Re: OpenBSD on Macbook 12" 2017?

[andrew fabbro]

Interesting - I thought SPI was as old as the hills, but I see Intel has an
"enhanced" SPI now.

https://en.wikipedia.org/wiki/Serial_Peripheral_Interface

On Fri, Mar 15, 2019 at 10:31 AM joshua stein  wrote:

> On Fri, 15 Mar 2019 at 09:18:02 +0100, Harald Dunkel wrote:
> > Hi folks,
> >
> > does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once,
> > but keyboard and trackpad were not working, so I kept MacOS.
>
> The keyboard and touchpad are connected over SPI now, so they
> require a new Intel SPI controller driver and then two custom
> drivers for the keyboard and touchpad.
>
> So no, the device does not work on OpenBSD unless you use a USB
> keyboard/mouse.
>
>

-- 
andrew fabbro
and...@fabbro.org

Re: TLS suddenly not working over IKED site-to-site - SOLVED?

[Andrew Daugherity]

On Thu, Dec 20, 2018 at 6:54 PM Theodore Wynnychenko  wrote:
> Then, I took the advice above, and disable ipcomp on the tunnel, and, BAHM, 
> https (and imaps) were working without an issue from openbsd, Windows 7, and 
> Macs!
>
> Just to be sure, I updated this am to the 12/19 amd64 snapshot.
>
> When I turn on ipcomp, https/imaps hangs for most connections; when I turn 
> ipcomp off, https/imaps works.

I can confirm this behavior.  I've set up a simple RSA key VPN as
described at http://www.openbsd.org/faq/faq17.html#site2site, which
does not include ipcomp by default, and everything works fine,
including https.  After reading this I decided to test enabling
ipcomp, and sure enough, loading an https page across the VPN fails.
With ipcomp I also see some "unprotected" packets when running tcpdump
on enc0, e.g.:
13:32:19.600062 (authentic,confidential): SPI 0xee345270:
10.95.10.236.57254 > 10.95.0.233.443: P 273:518(245) ack 5604 win 455
 (DF) (encap)
13:32:19.614996 (unprotected): SPI 0x5a04: 10.95.0.233.443 >
10.95.10.236.57254: . 5604:7052(1448) ack 518 win 252  (DF) (encap)

I don't know why that is happening, but as everything seems to work
well and perform decently without ipcomp, I'll be leaving it disabled.

> I noticed that the last change to sys/netinet/ip_ipcomp.c (I am guessing this 
> is the code that is involved) in the log (I think) was about 3 months ago, 
> and at this point, I can't recall if my last updated (prior to the one where 
> the instability began) was before or after that change.
>
> I was going to try to recompile it with the change undone, but am not sure 
> how to do that, or even if it can be done for just that one part of sys.

Yes, just use git or cvs (whatever you checked out the code with) to
fetch an earlier revision of that file (not the whole repo) and then
build a new kernel.  Sometimes you'd need to also revert other related
changes, but that does not appear to be the case here, assuming you're
referring to [1].  Note that some previous commits did touch multiple
files.

> And, after removing ipcomp from iked.conf, my subjective observation is that 
> things load a lot faster than they seemed to in the past with ipcomp on; so, 
> I am happy with where I am.
>
> I was just posting my observations in case anyone else has a similar issue.

Thank you for sharing.  I had (I think) been using ipcomp in my old
ikev1 (ipsec.conf/isakmpd) setup but had not yet gotten around to
enabling it in the ikev2 setup.  Based on this, I won't bother.


-Andrew

[1] https://github.com/openbsd/src/commit/4b5fa55

Re: Automated remote install

[andrew fabbro]

On Tue, Dec 18, 2018 at 1:03 AM Frank Beuth  wrote:

> On Mon, Dec 17, 2018 at 02:35:41PM -0200, Daniel Bolgheroni wrote:
> >If you're going to run on some public cloud, they usually offer the
> >possibility of keeping a custom image you provide, and use this image to
> >deploy new VMs based on it.
>
> "usually" being the key word here :)
>

Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my
experience, 100% will add it to their library if you request it.

Note that I'm referring to KVM providers (traditional VPS providers), not
"public cloud".  The big boys - AWS, Azure, Google, etc. are not interested
in OpenBSD.

The mid-tier players - DigitalOcean, Vultr, Linode - are semi-interested.
Vultr offers it natively.  You can shim on Linode or DO but why bother then
the main field of KVM players (there are thousands) offer it.  If you
search for a VPS provider that offers KVM (not OpenVZ, VIrtuozzo, or Xen)
you will find many.


-- 
andrew fabbro
and...@fabbro.org

Re: openbsd 6.4 as guest VM on Xen cannot detect disk

[Andrew Daugherity]

I have no idea what is causing your backend timeout, but your VM
config would be useful information, and take a look at xend.log etc.
on the host for any related errors (if you have access to it). I'm
running OpenBSD 6.4 just fine under Xen; however my Dom0 is only 4.4.4
(dmesg attached).

Note that in your 6.0 dmesg, you have "wd0 at pciide0" vs. my "sd0 at
scsibus1" via "scsibus1 at xbf0"; the man page for xbf(4) indicates it
was added in 6.1, and that it takes over all virtual disks.  As a
workaround, you might try boot -c and disable xbf, which would
presumably present your disk via the emulated IDE controller.

-Andrew
OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056964608 (1008MB)
avail mem = 1015713792 (968MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xeb01f (12 entries)
bios0: vendor Xen version "4.4.4_34-61.32.1" date 08/17/2018
bios0: Xen HVM domU
acpi0 at bios0: rev 2
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC WAET SSDT SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 48 pins, remapped
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2993.06 MHz, 06-17-06
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,SSSE3,CX16,SSE4.1,x2APIC,DEADLINE,HV,NXE,LONG,LAHF,MELTDOWN
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2992.68 MHz, 06-17-06
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,SSSE3,CX16,SSE4.1,x2APIC,DEADLINE,HV,NXE,LONG,LAHF,MELTDOWN
cpu1: 6MB 64b/line 16-way L2 cache
cpu1: smt 0, core 2, package 0
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicmos0 at acpi0
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
pvbus0 at mainbus0: Xen 4.4
xen0 at pvbus0: features 0x705, 32 grant table frames, event channel 4
"vfb" at xen0: device/vfb/0 not configured
xbf0 at xen0 backend 0 channel 6: disk
scsibus1 at xbf0: 2 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 4096MB, 512 bytes/sector, 8388608 sectors
xnf0 at xen0 backend 0 channel 7: address 00:16:3e:79:85:28
xnf1 at xen0 backend 0 channel 8: address 00:16:3e:46:21:98
"console" at xen0: device/console/0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x01: SMBus disabled
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
xspd0 at pci0 dev 3 function 0 "XenSource Platform Device" rev 0x01
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (70bae60fe9b7d0df.a) swap on sd0b dump on sd0b
fd0 at fdc0 drive 0: density unknown
fd1 at fdc0 drive 1: density unknown

Re: Intel Celeron SoC support

[Andrew Lemin]

Hi Chris,

I decided to sell the board and get a different one..
But for others wanting to use this board in the future.

I tried both USB and PS2 Native (no adapter) keyboards. Neither work after
the installer starts.
Bearing in mind none of the SATA ports are detected either..

Cheers, Andy.

On Wed, Nov 21, 2018 at 3:42 AM Chris Cappuccio  wrote:

> Andrew Lemin [andrew.le...@gmail.com] wrote:
> > Hi,
> >
> > I am running an ASRock J4105B-ITX board and wanting to run OpenBSD on
> this.
> > https://www.asrock.com/MB/Intel/J4105B-ITX/index.asp#BIOS
> >
> > It boots up, and at the 'boot>' prompt I can use the keyboard find.
> >
> > However after it boots up, the keyboard stops working, and no disks are
> > found by the installer (used auto_install to send test commands).
> > It appears that there is no chipset support, for the Intel Celeron J4105
> > CPU from what I can work out.
> >
> > To test that it was working fine and is just OpebBSD which is not
> working,
> > I installed Linux and have included the dmesg below (from Linux).
> > I cannot run a dmesg from the OpenBSD installer as I cannot use the
> > keyboard etc.
> >
>
> The ASRock J4205-ITX (Apollo Lake) works fine, so does the J3710-ITX
> (Braswell).
>
> I use them both headless, but they work fine when I plug in a USB keyboard.
>
> The J4105-ITX (Gemini Lake) is newer than either.
>
> What kind of keyboard are you using? If it's not USB, plug in a USB
> keyboard.
> Although it may not work at the boot> prompt, it will work once you are
> booted
> up.
>
> For fun, here are dmesg for the older versions of your board. They both
> work
> with USB input devices.
>
> Braswell
> 
>
> OpenBSD 6.3-current (GENERIC.MP) #21: Fri Jun 29 17:32:47 PDT 2018
> ch...@r8.nmedia.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8023584768 (7651MB)
> avail mem = 7771283456 (7411MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xecec0 (18 entries)
> bios0: vendor American Megatrends Inc. version "P1.30" date 03/30/2016
> bios0: ASRock J3710-ITX
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT FIDT AAFT MCFG HPET SSDT SSDT SSDT UEFI
> LPIT CSRT
> acpi0: wakeup devices UAR1(S4) XHC1(S4) HDEF(S4) PXSX(S4) RP01(S4)
> PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) BRCM(S0) PWRB(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.37 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 79MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.00 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.00 MHz
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.00 MHz
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 

Re: PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels

[Andrew Lemin]

y nat-to (tun1) rtable 1
match out on tun2 from any to any nat-to (tun2) rtable 2

#Allow outbound traffic on egress for vpn tunnel setup etc
pass out quick on { $if_ext } from self to any set prio (3,6)

#Load balance outbound traffic from internal network across tun1 and tun2 -
THIS IS NOT WORKING - IT ONLY USES FIRST TUNNEL
pass in quick on { $if_int } to any route-to { (tun1 10.8.8.1), (tun2
10.8.8.1) } round-robin set prio (3,6)

#Allow outbound traffic over vpn tunnels
pass out quick on tun1 to any set prio (3,6)
pass out quick on tun2 to any set prio (3,6)


# Verify which tunnels are being used
systat ifstat

*This command shows that all the traffic is only flowing over the first
tun1 interface, and the second tun2 is never ever used.*


# NB; I have tried with and without 'set state-policy if-bound'.

I have tried all the load balancing policies; round-robin, random,
least-states and source-hash

If I change the 'route-to' pool to "{ (tun2 10.8.8.1), (tun1 10.8.8.1) }",
then only tun2 is used instead.. :(

So 'route-to' seems to only use the first tunnel in the pool.

Any advice on what is going wrong here. I am wondering if I am falling
victim to some processing-order issue with PF, or if this is a real bug?

Thanks, Andy.


On Wed, Sep 12, 2018 at 5:58 PM Stuart Henderson 
wrote:

> On 2018-09-11, Andrew Lemin  wrote:
> > Hi list,
> >
> > I use an OpenVPN based internet access service (like NordVPN, AirVPN
> etc).
> >
> > The issue with these public VPN services, is the VPN servers are always
> congested. The most I’ll get is maybe 10Mbits through one server.
> >
> > Local connection is a few hundred mbps..
> >
> > So I had the idea of running multiple openvpn tunnels to different
> servers, and load balancing outbound traffic across the tunnels.
> >
> > Sounds simple enough..
> >
> > However every vpn tunnel uses the same subnet and nexthop gw. This of
> course won’t work with normal routing.
>
> rtable/rdomain with openvpn might be a bit complex, I think it may need
> persist-tun and create the tun device in advance with the wanted rdomain.
> (you need the VPN to be in one, but the UDP/TCP connection in another).
>
> Assuming you are using tun (and so point-to-point connections) rather
> than tap, try one or other of these:
>
> - PF route-to and 'probability', IIRC it works to just use a junk
> address as long as the interface is correct ("route-to 10.10.10.10@tun0",
> "route-to 10.10.10.10@tun1").
>
> - ECMP (net.inet.ip.multipath=1) and multiple route entries with
> the same priority. Use -ifp to set the interface ("route add
> default -priority 8 -ifp $interface $dest").
>
> The "destination address" isn't really very relevant for routing
> on point-to-point interfaces (though current versions of OpenBSD
> do require that it matches the destination address on the interface,
> otherwise they won't allow the route to be added).
>
>
>

Re: why thread is not usable in perl5 of OpenBSD6.4?

[Andrew Hewus Fresh]

On Sun, Nov 25, 2018 at 09:32:33PM -0800, Philip Guenther wrote:
> On Sun, Nov 25, 2018 at 1:57 AM 岡本健二  wrote:
> 
> > I have to use thread on the perl5 of OpenBSD 6.4.
> > However, it was disabled on the distribution.
> >
> 
> Hmm, is this something that worked in previous releases, or is something
> that you've only tried in OpenBSD 6.4?
> 
> Off-hand, it's still disabled by default in the Configure script that perl
> people ship, and I don't see anything in the OpenBSD bits to override their
> choice.


One of the main reasons is that the "use of interpreter-based threads in
perl is officially discouraged" and has been unofficially discouraged
for a lot longer.

http://perldoc.perl.org/threads.html#WARNING

My understanding of the reason it is discouraged is that the threading
mechanism in perl does not lend itself to correct code and you're
probably better off doing something simpler and getting nearly as good
results using another mechanism.



> > I tried to make the thread active to recompile the perl5 with -Dusethreads,
> > which led me to many test fails.
> >
> 
> Were there tests that failed with -Dusethreads that passed when that wasn't
> used?  If so, which, and what was their output?
 
The perl test suite does not like to run in the OpenBSD source tree, I
don't recall why off the top of my head, just that it doesn't.  If you
had failures that are different than you get without enabling threads,
that might be interesting to diagnose.


> To put it another way: if you're suggesting that we build the base perl
> with -Dusethreads, what are the consequences of that?  Test failures?
> Bigger binary?  pkg_add is slower?

It does make perl anecdotally 10% slower overall (as I recall) for non
threaded operations.  Obviously that depends on the workload, but since
we don't use them, making pkg_add and other things that use perl faster
seems more useful.

http://perldoc.perl.org/perlthrtut.html#Performance-considerations




> Why the thread function was disabled in this release?
> > Is it security reason?
> >
> 
>  Upstream has it off by default, nothing so far has needed it, and it makes
> things slower (or at least that's why upstream says).  Why would we enable
> it?


See above for more reasoning and you might look at p5-Coro if you
really need threads, I haven't had a need for them but have heard they
work better than the core implementation.

https://metacpan.org/pod/Coro

l8rZ,
-- 
andrew - http://afresh1.com

People who invent random theories which only defend the vendor must have
been beaten as children.  Beaten with sticks.
At least, that's my theory.
  -- Theo De Raadt

Intel Celeron SoC support

[Andrew Lemin]

Hi,

I am running an ASRock J4105B-ITX board and wanting to run OpenBSD on this.
https://www.asrock.com/MB/Intel/J4105B-ITX/index.asp#BIOS

It boots up, and at the 'boot>' prompt I can use the keyboard find.

However after it boots up, the keyboard stops working, and no disks are
found by the installer (used auto_install to send test commands).
It appears that there is no chipset support, for the Intel Celeron J4105
CPU from what I can work out.

To test that it was working fine and is just OpebBSD which is not working,
I installed Linux and have included the dmesg below (from Linux).
I cannot run a dmesg from the OpenBSD installer as I cannot use the
keyboard etc.

Will support come for this SoC architecture? Or am I better of selling this
board?

Think its a Gemini Lake SoC Chipset;

[0.00] Linux version 4.9.0-8-amd64 (debian-ker...@lists.debian.org)
(gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian
4.9.130-2 (2018-10-27)
[0.00] Command line: BOOT_IMAGE=/vmlinuz-4.9.0-8-amd64
root=/dev/mapper/virt1--vg-root ro quiet intel_iommu=on
[0.00] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point
registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds
registers'
[0.00] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR'
[0.00] x86/fpu: xstate_offset[3]:  576, xstate_sizes[3]:   64
[0.00] x86/fpu: xstate_offset[4]:  640, xstate_sizes[4]:   64
[0.00] x86/fpu: Enabled xstate features 0x1b, context size is 704
bytes, using 'compacted' format.
[0.00] e820: BIOS-provided physical RAM map:
[0.00] BIOS-e820: [mem 0x-0x0003dfff] usable
[0.00] BIOS-e820: [mem 0x0003e000-0x0003]
reserved
[0.00] BIOS-e820: [mem 0x0004-0x0009dfff] usable
[0.00] BIOS-e820: [mem 0x0009e000-0x000f]
reserved
[0.00] BIOS-e820: [mem 0x0010-0x0fff] usable
[0.00] BIOS-e820: [mem 0x1000-0x12150fff]
reserved
[0.00] BIOS-e820: [mem 0x12151000-0x76d93fff] usable
[0.00] BIOS-e820: [mem 0x76d94000-0x7963dfff]
reserved
[0.00] BIOS-e820: [mem 0x7963e000-0x7968efff] usable
[0.00] BIOS-e820: [mem 0x7968f000-0x796b6fff] ACPI
NVS
[0.00] BIOS-e820: [mem 0x796b7000-0x799eafff]
reserved
[0.00] BIOS-e820: [mem 0x799eb000-0x79a9bfff] type
20
[0.00] BIOS-e820: [mem 0x79a9c000-0x7a4c1fff] usable
[0.00] BIOS-e820: [mem 0x7a4c2000-0x7a56dfff]
reserved
[0.00] BIOS-e820: [mem 0x7a56e000-0x7abf] usable
[0.00] BIOS-e820: [mem 0x7ac0-0x7fff]
reserved
[0.00] BIOS-e820: [mem 0xd000-0xd0ff]
reserved
[0.00] BIOS-e820: [mem 0xd3709000-0xd3709fff]
reserved
[0.00] BIOS-e820: [mem 0xe000-0xefff]
reserved
[0.00] BIOS-e820: [mem 0xfe042000-0xfe044fff]
reserved
[0.00] BIOS-e820: [mem 0xfe90-0xfe902fff]
reserved
[0.00] BIOS-e820: [mem 0xfec0-0xfec00fff]
reserved
[0.00] BIOS-e820: [mem 0xfed01000-0xfed01fff]
reserved
[0.00] BIOS-e820: [mem 0xfee0-0xfee00fff]
reserved
[0.00] BIOS-e820: [mem 0xff00-0x]
reserved
[0.00] BIOS-e820: [mem 0x0001-0x00017fff] usable
[0.00] NX (Execute Disable) protection: active
[0.00] efi: EFI v2.60 by American Megatrends
[0.00] efi:  ACPI 2.0=0x7968f000  ACPI=0x7968f000
SMBIOS=0x79948000  SMBIOS 3.0=0x79947000  ESRT=0x75cce798
MEMATTR=0x73b5e098
[0.00] SMBIOS 3.1.1 present.
[0.00] e820: update [mem 0x-0x0fff] usable ==> reserved
[0.00] e820: remove [mem 0x000a-0x000f] usable
[0.00] e820: last_pfn = 0x18 max_arch_pfn = 0x4
[0.00] MTRR default type: uncachable
[0.00] MTRR fixed ranges enabled:
[0.00]   0-9 write-back
[0.00]   A-B uncachable
[0.00]   C-F write-protect
[0.00] MTRR variable ranges enabled:
[0.00]   0 base 00FF00 mask 7FFF00 write-combining
[0.00]   1 base 00 mask 7F8000 write-back
[0.00]   2 base 007B00 mask 7FFF00 uncachable
[0.00]   3 base 007C00 mask 7FFC00 uncachable
[0.00]   4 base 01 mask 7F8000 write-back
[0.00]   5 base 009000 mask 7FF000 write-combining
[0.00]   6 disabled
[0.00]   7 disabled
[0.00]   8 disabled
[0.00]   9 disabled
[0.00] x86/PAT: Configuration 

Re: pfctl: cidr typo bug

[Andrew]

On 11/13/18 16:28, Stuart Henderson wrote:

On 2018/11/13 10:15, Andrew wrote:

On 11/13/18 11:08, Stuart Henderson wrote:
> On 2018-11-11, Andrew  wrote:
> > ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
> > 1 table created.
> > 1/1 addresses added.
>
> This would normally fail right here.
>
> > ~: doas pfctl -t cidr_typo -T show
> >127.0.0.1
>
> I think your name resolver may be giving out 127.0.0.1 as an address
> in response to a query for "1.2.3.4*5". Test with dig(1) / host(1) /
> "getent hosts 1.2.3.4*5".

