Re: Jan 20 snapshot
On Sun, Jan 21, 2018 at 09:30:22AM -0700, Base Pr1me wrote: > Anyone else's system hanging randomly after upgrading to yesterday's > snapshot? This isn't a panic that drops to ddb. It's just freezing with no > response to anything. I haven't notice any problems with: kern.version=OpenBSD 6.2-current (GENERIC.MP) #379: Sat Jan 20 14:30:55 MST 2018 Regards, Adam
Re: athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap)
On Wed, Jan 25, 2017 at 07:48:18PM +1000, Martin Pieuchot wrote: > On 25/01/17(Wed) 10:36, Stefan Sperling wrote: > > On Tue, Jan 24, 2017 at 03:10:34PM -0500, mabi wrote: > > > Hi Stefan > > > Thanks for your input. It looks like the g2k16 modifications to the athn > > > code from awolk@ did not make it into the 6.0 release. So there is still > > > hope for 6.1 ;-) > > > > There was a rabbit hole this diff by Adam fell into. I don't know what > > the current status of this is. Adam might know more. > > The diff should go in, it doesn't make things worse. > Changes from g2k16 will not prevent the timeouts but will help by removing the need to manually kick the netstart scripts when the timeout happens. I recall the diff was put on hold as we still found it crashing in some cases, from the undeadly report: --- The fourth one was in the athn driver itself. The interface was half cleaned up (the fields of the ifp data structure were freed but not the interface itself) so when the watchdog tried to access it caused the crash. --- One of the diff from testing had this guard in place: $ cat /home/mulander/athn-watchdog.6.diff Index: if_athn_usb.c === RCS file: /cvs/src/sys/dev/usb/if_athn_usb.c,v retrieving revision 1.42 diff -u -p -r1.42 if_athn_usb.c --- if_athn_usb.c 11 Dec 2015 16:07:02 - 1.42 +++ if_athn_usb.c 4 Sep 2016 18:48:14 - @@ -2098,13 +2098,17 @@ void athn_usb_watchdog(struct ifnet *ifp) { struct athn_softc *sc = ifp->if_softc; + struct ieee80211com *ic = &sc->sc_ic; ifp->if_timer = 0; if (sc->sc_tx_timer > 0) { if (--sc->sc_tx_timer == 0) { printf("%s: device timeout\n", sc->sc_dev.dv_xname); - /* athn_usb_init(ifp); XXX needs a process context! */ + if (ic->ic_bss == NULL) + return; + athn_usb_stop(ifp); + athn_usb_init(ifp); ifp->if_oerrors++; return; } the ic->ic_bss being null doing stop resulted in further crashing. Though it was agreed that adding guards likes that in the watchdog is not wanted in the watchdog handler. The final diff is just a athn_usb_stop/athn_usb_init in the watchdog itself, it got mixed feedback. Don't remember who exactly took which stance but the general opinions were; - it should go in, doesn't make things worse - let's wait for other changes in the stack I decided to wait out and I guess the diff just bit rotted on my disk :) Here is the final one that just restarts the interface. I have been running it since September on most of my snapshots, stopped applying it around December when I was travelling with a different usb dongle (ural0). OK's to commit? Index: if_athn_usb.c === RCS file: /cvs/src/sys/dev/usb/if_athn_usb.c,v retrieving revision 1.45 diff -u -p -r1.45 if_athn_usb.c --- if_athn_usb.c 22 Jan 2017 10:17:39 - 1.45 +++ if_athn_usb.c 25 Jan 2017 22:52:10 - @@ -2104,7 +2104,8 @@ athn_usb_watchdog(struct ifnet *ifp) if (sc->sc_tx_timer > 0) { if (--sc->sc_tx_timer == 0) { printf("%s: device timeout\n", sc->sc_dev.dv_xname); - /* athn_usb_init(ifp); XXX needs a process context! */ + athn_usb_stop(ifp); + athn_usb_init(ifp); ifp->if_oerrors++; return; }
Re: em(4) watchdog timeotu on current/amd64
On Wed, Dec 07, 2016 at 10:11:44AM -0700, johnwixard wrote: > I am having the same problem, did you solve it? > > /john > > > > -- > View this message in context: > http://openbsd-archive.7691.n7.nabble.com/em-4-watchdog-timeotu-on-current-amd64-tp305845p309482.html > Sent from the openbsd user - misc mailing list archive at Nabble.com. > Unfoutnately I don't have any em(4) devices but I think the first step to diagnose this would be to enable debugging output for the em driver. Init is called from the watchdog handler so this *could* show how far it's getting to. It would also be nice to know if both of you experienced this issue before (older snaps). The last change to that driver was in October and there was a bunch earlier this year. Index: if_em.h === RCS file: /cvs/src/sys/dev/pci/if_em.h,v retrieving revision 1.73 diff -u -p -r1.73 if_em.h --- if_em.h 27 Oct 2016 03:06:53 - 1.73 +++ if_em.h 10 Dec 2016 21:00:57 - @@ -243,7 +243,7 @@ typedef int boolean_t; #define SPEED_MODE_BIT (1<<21) /* On PCI-E MACs only */ /* Defines for printing debug information */ -#define DEBUG_INIT 0 +#define DEBUG_INIT 1 #define DEBUG_IOCTL0 #define DEBUG_HW 0
Re: OpenBSD Anonymous CVS
On Fri, Oct 28, 2016 at 11:26:09PM +0300, George Pediaditis wrote: > Hello. > On the webpage > http://www.openbsd.org/anoncvs.html#CVS > > it says > > If you are following the 6.0 -stable branch: > > $ cd /usr/ports > $ cvs -q up -rOPENBSD_6_0 -Pd > > if you follow the default install 6.0 cvsroot isn't set up so someone > should use something like that > > $ cd /usr/ports > $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs up -rOPENBSD_6_0 -Pd > > Similar problem here > http://www.openbsd.org/faq/faq5.html#Bld > > unless I'm missing something > Hi George, The section you pointed out is: "Updating an existing tree" the section before it is: "Getting an initial tree" In the previous section you are told: If you are following the 6.0 -stable branch: $ cd /usr $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_6_0 -P src This covers telling people how to set up a CVSROOT for the first time. Regards, Adam
Re: athn0: device timeout with AR9271
On Mon, Jul 25, 2016 at 01:31:13PM +0200, Stefan Sperling wrote: > On Mon, Jul 25, 2016 at 09:57:38AM +, ML mail wrote: > > Hi, > > > > I installed a USB Wifi card on my OpenBSD 5.8 firewall as AP and from time > > to time there are timeouts which prevents any access to it anymore until I > > either plug out and in the Wifi dongle again or reboot. > > > > Please upgrade from 5.8 to 5.9 and then to -current. Last week, bugs > in the wifi stack were fixed in -current which might affect this. > The issue might also be what I encountered with my athn0 usb dongle. https://marc.info/?l=openbsd-misc&m=144895556213390&w=2 I do plan on implementing the process context for this specific driver (even started during pkgsrcon in the beginning of this month). Let me know if the issue persists after upgrading, would be nice to have more than one person to test the changes when I get around to finishing it up. Regards, Adam
Re: Getting a lot of spam from Gmail,etc. How can I reject those? Can't trap with spamd
On Fri, Jul 08, 2016 at 11:10:02AM -0500, Chris Bennett wrote: > I already have a script with regex's for blacklisting IP's but I am > getting several repeat spam emails to many of my email addresses, same > senders, but from Gmail especially. > > I can't blacklist those since gmail has so many MX's, which would > interfere with good emails too. Gmail probably wouldn't like that > either. > > Any ideas what I should do? > > The only thing I have thought of would be to reject those as a > non-existent user just for those spam messages, but I'm not sure how to > make that happen. > > Die spammers, Die!!! > Chris Bennett > Hi Chris, I did not try this myself but just found this: - https://support.google.com/mail/contact/abuse?hl=en and an excerpt from gmails program policy > Don't use Gmail to distribute spam or unsolicited commercial mail. > > You are not allowed to use Gmail to send email in violation of the CAN-SPAM Act > or other anti-spam laws; to send unauthorized email via open, third-party > servers; or to distribute the email addresses of any person without their > consent. source: https://www.gmail.com/intl/en/mail/help/program_policies.html I think it's worth a try to report those accounts. Even if the accounts happen to change maybe it will trigger Google to filter out those specific pests on their side? Regards, Adam [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Core dumps with sphinx package
On Fri, Jul 08, 2016 at 09:16:15AM +, C. L. Martinez wrote: > Hi all, > > Once a day, searchd daemon (installed from OpenBSD's packages repository) > generate a core dump. How can I report this problem? To openbsd-ports mailing > list?? > > Thanks. > > -- > Greetings, > C. L. Martinez > First of all obtain a backtrace from your core dump. You can do this with gdb by passing in the program binary and the core dump as arguments: $ gdb prog prog.core use the 'bt' command to obtain a backtracce when it's done loading. You might need to rebuild the package with debug symbols in order to obtain a useful trace. Gather as much info as you can: - check dmesg for errors - did it work before? when did it start to segfault? - anything in the logs? - what OpenBSD version are you running? (-current?) Take a look at the backtrace and the info you obtained. Check the upstream source code, maybe you can fix the error yourself now? If not. Take the information you gathered and post to ports@ CC'ing the port maintainer. You should also report the problem upstream to package developers if the problem is not OpenBSD specific (and it's frequently worth to report even if it is specific). Regards, Adam
Re: Installing NextCloud under OpenBSD 5.9
On Sat, 2 Jul 2016 19:26:57 + "C. L. Martinez" wrote: > Hi all, > > I am trying to install NextCloud under an OpenBSD 5.9 host using > OpenBSD's httpd. But I am not sure that Nextcloud can work with > OpenBSD's httpd. > > First of all, rewrite rules like these: > > > RewriteEngine on > RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] > RewriteRule ^\.well-known/host-meta /public.php?service=host-meta > [QSA,L] RewriteRule > ^\.well-known/host-meta\.json /public.php?service=host-meta-json > [QSA,L] RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L] > RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L] > RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule > ^(build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] > RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.* > RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] > > > Can be backported to OpenBSD's httpd? I am thinking to install > apache on the same host, configure NextCloud on it, and redirect > requests from OpenBSD's httpd to apache (listening on localhost only). > > What do you think? > > Thanks. > > -- > Greetings, > C. L. Martinez > https://github.com/reyk/httpd/wiki/Running-ownCloud-with-httpd-on-OpenBSD Ownclud works with httpd. Nextcloud should also work.
Re: Suggestion: new webpage for openbsd.org
On Wed, 18 May 2016 18:08:52 +0200 Joakim Frostegård wrote: > Everybody, thanks for the constructive feedback. As for the snarky > neo-luddite remarks, they were entertaining too ;-) No, I'm not a > product of new-age college professors wanting to demolish the > Colosseum., though HTML5 and mobile support is nice. > > When it comes to searching the archives, I did have a look but not a > very long one. Sorry about that. > > I changed the colors a bit. Now, the contrast between the links and > the background is a lot better. > The colors look better now. > The site works OK in Dillo too, though the old site still looks > better. Then, I don't think doing layout solely with tables belongs > in 2016, and browsers should support floating elements. > > The site works fine in links, elinks and w3m too, except that the > header is shown twice. I think it's more important to have good > mobile support than perfect console browser support. Actually, bad > mobile support is one of the biggest problems with the current site. > I personally like the suggested redesign overall. It still feels light and minimalistic. Thank you for spending time on it and not being afraid to hit misc@ for feedback :) In general, what I feel is missing is a place to have the server rack photo there (see lower left on current website) and a way to integrate the current release theme (main site sports a 5.9 banner now). Regards, Adam
Re: jabber client with conference history saving
On Sun, 17 Apr 2016 22:42:00 +0300 Joseph Oficre wrote: > Hello, @misc. > Can someone give me an advice about xmpp client on OpenBSD, Im using > Psi for now, but it doesnt save messages history properly (errors > only). So i want to try another one. > Doesnt matter if console or gui, just with chatroom/private chats > history saving ability. > > OpenBSD-current. > I'm using gajim which has a nice history browser for both private chats and MUC rooms. Regards, Adam
Re: Upgrade from snapshot to release.
On Wed, 10 Feb 2016 18:20:41 +0100 Ingo Schwarze wrote: > Hi, > > Adam Wolk wrote on Wed, Feb 10, 2016 at 05:18:45PM +0100: > > > The exact day of when a release snapshot is taken is not > > announced. > > Wrong. Looking at the CVS repo, you can see every single change > in all branches, so it is possible to figure out which exact state > of the code went into -release, when the last change was made before > the release, and when the first change was made to -current after > the release. > > Besides, it's irrelevant. X-current is always older than > (X+1)-release and can be upgraded. (X+1)-release is always older > than (X+1)-current and can be upgraded. No need to look up the exact > time of (X+1)-release in CVS. > > > So if you are keeping it on the October snapshot in the hope that > > it will be considered an upgrade then please don't do that. > > Completely bogus advice. It's 100% sure that upgrading from an > October snapshot to the May release of the following year is > supported. Same for November and December snapshots, and even for > January and February ones as long as they still say 5.8-current, > 5.9-beta, or just 5.9, and *NOT* 5.9-current. > > [...] > > Everything else is unknown state. You won't be sure which following > > current steps to execute. > > Wrong, nothing is unclear. To upgrade to (X+1)-release, pay attention > to faq/upgrade(X+1).faq. > > > Your current base OS could be well past > > Wrong, that can't happen, as long as you go from X-anything to > (X+1)-stable. > > > or before the snapshot used for the release. > > That's not a problem. At the worst, some of the steps in the > respective upgrade guide may no longer be necessary, but that's > not a problem. > > It's all in the FAQ: > > http://www.openbsd.org/faq/faq5.html#Flavors > > Yours, > Ingo > I stand corrected, sorry Paco for misguiding you. Don't know why I didn't think about or notice the STATUS change in newvers.sh. Will fact check next time before spreading FUD ;) Regards, Adam
Re: Upgrade from snapshot to release.
