CLI program to download OpenBSD ISO images
Greetings, Is there any CLI program for OpenBSD that implements the steps described at https://www.openbsd.org/faq/faq4.html#Download to download and check the ISO images? I wasn't able to find anything relevant after a quick check on DuckDuckGo. I implemented a simple Perl script that implements those steps, but is basically forking wget and signify to really get the job done. Also, the script is not generic enough, since it generates a directory tree that might no be what general users might want. The script is available at https://github.com/glasswalk3r/cpan-openbsd-smoker/blob/master/vagrant/get-iso.pl Would be interested for the community to have a more generic implementation and pack it as a OpenBSD package? It would be great to get some feedback even before starting. Thanks!
new releases of CPAN smoker for OpenBSD 7.4
Hello folks, I just uploaded the new releases for OpenBSD smoker on version 7.4. Here are the links: * https://app.vagrantup.com/arfreitas/boxes/openbsd-7.4-cpan-smoker-i386 * https://app.vagrantup.com/arfreitas/boxes/openbsd-7.4-cpan-smoker-amd64 Regards, Alceu
new versions of Perl smoker
Hello folks, A couple of months late, but I just uploaded the new releases for Perl smoker on OpenBSD version 7.3. I had to fix some issues regarding virtualization (hardware) configuration, but at least version 7.4 should come next pretty soon. Here are the links: * https://app.vagrantup.com/arfreitas/boxes/openbsd-7.3-cpan-smoker-amd64 * https://app.vagrantup.com/arfreitas/boxes/openbsd-7.3-cpan-smoker-i386 Regards, Alceu
Re: Problems with IO::Socket::SSL since upgraded to 7.2
Em 11/12/2022 07:34, Stuart Henderson escreveu: On 2022-12-10, Alceu Rodrigues de Freitas Junior wrote: If I read correctly, the Mikrotik is using an SSLv3 certificate, which I guess shouldn't be in use anymore. There's no such thing as "an SSLv3 certificate", they are all just X.509 certs. The sslv3 refers to the type of alert, sslv3 alerts are still used in TLS; SSLv3 itself hasn't been supported for years. That's quite confusing. Since SSL v3 was deprecated, I assumed the mentioned router was quite old and that's the reason it was failing with newer versions of OpenBSD. It doesn't necessarily use a certificate anyway, it may well be using ADH for this. Federico, do you have a cert configured for the api-ssl service on the routeros device, in "/ip service print"? And now I'm even more confused, looks like I'm still can't get my head around OpenSSL. Looking at here: https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-STRINGS The certificate may define the ciphers it accepts, but what does it mean "It doesn't necessarily use a certificate anyway" and it's relation with ADH cipher? Em 10/12/2022 17:01, Federico Giannici escreveu: Since I upgraded from OpenBSD 7.1 to 7.2 (amd64) I'm no longer able to use IO::Socket::SSL perl library to connect to some devices (Mikrotik routers, via their API). This is the only debug info I was able to obtain: DEBUG: .../IO/Socket/SSL.pm:842: local error: SSL connect attempt failed error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure Maybe try connecting with openssl s_client too? That would help show if it's a problem specific to IO::Socket::SSL or something more general. Unfortunately it seems that both perl functions Net::SSLeay::set_security_level() and Net::SSLeay::CTX_set_security_level() don't work. I get the following error. Maybe they are not implemented in our version of Net::SSLeay perl library? The security level stuff was only recently added to libressl, it is still hidden behind #ifndef for libressl in p5-Net-SSLeay. I think you can set it in the ciphers string though, if it is ADH maybe you need something like "ADH:ALL:@SECLEVEL=0" (though in that case you would probably be better advised to generate and use certificates instead). I did some search and so I guess this relates to https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-STRINGS. Interesting that this can be set at IO::Socket::SSL but not (at least as far as I could check) with Net::SSLeay, which is a dependency from the former which let me understand that works at a lower level. Finally, setting the security level to zero wouldn't increase the chances of having issues since it allows poor options? Just checked that in https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html My apologies if all this is too basic. Anyway good references would be appreciated. Thanks in advance, Alceu
Re: Problems with IO::Socket::SSL since upgraded to 7.2