Great insight Stuart !!! unbound on my patched 6.3 gateway is returning:

> getent hosts 1.2.3.4*5
127.0.0.1   1.2.3.4*5
::1 1.2.3.4*5

Both laptops use the gateway as a name resolver.

Hope that helps !!!


It doesn't happen with a standard unbound setup, so this is either
something non-standard in your unbound config, or you are forwarding
and it's something non-standard in your upstream resolver.


OK I just tested for that. I'll start a new thread about unbound
resolving 1.2.3.4*5 to 127.0.0.1. Thanks again for a great insight. 

Re: pfctl: cidr typo bug

[Andrew]

On 11/13/18 11:08, Stuart Henderson wrote:

On 2018-11-11, Andrew  wrote:

~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
1 table created.
1/1 addresses added.


This would normally fail right here.


~: doas pfctl -t cidr_typo -T show
   127.0.0.1


I think your name resolver may be giving out 127.0.0.1 as an address
in response to a query for "1.2.3.4*5". Test with dig(1) / host(1) /
"getent hosts 1.2.3.4*5".


Great insight Stuart !!! unbound on my patched 6.3 gateway is returning:


getent hosts 1.2.3.4*5

127.0.0.1   1.2.3.4*5
::1 1.2.3.4*5

Both laptops use the gateway as a name resolver. 


Hope that helps !!!

Re: pfctl: cidr typo bug

[Andrew]

On 11/11/18 19:23, Klemens Nanni wrote:

On Sun, Nov 11, 2018 at 12:01:33PM -0600, Andrew wrote:

~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
1 table created.
1/1 addresses added.

I fail to reproduce this with recent snapshots on both amd64 and sparc64:

# pfctl -t cidr_typo -T add 1.2.3.4*5
no IP address found for 1.2.3.4*5


~: doas pfctl -t cidr_typo -T show127.0.0.1


# pfctl -t cidr_typo -T show
pfctl: Table does not exist.


---

Last one for you. I'm leaving this to your expertise. 


I just followed the same process on a Lenovo T440s.

same bsd.rd as the T420
same install.fs 
same upgrade process


scp bsd.rd to t440s
mv bsd.rd to /
mv sd from t420 to the t440s
reboot
boot hd0a://bsd.rd
"upgrade"
"disk"
skipped games 
upgraded sets

rebooted
--
login

#> pfctl -t cidr_typo -T add 1.2.3.4*5
1 table created
2/2 addresses added

#> pfctl -t cidt_typo -T show
127.0.0.1
::1


---

OpenBSD 6.4-current (GENERIC.MP) #432: Sun Nov 11 03:46:12 MST 2018
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8246050816 (7864MB)
avail mem = 7986860032 (7616MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (61 entries)
bios0: vendor LENOVO version "GJET77WW (2.27 )" date 05/20/2014
bios0: LENOVO 20ARS0LF02
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT PCCT SSDT UEFI MSDM ASF! BATB FPDT UEFI SSDT
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1796.13 MHz, 06-45-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz, 06-45-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz, 06-45-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz, 06-45-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), 

Cannot mount install.fs disk image to create custom auto_install.conf based USB flash drive

[Andrew Lemin]

Hi list,
I really need some help mounting an install.fs disk image, and hope someone
can help :)
I have been trying and failing to create an auto-installing USB flash drive
for OpenBSD.

All of the below steps are being performed using an existing OpenBSD VM

1) Create /auto_install.conf file
https://man.openbsd.org/autoinstall
http://eradman.com/posts/autoinstall-openbsd.html
- Done

2) Install 'upobsd' package
pkg_add -i upobsd
- Done

3) Inject newly created 'auto_install.conf' into a local 'bsd.rd' RAM disk
upobsd -u /auto_install.conf -o /tmp/bsd.rd
- Done

4) Add updated 'bsd.rd' file into 'install.fs'
4a) Associate image with a vnd device so disk image can be mounted as a
filesystem image
vnconfig vnd1 /home/sysadmin/install64.fs
- Done

4b) Mount new vnd1c device (this is where I'm stuck)

** Here is where I get lost. All the guides refer only to using
install.iso (whos 'a:' and 'c:' partitions are ISO9660 filetypes - for CD
based installs), but I need to use the install.fs (for USB based installs)
**

fw1# mount /dev/vnd1c /mnt
mount_ffs: /dev/vnd1c on /mnt: Invalid argument
fw1# mount -t cd9660 /dev/vnd1c /mnt
mount_cd9660: /dev/vnd1c on /mnt: Invalid argument
fw1# mount -t msdos /dev/vnd1c /mnt
mount_msdos: /dev/vnd1c on /mnt: not an MSDOS filesystem
fw1# mount -t ext2fs /dev/vnd1c /mnt
mount_ext2fs: /dev/vnd1c on /mnt: Input/output error

As you can see, none of the the types I know about are working?

bsd1# disklabel vnd1
# /dev/rvnd1c:
type: vnd
disk: vnd device
label: fictitious
duid: e5445c1e269855f0
flags:
bytes/sector: 512
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 7382
total sectors: 738240
boundstart: 1024
boundend: 737280
drivedata: 0
16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:   736256 1024  4.2BSD   2048 16384 16142
  c:   7382400  unused
  i:  960   64   MSDOS

I cannot work out what the filesystem should be? It shows as 'unused' here.

NB; If I try with the 'install.iso' disk image the vnd mount works fine
(with '-t cd9660').
But I need this to work for a flash drive?



Assuming I could get past this, I think I would then need to do the
following;

4c) Copy in bsd.rd
cp /tmp/bsd.rd /mnt/

4d) Unmount /mnt
umount /mnt

4e) Disassociate vnd1
vnconfig -u /dev/vnd1

6) copy modified install.fs image to USB flash..
dd if=install*.fs of=/dev/rsd6c bs=1m

Thanks in advance for your time and help.
Andy.

Re: pfctl: cidr typo bug

[Andrew]

On 11/11/18 19:23, Klemens Nanni wrote:

On Sun, Nov 11, 2018 at 12:01:33PM -0600, Andrew wrote:

~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
1 table created.
1/1 addresses added.

I fail to reproduce this with recent snapshots on both amd64 and sparc64:

# pfctl -t cidr_typo -T add 1.2.3.4*5
no IP address found for 1.2.3.4*5


~: doas pfctl -t cidr_typo -T show127.0.0.1


# pfctl -t cidr_typo -T show
pfctl: Table does not exist.


OK ... This test was performed earlier today on a Lenovo T420.

---

OpenBSD 6.4-current (GENERIC) #412: Sun Nov 11 03:40:49 MST 2018
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 8451125248 (8059MB)
avail mem = 8185843712 (7806MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9b000 (65 entries)
bios0: vendor LENOVO version "83ET80WW (1.50 )" date 03/06/2018
bios0: LENOVO 41786UU
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT 
SSDT SSDT DMAR UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EHC1(S3) EHC2(S3) 
HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.54 MHz, 06-2a-07
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 5 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 98 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
tpm0 at acpi0: TPM_ addr 0xfed4/0x5000: device 0x104a rev 0x4e
acpibat0 at acpi0: BAT0 model "45N1001" serial  7058 type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: VID_
acpivout at acpivideo0 not configured
acpivideo1 at acpi0: VID_
cpu0: Enhanced SpeedStep 797 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 
1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
puc0 at pci0 dev 22 function 3 "Intel 6 Series KT" rev 0x04: ports: 16 com
com4 at puc0 port 0 apic 2 int 19: ns16550a, 16 byte fifo
com4: probed fifo depth: 0 bytes
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address 
00:21:cc:6e:6b:14
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, 
MIMO 2T2R, MoW, address 08:11:96:c1:b1:5c
ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi
pci3 at ppb2 bus 5
ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
pci4 at ppb3 bus 13
sdhc0 at pci4 dev 0 function 0 "Ricoh 5U823 SD/MMC" rev 0x05: apic 2 int 16
sdhc0: SDHC 3.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
"Ricoh 5U832 Firewire" rev 0x04 at pci4 dev 0 function 3 not confi

pfctl: cidr typo bug

[Andrew]

I stumbled upon this because the "/" and the "*" keys are adjacent to
each other on a numeric keypad. 


Note: This is a (GENERIC) kernel and I have hyper-threading disabled on
this laptop, if that matters ???

Just your basic upgrade to -current ...

- download today's SHA256.sig, bsd.rd, install.fs
- signify
- cp bsd.rd to /
- dd install.fs to sd1
- reboot
- boot sr0a://bsd.rd
- Choose "upgrade"
- Choose "disk" sd1
- (I unchecked [ ] games ...)
- upgrade the sets
...
reboot
installed firmware
login

---

~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
1 table created.
1/1 addresses added.

~: doas pfctl -t cidr_typo -T show  
  127.0.0.1


~: sysctl kern.version
kern.version=OpenBSD 6.4-current (GENERIC) #412: Sun Nov 11 03:40:49 MST
2018
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC

---

Truly a minor bug when compared to the greater problems at hand. Thanks
to all the devs -- have a great week ahead !!!

Re: X won't start with latest snapshot as user (Solution provided)

[Andrew]

On 11/10/18 19:29, Chris Bennett wrote:

On Sat, Nov 10, 2018 at 11:36:17PM +0100, Solene wrote:

This is normal. Look at 26th October https://www.openbsd.org/faq/current.html

The suid was removed to prevent bad things to happen. Use xenodm instead of 
startx.



I have switched to using xenodm. I am also think I screwed up something
during installation. It happens. Shrug.
I have found that I am stuck using fvwm, but I would like to use another
wm. Not very important which one. But I really have no idea how to
accomplish that.
The reason I think I screwed up something else is that the performance
across the board is terribly slow. Happy to reinstall from scratch.

I'm happy to find the  answers reading man pages, but man fvwm wasn't
helpful for me. Which ones should I read?

Running 6.4 stable amd64

Thank you,
Chris Bennett


Chris, 


After 20+ years of typing startx, I switched to xenodm about three days
ago. The FAQ, "Following -current" and the xenodm manpage are very
helpful. Thanks to all the authors !!!

Personally I use spectrwm, so I can't speak for other the wm's. In my
case, all I had to do was:

$> cp .xinitrc .xsession
$> chmod +x .xsession

... and it "just worked" as expected :-)

N.B. If you have a custom .Xresources file, like I do for xterm, then
make sure a line like the following is in your ~/.xsession.

[[ -f ~/.Xresources ]] && xrdb -load ~/.Xresources

or simply

xrdb -load ~/.Xresources

Regarding fvwm ...

Read the last 20 lines or so of /etc/X11/xenodm/Xsession and you will
understand why you are "stuck using fvwm." It helped me a lot. The
xenodm manpage is solid gold. It's very well written.

You should be able to configure your X deskop the way you want it
between those docs.

Printer Epson WF-4630 with CUPS

[andrew]

Hello, 

I am testing OpenBSD and am looking for documentation on how to add
support for my printer.

1. My printer is an Epson WF-4630.

2. I installed CUPS with pkg_add.

3. I configured CUPS for this printer with "$ lynx localhost:631".
   Unsurprisingly there was no driver for this printer.

4. When using the driver "Epson 9-Pin Series (grayscale)"
   to print the default CUPS test page, the printer outputs
   a white page and the motor moving the paper sounds like the motor
   from a needle printer.

   My point is that CUPS can send something to the printer.

   "$ lpstat" did *not* show any jobs, although the printer reacted.

5. I got the "Epson-WF-4630_Series-epson-escpr-en.ppd" from
   the "epson-inkjet-printer-escpr-1.6.32-1lsb3.2.tar.gz" from
   the Epson Website after clicking on the link which semantically
   means "download drivers for Linux".
   As far as I know a .ppd file is a post script printer description
   file. I have the impression that the file depends solely on the
   printer and not on the operating system. (Please inform me
   in case you know this assumption is incorrect.)

6. CUPS now shows the driver
   "Model:
[Current Driver - EPSON WF-4630 Series , Epson Inkjet Printer
Driver (ESC/P-R) for Linux:]" (no line breaks)
in the "Modify $printer" page but still shows the 
"Driver: Epson 9-Pin Series (grayscale)"
on the EPSON_WF-4630_Series page.
Note: This driver is still selected in the fifth step above
although I selected a custom .ppd file.

7. I set the printer as the default printer with
   "$lpadmin -d $printer_machine_readable_name" and confirmed
   the change with "$lpoptions -l". 

8. Printing the CUPS test page from the web interface leaves the
   printer idle. The job now shows up in "$ lpstat" and can also
   be cancelled with "$ cancel $job_id".


Please, if anyone knows which documentation I should look at to get
at the root of this problem or if anyone here has experience with
setting up a driver for their own printer on OpenBSD, contact me.



Greetings

Andrew Easton

Re: pledge & unveil

[andrew fabbro]

Also worth searching YouTube for "openbsd pledge" and/or "openbsd unveil".
There's at least four talks by Theo on pledge and a recent presentation by
Bob Beck on pledge/unveil, as well as many others.


On Sun, Oct 21, 2018 at 3:02 PM Heinz Kampmann  wrote:

> Hello,
>
> is there a paper on the web that explains work and relationship
> from pledge and unveil for dummies?
>
> Best wishes,
> Heinz
>
>

-- 
andrew fabbro
and...@fabbro.org

Re: pfctl tables: adding a CIDR typo to a new table

[Andrew]

On 10/06/18 00:28, Klemens Nanni wrote:

On Fri, Oct 05, 2018 at 04:02:12PM -0600, Andrew wrote:

recent snapshot:

$> uname -vrsm
OpenBSD 6.4 GENERIC#329 amd64

What's the timestamp? Please provide more detailed information next time.


$> doas pfctl -t sample -T add 74.125.0.0*16
1 table created.
1/1 addresses added.


It's not recent enough:

$ sysctl -n kern.version | head -n1
OpenBSD 6.4 (GENERIC.MP) #0: Thu Oct  4 00:29:55 CEST 2018
# for s in 1\*8 74.125.0.0\*16 ::1-64 ; do
> pfctl -t sample -T add $s
> done
no IP address found for 1*8
no IP address found for 74.125.0.0*16
no IP address found for ::1-64



I'll use a different command next time. Thanks for the head's up !!!

you: OpenBSD 6.4 (GENERIC.MP) #0: Thu Oct  4 00:29:55 CEST 2018
me:  OpenBSD 6.4 (GENERIC) #329: Thu Oct  4 09:53:31 MDT 2018

** Please note that you are using a different kernel from the same day **

$> doas pfctl -t 2ndtry -T add 74.125.0.0*24
1 table created.
1/1 addresses added.

$> doas pfctl -t 2ndtry -T show  
  127.0.0.1



Thanks for the quick reply. Moving forward -- it seems to be fixed. I'll
try a newer snapshot later this weekend. Have a great weekend ahead !!

pfctl tables: adding a CIDR typo to a new table

[Andrew]

I just came upon this while stumbling across my numeric keypad. 


(If case you are wondering, the "*" key is next to the "/" key ...)

---

recent snapshot:

$> uname -vrsm
OpenBSD 6.4 GENERIC#329 amd64

$> doas pfctl -t sample -T add 74.125.0.0*16
1 table created.
1/1 addresses added.

$> doas pfctl -t sample -T show
  127.0.0.1

---

and on patched 6.3:

$> uname -vrsm
OpenBSD 6.3 GENERIC.MP#11 amd64

$> doas pfctl -t sample -T add 74.125.0.0*16
1 table created.
2/2 addresses added.

$> doas pfctl -t sample -T show
  127.0.0.1
  ::0

---

OK - my keyboarding skills need some improvement ;-) 

As usual, big thanks to Theo and to all the past and present devs !!! 

pfctl tables and a mangled ip address

[Andrew]

I just discovered something unexpected using pfctl and tables. I'm far
from a networking guy and apparantly I can't type either.

Try this on a patched 6.3 amd64.

$> uname -mrsv
OpenBSD 6.3 GENERIC.MP#10 amd64

The following are a couple CIDRs for amazon.

$> pfctl -t sample -T add 176.0.0.0/8
1 table created.
1/1 addresses added.
$> pfctl -t sample -T add 205.251.192.0/18
1/1 addresses added.
$> pfctl -t sample -T show
176.0.0.0/8
205.251.192.0/18

--

Now enter a mangled ip for ebay ...

$> pfctl -t sample -T add 66.135.216.190.216
2/2 addresses added.
$> pfctl -t sample -T show
127.0.0.1
176.0.0.0/8
205.251.192.0/18
::1

I expected this to fail with something like:

$> pfctl -t sample -T add 66.135.216.190.216
0/1 addresses added.

--

I just want to bring this to your attention. As always, big thanks to
Theo for his great leadership and to all the past and present devs for
the gift of OpenBSD !!! Have a great weekend ahead !!!

Re: Downloadable CIDR network calculator

[Andrew]

On 09/11/18 12:32, Steve Litt wrote:

On Tue, 11 Sep 2018 15:28:09 + (UTC)
Stuart Henderson  wrote:


On 2018-09-11, Steve Litt  wrote:
> I've created a downloadable CIDR (Classless Inter-Domain Routing)
> network calculator, whose sole dependency is Python3. It runs in any
> terminal or terminal emulator on any Linux or presumably BSD
> machine.
>
> http://troubleshooters.com/linux/cidr_calc.htm

Doesn't seem to work with the current version of IP ..

$ python3 cidr_calc.py.txt
2a02:8011:7003:1:fab1:56ff:feac:3276/64

IP address (2a02:8011:7003:1:fab1:56ff:feac:3276) not numeric.
USAGE: subnet_calc  ipaddr/maskbits
 EXAMPLE: subnet_calc  192.168.100.128/28


Yes, it's IPV4 only.

If lots of people want it, I might make it work for IPV6 too.

Thanks,

SteveT

Steve Litt
September 2018 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz


FWIW: a small network calculator without a python dependency is already
in packages. 


$> pkg_info ipcalc
Information for inst:ipcalc-1.4p0

Comment:
small network calculator

Description: ipcalc is a small tool that operates on IPv4 networks.  It
can operate in one of four modes: network describing, netmask
describing, finding or splitting.

Maintainer: The OpenBSD ports mailing-list 

WWW: https://github.com/pyr/ipcalc

PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels

[Andrew Lemin]

Hi list,

I use an OpenVPN based internet access service (like NordVPN, AirVPN etc).

The issue with these public VPN services, is the VPN servers are always 
congested. The most I’ll get is maybe 10Mbits through one server.

Local connection is a few hundred mbps..

So I had the idea of running multiple openvpn tunnels to different servers, and 
load balancing outbound traffic across the tunnels.

Sounds simple enough..

However every vpn tunnel uses the same subnet and nexthop gw. This of course 
won’t work with normal routing.

So my question:
How can I use rdomains or rtables with openvpn clients, so that each VPN is 
started in its own logical VRF?

And is it then a case of just using PF to push the outbound packets into the 
various rdomains/rtables randomly (of course maintaining state)? LAN interface 
would be in the default rdomain/rtable..

My confusion is that an interface needs to be bound to the logical VRF, but the 
tunX interfaces are created dynamically by openvpn.