On Wed, 10 Feb 2016 16:07:10 +0100 Paco Esteban wrote: > Hi misc@, > > I've one machine that has 5.8-current (20th of October snapshot). > This is a "hardly-ever-touched" machine and I would prefer to have it > following -stable. > Is it possible to go from 5.8-current to 5.9 (when it's available) > using the installer ? > > I've been using OpenBSD since 3.4 but never really played with > -current (with the exception of some tests playing with crappy SSD > performance). > > Cheers, > > -- > Paco Esteban. > GnuPG key: https://onna.be/44CA735E.html > > [demime 1.01d removed an attachment of type application/pgp-signature > which had a name of signature.asc] > The exact day of when a release snapshot is taken is not announced. So if you are keeping it on the October snapshot in the hope that it will be considered an upgrade then please don't do that. You have 2 courses of action. 1. Install a fresh snapshot and continue doing that 2. Re-install the machine using the release media when 5.9 is released Everything else is unknown state. You won't be sure which following current steps to execute. Your current base OS could be well past or before the snapshot used for the release. Regards, Adam
Re: [OpenBGPD] Problem with many (fast connecting) Peers
On Tue, 26 Jan 2016 15:41:31 +0100 Daniel Seidenstücker wrote: > Dear OpenBGPD Community, > > > > in order of measuring the performance of OpenBGPD I need to connect > it with a huge amount of peers (realized by ExaBGP). OpenBGPD 5.8 > works well with 100 Peers but if I increase that number to 250 I got > every try the same error (debug mode): > > > > handle_pollfd: imsg_read error: Resource temporarily unavailable > > SE: Lost connection to RDE > > handle_pollfd: poll fd: Undefined error: 0 > > RDE: Lost connection to SE > > handle_pollfd: poll fd: Undefined error: 0 > > RDE: Lost connection to SE control > > handle_pollfd: poll fd: No such file or directory > > main: Lost connection to SE > > route decision engine exiting > > Segmentation fault (core dumped) > > Load the core file in gdb and see what the error is. I have a hunch that it might be resource limits related (like max open files). I'm not a bgpd expert but checking /etc/login.conf might be worthwhile. Regards, Adam
Re: security(8) mailbox check question
On Sat, 23 Jan 2016 19:29:36 +0100 Adam Wolk wrote: > Hi misc@ > > I'm using OpenSMTPD setup according to [1]. OpenBSD's security(8) > keeps complaining on the way I setup my maildir on the host. > > TL;DR: why u+x on users maildir is considered a bad practice? > > Running security(8): > > Checking mailbox ownership. > user mulander mailbox is drwx--, group mulander > user nemessica mailbox is drwx--, group nemessica > > Wanting to understand what I'm doing wrong I took a look at the code > (as man security(8) only states that it checks maildir permissions, no > details). > > Code performing the check is located in /usr/libexec/security > > # Mailboxes should be owned by the user and unreadable. > sub check_mailboxes { > > I'm not exactly sure of the intent for the comment but the culprit in > my case is the +x bit for the owner of the folder. > > Simply removing that leads to issues in my setup as dovecot sieve > scripts can't traverse the directory and file mail accordingly. > > Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error: > stat(/var/mail/mulander/tmp) failed: Permission denied > (euid=1000(mulander) egid=1000(muland er) missing +x > perm: /var/mail/mulander, dir owner missing perms) Jan 23 18:53:24 > tintagel dovecot: lmtp(mulander): Error: K8AnMgm+o1YvIwAAl8n8gw: > sieve: msgid=<1453571593.2760914.500533218.6AFC4E87@webmail.messagin > gengine.com>: failed to store into mailbox 'INBOX': Internal error > occurred. Refer to server log for more information. [2016-01-23 > 18:53:24] Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error: > K8AnMgm+o1YvIwAAl8n8gw: sieve: Execution of > script /home/mulander/.dovecot.sieve was aborted due to temporary > failure (user logfile /home/mulander/.dovecot.sieve.log may reveal > additional details) > > > Now obviously I treat security(8) warnings seriously but I would like > to know why a +x flag is considered a bad practice here? > > Regards, > Adam > > --- > > [1] > http://blog.tintagel.pl/2015/05/08/accept-from-any-for-any-relay-via.html > After some IRC talk with ebarret we came to the following conclusions: - the script assumes the mailbox is a file (in my case it's a maildir) - the comment should say 'unreadable by others' I think check_mailboxes should be altered when the target entry in /var/mail is a directory. Instead of expecting u+rw it should expect u+rwx in that specific case. If no one raises issues with this I'll send a patch to tech@ modifying security(8) to behave like that. Regards, Adam
security(8) mailbox check question
Hi misc@ I'm using OpenSMTPD setup according to [1]. OpenBSD's security(8) keeps complaining on the way I setup my maildir on the host. TL;DR: why u+x on users maildir is considered a bad practice? Running security(8): Checking mailbox ownership. user mulander mailbox is drwx--, group mulander user nemessica mailbox is drwx--, group nemessica Wanting to understand what I'm doing wrong I took a look at the code (as man security(8) only states that it checks maildir permissions, no details). Code performing the check is located in /usr/libexec/security # Mailboxes should be owned by the user and unreadable. sub check_mailboxes { I'm not exactly sure of the intent for the comment but the culprit in my case is the +x bit for the owner of the folder. Simply removing that leads to issues in my setup as dovecot sieve scripts can't traverse the directory and file mail accordingly. Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error: stat(/var/mail/mulander/tmp) failed: Permission denied (euid=1000(mulander) egid=1000(muland er) missing +x perm: /var/mail/mulander, dir owner missing perms) Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error: K8AnMgm+o1YvIwAAl8n8gw: sieve: msgid=<1453571593.2760914.500533218.6AFC4E87@webmail.messagin gengine.com>: failed to store into mailbox 'INBOX': Internal error occurred. Refer to server log for more information. [2016-01-23 18:53:24] Jan 23 18:53:24 tintagel dovecot: lmtp(mulander): Error: K8AnMgm+o1YvIwAAl8n8gw: sieve: Execution of script /home/mulander/.dovecot.sieve was aborted due to temporary failure (user logfile /home/mulander/.dovecot.sieve.log may reveal additional details) Now obviously I treat security(8) warnings seriously but I would like to know why a +x flag is considered a bad practice here? Regards, Adam --- [1] http://blog.tintagel.pl/2015/05/08/accept-from-any-for-any-relay-via.html
Re: multiple certificates in httpd
On Tue, 8 Dec 2015 18:04:13 +0100 Torsten wrote: > Hi! > > man httpd.conf says: > [tls option] > "Set the TLS configuration for the server." > > I assumed that "the server" would mean that every (virtual) server can > have its own tls options (and certificates). Otherwise it would have > said "Set the TLS configuration for httpd and all virtual servers." > > Is that wrong? Can I only have ONE key and ONE cert and the cert must > be a multi domain certificate? > httpd(8) does not yet support SNI[1][2]. It is on the TODO[3] [1] - http://marc.info/?l=openbsd-misc&m=142642449514312&w=2 [2] - https://marc.info/?l=openbsd-misc&m=142797475322402&w=2 [3] - https://github.com/reyk/httpd/issues/17 Regards, Adam
Re: A branded USB stick as an alternative to the CD set?
On Tue, 1 Dec 2015 18:41:24 -0200 Michel Behr wrote: > Just one more thing: for non-developers, if you think there's any > sense in this idea I just described, please, some "seconding" and/or > additions would be welcomed. Also some e-mails directed to > fundrais...@openbsdfoundation.org would be great in this regard too. Oh God. I don't think Bob and others in the foundation will be happy getting their mailboxes spammed. I'm sure they read this mailing list - +1 emails don't sound like a good idea to me. > (Again: OpenBSD developers should *NOT* need to get involved in this > discussion, this is between non-developers and the OpenBSD > foundation). > OpenBSD foundation consists of at least some developers :) Regards, Adam
Re: startx fail on Lenovo G50-80 amd64
On Sat, 28 Nov 2015 10:56:41 -0600 Andrew wrote: > On 11/28/15, Doug Hogan wrote: > > On Fri, Nov 27, 2015 at 09:47:23AM +, freeu...@ruggedinbox.com > > wrote: > >> I installed OpenBSD 5.8 on USB flash memory. It's fine:) > >> Then Lenovo G50-80 could booting. but, startx fail and xdm was > >> fail. > > > > I would focus on startx. > > > >> 1.background is blank(black) screen, mouse icon(X and arrow) > >> couldn't move. > > > > Was there an error message in the console about the mouse? > > > >> 3.X will draw window manager's background, but behave was strange. > > > > What WM are you using? > > > >> 5.couldn't get X.0.log > > > > If you startx, let it load and then either kill it or switch back > > to the console, does it show any errors? Are there > > any /var/log/Xorg.*.log files? > > > >> dmesg|grep drm: > > > > Could you post the full dmesg? In our dmesg archive, I see someone > > report that their Lenovo G50-80 works more than your report > > indicates. However, theirs didn't load inteldrm properly and yours > > did. I can't compare the two dmesgs since you snipped it. > > > >> xorg.conf: > > > > Can you try it without a xorg.conf file? It's usually not > > necessary. In general, try to make things simpler to debug by using > > startx, no xorg.conf file, a simple WM like cwm and try to find a > > way to get us a log file or error message. > > > > If possible, could you try installing an amd64 snapshot from > > tomorrow to see if it was fixed between 5.8 and -current? > > > I have a Lenovo G50-70 running the 5.7 stable.amd GENERIC.MP > > I am humble enough to admit that I was also baffled by a blank screen, > seemingly no keyboard, no mouse, no error messages ... and I had to > ask for help too. > > The solution may be as simple as tappng the "brightness" button a few > times on the keyboard. It's the F12 button on my laptop. > > See also: > > localhost> man xbacklight > I reported the same problem ;) If you plug in an external monitor you will notice it showing X correctly. You're screen is just black like mentioned by Andrew. Use the brightness key :) Regards, Adam
Re: athn0: device timeout
On Sat, 28 Nov 2015 22:30:03 -0800 Bryan Vyhmeister wrote: > On Sat, Nov 28, 2015 at 09:24:23AM -0700, bluesun08 wrote: > > ok, now i tested my adapter on > > a) another machine > > b) another usb port. > > > > Result: The adapter don't work on a) and don't work on b). > > > > Is there any other Wifi-USB-adapter which work reasonably reliable > > on OpenBSD in HostAP mode? > > I have what I believe is the exact same device you do (TP-Link > TL-WN722N) and I just plugged it in to my MacBookAir7,2 where uhub0 is > attached to usb0 which is attached to xhci0 and, after running > fw_update to get the athn(4) firmware, was able to reattach and bring > it up in hostap mode without any issues. > > athn0 at uhub0 port 1 configuration 1 interface 0 "ATHEROS USB2.0 > WLAN" rev 2.00/1.08 addr 8 > athn0: AR9271 rev 1 (1T1R), ROM rev 13, address f8:1a:67:1f:cc:89 > > athn0: flags=8843 mtu 1500 > lladdr f8:1a:67:1f:cc:89 > priority: 4 > groups: wlan > media: IEEE802.11 autoselect (autoselect hostap) > status: active > ieee80211: nwid "hostap test" chan 1 bssid f8:1a:67:1f:cc:89 > > > I think stsp@ is correct that something else is going on with xhci(4) > on your machine since this USB device works pretty well. I also > tested an older rum(4) device I have as well and that also works. > > Bryan > I recently bought the exact same TP-LINK USB wireless (TL-WN722N). It brings the interface nicely up and the connection works but times out quite regularly but I am able to reconnect it back with doas sh /etc/netstart. Though in my case it's just athn0: device timed out without any firmware info. Tested on OpenBSD -current amd64 snapshots from: 31 Oct & 25 November on a Lenovo G50-70. Now to be precise. I can use this dongle quite fine. It sometimes goes up to 1 hour of usage without any timeouts. When it does timeout it's usually in rapid succession (like 2-3 times in next 10 minutes). Each time after a timeout I can restart the connection with netstart *without* unplugging the device. OpenBSD 5.8-current (GENERIC.MP) #1663: Wed Nov 25 13:59:58 MST 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8464887808 (8072MB) avail mem = 8204222464 (7824MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6e40 (38 entries) bios0: vendor LENOVO version "9ACN29WW" date 10/20/2014 bios0: LENOVO 20351 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC UEFI FPDT POAT ASF! HPET APIC MCFG WDAT SSDT BOOT LPIT ASPT DBGP SSDT SSDT SSDT SSDT acpi0: wakeup devices P0P1(S4) UAR1(S3) EHC1(S3) XHC_(S3) HDEF(S4) TPD4(S4) TPD7(S0) TPD8(S0) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.87 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,
Re: KNFectomy
On Wed, 18 Nov 2015 11:38:55 -0700 (MST) Theo de Raadt wrote: > >Adam Wolk wrote: > >> During the LibreSSL early days there were frequent KNFectomy > >> procedures executed by jsing@. Is the KNFectomy utensil script > >> available publicly? ;) man -k knf yields only style(9). > > > >indent -ci4 -di1 -nlp $1 > > > >That's not what joel used, but it's what i have in ~/bin/knf. It > >usually gets things close enough for some further refinement. I'm afraid of tools that redirect me to rcs(1) KEYWORD SUBSTITUTION documentation in order to be able to decipher their flags :P Though I do appreciate the info, might be desperate enough on some occasions to try it out - who am I kidding, I will try it :) > > Until indent -- having come out of the back of a cow -- subtly screws > your source code and makes a mistake. > > Be careful. > Thanks for the heads up. I just had a few occasions lately that I had to incorporate some broken formatted C code into a project and was searching for a 'general pass make my eyes not bleed' like tool. Regards, Adam
KNFectomy
During the LibreSSL early days there were frequent KNFectomy procedures executed by jsing@. Is the KNFectomy utensil script available publicly? ;) man -k knf yields only style(9). Regards, Adam
cron daily insecurity output
Hi misc@ cron started to be recently reported in my insecurity output after upgrading to snapshot from Nov 6: Checking special files and directories. Output format is: filename: criteria (shouldbe, reallyis) var/cron/atjobs: permissions (01770, 0770) var/cron/tabs: permissions (01730, 0730) mtree special: exit code 2 Last known snapshot known to not complain about those issues was from Oct 7th. Reports started on the snapshot upgrade & continue till now. Did anyone else notice this? Regards, Adam
Re: Linux crypt(3)
On Sat, 17 Oct 2015 12:31:59 +0200 (CEST) Adam Wysocki wrote: > Hi misc, > > I'm migrating one of my servers from Linux to OpenBSD and I need a > method to authenticate users based on passwords treated with Linux > crypt() function. Passwords are encrypted with salted DES, without > glibc2 extensions. For example: > > $ htpasswd -nbd test test > test:MbfD9Vq5SL5aE > > Where "Mb" is a random salt and the rest is encrypted password. > > As OpenBSD crypt() function differs from the one in Linux libc and > returns NULL for setting "Mb", before I start porting it from libc, > maybe you have an easier solution? Maybe there is a library I can use > (different than whole bloated Linux libc)? > > Kind regards. > Don't know if it works out for you but you could generate ssh keys for existing accounts and allow users to access the new system using that provided ssh key & set the passwords themselves (or just keep using key auth and disabling passwords :)).
