Re: Running OpenBSD on a VPS.
On Thu, 11 Jul 2024 03:10:43 +0100, Christian Schulte wrote: > > Running OpenBSD since then personally. Never had a chance to install it > to a server, because the providers did not support it. Now they do. Not all of them. Special in case like Hetzner, online.net and similar one. But they allow to load the server from rescue mode with some linux, what opens a kind of backdoor where you run QEMU to install OpenBSD :) You may achive some kind of semi-automatic installation with answer files, but QEMU uses only tftp-server-name which support was removed at 7.0, so, semi-automatic installation via QEMU works for OpenBSD up to 6.9. -- wbr, Kirill
Re: Filesystem corruption on OpenBSD routers after power outage?
On Wed, 10 Jul 2024 17:40:17 +0100, Tom Smyth wrote: > > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144 0 0 > swap /var/log mfs rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0 > swap /var/run mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/var/run 0 0 > swap /dev mfs rw,nosuid,noexec,-P=/persist-fs/dev,-i=2048,-s=32768 0 0 > I'd like to share https://marc.info/?l=openbsd-bugs=171959901216119=2 Here I have a pretty simple way to block mfs when the system starts to use swap. Not sure if it is achievable by you, but still worth mentioning -- wbr, Kirill
Re: Filesystem corruption on OpenBSD routers after power outage?
On Wed, 10 Jul 2024 14:44:28 +0100, Tom Smyth wrote: > > #cat /etc/fstab > > ff0023511d131fc2.a / ffs rw,softdep,noatime 1 1 > ff0023511d131fc2.b /usr/local ffs rw,wxallowed,nodev,softdep,noatime 1 2 > ff0023511d131fc2.d /var ffs rw,nodev,nosuid,softdep,noatime 1 2 > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/tmp 0 0 > swap /var/log mfs rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0 > swap /var/run mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/var/run 0 0 > swap /dev mfs rw,nosuid,noexec,-P=/persist-fs/dev,-i=2048,-s=32768 0 0 > You can dramatically reduce the probability of errors that can't be fixed by fsck on boot by adding sync. Especially with noatime, this seems like a bulletproof setup. -- wbr, Kirill
Re: OpenBSD runs hotter than Linux with same laptop, draws more electricity?
On Tue, 02 Jul 2024 09:54:09 +0100, Stuart Henderson wrote: > > A lot of this is down to Linux having spent more time on optimising > things for power consumption. Things like choices made in the scheduler > (deciding which cpu to run a process on) have an effect, especially on > certain cpu types, as well as code selecting cpu frequencies etc. > Also, not all drivers support hardware power saving features. For example, as far as I know, iwx and similar drivers do not. -- wbr, Kirill
Re: /tmp on mfs is blocked
and here we go:
~ $ ps auxl | grep D
USER PID %CPU %MEMVSZ RSS TT STAT STARTED TIME COMMAND
UID PPID CPU PRI NI WCHAN
root 40744 0.0 1.3 1049488 218256 ?? D 2:59PM0:13.90
/sbin/mount_nfs 0 1 0 -18 0 anonget
catap 13530 0.0 2.0 1039528 330124 ?? DpU 3:04PM0:23.48
ungoogled-chromi 1000 68942 0 -18 0 fltasgi
catap 7160 0.0 0.7 821464 107612 ?? DpU 3:04PM0:04.48
ungoogled-chromi 1000 68942 0 -5 0 biowait
catap 26061 0.0 0.6 766536 92496 ?? DpU 3:05PM0:00.77
ungoogled-chromi 1000 68942 0 -5 0 biowait
catap 81520 0.0 0.0 1528 1176 p3 D+p 5:23PM0:00.00 ls /tmp
1000 62543 0 10 0 inode
catap 57257 0.0 0.0 108 384 C0 R+/1 5:24PM0:00.00 grep D
1000 70049 29 53 0 -
~ $ doas sysctl ddb.trigger=1
Stopped at db_enter+0x14: popq%rbp
ddb{0}> show locks
exclusive rwlock sysctllk r = 0 (0x82739928)
exclusive kernel_lock _lock r = 0 (0x827c32d0)
ddb{0}>
Thus, doas reboot won't reboot machine from this state. After that
machine is completly stuck. Reboot from ddb works. shutdown -r now also
doesn't work.