If I read correctly, the Mikrotik is using an SSLv3 certificate, which I guess shouldn't be in use anymore. My suggestion is to use local::lib to install older versions of IO::Socket::SSL and all other required dependencies, but since those will depend on older C libraries as well, it might be you will have far more problems to downgrade everything than setting up a VM with an older version of OpenBSD that you know is compatible. It might be a bug as well. You might want to reach out for the module maintainer. Em 10/12/2022 17:01, Federico Giannici escreveu: Since I upgraded from OpenBSD 7.1 to 7.2 (amd64) I'm no longer able to use IO::Socket::SSL perl library to connect to some devices (Mikrotik routers, via their API). This is the only debug info I was able to obtain: DEBUG: .../IO/Socket/SSL.pm:842: local error: SSL connect attempt failed error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure DEBUG: .../IO/Socket/SSL.pm:845: fatal SSL error: SSL connect attempt failed error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure DEBUG: ...nbsd/IO/Socket.pm:48: ignoring less severe local error 'IO::Socket::IP configuration failed', keep 'SSL connect attempt failed error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure' Since I cannot change the SSL protocol used by the Mikrotik devices, I suspect that the only solution is to set the SSL "security_level" to 0 in my perl script. Unfortunately it seems that both perl functions Net::SSLeay::set_security_level() and Net::SSLeay::CTX_set_security_level() don't work. I get the following error. Maybe they are not implemented in our version of Net::SSLeay perl library? Can't locate auto/Net/SSLeay/set_securit.al in @INC (@INC contains: /usr/local/libdata/perl5/site_perl/amd64-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd /usr/libdata/perl5) at /usr/local/libdata/perl5/site_perl/IO/Socket/SSL.pm line 741. So, as an extreme solution I tried to set the SECLEVEL=0 at a global level in the server, following the instructions I found here, but it didn't worked either: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
new release of Perl/CPAN smoker for OpenBSD 7.2
Hello guys, For those that are interested in running CPAN smokers on OpenBSD, I made available new Vagrant boxes for the OpenBSD 7.2 release: https://app.vagrantup.com/arfreitas/boxes/openbsd-7.2-cpan-smoker-amd64 https://app.vagrantup.com/arfreitas/boxes/openbsd-7.2-cpan-smoker-i386 Please let me know if you find any issues. Best regards, Alceu
Re: CPU usage of httpd+slowcgi
Hi Kihaguru, Oh, well, didn't see anybody asking, so... why are you guys still using a CGI if so much processing power is required? Basically anything will perform better nowadays, so unless the code is really complicated, you're looking for a solution at the wrong place. Em 27/07/2020 14:52, Jordan Geoghegan escreveu: > > > On 2020-07-24 03:16, Kihaguru Gathura wrote: >> Hi, >> >> Which of the following legacy CPU types is best suited for very busy web >> server httpd+slowcgi >> >> Niagara CPU Such as T2 - More parallel Threads and Low power per single >> thread >> Sparc64 CPU such as VI, VII - Fewer threads but more computing power per >> thread. >> >> How is multithreading utilization of httpd+slowcgi like? >> >> Kind regards, >> >> Kihaguru. > > Hi Kihaguru, > > As with any computer, newer tends to be better with Moore's Law and all > that. On sparc64 most of the logical cores that are shown are really > just SMT pretending to be a bunch of cores. I have one machine that > claims 128 cores, but in reality, its just 16 cores with 8-way SMT. > sparc64 isn't renowned for its single core execution speed, so the > faster the better in that regard. > > In my experience with running OpenBSD on sparc64, the kernel biglock or > crypto became a bottleneck before other things did. (I've used T3 and T4 > machines fairly extensively with OpenBSD). I've found that disk > activity, networking and/or TLS would bottleneck before httpd became a > bottleneck when I was running sparc64 web servers in production. If you > are running very heavy scripts/programs with slowcgi, then you're > results may be different. > > Things have likely improved dramatically in the past year or two with > all the work done on removing the biglock, but the moral of the story > remains, fewer, faster cores are likely to produce superior performance > to numerous low power cores. > > Regards, > > Jordan >
Re: Python 3.8 os.listdir EINVAL on large directories
I'm guessing that the usage of getdents was intentional: I've used this system call in the same situation (thousands of entries in a directory, inside a NFS exported directory) to avoid calling stat() in each entry returned by getdents. It is indead a "low level" system call, and usually readdir is the preferred method, but might be too slow for your usage case (in my case it was, it took hours to read the directory while with getdents took minutes). It doesn't seems a problem with OpenBSD, but with Python code. Looks like some additional logic will be required to address the differences betweens the UNIX-like OSs and their implementation of getdents. On the other hand, by the error message the Python code is passing a wrong argument, maybe it is a bug instead of a portability issue? Em 25/07/2020 20:50, Aaron Miller escreveu: > Hi all, > > I am getting a stacktrace from the borg command in the borgbackup > package while checking a backup (see bottom of email for full > output, since it's verbose). The relevant part is this: > > filenames = os.listdir(os.path.join(data_path, dir)) > OSError: [Errno 22] Invalid argument: > '/mnt/thinkpad_void_obsd_borg/thinkpad.borg/data/12' > > This is same error is reproducible with a test Python 3.8 program: > > #!