Re: CD's arrived
On Wed, 7 Oct 2015 14:51:28 + M Wheeler <6f84c...@refn.co.uk> wrote: > CD's arrived today UK. Thanks again. > Just arrived in Poland
Re: httpd syscall 72
On Wed, 7 Oct 2015 12:18:32 -0700 Scott Vanderbilt wrote: > Running latest snapshot (amd64), I get a 'sycall 72' message when > attempting to start httpd, e.g.: > > httpd(10043): syscall 72 > > I'm pretty sure this started with snapshots after Sept. 27. > > Might anyone have an idea where I can start to look for the problem? > > Thanks. > I have the same dmesg since Oct 7 snapshot. Not present in Oct 5 snapshot. 30007 basename CALL tame(0x1636d4d01089,0) 30007 basename STRU tame request="stdio" 30007 basename RET tame 0 855 id CALL tame(0x19334f201fe2,0) 855 id STRU tame request="stdio getpw" 855 id RET tame 0 855 id CALL tame(0x19334f201fe2,0) 855 id STRU tame request="stdio getpw" 855 id RET tame 0 11057 httpdCALL tame(0x1fcf4ca1dc70,0) 11057 httpdSTRU tame request="malloc inet cmsg cpath rpath wpath proc ioctl" 11057 httpdRET tame 0 31228 httpdCALL tame(0x1fcf4ca1e4e0,0) 31228 httpdSTRU tame request="malloc cmsg rpath proc inet unix ioctl" 31228 httpdRET tame 0 13028 httpdCALL tame(0x1fcf4ca1dde9,0) 13028 httpdSTRU tame request="malloc cmsg" 13028 httpdRET tame 0 29181 httpdCALL tame(0x1fcf4ca1e4e0,0) 29181 httpdSTRU tame request="malloc cmsg rpath proc inet unix ioctl" 29181 httpdRET tame 0 9705 httpdCALL tame(0x1fcf4ca1e4e0,0) 9705 httpdSTRU tame request="malloc cmsg rpath proc inet unix ioctl" 9705 httpdRET tame 0 13028 httpdPSIG SIGKILL SIG_DFL 11057 httpdPSIG SIGCHLD caught handler=0x1fd1c9ab83e0 mask=0<> Regards, Adam
bgpd not starting since Oct 5 snapshot (tame related?)
Hi misc@, I noticed that my bpgd is down after the reboot with the following new messages in dmesg: bgpd(13184): sysctl 6: 4 17 0 0 3 0 bgpd(13184): syscall 202 The message appears on boot: starting network daemons: sshd bgpd ssmtpdbgpd(13184): sysctl 6: 4 17 0 0 3 0 bgpd(13184) syscall 202 httpd sndiod. starting package daemons: . No more appearances after the bootup sequence. kern.version=OpenBSD 5.8-current (GENERIC) #1332: Mon Oct 5 01:01:28 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC Previous snapshot I used was from September 24th and I didn't notice that message. Though I might have missed it since I disabled spamd a while ago which was the only reason bgpd is running on this host (synchronizing white-listed hosts). Though rc.conf.local still contains: bgpd_flags="" Regards, Adam
Re: spamdb
On Tue, 15 Sep 2015 19:26:22 +0200 "Fran. J Ballesteros" wrote: > just FYI. our spamd indeed had problems leading to corrupt db entries > so some where never white listed. > > I changed it to use a simple in memory db and it now white lists as > it should. the change is ok for us but not for openbsd, so I didn't > submit any patch anywhere. > > the symptom of the problem is that some mails get rejected with > temporary failures forever. I would pay attention to the logs and the > db if using the stock spamd. > > Also, in case it affects, we are using the software raid. > > hth others googling for spamd. > > > El 10/9/2015, a las 15:41, Peter N. M. Hansteen > > escribió: > > > >> On Thu, Sep 10, 2015 at 03:04:26PM +0200, Fran. J Ballesteros > >> wrote: > >> > >> with 5.7 our spamdb becomes corrupt after a while. Are we the only > >> ones with this problem? Anyone else using it? > > > > using spamd with related tools including spamdb through the 5.7 > > cycle and past, yes. > > > > seeing spamdb corrupted, not that I've noticed. What are the > > symptoms more specifically? > > > > > > -- > > Peter N. M. Hansteen, member of the first RFC 1149 implementation > > team http://bsdly.blogspot.com/ http://www.bsdly.net/ > > http://www.nuug.no/ "Remember to set the evil bit on all malicious > > network traffic" delilah spamd[29949]: 85.152.224.147: disconnected > > after 42673 seconds. > I have been hitting issues with spamdb since April. Ended up disabling it as it's just a private server for 2 people so not really hurt much by being disabled. You can see the problem I reported on the mailing list here: http://marc.info/?t=14301581823&r=1&w=2 I do wonder if you are having the same issues as I did back then.
Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df
On Fri, 4 Sep 2015 11:37:09 -0700 Chris Cappuccio wrote: > Adam Wolk [adam.w...@tintagel.pl] wrote: > > > > -rw--- 1 _spampd _spampd 9.8M Sep 3 22:52 bayes_seen > > > > -rw--- 1 _spampd _spampd 65.3G Sep 3 22:55 bayes_toks > > > > > > > > > > What are your memory limits for the user/daemon class that runs > > > spamassassin? > > > > Touche, not set. Though it was running like that since ~December > > last year hence my question to misc@ if anyone noticed it behaving > > differently since the last release. In no way I'm assuming that > > something is wrong on the OS / software level - in fact I assumed > > that my setup was performed incorrectly by me. So far I learned a > > ton of useful info by asking on the list here, hope no one feels > > offended :) > > > > $ cat /etc/login.conf | grep -i spam > > $ > > > > Well it still runs with some class, perhaps as daemon ? > > I guess I'm really asking, is your login.conf modified? Post it and > your rc.conf.local > Not modified by hand. $ grep -i spam /etc/passwd _spamd:*:62:62:Spam Daemon:/var/empty:/sbin/nologin _spamdaemon:*:506:506:SpamAssassin:/var/db/spamassassin:/sbin/nologin _spampd:*:746:746:spampd user:/var/spampd:/sbin/nologin $ id _spamd uid=62(_spamd) gid=62(_spamd) groups=62(_spamd) $ id _spamdaemon uid=506(_spamdaemon) gid=506(_spamdaemon) groups=506(_spamdaemon) $ id _spampd uid=746(_spampd) gid=746(_spampd) groups=746(_spampd) $ $ cat /etc/login.conf # $OpenBSD: login.conf,v 1.5 2015/07/20 18:53:18 sthen Exp $ # # Sample login.conf file. See login.conf(5) for details. # # # Standard authentication styles: # # passwdUse only the local password file # chpassDo not authenticate, but change users password (change # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead # radiusUse radius authentication # rejectUse rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # cryptoCRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication # tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # # Default allowed authentication styles auth-defaults:auth=passwd,skey: # Default allowed authentication styles for authentication type ftp auth-ftp-defaults:auth-ftp=passwd: # # The default values # To alter the default authentication types change the line: # :tc=auth-defaults:\ # to be read something like: (enables passwd, "myauth", and activ) # :auth=passwd,myauth,activ:\ # Any value changed in the daemon class should be reset in default # class. # default:\ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ :umask=022:\ :datasize-max=512M:\ :datasize-cur=512M:\ :maxproc-max=256:\ :maxproc-cur=128:\ :openfiles-cur=512:\ :stacksize-cur=4M:\ :localcipher=blowfish,8:\ :ypcipher=old:\ :tc=auth-defaults:\ :tc=auth-ftp-defaults: # # Settings used by /etc/rc and root # This must be set properly for daemons started as root by inetd as well. # Be sure reset these values back to system defaults in the default class! # daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=128:\ :stacksize-cur=8M:\ :localcipher=blowfish,9:\ :tc=default: # # Staff have fewer restrictions and can login even when nologins are set. # staff:\ :datasize-cur=1536M:\ :datasize-max=infinity:\ :maxproc-max=512:\ :maxproc-cur=256:\ :ignorenologin:\ :requirehome@:\ :tc=default: # # Authpf accounts get a special motd and shell # authpf:\ :welcome=/etc/motd.authpf:\ :shell=/usr/sbin/authpf:\ :tc=default: # # Building ports with DPB uses raised limits # pbuild:\ :datasize-max=infinity:\ :datasize-cur=4096M:\ :maxproc-max=1024:\ :maxproc-cur=256:\ :tc=default: # # Override resource limits for certain daemons started by rc.d(8) # bgpd:\ :openfiles-cur=512:\ :tc=daemon: unbound:\ :openfiles-cur=512:\ :tc=daemon: dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon:
Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df
On Fri, 4 Sep 2015 11:08:35 -0700 Chris Cappuccio wrote: > Adam Wolk [adam.w...@tintagel.pl] wrote: > > Hi misc@ > > > > I upgraded my mail server to an amd64 snapshot from Sep 2nd and > > found the server stuck delivering mail in the morning with > > spamassasin churning at 90% CPU usage. > > > > Quick investigation lead me to a huge bayes_toks file of 65.3G in > > /var/spampd/.spamassasin/. > > > > $ ls -alh > > total 4738352 > > drwx-- 2 _spampd _spampd 512B Sep 4 10:00 . > > drwxr-xr-x 3 _spampd _spampd 512B Sep 3 15:57 .. > > -rw--- 1 _spampd _spampd36B Sep 4 09:53 bayes.lock > > -rw--- 1 _spampd _spampd 9.8M Sep 3 22:52 bayes_seen > > -rw--- 1 _spampd _spampd 65.3G Sep 3 22:55 bayes_toks > > > > What are your memory limits for the user/daemon class that runs > spamassassin? Touche, not set. Though it was running like that since ~December last year hence my question to misc@ if anyone noticed it behaving differently since the last release. In no way I'm assuming that something is wrong on the OS / software level - in fact I assumed that my setup was performed incorrectly by me. So far I learned a ton of useful info by asking on the list here, hope no one feels offended :) $ cat /etc/login.conf | grep -i spam $ Regards, Adam
Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df
On Fri, 4 Sep 2015 12:31:13 -0400 Michael McConville wrote: > k...@kurawa.no-ip.org wrote: > > Adam Wolk wrote: > > > After deleting the file, restarting the service processing a > > > single email brought the DB to reported size 37.9M, few emails > > > later it's already reported as 113M I have a hunch that it will > > > bloat again really fast. > > > > try to disable bayes, set parameter "use_bayes 0" and placed into > > the server-wide local.cf configuration file. > > I administrate a mail server running Debian Jessie that uses the shell > script method of calling SpamAssassin from Postfix. It uses a ton of > CPU, so I don't think this is an OpenBSD problem. > > That said, you probably shouldn't disable Bayesian filtering. IIUC, > that's the main point of using SpamAssassin, and it's necessary to > block almost all spam. Thanks, I had an initial suspicion that something was misconfigured on my previous snapshots as I saw spamassasin being executed but never used a lot of CPU (though it did flag 1 - literally one, email as spam - but that's expected volume for a server with 2 accounts). It's quite possible that Bayesian filtering started working for me only since this snapshot. I would appreciate it if you could check the size of your bayes_toks db & some info on general growth per email (seems to be around 30-60M on my server) as that's the only thing I think could be wrong with it atm. 65.3G accumulated in less than 24h for a DB that serves around 11k emails *per month* seems a lot (and most of that traffic are OpenBSD mailing lists). Regards, Adam
spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df
Hi misc@ I upgraded my mail server to an amd64 snapshot from Sep 2nd and found the server stuck delivering mail in the morning with spamassasin churning at 90% CPU usage. Quick investigation lead me to a huge bayes_toks file of 65.3G in /var/spampd/.spamassasin/. $ ls -alh total 4738352 drwx-- 2 _spampd _spampd 512B Sep 4 10:00 . drwxr-xr-x 3 _spampd _spampd 512B Sep 3 15:57 .. -rw--- 1 _spampd _spampd36B Sep 4 09:53 bayes.lock -rw--- 1 _spampd _spampd 9.8M Sep 3 22:52 bayes_seen -rw--- 1 _spampd _spampd 65.3G Sep 3 22:55 bayes_toks $ file bayes_toks bayes_toks: Berkeley DB 1.85 (Hash, version 2, native byte-order) Interestingly I don't see that much space used with df (anyone knows why?): $ df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/sd0a 1008M 90.1M868M 9%/ /dev/sd0k 9.8G 80.3M9.3G 1%/home /dev/sd0d 3.9G118K3.7G 0%/tmp /dev/sd0f 3.9G1.0G2.7G28%/usr /dev/sd0g 1001M212M738M22%/usr/X11R6 /dev/sd0h 9.8G572M8.8G 6%/usr/local /dev/sd0j 3.9G2.0K3.7G 0%/usr/obj /dev/sd0i 2.0G2.0K1.9G 0%/usr/src /dev/sd0e 598G4.3G564G 1%/var I removed the file and disk usage dropped by 2.3G on /var. Did anyone experience issues with spamassasin/spampd similar to the one reported above? p5-Mail-SpamAssassin-3.4.1p2 (installed) spampd-2.30p3 (installed) After deleting the file, restarting the service processing a single email brought the DB to reported size 37.9M, few emails later it's already reported as 113M I have a hunch that it will bloat again really fast. Regards, Adam
Re: Snapshot 2015.09.02 bsd.rd re0 network not fully set-up via dhcp
On Wed, 2 Sep 2015 22:49:02 +0200 Martin Pieuchot wrote: > Hello, > > On 02/09/15(Wed) 13:59, Adam Wolk wrote: > > Since the snapshot from 2015.09.02 dhcp doesn't result in a fully > > functional network in the installer. > > [...] > > The bug should already be fixed, well I backed out the commit that > exposed a bug with dhclient in RAMDISK kernels. > > Please try a newer bsd.rd and report back if you still encounter a > problem. > > Martin Thanks Martin, I already have been informed off list about the backed out change. Currently waiting for my preferred mirror to pick up a newer image. Regards, Adam
Snapshot 2015.09.02 bsd.rd re0 network not fully set-up via dhcp