And easy way to achive this is run VM inside VMD which forces system to
start using swap. As soon as it uses swap, around 500-700 mb is enough, 300
doesn't, it goes into this state.
Should I dulicate it inside bugs@?
--
wbr, Kirill
Re: /tmp on mfs is blocked
> > I never doubt that, but I had rebuild kernel on my machine with WITNESS, to > be able to get more usefull reason if such case happened again. > Seems that I had boot wrong kernel, or option WITNESS option WITNESS_WATCH wasn't enough, will reboot and double test it. The good news that I can reproduce it releativly easy. Anyway, here ps with l: src $ ps auxl | grep D USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND UID PPID CPU PRI NI WCHAN root 55404 0.0 4.5 1049492 734588 ?? D Fri02AM0:14.09 /sbin/mount_mfs 0 1 0 -18 0 anonget catap66849 0.0 2.6 395840 427736 ?? DpUFri02AM3:41.21 ungoogled-chromi 1000 82788 1 -5 0 vinvalb catap56100 0.0 1.4 895404 235868 ?? DpUFri02AM1:39.80 ungoogled-chromi 1000 82788 0 -5 0 getblk catap33124 0.0 1.7 988916 287816 ?? DpUFri02AM0:39.19 ungoogled-chromi 1000 82788 0 -5 0 biowait catap22342 0.0 1.0 820260 173008 ?? DpU10:46AM0:06.15 ungoogled-chromi 1000 82788 0 -5 0 getblk catap64977 0.0 0.0 1348 4044 ?? D 2:12PM0:00.01 /usr/X11R6/bin/x 1000 70379 0 10 0 inode catap93974 0.0 0.0 1140 1804 p2 D+p 2:12PM0:00.00 man ps 1000 6039 0 -5 0 getblk catap68803 0.0 0.0 796 1332 p3 S+p 2:16PM0:00.00 grep D 1000 55628 0 -6 0 piperd src $ anything which is touching /tmp is blocked, and df -i says: mfs:55404 2028910296608 163085816% 326 269816 1% /tmp and top says about this load averages: 0.75, 0.94, 1.26 matebook.local 14:21:53 135 processes: 1 running, 130 idle, 4 on processorup 0 days 12:13:33 4 CPUs: 2.3% user, 0.0% nice, 0.9% sys, 0.5% spin, 0.0% intr, 96.3% id Memory: Real: 10G/14G act/tot Free: 895M Cache: 2631M Swap: 555M/16G -- wbr, Kirill
Re: /tmp on mfs is blocked
On Fri, 28 Jun 2024 11:09:56 +0100, Crystal Kolipe wrote: > > The mfs code has been stable for many releases in all of these scenarios. > I never doubt that, but I had rebuild kernel on my machine with WITNESS, to be able to get more usefull reason if such case happened again. -- wbr, Kirill
Re: /tmp on mfs is blocked
On Fri, 28 Jun 2024 07:24:16 +0100, Dan wrote: > > What about permissions over /tmp? > > I really think you are talking of /tmp over mfs, mh.. in my own > flavour (different setup) I have to *very versatilly* adjust permissions > to use it. Never mind.. I'm wondering you remain locked there.. > Well, I had issue with wrong permission at /tmp on mfs and it lead to discover a bug inside emacs' tram mode :) Neverless this setup with /tmp on mfs seems to have right perssion, at least right enough to run X11 and things like Chrome for something like a month. -- wbr, Kirill
/tmp on mfs is blocked
misc@, I just encountered wired case when my /tmp was blocked, and nothing had worked. via ps I saw: root 59095 0.0 1.1 1049488 174152 ?? D Wed10PM0:40.02 /sbin/mount_mfs -o rw -o nodev -o nosuid -s 1024m swap /tmp and fstat -p 59095 points nothing abnormal: USER CMD PID FD MOUNTINUM MODE R/WSZ|DV root mount_mfs 59095 text / 53639 -r-xr-xr-x r 240160 root mount_mfs 59095 wd / 2 drwxr-xr-x r 512 htop reports that some swap was used and df points that ~200mb were used and /tmp had plenty of free space. Have you seen that before? How can I dig it future? -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Thu, 27 Jun 2024 21:33:15 +0100, Anon Loli wrote: > > It'd be nice if someone can share any experiences with this matter (which > fall under the > conditions that which I imposed on myself), especially fsdb, assuming that it > can actually help in this matter... in an understandable fashion... unless I > waste 5 days on it (and still get nothing lol) > Something like 20 years ago I had reformated XFS with some data and rebuild it's from scratch. I have lost almost none metadata, and it was possible to rebuild. It took me couple of weeks to do it. Your case much worst. I have no idea how FFS is designed, but I bet that you had lost all your file names. Anyway, content of files should be intact that can be extracted with some kind of fuzzy