Re: configure rad for ULA addresses
On 2024-03-24 23:33 +01, Evan Sherwood wrote: > I'm not sure how to configure rad (or if rad is the right program) to > help have my devices autoconfigured ULA addresses in a given prefix > (generated from https://www.unique-local-ipv6.com). > > I am debugging a new ISP and need to switch between two ISPs without > disrupting communication between my network devices. I didn't see > anything in rad.conf(5) that would help, other than setting a prefix > option in my interface configuration. > > I tried > > interface igc1 { > prefix fdbf:e79a:8e3e::/48 lesser operating systems will refuse to form autoconf addresses if the prefix length is not 64. > } > > ... and restarted rad but devices that connect don't seem to get > addresses in that prefix. > > Would appreciate any help and guidance I could get. Thanks! > -- In my defence, I have been left unsupervised.
securelevel=2 and mount hardening
I am curious to hear peoples thoughts on adding some mount(2) hardening when the system is running at securelevel 2. Specifically: * do not allow removing MT_NODEV, MT_NOEXEC, MT_NOSUID, or MT_RDONLY in conjunction with MNT_UPDATE * do not allow MNT_WXALLOWED in conjunction with MNT_UPDATE Currently, if someone does manage to get a root toehold on a host, they can remove noexec from /tmp as a possible springboard to upload nasties, and then change /usr from read-only to read-write and scribble all over your binaries. This somewhat follows from how securelevel 1 removes the ability to muck with the immutable and append only bits on files. --lyndon
configure rad for ULA addresses
I'm not sure how to configure rad (or if rad is the right program) to help have my devices autoconfigured ULA addresses in a given prefix (generated from https://www.unique-local-ipv6.com). I am debugging a new ISP and need to switch between two ISPs without disrupting communication between my network devices. I didn't see anything in rad.conf(5) that would help, other than setting a prefix option in my interface configuration. I tried interface igc1 { prefix fdbf:e79a:8e3e::/48 } ... and restarted rad but devices that connect don't seem to get addresses in that prefix. Would appreciate any help and guidance I could get. Thanks!
Re: CLI program to download OpenBSD ISO images
On Sun, Mar 24, 2024 at 05:32:20PM -0300, Alceu Rodrigues de Freitas Junior wrote: > > Is there any CLI program for OpenBSD that implements the steps described at > https://www.openbsd.org/faq/faq4.html#Download to download and check the ISO > images? > > I wasn't able to find anything relevant after a quick check on DuckDuckGo. > > I implemented a simple Perl script that implements those steps, but is > basically forking wget and signify to really get the job done. ftp(1) is in base and can do the fetching for you. sha256(1) and signify(1), both in base, will do the integrity checking. If you *want* to have a script that wraps both actions into one, that's fine. But I would have wanted to make life easier by sticking to the tools that are available in a default install. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
CLI program to download OpenBSD ISO images
Greetings, Is there any CLI program for OpenBSD that implements the steps described at https://www.openbsd.org/faq/faq4.html#Download to download and check the ISO images? I wasn't able to find anything relevant after a quick check on DuckDuckGo. I implemented a simple Perl script that implements those steps, but is basically forking wget and signify to really get the job done. Also, the script is not generic enough, since it generates a directory tree that might no be what general users might want. The script is available at https://github.com/glasswalk3r/cpan-openbsd-smoker/blob/master/vagrant/get-iso.pl Would be interested for the community to have a more generic implementation and pack it as a OpenBSD package? It would be great to get some feedback even before starting. Thanks!
Re: Firefox hangs after sleep
I reinstalled OpenBSD on the laptop experiencing this problem (for various reasons) and the Firefox problem went away.(!) Dave David J. Raymond david.raym...@nmt.edu http://kestrel.nmt.edu/~raymond On Thu, Mar 21, 2024 at 2:36 AM Stefan Sperling wrote: > On Thu, Mar 21, 2024 at 02:29:14AM -0600, Raymond, David wrote: > > At some point (I can't put my finger on exactly when this started), an > > existing firefox instance hangs after my laptop is put to sleep and then > > wakes from sleep. Websites in existing tabs still work, but searching > for > > another webpage in an existing tab or opening a new tab is when the hang > > occurs. Killing and restarting firefox eliminates the problem until the > > next sleep. > > Alternatively, wait for a long time and the problem will resolve itself, > i.e. the stuck tabs will suddenly start working again. > > I believe it's a known issue, but nobody has invested time digging into it. > > It's probably DNS... >