Hi misc@ Since the snapshot from 2015.09.02 dhcp doesn't result in a fully functional network in the installer. Last known working snapshot was 2015.08.22 (last upgrade performed on this laptop). What happens? 1. boot bsd.rd as usual 2. set language, filesystem checks etc, get to picking location for the sets 3. enter http, tell it no proxy needed expected: list of mirrors to pick from what I got: 'can't contact ftp.openbsd.org but that's ok' This never happened on previous snapshots to me. I dropped down to shell with ! and checked the following: 1. I can ping other machines on the same network (192.168.100.108) 2. I have an IP assigned 3. I can't ping 8.8.8.8 4. I can't ping google.com 5. I have a resolv conf Grabbed details from the bsd.rd shell: $ cat ifconfig.txt lo0: flags=8049 mtu 32768 groups: lo inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 re0: flags=8843 mtu 1500 lladdr 68:f7:28:39:b2:85 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 192.168.100.106 netmask 0xff00 broadcast 192.168.100.255 $ cat local.txt PING 192.168.100.108 (192.168.100.108): 56 data bytes 64 bytes from 192.168.100.108: icmp_seq=0 ttl=64 time=5.680 ms 64 bytes from 192.168.100.108: icmp_seq=1 ttl=64 time=7.408 ms 64 bytes from 192.168.100.108: icmp_seq=2 ttl=64 time=3.499 ms --- 192.168.100.108 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.499/5.529/7.408/1.599 ms $ cat ping_ip.txt ping: wrote 8.8.8.8 64 chars, ret=-1 ping: sendto: No route to host ping: wrote 8.8.8.8 64 chars, ret=-1 ping: sendto: No route to host ping: wrote 8.8.8.8 64 chars, ret=-1 ping: sendto: No route to host --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss $ cat resolv.conf # Generated by re0 dhclient nameserver 8.8.8.8 nameserver 46.148.145.10 nameserver 195.46.37.2 $ cat route.show.txt Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default192.168.100.1 GS 00 - 8 re0 127/8 localhost UGRS 00 32768 8 lo0 localhost localhost UHPl 10 32768 1 lo0 192.168.100/24 192.168.100.106UCP10 - 8 re0 192.168.100.1 a0:f3:c1:7c:aa:c1 UHLcP 10 - 8 re0 192.168.100.10668:f7:28:39:b2:85 UHLPl 00 - 1 lo0 192.168.100.255192.168.100.106UHPb 00 - 1 re0 Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface localhost localhost UHPl 00 32768 1 lo0 fe80::1%lo0fe80::1%lo0UHPl 00 32768 1 lo0 ff01::%lo0/32 localhost UC 00 32768 4 lo0 ff02::%lo0/32 localhost UC 00 32768 4 lo0 === I also have a dmesg from the bsd.rd if anyone wants to see it. Here are the routes & ifconfig from my currently installed snapshot: $ sysctl kern.version kern.version=OpenBSD 5.8-current (GENERIC.MP) #1254: Sat Aug 22 02:19:42 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP $ route show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default192.168.100.1 UGS5 1082 - 8 re0 loopback localhost UGRS 00 32768 8 lo0 localhost localhost UHl14 32768 1 lo0 192.168.100/24 192.168.100.106UC 10 - 8 re0 192.168.100.1 a0:f3:c1:7c:aa:c1 UHLc 10 - 8 re0 192.168.100.10668:f7:28:39:b2:85 UHLl 00 - 1 lo0 192.168.100.255192.168.100.106UHb00 - 1 re0 base-address.mcast 192.168.100.1 UCS00 - 8 re0 Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface ::/104 localhost UGRS 00 32768 8 lo0 ::/96 localhost UGRS 00 32768 8 lo0 localhost localhost UHl 144 32768 1 lo0 ::127.0.0.0/104localhost UGRS 00 32768 8 lo0 ::224.0.0.0/100localhost UGRS 00 32768 8 lo0 ::255.0.0.0/104localhost UGRS 00 32768 8
Re: dovecot startup failure (5.7-stable)
On Sat, 25 Jul 2015 13:51:32 +0200 Tor Houghton wrote: > Hi, > Hi, > It appears that the dovecot package won't start at boot time unless > the ulimit is raised for open files: > > .. > Jul 25 13:39:53 duck dovecot: master: Error: > open(/var/dovecot/login-master-notifyda2290c6851a9f03) failed: Too > many open files .. > > If I add the following to /etc/login.conf -- > > dovecot:\ > :openfiles-cur=1024:\ > :tc=daemon: > > it starts OK. I suppose it's either do the above, or change the > defaults in /etc/dovecot/conf.d/10-master.conf .. ? > > Regards, > > Tor I never hit that specific issue while running current. dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon: This is the recommended values for dovecot as stated by /usr/local/share/doc/pkg-readmes/dovecot-2.2.18p0 Does dovecot start up properly if you set openfiles-max? That's the only difference I see between your setup and dovecot seems to start up fine with openfiles-cur=512 on my box (amd64 snapshot Jul 20). Regards, Adam
Re: J58E8R30X Lenovo EasyCamera -current ; works only after waking up from zzz
On Sun, 21 Jun 2015 20:16:08 +0200 Martin Pieuchot wrote: > On 21/06/15(Sun) 19:54, Martin Pieuchot wrote: > > On 21/06/15(Sun) 12:25, Adam Wolk wrote: > > > Hi misc@, > > > > > > I'm running -current amd64 snapshot from 19th Jun, this laptop > > > went through 9 snapshots so far. > > > > > > During all upgrades the built-in camera in the laptop was > > > always detected and displayed as configured. I had no need > > > to use it so didn't test if it actually works. > > > [...] > > > Running video(1) results in the following line appearing in dmesg: > > > uvideo0: could not open VS pipe: INVAL > > > > > > This was consistent behaviour for the past 2 snapshots and I > > > believe that it always behaved this way but I didn't test older > > > ones. I doubt this is a regression of any kind. > > > > It is not a regression. The problem is that your camera is attached > > to an xHCI controller and the xhci(4) driver still lack support for > > Isochronous transfer. > > > > > The interesting bit happened yesterday. I wanted to leave the > > > laptop on overnight but didn't want it to drain power so enabled > > > apmd, set apm -C and hit zzz. > > > > > > Before going off I decided to test if it's possible to even wake > > > up from that state. So hit space, the laptop started waking up > > > and I noticed the webcam led blinking once shortly. Decided to > > > test video(1) again and behold, a webcam window appeared with my > > > half asleep face on it. > > > > > > Does anyone have an idea what might be different when waking up > > > from zzz compared to the regular initialization that the system > > > does during boot? > > > > If you carefully look at your dmesg you'll see that: > > > > - uvideo0 at uhub0 port 6 configuration 1 interface 0 "J58E8R30X > > Lenovo EasyCamera" rev 2.00/0.06 addr 4 > > + uvideo0 at uhub2 port 6 configuration 1 interface 0 "J58E8R30X > > Lenovo EasyCamera" rev 2.00/0.06 addr 4 > > > > Here uhub2 is the rate match hub below your ehci(4) whereas uhub0 > > is the root hub of xhci(4). In other words after resuming your > > machine your camera appears to be on a different bus... > > > > Alternatively you can run usbdevs(8) before and after suspending an > > see the difference. Now I don't know why/how this happens. > > After looking at Linux' sources it seems that some BIOSes that do not > support xHCI route your USB ports back to an EHCI controller during > suspend/resume. > > Could you test the diff below and let me know if your uvideo(4) stays > on the same bus after resuming? > Sure thing, test results below (tl;dr it sticks to the same bus). > Index: xhci_pci.c > === > RCS file: /cvs/src/sys/dev/pci/xhci_pci.c,v > retrieving revision 1.5 > diff -u -p -r1.5 xhci_pci.c > --- xhci_pci.c30 Oct 2014 18:25:08 - 1.5 > +++ xhci_pci.c21 Jun 2015 18:10:57 - > @@ -61,17 +61,19 @@ struct xhci_pci_softc { > struct xhci_softc sc; > pci_chipset_tag_t sc_pc; > pcitag_tsc_tag; > + pcireg_tsc_id; > void*sc_ih; /* > interrupt vectoring */ }; > > int xhci_pci_match(struct device *, void *, void *); > void xhci_pci_attach(struct device *, struct device *, void > *); int xhci_pci_detach(struct device *, int); > +int xhci_pci_activate(struct device *, int); > void xhci_pci_takecontroller(struct xhci_pci_softc *, int); > > struct cfattach xhci_pci_ca = { > sizeof(struct xhci_pci_softc), xhci_pci_match, > xhci_pci_attach, > - xhci_pci_detach, xhci_activate > + xhci_pci_detach, xhci_pci_activate > }; > > int > @@ -92,10 +94,10 @@ xhci_pci_port_route(struct xhci_pci_soft > { > pcireg_t val; > > - /* > + /* >* Check USB3 Port Routing Mask register that indicates the > ports >* can be changed from OS, and turn on by USB3 Port SS > Enable register. > - */ > + */ > val = pci_conf_read(psc->sc_pc, psc->sc_tag, > PCI_XHCI_INTEL_USB3PRM); DPRINTF(("%s: USB3PRM / USB3.0 configurable > ports: 0x%08x\n", psc->sc.sc_bus.bdev.dv_xname, val)); > @@ -106,7 +108,7 @@ xhci_pci_port_route(struct xhci_pci_soft > psc->sc.sc_bus.bdev.dv_xname, val)); > > /* > - * Check USB2 Port
J58E8R30X Lenovo EasyCamera -current ; works only after waking up from zzz
Hi misc@, I'm running -current amd64 snapshot from 19th Jun, this laptop went through 9 snapshots so far. During all upgrades the built-in camera in the laptop was always detected and displayed as configured. I had no need to use it so didn't test if it actually works. Two snapshots ago I wanted to test a piece of OpenCV code using the webcam and it failed. I proceeded to test the camera with video(1) from base. $ video -v video device /dev/video: encodings: yuy2 frame sizes (width x height, in pixels) and rates (in frames per second): 160x120: 30, 15 320x240: 30, 15 640x360: 30, 15 640x480: 30, 15 800x600: 15 1280x720: 8 controls: brightness, contrast, saturation, hue, gamma, sharpness Xv adaptor 0, Intel(R) Textured Video: encodings: yuy2, uyvy max size: 3286x1080 using yuy2 encoding using frame size 640x480 (614400 bytes) using default frame rate video: poll error, revents=0x8 $ Running video(1) results in the following line appearing in dmesg: uvideo0: could not open VS pipe: INVAL This was consistent behaviour for the past 2 snapshots and I believe that it always behaved this way but I didn't test older ones. I doubt this is a regression of any kind. The interesting bit happened yesterday. I wanted to leave the laptop on overnight but didn't want it to drain power so enabled apmd, set apm -C and hit zzz. Before going off I decided to test if it's possible to even wake up from that state. So hit space, the laptop started waking up and I noticed the webcam led blinking once shortly. Decided to test video(1) again and behold, a webcam window appeared with my half asleep face on it. Does anyone have an idea what might be different when waking up from zzz compared to the regular initialization that the system does during boot? I am able to reproduce the 'broken' state & the workaround: - booting fresh, camera not working - zzz - wake up, camera works $ video -v video device /dev/video: encodings: yuy2 frame sizes (width x height, in pixels) and rates (in frames per second): 160x120: 30, 15 320x240: 30, 15 640x360: 30, 15 640x480: 30, 15 800x600: 15 1280x720: 8 controls: brightness, contrast, saturation, hue, gamma, sharpness Xv adaptor 0, Intel(R) Textured Video: encodings: yuy2, uyvy max size: 3286x1080 using yuy2 encoding using frame size 640x480 (614400 bytes) using default frame rate ^Crun time: 12.155619 seconds frames grabbed: 361 frames played: 361 played fps: 29.615933 OpenBSD 5.8-beta (GENERIC.MP) #1078: Thu Jun 18 23:19:25 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8464887808 (8072MB) avail mem = 8204460032 (7824MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6e40 (38 entries) bios0: vendor LENOVO version "9ACN29WW" date 10/20/2014 bios0: LENOVO 20351 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC UEFI FPDT POAT ASF! HPET APIC MCFG WDAT SSDT BOOT LPIT ASPT DBGP SSDT SSDT SSDT SSDT acpi0: wakeup devices P0P1(S4) UAR1(S3) EHC1(S3) XHC_(S3) HDEF(S4) TPD4(S4) TPD7(S0) TPD8(S0) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.91 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX
Large file uploads/downloads - owncloud-8.0.3 + httpd
Hi misc@ For about 2 months I have been running owncloud on an amd64 -current machine using httpd from base. I'm so far quite happy with the setup but can't get the service working with large file uploads & downloads. When trying with the owncloud client from a Linux machine I receive connection timeouts while synchronizing directories containing large files (7.5-8 GB per file). I have the same issues while uploading the file. I see no errors related to this in: - /var/www/logs/access.log - /var/www/logs/error.log - /var/log/php-fpm.log So far I have tried: - setting connection max request body to 10GiB (10737418240 bytes) - setting connection timeout to 43200 (12h instead of default 10 minutes) - changing upload_max_filesize/post_max_size in .user.ini of owncloud but that only seems to impact the UI itself - changing upload_mmax_filesize in php-5.5.ini this doesn't seem to also have any impact I think I must have gotten something wrong in my httpd setup that keeps breaking the connection. More normally sized files (5-250 MB?) go through without any issues. I would love to hear from anyone that is currently running an owncloud server with httpd from base and was able to handle large files with it. I'm attaching my httpd.conf section relating to owncloud in case someone can spot anything wrong with it. All input greatly appreciated :) server "cloud.myserver.example" { listen on * tls port 443 # tls certificate "/etc/ssl/cloud.crt" # tls key "/etc/ssl/private/cloud.key" tls certificate "/etc/ssl/wild.crt" tls key "/etc/ssl/private/wild.key" # Set max upload size to 10GiB (in bytes) connection max request body 10737418240 # Timeout connections after 12h instead of the default 10 minutes connection timeout 43200 root "/owncloud" # First deny access to the specified files location "*/db_structure.xml" { block } location "*/.ht*" { block } location "*/README" { block } location "*/data*" { block } location "*/config*" { block } # If it is accessed as /owncloud location "/owncloud/*.php*" { root { "/owncloud", strip 1 } fastcgi socket "/run/php-fpm.sock" } location "/owncloud/*" { root { "/owncloud", strip 1 } } # Any other PHP file location "/*.php*" { fastcgi socket "/run/php-fpm.sock" } }
Re: spamd - whitelist sender email addresses
On Mon, 18 May 2015 09:26:13 +0200 Alex Greif wrote: > Hi, > I am using spamd on a current installation in greylisting mode, > and have have problems with large sites that have several > SMTP servers but no SPF ip-address ranges. > Sometimes I have more than 10 mail server IPs in the greylisted > in spamdb, from the same (friend) email address, and the the > sender side finally/unfortunately gives up, so that I don't get > the mail. > > Is there a way to define a list of (friendly) sender email addresses > or domains in the following form: > some.fri...@domail1.com > @freinds-domain.com > > so that spamd ignores greylisting the IPs of the hosts, where these > specified senders come from? > > thanks, > Alex. I personally use the bgpd solution to obtain a solid list of hosts http://bgp-spamd.net/index.html They synchronize around 200k white listed hosts by now. Those hosts went through the regular spamd process on a more widely used mail server hence I prefer that solution to manually hunting for those services that deliver with a pool of servers. Regards, Adam
