Re: "intel(0): switch to mode 640x400" on Thinkpad T410

[Walter Alejandro Iglesias]

On Tue, 9 Jul 2024 21:24:01 +1000 Jonathan Gray wrote: 
> On Tue, Jul 09, 2024 at 10:02:40AM -, Stuart Henderson wrote:
> > On 2024-07-08, Jan Stary  wrote:
> > > This is current/amd64 on a Thinkpad T410 (full dmesg below).
> > > Strangely, upon booting, xenodm sets the resolution to 640x480:
> > >
> > > [   974.100] (II) intel(0): Modeline "1440x900"x0.0   96.10  1440 1488 
> > > 1552 1728  900 903 909 926 -hsync -vsync (55.6 kHz eP)
> > > [   974.100] (II) intel(0): Modeline "1440x900"x0.0   80.30  1440 1488 
> > > 1552 1728  900 903 909 926 -hsync -vsync (46.5 kHz e)
> > > [   994.984] (II) intel(0): switch to mode 640x400@60.0 on LVDS1 using 
> > > pipe 0, position (0, 0), rotation normal, reflection none
> > 
> > shouldn't that be using modesetting rather than intel? or is the machine 
> > too old?
>
> > > inteldrm0: msi, IRONLAKE, gen 5
>
> xserver/hw/xfree86/common/xf86pciBus.c
>
> 
> revision 1.14
> date: 2017/09/25 15:05:57;  author: matthieu;  state: Exp;  lines: +2 -0;  
> commitid: wvjaQqtz2qvU9jZw;
> Force Intel Ironlake chipsets to use the xf86-video-intel driver.
> stsp@ reported that modesetting(4) has been reported unreliable
> on his laptop, while intel(4) works.
>
>  to be removed after 6.2 to figure out and fix the issue.
>
> ok kettenis@, also discussed briefly with deraadt@ during EuroBSDCon.
> 
>
> the intel driver requires pci access so won't work with
> startx as we stopped installing Xorg setuid
>

I remember many years ago modesetting wasn't reliable in this machine.
I also had issues with intel SNA acceleration (I had to use UXA).
Currently seems to work fine.  But, I can't tell for sure, I'm not using
this machine every day.

Re: "intel(0): switch to mode 640x400" on Thinkpad T410

[Walter Alejandro Iglesias]

On Tue, 9 Jul 2024 10:02:40 - (UTC) Stuart Henderson wrote:
> On 2024-07-08, Jan Stary  wrote:
> > This is current/amd64 on a Thinkpad T410 (full dmesg below).
> > Strangely, upon booting, xenodm sets the resolution to 640x480:
> >
> > [   974.100] (II) intel(0): Modeline "1440x900"x0.0   96.10  1440 1488 1552 
> > 1728  900 903 909 926 -hsync -vsync (55.6 kHz eP)
> > [   974.100] (II) intel(0): Modeline "1440x900"x0.0   80.30  1440 1488 1552 
> > 1728  900 903 909 926 -hsync -vsync (46.5 kHz e)
> > [   994.984] (II) intel(0): switch to mode 640x400@60.0 on LVDS1 using pipe 
> > 0, position (0, 0), rotation normal, reflection none
>
> shouldn't that be using modesetting rather than intel? or is the machine too 
> old?

In my t410, even not using any xorg.conf, xenodm(1) tries to load the
intel driver, startx(1) doesn't.  Notice the difference between both
Xorg.0.log files:


Running startx(1)


[  3481.653] 
X.Org X Server 1.21.1.13
X Protocol Version 11, Revision 0
[  3481.654] Current Operating System: OpenBSD mamuca.roquesor.com 7.5 
GENERIC.MP#174 amd64
[  3481.654]  
[  3481.654] Current version of pixman: 0.42.2
[  3481.655]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[  3481.655] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[  3481.657] (==) Log file: "/home/morlock/.local/share/xorg/Xorg.0.log", Time: 
Tue Jul  9 12:09:16 2024
[  3481.657] (==) Using system config directory 
"/usr/X11R6/share/X11/xorg.conf.d"
[  3481.658] (==) No Layout section.  Using the first Screen section.
[  3481.658] (==) No screen section available. Using defaults.
[  3481.658] (**) |-->Screen "Default Screen Section" (0)
[  3481.658] (**) |   |-->Monitor ""
[  3481.658] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[  3481.658] (**) Allowing byte-swapped clients
[  3481.658] (==) Automatically adding devices
[  3481.658] (==) Automatically enabling devices
[  3481.658] (==) Not automatically adding GPU devices
[  3481.658] (==) Automatically binding GPU devices
[  3481.658] (==) Max clients allowed: 256, resource mask: 0x1f
[  3481.658] (==) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
[  3481.658] (==) ModulePath set to "/usr/X11R6/lib/modules"
[  3481.658] (II) The server relies on wscons to provide the list of input 
devices.
If no devices become available, reconfigure wscons or disable 
AutoAddDevices.
[  3481.658] (II) Loader magic: 0xd9d14c08500
[  3481.658] (II) Module ABI versions:
[  3481.658]X.Org ANSI C Emulation: 0.4
[  3481.658]X.Org Video Driver: 25.2
[  3481.658]X.Org XInput driver : 24.4
[  3481.658]X.Org Server Extension : 10.0
[  3481.659] (--) Using wscons driver on /dev/ttyC4
[  3481.692] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem
(Permission denied)
Check that you have set 'machdep.allowaperture=1'
in /etc/sysctl.conf and reboot your machine
refer to xf86(4) for details
[  3481.692]linear framebuffer access unavailable
[  3481.692] (II) LoadModule: "glx"
[  3481.693] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[  3481.696] (II) Module glx: vendor="X.Org Foundation"
[  3481.696]compiled for 1.21.1.13, module version = 1.0.0
[  3481.697]ABI class: X.Org Server Extension, version 10.0
[  3481.697] (==) Matched modesetting as autoconfigured driver 0
[  3481.697] (==) Assigned the driver to the xf86ConfigLayout
[  3481.697] (II) LoadModule: "modesetting"
[  3481.697] (II) Loading /usr/X11R6/lib/modules/drivers/modesetting_drv.so
[  3481.698] (II) Module modesetting: vendor="X.Org Foundation"
[  3481.698]compiled for 1.21.1.13, module version = 1.21.1
[  3481.698]Module class: X.Org Video Driver
[  3481.698]ABI class: X.Org Video Driver, version 25.2
[  3481.698] (II) modesetting: Driver for Modesetting Kernel Drivers: kms
[  3481.698] (WW) Falling back to old probe method for modesetting
[  3481.709] (II) modeset(0): using default device
[  3481.709] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support
[  3481.709] (II) modeset(0): Creating default Display subsection in Screen 
section
"Default Screen Section" for depth/fbbpp 24/32
[  3481.709] (==) modeset(0): Depth 24, (==) framebuffer bpp 32
[  3481.709] (==) modeset(0): RGB weight 888
[  3481.709] (==) modeset(0): Default visual is TrueColor
[  3481.709] (II) Loading sub module "glamoregl"
[  3481.709] (II) LoadModule: "glamoregl"
[  3481.711] (II) Loading /usr/X11R6/lib/modules/libglamoregl.so
[  3481.743] (II) Module 

Re: "intel(0): switch to mode 640x400" on Thinkpad T410

[Walter Alejandro Iglesias]

I also have a T410 running the latest snaptshot.  The screen of my
laptop is 1280x800.  I can't reproduce your issue.

Probably this has nothing to do with your issue but I'd like to call the
attention to this error:

  (EE) AIGLX error: dlopen of /usr/X11R6/lib/modules/dri/i965_dri.so failed 
(File not found)
  (EE) AIGLX error: unable to load driver i965

It's present in both two Xorg.0.log you pasted.  And now I realize it is
in my /var/log/Xorg.log.0 too.  Curiously that error doesn't appear when
I use startx(1) (in ~/.local/share/xorg/Xorg.0.log).

My desktop machine has also a integrated intel graphic card and I don't
see that error, neither using startx nor using xenodm.


   Walter

Re: OpenBSD runs hotter than Linux with same laptop, draws more electricity?

[Walter Alejandro Iglesias]

On Tue, 2 Jul 2024 08:54:09 Stuart Henderson wrote:
> On 2024-07-01, A B  wrote:
> > I just wonder why OpenBSD requires more CPU load for the same kind of 
> > activity (web browsing), and also appears to draw more electricity from the 
> > power supply when measured, compared to Linux, when using the same laptop?
>
> This is not unexpected.
>
> > Perhaps more Assembly instructions to complete the same task? But why? 
> > Memory protection kinds of checks?
> >
> > Note this is also when using the integrated (Intel) GPU.
>
> A lot of this is down to Linux having spent more time on optimising
> things for power consumption. Things like choices made in the scheduler
> (deciding which cpu to run a process on) have an effect, especially on
> certain cpu types, as well as code selecting cpu frequencies etc.

Or, it's some issue affecting that laptop in particular (I guess it's
the Macbook Pro the OP mentions in the other thread.)

I remember many years ago I asked about the same thing here.  I had
bought a Thinkpad t410 purely to run OpenBSD on it, but I didn't get
honest answers like yours.  Someone, just to make me shut up, sent me a
private message telling me that my battery was screwed. :-)

Thanks to the work of the developers (I'm pretty sure those improvements
didn't come from the guy who blamed my battery) support for this laptop
improved along the years, currently I don't notice apparent difference
between running Linux or OpenBSD on this machine.


Walter

Re: mpv issue under OpenBSD

[Walter Alejandro Iglesias]

On Fri, Jun 14, 2024 at 06:25:12PM +0200, Walter Alejandro Iglesias wrote:
> Hi team,
> 
> About the issue I mentioned here:
> 
>   https://marc.info/?l=openbsd-ports=171790611818576=2
> 
> I reported it to mpv github:
> 
>   https://github.com/mpv-player/mpv/issues/14355
> 
> This is the answer I got:
> 
>"Probably caused by something in b75b56f.  But none of the developers
> use BSD."
> 
> The b75b56f issue that guy refers is this: 
> 
>   
> https://github.com/mpv-player/mpv/commit/b75b56f91048f0ca8f663b93a92aa059787022ce
> 
> Someone knows if this signals issue could affect OpenBSD in particular?
> 

Today I downloaded mpv source.  After reverting the diff from this
commit:

  
https://github.com/mpv-player/mpv/commit/b75b56f91048f0ca8f663b93a92aa059787022ce

I compiled mpv and the issue disappeared.

It would be great if some expert here can figure out why that change
only affects OpenBSD.  That might help the mpv developers find an
alternative solution to what they presumably fixed with that commit.
(As long as they have any interest in BSD).

Again, my bug report is here:

  https://github.com/mpv-player/mpv/issues/14355



-- 
Walter

mpv issue under OpenBSD

[Walter Alejandro Iglesias]

Hi team,

About the issue I mentioned here:

  https://marc.info/?l=openbsd-ports=171790611818576=2

I reported it to mpv github:

  https://github.com/mpv-player/mpv/issues/14355

This is the answer I got:

   "Probably caused by something in b75b56f.  But none of the developers
use BSD."

The b75b56f issue that guy refers is this: 

  
https://github.com/mpv-player/mpv/commit/b75b56f91048f0ca8f663b93a92aa059787022ce

Someone knows if this signals issue could affect OpenBSD in particular?


  Walter


P.S.: I don't understand why developers subject themselves and users to
using this github shit.  For starters to create the account I had to
suffer an idiotic animation that ate up my entire cpu and didn't let me
type username and password.


-- 
Walter

Re: webcam not working on chromium

[Walter Alejandro Iglesias]

On Thu Jun 13 15:45:55 2024 Walter wrote:
> Hello Thomas,
>
> On Thu, 13 Jun 2024 09:27:30 -0400 Thomas Frohwein wrote
> > On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote:
> > > Hi everyone,
> > > 
> > > I followed the instructions in OpenBSD media FAQ but I coudn't make my
> > > webcam work neither on chromium nor on ungoogled-chromium.  It works
> > > fine on Firefox.  Does anyone know any trick to make it work?
> > > 
> >
> > I'm not sure how to help with that if you're not sharing anything about
> > your hardware.
>
> At first I did not associate the issue with a hardware problem because I
> found several users complaining about this same thing with different
> machines and operating systems.  Some provided a solutions, but none of
> them worked for me.  Besides, the webcam works with the command
> video(1), ffmpeg and Firefox.  And, the webcam is recognized by
> chromium, it just shows a black screen.  Is that chromium could have
> problems with my specific video card?
>
> In any case, below you have the info you asked me.
>

It seems you were right.  It was a hardware issue, chromium have some
problem with the integrated webcam in my thinkpad.  I borrowed a
logitech external webcam to my wife, pluged in and this webcam works
with chromium.

Re: webcam not working on chromium

[Walter Alejandro Iglesias]

Hello Thomas,

On Thu, 13 Jun 2024 09:27:30 -0400 Thomas Frohwein wrote
> On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote:
> > Hi everyone,
> > 
> > I followed the instructions in OpenBSD media FAQ but I coudn't make my
> > webcam work neither on chromium nor on ungoogled-chromium.  It works
> > fine on Firefox.  Does anyone know any trick to make it work?
> > 
>
> I'm not sure how to help with that if you're not sharing anything about
> your hardware.

At first I did not associate the issue with a hardware problem because I
found several users complaining about this same thing with different
machines and operating systems.  Some provided a solutions, but none of
them worked for me.  Besides, the webcam works with the command
video(1), ffmpeg and Firefox.  And, the webcam is recognized by
chromium, it just shows a black screen.  Is that chromium could have
problems with my specific video card?

In any case, below you have the info you asked me.


OpenBSD 7.5-current (GENERIC.MP) #126: Wed Jun 12 09:47:19 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6210174976 (5922MB)
avail mem = 5998854144 (5720MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
bios0: vendor LENOVO version "6IET85WW (1.45 )" date 02/14/2013
bios0: LENOVO 2537EY8
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT TCPA DMAR 
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) 
EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.22 MHz, 06-25-02, patch 
0011
cpu0: cpuid 1 
edx=bfebfbff
 
ecx=298e3ff
cpu0: cpuid 6 eax=7 ecx=1
cpu0: cpuid 7.0 edx=9c00
cpu0: cpuid a vers=3, gp=4, gpwidth=48, ff=3, ffwidth=48
cpu0: cpuid 8001 edx=28100800 ecx=1
cpu0: cpuid 8007 edx=100
cpu0: MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 
8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.25 MHz, 06-25-02, patch 
0011
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.26 MHz, 06-25-02, patch 
0011
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.82 MHz, 06-25-02, patch 
0011
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus 5 (EXP4)
acpiprt6 at acpi0: bus 13 (EXP5)
acpibtn0 at acpi0: LID_(wakeup)
acpibtn1 at acpi0: SLPB(wakeup)
acpipci0 at acpi0 UNCR
acpipci1 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0xfed4/0x5000, device 0x104a rev 0x4e
acpibat0 at acpi0: BAT0 model "42T4848" serial  7058 type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0: version 1.0
"*pnp0c14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu2 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu3 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 100 degC
acpivideo0 at acpi0: VID_
acpivout0 at acpivideo0: LCD0
acpivideo1 at acpi0: VID_
cpu0: using IvyBridge MDS workaround
cpu0: Enhanced SpeedStep 2793 MHz: speeds: 2534, 2533, 2399, 2266, 2133, 1999, 
1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 255
pchb0 at pci0 dev 0 function 0 "Intel QuickPath" rev 0x02
pchb1 at pci0 dev 0 function 1 "Intel QuickPath" rev 0x02
pchb2 at pci0 dev 2 function 0 "Intel QPI Link" rev 0x02
pchb3 at pci0 dev 2 function 1 "Intel QPI Physical" rev 0x02
pchb4 at pci0 dev 2 function 2 "Inte

webcam not working on chromium

[Walter Alejandro Iglesias]

Hi everyone,

I followed the instructions in OpenBSD media FAQ but I coudn't make my
webcam work neither on chromium nor on ungoogled-chromium.  It works
fine on Firefox.  Does anyone know any trick to make it work?

Re: crippled my laptop trying to reclaim root space

[Walter Alejandro Iglesias]

On Thu, Jun 13, 2024 at 03:47:26AM +0400, shadrock uhuru wrote:
> caused me great problem when i came to using sysupgrade,
> most of the space was taken up by the /dev  directory,
> so here comes the boo boo,

When I started with OpenBSD, creating install media more than once I
made this mistake:

  # dd if=file.img of=/dev/sd0 bs=1M 
   ^^^
Instead of copying to the raw device: "rsd0c".

  # dd if=file.img of=/dev/rsd0c bs=1M 


-- 
Walter

Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5

[Walter Alejandro Iglesias]

On Tue, Jun 11, 2024 at 09:41:00PM -, Stuart Henderson wrote:
> > On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote:
> >> Hello,
> >> 
> >> I'm not  sure if  this is expected  behavior or not,  but it  seems that
> >> after upgrading to  OpenBSD 7.5 the mouse cursor no  longer changes from
> >> an arrow pointer to  a hand when I hover over links  in Firefox. It does
> >> work for some  other programs though. Also, moving the  mouse over other
> >> elements (like text  entry) does work. It's just moving  over links that
> >> no longer visibly changes the mouse cursor.
> >> 
> >> Is  this a  problem isolated  to Firefox?  Is anyone  aware of  a change
> >> that  would  cause this  and  more  to the  point,  how  to recover  the
> >> functionality?
> 
> It's isolated to firefox, afaik most likely (maybe only likely?)
> to occur if you don't use a "desktop environment", it's due to
> https://bugzilla.mozilla.org/show_bug.cgi?id=1871863
> (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15)
> and it's a flipping nuisance.
> 
> On 2024-06-10, Hiltjo Posthuma  wrote:
> > iirc it can be worked around by setting in about:config:
> >
> > widget.gtk.legacy-cursors.enabled to true
> 
> That is the hack they added that is supposed to undo this change.
> It doesn't do anything for me though.

Adding these two settings?

  $ grep Xcursor ~/.Xdefaults
  Xcursor.theme: Adwaita

  $ cat ~/local/share/icons/default/index.theme
  [Icon Theme]
  Inherits=Adwaita

> 
> If you're not using a desktop environment, you can run xsettingsd
> with this in .xsettingsd to set a cursor theme:
> 
> Gtk/CursorThemeName "Adwaita"
> 
> However then in some setups you'll get stupidly large pointers in
> Gtk based software.


-- 
Walter

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Sat May 18 08:50:21 2024 Philip Guenther wrote:
> > So yeah, what's needed is pathconfat(2)** but whether this winding loose 
> > end ("That poor yak.") merits that much code and surface is yet to be 
> > examined deeply.
>
> The fix for this has now been committed, so it'll be in 7.6 and a near
> future snapshot.
>

And you wrote the library!

Philip Guenther at https://austingroupbugs.net/view.php?id=1831 wrote:

   With a fresh cup of coffee, it's 'obvious' the correct action is to
   use pathconfat(AT_FDCWD, path, _PC_TIMESTAMP_RESOLUTION,
   AT_SYMLINK_NOFOLLOW)

   This was touched on in https://austingroupbugs.net/view.php?id=786
   [^] (c.f.  Geoff's comment 2827 from 2015) so maybe I should just
   implement this in OpenBSD and drag everyone else along from there. :)


No yaks for Philip "John Wayne" Guether, only cows. ;-)


>
> Philip Guenther
>
>


Walter

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Fri May 17 09:50:58 2024 Philip Guenther wrote:
> Sounds like you copied with something like 'cp -p' so the copy has a
> mtime with zero nsecs part, so now they do compare as equal.