search. But if you have some encrypted blobs, find them can be another challenge. Can you rebuild your FS from scratch by hand? Well, it is possible, but I think that you need to invest months, maybe years, of work. > > So as far as I understand, because of the 1st 74M being gone (the index of the > FS and stuff I'm guessing), that's like the entire FS is corrupt, so I'm > guessing I'd somehow have to go trough the entire 220/239G of data with > fsdb... > and my guess is that it won't be fast > I suggest you to use some software that may scan your image and try to extract something. But I can't suggest anything which may support OpenBSD FS. -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Thu, 27 Jun 2024 16:02:36 +0100, Anon Loli wrote: > > I'm not using anything commercial OR proprietary > [...] > > No one is getting any image or file or anything from me, and I'm not sending > my > drives to anyone. This might sound rude or stupid to you, I'm sorry, but > that's > not debatable.. > Well, when you're on you own. I really doubt that many software supports OpenBSD FS. > It sure does sound like a hobby for a while! > > Can't I just need to somehow fix the 1st 74M, and then somehow magically the > FFS sd3i magically is alive again, mountable and ridable? (get the > double-meaning? > xD) > I'm wondering how filesystems and how FFS2 works, and if maybe the 74M can be > somewhat easily fixable, like do filesystems keep an index of files and I > overwrote 74M of that index, or something like that? > "something like that", indeed. At begining FS, far less that the first 74M, it has the header and some structures that defines trees and other things like file names. Can you recreate it? Perhabs. -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Thu, 27 Jun 2024 05:12:57 +0100, Anon Loli wrote: > > But the steps that I already took is good, right? Is my corrupt data backed up > at least? I need the raw disc copy, not the sd3i copy, right? Should I copy > both? I have space > Made as many copy of different things as you can. Better to make useless copy here now than miss something and understand it when no return. > > why is everyone recommending rsync then? > Personally, I understand your emails at some point like you had FS with files mounted. Probably not only I had understand it that way. > > No kidding? The 1st few people made it sound like it's going to be relatively > easy :( > Depends on your luck. Right now we have some comercial and open-source software which may support OpenBSD FS, or may simple make a search in data to get some files. Anyway, this isn't easy and fast task. If you really need your data I suggest to contact a few companies which recover data, explain to them that had happened and provide to them your images. Different tools may find different files, or different part of the same file :) and after that you need to recombinided it into your real files. Sounds like a hobby for a while, isn't it? -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Tue, 25 Jun 2024 04:05:45 +0100, "B. Atticus Grobe" wrote: > > A word of warning: even multiple overwrites are not guaranteed to erase any > kind > of flash-based storage. This applies even to some spinning rust now that have > intermediate flash storage caches on them (although those tend to be > enterprise-level devices). > > SSD/NVME's made by a reputable manufacturer usually have a secure delete > function, > but there are cases where this doesn't work, or doesn't work entirely, etc. > This is a very interesting point, thank you. Do you know any kind of behavior for TRIM? So, literally, here no way to secure remove data from SSD/NVME. -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Mon, 24 Jun 2024 19:29:52 +0100, Anon Loli wrote: > > Encryption is a must, it's not just family photos, but even if it was, I'm > still not putting them on clear disk > You may fill your disk, after you recover everything with random data. Couple of times. It removes everything. -- wbr, Kirill
Re: libopensmtpd with res_query_async never calls cb
On Fri, 14 Jun 2024 13:13:17 +0100,
Kirill A. Korinsky wrote:
>
> Anyway, I'm puzzling that to do next.