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 11:45 PM, Adam Wolk wrote: > On Mon, Apr 27, 2015, at 10:52 PM, Adam Wolk wrote: > > On Mon, Apr 27, 2015, at 10:43 PM, Adam Wolk wrote: > > > On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote: > > > > On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: > > > > > > > > > Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 > > > > > out1-smtp.messagingengine.com > > > > > from spamd db (Error 22) > > > > > > > > > > Does anyone know how serious that error is (should I be worried) and > > > > > what might have caused it? > > > > > > > > Error 22 is EINVAL. I'm not sure how that can happen in this case > > > > though. Have you tried restating spamd? > > > > > > > > > > Hi Todd, > > > > > > Indeed I tried restarting spamd and the issue is the same each time. > > > With a spamd restart the error happens immediately startup: > > > > > > Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25 > > > out1-smtp.messagingengine.com > > > from spamd db (Error 0) > > > Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming > > > connections. > > > Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25 > > > out1-smtp.messagingengine.com > > > from spamd db (Error 0) > > > > > > > Just noticed, that right after a previous restart it's no longer Error > > 22 but Error 0 > > Apr 27 21:50:27 tintagel spamd[27724]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 22) > > Apr 27 21:51:27 tintagel spamd[27724]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 22) > > Apr 27 21:52:18 tintagel spamd[8450]: listening for incoming > > connections. > > Apr 27 21:52:18 tintagel spamd[20180]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > Apr 27 21:52:25 tintagel spamd[6924]: listening for incoming > > connections. > > Apr 27 21:52:25 tintagel spamd[3732]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > Apr 27 21:53:26 tintagel spamd[3732]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > Apr 27 21:54:26 tintagel spamd[3732]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > Apr 27 21:55:27 tintagel spamd[3732]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > > > # ls -l /var/db/spamd > > -rw-r--r-- 1 _spamd _spamd 6881280 Apr 27 22:51 /var/db/spamd > > > > here's my process output limited to spamd > > # ps aux | grep -i spamd > > root 30279 0.0 3.3 68000 67956 ?? SsSun11PM1:22.68 perl: > > /usr/local/bin/spamd -d -u _spamdaemon -P (perl) > > _spamdaemon 10621 0.0 0.4 68016 8872 ?? S Sun11PM0:00.59 > > perl: spamd child (perl) > > _spamdaemon 29838 0.0 0.4 68016 8936 ?? S Sun11PM0:00.83 > > perl: spamd child (perl) > > _spamd7233 0.0 0.1 9860 1704 ?? Is10:28PM0:00.73 spamd: > > (pf update) (spamd) > > _spamd 25915 0.0 0.3 10308 5220 ?? I 10:28PM0:00.12 spamd: > > [priv] (greylist) (spamd) > > _spamd 14894 0.0 0.0 9656 1020 ?? I 10:28PM0:00.00 spamd: > > (/var/db/spamd update) (spamd) > > root 30162 0.0 0.0 636 4 p7 R+10:52PM0:00.00 grep > > -i spamd (ksh) > > # > > > > > > > > You might also try running: > > > > > > > > $ spamdb | fgrep 66.111.4.25 > > > > > > Here is the output: > > > $ spamdb | fgrep 66.111.4.25 > > > WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 > > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > > > > > > > > > > > > > > to see if that entry is really in the database and if so see if > > > > "spamdb -d" can remove it. > > > > > > > > > > # spamdb -d 66.111.4.25 > > &g
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 10:52 PM, Adam Wolk wrote: > On Mon, Apr 27, 2015, at 10:43 PM, Adam Wolk wrote: > > On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote: > > > On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: > > > > > > > Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 > > > > out1-smtp.messagingengine.com > > > > from spamd db (Error 22) > > > > > > > > Does anyone know how serious that error is (should I be worried) and > > > > what might have caused it? > > > > > > Error 22 is EINVAL. I'm not sure how that can happen in this case > > > though. Have you tried restating spamd? > > > > > > > Hi Todd, > > > > Indeed I tried restarting spamd and the issue is the same each time. > > With a spamd restart the error happens immediately startup: > > > > Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming > > connections. > > Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 0) > > > > Just noticed, that right after a previous restart it's no longer Error > 22 but Error 0 > Apr 27 21:50:27 tintagel spamd[27724]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 22) > Apr 27 21:51:27 tintagel spamd[27724]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 22) > Apr 27 21:52:18 tintagel spamd[8450]: listening for incoming > connections. > Apr 27 21:52:18 tintagel spamd[20180]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > Apr 27 21:52:25 tintagel spamd[6924]: listening for incoming > connections. > Apr 27 21:52:25 tintagel spamd[3732]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > Apr 27 21:53:26 tintagel spamd[3732]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > Apr 27 21:54:26 tintagel spamd[3732]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > Apr 27 21:55:27 tintagel spamd[3732]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > > # ls -l /var/db/spamd > -rw-r--r-- 1 _spamd _spamd 6881280 Apr 27 22:51 /var/db/spamd > > here's my process output limited to spamd > # ps aux | grep -i spamd > root 30279 0.0 3.3 68000 67956 ?? SsSun11PM1:22.68 perl: > /usr/local/bin/spamd -d -u _spamdaemon -P (perl) > _spamdaemon 10621 0.0 0.4 68016 8872 ?? S Sun11PM0:00.59 > perl: spamd child (perl) > _spamdaemon 29838 0.0 0.4 68016 8936 ?? S Sun11PM0:00.83 > perl: spamd child (perl) > _spamd7233 0.0 0.1 9860 1704 ?? Is10:28PM0:00.73 spamd: > (pf update) (spamd) > _spamd 25915 0.0 0.3 10308 5220 ?? I 10:28PM0:00.12 spamd: > [priv] (greylist) (spamd) > _spamd 14894 0.0 0.0 9656 1020 ?? I 10:28PM0:00.00 spamd: > (/var/db/spamd update) (spamd) > root 30162 0.0 0.0 636 4 p7 R+10:52PM0:00.00 grep > -i spamd (ksh) > # > > > > > You might also try running: > > > > > > $ spamdb | fgrep 66.111.4.25 > > > > Here is the output: > > $ spamdb | fgrep 66.111.4.25 > > WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > > > > > > > > > > to see if that entry is really in the database and if so see if > > > "spamdb -d" can remove it. > > > > > > > # spamdb -d 66.111.4.25 > > # echo $? > > 0 > > # spamdb | fgrep 66.111.4.25 > > WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > > > > > > > - todd > > > > > > > The weird thing is - it just started happenin
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 10:43 PM, Adam Wolk wrote: > On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote: > > On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: > > > > > Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 > > > out1-smtp.messagingengine.com > > > from spamd db (Error 22) > > > > > > Does anyone know how serious that error is (should I be worried) and > > > what might have caused it? > > > > Error 22 is EINVAL. I'm not sure how that can happen in this case > > though. Have you tried restating spamd? > > > > Hi Todd, > > Indeed I tried restarting spamd and the issue is the same each time. > With a spamd restart the error happens immediately startup: > > Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming > connections. > Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25 > out1-smtp.messagingengine.com > from spamd db (Error 0) > Just noticed, that right after a previous restart it's no longer Error 22 but Error 0 Apr 27 21:50:27 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 21:51:27 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 21:52:18 tintagel spamd[8450]: listening for incoming connections. Apr 27 21:52:18 tintagel spamd[20180]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) Apr 27 21:52:25 tintagel spamd[6924]: listening for incoming connections. Apr 27 21:52:25 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) Apr 27 21:53:26 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) Apr 27 21:54:26 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) Apr 27 21:55:27 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) # ls -l /var/db/spamd -rw-r--r-- 1 _spamd _spamd 6881280 Apr 27 22:51 /var/db/spamd here's my process output limited to spamd # ps aux | grep -i spamd root 30279 0.0 3.3 68000 67956 ?? SsSun11PM1:22.68 perl: /usr/local/bin/spamd -d -u _spamdaemon -P (perl) _spamdaemon 10621 0.0 0.4 68016 8872 ?? S Sun11PM0:00.59 perl: spamd child (perl) _spamdaemon 29838 0.0 0.4 68016 8936 ?? S Sun11PM0:00.83 perl: spamd child (perl) _spamd7233 0.0 0.1 9860 1704 ?? Is10:28PM0:00.73 spamd: (pf update) (spamd) _spamd 25915 0.0 0.3 10308 5220 ?? I 10:28PM0:00.12 spamd: [priv] (greylist) (spamd) _spamd 14894 0.0 0.0 9656 1020 ?? I 10:28PM0:00.00 spamd: (/var/db/spamd update) (spamd) root 30162 0.0 0.0 636 4 p7 R+10:52PM0:00.00 grep -i spamd (ksh) # > > You might also try running: > > > > $ spamdb | fgrep 66.111.4.25 > > Here is the output: > $ spamdb | fgrep 66.111.4.25 > WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > > > > > > to see if that entry is really in the database and if so see if > > "spamdb -d" can remove it. > > > > # spamdb -d 66.111.4.25 > # echo $? > 0 > # spamdb | fgrep 66.111.4.25 > WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 > GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > > > > - todd > > > > The weird thing is - it just started happening. I did see other weird > issues > like spamdb not showing any entries in short periods of time but I > assumed > that it was expired hosts and they always came back after a while. > > I did make a copy of my /var/db/spamd in case it's a corrupt db. Though > nothing > specific was happening with the host when the errors started. > > I started looking at /usr/src which makes me think the issue comes from: > > /usr/src/libexec/spamd/grey.c > case DBC_DEL: > memset(&dbk, 0, sizeof
Re: spamdb - can't delete spam db entry (Error 22)
On Mon, Apr 27, 2015, at 10:22 PM, Todd C. Miller wrote: > On Mon, 27 Apr 2015 20:06:59 +0200, Adam Wolk wrote: > > > Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 > > out1-smtp.messagingengine.com > > from spamd db (Error 22) > > > > Does anyone know how serious that error is (should I be worried) and > > what might have caused it? > > Error 22 is EINVAL. I'm not sure how that can happen in this case > though. Have you tried restating spamd? > Hi Todd, Indeed I tried restarting spamd and the issue is the same each time. With a spamd restart the error happens immediately startup: Apr 27 22:27:52 tintagel spamd[3732]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) Apr 27 22:28:51 tintagel spamd[25915]: listening for incoming connections. Apr 27 22:28:51 tintagel spamd[7233]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 0) > You might also try running: > > $ spamdb | fgrep 66.111.4.25 Here is the output: $ spamdb | fgrep 66.111.4.25 WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > > to see if that entry is really in the database and if so see if > "spamdb -d" can remove it. > # spamdb -d 66.111.4.25 # echo $? 0 # spamdb | fgrep 66.111.4.25 WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 > - todd > The weird thing is - it just started happening. I did see other weird issues like spamdb not showing any entries in short periods of time but I assumed that it was expired hosts and they always came back after a while. I did make a copy of my /var/db/spamd in case it's a corrupt db. Though nothing specific was happening with the host when the errors started. I started looking at /usr/src which makes me think the issue comes from: /usr/src/libexec/spamd/grey.c case DBC_DEL: memset(&dbk, 0, sizeof(dbk)); dbk.size = strlen(dbc->key); dbk.data = dbc->key; if (db->del(db, &dbk, 0)) { syslog_r(LOG_ERR, &sdata, "can't delete %s from spamd db (%m)", dbc->key); ret = -1; } break; which uses the hash version of db.h /usr/src/lib/libc/db/hash/hash.c hash_delete(const DB *dbp, const DBT *key, u_int32_t flag) /* Ignored */ { HTAB *hashp; hashp = (HTAB *)dbp->internal; if (flag && flag != R_CURSOR) { hashp->err = errno = EINVAL; return (ERROR); } if ((hashp->flags & O_ACCMODE) == O_RDONLY) { hashp->err = errno = EPERM; return (ERROR); } return (hash_access(hashp, HASH_DELETE, (DBT *)key, NULL)); } The line with EINVAL like you correctly pointed out. While here, why is flag marked as /* ignored */ and the error I'm hitting looks like code which verifies if that parameter was properly set? The if shouldn't have a way to trigger since del is passed 0 as the flag parameter so I'm a bit dumbfounded here. I couldn't find any other part of the code that could result in the exact same error message. I am trying to write a small C program to open the db file to try and delete the entry from a reduced use case - so far it's being going really slow to get a useful test case. Not sure if I will be able to whip it up in a reasonable time frame. Regards, Adam
spamdb - can't delete spam db entry (Error 22)
Hi all, I spent part of the weekend setting up a private OpenSMTPD server using spamd. Everything seems to be working great but I'm now starting to see some weird behaviour. The server is running an amd64 snapshot from Apr 25 using a default spamd configuration. Does anyone know how serious that error is (should I be worried) and what might have caused it? I did my testing by sending email from this address & my gmail account to my server and I am now seeing the following messages in /var/log/daemon Apr 27 19:54:55 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 19:55:56 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 19:56:57 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 19:57:58 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 19:58:58 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 19:59:59 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 20:01:01 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) Apr 27 20:02:02 tintagel spamd[27724]: can't delete 66.111.4.25 out1-smtp.messagingengine.com from spamd db (Error 22) ... and so on They keep repeating every minute. Current spamdb entry as of 19:58:58 in the timestamp # spamdb WHITE|66.111.4.25|||1430096342|1430098533|1433208963|4|0 GREY|209.85.218.48|mail-oi0-f48.google.com|||1430145364|1430159764|1430159764|1|0 GREY|209.85.214.175|mail-ob0-f175.google.com|||1430152660|1430167060|1430167060|1|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 GREY|209.85.214.175|mail-ob0-f175.google.com|||1430152660|1430167060|1430167060|1|0 GREY|209.85.214.175|mail-ob0-f175.google.com|||1430152660|1430167060|1430167060|1|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430146234|1430148635|1430160634|3|0 GREY|209.85.218.41|mail-oi0-f41.google.com|||1430102722|1430117122|1430117122|1|0 GREY|66.111.4.25|out1-smtp.messagingengine.com|||1430142855|1430145035|1430157255|4|0 GREY|209.85.214.175|mail-ob0-f175.google.com|||1430152660|1430167060|1430167060|1|0 spamd rc.conf.local entry: spamd_flags="-v" spampd_flags="--port=10035 --relayhost=127.0.0.1:10036 --tagall -aw" My pf spamd-white list # pfctl -t spamd-white -T show 66.111.4.25 My pf setup regarding spamd allow email # pass in on $ext_if proto tcp to any port smtp pass in on $ext_if proto tcp to any port submission # allow imaps port 993 pass in on $ext_if proto tcp to any port imaps # rules for spamd(8) table persist table persist file "/etc/mail/nospamd" pass in on $ext_if proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on $ext_if proto tcp from to any port smtp pass in log on $ext_if proto tcp from to any port smtp pass out log on $ext_if proto tcp to any port smtp Regards, -- Adam Wolk adam.w...@koparo.com