This morning I realized that when I copied the symlink from the ext2
drive to my hard disk, cp(1) didn't copy the symlink but the executable
itself.  Reading cp(1) man page I see that the command I should have
used to copy the symlink is 'cp -PR'.

In my case caffeine is affecting negatively, it makes me jump to
conclusions.  Sorry for make you waste your time!

>
>
> > P.S.: I'm curious about the following.  After running the stat command
> > here and there, I found *many* files showing that lack of mtime
> > granularity spread throughout all my system tree (as a side note: this
> > doesn't happen with their ctime and atime.)
>
> The released install tgz files (base75.tgz, etc) use a format where
> the contained files all have simple integer mtimes and tar is invoked
> with the -p option (required for correct permissions on setuid/gid
> files) which makes it also set the mtime on the extracted file to
> match what's in the tar file.
>
> ctime is always set from the local clock when the inode is
> allocated/updated, so no reason for it to always have a zero nsecs.
>
> atime is of course updated from the local clock when you, uh, access them.

Thanks for your explanation!

>
>
> Philip Guenther
>
>

   Walter

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Thu May 16 09:48:45 2024 Philip Guenther wrote:
> So yeah, what's needed is pathconfat(2)** but whether this winding loose
> end ("That poor yak.") merits that much code and surface is yet to be
> examined deeply.
>
> Philip Guenther
>
>
> ** or lpathconf(2), but pathconfat(2) is better
>

I read what you posted here:

  https://austingroupbugs.net/view.php?id=1831

In the footnote you wrote:

  "(This was encountered when trying to fix a pax implementation's
  handling of timestamp comparison for -u when the target filesystem had
  courser resolution that the source filesystem by using
  pathconf(_PC_TIMESTAMP_RESOLUTION) on the target path to handle the
  loss of high-precision time info...but the symlink pointed to a
  location with high-precision timestamps so it couldn't know to round
  the times when doing the comparison...)"


I did one more experiment.  I removed the offending soft link from my
hard disk, then I copied the backed-up version of the soft link from the
ext2 drive back to my system tree.  Now pax (with your patches) doesn't
insist in re-updating the file, *even after updating the file with
touch(1)*.

The soft link *still* points to a location with high-precision
timestampts, but pax does the right job.

Intuitively this suggests me that there is something more that mtime
precision in this misunderstanding between OpenBSD and ext2 file
systems.  If I copy files using pax from Linux (another *BSD* version of
pax) to that same ext2 drive it works as expected.


  Walter


P.S.: I'm courious about the following.  After running the stat command
here and there, I found *many* files showing that lack of mtime
granularity spread throughout all my system tree (as a side note: this
doesn't happen with their ctime and atime.)

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Wed May 15 13:04:53 2024 Walter Alejandro Iglesias wrote:
> After more testing I realized that I was wrong my modification doesn't
> solve the problem.
>

Yeah, I also realized that what I did was stupid. :-)

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Wed May 15 10:24:32 2024 Walter Alejandro Iglesias wrote:
> I get it working but I don't know if what I did is fine.
>
> As I'd told you the problem was ctime (when using -Y), so I added one
> conditional to your diff where it checks only mtime and it works:
>
>
> Index: ar_subs.c
> ===
> RCS file: /cvs/src/bin/pax/ar_subs.c,v
> diff -u -p -r1.51 ar_subs.c
> [...]

After more testing I realized that I was wrong my modification doesn't
solve the problem.

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Wed May 15 10:20:04 2024 Philip Guenther wrote:
> I think you've managed to hit a spot where the POSIX standard doesn't
> provide a way for a program to find the information it needs to do its job
> correctly.  I've filed a ticket there
>https://austingroupbugs.net/view.php?id=1831
>
> We'll see if my understanding of pathconf() is incorrect or if someone has
> a great idea for how to get around this...
>
>
> Philip Guenther
>

Hi Philip,

I get it working but I don't know if what I did is fine.

As I'd told you the problem was ctime (when using -Y), so I added one
conditional to your diff where it checks only mtime and it works:


Index: ar_subs.c
===
RCS file: /cvs/src/bin/pax/ar_subs.c,v
diff -u -p -r1.51 ar_subs.c
--- ar_subs.c   10 Jul 2023 16:28:33 -  1.51
+++ ar_subs.c   15 May 2024 08:19:08 -
@@ -146,23 +146,61 @@ list(void)
 }
 
 static int
-cmp_file_times(int mtime_flag, int ctime_flag, ARCHD *arcn, struct stat *sbp)
+cmp_file_times(int mtime_flag, int ctime_flag, ARCHD *arcn, const char *path)
 {
struct stat sb;
+   long res;
 
-   if (sbp == NULL) {
-   if (lstat(arcn->name, ) != 0)
-   return (0);
-   sbp = 
+   if (path == NULL)
+   path = arcn->name;
+   if (lstat(path, ) != 0)
+   return (0);
+
+   /*
+* The target (sb) mtime might be rounded down due to the limitations
+* of the FS it's on.  If it's strictly greater or we don't care about
+* mtime, then precision doesn't matter, so check those cases first.
+*/
+   if (ctime_flag && mtime_flag) {
+   if (timespeccmp(>sb.st_mtim, _mtim, <=))
+   return timespeccmp(>sb.st_ctim, _ctim, <=);
+   if (!timespeccmp(>sb.st_ctim, _ctim, <=))
+   return 0;
+   /* <= ctim, but >= mtim */
+   } else if (mtime_flag) {
+   return timespeccmp(>sb.st_mtim, _mtim, <=);
+   } else if (ctime_flag)
+   return timespeccmp(>sb.st_ctim, _ctim, <=);
+   else if (timespeccmp(>sb.st_mtim, _mtim, <=))
+   return 1;
+
+   /*
+* If we got here then the target arcn > sb for mtime *and* that's
+* the deciding factor.  Check whether they're equal after rounding
+* down the arcn mtime to the precision of the target path.
+*/
+   res = pathconf(path, _PC_TIMESTAMP_RESOLUTION);
+   if (res == -1)
+   return 0;
+
+   /* nanosecond resolution?  previous comparisons were accurate */
+   if (res == 1)
+   return 0;
+
+   /* common case: second accuracy */
+   if (res == 10)
+   return arcn->sb.st_mtime <= sb.st_mtime;
+
+   if (res < 10) {
+   struct timespec ts = arcn->sb.st_mtim;
+   ts.tv_nsec = (ts.tv_nsec / res) * res;
+   return timespeccmp(, _mtim, <=);
+   } else {
+   /* not a POSIX compliant FS */
+   res /= 10;
+   return ((arcn->sb.st_mtime / res) * res) <= sb.st_mtime;
+   return arcn->sb.st_mtime <= ((sb.st_mtime / res) * res);
}
-
-   if (ctime_flag && mtime_flag)
-   return (timespeccmp(>sb.st_mtim, >st_mtim, <=) &&
-   timespeccmp(>sb.st_ctim, >st_ctim, <=));
-   else if (ctime_flag)
-   return (timespeccmp(>sb.st_ctim, >st_ctim, <=));
-   else
-   return (timespeccmp(>sb.st_mtim, >st_mtim, <=));
 }
 
 /*
@@ -842,14 +880,12 @@ copy(void)
/*
 * if existing file is same age or newer skip
 */
-   res = lstat(dirbuf, );
-   *dest_pt = '\0';
-
-   if (res == 0) {
+   if (cmp_file_times(uflag, Dflag, arcn, dirbuf)) {
+   *dest_pt = '\0';
ftree_skipped_newer(arcn);
-   if (cmp_file_times(uflag, Dflag, arcn, ))
-   continue;
+   continue;
}
+   *dest_pt = '\0';
}
 
/*

Re: pax and ext2fs

[Walter Alejandro Iglesias]

Hi Philip,

On Tue May 14 19:40:04 2024 Philip Guenther wrote:
> If you like, you could try the following patch to pax to more gracefully
> handle filesystems with time resolution more granular than nanoseconds.

After applying your patch, as I'd done before reporting the issue, I
sycronized my home directory to an external ext2fs drive with the
command showed by the man page:

  $ pax -rw -v -Z -Y source target

This time only one file stays updating again an again, a soft link I
have in my ~/bin folder of /usr/local/bin/prename.  I tried the command
Stuart Henderson taught me in that file:

$ stat -f %Fm /usr/local/bin/prename
1713451867.0

... no sub-second timestamp, like happens when I run the same stat
comand with the files in the ext2fs drive.  I ran stat with other files
under /usr/local, same result, I end noticing that /usr/local is the
only partition mounted with the wxallowed option.

I wish my guessing info will be useful. :-)  Let me know what more I can
do to help.


> The whitespace will presumably be mauled by gmail so use patch's -l option.

Some lines in the diff arrived wrapped but I corrected them and could
apply the patch.  Gmail has an well hidden option :-), if you open your
account from your browser you can configure it to send in plain text.
You have to click in Compose, then in the compose window go to the last
icon in the bottom right (with a vertical ellipis) hovering with your
mouse says "More options", click and you'll see there the "Plain Text"
option, select it and the option stays saved.  I don't use gmail since a
long time, I had to investigate this tired of friends sending me the
HTML copy of all their messages.

>
> Philip Guenther
>
>

-- 
Walter

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Tue May 14 18:11:16 2024 Страхиња Радић wrote:
> Antipatterns are bad. I don't mean the ellipsis in `ls -l ...`. I mean 
> things like
>
>   cat file | grep hello | cat | sed 's/hello/world/g' | cat - > output
>
>   for file in `echo `ls *` `; do echo $file; done
>
>   ls -l | awk '{ print $5 }'  # different things with different ls'es
>   # under different locales, and on 
>   # different systems, with differently
>   # named files
>
> which are something a novice will see and adopt, especially when it is 
> not even communicated as a "sketch", and a seasoned user of shell will 
> just be annoyed with.

This recalls me again the quote of the article you linked:

  "..., unless extreme portability is more important..."

Let's make it short.  Would you guarantee that your shell scripts work
on any unix-like system?


And here I abandon the discussion, needless to say that I appreciate all
your advices.

Greetings!

Re: What software to debugging and analyzing C?

[Walter Alejandro Iglesias]

On Tue May 14 11:40:42 2024 Tomasz Rola wrote:
> I am sure gdb has some merits but for whatever C programs I wrote so
> far, a much more useful debugging technique was putting printf in
> right places and isolate the problem,

I got used to doing this too.  I started doing it intuitively, I'm
self-taught (and I'm certainly not an expert).

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Tue May 14 11:11:33 2024  wrote:
> When `while ... read ...` idiom is used, it is advisable to clear IFS 
> to turn off field splitting, and use -r to avoid interpretation of 
> backslash sequences in the input:
>
>   while IFS= read -r dir; do # ...
>
> Back to parsing the output of ls(1) (also applicable to parsing the 
> output of find(1), or globs), there is an indepth analysis of the 
> problem at [1]. The accepted answer concludes that perhaps shell 
> command language is not the right tool for the job, and a more 
> sophisticated language should be used instead. While I don't agree with 
> the author's choice of Python, any language supporting opendir(3), 
> readdir(3) or equivalent functions will suffice.
>
> [1]: 
> https://unix.stackexchange.com/questions/128985/why-not-parse-ls-and-what-to-do-instead
>

Let's start for what the first answer in that forum put in bold:

   Bourne shell is a bad language.  It should not be used for anything
   complicated, unless extreme portability is more important than any
   other factor (e.g. autoconf).

If you analyze that statement, depending on the case, it may have sense
or not at all.

I learned about the convenience of adding the '-r' option in the "while
read" loop many years ago when I was writing a script to convert roff to
html, the problem aroused with the backslash in roff comments (.\").

When I post an example of a shell script in some forum or mailing list I
post an sketch, assuming others will use it as a example and write
themselves their own solution.  Who won't be able to overcome issues
like the above are those who aren't familiar or trained in that language
in particular.  For me (as I think it should be for any unix user) shell
scripting is mainly the way a "use" the computer, it's not a
"programmers" language, something you use to write whole applications of
the kind "Push this button and relax, I'll do the job".  I have a
hundred of dirty shell scripts in my ~/bin directory that if you examine
them you'll find many dumb errors, but mainly they do the job.  I don't
know anything about python (I don't like it), but I bet that if you
analyze python, or C or Perl, you'll also find inconsistencies you'll
have to workaround as with shell scripting.  Nothing is perfect when you
see it in detail.

Many years ago I posted in some linux forum an example of a shell script
to blacklist IPs in a web-mail server.  My intention was encouraging
users to not follow the MSWin approach, I mean downloading some 3rd
party tool instead of learning what the system already has to offer.
And I remember myself proposing and giving solutions with rsync in that
same forum to someone asking for a mirror capable synchronizing tool.
This, and *learning to do things by yourself* (even if your program isn't
as good the one you download or isn't good at at all), are the
fundamental tendencies I always defend since ARE THE REASON OF EXISTENCE
OF FOSS.  Immediately, some "experts" started to point me "holes" in my
script, when what I posted was just a sketch.  In that case disregarding
shell scripting wasn't useful as an argument since they were proposing
fail2ban.sh (a clear example of using shell scripting for something
complicated. ;-))

Summarizing, my motivation was triggered by the topic of the thread and
the way it was raised by the OP.


-- 
Walter

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Sun May 12 21:50:12 2024 Martin Schröder wrote:
>
>   If a line begins with "- " (dash, space) or "+ " (plus, space),
>   then the type of rule is being explicitly specified as an exclude
>   or an include (respectively).  Any rules without such a prefix are
>   taken to be an include.

I'd read the man page.  What I understand from this paragraph is that
you have to include in the list *all* the files.  How convenient! :-)

>
>
> Coming back to the topic of this thread:

Yeah, because I'm talking about football.


>
> Best
>  Martin
>
>
>

Re: What software to debugging and analyzing C?

[Walter Alejandro Iglesias]

Otto Moerbeek thought me this:

First compile your program with debug symbols (and, conveniently, without
optimization settings.)

  $ DEBUG="-g -O0" make

Then:

  $ MALLOC_OPTIONS=D ktrace -tu 
  $ kdump -u malloc

kdump will though you lines like this:

  0x34f10a4b153   20480  1  20480 addr2line -e /usr/lib/libc.so.97.1 0x4d153
  0x34f10a96470  410576 25  16423 addr2line -e /usr/src/usr.bin/ 0x98470

If you compiled your program with debugging symbols and your program has
some leak, the name of your program will appear in some of those lines.
Then you run that addr2line command and it'll show you in which file and
line the leak is produced.  It will show your errors that valgrind won't.

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Sun May 12 20:58:43 2024 Andreas Kähäri wrote
> With rsync(1):
>
>   rsync -n -aim --delete-excluded \
>   --include-from=list \
>   --include='*/' \
>   --exclude='*' \
>   source/ target
>

I don't understand what your command does exactly.  And this is surely
of everyone interest since, like me, everyone has many files and
directories in $HOME which are not worth to save, as ~/.cache for
example.  If you take a second look to my examples, the one using pax
and the other using rsync inside a loop, both are thought to synchronize
*only* what I put in the list and, as you see, in the list there are
files and directories.  I appreciate that you or any other rsync expert
here show me how to accomplish that (in case it's possible) with rsync
without resorting to a loop as I did.

(Not challenging, I'm asking this as favor.) 


I use a simliar solution to syncronize my $HOME directory to other
machines.  Related to the idea of synchronizing a selection of files and
directories saved in a list, I attempted to lern how rdist(1) works, as
Robert B. Carleton advised me, but I couldn't see much, rdistd(1) core
dumped.

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Sun May 12 13:22:13 2024 Alexis wrote:
> Andreas Kähäri  writes:
> > Well, that's one way to control this trainwreck of a script; 
> > just say
> > that any name containing "inappropriate" characters aren't 
> > allowed!
> >
> > May I ask why you don't simply use rsync(1) (or even 
> > openrsync(1) from
> > the OpenBSD base system)?
>
> i'm not sure why you're addressing this to me, as i'm not the OP.

I guess it's me who Andreas should address this question to, right?

I gave a dirty example to someone who mentioned pax to the OP.  Just
playing and lerning. :-)

I've been using rsync since ever, but, first, I don't think rsync is
bulletproof either and, second, making a backup with pax is faster and
in some cases simpler.  If you don't want to delete files on the target
you don't need to do scripting at all.

Let's take the example I put in my first message.  With rsync, you'll
have to do something like this:

~/backup_list

# backup_list
.Xdefaults
.kshrc
.nexrc
.profile
.calendar/
.config/feh/
.config/fontconfig/
.config/gtk-3.0/gtk.css
Documents/
Pictures/
[...]
---

files=$(egrep -v "^$|^#" ~/backup_list)

for i in $files ; do
rsync -av --delete --mkpath $HOME/$i $device/$user/$i
done


But openrsync doesn't have a '--mkpath' option, I let Andreas to think
the solution. :-)


>
> That said, yes, minimising the extent to which certain non-'word' 
> characters (i.e. roughly the POSIX 'alnum' class as described in 
> re_format(7)) _can_ make it easier to programatically do certain 
> tasks which are restricted by the long and messy history of C and 
> Unix development. Given that i've been using computers for a few 
> decades, i still instinctively don't use spaces in filenames, even 
> though they're very much allowed. But of course, that's not what 
> most of the world does, and this is an example of trying to work 
> out what the best tradeoffs might be when dealing with the 
> messiness of the real world.

I overlooked this in my example because I *never* use spaces, UTF-8 or
any special characters to name my file names.  Lately, I finally
persuaded my wife to use Linux, after decades of having to use Windows.
Even when I educated her in this matter she has clients who send her
files named with any kind of crap, so taking care of this issue is still
convenient.


>
>
> Alexis.
>
>
>

-- 
Walter

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Sun May 12 11:40:05 2024 tux2bsd wrote
> Hi Walter
>
> mktemp makes temporary unique filenames like this:
>
> delete_list=$(mktemp)
> source_list=$(mktemp) 
> target_list=$(mktemp) 
> # Do your code. If you want to keep something you do
> # that appropriately then:
> rm $delete_list $source_list $target_list
>
>

This version can deal with files with special characters and spaces:

# Remove files from target directory
delete_list=$(mktemp -t delete.XX) || exit 1
source_list=$(mktemp -t source.XX) || exit 1
target_list=$(mktemp -t target.XX) || exit 1

dirs=$(echo "$files" | grep '/$')

cd && find $dirs | sort | uniq > $source_list
cd "$target" && find $dirs | sort | uniq > $target_list
diff $source_list $target_list |
grep '^> ' | sed 's#^> #'$target'/#' > $delete_list

cd &&
while read line; do
echo "delete $line"
rm "$line"
done < $delete_list

# Clean
rm $source_list $target_list $delete_list

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Sun May 12 10:07:30 2024 Страхиња Радић wrote:
> A few notes:
> 
> - You don't need a backslash after a pipe (|) or a list operator (||
>   and &&) - a line ending with a pipe is an incomplete pipeline. So 
>   (with added quoting):
> 
>   diff "$source_list" "$target_list" |
>   awk '/^> / { print "'"$target"'/" $NF }' > "$delete_list"

I know, just fingers habit. :-)

>
>   As an example for a list operator, the second line beginning with cd
>   could also be written as:
> 
>   cd "$target" &&
>   find "$dirs" | sort | uniq > "$target_list"
> 
>   This works even when entering commands interactively from the command 
>   line.
> 
> - Before the `rm -rf` line, a useless use of cat[1]:
> 
>   sed 's/^/delete /' "$delete_list"
> 
> - The xargs is unnecessary in `rm -rf $(cat $delete_list | xargs)`; 
>   BTW, that line is vulnerable to weird pathnames (for example, 
>   those including spaces, line feeds and special characters).
> 

What about the following, better?