/usr/bin/env python > > import os > os.listdir('/mnt/thinkpad_void_obsd_borg/thinkpad.borg/data/12/') > > Running ktrace & kdump reveals the error is from calling > getdents(2): > > 76903 python3.8 > CALL open(0x1ec7f06de3b0,0x3) > 76903 python3.8 > NAMI "/mnt/thinkpad_void_obsd_borg/thinkpad.borg/data/12/" > 76903 python3.8 RET open 3 > [...] > 76903 python3.8 CALL getdents(3,0x1ec7c9257000,0x4000) > 76903 python3.8 RET getdents 16384/0x4000 > [...] > 76903 python3.8 CALL getdents(3,0x1ec7c9257000,0x4000) > 76903 python3.8 RET getdents 16384/0x4000 > [...] > 76903 python3.8 CALL getdents(3,0x1ec7c9257000,0x4000) > 76903 python3.8 RET getdents 16384/0x4000 > [...] > 76903 python3.8 CALL getdents(3,0x1ec7c9257000,0x4000) > 76903 python3.8 RET getdents -1 errno 22 Invalid argument > > Looking at the man page for getdents(2), I found it interesting > that it says this call "is not a portable interface and should not > be used directly by applications" and it recommends using > readdir(3) instead. > > To give you a rough idea of the number of files and filename sizes > in this directory: > > $ ls /mnt/thinkpad_void_obsd_borg/thinkpad.borg/data/12/ | wc > 15341534 10738 > > Where does the problem lie -- the upstream Python code, the > OpenBSD-specific patches in its port definition, or somewhere > else? And in case it matters, this is a -current amd64 system, > with "sysupgrade -s" executed on 7/15. > > Thank you, > Aaron Miller > > -- > Exception ignored in: 0x1e17e13fd310> > Traceback (most recent call last): > File "/usr/local/lib/python3.8/site- > packages/borg/repository.py", line 180, in __del__ > assert False, "cleanup happened in Repository.__del__" > AssertionError: cleanup happened in Repository.__del__ > Local Exception > Traceback (most recent call last): > File "/usr/local/lib/python3.8/site-packages/borg/archiver.py", > line 4565, in main > exit_code = archiver.run(args) > File "/usr/local/lib/python3.8/site-packages/borg/archiver.py", > line 4497, in run > return set_ec(func(args)) > File "/usr/local/lib/python3.8/site-packages/borg/archiver.py", > line 161, in wrapper > with repository: > File "/usr/local/lib/python3.8/site- > packages/borg/repository.py", line 190, in __enter__ > self.open(self.path, bool(self.exclusive), > lock_wait=self.lock_wait, lock=self.do_lock) > File "/usr/local/lib/python3.8/site- > packages/borg/repository.py", line 450, in open > segment = self.io.get_latest_segment() > File "/usr/local/lib/python3.8/site- > packages/borg/repository.py", line 1253, in get_latest_segment > for segment, filename in self.segment_iterator(reverse=True): > File "/usr/local/lib/python3.8/site- > packages/borg/repository.py", line 1241, in segment_iterator > filenames = os.listdir(os.path.join(data_path, dir)) > OSError: [Errno 22] Invalid argument: > '/mnt/thinkpad_void_obsd_borg/thinkpad.borg/data/12' > > Platform: OpenBSD millipede.iforgotmy.name 6.7 GENERIC.MP#348 > amd64 > Borg: 1.1.13 Python: CPython 3.8.3 msgpack: 0.5.6 > PID: 31745 CWD: /mnt/thinkpad_void_obsd_borg > sys.argv: ['/usr/local/bin/borg', 'check', 'thinkpad.borg'] > SSH_ORIGINAL_COMMAND: None >
new release of OpenBSD CPAN Smoker
Hello folks, For those interested in helping both the Perl and OpenBSD community, I recently release a new version of my customized setup of OpenBSD 6.6 with a CPAN smoker pre-configured. You can download it from https://app.vagrantup.com/arfreitas/boxes/openbsd-6.6-cpan-smoker. I would be glad to receive any feedback about the project. Best regards, Alceu
new CPAN Smoker release for OpenBSD 6.5
Hello folks, I just release a new version of the custom Perl CPAN smoker on OpenBSD 6.5 as a Vagrant box: https://app.vagrantup.com/arfreitas/boxes/openbsd-6.5-cpan-smoker Regards, Alceu
Re: how to install perl modules w/ dependencies that mix packages & CPAN
I'm afraid that is no such thing. My best would to search something on ports to do exactly that. If there is no repository, you might want to take a look in ways to convert Perl modules from CPAN into OpenBSD packages. I know there is an effort to build those packages automatically for Linux (Ubuntu and CentOS). Another possibility is to use perlbrew instead. Regards, Alceu Em 31/08/2018 21:52, Jonathan Thornburg escreveu: What's the "OpenBSD way" to install Perl modules which don't exist as packages? The usual Perl idiom for "install module foo & all of its (recursive) dependencies" is "cpan install foo", but this fetches all dependencies from CPAN, ignoring any OpenBSD packages which may exist. What I'd like is something like "cpan install foo", but with the semantics that for each dependency, if there's OpenBSD package in /etc/installurl which is the same module version as the latest CPAN version, then install the OpenBSD package instead. Is there a utility already around which does this?
getting scrollback buffer on OpenBSD 6.3
Hello folks, I'm running OpenBSD 6.3 over a Aspire One netbook, and looking for enabling the "scrollback buffer" mentioned in the related FAQ (http://www.openbsd.org/faq/faq7.html#Scrollback). Unfortunately, it doesn't mention which combination of platforms and hardware combinations it is supposed to work, neither mentions how to get a kernel with such feature enabled. I tried to Google some info about it, but couldn't find anything that helped. How can I check if it should be working? SHIFT+PgUp doesn't work. How can I check if the running kernel that I have (GENERIC.MP#107 amd64) already has the option compiled? If not, what do I need to enable in the kernel to have the scrollback buffer enabled? Thanks in advance.