Re: Questions about porting - usage of ucontext.h / uc_mcontext
On Sat, Apr 25, 2015, at 03:59 PM, Adam Wolk wrote: > Hi misc@ > > I'm working on a port for the Dart programming language - currently > trying to just > get some stuff just building before I start adding proper support. > > I started to hit code that uses ucontext.h which is not present on > OpenBSD. > > The first occurrence happened in dart/runtime/vm/signal_handler.h [1], > while handling it > I found out that signal.h defines sigcontext which has the same role as > mcontext_t > from ucontext.h. > > More serious (for me) issues happened with > dart/runtime/vm/signal_handler_linux.cc [2]. > Where the gregs field is being accessed from mcontext. This file however > seems to handle > 'UNIMPLEMENTED()' code paths so that's what I added so far to get the > build moving. > > Now I'm sitting at thread_interrupter_linux.cc which tries to obtain the > uc_mcontext from > mcontext_t and I don't see a way to obtain that information. > > Now again I will probably still just bump the compilation forward by > hacking the files in a really > ugly way but later on I want to add proper platform support - meaning > adding _openbsd.cc/h > files and integrating it into the build. > > So my question is, are there any alternatives that provide the same > functionality that's expected > from uc_mcontext and mcontext_t.gregs? How should I best approach this. > > I didn't involve upstream in the port yet (I will later on) & I'm not > expecting solution - a pointer > in the right direction would be deeply appreciated :) > > [1] - > https://github.com/dart-lang/bleeding_edge/blob/master/dart/runtime/vm/signal_handler.h > [2] - > https://github.com/dart-lang/bleeding_edge/blob/master/dart/runtime/vm/signal_handler_linux.cc > [3] - > https://github.com/dart-lang/bleeding_edge/blob/master/dart/runtime/vm/thread_interrupter_linux.cc > > Regards, > -- > Adam Wolk > adam.w...@koparo.com > Taking a look at sigaction it seems that the fields defined there match values provided by uc_mcontext/.gregs. Am I correct thinking that sigaction.sc_rip matches uc_mcontext.gregs[REG_RIP] etc. I'm going to test that path and sorry for hitting the list before giving this a try, though still appreciate any feedback if I'm going the wrong way. Regards, Adam
Questions about porting - usage of ucontext.h / uc_mcontext
Hi misc@ I'm working on a port for the Dart programming language - currently trying to just get some stuff just building before I start adding proper support. I started to hit code that uses ucontext.h which is not present on OpenBSD. The first occurrence happened in dart/runtime/vm/signal_handler.h [1], while handling it I found out that signal.h defines sigcontext which has the same role as mcontext_t from ucontext.h. More serious (for me) issues happened with dart/runtime/vm/signal_handler_linux.cc [2]. Where the gregs field is being accessed from mcontext. This file however seems to handle 'UNIMPLEMENTED()' code paths so that's what I added so far to get the build moving. Now I'm sitting at thread_interrupter_linux.cc which tries to obtain the uc_mcontext from mcontext_t and I don't see a way to obtain that information. Now again I will probably still just bump the compilation forward by hacking the files in a really ugly way but later on I want to add proper platform support - meaning adding _openbsd.cc/h files and integrating it into the build. So my question is, are there any alternatives that provide the same functionality that's expected from uc_mcontext and mcontext_t.gregs? How should I best approach this. I didn't involve upstream in the port yet (I will later on) & I'm not expecting solution - a pointer in the right direction would be deeply appreciated :) [1] - https://github.com/dart-lang/bleeding_edge/blob/master/dart/runtime/vm/signal_handler.h [2] - https://github.com/dart-lang/bleeding_edge/blob/master/dart/runtime/vm/signal_handler_linux.cc [3] - https://github.com/dart-lang/bleeding_edge/blob/master/dart/runtime/vm/thread_interrupter_linux.cc Regards, -- Adam Wolk adam.w...@koparo.com
more missing -e option during snapshot upgrade (Apr 14 & 19 amd64)
Hi misc@ I reported a similar issue previously though it was about less and the installer code was changed: http://marc.info/?l=openbsd-misc&m=142817044404891&w=2 This time the installer complains about '-e' option not being present in more. My upgrade process is as follows. - backup bsd* to bsd*.b - reboot - boot bsd.rd - perform upgrade - sysmerge & package updates During the install trying to use the ? option when picking set locations results in an error instead of receiving a enumerated list of mirrors to pick from. This has so far happened on two amd64 snapshot upgrades: - Apr 14 - Apr 19 both obtained from mirrors.nycbug.org. Regards, -- Adam Wolk adam.w...@koparo.com
less missing -N option during snapshot upgrade (Apr 02 i386)
Hi misc@ I noticed a weird bug during todays snapshot upgrade 02-Apr-2015 from 26-Mar-2015. Both snapshots were obtained from piotrkosoft.net for i386. I had to change the set location as usual during an upgrade and found a less error: HTTP Server? (hostname, list#, 'done' or '?') [ftp.icm.edu.pl] ? less: unknown option "-N" usage: less [-dfln] [+linenum | +/pattern] name1 name2 ... when escaped to shell I see the same behaviour calling less directly: # less -N less: unknown option "-N" usage: less [-dfln] [+linenum | +/pattern] name1 name2 ... # I still could pick the host by it's entry number and upgraded without issues. HTTP Server? (hostname, list#, 'done' or '?') [ftp.icm.edu.pl] 37 HTTP Server? (hostname, list#, 'done' or '?') [piotrkosoft.net] After the upgrade I can see that system installed 'less' does properly handle the -N flag. Did anyone else hit that weird glitch? Regards, -- Adam Wolk adam.w...@koparo.com
Re: startx fail on Lenovo G50-70 amd64
On Sat, Apr 4, 2015, at 04:51 PM, Adam Wolk wrote: > On Sat, Apr 4, 2015, at 04:45 PM, Gareth Nelson wrote: > > Lenovo G700 here, only worked in X11 after disabling acpi, then it "just > > worked" > > > > Thanks for the input. For some reason I was able to startx into cwm > after plugging in an external monitor. > Ok folks you are now officially permitted to laugh. My wife just told me why! The screen had it's brightness turned down completely. Use the keyboard and turn that up! It works! The reason I didn't notice (and possibly also the OP) is because there was nothing up on the screen. When I plugged the external monitor in and opened up a terminal my wife noticed the barely visible outline of the terminal on the main laptops monitor. Regards, Adam
Re: startx fail on Lenovo G50-70 amd64
On Sat, Apr 4, 2015, at 04:45 PM, Gareth Nelson wrote: > Lenovo G700 here, only worked in X11 after disabling acpi, then it "just > worked" > Thanks for the input. For some reason I was able to startx into cwm after plugging in an external monitor. > --- > “Lanie, I’m going to print more printers. Lots more printers. One for > everyone. That’s worth going to jail for. That’s worth anything.” - > Printcrime by Cory Doctrow > > Please avoid sending me Word or PowerPoint attachments. > See http://www.gnu.org/philosophy/no-word-attachments.html > > On Fri, Apr 3, 2015 at 4:04 PM, Adam Wolk wrote: >> On Sat, Mar 28, 2015, at 04:26 AM, box963 wrote: >> > -- Forwarded message - >> > >> > > Hi, I'm new to OBSD. I just wiped a certain *nix distro off my laptop and >> > did a fresh install of OBSD56 on a Lenovo G50-70 with the default X >> > packages. >> > > >> > > Unfortunately, both xdm && startx each separately fail into a blank >> > screen and no keyboard response. >> > > >> > > It's interesting that about 10 seconds after closing the lid either: a) >> > suspend restores text console and keyboard; or b) suspend locks up the >> > laptop. >> > > >> > > Please see the i915 drm errors in the dmesg. I realize the wireless card >> > is not yet supported but the intel man page indicates that i915[*] is >> > supported hardware. Am I wrong about the driver support ?? >> > > >> > > I could use some suggestions on how to fix this -- thanks !! >> > > >> > > Drew >> > > >> > > >> > > ## >> > > OpenBSD 5.6 (GENERIC.MP[http://generic.mp/]) #333: Fri Aug 8 00:20:21 MDT > > 2014 >> > > > >dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP[http://generic.mp/] >> > > RTC BIOS diagnostic error 80 >> >> Hi misc@ >> >> I have the same laptop (Lenovo G50-70) and I can confirm the issue >> reported >> in this thread. >> >> startx results in a black screen, suspending by closing the lid and >> opening it up >> shortly after resumes the first console. >> >> Additionally noticed that: >> - re0 doesn't work on my box, it tries to obtain dhcp address during >> install but >> fails to do so. If continued in that state a 're0 watchdog' kicks in >> and the installer >> starts crawling in snail pace >> - no wifi >> >> My next step will be to reinstall the box with a current amd64 snapshot >> to see >> if anything gets better. >> >> dmesg follows: >> >> OpenBSD 5.6 (RAMDISK_CD) #303: Fri Aug 8 00:25:26 MDT 2014 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD >> RTC BIOS diagnostic error 80 >> real mem = 8464887808 (8072MB) >> avail mem = 8234160128 (7852MB) >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6e40 (38 entries) >> bios0: vendor LENOVO version "9ACN29WW" date 10/20/2014 >> bios0: LENOVO 20351 >> acpi0 at bios0: rev 2 >> acpi0: sleep states S0 S3 S4 S5 >> acpi0: tables DSDT FACP SLIC UEFI FPDT POAT ASF! HPET APIC MCFG WDAT >> SSDT BOOT LPIT ASPT DBGP SSDT SSDT SSDT SSDT >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.91 MHz >> cpu0: >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID >> cpu0: 256KB 64b/line 8-way L2 cache >> cpu0: apic clock running at 99MHz >> cpu at mainbus0: not configured >> cpu at mainbus0: not configured >> cpu at mainbus0: not configured >> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins >> acpiprt0 at acpi0: bus 0 (PCI0) >> acpiprt1 at acpi0: bus -1 (P0P1) >> acpiprt2 at acpi0: bus 1 (RP03) >> acpiprt3 at acpi0: bus 2 (RP04) >> acpiprt4 at acpi0: bus 3 (RP05) >> acpiprt5 at acpi0: bus -1 (PEG0) >> acpiprt6 at acpi0: bus -1 (PEG1) >> acpiprt7 at acpi0: bus -1 (PEG2) >> pci0 at mainbus0 bus 0 >> pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x0b >> vga1 at
Re: startx fail on Lenovo G50-70 amd64
On Fri, Apr 3, 2015, at 05:04 PM, Adam Wolk wrote: > On Sat, Mar 28, 2015, at 04:26 AM, box963 wrote: > > -- Forwarded message - > > > > > Hi, I'm new to OBSD. I just wiped a certain *nix distro off my laptop and > > did a fresh install of OBSD56 on a Lenovo G50-70 with the default X > > packages. > > > > > > Unfortunately, both xdm && startx each separately fail into a blank > > screen and no keyboard response. > > > > > > It's interesting that about 10 seconds after closing the lid either: a) > > suspend restores text console and keyboard; or b) suspend locks up the > > laptop. > > > > > > Please see the i915 drm errors in the dmesg. I realize the wireless card > > is not yet supported but the intel man page indicates that i915[*] is > > supported hardware. Am I wrong about the driver support ?? > > > > > > I could use some suggestions on how to fix this -- thanks !! > > > > > > Drew > > > > > > > > > ## > > > OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug 8 00:20:21 MDT 2014 > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > RTC BIOS diagnostic error 80 > > Hi misc@ > > I have the same laptop (Lenovo G50-70) and I can confirm the issue > reported > in this thread. > > startx results in a black screen, suspending by closing the lid and > opening it up > shortly after resumes the first console. > > Additionally noticed that: > - re0 doesn't work on my box, it tries to obtain dhcp address during > install but >fails to do so. If continued in that state a 're0 watchdog' kicks in >and the installer >starts crawling in snail pace > - no wifi > > My next step will be to reinstall the box with a current amd64 snapshot > to see > if anything gets better. > Unfortunately a current snapshot from Apr 1 exposes the same startx issue. dmesg follows: OpenBSD 5.7-current (RAMDISK_CD) #824: Wed Apr 1 03:41:04 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD RTC BIOS diagnostic error 80 real mem = 8464887808 (8072MB) avail mem = 8206622720 (7826MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6e40 (38 entries) bios0: vendor LENOVO version "9ACN29WW" date 10/20/2014 bios0: LENOVO 20351 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SLIC UEFI FPDT POAT ASF! HPET APIC MCFG WDAT SSDT BOOT LPIT ASPT DBGP SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.89 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 1 (RP03) acpiprt3 at acpi0: bus 2 (RP04) acpiprt4 at acpi0: bus 3 (RP05) acpiprt5 at acpi0: bus -1 (PEG0) acpiprt6 at acpi0: bus -1 (PEG1) acpiprt7 at acpi0: bus -1 (PEG2) acpiec0 at acpi0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x0b vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) "Intel Core 4G HD Audio" rev 0x0b at pci0 dev 3 function 0 not configured xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x04: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured "Intel 8 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xe4: msi pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU (0x5080), msi, address 68:f7:28:39:b2:85 rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0 ppb1 at pci0 dev 28 function 3 "Intel 8 Series PCIE" rev 0xe4: msi pci2 at ppb1 bus 2 "Atheros AR9565" rev 0x01 at pci2 dev 0 function 0 not configured ppb2 at pci0 dev 28 function 4 "Intel 8 Series PCIE" rev 0xe4: msi pci3 at ppb2 bus 3 3:0:0: mem address conflict 0xfffe/0x2 "ATI Radeon HD 8500M" rev 0x00 at pci3 dev 0 function 0 not configured ehci0 at pci0 d
Re: startx fail on Lenovo G50-70 amd64