-
# Remove files from target directory
date=$(date +%H%M%S)
delete_list=/tmp/delete_$date
source_list=/tmp/source_$date
target_list=/tmp/target_$date

dirs=$(echo "$files" | grep '/$')

cd && find $dirs | sort | uniq > $source_list
cd "$target" && find $dirs | sort | uniq > $target_list
diff $source_list $target_list |
 awk '/^> / { print "'$target'/" $NF }' > $delete_list

cd &&
if [ -s $delete_list ]; then
echo "Deleting on ${target}:"
rm -vrf $(cat $delete_list)
fi

# Clean
rm $source_list $target_list $delete_list
-


Thanks for your recomendations!


-- 
Walter

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Sat May 11 20:20:04 2024 "Robert B. Carleton" wrote:
> Another tool you might want to take a look at is rdist(1). It's limited
> in some ways, but is a native capability to OpenBSD. It has a long
> history.
>

I've never used rdist(1) either, I will learn about it.  Thanks Robert
for mention it to me!

With unix I always feel like I'm just starting out, blissfully ignorant,
(I was about to also say "young" but that would be an exaggeration :-)).

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Fri May 10 08:36:50 2024 Walter Alejandro Iglesias wrote
> Then I do something like this (simplified for clartiy):
>
> [...]
>
> dirs=$(echo "$files" | grep '/$')
>
> for i in $dirs ; do
>   find $source/$i | sed 's#'$source'##' | sort | uniq > $source_list
>   find $target/$i | sed 's#'$target'##' | sort | uniq > $target_list
>   diff $source_list $target_list |\
>awk '/^> / { print "'$target'" $NF }' >> $delete_list
> done
>
> cat $delete_list | sed 's/^/delete /'
> rm -rf $(cat $delete_list | xargs)
>
> rm $source_list $target_list $delete_list
> 
>


Today I realized that the loop above is not necesary:

---
dirs=$(echo "$files" | grep '/$')

cd && find $dirs | sort | uniq > $source_list
cd $target && find $dirs | sort | uniq > $target_list
diff $source_list $target_list |\
 awk '/^> / { print "'$target'/" $NF }' > $delete_list

cat $delete_list | sed 's/^/delete /'
rm -rf $(cat $delete_list | xargs)

# Clean
rm $source_list $target_list $delete_list

Re: Favorite configuration and system replication tools?

[Walter Alejandro Iglesias]

On Fri May 10 08:16:32 2024 "Robert B. Carleton"  wrote:
> I'm going to try using pax(1) in copy mode (-rw) as an alternative to
> rsync and cpio when it's local filesystems. I hadn't considered that
> until recently.

This is my dirty solution to add pax a "delete on target" functionality.

I save the list of the files and directories I want to back up to a file
(starting from my $HOME).  Notice that directories end with a slash (to
facilitate filtering with grep in the script.)


# backup_list
.Xdefaults
.kshrc
.nexrc
.profile
.calendar/
.config/feh/
.config/fontconfig/
.config/gtk-3.0/gtk.css
Documents/
Pictures/
[...]
---


Then I do something like this (simplified for clartiy):

--
backup_list=/path/to/backup_list
source=$HOME
target=$device
files=$(egrep -v "^$|^#" $backup_list)

pax -rw -v -Z -Y $files $target

# Delete files not present in source from target directory
date=$(date +%H%M%S)
delete_list=/tmp/delete_$date
source_list=/tmp/source_$date
target_list=/tmp/target_$date

dirs=$(echo "$files" | grep '/$')

for i in $dirs ; do
find $source/$i | sed 's#'$source'##' | sort | uniq > $source_list
find $target/$i | sed 's#'$target'##' | sort | uniq > $target_list
diff $source_list $target_list |\
 awk '/^> / { print "'$target'" $NF }' >> $delete_list
done

cat $delete_list | sed 's/^/delete /'
rm -rf $(cat $delete_list | xargs)

rm $source_list $target_list $delete_list



-- 
Walter

Using my patched version of OpenBSD mail(1).
https://en.roquesor.com/Downloads/mail_patches.tar.gz

Re: pax and ext2fs (update)

[Walter Alejandro Iglesias]

Removing the inode check (-Y option) files are updated correctly to ext2fs.
So the command would be:

  $ pax -rw -v -Z $files $target

So, it's something with the inode check what doesn't work with ext2fs.

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Thu, 2 May 2024 12:03:10, Stuart Henderson wrote
> I don't have a suitable filesystem handy to test, but does OpenBSD's
> implementation of ext2fs support sub-second timestamps?
>
> stat -f %Fm $filename
>
> If not, that's a probable explanation for the difference in behaviour.
> You could probably confirm by forcing timestamps with no nanosecond
> components, e.g. touch -t mmddhhmm.ss $filename, or copy to ext2fs
> and back again.

$ doas mount -t ext2fs /dev/sd0i /mnt
$ touch ~/test.txt
$ cp ~/test.txt /mnt
$ stat -f %Fm /mnt/test.txt
1714657214.0
$ cp ~/test.txt /mnt
$ stat -f %Fm /mnt/test.txt
1714657409.0
Â~m

Re: pax and ext2fs

[Walter Alejandro Iglesias]

I expect from that command no more and no less than what is explained in
the man page:

Update (and list) only those files in the destination directory
/backup which are older (less recent inode change or file
modification times) than files with the same name found in the source
file tree home:

$ pax -r -w -v -Y -Z home /backup

While that works as explained when copying to a ffs drive, running the
same command again and again to a ext2fs target *all* files are copied
again, even those already updated, what suggests me that pax(1) fails to
get ext2fs timestamps right.  But this is asking to much to OpenBSD,
right?  Linux don't even support ffs.  That's why I didn't put much care
in reporting this issue or sending it to bugs@.  Besides, in general, to
backup my files, I don't trust synchronizing files (for which I use
rsync) to foreign file systems, in this case I save a *.tag.gz to the
drive.

By the way, currently I'm not using OpenBSD in any production system but
in my desktop and just for fun.  So, most of the time when I post
something here I'm not asking for help but trying to contribute to the
project.  I appreciate your concern about my luck anyways.


-- 
Walter

Using my patched version of OpenBSD mail(1).
https://en.roquesor.com/Downloads/mail_patches.tar.gz

pax and ext2fs

[Walter Alejandro Iglesias]

Hello,

I'd never used pax(1), reading the man page I found this command can be
used to make a backup:

  $ pax -r -w -v -Y -Z home /backup

Faster than using rsync indeed, but it seems that the -Y and -Z options
don't work with ext2fs?


-- 
Walter

A new version of fmt enhanced for *roff files

[Walter Alejandro Iglesias]

Hello everyone,

I wrote my own version of fmt, with some enhancements and a new feature
to break lines in *roff files.

  https://en.roquesor.com/Downloads/fmtroff.c

In the head comment is explained why I reinvented the wheel. :-)

I guess someone could find it useful.


-- 
Walter

Re: Possible off-by-one bug in usr.sbin/rad/engine.c

[Alejandro Colomar]

Hello Rudolf,

On 1/1/23 16:59, Rudolf Leitgeb wrote:

Coming from a C/C++ background, I would assume, that a range from
200 to 600 comprises numbers would start at 200 and reach as far
as 599. This would be in sync with all STL functions for iterating
through collections or for extracting ranges.

As long as you need two random numbers to craft seconds and
microseconds values, it will be anything but easy to create
a uniform distribution going from 200.000 all the way up
to and including 600.00. As others have already pointed
out, your initially proposed fix certainly does not achieve this.


Yes, I was wrong.  However, please check my patch 2/2 recently sent to the list. 
 There are a few other cases, and I think some of them may be actual bugs.


Thanks,

Alex

--



OpenPGP_signature
Description: OpenPGP digital signature

Re: Possible off-by-one bug in usr.sbin/rad/engine.c

[Alejandro Colomar]

On 1/1/23 14:48, Alejandro Colomar wrote:

Hello Florian, Ingo,

On 1/1/23 08:24, Florian Obser wrote:

On 2022-12-31 23:54 +01, Ingo Schwarze  wrote:


[...]



With your change, the timeout could go up to 600.99, i.e. almost 601
seconds.  I don't know the protocol and can't say whether the change
would matter, but naively, exceeding the MAX_ feels surprising to me.


Oops, I missed this part.  That's where it makes sense. :)



Really, this doesn't look like a bug to me...


Unfortunately the OP did not explain why they think this is a bug.


Sorry; my bad; I should have explained it.

The thing that led me to believe that it was a bug is that variables or 
constants called *max* (normally) refer to the maximum value allowed in a range, 
for which there usually is a *min* counterpart (when it's not simply 0).


In this case, it seems MAX_* is really the maximum+1.  I don't know what the 
code is about, so 200 and 600 just look like magic numbers to me, and I don't 
know if the maximum is 600 or actually 599.






Yours,
   Ingo




Cheers,
Alex



--
<http://www.alejandro-colomar.es/>


OpenPGP_signature
Description: OpenPGP digital signature

Re: Possible off-by-one bug in usr.sbin/rad/engine.c

[Alejandro Colomar]

Hello Florian, Ingo,

On 1/1/23 08:24, Florian Obser wrote:

On 2022-12-31 23:54 +01, Ingo Schwarze  wrote:

Hi Alejandro,

Alejandro Colomar wrote on Sat, Dec 31, 2022 at 05:56:27PM +0100:


I've started auditing the OpenBSD source code after the discussion on
arc4random_uniform(3) and my suggestion of arc4random_range() on the glibc
mailing list.

I found some cases where it seems like there's an off-by-one bug, which
would be solved by providing arc4random_range().  I'll show here one,
to confirm that it's a bug, and if you confirm it, I'll continue fixing
similar bugs around the OpenBSD tree.

Here's the first one I found, which I hope is fixed by my patch:


diff --git a/usr.sbin/rad/engine.c b/usr.sbin/rad/engine.c
index ceb11d574e3..a61ea3835a6 100644
--- a/usr.sbin/rad/engine.c
+++ b/usr.sbin/rad/engine.c
@@ -641,8 +641,7 @@ iface_timeout(int fd, short events, void *arg)
  struct imsg_send_ra  send_ra;
  struct timeval   tv;

-   tv.tv_sec = MIN_RTR_ADV_INTERVAL +
-   arc4random_uniform(MAX_RTR_ADV_INTERVAL - MIN_RTR_ADV_INTERVAL);
+   tv.tv_sec = arc4random_range(MIN_RTR_ADV_INTERVAL, 
MAX_RTR_ADV_INTERVAL);
  tv.tv_usec = arc4random_uniform(100);


Currently, the code puts a number in the range [200, 600) in tv_sec
and a random number of microseconds into tv_usec,
i.e. the timeout will be greater than or equal to 200 seconds
and strictly less than 600 seconds with a uniform distribution.

Isn't that exactly what is intended?


  log_debug("%s new timeout in %lld", __func__, tv.tv_sec);


If I'm correct, it should have been 'min + (max - min + 1)' instead
of 'min + (max - min)'.  Please confirm.


With your change, the timeout could go up to 600.99, i.e. almost 601
seconds.  I don't know the protocol and can't say whether the change
would matter, but naively, exceeding the MAX_ feels surprising to me.

Really, this doesn't look like a bug to me...


Unfortunately the OP did not explain why they think this is a bug.


Sorry; my bad; I should have explained it.

The thing that led me to believe that it was a bug is that variables or 
constants called *max* (normally) refer to the maximum value allowed in a range, 
for which there usually is a *min* counterpart (when it's not simply 0).


In this case, it seems MAX_* is really the maximum+1.  I don't know what the 
code is about, so 200 and 600 just look like magic numbers to me, and I don't 
know if the maximum is 600 or actually 599.






Yours,
   Ingo




Cheers,
Alex

--
<http://www.alejandro-colomar.es/>


OpenPGP_signature
Description: OpenPGP digital signature

[RFC v1 2/2] Use arc4random_range() instead of arc4random_uniform() when appropriate

[Alejandro Colomar]

This makes the code much more readable and self-documented.  While doing
this, I noticed a few bugs, and other cases which may be bugs or not.
Switching to this specialized API makes it easier to spot such bugs, but
since I'm not familiar with the code, I kept some bugs unfixed.  The
most obvious ones (although I may be wrong) I fixed them.  And in some
cases where it was very unclear, I didn't touch the old *_uniform() code.

Below are the cases where I changed the behavior (I considered it a bug):

*  usr.bin/ssh/auth.c:

   -  *cp = hashchars[arc4random_uniform(sizeof(hashchars) - 1)];
   +  *cp = hashchars[arc4random_range(0, sizeof(hashchars) - 1)];

*  usr.sbin/ftp-proxy/ftp-proxy.c:

   -  return (IPPORT_HIFIRSTAUTO +
   -  arc4random_uniform(IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO));
   +  return arc4random_range(IPPORT_HIFIRSTAUTO, IPPORT_HILASTAUTO);

*  usr.sbin/rad/engine.c:

   -  tv.tv_sec = MIN_RTR_ADV_INTERVAL +
   -  arc4random_uniform(MAX_RTR_ADV_INTERVAL - MIN_RTR_ADV_INTERVAL);
   +  tv.tv_sec = arc4random_range(MIN_RTR_ADV_INTERVAL, MAX_RTR_ADV_INTERVAL);

In the following change, I didn't use the temporary variable 'num3'.
AFAICS, this doesn't affect other uses of the variable in other places,
because they set it before use.  But please check carefully; I may have
missed something:

*  usr.sbin/cron/entry.c:

   -  /* get a random number in the interval [num1, num2]
   -   */
   -  num3 = num1;
   -  num1 = arc4random_uniform(num2 - num3 + 1) + num3;
   +  num1 = arc4random_range(num1, num2);

Signed-off-by: Alejandro Colomar 
---
 games/boggle/boggle/bog.c   | 2 +-
 games/canfield/canfield/canfield.c  | 2 +-
 games/mille/init.c  | 2 +-
 gnu/gcc/gcc/cfgexpand.c | 2 +-
 lib/libevent/select.c   | 2 +-
 regress/lib/libc/malloc/malloc_general/malloc_general.c | 2 +-
 regress/sys/sys/tree/rb/rb-test.c   | 3 +--
 regress/sys/sys/tree/splay/splay-test.c | 3 +--
 sbin/iked/ikev2.c   | 2 +-
 sys/dev/pci/drm/drm_linux.c | 2 +-
 sys/dev/pci/drm/include/linux/random.h  | 2 +-
 sys/kern/kern_fork.c| 2 +-
 sys/net/if_spppsubr.c   | 7 ++-
 sys/net/pf.c| 2 +-
 sys/net/pf_lb.c | 4 ++--
 sys/netinet/ip_ipsp.c   | 2 +-
 usr.bin/nc/netcat.c | 2 +-
 usr.bin/skeyinit/skeyinit.c | 2 +-
 usr.bin/ssh/auth.c  | 2 +-
 usr.sbin/cron/entry.c   | 5 +
 usr.sbin/ftp-proxy/ftp-proxy.c  | 3 +--
 usr.sbin/pppd/chap.c| 5 +
 usr.sbin/rad/engine.c   | 3 +--
 usr.sbin/relayd/shuffle.c   | 2 +-
 24 files changed, 26 insertions(+), 39 deletions(-)

diff --git a/games/boggle/boggle/bog.c b/games/boggle/boggle/bog.c
index c0e19454a27..3ed4888fc43 100644
--- a/games/boggle/boggle/bog.c
+++ b/games/boggle/boggle/bog.c
@@ -607,7 +607,7 @@ newgame(char *b)
/* Shuffle the cubes using Fisher-Yates (aka Knuth P). */
p = ncubes;
while (--p) {
-   q = (int)arc4random_uniform(p + 1);
+   q = (int)arc4random_range(0, p);
tmp = cubes[p];
cubes[p] = cubes[q];
cubes[q] = tmp;
diff --git a/games/canfield/canfield/canfield.c 
b/games/canfield/canfield/canfield.c
index 346fd20a1d2..dec75f6531f 100644
--- a/games/canfield/canfield/canfield.c
+++ b/games/canfield/canfield/canfield.c
@@ -531,7 +531,7 @@ shuffle(struct cardtype *deck[])
deck[i]->paid = FALSE;
}
for (i = decksize - 1; i > 0; i--) {
-   j = arc4random_uniform(i + 1);
+   j = arc4random_range(0, i);
if (i != j) {
temp = deck[i];
deck[i] = deck[j];
diff --git a/games/mille/init.c b/games/mille/init.c
index a86157739dd..c0cc6ac1f02 100644
--- a/games/mille/init.c
+++ b/games/mille/init.c
@@ -90,7 +90,7 @@ shuffle(void)
CARDtemp;
 
for (i = DECK_SZ - 1; i > 0; i--) {
-   r = arc4random_uniform(i + 1);
+   r = arc4random_range(0, i);
temp = Deck[r];
Deck[r] = Deck[i];
Deck[i] = temp;
diff --git a/gnu/gcc/gcc/cfgexpand.c b/gnu/gcc/gcc/cfgexpand.c
index 17aff165f6d..0cb8a21289b 100644
--- a/gnu/gcc/gcc/cfgexpand.c
+++ b/gnu/gcc/gcc/cfgexpand.c
@@ -438,7 +438,7 @@ partition_stack_vars (void)
   for (si = 

[RFC v1 1/2] Add arc4random_range(min, max)

[Alejandro Colomar]

Signed-off-by: Alejandro Colomar 
---

Hi,

The patch to the manual page is still a draft; I know it has formatting
issues; I don't know mdoc(7) enough to write in it.  I CCd Ingo so that
he may help me improve it.

Theo, and any others, please consider the addition of this function,
since it helps make some of these bugs shallow.  My audit of the
existing code is incomplete, since I don't have much knowledge of
OpenBSD's internals.  Moreover, this patch set is only a draft for
discussion, and I didn't yet even attempt to compile; I may have written
typos and may fail to even compile.  I just want to start the discussion
with facts and code, and when there's some agreement, I'll be try to
compile this.