Re: porting OpenBSD to Ox64
On 3/24/24 14:09, Slava Voronzoff wrote: On Fri, 22 Mar 2024 04:28:15 +0100 "Peter J. Philipp" wrote: No I didn't try a newer OBSD, I will soon though. :-) And no I didn't change anything in the DTB. While this is an EXTREMELY dirty attempt to add it can you try somehow this patch for OpenBS-current kernel? OR try to decompile dtb, edit dts file to change "bflb,bl808-uart" to something supported generic like ns16550a, recompile it back to dtb and load from OpenBSD's boot loader Index: sys/dev/fdt/com_fdt.c === RCS file: /cvs/src/sys/dev/fdt/com_fdt.c,v retrieving revision 1.9 diff -u -p -r1.9 com_fdt.c --- sys/dev/fdt/com_fdt.c 31 Jan 2024 01:01:10 - 1.9 +++ sys/dev/fdt/com_fdt.c 24 Mar 2024 13:04:37 - @@ -59,7 +59,8 @@ com_fdt_init_cons(void) (node = fdt_find_cons("ns16550a")) == NULL && (node = fdt_find_cons("snps,dw-apb-uart")) == NULL && (node = fdt_find_cons("ti,omap3-uart")) == NULL && - (node = fdt_find_cons("ti,omap4-uart")) == NULL) + (node = fdt_find_cons("ti,omap4-uart")) == NULL && + (node = fdt_find_cons("bflb,bl808-uart")) == NULL) return; if (fdt_get_reg(node, 0, ®)) return; @@ -101,7 +102,8 @@ com_fdt_match(struct device *parent, voi OF_is_compatible(faa->fa_node, "ns16550a") || OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") || OF_is_compatible(faa->fa_node, "ti,omap3-uart") || - OF_is_compatible(faa->fa_node, "ti,omap4-uart")); + OF_is_compatible(faa->fa_node, "ti,omap4-uart") || + OF_is_compatible(faa->fa_node, "bflb,bl808-uart")); } void Hi, I don't know if it's so simple... but I just finished a bflbuart.c driver. It is based on the sfuart.c driver and I used the linux sources, and the bl808 reference manual to guide me. https://github.com/pbug44/openbsd-src/commit/996f961786d17399d68ef8aef547a10ef22ca82b However I noticed that there is no PLIC/INTR activity. Does anyone know if this is due to no clock driver? If so that's my next thing to do unless someone beats me to it. I have another question. I added the bflbuart to the files.riscv64 and the Makefile doesn't update in /sys/arch/riscv64/compile/RAMDISK/obj/Makefile.. I don't know what I have to do it..for now I manually updated this file. Please excuse for the weird formatting. I'm still on thunderbird on OpenBSD and I'm not fully comfy with it. Best Regards, -pjp -- Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: Request for a check 'relinking in progress' before a reboot
Thanks for the reply, I will give it a try. I'm still with the /etc/bsd.re-config without effect.. Stuart Henderson : >> Eg. actually I was testing changes to my /etc/bsd.re-config ( as per >> different thread ), it needs two reboots to apply changes.. > > Run /usr/libexec/reorder_kernel after your edit. -Dan
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024/03/24 20:12, Sadeep Madurange wrote: > On 2024-03-24 10:51:51, Stuart Henderson wrote: > > On 2024-03-24, Sadeep Madurange wrote: > > > On 2024-03-24 09:43:07, Stuart Henderson wrote: > > >> Any particular reason to not just run esptool on OpenBSD? It's in > > >> packages.. > > > > > > Unfortunately, the esptool in the packages is for programming ESPs > > > using the Arduino platform. My existing projects for these chips are > > > written in plain C with their native toolchain. Also, I prefer to > > > continue using C if possible. > > > > There are some versions in arduino-related packages, but I was > > thinking of the normal one: > > > > $ pkglocate bin/esptool > > py3-esptool-4.6.2:devel/py-esptool,python3:/usr/local/bin/esptool.py > > esptool is for flashing programs to ESPs. To build them we need the > ESP-IDF, which bootstraps the compiler toolchain, freeRTOS, network > stack, etc., So, the esptool.py alone isn't enough. > > A version of the toolchain is also in the ports tree, but it's more for > Arduino environment. The version is too old to compile the SDK version I > need. I'm trying to build ESP-IDF on OpenBSD, but I haven't managed to > get it working yet. But you already have the build toolchain running in the VM, right? IIUC the part you are having trouble with running in the VM is esptool, not the build toolchain. So, build in the VM, flash from esptool in the host OS. With a bit of NFS or sshfs or something to share the files, and running esptool over ssh (maybe write a dummy esptool script in the guest to ssh and run from the host) it could be pretty well integrated.