[OT] how secure is 2 factor auth with a smartphone?
Hello guys, I apologize if the subject is too much out of topic for this list. Today I was surprised by hearing from a security (?) tech guy that using 2 factor authentication with AWS was not problem at all when using a smartphone not provided by the company (my own, in the case) that has several VMs on this provider. Considering that the company (my customer in this case) has absolutely no control of whatever I install or how do I use my smartphone, it seems pretty naive to think it is secure enough. It seems to me more an excuse to make professionals like me to pay the bill (the smartphone itself, instead of doing the right thing and buying the MFA device, if security is really the concern here) and probably the legal responsibility too. I've being doing a (basically useless nowadays) effort of avoiding a smartphone due lack of freedom, privacy and terrible cost-benefits (at least here in Brazil, where not only smartphones being expensive, but the associated service that also sucks big time). I did some research in this list archives and couldn't find mention about it. This article shed some light about the subject: https://www.csoonline.com/article/3044605/security/does-a-smartphone-make-two-factor-authentication.html What do you guys think about? Do you agree with the article author opinion? Feeling like a Neanderthal here, doesn't matter if a lot of people on the streets nowadays look like those spaceship characters of the WALL-E movie... Thanks, Alceu
Re: DBD::mysql errors
Em 09/12/2017 03:56, Edgar Pettijohn escreveu: I'm playing around with some perl cgi. I'm trying to use DBD::mysql but keep getting errors. There has been an error: install_driver(mysql) failed: Can't load '/usr/local/libdata/perl5/site_perl/amd64-openbsd/auto/DBD/mysql/mysql.so' for module DBD::mysql: Cannot load specified object at /usr/libdata/perl5/ amd64-openbsd/DynaLoader.pm line 193. at (eval 19) line 3. Compilation failed in require at (eval 19) line 3. Perhaps a required shared library or dll isn't installed where expected at /usr/local/libdata/perl5/site_perl /CGI/Application/Plugin/DBH.pm line 40. I also added 'use diagnostics', but it didn't add anything to the error. I also built from source to see if there were any obvious errors from make test, but everything passed. $ pkg_info | grep DBD p5-DBD-mysql-4.042 MySQL drivers for the Perl DBI My chroot is kept up to date with rsync. $ cat /home/edgar/bin/syncperl doas rsync -avz /usr/local/libdata/perl5/ /var/www/usr/local/libdata/perl5/ Does it work outside the chroot?
Re: error trying to load C/XS Perl module
Em 15/11/2017 13:38, Silamael escreveu: Hi, You could try to set LD_DEBUG=yes before running the test. With this you should see, what's really missing. -- Matthias Thanks Matthias! I tried that with a perl compiled with debugging symbols (-DDEBUGGING): dlopen: /home/vagrant/.cpan/build/PerlIO-eol-0.16-6/blib/arch/auto/PerlIO/eol/eol.so: done (success). dlsym: boot_PerlIO__eol in /home/vagrant/.cpan/build/PerlIO-eol-0.16-6/blib/arch/auto/PerlIO/eol/eol.so: 0x174e88dd9670 ok 1 - use PerlIO::eol; ok 2 ok 3 ok 4 ok 5 ok 6 - open for read Failed 17/23 subtests Test Summary Report --- t/1-basic.t (Wstat: 134 Tests: 6 Failed: 0) Non-zero wait status: 134 Parse errors: Bad plan. You planned 23 tests but ran 6. Files=1, Tests=6, 0 wallclock secs ( 0.04 usr 0.03 sys + 0.07 cusr 0.10 csys = 0.24 CPU) Result: FAIL doing dtors obj 0x8d5475cc800 @0x8d5ecb88340: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/POSIX/POSIX.so] doing dtors obj 0x8d5d4886400 @0x8d574e2f9f0: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/Fcntl/Fcntl.so] doing dtors obj 0x8d5701df000 @0x8d5cb1e5020: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/IO/IO.so] doing dtors obj 0x8d5701df800 @0x8d61d3e14b0: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/File/Glob/Glob.so] doing dtors obj 0x8d5a090cc00 @0x8d549b11b30: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/Time/HiRes/HiRes.so] doing dtors obj 0x8d5a090c800 @0x8d5593df660: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/List/Util/Util.so] doing dtors obj 0x8d5d4886000 @0x8d5c06651d0: [/home/vagrant/perl5/perlbrew/perls/5.26.1d/lib/5.26.1/OpenBSD.amd64-openbsd/auto/Cwd/Cwd.so] doing dtors The program dies right after the test number 6 and generates a core dump. Unfortunately, gdb doesn't give me anything useful (or I'm doing something wrong): bash-4.4$ gdb -c perl.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.1". Core was generated by `perl'. Program terminated with signal 6, Aborted. #0 0x174ec0f6dfea in ?? () (gdb) bt full #0 0x174ec0f6dfea in ?? () No symbol table info available. #1 0x174ec0f6e0b9 in ?? () No symbol table info available. #2 0x174e06f4a480 in ?? () No symbol table info available. #3 0x000a in ?? () No symbol table info available. #4 0xffdf000a in ?? () No symbol table info available. #5 0x35cbadd363eaf932 in ?? () No symbol table info available. #6 0x0003 in ?? () No symbol table info available. #7 0x174ec0f8e718 in ?? () No symbol table info available. #8 0x174e in ?? () No symbol table info available. #9 0x174e36b0d020 in ?? () No symbol table info available. #10 0x00ff0008 in ?? () No symbol table info available. #11 0x35cbadd363eaf932 in ?? () No symbol table info available. #12 0x174e55684880 in ?? () No symbol table info available. #13 0x174e88dda0d6 in ?? () No symbol table info available. #14 0x60bbe59c in ?? () No symbol table info available. #15 0x174df018bc98 in ?? () No symbol table info available. #16 0x0004 in ?? () No symbol table info available. #17 0x174ed6c21980 in ?? () No symbol table info available. #18 0x1000 in ?? () No symbol table info available. #19 0x1000 in ?? () No symbol table info available. #20 0x in ?? () No symbol table info available. (gdb)