Cheers,

Alex


 include/stdlib.h|  1 +
 lib/libc/crypt/arc4random.3 | 35 -
 lib/libc/crypt/arc4random_uniform.c | 12 ++
 sys/dev/rnd.c   | 11 +
 sys/sys/systm.h |  1 +
 5 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/include/stdlib.h b/include/stdlib.h
index ab8a2ae90c3..16b7dc43afc 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -313,6 +313,7 @@ u_quad_t strtouq(const char *__restrict, char **__restrict, 
int);
 
 uint32_t arc4random(void);
 uint32_t arc4random_uniform(uint32_t);
+uint32_t arc4random_uniform(uint32_t, uint32_t);
 void arc4random_buf(void *, size_t)
__attribute__((__bounded__ (__buffer__,1,2)));
 
diff --git a/lib/libc/crypt/arc4random.3 b/lib/libc/crypt/arc4random.3
index 411860c28f2..78b4c18b3da 100644
--- a/lib/libc/crypt/arc4random.3
+++ b/lib/libc/crypt/arc4random.3
@@ -46,6 +46,8 @@
 .Fn arc4random_buf "void *buf" "size_t nbytes"
 .Ft uint32_t
 .Fn arc4random_uniform "uint32_t upper_bound"
+.Ft uint32_t
+.Fn arc4random_uniform "uint32_t min" "uint32_t max"
 .Sh DESCRIPTION
 This family of functions provides higher quality data than those
 described in
@@ -95,16 +97,47 @@
 In the worst case, this function may consume multiple iterations
 to ensure uniformity; see the source code to understand the problem
 and solution.
+.Pp
+.Fn arc4random_range
+is similar to
+.Fn arc4random_uniform ,
+and will return a single 32-bit value,
+uniformly distributed,
+within the inclusive range
+.Pf [ Fa min ,
+.Fa max ].
+If the arguments are reversed,
+that is,
+if
+.Fa max
+<
+.Fa min ,
+it will return a single 32-bit value,
+uniformly distributed,
+outside of the exclusive range
+.Pf ( Fa max ,
+.Fa min ).
 .Sh RETURN VALUES
 These functions are always successful, and no return value is
 reserved to indicate an error.
+.Sh CAVEATS
+.Fn arc4random_range
+doesn't produce correct output when
+.Fa max
+==
+.Fa min
+- 1.
 .Sh SEE ALSO
 .Xr rand 3 ,
 .Xr rand48 3 ,
 .Xr random 3
 .Sh HISTORY
 These functions first appeared in
-.Ox 2.1 .
+.Ox 2.1 ,
+except
+.Fn arc4random_range ,
+which appeared in
+.Ox XXX .
 .Pp
 The original version of this random number generator used the
 RC4 (also known as ARC4) algorithm.
diff --git a/lib/libc/crypt/arc4random_uniform.c 
b/lib/libc/crypt/arc4random_uniform.c
index a18b5b12381..40957910b96 100644
--- a/lib/libc/crypt/arc4random_uniform.c
+++ b/lib/libc/crypt/arc4random_uniform.c
@@ -2,6 +2,7 @@
 
 /*
  * Copyright (c) 2008, Damien Miller 
+ * Copyright (c) 2022, Alejandro Colomar 
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -55,3 +56,14 @@ arc4random_uniform(uint32_t upper_bound)
return r % upper_bound;
 }
 DEF_WEAK(arc4random_uniform);
+
+/*
+ * Calculate a uniformly-distributed random number in the range [min, max],
+ * avoiding bias.
+ */
+uint32_t
+arc4random_range(uint32_t min, uint32_t max)
+{
+   return arc4random_uniform(max - min + 1) + min;
+}
+DEF_WEAK(arc4random_range);
diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c
index 5139d4288c9..0ac0c380430 100644
--- a/sys/dev/rnd.c
+++ b/sys/dev/rnd.c
@@ -5,6 +5,7 @@
  * Copyright (c) 2008 Damien Miller.
  * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff.
  * Copyright (c) 2013 Markus Friedl.
+ * Copyright (c) 2022 Alejandro Colomar 
  * Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999.
  * All rights reserved.
  *
@@ -616,6 +617,16 @@ arc4random_uniform(u_int32_t upper_bound)
return r % upper_bound;
 }
 
+/*
+ * Calculate a uniformly distributed random number in the range [min, max],
+ * avoiding bias.
+ */
+u_int32_t
+arc4random_range(u_int32_t min, u_int32_t max)
+{
+   return arc4random_uniform(max - min + 1) + min;
+}
+
 /* ARGSUSED */
 void
 rnd_init(void *null)
diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 75c99a6dd9b..624b2ced0e8 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -224,6 +224,7 @@ voidarc4random_ctx_free(struct arc4random_ctx *);
 void   arc4random_ctx_buf(struct arc4random_ctx *, void *, size_t);
 u_int32_t arc4random(void);

Possible off-by-one bug in usr.sbin/rad/engine.c

[Alejandro Colomar]

Hi Theo and Florian,

I've started auditing the OpenBSD source code after the discussion on 
arc4random_uniform(3) and my suggestion of arc4random_range() on the glibc 
mailing list.


I found some cases where it seems like there's an off-by-one bug, which would be 
solved by providing arc4random_range().  I'll show here one, to confirm that 
it's a bug, and if you confirm it, I'll continue fixing similar bugs around the 
OpenBSD tree.


Here's the first one I found, which I hope is fixed by my patch:


diff --git a/usr.sbin/rad/engine.c b/usr.sbin/rad/engine.c
index ceb11d574e3..a61ea3835a6 100644
--- a/usr.sbin/rad/engine.c
+++ b/usr.sbin/rad/engine.c
@@ -641,8 +641,7 @@ iface_timeout(int fd, short events, void *arg)
struct imsg_send_ra  send_ra;
struct timeval   tv;

-   tv.tv_sec = MIN_RTR_ADV_INTERVAL +
-   arc4random_uniform(MAX_RTR_ADV_INTERVAL - MIN_RTR_ADV_INTERVAL);
+   tv.tv_sec = arc4random_range(MIN_RTR_ADV_INTERVAL, 
MAX_RTR_ADV_INTERVAL);
tv.tv_usec = arc4random_uniform(100);

log_debug("%s new timeout in %lld", __func__, tv.tv_sec);


If I'm correct, it should have been 'min + (max - min + 1)' instead of 'min + 
(max - min)'.  Please confirm.



Cheers,

Alex

--



OpenPGP_signature
Description: OpenPGP digital signature

readpassphrase(3) buffer needs explicit_bzero(3) on error?

[Alejandro Colomar]

Hi,

I'd like to clarify if it's necessary to clear the buffer in the case 
that the function failed.  Most errors seem to be clearly triggered 
before the first byte is written to the buffer: EINVAL, EIO, EMFILE, 
ENFILE, ENOTTY.


But there is one, EINTR, which is not clear if there was any data 
written or not.  I think this should be clarified, for such a sensitive 
function.


Also, adding explicit_bzero(3) to SEE ALSO might be desirable.

Cheers,

Alex

--



OpenPGP_signature
Description: OpenPGP digital signature

init ran syspatch(8) after upgrading to latest snapshot

[Walter Alejandro Iglesias]

I'm posting this here since I'm not sure if it's a bug or something I
did wrong.  Today I upgraded to the latest snapshot and while booting to
the new system init ran syspatch(8).  I can't figure out why.


dmesg:
OpenBSD 7.2 (GENERIC.MP) #720: Sun Sep 11 15:41:58 MDT 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4135260160 (3943MB)
avail mem = 3992539136 (3807MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xeb920 (70 entries)
bios0: vendor Hewlett-Packard version "786E1 v01.16" date 08/17/2011
bios0: Hewlett-Packard HP Compaq dc7700 Convertible Minitower
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC ASF! MCFG TCPA SLIC HPET
acpi0: wakeup devices PCI0(S4) COM1(S4) PEG1(S4) IGBE(S4) PCX1(S4) PCX2(S4) 
HUB_(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EUS1(S3) EUS2(S3) PBTN(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz, 1795.56 MHz, 06-0f-02
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line 
8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz, 1795.51 MHz, 06-0f-02
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line 
8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf400, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG1)
acpiprt2 at acpi0: bus 32 (PCX1)
acpiprt3 at acpi0: bus -1 (PCX2)
acpiprt4 at acpi0: bus 7 (HUB_)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
"PNP0003" at acpi0 not configured
tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0x4e/0x2, device 0x rev 0xff
acpibtn0 at acpi0: PBTN
"PNP0C14" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
cpu0: Enhanced SpeedStep 1795 MHz: speeds: 1800, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82Q965 Host" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel 82Q965 Video" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0: apic 1 int 16, I965G, gen 4
"Intel 82Q965 HECI" rev 0x02 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel ICH8 IGP AMT" rev 0x02: apic 1 int 19, 
address 00:0f:fe:77:4f:df
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 1 int 20
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 1 int 21
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 1 int 22
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x02: apic 1 int 
21
azalia0: codecs: Realtek ALC262
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02
pci1 at ppb0 bus 32
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x02: apic 1 int 20
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x02: apic 1 int 21
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x02: apic 1 int 20
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xf2
pci2 at ppb1 bus 7
pcib0 at pci0 dev 31 function 0 "Intel 82801HO LPC" rev 0x02
pciide0 at pci0 dev 31 function 2 "Intel 82801H SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide0: using apic 1 int 18 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 

bind(2) documentation about the socklen_t parameter

[Alejandro Colomar]

Hi Ingo,

I'm modifying some Unix sockets code to add support for abstract sockets 
(in Linux only, of course), and while I (mostly) know how bind(2) works, 
I've found surprising that none of the bind(2) pages I've read 
documented at all how the socklen_t parameter works.  I checked the 
Linux, OpenBSD, and POSIX manual pages.


All of the pages just say that the parameter tells the kernel the size 
of the structure, as if one was obligated to pass it as 'sizeof(struct 
sockaddr_un)'.  And while that's partly correct, in that the kernel will 
not read past that, it's not a great thing to word it, or at least some 
more info could be added:


A user can use that field to make the kernel read less bytes than what 
the structure can hold.  You can for example pass 4 as the argument, and 
then sun_path will effectively be 2 bytes.  No matter what the real size 
of the structure was.


This is only lightly mentioned in a paragraph of Linux's unix(7), AFAICS:

   *  abstract: an abstract socket address is  distinguished
  (from  a pathname socket) by the fact that sun_path[0]
  is a null byte ('\0').  The socket’s address  in  this
  namespace is given by the additional bytes in sun_path
  that  are  covered  by the specified length of the ad‐
  dress structure.  (Null bytes in the name have no spe‐
  cial significance.)  The name has no  connection  with
  filesystem pathnames.  When the address of an abstract
  socket  is  returned,  the returned addrlen is greater
  than sizeof(sa_family_t) (i.e., greater than  2),  and
  the  name of the socket is contained in the first (ad‐
  drlen - sizeof(sa_family_t)) bytes of sun_path.


This is especially important, because sun_path is one of the few places 
in C where we deal with fixed-width char arrays, instead of 
NUL-terminated strings, so programmers should know in detail how the 
kernel will handle corner cases, and AFAIK different kernels behave 
differently with sun_path, so it is even more important to document it 
in detail.


I more or less know how bind(2) works regarding socklen_t, but am not 
comfortable enough to write documentation about it.  Would you mind 
documenting it in OpenBSD, so that it may help me document it in Linux?


Cheers,

Alex

--
Alejandro Colomar
<http://www.alejandro-colomar.es/>


OpenPGP_signature
Description: OpenPGP digital signature

Re: Spamd as a proxy

[alejandro]

Hi Mr Hansteen,

Thanks for the reply, I started my journey with OpenBSD this week and I 
decided to buy your book to help me understand its PF system, it's been 
very helpful. I've been reading man pages from pf,spamd,opensmtpd and 
sysctl, perhaps I just need more reading and time to fully understand 
what is wrong with my setup.


Since I am using 2 hosts (1 antispamer, 1 smtp server) on the same LAN, 
I thought `rdr-to` would not work as stated on: 
, under the section 
"Redirection and Reflection" which is why I used `divert-to`. But 
neither work, thus, I am left with no ideas as of how to forward the 
emails from the antispam machine to the email server.


What's different from all the docs and examples I've found is that I'm 
trying to use two hosts, and everything I've seen seems to assume spamd 
and the smtp server are on the same host. If `rdr-to` is not the way to 
go, how must I overcome this challenge?




On 2022-04-15 14:11, Peter Nicolai Mathias Hansteen wrote:

15. apr. 2022 kl. 19:56 skrev alejan...@rogue-research.com:

Greetings everyone,
First time posting here and so bear with me please :)
I have a mail server I don't want to touch; I want to set up another 
machine in front of it running spamd.
I have tried using `rdr-to` instead of `divert-to` but neither seem to 
work

This is what my pf rules look like in "/etc/pf.conf"
```
table  persist
table  persist file "/etc/mail/nospamd"

# Incoming connections that are whitelisted/nospamd go directly to the 
smtp server
pass in quick log (all, to pflog0) on egress proto tcp from { 
  } \

to any port smtp divert-to mailserver.domain.com port smtp


No. Please read the man page. You do not need divert-to here. If you
do need it, your network design is wrong.

Try looking up http://home.nuug.no/~peter/pftutorial/#52
 (or better yet for me, buy
the book :))

All the best,
Peter

—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Spamd as a proxy

[alejandro]

Greetings everyone,
First time posting here and so bear with me please :)
I have a mail server I don't want to touch; I want to set up another 
machine in front of it running spamd.
I have tried using `rdr-to` instead of `divert-to` but neither seem to 
work

This is what my pf rules look like in "/etc/pf.conf"
```
table  persist
table  persist file "/etc/mail/nospamd"

# Incoming connections that are whitelisted/nospamd go directly to the 
smtp server
pass in quick log (all, to pflog0) on egress proto tcp from {  
 } \