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024-03-24 10:51:51, Stuart Henderson wrote: > On 2024-03-24, Sadeep Madurange wrote: > > On 2024-03-24 09:43:07, Stuart Henderson wrote: > >> Any particular reason to not just run esptool on OpenBSD? It's in > >> packages.. > > > > Unfortunately, the esptool in the packages is for programming ESPs > > using the Arduino platform. My existing projects for these chips are > > written in plain C with their native toolchain. Also, I prefer to > > continue using C if possible. > > There are some versions in arduino-related packages, but I was > thinking of the normal one: > > $ pkglocate bin/esptool > py3-esptool-4.6.2:devel/py-esptool,python3:/usr/local/bin/esptool.py esptool is for flashing programs to ESPs. To build them we need the ESP-IDF, which bootstraps the compiler toolchain, freeRTOS, network stack, etc., So, the esptool.py alone isn't enough. A version of the toolchain is also in the ports tree, but it's more for Arduino environment. The version is too old to compile the SDK version I need. I'm trying to build ESP-IDF on OpenBSD, but I haven't managed to get it working yet. -- Sadeep Madurange PGP: 103BF9E3E750BF7E
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024-03-24, Sadeep Madurange wrote: > On 2024-03-24 09:43:07, Stuart Henderson wrote: >> On 2024-03-17, Sadeep Madurange wrote: >> > I set up a Linux VM on OpenBSD hoping to flash ESP32 programs from >> > the Linux VM. However when I plug the MCU in, I can't see it in the >> > /dev directory. >> >> Any particular reason to not just run esptool on OpenBSD? It's in >> packages.. > > Unfortunately, the esptool in the packages is for programming ESPs using > the Arduino platform. My existing projects for these chips are written > in plain C with their native toolchain. Also, I prefer to continue using > C if possible. There are some versions in arduino-related packages, but I was thinking of the normal one: $ pkglocate bin/esptool py3-esptool-4.6.2:devel/py-esptool,python3:/usr/local/bin/esptool.py
Re: Camera or mic works on video calls, but not both
On 2024-03-24 10:44:07, Kirill A. Korinsky wrote: > On Sun, 24 Mar 2024 02:45:16 +0100, > Sadeep Madurange wrote: > > > > Then I tried Zoom on firefox (doesn't work with chromium at all). I > > can both see and hear the other party. They can hear me, but can't > > see my video. I see a warning on my end saying that it couldn't > > detect my camera. > > As far as I recall zoom requries WebAssembly to work which is disabled > by default at chromiun. You may enable it by starting chromium with > environment variable ENABLE_WASM=1. > > Keep in mind that you should close all it's processes, and not just > run command like `env ENABLE_WASM=1 chromium` because it uses IPC to > open a new window / frame from current process, if it exists. Setting ENABLE_WASM=1 fixed the issue for both zoom and teams! Thank you very much! -- Sadeep Madurange PGP: 103BF9E3E750BF7E
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024-03-24 09:43:07, Stuart Henderson wrote: > On 2024-03-17, Sadeep Madurange wrote: > > I set up a Linux VM on OpenBSD hoping to flash ESP32 programs from > > the Linux VM. However when I plug the MCU in, I can't see it in the > > /dev directory. > > Any particular reason to not just run esptool on OpenBSD? It's in > packages.. Unfortunately, the esptool in the packages is for programming ESPs using the Arduino platform. My existing projects for these chips are written in plain C with their native toolchain. Also, I prefer to continue using C if possible. -- Sadeep Madurange PGP: 103BF9E3E750BF7E
Re: Request for a check 'relinking in progress' before a reboot
On 2024-03-23, Dan wrote: > Eg. actually I was testing changes to my /etc/bsd.re-config ( as per > different thread ), it needs two reboots to apply changes.. Run /usr/libexec/reorder_kernel after your edit.
Re: Request for a check 'relinking in progress' before a reboot
On 2024-03-23, Florian Obser wrote: > > diff --git libexec/reorder_kernel/reorder_kernel.sh > libexec/reorder_kernel/reorder_kernel.sh > index fb1d151f42a..809d1e18e55 100644 > --- libexec/reorder_kernel/reorder_kernel.sh > +++ libexec/reorder_kernel/reorder_kernel.sh > @@ -30,6 +30,14 @@ SHA256=/var/db/kernel.SHA256 > # Silently skip if on a NFS mounted filesystem. > df -t nonfs $KERNEL_DIR >/dev/null 2>&1 > > +# Silently skip if battery is less than 50% remaining. > +# We know nothing of the quality of the powergrid and we do not > +# want the relink to fail halfway through because of power outage. > +(( $(/usr/sbin/apm -l) < 50 )) Don't forget upd(4)! Maybe it could also time an md5 -ttt run and demand more available battery if the machine is slow. > +# Disable halt(8) & reboot(8) to prevent interuption of the kernel relink. > +/bin/chmod 000 /sbin/{halt, reboot} Also hw.allowpowerdown=0 and shutdown. And what about the watchdog? > We should also disable panic(9) in the kernel while reorder_kernel is > running. Maybe a sysctl? Disabling panic, that's genius, it would solve so many problems!
Re: Camera or mic works on video calls, but not both
On Sun, 24 Mar 2024 02:45:16 +0100, Sadeep Madurange wrote: > > Then I tried Zoom on firefox (doesn't work with chromium at all). I can > both see and hear the other party. They can hear me, but can't see my > video. I see a warning on my end saying that it couldn't detect my > camera. As far as I recall zoom requries WebAssembly to work which is disabled by default at chromiun. You may enable it by starting chromium with environment variable ENABLE_WASM=1. Keep in mind that you should close all it's processes, and not just run command like `env ENABLE_WASM=1 chromium` because it uses IPC to open a new window / frame from current process, if it exists. -- wbr, Kirill
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024-03-17, Sadeep Madurange wrote: > I set up a Linux VM on OpenBSD hoping to flash ESP32 programs from the > Linux VM. However when I plug the MCU in, I can't see it in the /dev > directory. Any particular reason to not just run esptool on OpenBSD? It's in packages..