>
long story short: my code contains asr_abort and when it had happened it
doesn't decrease internal counter that lead to the deadlock.
Anyway, I suggest to add DEBUG print into asr_abort because right now it is
missed, and such output may save many hours of debuging.
Something like this:
diff --git lib/libc/asr/asr.c lib/libc/asr/asr.c
index c4ee2dd103f..afdbe00 100644
--- lib/libc/asr/asr.c
+++ lib/libc/asr/asr.c
@@ -173,6 +173,8 @@ DEF_WEAK(asr_resolver_free);
void
asr_abort(struct asr_query *as)
{
+ DPRINT("asr: asr_abort(%p) %s ctx=[%p]\n", as,
+ _asr_querystr(as->as_type), as->as_ctx);
_asr_async_free(as);
}
--
wbr, Kirill
Re: booting and RAID-5
On Sat, 15 Jun 2024 14:05:07 +0100, Marco van Hulten wrote: > > Would a good approach be to create a root device on one disk (and maybe > altroots on one or both of the others) and use the rest of all disks as > RAID-5 device? Or is there a good reason to boot from a disk separate > from the envisioned RAID-5 configuration? > Why not use dedicated RAID-1 for / instead? -- wbr, Kirill
Re: Do I need to wipe encrypted dual boot NVME before installation
On Sat, 15 Jun 2024 10:01:51 +0100, lafermedesanim...@posteo.net wrote: > > I have a dual boot Devuan/OpenBSD, I wrote random data on my > drive and then install the OSes, both are encrypted. > Now, I want to remove this dual boot to have only OpenBSD > and use it as a daily driver. > My plan for this is to boot a GNU/Linux live usb, erase LUKS keys > with cryptsetup command, use the wipefs command to erase LUKS > header and reinstall OpenBSD with full disk encryption. > Is it secure enough ? Do I need to do something with OpenBSD > encrypted data as I have to with the LUKS keys/header on GNU/Linux ? > Probably I don't understand your attack vecor, but where I stay if you reinstall with reformat whole disk, old data on the disk will be replaced or not, but it shouldn't create an issue, should it? -- wbr, Kirill
Re: crippled my laptop trying to reclaim root space
On Thu, 13 Jun 2024 02:29:02 +0100, "Brian Conway" wrote: > > A note on how you got into the original situation without addressing all > the things you've done since: /dev should only be a few dozen KB in size > (less than 50). Some time in the past, you likely wrote a significant > amount of data to a new file in /dev rather than the device you intended. just an example of such application is logfmon which has cachefile which it removes and creates, after it was read. So, if you run it under root with /dev/null as cache file, you'll lose your /dev/null, and soon it will be quite big. -- wbr, Kirill
libopensmtpd with res_query_async never calls cb
misc@,
I dig into issue when callback which is scheduled via res_query_async never
fired inside opensmtpd filter which uses libopensmtpd.
I've tried both res_query_async and getrrsetbyname_async without any
differences on OpenBSD 7.5
The code looks like:
if ((query =
getrrsetbyname_async(domain, C_IN, T_TXT, 0, NULL)) ==
NULL)
osmtpd_err(1, "res_query_async");
if ((sig->query = event_asr_run(query, ar_rr_resolve, sig)) == NULL)
osmtpd_err(1, "event_asr_run");
where ar_rr_resolve is callback which need to be fired, the whole code:
https://github.com/catap/opensmtpd-filter-auth/blob/master/main.c#L863-L881
For one event loop it may setup a few quereis and some domain migth similar.
After spending a lot of time with debug I narrow down to the issue in
event_asr_dispatch which re-schedule event_add, and it never had happened.
Nor timeout, nor inout, nothing. Not always. Sometimes.
Thus, I've rebuild libc with enabled debug to use ASR_DEBUG and here an
output which proves that behaviour.