to any port smtp divert-to mailserver.domain.com port smtp

# Divert unknown tcp connections with destination port 25 to spamd
pass in quick log (all, to pflog0) on egress proto tcp from any to any 
port smtp divert-to 127.0.0.1 port spamd

```
I have enabled packet forwarding with `doas sysctl 
net.inet.ip.forwarding: 0 -> 1`


I am using `nc` to test my connection with the real smtp server through 
the antispam server but I am getting connection timeout every time.
When I check the logs, I can see the client sends a first SYN packets to 
the antispam and from there the packets get forwarded to the smtp 
server, but I don’t see any replies from the smtp server. There are no 
rules on the smtp server blocking the connections from my client and 
this is all done locally.

Can anyone help me? Any ideas as of why my set up is not working?

em(4) issue I reported time ago seems to be fixed now

[Walter Alejandro Iglesias]

Today I burned the latest snapshot in a USB pen-drive and booted it
in a HP desktop of mine where happened this:

https://marc.info/?l=openbsd-bugs=156682947025229=2

It seems to be fixed, the card is now recognized out of the box as
1000baseTX as expected. :-)  (I didn't change anything in my LAN,
the machine is connected to the same cable to the same router as
it was at that time.)

Does someone know or have a clue which change fixed this issue?


Walter

Re: Restore pf tables metadata after a reboot

[Walter Alejandro Iglesias]

In article  Peter Nicolai 
Mathias Hansteen  wrote:
> It is a possibly desirable feature, but I an not aware whether any of the 
> currently capable developers are considering putting in the work to implement 
> it.
> 

Let me finish the idea, not with the intention to pressure developers
asking for features but to share my experience and thoughts about the
issue.

I've also been publishing (long) blacklists in my website as you do.  As
an experiment I didn't expire any until recently when, as I explained,
they reached the hard limit in memory (200).  And, as I suggested,
right before I expired addresses old spam, recognizable by the format,
appeared again.

The problem is most system administrators out there do very little.  If
you were getting spam or attacks from some IP, even if you report the
issue to the respective whois abuse@ address, chances are attacks from
that IP won't stop next week, nor even next month.

So, in general terms, I would refrain as much as possible from hurry to
expiring addresses.  Just my opinion.

Re: Restore pf tables metadata after a reboot

[Walter Alejandro Iglesias]

Hello Peter,

In article  Peter Nicolai 
Mathias Hansteen  wrote:
> > 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger :
> > 
> > 
> > You can save the list of IPs in a table and reload it after a reboot as
> > described here: https://www.bsdhowto.ch/savepftables.html
> 
> 
> I have a similar setup at bsdly.net , only I dump the 
> tables to file and run expiry via a cron job that runs twice an hour - the 
> writeup at 
> https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html 
>  
> has most of the useful info and some related wrinkles.
> 

Could you summarize here which part of these articles of yours answer my
original question, please?

For example, this list you share (linked in your article):

  https://home.nuug.no/~peter/pop3gropers_full.txt

It would be great to be able to do the following before and after a
reboot respectivelly:

  # pfctl -t smtp -vT show > file   # (notice the verbose option)
  # pfctl -t smtp -T replace -f file

But we know that doesn't work.


> All the best,
> 
> 
> —
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> 
> 

Re: Restore pf tables metadata after a reboot

[Walter Alejandro Iglesias]

In article <20200528165448.ga22...@flueckiger.lan> Bruno Flueckiger 
 wrote:
> On 26.05., Walter Alejandro Iglesias wrote:
> > I understand that this command:
> >
> >   # pfctl -t spam -T expire 
> >
> > Takes in care the "Cleared" date:
> >
> >   # pfctl -t spam -vT show
> >  ___.___.22.65
> >   Cleared: Mon May 25 16:10:22 2020
> >  ___.___.167.62
> >   Cleared: Mon May 25 16:10:22 2020
> >   [...]
> >
> > Is there a way to save and restore tables metadata after a reboot
> > preserving those dates?
> >
> 
> You can save the list of IPs in a table and reload it after a reboot as
> described here: https://www.bsdhowto.ch/savepftables.html

Nice website. ;-)

> 
> As there is no way to save the dates the date for each IP will be set to
> the current date and time when load happens.

The interesting point and the reason of my concern is to choose a
convenient "expire time."  With mail is problematic but with ssh, since
I know exactly whom I want to allow external access (just me,) I let
them accumulate.  I block ssh attackers in the ssh port only, people
sharing those addresses are not affected.  So, I thought, the only
concern in the ssh case was how much a big number of entries could
affect pf performance, till at some point my tables reached the memory
hard limit and I had to remove IPs arbitrarily. :-)

In summary, pfctl expire command does nothing after a reboot.  Then you
have two options:

  - To use a (cron) expire time significantly lower than the desirable.

  - To expire entries when your tables are about to reach the memory
hard limit.

In both cases you'll probably suffer spam again from IPs that were
already blocked.


> 
> Cheers,
> Bruno
> 
> 

Walter

Re: About pf max-src-conn-rate

[Walter Alejandro Iglesias]

On Thu, May 28, 2020 at 12:06:18PM +0200, Marko Cupać wrote:
> On 2020-05-27 14:27, Walter Alejandro Iglesias wrote:
> > Another question about pf.
> > 
> > Perhaps I don't fully understand how connection rate is calculated.
> > 
> > The following line in /etc/pf.conf:
> > 
> >   pass in log inet proto tcp to any port { smtp smtps } synproxy state 
> > \
> > (max-src-conn-rate 5/30, overload  flush global)
> > 
> > Shouldn't avoid this happen?
> > 
> > In /var/log/maillog
> > ...
> > A total of *323* connections from the same IP at less than a 1/4 second
> > interval during more than four minutes.
> 
> If I'm not mistaken (someone please correct me if I'm wrong), 323 
> connections in maillog is not the same as 323 tcp connections. You can 
> send 323 smtp commands in single tcp session.

That's been my suspicion so far, that's why I didn't ask this question
here before.  I have to study how smtp connections work, if you're
right, then that's what's happening.

> 
> Perhaps you should look into https://man.openbsd.org/spamd to achieve 
> your goal.

What I do is enough to keep mail spam under control in my case.  My
doubt was mostly technical.


> 
> -- 
> Before enlightenment - chop wood, draw water.
> After  enlightenment - chop wood, draw water.
> 
> Marko Cupać
> https://www.mimar.rs/


Thanks Marko!

Re: About pf max-src-conn-rate

[Walter Alejandro Iglesias]

Brian Brombacher wrote:

> Keep in mind operations using pfctl such as reloading rule set or table
> from file, any IP’s caught in the smtp table by the max-src-conn-rate
> will be flushed de pending on your command line.

> Every hour I scrape logs for AUTH failures and add them to a pfctl
> table using pfctl -t table_name -T add ip_address.

These are the pfctl commands I use in the cron script.  In this order,
no more and no less:

  # Expire old entries
  pfctl -q -t smtp -T expire $(expr $days \* 86400)

  # Add new entries to table
  pfctl -q -t smtp -T add -f /tmp/newaddresses

  # Save list to file
  pfctl -q -t smtp -T show > /path/to/smtp.txt

(By the way, the 'expire' command is the reson of my first question in
the "Restore pf tables metadata after a reboot" thread.)

I'll do the test I mentioned before, I'll add a provisional table
affected only by the max-src-conn-rate.


Walter

Re: About pf max-src-conn-rate

[Walter Alejandro Iglesias]

Hello Brian,

On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote:
> What do you do with  table in other rules?  If you’re doing nothing, 
> you need to do something like block additional connections, or adjust the 
> pass rule to include from ! 

You're right.  I forgot to mention I have these lines before:

  table  persist file "/path/to/smtp.txt"
  block in log quick inet proto tcp from  to any port { smtp smtps }

> 
> Run: pfctl -t smtp -T show
> 
> Does it show the offending IP?  If so, the rule worked as you defined it.
> 
> 

I run a cron script that parses my log files and also add the offending
IPs to that table.  To be sure the max-src-conn-rate adds those IPs to
the table I'll have to create an alternative table just to test.

About pf max-src-conn-rate

[Walter Alejandro Iglesias]

Another question about pf.

Perhaps I don't fully understand how connection rate is calculated.

The following line in /etc/pf.conf:

  pass in log inet proto tcp to any port { smtp smtps } synproxy state \
(max-src-conn-rate 5/30, overload  flush global)

Shouldn't avoid this happen?

In /var/log/maillog

May 27 10:55:05 server smtpd[30272]: 1a931fba4746f485 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:55:06 server smtpd[30272]: 1a931fba4746f485 smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
May 27 10:55:06 server smtpd[30272]: 1a931fba4746f485 smtp disconnected 
reason=disconnect
May 27 10:55:06 server smtpd[30272]: 1a931fbbc5c841e4 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:55:06 server smtpd[30272]: 1a931fbbc5c841e4 smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
May 27 10:55:07 server smtpd[30272]: 1a931fbbc5c841e4 smtp disconnected 
reason=disconnect
May 27 10:55:07 server smtpd[30272]: 1a931fbc9f586ee6 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:55:07 server smtpd[30272]: 1a931fbc9f586ee6 smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
May 27 10:55:07 server smtpd[30272]: 1a931fbc9f586ee6 smtp disconnected 
reason=disconnect
May 27 10:55:07 server smtpd[30272]: 1a931fbdf6b23f59 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com

[...] Complete here with 311 entries with the same time interval. 

May 27 10:59:11 server smtpd[30272]: 1a9320f8f8726fab smtp disconnected 
reason=disconnect
May 27 10:59:11 server smtpd[30272]: 1a9320f9e3e281ab smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:59:11 server smtpd[30272]: 1a9320f9e3e281ab smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
May 27 10:59:12 server smtpd[30272]: 1a9320f9e3e281ab smtp disconnected 
reason=disconnect
May 27 10:59:12 server smtpd[30272]: 1a9320fa851b3e31 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:59:12 server smtpd[30272]: 1a9320fa851b3e31 smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
May 27 10:59:12 server smtpd[30272]: 1a9320fa851b3e31 smtp disconnected 
reason=disconnect
May 27 10:59:13 server smtpd[30272]: 1a9320fbe3f04434 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:59:13 server smtpd[30272]: 1a9320fbe3f04434 smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
May 27 10:59:13 server smtpd[30272]: 1a9320fbe3f04434 smtp disconnected 
reason=disconnect
May 27 10:59:13 server smtpd[30272]: 1a9320fc4f172f88 smtp connected 
address=192.119.68.113 host=hwsrv-733438.hostwindsdns.com
May 27 10:59:14 server smtpd[30272]: 1a9320fc4f172f88 smtp failed-command 
command="RCPT TO:" result="550 Invalid recipient: 
"
--

A total of *323* connections from the same IP at less than a 1/4 second
interval during more than four minutes.

Re: Restore pf tables metadata after a reboot

[Walter Alejandro Iglesias]

On Tue, May 26, 2020 at 11:25:21PM +0200, Anders Andersson wrote:
> On Tue, May 26, 2020 at 2:14 PM Walter Alejandro Iglesias
>  wrote:
> >
> > I understand that this command:
> >
> >   # pfctl -t spam -T expire 
> >
> > Takes in care the "Cleared" date:
> >
> >   # pfctl -t spam -vT show
> >  ___.___.22.65
> >   Cleared: Mon May 25 16:10:22 2020
> >  ___.___.167.62
> >   Cleared: Mon May 25 16:10:22 2020
> >   [...]
> >
> > Is there a way to save and restore tables metadata after a reboot
> > preserving those dates?
> 
> Isn't this what pfctl -S and -L does?

I *guess* what pfctrl -S does is to save in a file the same you see in
'pfctl -s states' output but in binary format.

Restore pf tables metadata after a reboot

[Walter Alejandro Iglesias]

I understand that this command:

  # pfctl -t spam -T expire 

Takes in care the "Cleared" date:

  # pfctl -t spam -vT show
 ___.___.22.65
  Cleared: Mon May 25 16:10:22 2020
 ___.___.167.62
  Cleared: Mon May 25 16:10:22 2020
  [...]

Is there a way to save and restore tables metadata after a reboot
preserving those dates?

Re: Useful cwm patch [was: When will be created a great desktop experience for OpenBSD?]

[Walter Alejandro Iglesias]

In article <20200415193758.csp3wtf4hnhdc...@gmx.com> Dumitru Moldovan 
 wrote:
> On Tue, Oct 29, 2019 at 10:43:26AM +0100, Walter Alejandro Iglesias wrote:
> >This second one is still pending (no response from the maintainer so
> >far):
> >
> >  https://marc.info/?l=openbsd-tech=155931484124288=2
> 
> Apologies for resurrecting a dead and buried thread, but this second
> patch is actually really useful.  Have tested it for a few months as a
> single patch to my 6.6 cwm, it works so good I actually forgot about it.
> 
> CC'ing cwm maintainer in the hope he'll consider it.  Thanks!
> 
> 

Let me add that *this is a bug*, not a feature.  A bug that affects
basic functionality.


Walter

Re: When will be created a great desktop experience for OpenBSD?

[Walter Alejandro Iglesias]

In article <20191028083820.ga43...@nausicaa.home> Marc Espie  
wrote:
> On Fri, Oct 25, 2019 at 05:35:27PM +, flauenroth wrote:
> > Apparently not just theo is using fvwm after all. :) 
> 
> Considering all the people using it, it would be great if someone were to
> look at the enhancements of fvwm2 (wrong license, so not base) and backport
> some of these to our elderly fvwm.
> 
> Specifically, fvwm in base does NOT deal well with multi-screen setups, among
> other things.  It's missing all kinds of extensions that the X server provides
> these days.
> 
> Very much less than perfect experience.
> 
> I have fvwm2 from ports on every machine that runs OpenBSD. No choice about
> that.
> 
> (and I stick with fvwm* because the configuration options for mixing keyboard
> keys with mouse behavior do NOT exist anywhere else)
> 
> 

Another long term fvwm2 user here.

I move my hands off the keyboard (to reach arrows, Pg*, Home, End, keys
or the mouse) only when I'm forced to.  That's why the first feature I
test in a window manager is its switch focus behavior from keyboard.  I
usually bind this function to the popular Alt-Tab.

I tested and used lots of window managers for X, the only one that let
me do what I want is fvwm2, this is why I've got stuck with it (13
years ago and still counting) even when I don't agree with the insanity
that means to have to learn a whole programming language to configure a
window manager.

With the fvwm in base the first problem I bumped against to is that when
switching from firefox to xterm using the keyboard half of the time the
xterm doesn't get the focus.  If you modify the WarpToWindow coordinates
in the WindowList function to bigger values, for example making the
pointer go to the center of the window like cwm does:

DestroyFunc WindowListFunc
AddToFunc WindowListFunc
+ "I" WindowId $0 Iconify -1
+ "I" WindowId $0 FlipFocus
+ "I" WindowId $0 Raise
+ "I" WindowId $0 WarpToWindow 50 50  # <- Here

each time you cycle windows from the keyboard it takes fvwm two seconds
thinking, showing a dot by pointer (what generaly happens to fvwm with
buggy functions,) before doing the switch.  It suffice to say you'll
have a smoother experience with last Robert Nation's version or twm(1).

I like cwm(1) but it's still a bit green and isn't getting enough
attention, I had to insist to get this first patch committed:

  https://marc.info/?l=openbsd-tech=149182817427598=2

This second one is still pending (no response from the maintainer so
far):

  https://marc.info/?l=openbsd-tech=155931484124288=2


Walter

Re: Erratically losing connection on usb port from UPS unit

[Walter Alejandro Iglesias]

Hi Boudewijn,

In article  Boudewijn Dijkstra 
 wrote:
> Op Wed, 21 Aug 2019 15:06:17 +0200 schreef Walter Alejandro Iglesias
> :
> > [...]
> >
> > It has been working for days (with and without NUT) apparently without
> > problems except for three times in which the usb signal from the ups got
> > cut, apparently for no reason.  I get this message in console:
> >
> >   upd0 detached
> >   uhidev0 detached
> 
> I have a similar recurring message, also very erratically, mean period is
> about a month:
> 
> ugen0 detached
> ugen0 at uhub1 port 2 "American Power Conversion Smart-UPS 1000 FW:UPS
> 09.2 / ID=18" rev 2.00/1.06 addr 2
> 
> > While using NUT I got "stale" messages from upsmon when that happened.
> 
> I'm using apcupsd, I also get messages for these occurrences.
> 
> 

I don't know if also in your case but in mine, once that happens, the
connection doesn't get back, what means, from then on, the ups stays
unmonitored.

Another problem I bumped into (this is my first experience with a UPS
unit) is before purchasing this device I'd assumed that to wake up the
machine once the AC was back would suffice activating the "auto power on
when AC is plugged" BIOS option.  Wrong. :-)  Then I tried a router with
dd-wrt software that comes with a wol daemon, it didn't work either.
Routing a wol packet from the internet (adding static arp entries in the
router as they teach in some forums) wasn't either possible.

What makes me conclude: if you can't rely on the machine will be shut
down properly and it's so difficult (automatically or remotely), to get
the machine powered back, what in the Hell a UPS is useful for?

Re: Erratically losing connection on usb port from UPS unit

[Walter Alejandro Iglesias]

On Wed, Aug 21, 2019 at 03:06:17PM +0200, Walter Alejandro Iglesias wrote:
> On the Internet some NUT users mention issues with libusb.  There is an
> old tutorial about using NUT in OpenBSD that advices to install
> libusb-compat but, given the current nut package doesn't install it as a
> dependency I assumed it's not longer necessary.

Here I said something wrong, nut *does* install libusb-compat as a
dependency.

Erratically losing connection on usb port from UPS unit

[Walter Alejandro Iglesias]

Hello everyone,

Weeks ago I purchased a UPS unit for my home server.  It's attached to
the machine via a usb port:

  uhidev0 at uhub3 port 2 configuration 1 interface 0 "EATON Eaton 3S" rev 
2.00/1.00 addr 2
  uhidev0: iclass 3/0, 32 report ids
  upd0 at uhidev0


At first I used NUT from packages but once I became aware of upd(4)
already gives me the needed info:

  hw.sensors.upd0.indicator4=On (ACPresent), OK
  hw.sensors.upd0.percent0=100.00% (RemainingCapacity), OK

... I simply run a shell script from cron to halt the machine when the
battery is low.

It has been working for days (with and without NUT) apparently without
problems except for three times in which the usb signal from the ups got
cut, apparently for no reason.  I get this message in console:

  upd0 detached
  uhidev0 detached

While using NUT I got "stale" messages from upsmon when that happened.


What I Investigated So Far
--

NUT usbhid-ups driver man page mentions some workaround:

  https://networkupstools.org/docs/man/usbhid-ups.html

  pollfreq=num

Set polling frequency, in seconds, to reduce the USB data
flow. Between two polling requests, the driver will wait for
interrupts (aka UPS notifications), which are data changes returned
by the UPS by itself. This mechanism allow to avoid or reduce
staleness message, due to the UPS being temporarily overloaded with
too much polling requests. The default value is 30 (in seconds).

But, since the issue happens erratically, so far I couldn't realize if
that solves the problem (if it does, it would be possible to teach
upd(4) to do something alike?)

On the Internet some NUT users mention issues with libusb.  There is an
old tutorial about using NUT in OpenBSD that advices to install
libusb-compat but, given the current nut package doesn't install it as a
dependency I assumed it's not longer necessary.  There is an item in
libusb-compat package info that explains:

  $ pkg_info libusb-compat
  [...]
   4. Some libusb-0.1 users may have implemented I/O cancellation by
  running transfers in their own threads and simply killing the thread
  when they don't want to do the transfer any more. This is bad
  programming practice for obvious reasons, and this lack of
  functionality was one of the primary drivers for libusb-1.0
  development. With libusb-1.0 or libusb-compat-0.1 backed by
  libusb-1.0, forcefully killing threads in this way is likely to
  cause all libusb I/O to halt. Instead, port your application to use
  libusb-1.0's asynchronous transfer API, which supports transfer
  cancellation.

Is this related?

If someone knows where the problem is I'd appreciate any advice.


Walter

Re: ampd(8) -Z option

[Walter Alejandro Iglesias]

Jan Stary wrote:
> Eventualy it does suspend, but much later than
> when the battery life goes below the specified value.

Doing more testing I noticed the same.  For example, with these options:

 # apmd -d -t 60 -z 

It took *5* minutes to suspend the machine.  In my first tests I passed
bigger values to -t (120 seconds) what made me think -Z was ignored.

Not a dev here but I try to learn when I have time.  I took a look to
/src/usr.sbin/apmd/ampd.c, I see there is a loop (line 507) where the
limit passed to -t is checked, then if AC is not connected the
autoaction is executed.  Time seems to be handled with a system call
(kevent), that's beyond my basic C knowledge. :-)  Perhaps some other