Re: error trying to load C/XS Perl module
Em 15/11/2017 15:06, Stuart Henderson escreveu: On 2017-11-15, Stuart Henderson wrote: If I make a port using the normal ports framework and try it on -current, I get this, which is a bit further but not all the way : 1..23 ok 1 - use PerlIO::eol; ok 2 ok 3 ok 4 ok 5 ok 6 - open for read Failed 17/23 subtests Test Summary Report --- t/1-basic.t (Wstat: 134 Tests: 6 Failed: 0) Non-zero wait status: 134 Parse errors: Bad plan. You planned 23 tests but ran 6. Files=1, Tests=6, 0 wallclock secs ( 0.01 usr 0.04 sys + 0.03 cusr 0.03 csys = 0.11 CPU) Result: FAIL Ha. I didn't notice before I wrote a local port, but there's already a port in the tree. So actually you should just be able to use "pkg_add p5-PerlIO-eol". In general: use the OS packages, don't try and mix with cpan. In most cases it's easier to write a port than deal with the mess that you'll end up in by using two different/conflicting package systems (i.e. OpenBSD's usual one and CPAN). Thanks Stuart! Actually, using CPAN is the main objective here because I'm testing OpenBSD 6.1 as a CPAN Smoker (https://github.com/glasswalk3r/cpan-openbsd-smoker). So, basically it really didn't occurred to me to search for a ports, but I see that it is updated to the latest version of this module. I'm not acquainted with creating ports, but I guess I should start from https://www.openbsd.org/faq/ports/ and then checkout http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/devel/p5-PerlIO-eol/Makefile?rev=1.17&content-type=text/plain. So far, I wasn't able to figure out anything outstanding with the building process that is common to Perl modules, but I didn't find anything regarding executing tests as well. To me, the Makefile over there has a bit of magic to make it work, so I would appreciate any inputs on that.
error trying to load C/XS Perl module
Hello folks, I'm struggling to get installed the module PerlIO::eol by downloding it from CPAN and installing it. I tried with both the standard perl in OpenBSD 6.1 and also one that I compiled with perlbrew, but the results are the same (after the classic "perl Makefile.PL; make"): bash-4.4$ prove -l -m -v t/1-basic.t t/1-basic.t .. 1..23 not ok 1 - use PerlIO::eol; # Failed test 'use PerlIO::eol;' # at t/1-basic.t line 4. # Tried to use 'PerlIO::eol'. # Error: Can't locate loadable object for module PerlIO::eol in @INC (@INC contains: /home/vagrant/.cpan/build/PerlIO-eol-0.16-1/lib /home/vagrant/perl5/perlbrew/perls/perl-5.26.1/lib/site_perl/5.26.1/OpenBSD.amd64-openbsd /home/vagrant/perl5/perlbrew/perls/perl-5.26.1/lib/site_perl/5.26.1 /home/vagrant/perl5/perlbrew/perls/perl-5.26.1/lib/5.26.1/OpenBSD.amd64-openbsd /home/vagrant/perl5/perlbrew/perls/perl-5.26.1/lib/5.26.1) at t/1-basic.t line 4. # Compilation failed in require at t/1-basic.t line 4. # BEGIN failed--compilation aborted at t/1-basic.t line 4. Bareword "CR" not allowed while "strict subs" in use at t/1-basic.t line 6. Bareword "LF" not allowed while "strict subs" in use at t/1-basic.t line 6. Bareword "CRLF" not allowed while "strict subs" in use at t/1-basic.t line 6. Execution of t/1-basic.t aborted due to compilation errors. # Looks like your test exited with 255 just after 1. Dubious, test returned 255 (wstat 65280, 0xff00) Failed 23/23 subtests Test Summary Report --- t/1-basic.t (Wstat: 65280 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 255 Parse errors: Bad plan. You planned 23 tests but ran 1. Files=1, Tests=1, 0 wallclock secs ( 0.02 usr 0.04 sys + 0.04 cusr 0.06 csys = 0.16 CPU) Result: FAIL bash-4.4$ I even tried to export LD_LIBRARY_PATH to the current directory, didn't work either. In the past, I had problems with libs dependencies because installing them through pkg_add were putting them over /usr/local/lib, and libpth variable in Perl was not searching over there: -bash-4.4$ perl -v | head -2 This is perl 5, version 24, subversion 1 (v5.24.1) built for amd64-openbsd -bash-4.4$ perl -V | grep libpth libpth=/usr/lib /usr/lib But I don't think that's the case here since the object I'm trying to load is on my current directory: bash-4.4$ ls Changes LICENSE~ META.json MYMETA.ymlREADME dist.ini eol.c eol.xslib t Changes~ MANIFEST META.yml Makefile README~ dist.ini~ eol.h eol.xs~ perl.core write.h LICENSE MANIFEST.SKIP MYMETA.json Makefile.PL blib eol.bseol.o fill.hpm_to_blibxt The core file over there didn't gave any hints when using "gdb -c" with it. Thanks! Alceu
Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?