So I am not sure how to configure this within hostname.tunX etc, or if I’m even 
approaching this correctly?

Thanks, Andy.

Re: how to install perl modules w/ dependencies that mix packages & CPAN

[Andrew Hewus Fresh]

On Fri, Aug 31, 2018 at 10:08:48PM -0300, Alceu Rodrigues de Freitas Junior 
wrote:
> Em 31/08/2018 21:52, Jonathan Thornburg escreveu:
> > What's the "OpenBSD way" to install Perl modules which don't exist
> > as packages?
 
> I'm afraid that is no such thing. My best would to search something on ports
> to do exactly that.

I don't know of anything in ports to automatically merge CPAN
dependencies and the ports tree, but I do know of portgen.

http://man.openbsd.org/portgen


> If there is no repository, you might want to take a look in ways to convert
> Perl modules from CPAN into OpenBSD packages. I know there is an effort to
> build those packages automatically for Linux (Ubuntu and CentOS).

portgen is pretty good at it, I usually start there.  It gets you most
of the way to submitting something to be included in the ports tree.

I don't know that it will ever reach the point where it just pulls stuff
directly off the CPAN, but I do hope that someday what's required to
exist in the ports tree is fairly minimal.  For now though, portgen will
create ports for the module and any dependencies that you can then
adjust for anything that was not detected automatically.

 
> Another possibility is to use perlbrew instead.

I do use plenv for testing things on multiple perl versions and with
different perl modules, but generally if I want to run something for
real, rather than just from my homedir, I'll make ports for the required
modules.

https://github.com/tokuhirom/plenv

l8rZ,
-- 
andrew - http://afresh1.com

Unix is very simple,
but it takes a genius to understand the simplicity.
  -- Dennis Ritchie

Re: "Missing operating system" after i386 dual boot install

[Andrew Daugherity]

On Sat, Aug 4, 2018 at 7:00 PM Sijmen J. Mulder  wrote:
> After booting the PC pauses for a few seconds before displaying "Missing
> operating system".
>
> What I've tried:
>  - "boot hd0a:/bsd" from the installation CD: works
>  - mark partition 0 active: works, brings up NT's bootloader
>  - "installboot -v wd0": no change
>
> Any ideas?

Boot the install CD, and run 'machine boot hd0c'.  This will boot the
OpenBSD partition directly, without involving the MBR.  (With 'machine
boot', hd0a..hd0d are the fdisk partitions, not BSD disklabel entries,
so e.g. 'machine boot hd0a' should boot NT.)

If that works: the OpenBSD boot loader in its partition is fine, but
the MBR is not loading it correctly.  Installing new MBR code, e.g.
'fdisk -u wd0', may help.
If it doesn't (unlikely, since NTLDR works with the PBR): there is a
problem with the PBR, or with the BIOS's ability to boot from it.

Using the NT loader menu may end up being a better solution for you,
but this should sort out the direct-boot case.


-Andrew

Re: xconsole keeps dieing

[Andrew]

On 07/17/18 17:53, Edgar Pettijohn III wrote:
For some reason xconsole has decided to start seg faulting regularly. 
I can't remember how to build X with debugging symbols. Could anyone 
give me a quick rundown so I can provide more information.


Thanks,

Edgar


OpenBSD 6.3 (GENERIC.MP) #4: Sun Jun 17 11:22:20 CEST 2018


FWIW:

puffy|puffy|~: xconsole -v 
Warning: Unable to load any usable ISO8859 font
Segmentation fault (core dumped) 
puffy|puffy|~: uname -vm   
GENERIC.MP#128 amd64

Re: user directory and wheel group

[andrew fabbro]

On Fri, Jun 15, 2018 at 2:42 PM, Stuart Henderson 
wrote:

> One thing to be aware of is the not-very-well-known restriction that one
> user can be in a maximum of 16 groups.


If memory serves, this limitation derives from an nfs limitation.

-- 
andrew fabbro
and...@fabbro.org

Re: How to search for "hostap" in man pages.

[Andrew Hewus Fresh]

On Sat, Jun 16, 2018 at 10:39:51PM +0200, Karel Gardas wrote:
> 
> Hello,
> 
> was looking for "hostap" or "Host AP" using man -k and apropos, but this 
> somehow does not return expected results:

An apropos(1) term lets you specify searching different "Macro Keys",
including the "any" key that can be used to match any available.

Quoting the manpage:

By default, apropos searches [...] case-insensitive substring
matching (the = operator) over manual names and descriptions (the Nm
and Nd macro keys).

You can search any of the macro keys that makewhatis indexes however:
https://man.openbsd.org/apropos#Macro_Keys

Such as the special "any" key.

$ apropos any=Hostap
hostapd(8) - Host Access Point daemon
hostapd.conf(5) - configuration file for the Host Access Point daemon
acx(4) - TI ACX100/ACX111 IEEE 802.11a/b/g wireless network device
ath(4) - Atheros IEEE 802.11a/b/g wireless network device with GPIO
ifmedia(4) - network interface media settings
pgt(4) - Conexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless network 
device
ral(4) - Ralink Technology/MediaTek IEEE 802.11a/b/g/n wireless network device
rtw(4) - Realtek RTL8180L IEEE 802.11b wireless network device
rum(4) - Ralink Technology/MediaTek USB IEEE 802.11a/b/g wireless network device
ural(4) - Ralink Technology/MediaTek USB IEEE 802.11b/g wireless network device
ifconfig(8) - configure network interface parameters


-- 
andrew - http://afresh1.com

Instructions are just another man's opinion of how to do something. 
  -- Weldboy #DPWisdom

Re: CVE-2018-8897

[andrew fabbro]

"A statement...was mishandled in the development of some or all
operating-system kernels..."

I think it's really "some" and the reason it's "some" and not "all" is
OpenBSD.

On Thu, May 10, 2018 at 9:51 PM, John Long <codeb...@inbox.lv> wrote:

> On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote:
> > > Dare I ask what lead to OpenBSD not being affected.
> > >
> > > Sorry if it is a dumb question but since this hit FreeBSD as well I
> > > am
> > > wondering
> > > what OpenBSD did differently.
> > >
> > > Was this caught in an audit?
> > >
> > > I am just curious about causality that kept OpenBSD in the clear of
> > > this one
> > > that made such headlines yesterday.
> >
> >
> > We didn't chase the fad of using every Intel cpu feature.
>
> This goes into the achive! Thank you for the slice of sanity in an
> insane word.
>
> /jl
>
>


-- 
andrew fabbro
and...@fabbro.org

Re: Unpriviliged wkhtmltopdf binary invocation fails with core dump

[Andrew]

On 04/23/18 15:50, Bogdan Kulbida wrote:

Hi Everyone,

I'm trying to use wkhtmltopdf to generate PDF from my HTML files. I
was googling like crazy but did no find any valuable information so
far.
When I run (as root)

# /usr/local/bin/wkhtmltopdf http://google.com /tmp/out.pdf

It does generate pdf just fine. But when I run the same command as
unprivileged user I got
Trace/BPT trap (core dumped) ] 10%


Bogdan, 


See if this helps. As an unprivileged user, try the -n switch to disable
javascript -- e.g. wkhtmltopdf -n [args]. 


-A

PS: A related package is htmldoc -- but I haven't tried it out yet.

notes from before and after a BIOS upgrade

[Andrew]

First, and as always, I want to express my appreciation to Theo and to 
all the past and present devs. The world is not full of bunny rabbits 
and wildflowers ...


---

I have a refurb Lenovo T420 off ebay with a very old BIOS from 2011.
Nice refurb, eh ?? Here are some before and after notes based on the
previous "meltdown" thread. Thanks also to Chris for sharing that github
link. I present this for the benefit of others. Good luck out there ;-)

---

$> uname -vprs
OpenBSD 6.3 GENERIC.MP#48 amd64

$> dmesg | grep -i bios0 | sort -u
acpi0 at bios0: rev 2
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (67 entries)
bios0: LENOVO 41786UU
bios0: vendor LENOVO version "83ET63WW (1.33 )" date 07/29/2011

$> doas ./meltdown -v
CPU has RDTSCP
CPU has no TSX support!
Access time: memory 300, cache 107 -> threshold 203
Using addr 0x81864f90 for symbol '_version'.
?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0010?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0020?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0030?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0040?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0050?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0060?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0070?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??   
0080?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
matched 0% (0 of 138 bytes)
System is not vulnerable to meltdown
53 70 65 63 69 61 6c 20 45 78 65 63 75 74 69 76   Special Executiv
001065 20 66 6f 72 20 43 6f 75 6e 74 65 72 69 6e 74   e for Counterint
002065 6c 6c 69 67 65 6e 63 65 2c 20 54 65 72 72 6f   elligence, Terro
003072 69 73 6d 2c 20 52 65 76 65 6e 67 65 20 61 6e   rism, Revenge an
004064 20 45 78 74 6f 72 74 69 6f 6e 2e   d Extortion.
matched 100% (76 of 76 bytes)
System is vulnerable to spectre

$> cpuid 0x0  
eax = 0x000d13""

ebx = 0x756e65471970169159"Genu"
ecx = 0x6c65746e1818588270"ntel"
edx = 0x49656e691231384169"ineI"

$> cpuid 0x7
eax = 0x 0""
ebx = 0x 0""
ecx = 0x 0""
edx = 0x 0""

$> dmesg | grep -i ^cpu[0-3] | sort -u
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 
1400, 1200, 1000, 800 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.23 MHz
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.31 MHz
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu0: smt 0, core 0, package 0
cpu1 at mainbus0: apid 1 (application processor)
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.90 MHz
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.90 MHz
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.90 MHz
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu3: smt 1, core 1, package 0


# NEW 

signify [file ... ]

[Andrew]

Hi Ted !!!

Today I downloaded a fresh SHA256.sig and bsd.rd and successfully
verified them both with signify(1). 


--

signify -C [-q] -p pubkey -x sigfile [file ...]

Just wondering if signify(1) is intended to exit 0 ONLY if the [file
...] is within the shell's pwd ?? By chance, I noticed that 
/path/to/file will fail on the same bsd.rd controlling for the working 
directory. 


You can see the same results by (for example):

a) mkdir /home/bench/snaps
b) cd /home/bench/snaps
c) /home/bench/snaps $> (download SHA256.sig and bsd.rd)
d) /home/bench/snaps $> signify -Cp /etc/signify/openbsd-63-base.pub 
			-x SHA256.sig bsd.rd

Signature Verified
bsd.rd: OK

e) /home/bench/snaps $> mv SHA256.sig ..

f) /home/bench/snaps $> signify -Cp /etc/signify/openbsd-63-base.pub 
			-x ../SHA256.sig bsd.rd

Signature Verified
bsd.rd: OK

g) cd ..

h) /home/bench $> signify -Cp /etc/signify/openbsd-63-base.pub 
			-x SHA256.sig snaps/bsd.rd

Signature Verified
snaps/bsd.rd: FAIL

---

I just wanted to bring this to your attention. 


Big thanks to you and to Marc for such a great utilty !!! Thanks also to
Ingo for a man page full of really useful examples, especially the one
about "verifing a gzip pipeline." That example really shows off your
great work within the context of what makes un*x so amazing.

Have a great weekend !!!

-A

Re: Black screen when starting Xorg with new laptop.

[Andrew]

On 02/22/18 09:27, George Ramirez wrote:

with intel 620 UHD graphics. At first, the console shows with underscan,
then the resolution changes to the native one, and finally it goes black. 


It's a frustrating problem because there are no errors and it seemingly
doesn't work. I bet X is actually running properly but xbacklight
somehow ended up = 0. Tap the "brightness" key on your keyboard a couple
times and see if it illuminates the display properly. On my ThinkPad
it's [Fn]+[Home]. Also check out man xbacklight(1). Good luck !!!

OpenBGPD dropping neighbor on VPNv4 NLRI withdraw

[Andrew Thrift]

Hi,

I am testing OpenBGPD as a route-reflector, with a view to replacing
our existing route reflectors.  I have a test environment where I have
multiple vendors equipment peered with OpenBGPD to ensure it can
handle our use-cases.

I noticed that our Cisco IOS-XE devices have unstable BGP sessions and
are dropping with the OpenBGPD log message:

"sending notification: error in UPDATE message, optional attribute error"

Upon further inspection, when the Cisco router issues an NLRI update
and withdraw's a VPNv4 prefix OpenBGPD drops the session.

I found a report of a similar issue, but with a Juniper MX router from
Hendrik Meyburgh back in 2012, where the problem was with the
vrf-table-label command on JunOS.   I checked our configuration and
IOS-XE is configured with:
"mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf" which assigns a
single label per VRF table, rather than a label per prefix.   I
suspect that this is causing the NLRI updates to be formatted in a way
that OpenBGPD does not like.

I took a packet capture of the UPDATE causing the session to be
terminated, there are two instances of it being dropped in the pcap
available at https://mergesync.btg.co.nz/index.php/s/rvc8mc9RCpTR1Lg

Is there anything we can do to stop OpenBGPD from dropping the
session?   Running per-VRF label's is default on all Juniper
platforms, and is common on Cisco as well.


Regards,



Andrew

Re: Unexpected security(8) output

[Andrew Hewus Fresh]

On Fri, Jan 26, 2018 at 10:43:47AM -0700, Clint Pachl wrote:
> I received the following output from security(8):
> 
> Running security(8):
> Can't 
> opendir(/home/pachl/.cache/mozilla/seamonkey/e8cxa4g0.default/safebrowsing-backup):
>  No such file or directory at /usr/libexec/security line 594.

That likely comes from the File::Find inside of find_special_files where
security(8) looks for changed setuid files and devices.  Most likely
that cache directory was cleaned up between reading the directory
listing of the parent and actually trying to recurse into that
directory.

You could add your home directory to the SUIDSKIP environment variable
in /etc/daily.local to avoid searching there if this message keeps
annoying you and you don't care about devices and suid changes there.

http://man.openbsd.org/security#SUIDSKIP

l8rZ,
-- 
andrew - http://afresh1.com

Instructions are just another man's opinion of how to do something. 
  -- Weldboy #DPWisdom

Re: OpenBGPD not parsing cluster-id

[Andrew Thrift]

Thanks Tom and Tony,

That is the solution.  It is so obvious now :D




On Fri, Jan 26, 2018 at 7:10 PM, Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> Hi Andrew
>
> Try replacing
>
> route-reflector
> cluster-id 202.49.106.0
>
> With
> route-reflector 202.49.106.0
>
>
> On 26 Jan 2018 3:56 AM, "Andrew Thrift" <and...@networklabs.co.nz> wrote:
>
> Hi,
>
> I am using OpenBGPD and trying to specify a cluster-id in a route
> reflector setup.
>
>
> Configuration is:
>
> neighbor 43.231.192.241 {
> remote-as 132255
> passive
> route-reflector
> cluster-id 202.49.106.0
> announce all
> descr "ibgp1"
> }
>
> On startup bgpd spits a syntax error on the cluster-id line.  I have
> also tried "clusterid" with no success.
>
> On reading through parse.c it does not have cluster-id or clusterid
> specified as keywords.
>
> Is cluster-id supported by OpenBGPD or am I configuring it incorrectly ?
>
>
> Regards,
>
>
>
> Andrew
>
>

OpenBGPD not parsing cluster-id

[Andrew Thrift]

Hi,

I am using OpenBGPD and trying to specify a cluster-id in a route
reflector setup.


Configuration is:

neighbor 43.231.192.241 {
remote-as 132255
passive
route-reflector
cluster-id 202.49.106.0
announce all
descr "ibgp1"
}

On startup bgpd spits a syntax error on the cluster-id line.  I have
also tried "clusterid" with no success.

On reading through parse.c it does not have cluster-id or clusterid
specified as keywords.

Is cluster-id supported by OpenBGPD or am I configuring it incorrectly ?


Regards,



Andrew

cpu_ucode

[Andrew]

I want to take a moment to thank Theo -- for, uhhh, being Theo ;-) I've
seen some good projects fail from a lack of strong leadership. In
contrast, OpenBSD pushes forward because of his good judgement, combined
with the hard work of all the past and present devs. Even a regular
fella like me has some greater peace of mind by benefiting from all the
great work you have done.

I bring this up in light of recent news regarding the terrible judgement
 others have made in their design choices ... for example CPUs. I
read somewhere that Intel is recommending an operating system fix for
one of their bad decisions. So the Mighty Devs of OpenBSD get to clean
up after them ...

Much thanks -- and respect -- to all of you !!!

--- 


... and in related news, I recently bumped a Lenovo T420 up to -current.
Here are some excerpts from /var/run/dmesg.boot after a few sequential
reboots. Note that each excerpt is subtly different.

OpenBSD 6.2-current (GENERIC.MP) #337: Tue Jan 9 03:24:09 MST 2018
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.27 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 
1400, 1200, 1000, 800 MHz

OpenBSD 6.2-current (RAMDISK_CD) #344: Fri Jan 12 14:00:42 MST 2018
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.24 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
acpicpu at acpi0 not configured

OpenBSD 6.2-current (GENERIC.MP) #351: Fri Jan 12 13:56:18 MST 2018
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz
cpu1: 

Re: Writing "ones" instead of "zeroes" when wiping disk

[Andrew]

On 01/11/18 14:45, Andreas Thulin wrote:

Hi!

Again, an ignorant question (as usual):

How might I do something similar to

# dd if=/dev/one of=/dev/sd0 bs=1M

as a complement to the usual and well-described

# dd if=/dev/zero of=/dev/sd0 bs=1M

followed by


Personally, given your premise of "paran0id disk-wiping", then I would
take the next step of checking if a non-random sequence of "0"s are
still on the device. Are you ready for that rabbit h0le ?? hehehe ;-)


# dd if=/dev/urandom of=/dev/sd0 bs=1M

in order to achieve paranoid disk-wiping?

BR
Andreas

Re: OpenBSD and virtual machines

[Andrew]

Virtual machines are pretty much necessary, because no matter what
distribution of what OS you run, there are always those one or two apps
you can't get from the package manager and can't compile, so you need
to use a VM. The first six months I used Void Linux I ran LyX on a
Ubuntu VM to compile my books.


LyX is in packages. No need for a penguin, a vm, or both unless you want
a penguin, a vm or both. But why would you want a penguin, a vm or both
when all you have to do is:

pkg_add lyx

;-)

Re: Community-driven OpenBSD tutorials wiki?

[andrew fabbro]

On Thu, Jan 4, 2018 at 3:21 PM, Chris Bennett <
webmas...@bennettconstruction.us> wrote:

> But before you get your hopes up, go check out the various worldwide
> community groups websites with similar attempts.
>
> Mexico, Russia, etc.
> You will find the same thing. Instructions for something to do with 5.7,
> all
> of which is no longer applicable do to the constant change in OpenBSD.
>

We should wait until OpenBSD is completely done before tutorials are
written :-)  Kidding...

The OpenBSD community has historically taken a different approach than That
Other Open Source OS Family, frowning on tutorials, wikis, blog howtos,
etc. in favor of saying "read the man pages, read the FAQ, read the source
code".  I suspect some of this comes from the incredible craftsmanship put
into those resources.  OpenBSD man pages are the best in the world, and I'd
defend them even against commercial Unixes.  They're the Sistine Chapel
ceiling of man pages.

So then to turn around and see howtos written by non-devs...it's kind of
like a chess book by a GM versus one by a 1100 player.  No one objects to
Michael Lucas's book because he's a fine writer.