checking in this loop add delays, just guessing.


Walter

Re: ampd(8) -Z option

[Walter Alejandro Iglesias]

Hi Edgar,

On Sun, Aug 04, 2019 at 11:43:19AM -0500, Edgar Pettijohn wrote:
> On Sun, Aug 04, 2019 at 05:33:41PM +0200, Walter Alejandro Iglesias wrote:
> > Hello,
> > 
> > Since years I've been using a shell script of mine to shutdown my laptop
> > when battery is critical.  Convenient because I made it portable among
> > unix-like systems.  In the case of OpenBSD the script asks battery and
> > AC status to apm(4).
> > 
> > Now I gave a try to the apmd(8) -Z option but, so far, I couldn't make
> > it work in a reliable way.  I added to rc.conf.local:
> > 
> >  apmd_flags="-A -Z 20"
> > 
> > But, after doing some tests, sometimes it works, other it seems like
> > it's totally ignored.
> 
> Is your laptop plugged in during the tests? 

First of all, thank you for answering. :-)

The cable is plugged to a multiple socket that has and interrupter.  I
cut the energy from there while doing the tests, mainly because I'm
interested it work in that way.

I'm not an electricity expert but I think I understand why you're asking
that question.  If the AC cable is connected to the laptop, even when in
the other end it's not connected to the source, since the converter
holds some residual voltage could make the laptop think it's still
connected to the main source, right?  But when the source is cut (in the
way I explained above,) apm(4) correctly says the AC power is
"disconnected," that's why I assumed apmd(8) should not be tricked by
the converter.

> 
> Edgar
> 
> > 
> > Curious because power management seems to work fine in my T410.  It
> > sleeps, resumes and hibernates perfectly.  /var/log/messages and 'apmd
> > -d' don't show significant errors.  Do I need to set something else, add
> > some -t value to ampd command or some script to /etc/apm?
> > 
> > 
> > Walter
> > 

ampd(8) -Z option

[Walter Alejandro Iglesias]

Hello,

Since years I've been using a shell script of mine to shutdown my laptop
when battery is critical.  Convenient because I made it portable among
unix-like systems.  In the case of OpenBSD the script asks battery and
AC status to apm(4).

Now I gave a try to the apmd(8) -Z option but, so far, I couldn't make
it work in a reliable way.  I added to rc.conf.local:

 apmd_flags="-A -Z 20"

But, after doing some tests, sometimes it works, other it seems like
it's totally ignored.

Curious because power management seems to work fine in my T410.  It
sleeps, resumes and hibernates perfectly.  /var/log/messages and 'apmd
-d' don't show significant errors.  Do I need to set something else, add
some -t value to ampd command or some script to /etc/apm?


Walter

Re: bc(1) bug?

[Walter Alejandro Iglesias]

Hi Ingo,

On Sun, Jul 14, 2019 at 11:09:40PM +0200, Ingo Schwarze wrote:
> Hi Walter,
> 
> Walter Alejandro Iglesias wrote on Sun, Jul 14, 2019 at 09:57:11PM +0200:
> 
> > Lately I noticed that using bc(1) interactively I have to hit Enter
> > twice to get the result of an operation printed on screen.  Plus, a new
> > empty line is printed below the result.  Example:
> > 
> > $ bc
> > 2 + 1  (after hitting Enter twice the two lines below get printed)
> > 3
> > 
> > 2 + 2  (idem)
> > 4
> > 
> > quit
> > $
> > 
> > I can reproduce it in xterm and tty console.
> > 
> > (OpenBSD 6.5-current (GENERIC.MP) #125: Thu Jul 11 02:20:04 MDT 2019
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP)
> 
> To me, that smells a bit like it *might* be a variation of what
> got fixed with
> 
>   https://marc.info/?l=openbsd-cvs=156293980006370
> 
>   Date:   2019-07-12 13:56:28
> 
> Can you still reproduce with a kernel compiled after that commit?

You mean the problem could be in the kernel.  Do you think it'll help to
isolate the problem if I compile a newer kernel under the same userland
or upgrading to a newer snapshot is enough?

> 
> By the way, i cannot reproduce your issue.
> 
> Yours,
>   Ingo


Walter

bc(1) bug?

[Walter Alejandro Iglesias]

Hello everyone,

Lately I noticed that using bc(1) interactively I have to hit Enter
twice to get the result of an operation printed on screen.  Plus, a new
empty line is printed below the result.  Example:

$ bc
2 + 1  (after hitting Enter twice the two lines below get printed)
3

2 + 2  (idem)
4

quit
$

I can reproduce it in xterm and tty console.

(OpenBSD 6.5-current (GENERIC.MP) #125: Thu Jul 11 02:20:04 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP)


Walter

A question about umidi(4) Roland UM-1 support

[Alejandro G. Peregrina]

Hello misc,

I'm going to purchase Roland UM-ONE MK2 midi-to-usb converter to play
synthesizers from OpenBSD.

umidi(4) manual stays that Roland UM-1 is supported along other specific
vendor models. Also, I've found out that support for Roland UM-ONE is
listed in 5.2 changelog.
I need to know in advance if the new Roland UM-ONE MK2 is supported as
the manual stays Roland UM-1.

Thank you so much for your attention,
A

About some smptd(8) log message

[Walter Alejandro Iglesias]

Hello Gilles,

When some spammer try to reach an invalid address in my server the log
says "Invalid recipient":

[...] smtp failed-command command="RCPT TO: " result="550 Invalid 
recipient: "

But, when the domain name part is valid (one of those included in my
"vdomains" and "valiases" tables), it appears a "Mailing list expansion
problem" message:

[...] smtp failed-command command="RCPT TO:" result="524 5.2.4 Mailing 
list expansion problem: "


In case what I assumed above is correct. :-)  Is the "Mailing list..."
message expected in this case?


Walter



# /etc/mail/smptd.conf

egress_int="em0"
server="server.roquesor.com"

table "aliases" file:/etc/mail/aliases
table "valiases"file:/etc/mail/valiases
table "vdomains"file:/etc/mail/vdomains
table "addresses"   file:/etc/mail/addresses
table "users"   file:/etc/mail/users

pki $server cert "/etc/ssl/server.crt"
pki $server key "/etc/ssl/private/server.key"

listen on lo0
listen on $egress_int port 25 tls pki $server
listen on $egress_int port 465 smtps pki $server auth \
senders  masquerade

action "local" mbox alias 
action "virtual" mbox virtual 
action "relay" relay

match from local for local action "local"
match from any for domain  action "virtual"
match from local mail-from  for any action "relay"
match auth from any mail-from  for any action "relay"

# End of file

Re: CVS: cvs.openbsd.org: src (maillog simplified)

[Walter Alejandro Iglesias]

Hello Gilles,

In article <20190101143249.ga41...@ams-1.poolp.org> Gilles Chehade 
 wrote:
> On Tue, Jan 01, 2019 at 01:14:54PM +0100, Walter Alejandro Iglesias wrote:
> > On Fri, Dec 21, 2018 at 06:59:58PM +0100, Gilles Chehade wrote:
> > > On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote:
> > > > Hello Gilles,
> > > > 
> > > > In article <20181221145201.ga90...@ams-1.poolp.org> Gilles Chehade 
> > > >  wrote:
> > > > > On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote:
> > > > > > CVSROOT:  /cvs
> > > > > > Module name:  src
> > > > > > Changes by:   gil...@cvs.openbsd.org  2018/12/21 07:41:41
> > > > > > 
> > > > > > Modified files:
> > > > > >   usr.sbin/smtpd : smtp_session.c 
> > > > > > 
> > > > > > Log message:
> > > > > > start simplifying log lines, they're no longer intended to be 
> > > > > > parseable, we
> > > > > > have a reporting API for tools that want to analyze events, maillog 
> > > > > > is just
> > > > > > for us, hoomans.
> > > > > > 
> > > > > 
> > > > > that was not the best way to phrase my commit log ... sorry
> > > > > 
> > > > > i meant they're no longer intended to be friendlier to scripts than to
> > > > > humans: there will still be in a format that's easy to quickly script,
> > > > > but they will hold information easily readable by humans, not a lot of
> > > > > unrelated context infos so tools can generate dashboards out of single
> > > > > lines.
> > > > > 
> > > > > logs for humans, event reports for tools.
> > > > > 
> > > > 
> > > > Since long I've been greping IPs from spammers and attackers from
> > > > /var/log/maillog, /var/log/authlog and /var/log/daemon using a shell
> > > > script I wrote that automatically includes them in a file read by a pf
> > > > table.  In the case of maillog, it relies in the address="" and host=""
> > > > info currently included.
> > > > 
> > > > Will it appear sender's IP and hostname in /var/log/maillog after this
> > > > change?
> > > > 
> > > 
> > > yes, you'll still be able to grep that information from maillog
> > 
> > You selected carefully the words in your answer. :-)
> > 
> 
> not really, I don't know what your scripts do and how you wrote them.

I made this clear in my explanation below.  At least the relevant part.

> 
> the sender IP and hostname appear in the log, they are just not repeated
> on every single log line but that shouldn't prevent scripts from keeping
> track of them.

Also clear in my explanation that I understood this.

> 
> anyways, as stated in the commit log and my follow up message:
> 
> "we have a reporting API for tools that want to analyse events, maillog
>  is just for us, hoomans"
> 
> "logs for humans, event reports for tools"

System administrators (i.e. those who will use your software) are also
humans. :-)


> 
> the maillog format is going to go through many changes to simplify it,
> remove redundant information, add missing information, etc... basing a
> script on it is not recommended as we'll break them with every change.
> 
> > Indeed, I still can grep "IP" and "host" in maillog, but they are alone
> > in a first line and the only way to associate them with the following
> > lines containing the from= to= and result= (to know what "happened" with
> > that connection) is by using the connection id, what will *painfully*
> > overcomplicate my scripts.
> > 
> 
> As you imagine, I can't take into account individual scripts.
> 
> Other people have asked that the port or listener tag appear in lines.
> Should these appear on all lines too ?
> And the cipher ? and the authenticated user ?
> Why is the IP/host information more legitimate to be repeated than other
> information on every single line ?
> What about the fcrdns check which will appear on connect lines, does the
> check have to appear on every line now ?
> What about the spf check when it is added at some point ?
> 
> maillog is not a context-free format, where each individual line carries
> all of the information so you don't have to look at previous lines. Line
> should describe an event and carry informations related to THAT event.

Re: CVS: cvs.openbsd.org: src (maillog simplified)

[Walter Alejandro Iglesias]

On Fri, Dec 21, 2018 at 06:59:58PM +0100, Gilles Chehade wrote:
> On Fri, Dec 21, 2018 at 06:56:57PM +0100, Walter Alejandro Iglesias wrote:
> > Hello Gilles,
> > 
> > In article <20181221145201.ga90...@ams-1.poolp.org> Gilles Chehade 
> >  wrote:
> > > On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote:
> > > > CVSROOT:  /cvs
> > > > Module name:  src
> > > > Changes by:   gil...@cvs.openbsd.org  2018/12/21 07:41:41
> > > > 
> > > > Modified files:
> > > >   usr.sbin/smtpd : smtp_session.c 
> > > > 
> > > > Log message:
> > > > start simplifying log lines, they're no longer intended to be 
> > > > parseable, we
> > > > have a reporting API for tools that want to analyze events, maillog is 
> > > > just
> > > > for us, hoomans.
> > > > 
> > > 
> > > that was not the best way to phrase my commit log ... sorry
> > > 
> > > i meant they're no longer intended to be friendlier to scripts than to
> > > humans: there will still be in a format that's easy to quickly script,
> > > but they will hold information easily readable by humans, not a lot of
> > > unrelated context infos so tools can generate dashboards out of single
> > > lines.
> > > 
> > > logs for humans, event reports for tools.
> > > 
> > 
> > Since long I've been greping IPs from spammers and attackers from
> > /var/log/maillog, /var/log/authlog and /var/log/daemon using a shell
> > script I wrote that automatically includes them in a file read by a pf
> > table.  In the case of maillog, it relies in the address="" and host=""
> > info currently included.
> > 
> > Will it appear sender's IP and hostname in /var/log/maillog after this
> > change?
> > 
> 
> yes, you'll still be able to grep that information from maillog

You selected carefully the words in your answer. :-)

Indeed, I still can grep "IP" and "host" in maillog, but they are alone
in a first line and the only way to associate them with the following
lines containing the from= to= and result= (to know what "happened" with
that connection) is by using the connection id, what will *painfully*
overcomplicate my scripts.

I don't know what's the opinion of the rest about this change.  I'd
highly appreciate you to include again the IP on each line of info as
before. :-)

> 
> -- 
> Gilles Chehade   @poolpOrg
> 
> https://www.poolp.org tip me: https://paypal.me/poolpOrg


Walter

Re: CVS: cvs.openbsd.org: src

[Walter Alejandro Iglesias]

Hello Gilles,

In article <20181221145201.ga90...@ams-1.poolp.org> Gilles Chehade 
 wrote:
> On Fri, Dec 21, 2018 at 07:41:41AM -0700, Gilles Chehade wrote:
> > CVSROOT:  /cvs
> > Module name:  src
> > Changes by:   gil...@cvs.openbsd.org  2018/12/21 07:41:41
> > 
> > Modified files:
> >   usr.sbin/smtpd : smtp_session.c 
> > 
> > Log message:
> > start simplifying log lines, they're no longer intended to be parseable, we
> > have a reporting API for tools that want to analyze events, maillog is just
> > for us, hoomans.
> > 
> 
> that was not the best way to phrase my commit log ... sorry
> 
> i meant they're no longer intended to be friendlier to scripts than to
> humans: there will still be in a format that's easy to quickly script,
> but they will hold information easily readable by humans, not a lot of
> unrelated context infos so tools can generate dashboards out of single
> lines.
> 
> logs for humans, event reports for tools.
> 

Since long I've been greping IPs from spammers and attackers from
/var/log/maillog, /var/log/authlog and /var/log/daemon using a shell
script I wrote that automatically includes them in a file read by a pf
table.  In the case of maillog, it relies in the address="" and host=""
info currently included.

Will it appear sender's IP and hostname in /var/log/maillog after this
change?


Walter

Re: what would a POP3s daemon best look like?

[Walter Alejandro Iglesias]

On Sun, Nov 04, 2018 at 05:38:42AM -0700, Todd C. Miller wrote:
> On Sun, 04 Nov 2018 12:26:27 +0100, Walter Alejandro Iglesias wrote:
> 
> > I've been assuming that running pop3d(8) from ports, listening in 995
> > only and with 110 port firewalled my passwords aren't traveling in plain
> > text.  Am I assuming right?
> 
> Port 995 is pop3 protocol over TLS/SSL so that should be safe enough.

Then, as an idea for Peter,

Time ago I sent a patch to Sunil Nimmagadda to allow pop3d read an
optional certs location, he corrected and committed the patch.  In that
opportunity he mentioned me that he wasn't hacking pop3d anymore since
he himself stopped using it because he considered it severely limited.
Personally I like simplicity, I still use pop3d(8) but I'm not a
developer, I'm not skilled enough to hack it and maintain it.

If Peter is willing to, perhaps pop3d(8) could be a good start point.

If allowing pop connections by default through 110 port is not desirable
perhaps it would be fine to implement an only TLS pop3 daemon
(deliberately refusing non TLS connections over 110).  In case this is
possible, that would be a fine simple and secure pop3 daemon for OpenBSD
base.

> 
>  - todd

Walter

Re: what would a POP3s daemon best look like?

[Walter Alejandro Iglesias]

Hi Todd,

Not an expert here and just to be sure, :-)

In article <21bf906b4c6c6...@sudo.ws> Todd C. Miller  
wrote:
> I don't think there is much interest in having a pop3 daemon in
> base due to the use of plain-text passwords

I've been assuming that running pop3d(8) from ports, listening in 995
only and with 110 port firewalled my passwords aren't traveling in plain
text.  Am I assuming right?


Walter

Re: kernel panic while reproducing video with mpv

[Walter Alejandro Iglesias]

Hi Visa,

On Sun, Jun 24, 2018 at 05:54:15PM +, Visa Hankala wrote:
> On Sun, Jun 24, 2018 at 12:37:45PM +0200, Walter Alejandro Iglesias wrote:
> > panic: mtx 0x81c86470: locking against myself
> > Stopped at  db_enter+0x12:  popq%r11
> > TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND
> >  104021  96401   1000 0x3  0x4002  mpv
> > *402610  50624   10000x32  00K Xorg
> >   
> > db_enter() at db_enter+0x12
> > panic() at panic+0x138
> > __mtx_enter_try(53b9235709d40154) at __mtx_enter_try+0xb5
> > _mtx_enter(81cf3e60,81a5d6a2,0) at _mtx_enter+0x5a
> > printf(c9ef1007dec621e0) at printf+0x70
> > witness_checkorder(2e4447d1b3cbb9af,81c2ac7c,32a,0,81da6d00)
> >  at 
> > witness_checkorder+0x943
> > ___mp_lock(8000330cd760,d,7) at ___mp_lock+0x70
> > selwakeup(e80faaebded7c1a2) at selwakeup+0x9c
> > ptsstart(8ce5939828d5e23) at ptsstart+0x79
> > tputchar(174549bf676e909c,80afa400) at tputchar+0x85
> > kputchar(75d50501b895e9e4,0,81a5d6a2) at kputchar+0x91
> > kprintf() at kprintf+0xe8
> > printf(c9ef1007dec621e0) at printf+0x85
> > witness_checkorder(2e4447d1b3cba2fe,81af9df1,298,81c8a678,ff
> > ff81c8a688) at witness_checkorder+0x943
> > end trace frame: 0x80003302e978, count: 0
> 
> If the panic happens again, please run the following commands in ddb(4)
> and post the output:
> 
> show locks
> show all locks

The true is it happend twice.  On the first one fsck(8) couldn't recover
my root file system.  After rebooting I couldn't even log in (as user or
root) and I had to reinstall.  That's way I'm not confident about
"voluntary" reproducing the bug. :-)  But if it happens again take for
sure I'll send you the output of those commands (and per cpu traces).

> 
> It is not clear from the stack trace why the system begins to report
> a lock order problem in the first place (the first witness_checkorder
> and the printf at the end of the stack trace).
> 
> The panic itself is related to the problem of using other kernel
> subsystems from WITNESS. I will try to make a fix that should prevent
> the panic in most cases.


Thanks!

Walter

kernel panic while reproducing video with mpv

[Walter Alejandro Iglesias]

Hello,

I had a kernel panic while reproducing a video with mpv.

It's my first kernel panic with OpenBSD, so I didn't know how to use
ddb(4).  Since I'm running my http and smtp server in this machine I
cannot entertain myself too much reproducing the panic to get more info.
That's why I don't include the per cpu trace and other additonal info as
explained in ddb.html, sorry!  But, if you need it let me knonw and I'll
try my best.


Message automatically dumped:
===
panic: mtx 0x81c86470: locking against myself
Stopped at  db_enter+0x12:  popq%r11
TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND  
 
 104021  96401   1000 0x3  0x4002  mpv  
  
*402610  50624   10000x32  00K Xorg 
  
db_enter() at db_enter+0x12
panic() at panic+0x138
__mtx_enter_try(53b9235709d40154) at __mtx_enter_try+0xb5
_mtx_enter(81cf3e60,81a5d6a2,0) at _mtx_enter+0x5a
printf(c9ef1007dec621e0) at printf+0x70
witness_checkorder(2e4447d1b3cbb9af,81c2ac7c,32a,0,81da6d00) at 
witness_checkorder+0x943
___mp_lock(8000330cd760,d,7) at ___mp_lock+0x70
selwakeup(e80faaebded7c1a2) at selwakeup+0x9c
ptsstart(8ce5939828d5e23) at ptsstart+0x79
tputchar(174549bf676e909c,80afa400) at tputchar+0x85
kputchar(75d50501b895e9e4,0,81a5d6a2) at kputchar+0x91
kprintf() at kprintf+0xe8
printf(c9ef1007dec621e0) at printf+0x85
witness_checkorder(2e4447d1b3cba2fe,81af9df1,298,81c8a678,ff
ff81c8a688) at witness_checkorder+0x943
end trace frame: 0x80003302e978, count: 0


dmesg:
===
OpenBSD 6.3-current (GENERIC.MP) #48: Fri Jun 22 14:11:27 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6210174976 (5922MB)
avail mem = 5960577024 (5684MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
bios0: vendor LENOVO version "6IET85WW (1.45 )" date 02/14/2013
bios0: LENOVO 2537EY8
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT TCPA SSDT S
SDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4
(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.56 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,
PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 132MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.00 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,
PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.00 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,
PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.00 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,
PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus 5 (EXP4)
acpiprt6 at acpi0: bus 13 (EXP5)
acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), C1(1000@3
 mwait.1), PSS
acpicpu1 at 

I got smtpd.conf working thanks to the man page

[Walter Alejandro Iglesias]

Just in case it could be useful to others.

After upgrading the snaptshot requiring the new version of smtpd.conf
it happend that the new rules I'd written (included the last one Gilles
passed me) were all wrong.

I could get it working thanks to the man page.  The result:

# OLD
accept from local for local alias  deliver to mbox
accept from any for domain  virtual  deliver to mbox
accept from local sender  for any relay


# FIST ATTEMPT (smtpd -n told me the three last lines were wrong)
action local_users mbox alias 
action remote_users relay

match from local for local apply local_users
match from any for domain  virtual  apply local_users