Yes, it does work, despite not having all the features due missing support on the guest additions. Here is another example: https://github.com/glasswalk3r/cpan-openbsd-smoker Em 26/06/2017 22:06, Ax0n escreveu: You'll find little official support on the lists for problems you have due to the hypervisor, but I've found that OpenBSD works great in VirtualBox. You can't get VirtualBox Guest Additions working, but judging from the popularity of this post I wrote almost 8 years ago, and the comments on it, this trick still works for many people to get an OpenBSD VM into full-screen mode. http://www.h-i-r.net/2009/11/virtualbox-full-screen-resolution-for.html Don't expect acceleration, guest/host clipboard interacrion or anything else fancy from Guest Additions, but the basics for a daily-use OpenBSD desktop, such as Lumina or XFCE, various terminals, web browsers and the like work fine in VBox. On Mon, Jun 26, 2017 at 5:16 PM, Josh Stephens wrote: On Mon, 26 Jun 2017, SOUL_OF_ROOT 55 wrote: Can I use OpenBSD in a virtual machine, for example, VirtualBox? Yep, .. have had them for many years, VirtualBox & Xen. Lee I could be wrong when I say this but the only gotcha that you will run into with virtual box will be the guest additions. I don’t think they are supported on OpenBSD?
Re: CGI script to see collectd stats
Em 10/05/2017 07:54, Ajitabh Pandey escreveu: Hello, I am running collectd server on my OpenBSD 6.1 box and various clients are sending stats to this box. I see /var/collectd that various RRDs are getting created. However, I am not sure what should I used to see the graphs. I looked at RRDCGI but it looks way complicated to setup. I could not find collectd-web package also. Searching on web I see that for a non-chrooted web server there are straight forward scripts available. Most of the instructions are for linux. I would prefer to use OpenBSD httpd and not resort to non-chrooted apache or nginx. I am finding it really difficult to find something suitable which works under chroot. I am able to run a hello world cgi script in chroot. If any of you guys have some information/config/tool etc to share for collectd graphs, it would be of great help. Thanks & Regards. Can't help with your chroot requisite. But I did spent some doing looking into that and can share something. All (Perl) CGI's is something I don't recommend to. First, they are CGIs, second, even if you're able to configure them you will get a lot of warnings because the CGI module in Perl is getting deprecated. I went with rrdscout (Flask web application). It should be enough for your needs and uses a modern framework. On the other hand, I'm not sure it is being maintained anymore. I forked it on Github and generate a INSTALL document specific for OpenBSD: https://github.com/glasswalk3r/rrdscout/blob/master/INSTALL-openbsd.txt I had to install freetype from ports too to be able to generated readable charts from the RRD: cd /usr/ports/print/freetype make install make clean make clean=depends Hope that helps you. Regards, Alceu
Re: Why would I need a container like Docker?!