Writing articles is not too difficult. Updating them, just doesn't happen.
> Seriously, will I really want to spend the time updating an article about
> something I now thoroughly understand and which has changed? Or would I
> really just prefer to watch the latest movie that looks good? It's just
> human
> nature.
>

The situation is rather different for OpenBSD vs. other FOSS.  Plenty of
people are still running Debian 7 or CentOS 5.  Those tutorials have
enduring value.  Relatively few people run OpenBSD from three or four
versions back (or at least, they shouldn't).  Debian 7 or Scientific Linux
6 or whatever is a branch with ongoing support and intended to be a lasting
product, whereas OpenBSD is always a moving target.  There are no "OpenBSD
LTS" versions.

So while I might legitimately consume a 5-year-old Linux tutorial and find
it's still very applicable if you're still on Debian 7, deploying, reading
and trying to use a 5-year-old OpenBSD tutorial would not be helpful.

Trying to form a community project outside just doesn't seem to work, sadly.
>
> But if you've got the desire to do something, then have at it. Just don't
> do
> a ton of hard work only to be disappointed.
>

I do think there's a gap between man pages/source code and practical
instructions on how to fix a problem or deploy a solution.  But the problem
you highlight is very real - things get out of date very fast.

Ultimately, this is like the thread recently on using something other than
CVS.  The onus is on the proposer to demonstrate value.

-- 
andrew fabbro
and...@fabbro.org

Re: spontaneous reboot during upgrade using bsd.rd on VIA C3.

[Andrew Daugherity]

I recently installed a 6.2-beta snapshot from mid-September on a VIA
Epia M, and then upgraded to 6.2-RELEASE without any issue during the
installation.  There is a dmesg of this system included in [1]; it
looks like you may have the same motherboard, or at least the BIOS
identifies itself the same?

However my BIOS is slightly newer (I think the last update VIA
released was in 2009, despite the 2004 BIOS date!), so you may try
updating yours; also, I have a C3 Ezra vs. your Nehemiah (this might
be the important part).

Yours:
cpu0: VIA Nehemiah ("CentaurHauls" 686-class) 1.01 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE
bios0 at mainbus0: date 03/11/04, BIOS32 rev. 0 @ 0xface0, SMBIOS rev.
2.2 @ 0xf0800 (26 entries)
bios0: vendor Award Software International, Inc. version "6.00 PG"
date 03/11/2004
bios0: VIA Technologies, Inc. VT8623-8235

Mine:
cpu0: VIA C3 Ezra ("CentaurHauls" 686-class) 1 GHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX,3DNOW
bios0 at mainbus0: date 05/19/04, BIOS32 rev. 0 @ 0xfb210, SMBIOS rev.
2.2 @ 0xf0800 (26 entries)
bios0: vendor Award Software International, Inc. version "6.00 PG"
date 05/19/2004
bios0: VIA Technologies, Inc. VT8623-8235

If you build ramdisks to bisect the problem, adding "option DDB" to
the kernel config (it's in GENERIC, but not RAMDISK{,_CD}) would
probably be useful, so you can get a backtrace instead of an immediate
halt/reboot.


While installation went fine, there are a few outstanding issues with
my system, in decreasing order of importance:
* X immediately crashes on startup (this likely affects all CLE266
users... all 10 of them?).  I submitted a fix at [1] but am still
waiting for someone to look at it.
* It reboots rather than powering off.
* Suspend and hibernate do not work.
* Reported temperatures via hw.sensors are about 10-15C lower than reality.

I'll submit a proper bug report for the reboot & suspend stuff once I
do more testing (e.g. acpi disabled, BIOS settings for S1 vs. S3
suspend, etc.).


-Andrew

[1] https://marc.info/?l=openbsd-tech=150719094005071=2

On Tue, Oct 17, 2017 at 1:56 PM, Mike Larkin <mlar...@azathoth.net> wrote:
> On Tue, Oct 17, 2017 at 06:24:42PM +0200, Remco wrote:
>> I am not able to upgrade using bsd.rd on my VIA C3 system.
>>
>> Booting the i386 6.2 bsd.rd progresses to the "npx0 ..." line.
>> After a short moment the system reboots and that's the end of the story.
>>
>> I did check the bsd.rd using signify and it checked out all right:
>> $ signify -C -p /etc/signify/openbsd-62-base.pub -x SHA256.sig bsd.rd
>> Signature Verified
>> bsd.rd: OK
>>
>>
>> I also have a USB stick with OpenBSD for i386 on it.
>> I upgraded that to 6.2 on another machine and tried to boot it on my VIA
>> system ...  this works ! (both for bsd and bsd.sp)
>>
>> I'm not sure what to look at and what's so different between the ramdisk
>> kernel and an ordinary kernel, so if this is of interest hopefully someone
>> can give me a pointer.
>>
>>
>> Here are the dmesg.boot for 6.1, and a diff against one of a GENERIC 6.2
>> kernel:
>>
>
> It is unlikely any developer has a 13+ year old VIA C3 to test this on.
>
> My advice would be to find when bsd.rd stopped working, and then help us by
> bisecting commits. The man pages explain how to build bsd.rd images.
>
> Once you find the commit that broke things (or a reasonably small timeframe 
> that
> covers the problem commit), let us know and perhaps we can see what went 
> wrong.
>
> -ml
>
>>
>> OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
>> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
>> cpu0: VIA Nehemiah ("CentaurHauls" 686-class) 1.01 GHz
>> cpu0: FPU,V86,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE
>> real mem  = 251088896 (239MB)
>> avail mem = 233578496 (222MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: date 03/11/04, BIOS32 rev. 0 @ 0xface0, SMBIOS rev. 2.2 @
>> 0xf0800 (26 entries)
>> bios0: vendor Award Software International, Inc. version "6.00 PG" date
>> 03/11/2004
>> bios0: VIA Technologies, Inc. VT8623-8235
>> acpi0 at bios0: rev 0
>> acpi0: sleep states S0 S1 S4 S5
>> acpi0: tables DSDT FACP
>> acpi0: wakeup devices PCI0(S5) USB0(S5) USB1(S5) USB2(S5) USB3(S3) USB4(S3)
>> USB5(S3) USB6(S3) LAN0(S5) AC97(S5) UAR1(S5)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus 1 (AGPB)
>> acpicpu0 at acpi0: !C3(@900 io@0x415), !C2(@90 io@0x414), C1(@1 halt!)
>> acpibtn0 at acpi0: PWRB
>> "PNP0501" at 

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

[Andrew Daugherity]

On Thu, Oct 12, 2017 at 6:42 PM, Mike Larkin <mlar...@azathoth.net> wrote:
>> oh. I didn't know that is how it was finding things.
>>
>
> When booting it this way in qemu, qemu just reports the ID as "".
>
> So are you sure this is the way it is supposed to work?

Yes... with some caveats.

The Linux device manager (udev, I think?  They've gone through
several.) creates symlinks under /dev/disk/by-{id,label,path,uuid}/,
so that you can use more permanent names in case the disk order (sda,
sdb, etc.) changes; there are also library calls to open a
device/partition by ID, UUID, etc., (via libblkid I believe, which
lets you use things like LABEL=foo or UUID=abcd... as the block device
passed to mount(8) or listed in fstab).  The SUSE installer is
"helpfully" attempting to use these IDs; e.g. with a SATA disk under
VirtualBox, it uses a repo URL of
'hd:///?device=/dev/disk/by-id/ata-VBOX_HARDDISK_VB40007e3d-cdaea0a1-part2'.

However, you are correct that qemu virtio disks do not report IDs (or
report blank ones) -- at least by default (apparently with recent
qemu, there is an option to set a drive's serial number, but it
doesn't seem to be commonly used).  I did a test installation of
openSUSE under Proxmox VE (qemu/KVM) using virtio disks, and the only
thing under /dev/disk/by-id is the emaulated IDE CD-ROM. -- nothing
for /dev/vda or vdb.  Notably, the installer configured its repo as
'hd:///?device=/dev/vda2' without me having to tell it that, as I had
to under vmm.

By comparison, the opensuse VM I installed under OpenBSD vmm *does*
show some 'by-id' devices:
/dev/disk/by-id:
total 0
lrwxrwxrwx 1 root root  9 Oct 13 13:21 virtio-__LI_U_ -> ../../vdb
lrwxrwxrwx 1 root root 10 Oct 13 13:21 virtio-__LI_U_-part1 ->
../../vdb1
lrwxrwxrwx 1 root root 10 Oct 13 13:21 virtio-__LI_U_-part2 ->
../../vdb2
(Currently /dev/vda is the VM's hard disk and vdb is the ISO...
strange that there are only links for vdb, but not vda.  Of course
accessing via these symlinks works, since they point at the real
device, but doing whatever library call to open
'virtio-__LI_U_-part2' would most likely fail, and obviously
the correct symlinks did not exist during installation.)

My best guess is that when udev gets a blank ID, it skips the by-id
stuff, and thus the installer uses the real disk device, but since vmm
doesn't implement that call, instead of marking the disk as not having
an ID, invalid disk IDs somehow get used.


-Andrew

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

[Andrew Daugherity]

On Tue, Oct 3, 2017 at 3:49 AM, Jiri B <ji...@devio.us> wrote:
>> > I was able to boot opensuse from that dvd, although later on I got an
>> > error in the installer :/
>>
>> This was because the installer couldn't locate the "dvd", correct?
>
> Unable to create repository
> from URL 'hd:/?device=/dev/disk/by-id/virtio-_U_2_-part2'.
>
>
> It would be nice to have IDE cdrom emulation.

Sure, but that isn't actually needed to install openSUSE, and wasn't
the problem here.  The SUSE ISO images have a fake MBR added with
isohybrid, so that you can dd them to a USB key and boot that
unmodified.  This is in fact why you got as far as you did, as the ISO
"disk" looks like a disk with MBR partitions, which seabios happily
boots.  The reason the installation failed later is because it's
attempting to use the disk ID to locate the installation repo, but
that is unimplemented in vmm, as Mike Larkin has explained.  If you
manually set the installation source to the real disk device, it
works.

After a bit of trial and error, I successfully installed openSUSE Leap
42.3 under vmm with a VM configuration similar to yours.  At the
isolinux boot prompt, I entered:
linux console=ttyS0,115200n8 install=hd:/?device=vda

The install parameter is specific to SUSE and is documented at [1].
With the disk order you have, Linux sees /dev/vda as the ISO and
/dev/vdb as the target disk.  After installation finishes, you of
course have to switch the disk order to boot from the virtual hard
drive; fortunately grub2 still finds the disk.  I may be missing
something, but it appears there's currently no way to have vmm tell
seabios to boot the second (or third, etc.) disk rather than the
first?

At some points the installation appeared to hang, but it always
recovers after a bit and you can proceed. Sometimes the display gets
screwed up, but a Ctrl+L always clears it up (pretty sure that one is
a bug in the YaST ncurses interface rather than vmm, as I've also seen
it installing openSUSE in text mode under Xen).

This was my first time trying out vmm and it was very straightforward,
once I figured out what were dumb mistakes on my part.  vmm is already
very capable and it is steadily improving!


-Andrew

[1] 
https://doc.opensuse.org/documentation/leap/startup/single-html/book.opensuse.startup/index.html#id2504

Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode

[Andrew Daugherity]

On Wed, Oct 11, 2017 at 11:01 AM, Stuart Henderson  wrote:
> What is not good is when you do have a RAID array, the controller is
> in RAID mode, but OpenBSD doesn't understand the metadata, so it corrupts
> data on the disk.
>
> This is a difficult area. We don't want to corrupt data, but then some
> BIOS don't allow this option to be changed at all, and on others BIOS
> only offer a choice between IDE and (unsupported) RAID, even though
> it's an AHCI controller.

Would a config flag for ahci(4) that when enabled, forces it to attach
to the Intel RAID PCI IDs, work here, or would that have to be handled
at a lower level?

If so, users who have a broken BIOS or are willing to accept the risk
of destroying their RAID metadata could enable the flag with UKC, but
the defaults would remain safe.

regarding the default path for pkg_add in -current

[andrew]

Hello Folks !!

Regarding GENERIC.MP #115

I have a feeling you are about to roll into 6.2, however I just want 
to bring the following to your attention in case it matters.


I just did a clean install of -current using the bsd.rd dated 
2017-09-27. Within the install sequence of questions, the default 
download path has been hardcoded to ../6.2/... as opposed to 
../snapshots/..


I manually changed it to ../snapshots/ and it installed as expected. 

Also, after login, pkg_add is very determined to use to the same 
../6.2/.. directory path. For the benefit of others who might find 
themselves in the same spot, the workaround is to use the full path 
while using pkg_add. In my case, it is:


$ doas pkg_add \ 
https://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/pkgname


---

It looks like another great release is around the corner and as 
always I want to take the opportunity to thank Theo for his 
dedicated leadership and to all the past and present devs who make 
OpenBSD so special. Cheers !!!

Re: 6.1 fails to boot on a 486

[Andrew Daugherity]

On Fri, Sep 1, 2017 at 1:57 AM, Mike Larkin <mlar...@azathoth.net> wrote:

> On Fri, Sep 01, 2017 at 01:04:40AM -0500, Andrew Daugherity wrote:
> > 
> > boot> hd0a:/bsd.61
> > cannot open hd0a:/etc/random.seed: No such file or directory
> > booting hd0a:/bsd.61: 7678420+2057220+174556+0+1097728
> > [72+501520+501951]=0xb761b4
> > entry point at 0x2000d4
> >
> > [ using 1003956 bytes of bsd ELF symbol table ]
> > Copyright (c) 1982, 1986, 1989, 1991, 1993
> > The Regents of the University of California.  All rights
> reserved.
> > Copyright (c) 1995-2017 OpenBSD. All rights reserved.
> https://www.OpenBSD.org
> >
> > OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
> > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> > kernel: privileged instruction fault trap, code=0
> > Stopped at  cpuid+0x12: cpuid
> > ddb> trace
> > cpuid(8000,d0d78ef0,d0d78ed8,0,7d) at cpuid+0x12
> > identifycpu(d0c7d8a0,d09fbb83,10,0,) at identifycpu+0x80d
> > cpu_startup(d09cefed,d09d1680,16c,8,0) at cpu_startup+0xb9
> > main(d02004c6,d02004ce,0,0,0) at main+0x6a
> > ddb> ps
> >PID TID   PPIDUID  S   FLAGS  WAIT  COMMAND
> > ddb>
> > 
> >
> > Looks like it's trying to run the CPUID instruction, which this
> > processor probably doesn't support.  Maybe this was an accidental
> > breakage, rather than intentionally dropping 486es?  Time to examine
> > the CVS logs, I guess.  (A -current snapshot also fails in the same
> > manner, so something happened between 6.0 & 6.1.)
> >
>
> Looks like I broke this about a year ago:
>
> 1.592(mlarkin  14-Oct-16):
> 1.592(mlarkin  14-Oct-16):  cpuid(0x8000, regs);
> 1.592(mlarkin  14-Oct-16):  if (regs[0] >= 0x8006)
> 1.592(mlarkin  14-Oct-16):  cpuid(0x8006,
> ci->ci_extcacheinfo);
>
> I did test this on 486, but apparently qemu's emulated 486 isn't really a
> proper 486. I'll see what I can do to solve it for you.
>
> Thanks for reporting it.
>
> -ml
>

I was looking at that commit last night, and thinking it might be the one
at issue here.  My next step was going to be adding a '&& class ==
CPUCLASS_686' to that block [if (vendor == CPUVENDOR_INTEL)] to match the
AMD block above it -- not sure if 686 is the correct restriction there, or
586, or something else like 'cpuid_level >= N' -- but any of those would
probably resolve my issue.

qemu isn't necessarily wrong if it was emulating a later 486 like the DX4
-- apparently those (and the Am5x86, and maybe even the DX2?) did support
CPUID, just not the older 486DX/SX.

And yes, I know 16MB RAM will be an issue.  I just built a stripped-down
4.1 kernel (on a faster box, of course) which gained me about 6MB
additional RAM and the ability to actually start X plus a couple xterms (on
GENERIC it was still swapping madly an hour after startx and took about 45
seconds to recover after Ctrl+Alt+Backspace).  I doubt that will be
possible on 6.1, even with a small kernel -- besides, I'd have to build
XF86_AGX myself if I wanted anything better than VGA.  It's only for
nostalgia reasons and the somewhat unique hardware (and its small size,
meaning it's easily packed into a box o'stuff) that I've hung onto it
anyway.

Thanks for the forthcoming fix!


-Andrew

6.1 fails to boot on a 486

[Andrew Daugherity]

I recently dug out of the closet my old IBM PS/2E, which had served as
my firewall box from 2000ish-06, and was in fact the very first
machine I ever installed OpenBSD on, to see if it still worked
properly.  It did (after changing the CMOS battery), but booted into
OpenBSD 4.1... yeah, just a *bit* out of date there.  The machine may
not be of great use nowadays (I'd retired it when it couldn't keep up
with my internet connection), but even as a retro-computing
playground, running a 10-year-old/20-releases-ago version of OpenBSD
is of no benefit.  Let's rectify that!


>> OpenBSD/i386 BOOT 3.31
boot> hd0a:/bsd61.rd
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/bsd61.rd: 3208120+1332224+3342348+0+446464
[72+288736+277711]=0x87e694
entry point at 0x2000d4

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1 (RAMDISK_CD) #289: Sat Apr  1 13:58:25 MDT 2017
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
fatal privileged instruction fault (0) in supervisor mode
trap type 0 code 0 eip d03b1f7c cs d09f0008 eflags 10046 cr2 0 cpl 0
panic: trap type 0, code=0, pc=d03b1f7c

The operating system has halted.
Please press any key to reboot.


Well, that's not good -- I didn't expect 6.1 to run particularly well
on this, but I figured it would at least boot... how about 6.0?



booting hd0a:/bsd60.rd: 3211188+1318224+2061312+0+442368
[72+298576+282894]=0x744144
entry point at 0x2000d4

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2016 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 6.0 (RAMDISK_CD) #1864: Tue Jul 26 12:57:09 MDT 2016
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel 486DX (486-class)
real mem  = 16183296 (15MB)
avail mem = 8122368 (7MB)
mainbus0 at root
bios0 at mainbus0: date 03/31/93
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x2000
cpu0 at mainbus0: (uniprocessor)
isa0 at mainbus0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
com0 at isa0 port 0x3f8/8 irq 4: ns16450, no fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
vga0 at isa0 port 0x3b0/48 iomem 0xa/131072
wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation), using wskbd0
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors
wd0(wdc0:0:0): using BIOS timings
npx0 at isa0 port 0xf0/16 irq 13
pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384
pcic0 controller 0:  has sockets A and B
pcic0 controller 1:  has sockets A and B
pcmcia0 at pcic0 controller 0 socket 0
pcmcia1 at pcic0 controller 0 socket 1
pcmcia2 at pcic0 controller 1 socket 0
ep1 at pcmcia2 function 0 "3Com, 3C574-TX Fast EtherLink PC Card, A"
port 0x340/32, irq 3: address 00:10:4b:5f:20:c0
tqphy0 at ep1 phy 0: 78Q2120 10/100 PHY, rev. 3
pcmcia3 at pcic0 controller 1 socket 1
ep2 at pcmcia3 function 0 "3Com, 3C574-TX Fast EtherLink PC Card, A"
port 0x300/32, irq 9: address 00:60:08:93:80:48
tqphy1 at ep2 phy 0: 78Q2120 10/100 PHY, rev. 3
pcic0: irq 5, polling enabled
softraid0 at root
scsibus0 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T

Welcome to the OpenBSD/i386 6.0 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?


Seems fairly normal.  Did I miss something about 6.1 dropping 486
support?  [/me checks i386.html... still says 486 or better!]