match from local sender  for any apply remote_users
match auth from any sender  for any apply remote_users


# NOW WORKING
action "local" mbox alias 
action "virtual" mbox virtual 
action "relay" relay

match from local for local action "local"
match from any for domain  action "virtual"
match mail-from  for any action "relay"
match auth mail-from  for any action "relay"


My advice to others is not to pay attention to anything but the man
page, checking one by one each option you used in the old configuration,
if it still exists, if it was replaced and finally *where* to pass it,
if to match or to action.  Doing it in that order you'll probably go
faster. :-)

As you see above I had to replace "sender" for "mail-from" and to create
a third action to pass the virtual aliases table that in the first
attempt I'd wrongly included it in the match.

Re: Checking my new smtpd.conf syntax

[Walter Alejandro Iglesias]

On Sat, May 26, 2018 at 12:35:57PM +0200, Walter Alejandro Iglesias wrote:
> On Sat, May 26, 2018 at 08:15:18AM +0200, Gilles Chehade wrote:
> > > Gilles, I also saw the "ca" directive.  I've been using the acme
> > > certificates in pki directives, can I use them in the "ca" directive
> > > too? (any advantage in doing this?)
> > > 
> > 
> > don't touch a knob if you don't KNOW that you absolutely need it.
> > 
> > I know why some people would like to use a custom CA certificate instead
> > of the one shipped with the system, I don't know why YOU should do it so
> > if you are asking I can only guess you are going to break your setup.
> 
> First of all, each one is responsible of what they do with their system,
> it's the nature of free software, isn't it?  Don't be afraid, if I break
> my setup I won't sue you. :-)
> 
> In the past I used the defunct StartSSL(TM) certificates with Apache and
> Sendmail during years.  In the case of a mail server I thought that, by
> logic, to present something that certificates your identity (what a CA
> is for, isn't it?) should be one among the more acceptable ways to avoid
> your messages be considered SPAM.
> 
> What I'm not clear about is what Let's Encrypt does (differently).  And,
> logically, I'm not clear about what your software does in this case.
> And over all I'm not clear about (and probably nobody is at this stage)
> what mail servers do and why with their SPAM filters.  That was the aim
> of my question.
> 
> By the way, your messages got to my server but not to misc@ (at least I
> can't not read them through gmane), I guess they got trapped in spamd
> daemon.

Let me add something more about what I know.

Each software (i.e. apache, ngnix, uw-imap, sendmail, etc) requires a
different setup to get the certificates working.  In some cases you need
to put chain and cert in one file, in others (uw-imap) you need to
include the key in a same one file.

I just expected you could tell me (or point me where this is documented)
what to do in opensmptd case.  The explanaintion in starttls(8) isn't
enough.

For example, what does the smptd.conf "ca" directive expect?, a root
certificates bundle?  Intermediate certificates?  What does the software
use in case you don't set this option?, the system provided
/etc/ssl/cert.pem?

I'll tell you what I been doing so far.  When time ago I started using
opensmtpd with the certs downloaded with acme-client, *after some trial
and error* I got it working with this set up:

Here I use the "full chain" certificate:

  pki $server cert "/etc/ssl/server.crt"

Here the key:

  pki $server key "/etc/ssl/private/server.key"

Re: Checking my new smtpd.conf syntax

[Walter Alejandro Iglesias]

On Sat, May 26, 2018 at 08:15:18AM +0200, Gilles Chehade wrote:
> > Gilles, I also saw the "ca" directive.  I've been using the acme
> > certificates in pki directives, can I use them in the "ca" directive
> > too? (any advantage in doing this?)
> > 
> 
> don't touch a knob if you don't KNOW that you absolutely need it.
> 
> I know why some people would like to use a custom CA certificate instead
> of the one shipped with the system, I don't know why YOU should do it so
> if you are asking I can only guess you are going to break your setup.

First of all, each one is responsible of what they do with their system,
it's the nature of free software, isn't it?  Don't be afraid, if I break
my setup I won't sue you. :-)

In the past I used the defunct StartSSL(TM) certificates with Apache and
Sendmail during years.  In the case of a mail server I thought that, by
logic, to present something that certificates your identity (what a CA
is for, isn't it?) should be one among the more acceptable ways to avoid
your messages be considered SPAM.

What I'm not clear about is what Let's Encrypt does (differently).  And,
logically, I'm not clear about what your software does in this case.
And over all I'm not clear about (and probably nobody is at this stage)
what mail servers do and why with their SPAM filters.  That was the aim
of my question.

By the way, your messages got to my server but not to misc@ (at least I
can't not read them through gmane), I guess they got trapped in spamd
daemon.


> 
> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg


Walter

Re: Checking my new smtpd.conf syntax

[Walter Alejandro Iglesias]

On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote:
> On 14:31 Fri 25 May, Gilles Chehade wrote:
> > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote:
> > > Could someone tell me if my changes below are OK. :-)
> > > 
> > > The part I'm not clear is I read in current.html remote authenticated
> > > users need a explicit rule.  Do I need to add some "match auth" rule?
> > > 
> > 
> > yes.
> > 
> > before, "from local" would match authenticated users as if they had sent
> > mail from the local machine but this led to being unable to express some
> > setups where depending on the source you want to relay to different hubs
> > even though users are authenticated.
> > 
> > 
> > With this:
> > 
> > > match from local for local apply local_users
> > > match from any for domain  virtual  apply local_users
> > > match from local sender  for any apply remote_users
> > 
> > you need an additonal rule such as:
> > 
> > match auth from any sender  for any apply remote_users
> > 
> > 
> > because:
> > 
> > > #accept from local sender  for any relay
> > 
> > no longer matches authenticated users
> 
> Ain't it "action local_users" instead of "apply local_users"? The man
> page states "action".

I took the "apply" from here:

  https://undeadly.org/cgi?action=article;sid=20180430122930

Now reading this:

  https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/

I see I also have to change the "certificate" keyword to "cert" here:

  pki $server cert "/etc/ssl/server.crt"


Gilles, I also saw the "ca" directive.  I've been using the acme
certificates in pki directives, can I use them in the "ca" directive
too? (any advantage in doing this?)



Walter

Checking my new smtpd.conf syntax

[Walter Alejandro Iglesias]

Could someone tell me if my changes below are OK. :-)

The part I'm not clear is I read in current.html remote authenticated
users need a explicit rule.  Do I need to add some "match auth" rule?


# /etc/mail/smptd.conf

egress_int="em0"
server="server.roquesor.com"

table aliases   file:/etc/mail/aliases
table valiases  file:/etc/mail/valiases
table vdomains  file:/etc/mail/vdomains
table addresses file:/etc/mail/addresses
table users file:/etc/mail/users

pki $server certificate "/etc/ssl/server.crt"
pki $server key "/etc/ssl/private/server.key"

listen on lo0
listen on $egress_int port 25 tls pki $server
listen on $egress_int port 465 smtps pki $server auth \
senders  masquerade

# Old
#accept from local for local alias  deliver to mbox
#accept from any for domain  virtual  deliver to mbox
#accept from local sender  for any relay

# New
action local_users mbox alias 
action remote_users relay

match from local for local apply local_users
match from any for domain  virtual  apply local_users
match from local sender  for any apply remote_users

# End of file

Re: Viewport for man.openbsd.org -- readability on phones

[Walter Alejandro Iglesias]

In article <20180518004729.gl68...@athene.usta.de> Ingo Schwarze 
 wrote:
> Hi Aner,
> 
> Aner Perez wrote on Thu, May 17, 2018 at 06:32:44PM -0400:
> > On 05/17/2018 05:22 PM, x...@dr.com wrote:
> >> "Ingo Schwarze"  wrote:
> 
> >>> Absolutely not.
> >>> Mandoc output is not optimized for any device.
> >>>
> >>> Which elements or rules in the current HTML or CSS code
> >>> make you think it is optimized or it discriminates against
> >>> any device?
> 
> >> I don't know which element or rule is the problem, however
> >> if I delete mandoc.css the text does fill the screen.
> >> 
> >> I understand that what I am trying to do is not supported,
> >> so I'll do something else instead.
> 
> > First non-comment line of mandoc.css says:
> > 
> > html {max-width: 100ex; }
> > 
> > Removing this line allows the use of the full browser width.
> 
> That is a very useful bit of information.
> Thanks for investigating and reporting it.
> 
> For testing purposes, i removed that line from
>   https://man.openbsd.org/mandoc.css
> 
> xcv@, could you check with your phone whether this solves
> your original issue?
> 
> > I'm sure that it was put there for a reason
> > (maybe to approximate the width of a terminal?).
> 
> Correct.  The original reason was that for -T ascii and -T utf8
> output, the default is -O width=78.  The reason for that is that
> it's conventional wisom in typography that readability of text
> suffers with excessive column width - even though some recent
> research raises doubts whether that is really true.  Either way,
> people tend to feel strongly about it.

If text is too wide, each time your sight jumps from the end to the
beginning of the other line it loses track of in which one it was.  When
it's too narrow (as used in news papers) your sight has to jump
continuously.  That's why in books you generally see lines not narrower
than 60 columns and not wider than 78, that's the comfortable range.

Perhaps I'm wrong assuming this happens to other people.  I'd like to
know if that recent research you mention took in care nowadays most
people read no more than one line at a time. :-)  Web sites are designed
to look pretty, text is there just for SEO.  I mean the oppinion of most
people about what is comfortable while reading doesn't tell the truth.

> 
> I must say i never particularly liked that line in the CSS file.
> It always felt like fiddling with details that it might be better
> not to touch, given that display devices running browsers differ
> more than terminal emulators.  And here we are with a suspicion
> that it actually causes accessibility issues, even if the suspicion
> is still unconfirmed...

It's not a mandoc problem.  That line is a workaround, so even when I
prefer that behavior I'm not against removing it.

> 
> Depending on the feedback i get here with respect to how
>   https://man.openbsd.org/
> now looks, i shall consider deleting the offending line for good.
> 
> In general, i like the idea of making things better by *removing*
> harmful tweaks rather than adding new goo...

Have you added apple-touch-icon.png in all required sizes?  No?  Why do
you resist to innovation, to "new technologies"?  Here you have a guide:

https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html

:-)


> 
> Yours,
>   Ingo
> 
> 


Walter

ed(1) text editor issue with Spanish accents

[Alejandro G. Peregrina]

Hello,

I've noticed something unexpected when entering an accent character
alone (´) and then deleting it in ed(1) in xterm(1). Instead of deleting
it, it creates another character which is seen as an inverted
exclamation (?) in the font 'misc-fixed'.

How to reproduce:
$ uname -a
OpenBSD foo.my.domain 6.2 GENERIC.MP#1 amd64
$ locale
LANG=
LC_COLLATE="C"
LC_CTYPE=en_US.UTF-8
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_MESSAGES="C"
LC_ALL=
$ #Let's append the ´ character in ed(1)
$ ed -p"> "
> a
´

Now let's delete with a backspace, return to create a newline and a dot
to stop appending, and then print:

$ ed -p"> "
> a

.
> p
(?)

(The (?) is a simulation of the font character that misc-fixed shows to
the terminal.)

Whenever I use more(1) or less(1) to view it, it shows:

$ more test.txt




I have to add that I tested this with urxvt and ed(1) prints an Â
character, but more(1) and less(1) keep printing .

When not using X this can't be reproduced. This is reproducible with
xterm(1) and urxvt(1) in cwm(1) and fvwm(1). I've tested this in Linux
and FreeBSD and this behaviour is not reproducible.

Thank you,
A

Re: Do I need slaacd(8) up and running?

[Walter Alejandro Iglesias]

On Sat, Nov 11, 2017 at 04:57:14PM -0700, Theo de Raadt wrote:
> >On Sat, Nov 11, 2017 at 05:58:59AM -0700, Theo de Raadt wrote:
> >> >A question to the experts here.
> >> >
> >> >My home router (a crappy one provided by my ISP) has ipv6 disabled, at
> >> >least it's what its guied configuration tells me. :-)  And I have ipv6
> >> >disabled in all my LAN machines.  The laptop I use with OpenBSD has
> >> >slaacd(8) up and running by default, even when I didn't configure any
> >> >interface to use ipv6 at install time.
> >> >
> >> >Under the above conditions, do I still need slaacd running?
> >> 
> >> Yes, absolutely.
> >> 
> >> Otherwise one day you will configure up v6 on an interface and
> >> come whining about how your custom configuration isn't do inet6
> >> boohoohoo.
> >
> >OK.  You assume I'm an asshole.
> >
> >> 
> >> You need it.  And don't go writing some balony blog saying you don't
> >> need it.
> >
> >I don't need blogs. :-)
> >
> >
> >Look, I'm very happy with OpenBSD (*honestly*) in the technical as well
> >as in the human aspect.  The *only one* negative point I found till now
> >in this project is your attitude.  The next time you want to insult me
> >do it in private, in that way you won't harm the project (taking in care
> >the other people working hard on it).
> 
> Terribly sad you are such a sensitive soul.

Uh, your sarcasms hurt my delicate soul. :-)

I don't usually come here to whine.  I've always kept my systems as
default as possible.  I've never written any article about OpenBSD.
Obviously it's not about me and *that's the bad news*.  Whether or not
you're right about users in general, there are more than one OS out
there with long tradition and experience in developing with the
assumption users are a bunch of irresponsible idiots.  And they count
with a stronger infrastructure than yours.  It's not clever to compete
with those monsters using their same strategy.

Re: Do I need slaacd(8) up and running?

[Walter Alejandro Iglesias]

On Sat, Nov 11, 2017 at 05:58:59AM -0700, Theo de Raadt wrote:
> >A question to the experts here.
> >
> >My home router (a crappy one provided by my ISP) has ipv6 disabled, at
> >least it's what its guied configuration tells me. :-)  And I have ipv6
> >disabled in all my LAN machines.  The laptop I use with OpenBSD has
> >slaacd(8) up and running by default, even when I didn't configure any
> >interface to use ipv6 at install time.
> >
> >Under the above conditions, do I still need slaacd running?
> 
> Yes, absolutely.
> 
> Otherwise one day you will configure up v6 on an interface and
> come whining about how your custom configuration isn't do inet6
> boohoohoo.

OK.  You assume I'm an asshole.

> 
> You need it.  And don't go writing some balony blog saying you don't
> need it.

I don't need blogs. :-)


Look, I'm very happy with OpenBSD (*honestly*) in the technical as well
as in the human aspect.  The *only one* negative point I found till now
in this project is your attitude.  The next time you want to insult me
do it in private, in that way you won't harm the project (taking in care
the other people working hard on it).

Do I need slaacd(8) up and running?

[Walter Alejandro Iglesias]

A question to the experts here.

My home router (a crappy one provided by my ISP) has ipv6 disabled, at
least it's what its guied configuration tells me. :-)  And I have ipv6
disabled in all my LAN machines.  The laptop I use with OpenBSD has
slaacd(8) up and running by default, even when I didn't configure any
interface to use ipv6 at install time.

Under the above conditions, do I still need slaacd running?

Re: mandoc output paper size

[Walter Alejandro Iglesias]

In article  Mike Williams 
 wrote:
> Hiya
> 
> On 10/27/17 14:31, Ingo Schwarze wrote:
> > [ sending this particular one back to the list
> >   because it contains something useful for everyone and nothing private ]
> 
> Replying to list to archive comments even if not acted on.
> 
> > Hi Jan,
> >
> > Jan Stary wrote on Fri, Oct 27, 2017 at 12:46:00PM +0200:
> >
> >> I produced a PS output with "man -Tps rm > rm.ps",
> >> with output paper set to a3, a4, and a5 in man.conf.
> >> This results, respectively, in
> >>
> >>  %%DocumentMedia: Default 841 1190 0 () ()
> >>  %%DocumentMedia: Default 595 841 0 () ()
> >>  %%DocumentMedia: Default 419 595 0 () ()
> >>
> >> which apparently are the right dimensions. However,
> >> the Minolta will print all of them on A4 paper,
> >> although it does have a stash of A3 and A5 too.
> >>
> >> That's where I thought it might take a hint from the DSC comment,
> >> if I changed the "Default" to "A3" or "A4" or "A5", or if mandoc(1)
> >> itself put that in the DSC comments. I rewrote it manually before
> >> each printing, but the Minolta still prints them all on an A4:
> >
> > That's interesting, but anecdotal.  It is neither surprising that
> > a specific printer selects paper as configured (in whichever way),
> > as opposed to inspecting fikes it is sent; nor would it be surprising
> > if other printers, or even the same one, or printer drivers on the
> > print server, could be configured to inspect the contents of
> > PostScript files to select paper.
> >
> > The trouble is, i just don't know what firmwares and softwares do,
> > what they should do according to standards, and where to look for
> > standards in this respect.
> >
> > Does anybody else know?
> 
> The DSC comments are not part of the PS specification (the reference 
> manual quoted earlier) and a PS interpreter would not normally take 
> notice of the them.  The comments are aimed at document printing systems 
> which can just look for the comments and manage the printing of the file 
> amongst other files and a range of available printers - such as queuing 
> for a printer which supports/has the media listed by the DSC comment.
> 
> Some PS interpreters may look for and act on the comments, but this 
> would not be "standard" behaviour.  For the %%DocumentMedia: comment the 
> name used is for human consumption, it is the numeric values that are 
> used for any media handling decisions.  The %%DocumentMedia: comment 
> lists all media sizes used by the document but does not say which page 
> uses which size of media so could not be used to select media for any 
> particular page.  If the  media size is important for a page then there 
> should be a PS setpagedevice call like the following:
> 
> <>setpagedevice

In my other message I was about to mention that in the document
generated by groff I inspected, besides the comment, I found this other
line:

  %%BeginFeature: *PageSize Default
  << /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice

It's in the place I put an image.  I tried modifying the values here too
to see if this line was taken in care by gv too, but it seems it's not.


> 
> The PS interpreter will perform media selection based on the values - 
> use matching media, next largest, scale/rotate content, ask operator, 
> etc. - see section 6.2.1 of the PS reference manual for way more detail.
> 
> This is what is needed for the Minolta printer to use the other media 
> sizes it has available.  A quick edit of the PS file to add the above 
> line with the appropriate media sizes for A3 or A5 should prove that.
> 
> Basically don't rely on DSC comments to do media selection.
> 
> I don't know gv but it will be working as a virtual printer with some 
> standard media sizes to use when rendering a file.  It sounds like it 
> adds the list of media from any %%DocumentMedia: comments to provide 
> additional media sizes it may not have by default.  Ah, in the State 
> menu there is the option "Respect document structure".  If I unselect 
> this the page size used by gv changes from the letter used in the -Tps 
> output to the default A4 used by gv.
> 
> It may be useful to use a media name such as man-A4, man-letter, etc. 
> (to indicate the source of the file and media size used) for any systems 
> that do process the DCS comments.  That will avoid duplicates appearing 
> in generated media lists.
> 
> As for PDF, no there is no way to name the media size being used.  There 
> is no equivalent of the DSC comments for PDF.  Media selection is always 
> done based the dimensions in the /MediaBox array, the same way as the 
> /PageSize array in PS, and it is up to the processor to decide how to 
> handle the media size request.
> 
> Finally, the -Tpdf output is not a valid PDF.  It is missing the endobj 
> keyword from several of the object definitions.  This will cause 
> warnings or errors when processing.  I 

Re: mandoc output paper size

[Walter Alejandro Iglesias]

In article <20171027104221.gd9...@www.stare.cz> Jan Stary  wrote:
> On Oct 27 12:12:21, w...@roquesor.com wrote:
> > In article <20171026193138.ga41...@www.stare.cz> Jan Stary  
> > wrote:
> > > > > > In the ps file generated by mandoc you should have this line:
> > > > > > 
> > > > > >   %%DocumentMedia: Default 595 841 0 () ()
> > > > > > 
