in my case is MariaDB, with Exim (MTA) and Dovecot as the IMAP4
server.
Here is a detailed  tutorial for getting SOGo glued together with other
applications to create a Groupware server:
```
https://www.buff0k.co.za/tutorial/debian-11-groupware-lemp
```
The complete documentation for SOGo is at:
```
https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#_creating_a_user_account
```
In case you get stuck with something specific to SOGo, then there's an ML
for it where the Devs are also present:
```
https://www.sogo.nu/support.html
```

I will be available to help where I can.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]