Turns out that GENERIC can give us a little more useful information
than RAMDISK_CD, as it drops into ddb:



boot> hd0a:/bsd.61
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/bsd.61: 7678420+2057220+174556+0+1097728
[72+501520+501951]=0xb761b4
entry point at 0x2000d4

[ using 1003956 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
kernel: privileged instruction fault trap, code=0
Stopped at  cpuid+0x12: cpuid
ddb> trace
cpuid(8000,d0d78ef0,d0d78ed8,0,7d) at cpuid+0x12
identifycpu(d0c7d8a0,d09fbb83,10,0,) at identifycpu+0x80d
cpu_startup(d09cefed,d09d1680,16c,8,0) at cpu_startup+0xb9
main(d02004c6,d02004ce,0,0,0) at main+0x6a
ddb> ps
   PID TID   PPIDUID  S   FLAGS  WAIT  COMMAND
ddb>


Looks like it's trying to run the CPUID instruction, which this
processor 

Lenovo T440s

[andrew]

First of all, big thanks to Theo for his strong leadership and to all 
the past and present devs !!! Have a great week ahead !!!



---

Just a little FWIW from a Lenovo T440s ...

---

dmesg | sort | uniq -c

  1 3834:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt
 30 error: [drm:pid31067:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
124 error: [drm:pid45200:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
474 error: [drm:pid53834:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
 48 error: [drm:pid76233:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
  9 error: [drm:pid77807:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
 26 error: [drm:pid85895:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt

---

cat /var/run/dmesg.boot

OpenBSD 6.1-current (GENERIC.MP) #26: Mon Jul 31 08:42:35 MDT 2017
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8246050816 (7864MB)
avail mem = 7989780480 (7619MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET77WW (2.27 )" date 05/20/2014
bios0: LENOVO 20ARS0LF02
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT PCCT SSDT TCPA UEFI MSDM ASF! BATB FPDT UEFI SSDT
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.68 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2494682120 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: NVP3, resource for PEG_
acpipwrres2 at acpi0: NVP2, resource for PEG_
acpitz0 at acpi0: critical temperature is 

Re: Getting Dell RAID status via SNMP

[Andrew Daugherity]

On Mon, Jul 24, 2017 at 12:10 AM, FUKAUMI Naoki <fuka...@soum.co.jp> wrote:

> Hi,
>
> From: Jibby Jeremiah <jibby.jerem...@gmail.com>
> Subject: Re: Getting Dell RAID status via SNMP
> Date: Wed, 19 Jul 2017 15:03:21 -0400
>
> > Darn.  Well if you need more testers let me know.
>
> It seems your RAID card doesn't have cache,
>
> > mfii0 at pci3 dev 0 function 0 "Symbios Logic MegaRAID SAS3008" rev 0x02:
> > msi
> > mfii0: "PERC H330 Adapter", firmware 25.5.0.0019
>
> then, I guess the "issue" will not happen.
>
> Here is new/WIP patch to support bio(4) for mfii(4). it doesn't fix the
> "issue" yet, but it includes hot swap support from my patch for mfi(4)
>  http://marc.info/?l=openbsd-tech=149872410222552=2
>
> Could you try attached patch?
>

Hi,

Thanks for the patch, but it fails to build (also, I had to use 'patch -l'
to get it to apply at all, due to ^M line endings, etc.):

/usr/src/sys/dev/pci/mfii.c: In function 'mfii_makegood':
/usr/src/sys/dev/pci/mfii.c:3068: error: 'MR_DCMD_CFG_FOREIGN_SCAN'
undeclared (first use in this function)
/usr/src/sys/dev/pci/mfii.c:3068: error: (Each undeclared identifier is
reported only once
/usr/src/sys/dev/pci/mfii.c:3068: error: for each function it appears in.)
/usr/src/sys/dev/pci/mfii.c:3073: error: 'MR_DCMD_CFG_FOREIGN_CLEAR'
undeclared (first use in this function)
/usr/src/sys/dev/pci/mfii.c: In function 'mfii_makespare':
/usr/src/sys/dev/pci/mfii.c:3125: error: 'MR_DCMD_CFG_MAKE_SPARE'
undeclared (first use in this function)
*** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:947
'mfii.o')


I got around that by copying those definitions from the FreeBSD mfi driver
(patch is also attached, in case gmail decides to munge inline tabs):

Add MR_DCMD_CFG definitions for *_SPARE and FOREIGN_* (taken from
FreeBSD sys/dev/mfi/mfireg.h).
--- sys/dev/ic/mfireg.h.bak Fri Jul 28 12:43:41 2017
+++ sys/dev/ic/mfireg.h Fri Jul 28 12:47:19 2017
@@ -139,6 +139,13 @@
 #define MR_DCMD_CONF_GET 0x0401
 #define MR_DCMD_CFG_ADD 0x0402
 #define MR_DCMD_CFG_CLEAR 0x0403
+#define MR_DCMD_CFG_MAKE_SPARE 0x0404
+#define MR_DCMD_CFG_REMOVE_SPARE 0x0405
+#define MR_DCMD_CFG_FOREIGN_SCAN 0x04060100
+#define MR_DCMD_CFG_FOREIGN_DISPLAY 0x04060200
+#define MR_DCMD_CFG_FOREIGN_PREVIEW 0x04060300
+#define MR_DCMD_CFG_FOREIGN_IMPORT 0x04060400
+#define MR_DCMD_CFG_FOREIGN_CLEAR 0x04060500
 #define MR_DCMD_BBU_GET_STATUS 0x0501
 #define MR_DCMD_BBU_GET_CAPACITY_INFO 0x0502
 #define MR_DCMD_BBU_GET_DESIGN_INFO 0x0503

I'll leave it to the experts to determine whether the numbers for
MR_DCMD_CFG_MAKE_SPARE, etc. are in fact correct.

I have the same PERC H330 HBA, and temporarily have a rather unique disk
configuration in this server -- it has two disks, initially set up as
RAID-1.  For testing UEFI support, I broke the mirror, and configured the
second disk as a passthrough disk, so as to have one disk with MBR and one
with GPT.  (Unfortunately, OpenBSD still doesn't boot in EFI mode on this
server, only BIOS mode [1].  FreeBSD and Linux do work fine with EFI.)
 Right now it shows a degraded RAID-1 volume plus the passthrough disk.
Obviously I plan to make a normal healthy RAID-1 before going live with it.

After building a new kernel with the patch, I now have a new 'mfii0' entry
in hw.sensors:

hw.sensors.cpu0.temp0=26.00 degC
hw.sensors.mfii0.drive0=degraded (sd0), WARNING
hw.sensors.pchtemp0.temp0=26.50 degC
hw.sensors.sdtemp0.temp0=25.62 degC
hw.sensors.sdtemp1.temp0=26.25 degC

(sdtemp was already working previously)

Also bioctl works too, at least for reading status (haven't tried modifying
the array):
=== bioctl sd0 output 
BEFORE
sd0: <DELL, PERC H330 Adp, 4.27>, serial 007bbdf6cecf3d461e5c56708741

AFTER (bioctl -v)
Volume  Status   Size Device
mfii0 0 Degraded 499558383616 sd0 RAID1 WT
  0 Failed  0 0:0.0   noencl <>
 'unknown serial'
  1 Online   500107862016 0:1.0   noencl 
 'unknown serial'

Not sure about the 'unknown serial', but otherwise looks correct.


Nice work!  Sorry I don't have a card with cache (e.g. H730) to test on,
but I haven't hit any problems with my H330 yet.


-Andrew


[1] https://marc.info/?l=openbsd-misc=146343624320665=2
With more recent kernels, the numbers on the "entry point" line are
different, but the UEFI boot problem otherwise remains the same -- video
corruption, followed by a reboot 10-15 seconds later.  I just discovered
that serial console support has recently been added to the UEFI bootloader,
so I hopefully I'll be able to see boot messages from after the video goes
wonky, and submit a more useful bug report.


dmesg:
OpenBSD 6.1 (GENERIC

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

[Andrew Lemin]

Hi,

Sadly in my testing it seems that CVE-2017-8301 (
http://seclists.org/oss-sec/2017/q2/145) is still broken with the
latest LibreSSL
(2.5.4) and OpenVPN 2.4.2.

Here is someone else reporting the same issue;
https://discourse.trueos.org/t/libre-openssl-tls-error-when-using-openvpn/1358/4

Of course I may have gotten this wrong somewhere, but for now it seems not
possible to use OpenVPN as a client with TLS static certificate based
server on OpenBSD.

Hope this helps clarify for anyone else finding the same issue until some
clever person does a fix.


Error same with latest;

Tue Jun 20 22:51:15 2017 OpenVPN 2.4.2 x86_64-unknown-openbsd6.1 [SSL
(OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 20 2017

Tue Jun 20 22:51:15 2017 library versions: LibreSSL 2.5.4, LZO 2.10

.

.

Tue Jun 20 22:52:08 2017 VERIFY ERROR: depth=0, error=self signed
certificate: < Cert Info >

Tue Jun 20 22:52:08 2017 OpenSSL: error:14007086:SSL
routines:CONNECT_CR_CERT:certificate verify failed

Tue Jun 20 22:52:08 2017 TLS_ERROR: BIO read tls_read_plaintext error

Tue Jun 20 22:52:08 2017 TLS Error: TLS object -> incoming plaintext read
error

Tue Jun 20 22:52:08 2017 TLS Error: TLS handshake failed

Tue Jun 20 22:52:08 2017 SIGUSR1[soft,tls-error] received, process
restarting

On Tue, Jun 20, 2017 at 8:49 PM, Andy Lemin <andrew.le...@gmail.com> wrote:

> I've just found this hint on GitHub for the Openvpn compile options for
> Libressl;
> https://gist.github.com/gsora/2b3e9eb31c15a356c7662b0f960e2995
>
> So will try a build later tonight and share back here if that CVE is fixed.
>
> Would prefer to rebuild with the same options as the packaged binary, and
> it occurred to me that I don't know how to find that on OpenBSD?
>
> Thanks again :)
>
>
> Sent from a teeny tiny keyboard, so please excuse typos
>
> On 20 Jun 2017, at 20:23, Andrew Lemin <andrew.le...@gmail.com> wrote:
>
> Hi Misc,
>
> Has anyone else come across any issues recently with Openvpn, Libressl and
> TLS on OpenBSD 6.1?
>
> I am using an .ovpn file with TLS auth static key and cert inline within
> the file, to connect to VPN service. Running openvpn binary from command
> line without any special params, just .ovpn file.
>
> I have tested this is working fine on a Linux server with same config
> (using Openssl), so the server side, CA and cert are fine etc.
>
> I noticed on the Linux server the line; "Control Channel Authentication:
> tls-auth using INLINE static key file", but I do not see this debug on the
> OpenBSD version. Wondered if Libressl is not negotiating tls properly.
>
>
> I have since found CVE-2017-8301 which I believe is related. And confirmed
> that OpenBSD 6.1 seems to be running LibreSSL version 2.5.2
>
> The CVE shows issue known between 2.5.1 and 2.5.3, and looking at the
> OpenBSD trees I can see 2.5.4 was cut around 1st of May..
>
> I used MTier to grab all major patches etc, but LibreSSL not in patch list
> yet. openvpn did have a minor.
>
> So downloaded Libressl 2.5.4 source, compiled and installed as per INSTALL
> etc.. However notice that openvpn is still linking to 2.5.2.
>
> It would be great if someone would be kind enough to confirm if this CVE
> is indeed the same issue, and if 2.5.4 includes the relevant fixes for it?
>
> And if yes, a gentle nudge as to how to get openvpn to link to the 2.5.4
> install?
>
> Thanks for your time.
> Kind regards, Andy Lemin
>
>
>
> Sent from a teeny tiny keyboard, so please excuse typos
>
>

Libressl issue verifying self-signed certs with tls-auth and Openvpn

[Andrew Lemin]

Hi Misc,

Has anyone else come across any issues recently with Openvpn, Libressl and
TLS on OpenBSD 6.1?

I am using an .ovpn file with TLS auth static key and cert inline within
the file, to connect to VPN service. Running openvpn binary from command
line without any special params, just .ovpn file.

I have tested this is working fine on a Linux server with same config
(using Openssl), so the server side, CA and cert are fine etc.

I noticed on the Linux server the line; "Control Channel Authentication:
tls-auth using INLINE static key file", but I do not see this debug on the
OpenBSD version. Wondered if Libressl is not negotiating tls properly.


I have since found CVE-2017-8301 which I believe is related. And confirmed
that OpenBSD 6.1 seems to be running LibreSSL version 2.5.2

The CVE shows issue known between 2.5.1 and 2.5.3, and looking at the
OpenBSD trees I can see 2.5.4 was cut around 1st of May..

I used MTier to grab all major patches etc, but LibreSSL not in patch list
yet. openvpn did have a minor.

So downloaded Libressl 2.5.4 source, compiled and installed as per INSTALL
etc.. However notice that openvpn is still linking to 2.5.2.

It would be great if someone would be kind enough to confirm if this CVE is
indeed the same issue, and if 2.5.4 includes the relevant fixes for it?

And if yes, a gentle nudge as to how to get openvpn to link to the 2.5.4
install?

Thanks for your time.
Kind regards, Andy Lemin



Sent from a teeny tiny keyboard, so please excuse typos

Re: Blank screen after boot with Radeon HD 5450

[andrew]

On Tue, May 30, 2017 at 12:22:09PM -0400, Maximilian Pichler wrote:

As mentioned, I booted another OS from a USB stick and it runs at
2560x1440@60MHz. Doesn't this make it unlikely that the issue is with
the monitor or cable? Also, the connection is via DisplayPort, even
the most basic version of which shouldn't struggle with this
resolution.

Is there not a more systematic way of debugging this? I find it
puzzling that none of the logs contains any error message.



Just a thought -- maybe it's because there is no error  ???

man xbacklight(1)

Re: Domain redirections to Openbsd.org?

[andrew fabbro]

On Thu, May 18, 2017 at 8:13 AM, Wylie Bayes <m...@wyliebayes.com> wrote:

> Just curious if is a normal thing for folks to be redirecting their domain
> to Openbsd.org, in turn keeping their domain name in their browsers but
> ultimately getting Openbsd.org's content?
>
> Such as:  http://nathanalexander.uk/ ?
>

I don't think that's a redirect.  It looks like the owner of that site
simply ripped the OpenBSD main page and placed it on his site.

At least he was thorough - images are served from his site and not via
hotlink.

As to normal thing...I'd say not.

-- 
andrew fabbro
and...@fabbro.org

Re: Pinebook (if anyones up for it)

[Andrew Gwozdziewycz]

My understanding is that there is some support for the Pine64 platform, though 
it requires access to the pins to get a serial console. I haven't opened mine 
up yet, but I assume it's a Pine64, on a different footprint PCB. Though... I 
have no idea about any other IO pins...

> On May 13, 2017, at 13:27, Christer Solskogen  
> wrote:
> 
> Hi!
> 
> I've gotten myself a Pinebook (https://www.pine64.org/?page_id=3707) - and
> as far as I understand it's not supported by OpenBSD. If somebody is up for
> the job, order one and I'll pay for it.

Re: list all system users, eg. _x11

[andrew fabbro]

Listing all users is trivial - I don't think that's what he's asking.

He's asking is "how do I list all *system* users", presumably in a way that
differentiates them from user accounts in some kind of authoritative way.

I don't think there is a way.  You could:

- Assume all users < uid 1000 are system users, but that is not hard
enforced to my knowledge.  IIRC the OS will start with 1001 but an admin
could override that at user creation time.

- Use your preferred programming language or utility to parse out entries
that begin with _ in /etc/passwd.  That won't get non-service-account
entries like root, bin, etc.  Also, I don't think there's a technical
prohibition to creating a new user account that starts with an underscore.

- Differentiate by groups.  i.e., if all your users are in one group, then
you know who isn't.

I think if your admins don't do stupid things (create user accounts under
1000, create accounts starting with _, etc.) then just parsing /etc/passwd
would likely be the simplest way.

As practical experience, that's what I've done when migrating systems,
etc.  I assume that people play by the rules, so if I need to identify all
the user accounts (to recreate them on a new system or something), I
exclude uids under 1000 as a starting point.


On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at> wrote:

> and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST):
> > On 05/06/17 14:27, Luke Small wrote:
> > > Is there a way to determine all users on a system that the users
> command
> > > doesn't seem to show? like _x11 and _ntpd
>
> users(1) - list current users
>
> I'd try ps(1) and get all active users from there.
>
> If you are after *all* users (inactive ones as well) you could use
> "getent(1) passwd" and parse from there.
>
> Marcus
>
> > What's a user?
> >
> > Maybe you want to look at /etc/passwd.  The first four lines are
> >
> > root:*:0:0:Charlie &:/root:/bin/ksh
> > daemon:*:1:1:The devil himself:/root:/sbin/nologin
> > operator:*:2:5:System &:/operator:/sbin/nologin
> > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
> >
> > You can parse that with awk and do stuff.  Read about passwd(5) to
> > understand the format.  A login shell of /sbin/nologin means
> > it isn't interactive.  That might get you started?
> >
> > --STeve Andre'
> >
> >
> > !DSPAM:590e28ea17913841584367!
> >
>
>


-- 
andrew fabbro
and...@fabbro.org

Re: Problems installing on Dell R830

[Andrew Daugherity]

I think the bootloader is seeing more RAM than is actually there.  Regions
0-15 are contiguous, except for a 256kB hole at 640kB, and total 2.25GB
(2304MB) memory.  Not sure about regions 16 & 17, but they're tiny
(~13MB).  Region 18 is exactly 510GB, so we have 2.25 + 510 = 512.25 GB, or
256MB more memory than is actually installed in the system.

And in relation to Mike's comment, that 510GB region starts at 4GB, so it
does indeed go past 512GB.

For comparison, here's my output from what should be very similar hardware
-- a Dell R230 with 8GB:
>> OpenBSD/amd64 BOOT 3.33
boot> machine memory
Region 0: type 1 at 0x0 for 624KB
Region 1: type 2 at 0x9c000 for 16KB
Region 2: type 2 at 0xe for 128KB
Region 3: type 1 at 0x10 for 2036884KB
Region 4: type 2 at 0x7c625000 for 131104KB
Region 5: type 1 at 0x8462d000 for 145860KB
Region 6: type 4 at 0x8d49e000 for 4KB
Region 7: type 1 at 0x8d49f000 for 2304KB
Region 8: type 2 at 0x8d6df000 for 25132KB
Region 9: type 4 at 0x8ef6a000 for 192KB
Region 10: type 3 at 0x8ef9a000 for 312KB
Region 11: type 1 at 0x8efe8000 for 96KB
Region 12: type 2 at 0x8f00 for 16384KB
Region 13: type 2 at 0xe000 for 262144KB
Region 14: type 2 at 0xe00fd000 for 4KB
Region 15: type 2 at 0xfd00 for 24576KB
Region 16: type 2 at 0xfe00 for 68KB
Region 17: type 2 at 0xfec0 for 4KB
Region 18: type 2 at 0xfed0 for 4KB
Region 19: type 2 at 0xfed1 for 32KB
Region 20: type 2 at 0xfed18000 for 4KB
Region 21: type 2 at 0xfed19000 for 4KB
Region 22: type 2 at 0xfed84000 for 4KB
Region 23: type 2 at 0xfee0 for 4KB
Region 24: type 2 at 0xff40 for 12288KB
Region 25: type 1 at 0x1 for 6029312KB
Low ram: 624KB  High ram: 2036884KB
Total free memory: 8215080KB

(pasted from a serial console, so no typos)

I likewise have 2.25GB (2304MB) at the start, then 256MB in region 13 (the
4kB in region 14 overlaps this), and then 5.75GB (5888MB) in region 25
(regions 15-24 total ~36MB).

Wait a minute, that also adds up to 256MB (+36MB) more RAM than I have
installed (8.25 vs 8 GB), but my system boots fine.  Now I'm more
confused... I don't know what to make of the extra 256MB, but it's possible
your system's crossing the 512GB boundary may be the issue.