On Sat, Mar 28, 2015, at 04:26 AM, box963 wrote: > -- Forwarded message - > > > Hi, I'm new to OBSD. I just wiped a certain *nix distro off my laptop and > did a fresh install of OBSD56 on a Lenovo G50-70 with the default X > packages. > > > > Unfortunately, both xdm && startx each separately fail into a blank > screen and no keyboard response. > > > > It's interesting that about 10 seconds after closing the lid either: a) > suspend restores text console and keyboard; or b) suspend locks up the > laptop. > > > > Please see the i915 drm errors in the dmesg. I realize the wireless card > is not yet supported but the intel man page indicates that i915[*] is > supported hardware. Am I wrong about the driver support ?? > > > > I could use some suggestions on how to fix this -- thanks !! > > > > Drew > > > > > > ## > > OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug 8 00:20:21 MDT 2014 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > RTC BIOS diagnostic error 80 Hi misc@ I have the same laptop (Lenovo G50-70) and I can confirm the issue reported in this thread. startx results in a black screen, suspending by closing the lid and opening it up shortly after resumes the first console. Additionally noticed that: - re0 doesn't work on my box, it tries to obtain dhcp address during install but fails to do so. If continued in that state a 're0 watchdog' kicks in and the installer starts crawling in snail pace - no wifi My next step will be to reinstall the box with a current amd64 snapshot to see if anything gets better. dmesg follows: OpenBSD 5.6 (RAMDISK_CD) #303: Fri Aug 8 00:25:26 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD RTC BIOS diagnostic error 80 real mem = 8464887808 (8072MB) avail mem = 8234160128 (7852MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6e40 (38 entries) bios0: vendor LENOVO version "9ACN29WW" date 10/20/2014 bios0: LENOVO 20351 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC UEFI FPDT POAT ASF! HPET APIC MCFG WDAT SSDT BOOT LPIT ASPT DBGP SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.91 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 1 (RP03) acpiprt3 at acpi0: bus 2 (RP04) acpiprt4 at acpi0: bus 3 (RP05) acpiprt5 at acpi0: bus -1 (PEG0) acpiprt6 at acpi0: bus -1 (PEG1) acpiprt7 at acpi0: bus -1 (PEG2) pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x0b vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) "Intel Core 4G HD Audio" rev 0x0b at pci0 dev 3 function 0 not configured "Intel 8 Series xHCI" rev 0x04 at pci0 dev 20 function 0 not configured "Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured "Intel 8 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xe4: msi pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU (0x5080), msi, address 68:f7:28:39:b2:85 rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0 ppb1 at pci0 dev 28 function 3 "Intel 8 Series PCIE" rev 0xe4: msi pci2 at ppb1 bus 2 "Atheros AR9565" rev 0x01 at pci2 dev 0 function 0 not configured ppb2 at pci0 dev 28 function 4 "Intel 8 Series PCIE" rev 0xe4: msi pci3 at ppb2 bus 3 "ATI Radeon HD 8500M" rev 0x00 at pci3 dev 0 function 0 not configured ehci0 at pci0 dev 29 function 0 "Intel 8 Series USB" rev 0x04: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 8 Series LPC" rev 0x04 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 "Intel 8 Series AHCI" rev 0x04: msi, AHCI 1.3 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed naa.50014ee60528f927 sd0: 953869MB, 512 bytes/sector, 1953525168 sectors cd0 at scsibus0 targ 1 lun 0: ATAPI 5/cdrom removable "Intel 8 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured isa0 at mainbus0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 uhub1 at uhub0 port 1 "vendor 0x8087 product 0x8000" rev 2.00/0.04
Re: dmesg after install
On Thu, Apr 2, 2015, at 08:22 PM, Philip Guenther wrote: > On Thu, Apr 2, 2015 at 11:15 AM, Philip Guenther > wrote: > > On Thu, Apr 2, 2015 at 10:48 AM, Adam Wolk wrote: > > ... > >> My questions is how valuable are dmesgs from snapshots & past releases? > >> - Should I care to email the dmesg from the 5.6 installation when 5.7 > >> is almost shipped? > >> - Is it valuable for the project to upgrade to 5.7 just for the dmesg > >> even if I intend to run > >>current snapshots? > >> - In case I'm going to only run snapshots - should I send a dmesg from > >> the first snapshot > >>installed on that box? > > > > > > Send the dmesg from the version you run. > > If something changes after an upgrade, or just every few upgrades, > > send a new dmesg. > > To continue: > > As developers, we look at the submitted dmesgs to see which devices > are still in use (or not!), what new stuff is appearing, what stuff > has changed, etc. But we're mostly interested in the present; sending > both a 5.6 and 5.7 dmesg is only useful if something broke between the > two, but if that's the case you should post it to the mailing lists as > dmesg@ is just dropped into a file and only (re)viewed > retrospectively. > > > Philip Guenther Thanks Philip. In that case I'll go with the B path as I have a 5.6 CD handy so won't have to prep a snapshot media and just upgrade with a bsd.rd. I'll provide a 5.6 dmesg & will send a snapshot dmesg if anything changes for better or worse with the snapshot. Regards, Adam
dmesg after install
Hi misc@, The 'Welcome to OpenBSD 5.x!' email states: > If you wish to ensure that OpenBSD runs better on your machines, please do us > a favor (after you have your mail system configured!) and type something like: > # (dmesg; sysctl hw.sensors) | \ >mail -s "Sony VAIO 505R laptop, apm works OK" dm...@openbsd.org > so that we can see what kinds of configurations people are running. I'm getting a new laptop tomorrow (Lenovo G50-70) which I intend to run OpenBSD on. My questions is how valuable are dmesgs from snapshots & past releases? - Should I care to email the dmesg from the 5.6 installation when 5.7 is almost shipped? - Is it valuable for the project to upgrade to 5.7 just for the dmesg even if I intend to run current snapshots? - In case I'm going to only run snapshots - should I send a dmesg from the first snapshot installed on that box? I have several possible paths to take with the new machine: Path A: - Install 5.6 - send dmesg to the mailing list - patch it - wait for my 5.7 CD's to arrive - install 5.7 - send dmesg to the mailing list - upgrade to snapshots Path B: - Install 5.6 - send dmesg - upgrade to a snapshot - send dmesg? Path C: - Just directly install a snapshot - send dmesg? I'm trying to decide which one to take hence the questions. I have a hunch that A is the most beneficial but would love some input on this. Regards, -- Adam Wolk adam.w...@koparo.com
Re: pkg_add failure in March 1 snapshot
On Tue, Mar 3, 2015, at 01:33 PM, Peter N. M. Hansteen wrote: > On Tue, Mar 03, 2015 at 12:56:44PM +0100, Adam Wolk wrote: > > I just updated to the March 1 (i386) snapshot and now I'm in process of > > doing a 'pkg_add -uiv' so far no issues on my side (packages are > > downloading and updating). > > > > Is the issue reproducible? Maybe it was a temporary network glitch? > > > > : http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/snapshots/packages/amd64/ > > is empty > > amd64 packages on i386 is not supported. perhaps pkg_add is simply > keeping > you from wrecking your configuration? > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > Hi Peter, My configuration is fine and works (i386 using i386 packages). The error message was copied from the original poster as an attempt to diagnose what might be wrong with his setup. Regards, Adam
Re: pkg_add failure in March 1 snapshot
On Tue, Mar 3, 2015, at 12:35 PM, Dmitrij D. Czarkoff wrote: > Hi! > > I've updated to March 1 snapshot, and after sysmerge tried to update > packages. What I got was: > > : $ sudo pkg_add -u > : Use of uninitialized value $file in hash element at > /usr/libdata/perl5/OpenBSD/Temp.pm line 80. > : Use of uninitialized value $error in concatenation (.) or string at > /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 723. > : sh: syntax error: unexpected EOF > : Use of uninitialized value $filename in open at > /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 649. > : http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/snapshots/packages/amd64/ is > empty > > followed by a list of installed packages that failed to update. > > -- > Dmitrij D. Czarkoff > I just updated to the March 1 (i386) snapshot and now I'm in process of doing a 'pkg_add -uiv' so far no issues on my side (packages are downloading and updating). Is the issue reproducible? Maybe it was a temporary network glitch? : http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/snapshots/packages/amd64/ is empty The error looks like being reported from: PackageRepository.pm:144 sub stemlist. Maybe it's a weirdly named file in that snapshot directory that breaks the stem split? Regards, Adam
Re: Report of an NSA Employee about a Backdoor in the OpenSSH Daemon [pdf] (spiegel.de)
On Sat, Jan 17, 2015, at 11:41 PM, Stefan Sperling wrote: > On Sat, Jan 17, 2015 at 10:59:19PM +0100, Daniel Cegiełka wrote: > > http://www.spiegel.de/media/media-35663.pdf > > > > "PANT SPARTY is a backdoor in the SSH daemon for *NIX, based on > > OpenSSH portable" > > They are not talking about the official OpenSSH code. > > To save everyone a bit of time (and hassle with a PDF), from the same > document: > > "It allows a public key to be embedded in the sshd binary and will then > always grant a root login shell if presented with the proper key pair > for that key. [...] authorized_keys as a quick-and-easy method of > persistence [...] obviously isn't very stealthy [...] The goal for this > project was to provide the same level of persistence but embedded in > the sshd binary itself (obviously, assuming root access, as before)" > > In other works, no backdoor in sshd unless the system has already been > rooted by other means and sshd replaced with a bugged binary. Boohoo. > Stefan correctly mentions that the document specifically talks about the portable version. Some interesting things I found in the document: - it's not a stealthy upstreamed backdoor - just local source modifications that are supposed to be dropped on an already compromised system (like Stefan mentioned) - the code was modified to allow root login regardless of configuration - 'SSH has a _lot_ of checks to make sure you can't switch usernames in the middle of a login (go figure) so this was a bit tricky to bypass'. That's a nice advertisment for the quality of OpenSSH code base :) even with source access the guy had to jump hoops to achieve login switching - '..wanted to allow an arbitrary username to be provided... This led to all sorts of problems where I didn't even get a valid authorization context at all, and I couldn't manually call the C function to get one for root because the connection is a de-privileged child process'. Again a nice advertisment for OpenSSH :) - fake accounts can login, the log will state it failed and hide the fact that ssh authed an authorized key for root It took him 2 days, with full source code access and intrusive checks added to the code in order to disable the internal mitigations in OpenSSH. I seriously doubt a change like that could be upstreamed without anyone noticing :) Regards, -- Adam Wolk adam.w...@koparo.com
Re: Purpose of what(1)
On Wed, Dec 31, 2014, at 08:48 PM, mar...@martinbrandenburg.com wrote: > Adam Wolk wrote: > > > Hi misc@ > > > > I have a question regarding the what(1) command. In one interview I saw > > Theo mentioning the what(1) utility: > > > > > Two numbers exist for every component of OpenBSD. One number is the > > > release that the piece came in, ie. 2.8. > > > > > > The other number exists in each source file that was built. And that > > > number is also in each binary that was built > > > from those files. You can use the what(1) command to determine the > > > revisions of source files which make up > > > each binary. > > > > The way I understood this I could use the what utility on a binary file > > in the base OpenBSD system to see exactly which CVS revisions of > > specific files composed into the resulting binary. > > > > I tried using the tool on several base utilities like ssh, adventure, ls > > etc. None of them produced any output except the executable name itself. > > > > I took a look at the source and the manpage and saw that what this > > utility really does is stepping through the binary in search of the > > revision markup then printing out the stuff it found. > > > > I tried the utility on all the files in /usr/bin/*, /bin/* and > > /usr/lib/* and found that the only ones producing output (actual > > revision markers and source files) are plain text shell scripts. > > Additionally output is also produced for the kernel files (/bsd, > > /bsd.sp, /bsd.rd). > > > > >From the manpage > > > > > The what utility is compliant with the X/Open System Interfaces option of > > > the IEEE Std 1003.1-2008 (???POSIX.1???) specification. > > > > I understand that this is part of POSIX but my question is: Is standard > > compliance the sole purpose of the existence of this tool or was it > > actually able to produce output for regular system binaries back in the > > old days? In case of the latter - is there some kind of additional > > stripping or a build step change that causes the information no longer > > being embedded in the executables? > > > > I'm not saying that something is broken, but really interested to know > > what changed. Especially after seeing this URL > > http://prefetch.net/blog/index.php/2005/05/17/fix-for-solaris-ssh-client-hangs/ > > showing the output of what(1) ran against OpenSSH on Solaris. > > > > In case this matters. I'm running a i386 snapshot from 27-Dec-2014. > > > > Regards, > > -- > > Adam Wolk > > adam.w...@koparo.com > > The tools work as you found, but there's nothing in the binaries to find > anymore. > > They went through and removed the RCS/SCCS strings. See the commit > message here > > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin/cat/cat.c?rev=1.20&content-type=text/x-cvsweb-markup > > Though CVS does still update the RCS string in the comment at the top of > the file. > > I don't know what use what(1)/ident(1) still have in base other than > historically being there. > > -- Martin Thanks Martin, you satisfied my curiosity - hope you have a happy new year :) Regards, -- Adam Wolk adam.w...@koparo.com
Purpose of what(1)