> > > > > > Where 595 841 correspond to A4.  If you set output paper to "letter"
> > > > > > that line will say:
> > > > > > 
> > > > > >   %%DocumentMedia: Default 612 790 0 () ()
> > > 
> > > Yes. It seems that these are just _comments_ to the PS interpreter
> > > and the "Default" is just an arbitrary given name, right?
> > > (Sorry, I don't know the language.) So GV just shows that,
> > > but it does not _determine_ the actual media size, right?
> > > Looking at term_ps.c, mandoc writes "Default ... " for every paper size.
> > > 
> > 
> > First of all, I'm just a user like you trying to figure out how things
> > work.  So, don't expect from me some deep analysis, for that Ingo is the
> > right person.
> > 
> > I answered you - based in what I intuitively observed - that mandoc
> > honors the paper size, and explained you why I think so.
> > 
> > I know about postcript language as much as you, as well as what gv takes
> > in care to print the document on the screen, so first I grep in the
> > ps file for 'a4|letter' strings and got nothing, then searching on the
> > Internet I found the dots equivalence and repeated the search this time
> > using '595 841|612 790'.  I did the same with documents generated by GNU
> > roff.  I found the "comment" I mentioned in the other message, so
> > I opened the ps file with vi(1), changed those numbers, and then
> > I opened the modified file with gv.  That's how I found out gv takes in
> > care that "comment" to figure out physical page dimensions.
> 
> Apparently, it does not: the dimensions are given explicitly in e.g.
> "%%DocumentMedia: Default 595 841 0 () ()", and the "Default"
> could just as well be "Foobar", as Ingo explained.
> 

That's the "comment" we're talking about since the beginning of the
thread, aren't we?  As I told you what I modified to do the test was the
numbers.

> > Finally, "default" means "default". :-)  Perhaps (guessing again), since
> > page size use is related to region settings, who designed postscript
> > (hence gv) thought convenient to honor some wide system setting (based
> > on locale?).
> 
> With output paper set to A3, A4, A5 in man.conf, "man -Tps rm > rm.ps"
> will produce a PostScript file with the correct dimensions,
> calling all the formats "Default". A printer (such us my Minolta)
> will print them all on A4, although it does have A3 and A5 paper too.
> Changing the "%%DocumentMedia: Default ..." line manualy to "A3" or "A5"
> does not change that.
> 
> I am not saying mandoc should write A3 or A4 or A5 instead of Default
> (it's the actual dimensions that matter), but perhaps such a DSC comment
> might help some appications. Apparently not GV, which just repeats the name,
> and not my Minolta, which prints on A4 anyway.

You know, too much people developing software without caring about what
others did before.  Who developed your Minolta software is not an
exception. ;-)


> 
> Jan
> 
> 

Walter

Re: mandoc output paper size

[Walter Alejandro Iglesias]

In article <20171026193138.ga41...@www.stare.cz> Jan Stary  
wrote:
> > > > In the ps file generated by mandoc you should have this line:
> > > > 
> > > >   %%DocumentMedia: Default 595 841 0 () ()
> > > > 
> > > > Where 595 841 correspond to A4.  If you set output paper to "letter"
> > > > that line will say:
> > > > 
> > > >   %%DocumentMedia: Default 612 790 0 () ()
> 
> Yes. It seems that these are just _comments_ to the PS interpreter
> and the "Default" is just an arbitrary given name, right?
> (Sorry, I don't know the language.) So GV just shows that,
> but it does not _determine_ the actual media size, right?
> Looking at term_ps.c, mandoc writes "Default ... " for every paper size.
> 

First of all, I'm just a user like you trying to figure out how things
work.  So, don't expect from me some deep analysis, for that Ingo is the
right person.

I answered you - based in what I intuitively observed - that mandoc
honors the paper size, and explained you why I think so.

I know about postcript language as much as you, as well as what gv takes
in care to print the document on the screen, so first I grep in the
ps file for 'a4|letter' strings and got nothing, then searching on the
Internet I found the dots equivalence and repeated the search this time
using '595 841|612 790'.  I did the same with documents generated by GNU
roff.  I found the "comment" I mentioned in the other message, so
I opened the ps file with vi(1), changed those numbers, and then
I opened the modified file with gv.  That's how I found out gv takes in
care that "comment" to figure out physical page dimensions.

As far as I understand postscript draws page contents using coordinates
and using the postscript dot as unit (as Ingo explained).  What gv does
is just trying to figure out the best way to print the document on
screen; when you select A4|Letter in the menu it only modifies the page,
the rest of dimensions stay the same.  Ingo will correct me if I'm wrong
about this, we're talking specifically about how gv shows you the
document in screen, it shouldn't affect how the document is printed on
paper (what I *guess* gv does in this case is to send the postscript
file "as is" to lpr or cups.)

Finally, "default" means "default". :-)  Perhaps (guessing again), since
page size use is related to region settings, who designed postscript
(hence gv) thought convenient to honor some wide system setting (based
on locale?).


> Jan
> 
> 

Walter

Sent here by mistake (instead to bugs@) Sorry!

[Walter Alejandro Iglesias]

In article <a67500574d104...@server.roquesor.com> Walter Alejandro Iglesias 
<w...@roquesor.com> wrote:
> Hi Ruben,
> 
> In article 
> <caenp9cg+b-5b+8r3w9eaebodaxeybrdhg7jhfgq2ascrbfg...@mail.gmail.com> Ruben 
> Miller <rubenmil...@gmail.com> wrote:
> > In article 
> > <CAEnp9CEpPEJxkWkxLu1qmP8qTA4Ti4+6hCFrGqYy1+WZ0dBy=a...@gmail.com>
> > Ruben Miller <rubenmil...@gmail.com> wrote:
> > >The speed is not a problem, since the bug is triggered because cwm raise
> > > two windows in every cycle.
> > > Just start the cycle with seamonkey selected, so it's always the previous
> > > window.
> > 
> > Just in case, the idea is cycling without releasing ALT, so the client with
> > WM_TAKE_FOCUS is always behind the new one.
> 
> First of all, I'm not a developer but since I made that diff I'm trying
> to help.
> 
> No idea in which way it's related but I could easily reproduce the issue
> you describe after setting back SNA acceleration in my xorg.conf (since
> my graphic card has some issue with the default acceleration I have to
> use UXA.)
> 
> Wait to Okan Demirmen (cwm maintainer) to get a good answer. :-)
> 
> 

I sent this here by mistake.


Sorry!

Re: cwm 6.2: Windows losing focus while cycling (ALT-TAB)

[Walter Alejandro Iglesias]

Hi Ruben,

In article  
Ruben Miller  wrote:
> In article 
> Ruben Miller  wrote:
> >The speed is not a problem, since the bug is triggered because cwm raise
> > two windows in every cycle.
> > Just start the cycle with seamonkey selected, so it's always the previous
> > window.
> 
> Just in case, the idea is cycling without releasing ALT, so the client with
> WM_TAKE_FOCUS is always behind the new one.

First of all, I'm not a developer but since I made that diff I'm trying
to help.

No idea in which way it's related but I could easily reproduce the issue
you describe after setting back SNA acceleration in my xorg.conf (since
my graphic card has some issue with the default acceleration I have to
use UXA.)

Wait to Okan Demirmen (cwm maintainer) to get a good answer. :-)

Re: mandoc output paper size

[Walter Alejandro Iglesias]

On Thu, Oct 26, 2017 at 07:24:43PM +0200, Ingo Schwarze wrote:
> Hi Walter,
> 
> Walter Alejandro Iglesias wrote on Thu, Oct 26, 2017 at 05:44:16PM +0200:
> 
> > I have files generated with GNU roff that defaults to letter size.
> 
> That's the upstream (GNU troff) default when you compile GNU troff
> from the git repository with automake and autoconf.  If i understand
> correctly, it is the GNU troff default because it is also the default
> used by GNU autoconf in general.
> 
> > This doesn't happen on Linux, I ignore why.
> 
> I doubt this has anything to do with Linux (neither the kernel nor
> whatever C library or userland applications are used).  But it may
> depend on whatever operating system distribution you are using.  It
> is well-known that many Lnux distributions engage in tweaking
> upstream defaults, even those settings that are more or less a
> matter of personal preference.

By "linux" I meant distributions.

> 
> > This is set in DESC config files.
> > 
> > $ grep -ER 'papersize (letter|a4)' /usr/local/share/groff/*
> > /usr/local/share/groff/1.22.3/font/devdvi/DESC:papersize letter
> > /usr/local/share/groff/1.22.3/font/devlj4/DESC:papersize letter
> > /usr/local/share/groff/1.22.3/font/devps/DESC:papersize letter
> > /usr/local/share/groff/1.22.3/font/devlbp/DESC:papersize letter
> > /usr/local/share/groff/1.22.3/font/devpdf/DESC:papersize letter
> 
> That is automatically generated at GNU troff build time, controlled
> by files generated by autoconf, controlled by files generated by
> automake, controlled by files autogenerated by whatever (insert
> your favourite rabbit hole here).
> 
> In any case, the fact that groff defaults to "papersize letter" is
> the reason why mandoc(1) does the same.  Unless there are strong
> reasons to diverge, mandoc aims for compatibility with groff.

Yes, I figured out it was an option selected at compile time (curiously
in Slackware, being american, groff is compiled to use a4).

What moved me to test this on Linux is I remember using the
/etc/papersize file there.  But it seems groff and gv ignore that file
(I mean on linux).


> 
> Yours,
>   Ingo

Thank you Ingo.

Re: mandoc output paper size

[Walter Alejandro Iglesias]

Answering myself.

In article <a675001fecbb3...@server.roquesor.com> Walter Alejandro Iglesias 
<w...@roquesor.com> wrote:
> As a side note.  You made me realize of something I didn't notice when
> I migrated to openbsd; I have files generated with GNU roff that
> defaults to letter size.  This doesn't happen on Linux, I ignore why.

This is set in DESC config files.

$ grep -ER 'papersize (letter|a4)' /usr/local/share/groff/*
/usr/local/share/groff/1.22.3/font/devdvi/DESC:papersize letter
/usr/local/share/groff/1.22.3/font/devlj4/DESC:papersize letter
/usr/local/share/groff/1.22.3/font/devps/DESC:papersize letter
/usr/local/share/groff/1.22.3/font/devlbp/DESC:papersize letter
/usr/local/share/groff/1.22.3/font/devpdf/DESC:papersize letter

Re: mandoc output paper size

[Walter Alejandro Iglesias]

In article <20171026104155982590.bfb59...@talsever.com> Amelia A Lewis 
<amyz...@talsever.com> wrote:
> On Thu, 26 Oct 2017 16:14:36 +0200 (CEST), Walter Alejandro Iglesias 
> wrote:
> > In the ps file generated by mandoc you should have this line:
> > 
> >   %%DocumentMedia: Default 595 841 0 () ()
> > 
> > Where 595 841 correspond to A4.  If you set output paper to "letter"
> > that line will say:
> > 
> >   %%DocumentMedia: Default 612 790 0 () ()
> 
> So these measures are in points?

I took it from here:

https://www.gnu.org/software/gv/manual/gv.html#Paper-Keywords-and-paper-size-in-points


> 
> https://en.wikipedia.org/wiki/Point_(typography)
> 

Re: mandoc output paper size

[Walter Alejandro Iglesias]

In article <20171026122507.ga13...@www.stare.cz> Jan Stary  
wrote:
> On Oct 26 11:36:45, w...@roquesor.com wrote:
> > In article <20171026083919.ga38...@www.stare.cz> Jan Stary  
> > wrote:
> > > I am not sure whether man -Tpdf and man -Tps honour the paper size.
> > 
> > I think it does.
> > 
> > I don't have a printer at hand to verify it but if in the gv(1) menu
> > I select alternativelly A4 (or Letter) and Default
> 
> You can "select alternatively" whatever you want in the gv(1) window,
> but that don't make it so. My point is that files which really are A4
> just already say so in the gv(1) box, without "selecting it alternatively".

In the ps file generated by mandoc you should have this line:

  %%DocumentMedia: Default 595 841 0 () ()

Where 595 841 correspond to A4.  If you set output paper to "letter"
that line will say:

  %%DocumentMedia: Default 612 790 0 () ()



As a side note.  You made me realize of something I didn't notice when
I migrated to openbsd; I have files generated with GNU roff that
defaults to letter size.  This doesn't happen on Linux, I ignore why.


> 
> > I can see how the page get resized (or not)
> > depending on the 'ouput paper' man.conf setting.
> 
> Yes it does. But why does it say e.g. "y841x595" instead of A4?
> (Maybe "A4" is just a shorthand for that, I don't know).
> 
> Jan
> 
> 

Re: mandoc output paper size

[Walter Alejandro Iglesias]

In article <20171026083919.ga38...@www.stare.cz> Jan Stary  
wrote:
> I am not sure whether man -Tpdf and man -Tps honour the paper size.

I think it does.

I don't have a printer at hand to verify it but if in the gv(1) menu
I select alternativelly A4 (or Letter) and Default I can see how the
page get resized (or not) depending on the 'ouput paper' man.conf
setting.


Walter

Re: SSH: lost connection after restarting pf. [SOLVED]

[Walter Alejandro Iglesias]

On Fri, Aug 18, 2017 at 07:31:05PM +0200, Otto Moerbeek wrote:
> On Sat, Aug 12, 2017 at 02:40:41PM +0200, Walter Alejandro Iglesias wrote:
> 
> > In article <20170812123632.p7zgt2l4kz43y...@symphytum.spacehopper.org> you 
> > wrote:
> > > On 2017/08/12 14:33, Walter Alejandro Iglesias wrote:
> > > > In article <5127ac707aa6f...@server.roquesor.com> you wrote:
> > > > > Hi Stuart,
> > > > > 
> > > > > In article <slrnootn18.31bc@naiad.spacehopper.org> you wrote:
> > > > > > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote:
> > > > > > > Yesterday while copying a big file from one machine to another in 
> > > > > > > my LAN
> > > > > > > I noticed that restarting pf:
> > > > > > >
> > > > > > >   # pfctl -d && pfctl -e -f /etc/pf.conf
> > > > > > >
> > > > > > > scp stops and quits showing this message:
> > > > > > >
> > > > > > >   - stalled - Conection reset by 192.168.1.*  Lost connection
> > > > > > >
> > > > > > >
> > > > > > > Is this expected or is a bug?
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > 
> > > > > > Expected.
> > > > > > 
> > > > > > PF is a state-inspecting firewall and verifies things like TCP 
> > > > > > sequence
> > > > > > numbers; it needs to see the initial connection handshake to pick 
> > > > > > up the
> > > > > > wscale value.
> > > > > > 
> > > > > > I would recommend just reloading the ruleset rather than disabling 
> > > > > > and
> > > > > > re-enabling PF first.
> > > > > > 
> > > > > > 
> > > > > 
> > > > > I have this rule:
> > > > > 
> > > > > block in log quick inet proto tcp from  to port ssh
> > > > > 
> > > > > That reads IPs from a the "port22" file which is updated from a script
> > > > > in a cronjob.  I ignore which command to use to re-read that file
> > > > > without causing the interrupt.
> > > > > 
> > > > > 
> > > > > 
> > > > 
> > > > You mean doing only this?
> > > > 
> > > > # pfctl -f /etc/pf.conf
> > > 
> > > Yes.
> > > 
> > > 
> > 
> > I just tried it and works OK.  Thank you very much.
> > 
> 
> A bit reply late due to vacation...
> 
> I would like to stress that disable and then a reload is a
> dangerous practise. Apart from the fact that it looses state it also
> will leave pf disabled if you made a syntax error in your ruleset.

Yes, I was worried about that.

> 
> Please just do a reload: it is much more safer: it will first
> validate the new ruleset and then *atomically* replace the old with
> the new ruleset, leaving intact any relevant state information.

I don't remember exactly what made me think that in the specific case of
tables reading IP lists from files a reload wasn't enough.  Something
wrong I did while testing lead me to wrong conclusions. :-)


Thank you!


> 
>   -Otto


Walter

Re: Mastering opensmtpd rules

[Walter Alejandro Iglesias]

On Tue, Aug 15, 2017 at 05:10:00PM +0200, Gilles Chehade wrote:
> On Tue, Aug 15, 2017 at 01:29:16PM +0200, Walter Alejandro Iglesias wrote:
> > > 
> > >   accept from any for any virtual  [...]
> > > 
> > 
> > Besides, after modifying that rule in the file I also had to change the
> > order.  Since rules below the "catch-all" one never get evaluated, it
> > has forcibly to be the last one:
> > 
> >[...]
> >accept from local for local alias  deliver to mbox
> >accept from local sender  for any relay
> >accept from any for any virtual  deliver to mbox
> ># End of file
> > 
> 
> Not a truth written in stone but, usually, having the "from any for any"
> rule in a config file is a sign that user failed to write ruleset and is
> using this as a fallback.

The word "mastering" I used in the subject may lead to confusion.  I
should've written "starting with" instead. :-)

My smtpd.conf is not a finished work.  Step by step.

> The earliest the rules match the envelope, the
> better, as it indicates that the rule was written to match precisely.
> 

My intention was to find the way to support the "postmaster" address,
that RFC requires to be supported even *with no domain specification.*
I wasn't able to figure out how to solve this while the "domain" table
was included in the rule.  Without that table now I can add to the
"valiases" file this:

postmaster  myuser
s...@site1.com  ...
s...@site2.com  ...

To make available any of this addresses:

postmaster@[IP_ADDRESS]
postmas...@site1.com
postmas...@site2.com

> Most rulesets should finish with a relay (via?) rule from local for any.

That's the way I had it, but I couldn't send mail when preceded by "from
any to any" rule.  I know my current solution is sloppy, I'll try to
study a bit more and improve my configuration.  Thank you for your help.

> 
> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg

Re: Mastering opensmtpd rules

[Walter Alejandro Iglesias]

> 
>   accept from any for any virtual  [...]
> 

Besides, after modifying that rule in the file I also had to change the
order.  Since rules below the "catch-all" one never get evaluated, it
has forcibly to be the last one:

   [...]
   accept from local for local alias  deliver to mbox
   accept from local sender  for any relay
   accept from any for any virtual  deliver to mbox
   # End of file

Re: Mastering opensmtpd rules

[Walter Alejandro Iglesias]

Hi Gilles,

On Tue, Aug 15, 2017 at 11:15:32AM +0200, Gilles Chehade wrote:
> On Tue, Aug 15, 2017 at 09:22:41AM +0200, Walter Alejandro Iglesias wrote:
> > Hello everyone,
> > 
> > I'd appreciate experienced opensmtpd users tell me if I'm understanding
> > well the mechanism in the following rule.
> > 
> > Currently, in my smtpd.conf I have this line:
> > 
> >   accept from any for domain  virtual  deliver to mbox
> > 
> > But since all keys in my "valiases" table are full email addresses, in
> > the form:
> > 
> >   u...@example.org  user
> > 
> > I'm thinking the use of "vdomains" table is redundant.  I could safely
> > simplify the rule to:
> > 
> >   accept from any for any virtual  deliver to mbox
> > 
> > 
> > Am I wrong in this assumption?
> >
> 
> kind of, smtpd.conf being a first match ruleset it is impossible to make
> this kind of analysis without having your other rules too.

Sorry, I should've added it's the only "from any" rule I have:


# /etc/mail/smptd.conf

egress_int="em0"
server="server.roquesor.com"

table aliases file:/etc/mail/aliases
table valiases file:/etc/mail/valiases
table vdomains file:/etc/mail/vdomains
table addresses file:/etc/mail/addresses
table users file:/etc/mail/users

pki $server certificate "/etc/ssl/server.crt"
pki $server key "/etc/ssl/private/server.key"

listen on lo0
listen on $egress_int port 25 tls pki $server
listen on $egress_int port 465 smtps pki $server auth \
senders  masquerade

accept from local for local alias  deliver to mbox
accept from any for domain  virtual  deliver to mbox
accept from local sender  for any relay

# End of file


> 
> in this case, this may or may not give the desired behavior depending on
> rules following it because envelope matching happens _before_ virtual is
> even evaluated.
> 
> with:
> 
> accept from any for domain  [...]
> 
> you will only match envelopes for the domains in , it allows a
> different rule to match other domains:
> 
> accept from any for domain  [...]
> accept from any for domain foobar.org [...]
> 
> with:
> 
> accept from any for any [...]
> 
> you will match all envelopes so you're essentially creating a catch-all.
> 
> 
> virtual happens AFTER a rule has been matched so if you recipient is not
> found the RCPT will be rejected, smtpd will not search for another rule.

If I'm understanding you well then it's what I want.

My question was if the "virtual" entry in the rule is enough to reject
not matching recipients.  For example, having this rule:

  accept from any for any virtual  [...]

and a "valiases" file containing only this line:

  l...@foobar.org   user

will messages sent to i.e. l...@foobar2.org or l...@foobar3.org be
rejected?



> 
> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org  @poolpOrg

Mastering opensmtpd rules

[Walter Alejandro Iglesias]

Hello everyone,

I'd appreciate experienced opensmtpd users tell me if I'm understanding
well the mechanism in the following rule.

Currently, in my smtpd.conf I have this line:

  accept from any for domain  virtual  deliver to mbox

But since all keys in my "valiases" table are full email addresses, in
the form:

  u...@example.org  user

I'm thinking the use of "vdomains" table is redundant.  I could safely
simplify the rule to:

  accept from any for any virtual  deliver to mbox


Am I wrong in this assumption?