-Andrew

getty doesn't work on serial ports which aren't the boot console

[Andrew Daugherity]

I was setting up a new server where I wasn't sure whether com0 or com1 was
the port I wanted, so I turned on both tty00 and tty01 in /etc/ttys to see
which one to use in boot.conf.  Edited the file, did the 'kill -HUP 1',
and... nothing.  getty processes are listening on tty00 and tty01, but both
ports are stone dead.

Tried cua00/cua01 in /etc/ttys on a lark, and it worked!  Well, kinda...
echo control isn't right, as passwords get echoed at the login prompt.

Now that I knew which port was which, I configured boot.conf and rebooted.
Bootloader & kernel messages work correctly on both com0 or com1, whichever
is configured and connected to.  Furthermore, using tty00/tty01 in
/etc/ttys now works properly (including echo control), but ONLY on the port
that was the boot console.

To clarify:
bootloader set tty com0: getty works on tty00, does not work on tty01
bootloader set tty com1: getty does not work on tty00, works on tty01
getty on cua00/cua01 works (but with echo issues) in all cases.

This seems like possible serial line issues (carrier detect/DTR/DSR, etc.),
but I don't know why.  I've never had any problems with this null-modem
cable before, and furthermore, one of the serial ports has no cable, but is
connected internally to the IPMI/DRAC module and viewed via IPMI SoL
[serial over LAN], so I couldn't change the cable pinout if I wanted.  I
also tried various combinations of flags mentioned in ttys(5) (local,
softcar, etc.) to no effect.  Does the kernel do something special
regarding CD/DTR/DSR if the port is the boot console?

I searched the list archives and found this thread from 2009, where others
had the same problem, without any apparent resolution: https://marc.info/
?l=openbsd-misc=123335745920052=2

Any ideas?


Hardware details: Dell R230, with the cheapest DRAC option (or rather, I
selected the "basic" DRAC which came standard).  Fortunately with the iDRAC
8 on 13th-gen servers (Rn30 etc.), even the iDRAC8 Basic has a dedicated
NIC (previously you had to get an "enterprise" option for that).  The
serial port ordering is configurable in the BIOS; I have it set so that
com0 is the physical port and com1 is IPMI (I think the default was the
opposite).

Besides configuring IPMI SoL and boot serial console redirection (port,
baud rate, turn off "redirection after boot") in the BIOS, I also had to
turn off "RAC Serial" in the iDRAC settings, so that the port went to the
host via IPMI rather than the RAC itself.  Connecting from a client with
'ipmitool -I lanplus -H  -U  sol activate' works great.

dmesg:
OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr  1 13:45:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8395776000 (8006MB)
avail mem = 8136646656 <(813)%20664-6656> (7759MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x8ef68000 (43 entries)
bios0: vendor Dell Inc. version "1.4.5" date 08/09/2016
bios0: Dell Inc. PowerEdge R230
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP BOOT SSDT SLIC HPET LPIT APIC MCFG WDAT SSDT DBGP
DBG2 SSDT SSDT SSDT SSDT SSDT SSDT PRAD HEST BERT ERST EINJ DMAR FPDT SPCR
acpi0: wakeup devices PEGP(S0) PEG0(S0) PEGP(S0) PEG1(S0) PEGP(S0) PEG2(S0)
XHC_(S0) XDCI(S0) PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0)
PXSX(S0) RP04(S0) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,
SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 369600 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,
SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz

Re: Libperl 18?

[Andrew Fresh]

On Mon, Feb 13, 2017 at 02:29:01AM +, Bryan C. Everly wrote:
> I have been trying to nuke and pave my daily driver's OpenBSD partition
> since Feb 5. Trying to install libproxy failed on a bad major (I have 17.1
> and it wants 18.0) for libperl.
> 
> I figured this was the normal behavior I have seen from time to time
> running snapshots and I would just wait for the next refresh of the
> snapshot. I did and I reinstalled the bad and userland tools from it but
> I'm still seeing the problem.
> 
> Are we having problems with perl in the userland build?

Should be libperl.so.18.0 from perl 5.24.1

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi.diff?r1=1.818=1.819=h

What's the date of the snapshot you installed?

$ ftp -o- ftp://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/base60.tgz | 
tar tzvf - | grep libperl
...
-r--r--r--  1 root bin5722739 Feb 12 12:44 ./usr/lib/libperl.so.18.0

Re: Is randomizing UID/GUID would make sense?

[andrew fabbro]

On Mon, Jan 23, 2017 at 11:00 AM, Martin Schröder <mar...@oneiros.de> wrote:

> And what if my UID/GUIDs are random on every host and server? Would
> nfs handle that?
>

Sure.  Why not?

But then, I'm only talking about UID/GID selection.  I'm assuming that
jsmith is UID 2000 on every system, regardless of how he got the number.

Now if someone meant using *different* UID/GID on every system and they're
not synchronized...right, that'd be a nightmare.

The OP was just talking about changing from "last +1" to arc4random.
Synchronizing UID/GID across servers (if you're not using a directory of
some sort) is the same headache regardless of how you pick them.

If the OP meant every server has different, unique randomized UID/GIDs then
that's a separate craziness.


--
andrew fabbro
and...@fabbro.org

Re: Is randomizing UID/GUID would make sense?

[andrew fabbro]

On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder <mar...@oneiros.de> wrote:

> 2017-01-20 8:43 GMT+01:00 minek van <minek...@mail.com>:
> > Could it bring more security if the UIDs/GUIDs would be random?
>
> Why? What's the attack you want to defend against?
>

I suppose there's some information leakage in the sense that any given
OpenBSD server is much more likely to have a UID of 1005 than a UID of
10005.  And the first dozen or two lines in /etc/passwd are the same for
every OpenBSD installation.

But is there an arena where an attacker could make effective use of this
information?

If you wanted a different UID/GID for all the service accounts (everything
>0) you're going to have a significantly more complicated
installer...indeed, the whole tarball distro method would need to be
examined.

Random UID/GIDs for user accounts are something an admin could already do
without needing to change anything - just pick random numbers for the
adduser flags.

> Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it
> only do pain?
>
> Yes.


Not sure about that...it would certainly be a headache to change UIDs/GIDs
if you already have them in place, but for setting up a new server/new
accounts, nfs doesn't care what number you are (well, 0 excepted).  Whether
the algorithm is "last used +1" or arc4random, you have the same
sync/directory problems regardless.  That's for user accounts...service
accounts might need a bit more thought.

So in summary, if you want random UID/GID for user accounts, that's a
one-liner shell script - go for it!  But if you want random UID/GID for
service accounts, I think there would need to be a lot more justification
for what would be a lot more work.

--
andrew fabbro
and...@fabbro.org

computer users.

[Andrew Sean Bukovsky]

Thanks for all your work. There is a learning curve involved in this,
and I'm glad to be with OpenBSD operating system.  Its a far cry from
stumbling into phrack, 2600, and cdc, and all the other horrible shit
on the internet on a pentium 100 and win95(highschool).  I'm glad for
OpenBSD and people who know how to engineer computer things.

Really very wonderfull, I didn't buy this release, but i'm glad for
some of my dollars to go to you guys in the future, heh, we will see.
looking forward to mounting the steep learning curve.

Re: Forget mod_perl. I'm going to try to move to FastCGI and base http

[Andrew Fresh]

On Tue, Oct 04, 2016 at 12:20:33PM -0400, Raul Miller wrote:
> On Tue, Oct 4, 2016 at 8:48 AM, Marc Espie <es...@nerim.net> wrote:
> > There's also a whole fucking manpage bundled with PerlDancer explaining in
> > some details all the possible deployment options.
> 
> Related, though, is that a lot (but not all) of this documentation
> assumes the reader understands how to use mod_perl -- and incorporates
> its documentation by reference, or by implication.

This is getting off-topic for misc@, but the Plack and mod_perl are
fairly low-level so I don't think it's unfair to expect a reader who is
converting from one to the other to be familiar with them.  Then again,
the PSGI spec is not incredibly dense.

https://metacpan.org/pod/PSGI

And the FAQ seems to answer questions expecting, what seemed to me,
a reasonable knowledge level.

https://metacpan.org/pod/distribution/PSGI/PSGI/FAQ.pod


> People who don't understand that are probably expected to either
> figure it out for themselves, or migrate to some other environment
> (which might account for some of the popularity of node.js, rails and
> python).

While the page at http://plackperl.org/ could possibly be a bit
friendlier, it does have links to explain what it is and how it works,
plus links to something like 18 higher-level frameworks that support
PSGI, likely via Plack, 


I think the hope is more that you might find the Task::Kensho link off
of the metacpan.org main page and from there follow the links to some of
the many perl web development frameworks that exist.

https://metacpan.org/pod/Task::Kensho#Task::Kensho::WebDev:-Web-Development

(I am in the middle of doing this at work, so may not have a good handle
on how someone new sees things)

l8rZ,
-- 
andrew - http://afresh1.com

At the source of every error which is blamed on the computer, you
will find at least two human errors, including the error of blaming
it on the computer.

Re: Forget mod_perl. I'm going to try to move to FastCGI and base http

[Andrew Fresh]

I gave a talk about moving from mod_perl to Plack and FastCGI at the local
perlmonger group. It was fairly straight forward and there are a fair number
of options on the CPAN, although I'm unsure which have ports.

http://cvs.afresh1.com/~andrew/talks/cgi_to_psgi_pdx_pm/

There is also some potentially useful information in this article

https://github.com/reyk/httpd/wiki/Migrating-a-perl-CGI-application-such-as-B
ugzilla

On September 29, 2016 12:19:50 PM PDT, Chris Bennett
<chrisbenn...@bennettconstruction.us> wrote:
>Thanks to stu@, he's informed me that mod_perl is a big problem for
>OpenBSD modernising its Perl forward.
>So I'm going to try and move to FastCGI.
>
>I can't find any info online about transition from mod_perl to FastCGI,
>so I'll have to work that out myself. Any useful links would be
>appreciated.
>
>Since I have been using Apache, I haven't paid any attention to base
>http.
>
>I have written modules to allow people to setup to make a purchase for
>online content, be transferred over to PayPal, pay.
>PayPal then sends me payment details which I have to send back to
>verify
>status of purchase. After that I create a username and password and
>email those plus a link to the customer.
>
>Privately, I have several databases that I use to form project assembly
>pieces that can then be combined in different ways to produce final,
>different complete project. Project labor is also worked out similarly.
>
>I also run two forums on outside software.
>
>I use PostgreSQL. I use Apache's httpd.conf and other confs to match
>Locations to the appropriate modules.
>
>Are there any problems getting something like this to work with base
>httpd? I run several different sites.
>The manual pages seem a little terse and unrevealing to me.
>
>I'm going to go study FastCGI myself now.
>
>Could anyone share some httpd.confs with me that do what I'm trying to
>accomplish?
>
>Any help appreciated,
>Chris Bennett

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: dmesg for Lenovo Thinkpad x200 w/Libreboot

[Andrew Gwozdziewycz]

Yes. Yes it is, and he's trying to get OpenBSD running on top of
Libreboot, which makes it very much relevant. PAY ATTENTION!

On Tue, Sep 27, 2016 at 11:03 AM, Mihai Popescu  wrote:
> Dude, this is OpenBSD's mailing list not libreboot's. Pay attention, please!
>



-- 
http://apgwoz.com

Re: DigitalOcean and OpenBSD

[andrew fabbro]

Maybe this should be a FAQ.

You can run OpenBSD on nearly any KVM VPS provider.  I have some favorites,
but it isn't right for me to shill here.  You could visit LowEndTalk for
discussion of cheap VPSes, or WebHostingTalk for more structured discussion
of expensive ones.  Or email me and I'll share my opinions and bread crumbs.

I pay $3-5 per month to run OpenBSD on 512MB VPSes, and I also have some
$15/year 128MB VPSes that run just fine for DNS, mail, etc.  You can pay
more to get much bigger specs of course.

You need to read the vio(4) man page if you're going to run with virtio
drivers (which you will if you use KVM).

As for the "cloud" providers:

- EC2, Azure: forget it.

- Vultr: works well, officially supported

- DigitalOcean: it's an "install through FreeBSD" hack.  That said, once
setup, I've had no issues.  Note that snapshots may not work (per the
tutorial link above).

And of course there are cheap dedicated offers: OVH, SoYouStart, Kimsufi,
online.net, hertzner, etc.  If you can get the ISO presented to the
hardware, of course OpenBSD works there.

It's worth pointing out that:

- if you just need a virtualized crash place to test OpenBSD, you can use
virtualbox, etc. to do this on your PC/laptop for free

- there are specialized OpenBSD hosters, so maybe giving them some love is
appropriate

- there are specialized OpenBSD shell account providers (devi.os) if that's
all you need

- some day in the bright shining future when vmm is done, you may be able
to buy an OpenBSD guest VM on an OpenBSD host...and then these piddling
Amazon and Microsoft Azure empires will fall as Puffy storms the net.  To
the cloud!

-- 
andrew fabbro
and...@fabbro.org

Re: Carp and VLANs

[Andrew Seguin]

Thank you,

This (having unique VHID) was the solution.

I had considered originally that since each carp device is on its own VLAN,
that would represent a unique broadcast domain and it wouldn't be violating
anything - but without your suggestion I'm not sure I would have gone back
to review that decision.

I'm still a bit curious how it came to that. I did snoop if carp
announcements were leaking from a tagged vlan onto the default network, but
didn't see any sign of that. So maybe it was because the VLANs were riding
on top of the same physical interface... but a lot less important now.

Regards,
Andrew




On Tue, Aug 23, 2016 at 8:34 PM, John Jasen <jja...@realityfailure.org>
wrote:

> All your carp devices have the same VHID. As two share the same network,
> that could cause problems.
>
>
>
>
> On 08/23/2016 01:40 PM, Andrew Seguin wrote:
> > Hi,
> >
> > I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
> > but have been blocked by a behavior of carp in combination with VLANs
> that
> > I didn't expect or experience before. I'm hoping somebody could enlighten
> > me a little bit about why carp floating IPs stop working when the carp
> > status is master for the physical interface.
> >
> >
> > Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had
> > no issues with carp managed IPs.
> >
> > At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the
> other
> > remains with FreeBSD (FW2).
> >
> > The network is setup in such a way that the default vlan (1) is untagged,
> > and this network is for all the network management. All other traffic
> goes
> > over tagged networks. The network switches we have simply work in this
> way
> > and so I can't make vlan 1 also a tagged interface to test the impact of
> > such a configuration.
> >
> > As long as the OpenBSD system is not the master for the default /
> untagged
> > network associated to the physical network interface, the system will
> > accept packets for its CARP IPs.
> >
> > When OpenBSD becomes master for the untagged network, it won't forward or
> > respond (ping) to packets addressed to its floating IP.
> >
> > Configuration files for the physical interface (sk0) and a couple VLANs
> (I
> > run a dozen, but trimmed back to two for the purpose of this mail).
> >
> > # cat /etc/sysctl.conf
> > net.inet.carp.allow=1
> > net.inet.carp.preempt=1
> > net.inet.ip.forwarding=1
> >
> > # cat /etc/hostname.sk0
> >   inet
> > 10.1.0.2 255.255.255.0 NONE description "main link"
> > inet 10.0.0.2 255.255.255.0
> >
> > # cat /etc/hostname.carp1
> > vhid 1 pass password carpdev sk0 advskew 150
> > inet 10.1.0.1 255.255.255.0
> > inet alias 10.0.0.1 255.255.255.0
> >
> > # cat /etc/hostname.vlan10
> > inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description
> "Printer
> > network"
> >
> > # cat /etc/hostname.carp10
> > vhid 1
> pass
> > password carpdev vlan10 advskew 150
> > inet 10.10.0.1 255.255.255.0
> >
> > # cat /etc/hostname.vlan50
> > inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description
> "Wireless
> > backbone"
> >
> > # cat /etc/hostname.carp50
> > vhid 1 pass password carpdev vlan50 advskew 150
> > inet 10.50.0.1 255.255.255.0
> >
> >
> > The other system has a similar configuration with the exception that IPs
> > ending in .2 are .3 on FW2 and FW2 has advskew 100.
> >
> >
> > If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10
> > advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward
> > packets between those two networks without problem and ping 10.10.0.1
> works
> > fine.
> >
> > The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no
> > longer forwards packets (between vlan10 and vlan50, vlan10 and the
> untagged
> > vlan) and it no longer responds to ping for any of the IPs associated to
> > the carp interfaces from external systems (ping 10.10.0.2 works, ping
> > 10.10.0.1 doesn't work) although from the local box it works (ping
> > 10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master
> for
> > all interfaces.
> >
> > Throughout, I am able to keep working with the box remotely as long as I
> > logged in via the local subnet IP (ie: from a workstation with IP
> &g

Carp and VLANs

[Andrew Seguin]

Hi,

I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
but have been blocked by a behavior of carp in combination with VLANs that
I didn't expect or experience before. I'm hoping somebody could enlighten
me a little bit about why carp floating IPs stop working when the carp
status is master for the physical interface.


Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had
no issues with carp managed IPs.

At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the other
remains with FreeBSD (FW2).

The network is setup in such a way that the default vlan (1) is untagged,
and this network is for all the network management. All other traffic goes
over tagged networks. The network switches we have simply work in this way
and so I can't make vlan 1 also a tagged interface to test the impact of
such a configuration.

As long as the OpenBSD system is not the master for the default / untagged
network associated to the physical network interface, the system will
accept packets for its CARP IPs.

When OpenBSD becomes master for the untagged network, it won't forward or
respond (ping) to packets addressed to its floating IP.

Configuration files for the physical interface (sk0) and a couple VLANs (I
run a dozen, but trimmed back to two for the purpose of this mail).

# cat /etc/sysctl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.ip.forwarding=1

# cat /etc/hostname.sk0
  inet
10.1.0.2 255.255.255.0 NONE description "main link"
inet 10.0.0.2 255.255.255.0

# cat /etc/hostname.carp1
vhid 1 pass password carpdev sk0 advskew 150
inet 10.1.0.1 255.255.255.0
inet alias 10.0.0.1 255.255.255.0

# cat /etc/hostname.vlan10
inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description "Printer
network"

# cat /etc/hostname.carp10
vhid 1 pass
password carpdev vlan10 advskew 150
inet 10.10.0.1 255.255.255.0

# cat /etc/hostname.vlan50
inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description "Wireless
backbone"

# cat /etc/hostname.carp50
vhid 1 pass password carpdev vlan50 advskew 150
inet 10.50.0.1 255.255.255.0


The other system has a similar configuration with the exception that IPs
ending in .2 are .3 on FW2 and FW2 has advskew 100.


If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10
advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward
packets between those two networks without problem and ping 10.10.0.1 works
fine.

The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no
longer forwards packets (between vlan10 and vlan50, vlan10 and the untagged
vlan) and it no longer responds to ping for any of the IPs associated to
the carp interfaces from external systems (ping 10.10.0.2 works, ping
10.10.0.1 doesn't work) although from the local box it works (ping
10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master for
all interfaces.

Throughout, I am able to keep working with the box remotely as long as I
logged in via the local subnet IP (ie: from a workstation with IP
10.10.0.50, I can ssh to 10.10.0.2).

For testing ... while the FW1 (OpenBSD) is master for all interfaces, I
used tcpdump and could see the packets arriving at the system only if I
took the dump on sk0 or carp1. No packets show up on vlan10 or carp10 for
the box. On vlan10 - I can see all traffic addressed to 10.10.0.2 without
problem. On carp10 - I only see the "CARPv2-advertise" and arp
request/response packets.

To rule things out, I've kept the PF configuration as simple as possible
for testing (simply 1 line: "pass").

I always made sure that the corresponding CARP interfaces were in a backup
state on FW2 (freebsd) and via tcpdump that packets weren't ending up there
by some accident of the switches.