Hi misc@ I have a question regarding the what(1) command. In one interview I saw Theo mentioning the what(1) utility: > Two numbers exist for every component of OpenBSD. One number is the release > that the piece came in, ie. 2.8. > > The other number exists in each source file that was built. And that number > is also in each binary that was built > from those files. You can use the what(1) command to determine the revisions > of source files which make up > each binary. The way I understood this I could use the what utility on a binary file in the base OpenBSD system to see exactly which CVS revisions of specific files composed into the resulting binary. I tried using the tool on several base utilities like ssh, adventure, ls etc. None of them produced any output except the executable name itself. I took a look at the source and the manpage and saw that what this utility really does is stepping through the binary in search of the revision markup then printing out the stuff it found. I tried the utility on all the files in /usr/bin/*, /bin/* and /usr/lib/* and found that the only ones producing output (actual revision markers and source files) are plain text shell scripts. Additionally output is also produced for the kernel files (/bsd, /bsd.sp, /bsd.rd). >From the manpage > The what utility is compliant with the X/Open System Interfaces option of the > IEEE Std 1003.1-2008 (“POSIX.1”) specification. I understand that this is part of POSIX but my question is: Is standard compliance the sole purpose of the existence of this tool or was it actually able to produce output for regular system binaries back in the old days? In case of the latter - is there some kind of additional stripping or a build step change that causes the information no longer being embedded in the executables? I'm not saying that something is broken, but really interested to know what changed. Especially after seeing this URL http://prefetch.net/blog/index.php/2005/05/17/fix-for-solaris-ssh-client-hangs/ showing the output of what(1) ran against OpenSSH on Solaris. In case this matters. I'm running a i386 snapshot from 27-Dec-2014. Regards, -- Adam Wolk adam.w...@koparo.com
Re: Adding a new keymap
On Wed, Dec 24, 2014, at 10:04 PM, Henrique Lengler wrote: > On Wed, Dec 24, 2014 at 03:31:47PM -0500, Ted Unangst wrote: > > Add it to src/sys/dev/pckbc/wskbdmap_mfii.c and build a new kernel. > > WTF > > Where this src is located? > -- > Henrique Lengler > In the CVS source tree: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pckbc/wskbdmap_mfii.c?rev=1.43&content-type=text/x-cvsweb-markup Relevant FAQ entry: http://www.openbsd.org/faq/faq5.html Regards, -- Adam Wolk adam.w...@koparo.com
Re: Weird executable in /bin/ - i386 snapshots Dec 10
On Wed, Dec 24, 2014, at 04:30 PM, Vivek Vinod wrote: > I asked the exact same thing elsewhere... > > http://daemonforums.org/showthread.php?t=8778 > I also tried man "[" before I emailed, then couldn't find the source file in cvs - though that was my stupidity. Generally I never noticed the file on Linux since /bin is really messy there (4537 entries in my other box) with only 42 entries on OpenBSD it just stood out :) The replies here pointed the exact reason for which I thank the people who took the time to respond. Since the first reply from Otto I learned that man "\[" (escaped [) properly leads to the test man page. I also found the Makefile which creates the file in /bin/test. Guess it's never too late to learn and I should try harder before hitting the list. Regards, Adam > > Sent from my BlackBerry 10 smartphone. > Original Message > From: Otto Moerbeek > Sent: Wednesday 24 December 2014 19:33 > To: Adam Wolk > Cc: misc@openbsd.org > Subject: Re: Weird executable in /bin/ - i386 snapshots Dec 10 > > On Wed, Dec 24, 2014 at 02:55:15PM +0100, Adam Wolk wrote: > > > Hi all, > > > > I was doing a cursory look around my i386 laptop installation of OpenBSD > > snapshot from Dec 10 obtained from ftp://ftp.icm.edu.pl/ and noticed an > > unusual executable /bin/[ > > > > It has the same timestamp as all other binaries installed with the Dec > > 10 snapshot. > > Does anyone know if this is normal and what this binary does or where it > > could came from? > > It's not weird and has been in Unix for ages. It's is an alternative > name for test(1). man '[' and google will tell you it's use. > > -Otto > > > > > Regards, > > -- > > Adam Wolk > > adam.w...@koparo.com
Weird executable in /bin/ - i386 snapshots Dec 10
Operation not supported by device Inappropriate ioctl for device Numerical argument out of domain Resource temporarily unavailable Socket operation on non-socket Protocol wrong type for socket Address family not supported by protocol family Can't assign requested address Network dropped connection on reset Software caused connection abort Can't send after socket shutdown Too many references: can't splice Too many levels of symbolic links Too many levels of remote in path Inappropriate file type or format Value too large to be stored in data type Signal 0 Hangup Interrupt Quit Illegal instruction Trace/BPT trap Abort trap EMT trap Floating point exception Killed Bus error Segmentation fault Bad system call Alarm clock Terminated Urgent I/O condition Suspended (signal) Suspended Continued Child exited Stopped (tty input) Stopped (tty output) I/O possible Cputime limit exceeded Filesize limit exceeded Virtual timer expired Profiling timer expired Window size changes Information request User defined signal 1 User defined signal 2 Thread AST vsnprintf ( AA BB getenv snprintf __find_arguments __vfprintf 0123456789ABCDEF0123456789abcdefnan (null) bug in vfprintf: bad base __dtoa Infinity ?aCoc `__ldtoa __gdtoa <2ZGU ?__trailz_D2A __b2d_D2A __d2b_D2A O8M2 [%Co vH7B W4vC __umoddi3 __qdivrem alnum alpha blank cntrl graph lower print punct space upper xdigit NONE UTF8 _citrus_utf8_ctype_wcsnrtombs abort __swhatbuf __smakebuf getpagesize isatty _signal ^[Yy] ^[Nn] Sunday Monday Tuesday Wednesday Thursday Friday Saturday January February March April June July August September October November December %a %b %e %H:%M:%S %Y %m/%d/%y %H:%M:%S %I:%M:%S %p wrterror malloc_init malloc() warning: unknown char in MALLOC_OPTIONS (%d) in recursive call chunk info corrupted modified chunk-pointer chunk is already free regions_total not 2^x internal struct corrupt munmap /etc/malloc.conf MALLOC_OPTIONS malloc init mmap failed out of memory malloc cache munmap round malloc cache underflow malloc free slot lost malloc cache overflow bogus pointer (double free?) bogus pointer guard size mprotect double free free(): pp & bits posix_memalign(): mapalign bad alignment mapalign round calloc(): realloc(): malloc(): free() called before allocation memcpy backwards memcpy chacha_encrypt_bytes _rs_stir arc4random expand 32-byte kexpand 16-byte k <0000 z RuneCT10NONE OpenBSD Regards, -- Adam Wolk adam.w...@koparo.com
Re: null checks before free()
On Sun, Dec 14, 2014, at 10:38 PM, Otto Moerbeek wrote: > On Sun, Dec 14, 2014 at 08:14:18PM +0100, Adam Wolk wrote: > > > Hi all, > > > > Not that long ago we saw a lot of commits related to null checks being > > not needed before free() calls. > > > > Here are some examples: > > - > > > > http://www.freshbsd.org/commit/openbsd/6abf83ab833f1b0161938ac26ce5a549fd4b7cef > > > > > There is no point in checking if a pointer is non-NULL before calling > > > free, > > > since free already does this for us. Also remove some pointless NULL > > > assignments, where the result from malloc(3) is immediately assigned to > > > the > > > same variable. > > > > > > ok miod@ > > > > - > > > > http://www.freshbsd.org/commit/openbsd/9064b3d5fe0973bd390119ca172f336b1fe1863a?diff=sys%2Fnet%2Fbpf.c > > > > > some say you don't need NULL checks before free(). Not 0 either. > > > > - > > > > http://www.freshbsd.org/commit/openbsd/c02cf11d29c35fab75ffd1c0d372ad7a23e9eb04 > > > > > no need for null check before free. from Brendan MacDonell > > > > - > > > > http://www.freshbsd.org/commit/openbsd/8b32e1e5ac05d953ce3576b501af19ac6c2f48b2 > > > > > more: no need for null check before free > > > ok tedu guenther > > > > - > > http://www.freshbsd.org/commit/openbsd/4e358956230836c457633798c48a836a7494629d > > > > > more: no need to null check before free; ok guenther > > > > Many more in this freshbsd search: > > http://www.freshbsd.org/search?committer=&branch=&project=openbsd&q=null+free > > > > Now this came up in a discussion I had on IRC and wanted to point out > > the person asking the question to free(3) man page and was surprised to > > find this two passages: > > > > > If ptr is a NULL pointer, no action occurs. If ptr was previously freed > > > by free() > > > realloc(), or reallocarray(), the behavior is undefined and the double > > > free is a security concern. > > > > and > > > > > ``bogus pointer (double free?)'' > > > An attempt to free(), realloc(), or reallocarray() an unallocated > > > pointer was made. > > > > So how should I interpret this in relation to the above commit messages? > > > > 1) double free is safe, no need for null checks > > 2) double free is detected by OpenBSD, no need for null checks we will > > kill your program > > 3) double free is unsafe, avoid double free > > > > I would like to think that (2) is true. Though reading the man page > > makes an initial impression (at least for me) that (3) is true and could > > lead to people following the rule of null checking before a free call? > > > > Should the man page be altered to discouraged the use of null checks > > before calls to free? > > You seem to be confused, a null pointer check cannot avoid a double > free in general. > > As I see it, tHhre are three cases: > > 1. free(NULL). That one is a no-op and you can drop the call. > > 2. free(p) where p is unitialized. We detect many of these calls, but > cannot detect all, since p might happen to point to previously > malloc'ed memory. These are bugs that should be fixed in your program. > > 2. free(p) where p was previously free'ed. We detect most of these. > But due to randomization and some performance concerns, we cannot > detect all cases. They are a bug that should be fixed. Often assigning > NULL to p after the free call will do, a potential free(p) call after > that will be a no-op. > > The commits removed some NULL pointer checks like: > > if (p) > free(p); > > and replaced them by > > free(p); > > Also, some calls of the form: > > p = NULL; > p = malloc(...); > > where changed into > > p = malloc(...); > > > The commits were done to get rid of redundant code, not to fix double > free's. > > -Otto > Thank you Otto & Nicholas I was indeed confused and thought that I was missing something deeper down the stack. The null check before free is so persistent across code bases that I thought OpenBSD does some additional work in order to detect that case and make the check redundant enough to safely remove the checks from large code bases. Hence my surprise that I didn't saw a mention about it in the manual pages. It's now clear to me that the removed code was just code that wouldn't prevent an actual double free at all. Sorry for wasting your time and thanks for clearing things up for me Regards, Adam
null checks before free()
Hi all, Not that long ago we saw a lot of commits related to null checks being not needed before free() calls. Here are some examples: - http://www.freshbsd.org/commit/openbsd/6abf83ab833f1b0161938ac26ce5a549fd4b7cef > There is no point in checking if a pointer is non-NULL before calling free, > since free already does this for us. Also remove some pointless NULL > assignments, where the result from malloc(3) is immediately assigned to the > same variable. > > ok miod@ - http://www.freshbsd.org/commit/openbsd/9064b3d5fe0973bd390119ca172f336b1fe1863a?diff=sys%2Fnet%2Fbpf.c > some say you don't need NULL checks before free(). Not 0 either. - http://www.freshbsd.org/commit/openbsd/c02cf11d29c35fab75ffd1c0d372ad7a23e9eb04 > no need for null check before free. from Brendan MacDonell - http://www.freshbsd.org/commit/openbsd/8b32e1e5ac05d953ce3576b501af19ac6c2f48b2 > more: no need for null check before free > ok tedu guenther - http://www.freshbsd.org/commit/openbsd/4e358956230836c457633798c48a836a7494629d > more: no need to null check before free; ok guenther Many more in this freshbsd search: http://www.freshbsd.org/search?committer=&branch=&project=openbsd&q=null+free Now this came up in a discussion I had on IRC and wanted to point out the person asking the question to free(3) man page and was surprised to find this two passages: > If ptr is a NULL pointer, no action occurs. If ptr was previously freed by > free() > realloc(), or reallocarray(), the behavior is undefined and the double > free is a security concern. and > ``bogus pointer (double free?)'' > An attempt to free(), realloc(), or reallocarray() an unallocated > pointer was made. So how should I interpret this in relation to the above commit messages? 1) double free is safe, no need for null checks 2) double free is detected by OpenBSD, no need for null checks we will kill your program 3) double free is unsafe, avoid double free I would like to think that (2) is true. Though reading the man page makes an initial impression (at least for me) that (3) is true and could lead to people following the rule of null checking before a free call? Should the man page be altered to discouraged the use of null checks before calls to free? Regards, -- Adam Wolk adam.w...@koparo.com
man afterboot - discouraging usage of space characters in root password
Hi all, I would like to ask what is the reason for man afterboot discouraging the usage of the space character in root passwords. > Root password > Change the password for the root user. (Note that throughout the > documentation, the term ``superuser'' is a synonym for the root user.) > Choose a password that has digits and special characters *(not space)* as > well as from the upper and lower case alphabet. Is there a reason for '(not space)' being included in that passage? The passwd utility seems pretty happy taking up the space character. Was it not the case in the past? Regards, -- Adam Wolk adam.w...@koparo.com
Gathering useful information before replacing a Debian box with OpenBSD
Hi, I have an old MSI Wind U100 netbook that currently runs Debian and I want to replace it with an OpenBSD installation. Debian currently handles nicely all the devices that I need in order to use the netbook. I am OK with any of it (even the crucial ones) being unsupported on OpenBSD. This is not a critical machine and I am pretty much devoted to start working on the code base if anything happens to be missing. In order to prepare for such circumstances I wanted to grab as much information as possible that could help me diagnose and work on any missing device support. My ideas so far are grabbing: - lspci -vvv - lsmod - lsusb - dmesg -k - /proc/cpuinfo - dpkg -l Is there anything else that could be useful when encountering a device that worked on Debian if it happened not to work on OpenBSD that would help me attempt of adding it myself (ie. porting a driver) It's of course possible that everything will work out of the box but nonetheless I think such a list could be useful :) Regards, -- Adam Wolk adam.w...@koparo.com