Em 10/05/2017 00:53, Martin Hanson escreveu: I have occasionally used virtualization (Qemu) for easy testing of some OS. I have also played around with "containers" using FreeBSD Jails and Linux LXC, but I have never ever thought of any of this as a security measurement or anything needed beyond testing. When I want isolation I run a single box (or boxes) and install OpenBSD on the bare metal. Then I run whatever services are needed on that box or boxes. I would then deploy a network with isolated segments. Now, everyone is telling me I should run Docker and a completely different setup. I read up about Docker and found this: "Containers are a solution to the problem of how to get software to run reliably when moved from one computing environment to another. This could be from a developer's laptop to a test environment, from a staging environment into production and perhaps from a physical machine in a data center to a virtual machine in a private or public cloud." "Problems arise when the supporting software environment is not identical, says Solomon Hykes, the creator of Docker, "You're going to test using Python 2.7, and then it's going to run on Python 3 in production and something weird will happen. Or you'll rely on the behavior of a certain version of an SSL library and another one will be installed. You'll run your tests on Debian and production is on Red Hat and all sorts of weird things happen." "And it's not just different software that can make a difference, he added, "The network topology might be different, or the security policies and storage might be different but the software has to run on it." What the fuck?! Why in the world would anyone setup Debian as a testing environment and then use Red Hat on production?! And different network topology? Are people really that stupid? If people really are that stupid they shouldn't be allowed near a computer in the first place and certainly Docker or any container technology isn't going to solve their problems! It seems like the OpenBSD project is about the only project left nowadays where people are still using their brains! It seems you didn't read the documentation correctly. Do it again, specially because containers do have their own security issues. After that, I'm sure you will understand what the given example is trying to achieve. You can use Debian as your (DEV/TEST) environment because the image used on Docker will be RedHat based, but using the kernel you're on. It is possible to do that, although it makes sense to use the same RedHat as well, at least for QA environments. Containers (and Docker didn't start as a container itself, but as tooling to provide easy to use containers on Linux) is a different concept of VMs because you don't need to run a entire operational system just to get some isolation between applications. A container to boot takes much less time than a VM, for example, and should use less resources. Requirements are different too. But those are not the only benefits. You should check about the relation of Docker and DevOps. As always, there is no silver bullet, but those practices makes some things possible and even easier to implement. On the other hand, yes, all those layers of abstraction (e.g. AWS) leave some IT professionals without really understanding what they are doing... if this will be really a problem in the future it something we will need to wait to see.
Re: opening bugs for OpenBSD 6.0
Em 16/04/2017 09:16, Stuart Henderson escreveu: On 2017-04-15, Alceu Rodrigues de Freitas Junior wrote: Hi, I think I spotted a bug for OpenBSD 6.0: https://github.com/perl5-dbi/DBD-mysql/issues/120 But since 6.1 is already available (and I couldn't reproduce the error for it), I'm not sure if I should open a bug at all. Could someone please give some hints about that? Thanks! Alceu The local perl build that is showing "undefined symbol 'recallocarray'" is broken. How so? I mean, what can I check in the compile process to make it right? I compiled the interpreter with perlbrew, used different versions and the results are the same. Should I review any specific notes about compiling perl for OpenBSD? Please let me know if there are any references about it. The "DBD::mysql::st DESTROY failed: \xdf\xdf\xdf[...]" suggest a use-after-free and I do reproduce this in -current. See the explanation of 'j "Less junking" in http://man.openbsd.org/malloc.conf. I check this out, thanks!
opening bugs for OpenBSD 6.0
Hi, I think I spotted a bug for OpenBSD 6.0: https://github.com/perl5-dbi/DBD-mysql/issues/120 But since 6.1 is already available (and I couldn't reproduce the error for it), I'm not sure if I should open a bug at all. Could someone please give some hints about that? Thanks! Alceu
Re: Displaying System Uptime via CGI script: not displayed when script is run under chroot.
Em 25-09-2016 17:49, Alceu Rodrigues de Freitas Junior escreveu: Last, but not least... not sure why C is your language of choice for CGI. And looks like you're reinventing the wheel: https://httpd.apache.org/docs/2.4/mod/mod_status.html
Re: Displaying System Uptime via CGI script: not displayed when script is run under chroot.
Em 25-09-2016 17:12, Kihaguru Gathura escreveu: Hi All, I have a small problem here. I am unable to display uptime online. Yes, you have a conceptual problem. You're doing a CGI that executes a binary. If, by any reason, /usr/bin/uptime is replaced with a malicious program, you're in trouble. I don't even know the details of chroot OpenBSD, but an educated guess is that in such environment you can't have access to some resources uptime needs, that's why you can do it with root. Since you're already dealing with C code, I recommended checking the uptime source code and see what it does. Anyway, system() under CGI environment will create a second (short lived) process that you can avoid if you reproduce what uptime code does in your CGI. Also, I'm not a C programmer, but I guess somewhere there is a library you can include in your CGI instead doing system(). Last, but not least... not sure why C is your language of choice for CGI.