I've tried setting the subnet masks for the floating (carp) IP addresses to
be 255.255.255.255 - didn't change the behavior.

I set net.inet.carp.log=7 - nothing is noted in /var/log/messages beyond
the transitions (carp1: state transition: BACKUP -> MASTER; MASTER ->
BACKUP).

Since then, I'm out of ideas what to try and am turning to the mailing list
for help.

I'm rather new to OpenBSD, but I reviewed the FAQ and searched on google,
read man pages for carp, ifconfig, hostname.if, etc but didn't get any new
ideas.

Any ideas or suggestions what else I might look at?

Is this expected behavior or have I overlooked some configuration option?

Thanks in advance,
Andrew

Re: Freezing VMs on Bytemark Hosting

[andrew fabbro]

You're running on KVM, which probably means you're using virtio.  Have you
set the 0x2 flag on the vio driver?

I experienced hangs on my KVM-hosted OpenBSD VMs until I read the vio(4)
man page:

http://man.openbsd.org/vio.4

"The *vio* driver provides support for the virtio(4)
<http://man.openbsd.org/virtio.4> network interface provided by bhyve, KVM,
QEMU, and VirtualBox.
Setting the bit 0x2 in the flags disables the RingEventIndex feature. This
can be tried as a workaround for possible bugs in host implementations of
*vio* at the cost of slightly reduced performance."

An example of how to do this:

http://blather.michaelwlucas.com/archives/2083





On Tue, Jul 26, 2016 at 2:02 AM, Edd Barrett <e...@theunixzoo.co.uk> wrote:

> Hi,
>
> This is very much off-topic, and a long shot.
>
> I have a VM hosted at Bytemark, which seems to have started freezing
> about once a week. It stops responding to the network, and if I bring up
> the console, I see the login prompt with a flashing cursor, but it is
> not responsive to key-presses.
>
> I have a support ticket open, but we are not sure if it's an OpenBSD
> problem, or something on their end. The VM is running 5.9-stable with
> all patches applied. FWIW, Bytemark uses KVM + Qemu, so this question may
> extend to ARP networks VMs too(?).
>
> Wondering if anyone else here is hosting on Bytemark (or ARP) and had a
> similar issue, or even a workaround.
>
> Like I said, long shot.
>
> Cheers
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk
>
>


-- 
andrew fabbro
and...@fabbro.org

Re: Clean OpenBSD's httpd logs

[andrew fabbro]

Create a favicon.ico file, or ignore the error.

httpd is just reporting that the user's browser is trying to fetch
/favicon.ico and apparently it doesn't exist.  Logging that as a 404 is
standard behavior.  You don't have one so httpd reports a 404.

There are ways of telling the browser to not expect a favicon.ico or
telling it that it exists somewhere else (that perhaps doesn't exist), but
httpd in this case is really doing nothing wrong.  The wisdom of favicons
is a different story but they are standard.

http://stackoverflow.com/questions/1321878/how-to-prevent-favicon-ico-requests

One could argue that perhaps the web server shouldn't log favicon-related
404s...but then there will be someone trying to figure out why his/her
favicons aren't showing up and will be looking at logs.



On Thu, Jun 30, 2016 at 8:50 AM, C. L. Martinez <carlopm...@gmail.com>
wrote:

> Hi all,
>
>  Sorry if this question sounds stupid, but how can I avoid this type of
> entry in OpenBSD's httpd access.log:
>
> 172.22.55.1:44710 -> 172.22.55.10, /favicon.ico (404 Not Found), [/]
> [/favicon.ico]
>
>  ??
>
>  Thanks.
> --
> Greetings,
> C. L. Martinez
>
>


-- 
andrew fabbro
and...@fabbro.org

Re: Fifteen questions

[Andrew]

> Does OpenBSD come up with any in-house software to encrypt a file? Or do
> I have to use gnupg?

Yes -- libressl may do what you want. Read man openssl(1) and skim
down to the section entitled "ENC" and the subsequent sections
including examples. It's well written.

Re: I am thankful for OpenBSD quality docs

[andrew fabbro]

On Tue, May 17, 2016 at 10:30 AM, Ingo Schwarze <schwa...@usta.de> wrote:

> In general, BSD documentation tends to be better
> than Linux documentation


A while back, feeling somewhat bitter after struggling with Linux docs
after growing accustomed to OpenBSD docs, I made this image which
summarizes my feelings:

http://i.imgur.com/EKsD7aG.png

OpenBSD's documentation, in my experience, exceeds the docs provided by
some commercial operating systems, and those companies can afford to have
full-time doc writers on staff.  OpenBSD documentation is the gold standard.

-- 
andrew fabbro
and...@fabbro.org

EFI video corruption, reboot on Dell R230

[Andrew Daugherity]

Trying out the shiny new UEFI support without much luck on this hardware
(Dell PowerEdge R230 1U server, BIOS 1.2.5, which is currently the latest).


Using a snapshot install59.fs (May 6 was the most recent I've tried), the
bootloader works fine, but after the kernel loads, it correct prints a
single line:
  entry point at 0xf001000 [7205c766, 3404, 24448b12, 3680a304]
and then all subsequent text is squished into a space about 4 pixels tall
in the center of the screen, stretched horizontally, and colored purple, so
it is completely unreadable.  At a distance it looks like a purple line.

Furthermore, about 10 seconds later the machine reboots.  Since there
doesn't appear to be any serial console support in the EFI bootloader I
can't capture the unreadable kernel messages.

'machine video' reports only mode 0 (80x25).  The bootloader screen is
actually windowboxed (the monitor is running at 1024x768 at this point) but
works fine.

Video hardware is not Intel or Radeon but rather Matrox G200eR2 (apparently
a 1998 GPU is back in embedded form?).  FreeBSD & Linux do boot fine in
UEFI mode, but I don't imagine that's much help, aside from ruling out
defective hardware.  I don't know if the card model even comes into play
since it's probably something much earlier in the boot process at fault,
but in case it helps, here is its PCI information (via FreeBSD):

vgapci0@pci0:7:0:0: class=0x03 card=0x06a51028 chip=0x0534102b rev=0x01
hdr=0x00
vendor = 'Matrox Electronics Systems Ltd.'
device = 'G200eR2'
class  = display
subclass   = VGA
bar   [10] = type Prefetchable Memory, range 32, base 0x9100, size
16777216, enabled
bar   [14] = type Memory, range 32, base 0x9280, size 16384, enabled
bar   [18] = type Memory, range 32, base 0x9200, size 8388608,
enabled


Any suggestions?

-Andrew

generic.mp #2018 amd64 install and packages.

[Andrew]

Hi misc@,

Just a user experience for your consideration.

I picked up a new bsd.rd from snapshots in toronto. Checked the sha256
and signify to make sure it's good. Moved it to / and rebooted with:

boot> hd0a:/bsd.rd
selected Install with standard options.
clean download from the mirror followed by reboot.
--
logged in as root
--
# pkg_info
quirks-2.232
rtwn-formware-1.0
#
--
# pkg_add nano
Can't installl libiconv-1.14p3 because of libraries
|library.c.86.0 not found
| /usr/lib/libc.so.87.0 (system) bad major
Can't install gettext-0.19.7: can't resolve libiconv-1.14p3
Can't install nano-25.3: can't resolve gettext-0.19.7
--
Just looked at the toronto mirror ../snapshots/packages/amd64 and
libiconv-1.14p3 is in the directory from May 8.
--
Switched /etc/pkg.conf from "%c" to "snapshots"
-- 
Same error as above

As always I want to express my gratitude to Theo and all the past and
present devs --- have a great week ahead !!

Re: Openbsd broke my hard drive twice! Getting frustrated

[Andrew Gwozdziewycz]

Hi Gabe,

I found it possible to boot and install 5.9 on an XPS 13" (9333)[0], but
had problems getting the all important suspend to RAM (or anything which
allowed me to close the lid and reopen to resume work) to work. Were you
successful in getting this necessary laptop functionality working correctly?

If so, would you mind sharing your configs? I'd love to reinstall OpenBSD
on this machine, but can't sacrifice that.

Cheers,

Andrew

[0]: To be fair, I suffered the same problems you did, where I thought the
drive was dead. But, in reality, I just had to repartition it with EFI in
mind from a thumb drive booted Linux installer, and try again.

On Tue, May 3, 2016 at 8:30 PM, Gabriel Guzman <g...@guzman-nunez.com>
wrote:

> On 12/29, Gabriel Guzman wrote:
> > I've been seeing a similar issue on a DELL XPS 13" Developer edition I
> got
> > back in June -- ran fine with ubuntu as shipped with Dell, and then I
> > wiped and installed OpenBSD and now can't even access the BIOS.
>
> I figured out the issue.  On my machine (DEL XPS 13) it was the "Intel
> Rapid Boot" option in BIOS.  Disabling that resolved all my boot issues.
> I can now boot with MBR or GPT off the internal SSD.  And, I can also
> access the BIOS with the internal SSD installed in the system (this was
> not possible before)
>
> gabe.
>
>


-- 
http://apgwoz.com

Re: Reading /etc/shells - Check /etc/master.passwd - Password file busy

[Andrew Fresh]

On Sat, Apr 23, 2016 at 06:42:06PM -0400, Nick wrote:
> Check /etc/master.passwd
> Password file busy
> #
> 
> I have checked both /etc/passwd, /etc/master.passwd and I cannot see any 
> issues with it.

This means that you're not able to open /etc/ptmp for some reason,
likely because  the file already exists (because adduser tries to open
the file O_CREAT|O_EXCL).

l8rZ,
-- 
andrew - http://afresh1.com

Unix is very simple,
but it takes a genius to understand the simplicity.
  -- Dennis Ritchie

Re: Standard way to create a generic queue in ksh

[andrew fabbro]

On Sat, Apr 16, 2016 at 4:32 AM, Craig Skinner <skin...@britvault.co.uk>
wrote:

> A bloated way to do that is with an SQLite database, with a table's
> unique primary key being some (job number) attribute. Another column
> could auto timestamp on row insertion, so you could query on job number
> or time added. Unless you've other data to retain, it is rather bloated.
>

Not sure I agree - sqlite is pretty lightweight.  I have a job system that
runs hundreds of jobs on many systems, each dumping results into local
daily sqlite files which are then scp'd back and consolidated for
reporting.  This gives us the ease of standardized job results and
reporting without the need to have an HA DB every system can report to,
load DB clients all over the place, DB security with remote access, etc.
 (We need to gather results somehow, so rather than write some custom
format or something like XML, sqlite is an easy format to use).  You can
access sqlite on the command line in shell scripts if need be.  DB sizes
are in MB.

You might be saying bloated because it's writing SQL, etc. and for a
sysadmin who's focused on systems and is not a code-writer, that's totally
fair - SQLite is much more pleasant when you have perl or python and can
properly bind variables, etc.

I'd say the OP is crossing into programming rather than scripting.  I'm
making an artificial distinction (since shell scripts are certainly
programs) but in my experience, once you start needing more complex data
structures, you've outgrown the shell and should look at something like
perl, python, etc.  Not saying there aren't ways to do queues in
bash/ksh/etc., just...why would you?

-- 
andrew fabbro
and...@fabbro.org

Re: Question about logo

[andrew fabbro]

On Wed, Mar 2, 2016 at 11:37 PM, Janne Johansson <icepic...@gmail.com>
wrote:

> http://www.openbsd.org/art1.html says:
>
> Most images provided here are copyright by OpenBSD, by Theo de Raadt, or by
> other members or developers of the OpenBSD group. However, it is our intent
> that anyone be able to use these images to represent OpenBSD in a positive
> light -- but do not make profit from them. [...] So enjoy them and let the
> world see them, if that is your wish.


There are people selling shirts on Zazzle, CafePress, etc. which have the
OpenBSD logo - easy to find via google.  I'm assuming those people are not
authorized by OpenBSD nor do they pass on profits, alas.

-- 
andrew fabbro
and...@fabbro.org

isakmpd peculiarities, ipsec.conf manpage inaccuracy

[Andrew Lester]

Hi all,

I'm running OpenBSD 5.8-stable. The ipsec.conf manpage indicates that if no
srcid is present in an automatic keying IKE statement, then the value in the
identification should be the host IP address, and be an IP address type. I've
found this to be incorrect; if no srcid is specified, my system makes the type
in the identification payload an FQDN, and sets the value to the machine's
hostname. In order to pass just the IP address (and be an IP address type), I
had to explicity set srcid to the IP address in the ike statement.

Moving on, I am troubleshooting an issue where I'm able to connect a Macbook
running OS X to a remote access VPN service (L2TP + IPsec) I pay for, but my
seemingly identically-configured OpenBSD 5.8-stable workstation cannot
connect. Specifically the IPsec negotiation fails. The failure occurs in the
very beginning of the phase 2 negotiation, when the OpenBSD system sends the
first Quick Mode message with its ID payloads. The remote peer always responds
to this message with an "INVALID ID RECEIVED" notification, despite the ID
payloads being identical to what my OS X system sends.

After decrypting the IKE exchange from both my OpenBSD system and my OS X
system, while I find the identification payload in the first quick mode
message to be the same, I actually discovered a difference in the final
segment of the main mode Identity Protection phase:

In 3rd and final exchange in IKE phase 1 (Identity protection, main mode):
  *isakmpd appends an "INITIAL-CONTACT" Notification payload to the end of its
message
  *The Identification payload contains zero-values for the port and protocol
ID

This is in contrast to my Mac OS X system which does not include the
notification payload, and in the ID payload, it indicates a protocol of UDP
and port 500. To be fair, the IETF IPSec DoI for ISAKMP actually does indicate
that both the behavior of my Mac and of OpenBSD are acceptable. That being the
case, these are the only meaningful differences I've been able to identify
between OS X and OpenBSD, and ultimately I'd really like to be able to connect
to the VPN.

Does anybody know if there are any settings I can use to modify the behavior
of isakmpd to be in line with what OS X does? I would greatly value any input.
I have to say, decrypting the IKE exchange from OS X was a fairly annoying and
tedius process. I love how with isakmpd I can just pass it the -L parameter
and it will automatically dump a capture of the decrypted exchange.


Warm regards,
Andrew

IKE phase 2 failing, but don't see any obvious problem

[Andrew Lester]

Hi all,

I'm working on bringing up a remote-access L2TP + IPSec VPN on an OpenBSD 5.8
workstation. Note that this system is the client side L2TP LAC, not a
server-side L2TP LNS. Therefore I am using xl2tpd instead of npppd, which will
only handle server-side configurations. My issue actually seems unrelated to
the underlying tunneling protocol. I'm running into an IKE phase 2 failure,
specifically when first moving into quick mode.

My OpenBSD system sends the first quick mode message that contains its
advertised remote and local network information. In this case, it's very
simple as it's simply the traffic between what will become the L2TP endpoints,
so:
proto usb from 1.1.1.1 to 2.2.2.2 port 1701

1.1.1.1 is my local IP and 2.2.2.2 is the remote endpoint. When my system
sends this as the ID information in the quick mode message however, the remote
endpoint responds with: INVALID ID INFORMATION. I've tried a variety of
things, but I can't determine what's wrong here. Phase 1 completes without
issue. Below is the isakmpd.pcap output showing the failure:

08:32:37.154146 1.1.1.1.4500 > 2.2.2.2.4500: [bad udp cksum e7bc! -> 3d4d]
udpencap: isakmp v1.0 exchange QUICK_MODE
cookie: -> msgid: d8e18d0e len: 148
payload: HASH len: 24
payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 40 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0xdad40d72
payload: TRANSFORM len: 28
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 3600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: ID len: 12 proto: 17 port: 0 type: IPV4_ADDR = 1.1.1.1
payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR = 2.2.2.2
[ttl 0] (id 1, len 180)

08:32:37.167755 2.2.2.2.4500 > 1.1.1.1.500: [bad udp cksum a74b! -> a767]
udpencap: isakmp v1.0 exchange INFO
cookie: -> msgid: 16fb376e len: 76
payload: HASH len: 24
payload: NOTIFICATION len: 16
notification: INVALID ID INFORMATION [ttl 0] (id 1, len 108)


Perhaps another set of eyes might catch what I have not. Any input would be
greatly appreciated. :)


Warm regards,
Andrew

Remote access VPN on OpenBSD workstation...

[Andrew Lester]

Hi all,

Allow me to apologize in advance if I've overlooked something here. I am using
an OpenBSD workstation and have a need to establish a remote access VPN by
authenticating to an IPsec-protected L2TP LNS endpoint. The desired operation
is for the workstation to use the far-end ppp interface as its default
gateway.

My question is whether npppd can be configured in this manner. Reading through
the npppd and npppd.conf manpages, the configurations mainly appear to pertain
to configuring an L2TP server that remote users can then connect to, and in
fact I've only been able to find guides for such configurations online as
well. I'm trying to achieve the opposite of this. Am I simply overlooking
something?

For simplicity sake I'm not yet concerned about getting the IPSec layer
operational, which seems slightly more straightforward. Is there a way to
configure npppd as a LAC client or does it only function as an LNS? If the
latter, is there other software available that can act as a native LAC client
on OpenBSD? This is in reference to OpenBSD 5.8 stable.


Thank you,
Andrew Lester

Re: Reached some limit with sockets?

[Andrew Fresh]

On Sat, Feb 20, 2016 at 08:06:57PM +0100, Federico Giannici wrote:
> In a server (OpenBSD amd64 5.7) with many concurrent perl programs that have
> to open a lot of SSH connections, I get many errors like this:
> 
> connect() on closed socket GEN136 at
> /usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216.
> 
> Maybe at some point no more sockets can be opened because of some limit is
> reached?
> 
> I already tried to set these in sysctl.conf:
> 
> kern.maxfiles=2
> kern.somaxconn=1024


Since you don't provide much information about how many simultaneous
connections you are making or how many you are making per-second, it's
really hard to guess what might be going on.

However, the maxfiles limit here may give some indication to the amount
so my guess is that you are hitting the pf state limit.  The default
state purging interval is 10 seconds, and the default state limit is
10,000 states.   I'd suggest looking at the output of pfctl -si when
you're having the issue.

$ doas pfctl -sa | grep -e ^states -e interval
interval 10s
stateshard limit1

(note that I don't actually have an OpenBSD 5.7 machine, so these
numbers may not have been the same back then)

Re: GUI Designer

[Andrew Fresh]

On Mon, Feb 22, 2016 at 02:21:01PM +, Daniel Boyd wrote:
> But here's??my question: every now and
> then I like to makea quick and dirty GUI app. ??In Windows, I was??using
> Netbeans/Java/Swing. ??What do youguys use for a simple GUI with a
> visualdesigner? 

In perl, I for one usually end up just writing a quick web app using
Mojolicious::Lite* or some other framework.  Doesn't exactly answer your
question, but I haven't had a desire to write a GUI app in quite a few
years.

* The p5-Mojo package from
  http://mojolicious.org/perldoc/Mojolicious/Lite

l8rZ,
-- 
andrew - http://afresh1.com

Life's unfair - but root password helps!

Trouble applying patch 003 to OpenBSD 5.8-stable

[Andrew Lester]

Hi all,

I'm setting up OpenBSD 5.8-stable and installing the patches for the known
errata. I'm buying the CD set but installed with the install58.iso from a
mirror. As such I don't think the bad src.tar.gz on the CD will affect me;
I've used src.tar.gz from the mirror.

I'm having problems installing the patch for errata #003. This the uvm patch.
It appears that the file attempted to be patch is /usr/src/sys/uvm/uvm_km.c.
When attempting to patch, it stalls and asked me to provide the path to the
file to patch, because the previously mentioned file actually seems to not
exist.

Is this an optional patch or am I missing something? This is an amd64 platform
and I installed all the sets. Patch 001 and 002 had no problem.


Warm regards,
Andrew Lester

pkg.conf edit on -current #1870

[Andrew]

GENERIC.MP #1870 amd64

FWIW: Last night did a clean (re) installl using the toronto.edu mirror.

boot> boot hd0a:/bsd.rd

Puffy  loaded up fine -- but no packages.

I edited my /etc/pkg.conf

from:

 ... toronto.edu/pub/OpenBSD/%c/packages/%a/

to:

 toronto.edu/pub/OpenBSD/snapshots/packages/%a/

---

Thanks as always to Theo and to all the past and current devs -- have
a great week ahead !!

how to mount a *dmg in -current

[Andrew]

sh> file tws-stable-standalone-macosx-x64.dmg

tws-stable-standalone-macosx-x64.dmg: Macintosh HFS Extended version 4
data last mounted by: '10.0', created: Tue Feb  2 16:12:22 2016, last
modified: Tue Feb  2 22:12:22 20to 16, last backup: Tue Feb  2
22:12:22 2016, last checked: Tue Feb  2 22:12:22 2016, block size:
4096, number of blocks: 23105, free blocks: 0

--

FWIW: The old version of this software was simply a couple *jar files
that will work flawlessly on 5.7 doing nothing more than adding jdk*
from packages. This company repackaged the *jar files using install4j
into a *dmg image. I think they also customized java somehow and
included it in the *dmg. Now I'm supposed to "click on the icon" to
unpack everything.

Can I mount this *dmg using just -current -- or mount it by adding
something else from packages ??  Have I overlooked the obvious
solution ?? hfsplus does not work  An old marc thread mentioned
dmg2img but it is not in packages,

My current test setup is a GENERIC.MP #1847 amd64.

Thank you in advance for any suggestions.

Re: how to mount a *dmg in -current

[Andrew]

Thank you Jiri !! This works:

sh> pkg_add p7zip
sh> 7z e *dmg



On 2/12/16, Jiri B <ji...@devio.us> wrote:
> On Fri, Feb 12, 2016 at 12:43:18PM -0600, Andrew wrote:
>> sh> file tws-stable-standalone-macosx-x64.dmg
>>
>> tws-stable-standalone-macosx-x64.dmg: Macintosh HFS Extended version 4
>> data last mounted by: '10.0', created: Tue Feb  2 16:12:22 2016, last
>> modified: Tue Feb  2 22:12:22 20to 16, last backup: Tue Feb  2
>> 22:12:22 2016, last checked: Tue Feb  2 22:12:22 2016, block size:
>> 4096, number of blocks: 23105, free blocks: 0
>>
>> --
>>
>> FWIW: The old version of this software was simply a couple *jar files
>> that will work flawlessly on 5.7 doing nothing more than adding jdk*
>> from packages. This company repackaged the *jar files using install4j
>> into a *dmg image. I think they also customized java somehow and
>> included it in the *dmg. Now I'm supposed to "click on the icon" to
>> unpack everything.
>>
>> Can I mount this *dmg using just -current -- or mount it by adding
>> something else from packages ??  Have I overlooked the obvious
>> solution ?? hfsplus does not work  An old marc thread mentioned
>> dmg2img but it is not in packages,
>>
>> My current test setup is a GENERIC.MP #1847 amd64.
>>
>> Thank you in advance for any suggestions.
>
> Have you tried p7zip?
>
> j.

Re: Can I accelerate my magnet HDD using a SSD in any way?? E.g. softraid patch/ARC, dedicated hardware e.g. Intel RCS25ZB040LX="Nytro MegaRAID", anything

[andrew fabbro]

On Mon, Feb 1, 2016 at 8:16 AM, patric conant <mirage.comput...@gmail.com>
wrote:

> Why can't the solution be all flash? $400 for 1 TB flash, * 7 sata ports on
> a decent $100 Motherboard, gets you 7TB of flash for under $3000
>

Well, yes, and for a few hundred thousand you can get persistent DRAM
fusion-io.

OTOH, you can get 4TB SATA drives for $250.

The OP was just pointing out that SSD-acceleted (aka SSD-cached) SATA/SAS
is very common in Win/Lin/OSX and was wondering what the status is on
OpenBSD.


-- 
andrew fabbro
and...@fabbro.org

Re: current snap fails on gigabyte brix at uhub0

[Andrew]

> I had the same problem with a Gigabyte GA-970A-UD3 based computer, but the
> latest snapshot (#1846: Sun Jan 17 02:34:54 MST 2016) fixed it for me.
>
> Kind regards,
>
>
> Martijn Rijkeboer

Just downloaded GENERIC.MP #1847 amd and it boots seamlessly to a login prompt.

As always, thanks to Theo and to all the past and present devs -- have
a great week ahead !!

current snap fails on gigabyte brix at uhub0

[Andrew]

FYI -- the current snapshot fails on a Gigabyte Brix.

The boot process blows up at:uhub0

--
uhub0: device problem, disabling port 1
uhub0: device problem, disabling port 2
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
uhub1: device problem, disabling port 1
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
ehci_sync_hc: tsleep() = 35
uhub2: device problem, disabling port 1
wsci0 at root
scsibus2at vsci0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a: (foo.a)swap on sd0b dump on sd0b
...

and it locks up.


---
Re: FAQ 4.16 -- the machine has no floppy and no serial port so i'm
not sure how to get the dump to someone. However, here is an OLD dmesg
from back in Sept.
http://marc.info/?l=openbsd-misc=144122200709123=2

Hope this is useful to someone and thank you for the gift of OpenBSD !!!

Re: problem mounting ext4 filesystem

[Andrew Daugherity]

On Tue, Jan 5, 2016 at 5:05 PM, Remi Locherer <remi.loche...@relo.ch> wrote:
> Hi,
>
> I tried to mount an ext4 filesystem on OpenBSD which was created on
> CentOS7. I get this:
>
> remi@mistral:~% doas mount -t ext2fs /dev/sd0m /mnt
> mount_ext2fs: /dev/sd0m on /mnt: specified device does not match mounted 
> device
> remi@mistral:~%  dmesg | grep incomp
> ext2fs: unsupported incompat features 0x2c2
> remi@mistral:~%
>
> Which feature is 0x2c2? Maybe I can disable this or re-create the filesystem
> on Linux without this feature?

It's a bitmask combination of features, see
https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout#The_Super_Block
(entry 0x60, s_feature_incompat).  Features supported in OpenBSD are
described in src/sys/ufs/ext2fs/ext2fs.h, specifically the #define
EXT2F_INCOMPAT_SUPP bit.  It appears that there is some read-only ext4
support in OpenBSD, but not for your particular FS -- yours contains
the bit 0x80 (INCOMPAT_64BIT, not even listed in OpenBSD, let alone in
EXT4F_RO_INCOMPAT_SUPP).

If you want to share the FS read/write between OpenBSD and Linux, it's
probably easier to create it as ext2 rather than tracking down which
ext4 features to disable.

-Andrew

Re: startx fail on Lenovo G50-80 amd64

[Andrew]

On 11/28/15, Doug Hogan  wrote:
> On Fri, Nov 27, 2015 at 09:47:23AM +, freeu...@ruggedinbox.com wrote:
>> I installed OpenBSD 5.8 on USB flash memory. It's fine:)
>> Then Lenovo G50-80 could booting. but, startx fail and xdm was fail.
>
> I would focus on startx.
>
>> 1.background is blank(black) screen, mouse icon(X and arrow) couldn't
>> move.
>
> Was there an error message in the console about the mouse?
>
>> 3.X will draw window manager's background, but behave was strange.
>
> What WM are you using?
>
>> 5.couldn't get X.0.log
>
> If you startx, let it load and then either kill it or switch back to the
> console, does it show any errors?  Are there any /var/log/Xorg.*.log
> files?
>
>> dmesg|grep drm:
>
> Could you post the full dmesg?  In our dmesg archive, I see someone
> report that their Lenovo G50-80 works more than your report indicates.
> However, theirs didn't load inteldrm properly and yours did.  I can't
> compare the two dmesgs since you snipped it.
>
>> xorg.conf:
>
> Can you try it without a xorg.conf file?  It's usually not necessary.
> In general, try to make things simpler to debug by using startx, no
> xorg.conf file, a simple WM like cwm and try to find a way to get us a
> log file or error message.
>
> If possible, could you try installing an amd64 snapshot from tomorrow to
> see if it was fixed between 5.8 and -current?


I have a Lenovo G50-70 running the 5.7 stable.amd GENERIC.MP

I am humble enough to admit that I was also baffled by a blank screen,
seemingly no keyboard, no mouse, no error messages ... and I had to
ask for help too.

The solution may be as simple as tappng the "brightness" button a few
times on the keyboard. It's the F12 button on my laptop.

See also:

localhost> man xbacklight

Re: Unix::Pledge perl module

[Andrew Fresh]

On Thu, Nov 19, 2015 at 04:19:19PM -0500, Richard Farr wrote:
> I've put together a simple CPAN module that allows you to use pledge(2) 
> in your Perl programs.  Of course it will only work on -current.

Way cool!  I too have been working on this a bit.  Sorry that I got
distracted from actually putting it someplace public.

https://github.com/afresh1/OpenBSD-Pledge

One benefit of mine is that OpenBSD-Pledge.t is a bit further fleshed
out.  I do need to do a fair amount of work on the docs still, but I
will be looking for OKs to import it into base before long.

I think there is definitely room in the ecosystem for more than one
tool, especially if other operating systems adopt pledge.

l8rZ,
-- 
andrew - http://afresh1.com

I wish life had an UNDO function.

Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h

[Andrew Fresh]

On Tue, Nov 03, 2015 at 02:03:34PM -0200, Alceu Rodrigues de Freitas Junior
wrote:
> Hello Andrew,
>
> Em 02-11-2015 23:52, Andrew Fresh escreveu:
> >Yes, we don't support many of the algorithms that the tests attempt to
> >use.  I should probably push this patch upstream (with improvements) but
> >have not yet had time.
> >
>
>https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_t
ests.patch
> >
>
> I took a look at your patch but didn't understand the objective of it.
>
> There are some comments as "# Use Blowfish", do you mean using
> Crypt::Blowfish crypt function instead?

No, from `man 3 crypt`

   Blowfish crypt
 The Blowfish version of crypt has 128 bits of salt in order to make
 building dictionaries of common passwords space consuming.
...
 The version number, the logarithm of the number of rounds and the
 concatenation of salt and hashed password are separated by the ‘$’
 character.  An encoded ‘8’ would specify 256 rounds.  A valid
Blowfish
 password looks like this:

 “$2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq”.


> Maybe a conditional block from Test::More help with that (including
skipping
> the test at all) would help, based on the osname from Config module.

Perhaps, although with that patch the tests pass.  I am sure I'll come up with
something.


> >That would be helpful, along with specific versions of perl you are
> >trying to install.
>
> Here it goes:

> Use of uninitialized value in substr at op/crypt.t line 43.
> substr outside of string at op/crypt.t line 43.

> I tried to install the latest perl available (5.22.0).

This looks like the errors the patch addresses, so yes, something
changed in 5.8.  The other crypt's got tedu'd

http://marc.info/?l=openbsd-cvs=142835341405554=2

l8rZ,
--
andrew - http://afresh1.com

If your computer says, "Printer out of Paper," this problem cannot
  be resolved by continuously clicking the "OK" button.

Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h

[Andrew Fresh]

On Mon, Nov 02, 2015 at 10:06:18PM -0200, Alceu Rodrigues de Freitas Junior 
wrote:
> My name is Alceu and I'm a newbie with OpenBSD. I hope I reached the right
> mailing list to ask about compiling Perl with perlbrew on OpenBSD.

Seems a reasonable place.


I've successfully installed quite a few versions of perl using plenv,
not perlbrew, but I think that plenv does not run the test suite.


> Is there any change to crypt.h on version 5.8? It seems the errors are due
> differences on the interface.

Yes, we don't support many of the algorithms that the tests attempt to
use.  I should probably push this patch upstream (with improvements) but
have not yet had time.

https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_tests.patch


> Unfortunately I don't have the exact error messages, but I can try to
> reproduce the errors again if needed.

That would be helpful, along with specific versions of perl you are
trying to install.

l8rZ,
-- 
andrew - http://afresh1.com

Full-time system administration is a delicate balance 
between proactiveness and laziness.
  --  jhorwitz from use.perl.org

Re: Advices for a new laptop

[Andrew Gwozdziewycz]

The X220 is older, so you can probably find it via ebay or other sources
for way less than your budget.


On Thu, Oct 29, 2015 at 8:33 AM, Domovoy  wrote:

> Thinkpads are over my budget (i find them starting with the E550 at 758€
> on my usual reseller).
>
> What about the B50-80 (80LT003C): i3, Intel HD 4400, wifi B/G/N/AC,
> Gigabit Ethernet, 2x USB3.
> Unfortunately i can't find for sure which wireless cards is used (probably
> Intel Dual Band Wireless-AC 3160).
> If it can allow me to do the little 3D editing i need, it would be a good
> fit.
>
> Any information about OpenBSD support for this thing?
> (From what i gathered the Intel HD 4400 should work, right?)
>
>
> Le 2015-10-29 15:00, Bryan Everly a écrit :
>
>> The X series and the T series Thinkpads work really well.
>>
>> My x220 is outstanding. The only device that isn't supported is the
>> fingerprint reader.  Also the mSATA slot is great for a second SSD. I
>> dual boot OpenBSD and Arch (for when I need a Virtual Machine) and
>> just use the F12 key at boot to select the drive I boot off of. Really
>> simplifies the set up. Also you can put 16gb of ram in this model
>> (even with an i5 processor) even though the specs say max of 8gb.
>>
>> Thanks,
>> Bryan
>>
>
>


--
http://apgwoz.com

current snapshot works on a Gigabyte Brix

[Andrew]

Last time I tried (many months ago) ended in a kernel panic.

Big thanks to Puffy/ Theo/ devs for liberating this box from it's old kernel !!

Much happiness :-)

---
OpenBSD 5.8-current (RAMDISK_CD) #1211: Wed Sep  2 08:50:46 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 8443551744 (8052MB)Thanks to the devs
avail mem = 8185937920 (7806MB)
mainbus0 at root
bios0 at mainbus0
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT DMAR ASF!
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz, 1696.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus 2 (RP02)
acpiprt4 at acpi0: bus 3 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpiec0 at acpi0: not present
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
xhci0 at pci0 dev 20 function 0 "Intel 7 Series xHCI" rev 0x04: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06:
RTL8168E/8111E-VL (0x2c80), msi, address 94:de:80:80:16:d2
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 5
ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi
pci3 at ppb2 bus 3
rtwn0 at pci3 dev 0 function 0 "Realtek 8188CE" rev 0x01: msi
rtwn0: MAC/BB RTL8188CE, RF 6052 1T1R, address 24:0a:64:07:0a:90
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel HM77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured
ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct
fixed naa.5000
sd0: 61057MB, 512 bytes/sector, 125045424 sectors, thin
"Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
uhub0: device problem, disabling port 1
uhub3 at uhub0 port 2 "vendor 0x1a40 USB 2.0 Hub" rev 2.00/1.11 addr 2
uhidev0 at uhub3 port 1 configuration 1 interface 0 "Logitech Logitech
Illuminated Keyboard" rev 2.00/55.01 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub3 port 1 configuration 1 interface 1 "Logitech Logitech
Illuminated Keyboard" rev 2.00/55.01 addr 3
uhidev1: iclass 3/0, 16 report ids
uhid at uhidev1 reportid 3 not configured
uhid at uhidev1 reportid 16 not configured
uhidev2 at uhub3 port 3 configuration 1 interface 0 "vendor 0x040b "
rev 1.10/2.00 addr 4
uhidev2: iclass 3/1, 178 report ids
uhid at uhidev2 reportid 1 not configured
uhid at uhidev2 reportid 178 not configured
uhub4 at uhub1 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2
uhub5 at uhub2 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2
softraid0 at root
scsibus1 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
syncing disks...
OpenBSD 5.8-current (GENERIC.MP) #1311: Wed Sep  2 01:45:07 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8443547648 (8052MB)
avail mem = 8183746560 (7804MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5

Re: securing web browser

[Andrew]

On 8/14/15, Frank White mediome...@gmail.com wrote:
 Hi, anyone has some advices to make more secure a  browser like firefox ?
 chroot + systrace ?

This previoius thread is one solution. Plus read a subsequent thread
on pdf viewers.

http://marc.info/?l=openbsd-miscm=142676615612510w=2

Re: Default OpenBSD browser

[Andrew]

On 7/28/15, Craig Skinner skin...@britvault.co.uk wrote:
 On 2015-07-28 Tue 15:30 PM |, Mohammad BadieZadegan wrote:
 What is the best and lightest browser that usefull with fvwm?

 Dillo is generally good, with Firefox for heavy sites.

 Depends on where _you_ surf.


I'm just an obsd end-user, but it would be wrong for me to not say
something nice to/ or about the devs behind the xombrero browser. I
think xombrero is a diamond in the rough and I hope they keep
polishing it until it becomes a common recommendation on this list.
The authors are listed at the bottom of man xombrero

Re: nsd configuration problem

[Andrew Daugherity]

On Wed, Jun 24, 2015 at 1:06 PM, Graham Stephens
gra...@thestephensdomain.com wrote:
 ---
 On 24/06/2015 18:43, mxb wrote:
 Hey,
 this is a bit different from bind/named.

 nsd is a authoritative server ONLY.
 unbound is a caching server ONLY.

 I use those together on the same machine.
 nsd is handling all zones, unbound answers queries.

 nsd.conf:
 [port 5353, snip rest of cfg]

 unbound.conf:

 server:
  ## this one important to be able to query nsd
  do-not-query-localhost: no

  private-domain: homelan.com

  ## this one important to be able to query nsd
  local-zone: 78.168.192.in-addr.arpa. transparent

 ## forward to nsd
 forward-zone:
  name: homelan.com
  forward-addr: 127.0.0.1@5353

 ## forward to nsd
 forward-zone:
  name: 78.168.192.in-addr.arpa
  forward-addr: 127.0.0.1@5353

 ## forward to google
 forward-zone:
  name: .
  forward-addr: 8.8.8.8

This is similar to my setup, although I used stub-zone/stub-addr
instead of forward-zone for my internal forward and reverse zones, as
that seems to make more sense based on my reading of unbound.conf(5).
(It says stub-zone is for authoritative servers, which nsd is, and
forward-zone is for recursive servers.  I'm not 100% sure I am correct
here, however.)  I also did not define a global forward-zone -- why
not just use the system DNS servers?

The important bits to actually make this work are the
'do-not-query-localhost: no' and 'local-zone: C.B.A.in-addr.arpa.
transparent' options, needed to override unbound's default behavior of
ignoring localhost and RFC1918 addresses.  It took me a while to find
this, until I discovered the proper keywords to Google for.

I think this would be a good addition to the OpenBSD FAQ.  While less
common than a simple caching resolver, it's probably not too uncommon
to have used BIND to serve a local zone and also act as a caching
resolver, and having some guidance on how to convert your BIND setup
to unbound+nsd would be nice.  (Good guidance, not misleading and/or
incorrect advice from ca***el.org!)  nsd on a localhost high port,
serving my old BIND zone files, and unbound forwarding to it for my
zones was easy enough, but the two magic options letting unbound
actually talk to nsd were somewhat less obvious.

-Andrew

Re: Any books about OpenBSD ARM programming?

[andrew fabbro]

On Wed, Jun 24, 2015 at 6:57 PM, Geoff Steckel g...@oat.com wrote:

 The McKusick books are a reasonable introduction to the kernel
 as it was some decades ago.


There was a 2nd edition of The Design and Implementation of the FreeBSD
Operating System released September 2014.  I haven't looked at it - was it
updated to reflect current design?


-- 
andrew fabbro
and...@fabbro.org
blog: https://raindog308.com