installing Perl modules from CPAN generates code dumps
Hello all, I'm trying to install modules from CPAN on a 5.9 OpenBSD VM running on VirtualBox 5.0.26 r108824 and for a specific module (Moose), I'm getting failures during the tests phase since they are generating a core dump. Initially I tried to do that using the standard perl (5.20.2) with local::lib for my non-root user. After the crashes, I compiled the perl 5.20.3 and tested again... with the same core dump being generated and the tests failing. I attempted, on both interpreters, install Moose both from the CPAN shell and manually (perl Makefile.PL;make;make test), with the same results. Is there any report relating issues doing that on OpenBSD 5.9? I don't get any error from makefile generation to compilation, only during the tests execution. Please let me know if I'm using the correct place to post this question or if I should look for a different mailing list. Below I'm providing full details on the system: -bash-4.3$ dmesg OpenBSD 5.9 (GENERIC.MP) #1888: Fri Feb 26 01:20:19 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1568604160 (1495MB) avail mem = 1516924928 (1446MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries) bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006 bios0: innotek GmbH VirtualBox acpi0 at bios0: rev 2 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP APIC SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz, 2594.56 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,LONG,LAHF,ABM,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: CPU supports MTRRs but not enabled by BIOS cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz, 2594.40 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,LONG,LAHF,ABM,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpibat0 at acpi0: BAT0 model "1" serial 0 type VBOX oem "innotek" acpiac0 at acpi0: AC unit online acpivideo0 at acpi0: GFX0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 128-sector PIO, LBA, 10245MB, 20981808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 vga1 at pci0 dev 2 function 0 "InnoTek VirtualBox Graphics Adapter" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x02: apic 2 int 19, address 08:00:27:cb:7b:17 "InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0 not configured ohci0 at pci0 dev 6 function 0 "Apple Intrepid USB" rev 0x00: apic 2 int 22, version 1.0 piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: SMBus disabled ehci0 at pci0 dev 11 function 0 "Intel 82801FB USB" rev 0x00: apic 2 int 19 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ahci0 at pci0 dev 13 function 0 "Intel 82801HBM AHCI" rev 0x02: apic 2 int 21, AHCI 1.1 ahci0: device on port 0 didn't come ready, TFD: 0x171 ahci0: port 0: 3.0Gb/s ahci0: device on port 1 didn't come ready, TFD: 0x171 ahci0: port 1: 3.0Gb/s scsibus2 at ahci0: 32 targets sd0 at scsibus2 targ 0 lun 0: SCSI3 0/direct fixed t10.ATA_VBOX_HARDDISK_VBc79ed5da-7f8559b5_ sd0: 5203MB, 512 bytes/sector, 10655792 sectors sd1 at scsibus2 targ 1 lun 0: SCSI3 0/direct fixed t10.ATA_VBOX_HARDDISK_VBf6840341-bd734f82_ sd1: 5203MB, 512 bytes/sector, 10655792 sectors isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "Apple OHCI root hub" rev 1.00/1.00 addr 1 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root o
state of SSD by OpenBSD
Hi there, How is the current status of SSD disks support by OpenBSD? I did some research on Google about but didn't find any definitive answer. I did find some references about lacking of support for TRIM (for example http://www.tedunangst.com/flak/post/lessons-learned-about-TRIM) but they are also outdated. Is there any real risk (of reducing the durability of a SSD disk) by using FFS? I found references of setting partitions with noatime option, but that's all. Thanks, Alceu
Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h
Hello Andrew, Em 02-11-2015 23:52, Andrew Fresh escreveu: I've successfully installed quite a few versions of perl using plenv, not perlbrew, but I think that plenv does not run the test suite. I may try to force the install without passing the tests, but it will probably work (as it does with plenv). Yes, we don't support many of the algorithms that the tests attempt to use. I should probably push this patch upstream (with improvements) but have not yet had time. https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_tests.patch I took a look at your patch but didn't understand the objective of it. There are some comments as "# Use Blowfish", do you mean using Crypt::Blowfish crypt function instead? Maybe a conditional block from Test::More help with that (including skipping the test at all) would help, based on the osname from Config module. That would be helpful, along with specific versions of perl you are trying to install. Here it goes: Test Summary Report --- op/crypt.t (Wstat: 0 Tests: 6 Failed: 1) Failed test: 1 op/taint.t (Wstat: 0 Tests: 801 Failed: 1) Failed test: 698 Files=2380, Tests=708371, 1082 wallclock secs (27.85 usr 131.32 sys + 336.00 cusr 277.86 csys = 773.03 CPU) Result: FAIL *** Error 2 in /home/arfreitas/perl5/perlbrew/build/perl-5.22.0 (makefile:809 'test_harness') And the details: Use of uninitialized value in substr at op/crypt.t line 43. substr outside of string at op/crypt.t line 43. Use of uninitialized value in substr at op/crypt.t line 43. substr outside of string at op/crypt.t line 43. Use of uninitialized value in string ne at op/crypt.t line 43. Use of uninitialized value in string ne at op/crypt.t line 43. # Failed test 1 - salt makes a difference at op/crypt.t line 43 op/crypt.t Failed 1/6 subtests # Failed test 698 - tainted crypt at op/taint.t line 1988 op/taint.t Failed 1/801 subtests (less 6 skipped subtests: 794 okay) I tried to install the latest perl available (5.22.0). Thanks, Alceu
installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h
Hi there, My name is Alceu and I'm a newbie with OpenBSD. I hope I reached the right mailing list to ask about compiling Perl with perlbrew on OpenBSD. In the past I was successful to install different versions of Perl within OpenBSD 5.7 by using perlbrew, but when I tried the same procedure with version, it fails during the tests crypt.t and tainted.t. Initially I had forgot to install comp58.tgz set, but after correcting this, the same tests keep failing (but now for different reasons than "crypt.h is missing"). Is there any change to crypt.h on version 5.8? It seems the errors are due differences on the interface. Unfortunately I don't have the exact error messages, but I can try to reproduce the errors again if needed. Thanks! Alceu