Anyway, I'm puzzling that to do next.
tcpdump:
14:09:36.760807 127.0.0.1.44226 > 127.0.0.1.53: [bad udp cksum 50fe! -> de34]
64311+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 35656, len 81,
bad ip cksum 0! -> f151)
14:09:36.785096 127.0.0.1.53 > 127.0.0.1.44226: 64311$ q: TXT?
20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net.
CNAME[|domain] (ttl 64, id 25945, len 533, bad ip cksum 0! -> 157d)
14:09:36.785283 127.0.0.1.15520 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 6b81]
2100+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 27815, len 77, bad
ip cksum 0! -> ff7)
14:09:36.785305 127.0.0.1.53 > 127.0.0.1.15520: 2100$ q: TXT?
20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net.
TXT[|domain] (ttl 64, id 15297, len 493, bad ip cksum 0! -> 3f3d)
14:09:36.863795 127.0.0.1.18298 > 127.0.0.1.53: [bad udp cksum 50fe! -> 4fc4]
53518+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 23044, len 81,
bad ip cksum 0! -> 2296)
14:09:36.863838 127.0.0.1.53 > 127.0.0.1.18298: 53518$ q: TXT?
20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net.
CNAME[|domain] (ttl 64, id 51168, len 533, bad ip cksum 0! -> b2f5)
14:09:36.863990 127.0.0.1.36692 > 127.0.0.1.53: [bad udp cksum 4dfe! -> 41fd]
14366+ TXT? 20240125rsa._domainkey.korins.ky.(50) (ttl 64, id 61731, len 78,
bad ip cksum 0! -> 8b79)
14:09:36.865962 127.0.0.1.2727 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 94e4]
55043+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 32069, len 77, bad
ip cksum 0! -> ff58)
14:09:36.865977 127.0.0.1.53 > 127.0.0.1.2727: 55043$ q: TXT?
20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net.
TXT[|domain] (ttl 64, id 57083, len 493, bad ip cksum 0! -> 9c02)
14:09:36.866528 127.0.0.1.45954 > 127.0.0.1.53: [bad udp cksum 51fe! -> 8452]
25459+ TXT? 20240125ed25519._domainkey.korins.ky.(54) (ttl 64, id 15424, len
82, bad ip cksum 0! -> 4059)
14:09:36.896741 127.0.0.1.53 > 127.0.0.1.36692: 14366$ q: TXT?
20240125rsa._domainkey.korins.ky. 2/0/0 20240125rsa._domainkey.korins.ky.
CNAME[|domain] (ttl 64, id 1532, len 539, bad ip cksum 0! -> 74d4)
14:09:36.997396 127.0.0.1.53 > 127.0.0.1.45954: 25459$ q: TXT?
20240125ed25519._domainkey.korins.ky. 2/0/0
20240125ed25519._domainkey.korins.ky. CNAME[|domain] (ttl 64, id 37600, len
208, bad ip cksum 0! -> e93a)
asr log:
Jun 14 14:09:36 mx0 smtpd[37708]: auth: using thread-local resolver
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: checking for update of
"/etc/resolv.conf"
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_ref(ctx=0x22f67302840)
refcount=1
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840)
type=2 refcount=2
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_unref(ctx=0x22f67302840)
refcount=3
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f672e1460,
0x72f8081d0ea8) ASR_GETRRSETBYNAME ctx=[0x22f67302840]
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr:
res_query_async_ctx("20240125rsa._domainkey.mx.catap.net.", 1, 16)
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840)
type=0 refcount=2
Jun 14 14:09:36 mx0 smtpd[37708]: auth: - asr_setup_query -
Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; HEADER id:0x37fbop:0 RD
z:0 ADr:NOERROR qd:1 an:0 ns:0 ar:0
Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; QUERY SECTION:
Jun 14 14:09:36 mx0 smtpd[37708]: auth: 20240125rsa._domainkey.mx.catap.net.
IN TXT
Jun 14 14:09:36 mx0 smtpd[37708]: auth: --
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_GETRRSETBYNAME@0x22f672e1460]
ASR_STATE_INIT -> ASR_STATE_SUBQUERY
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f67310620,
0x72f8081d0ea8) ASR_SEND ctx=[0x22f67302840]
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_SEND@0x22f67310620]
ASR_STATE_INIT -> ASR_STATE_NEXT_NS
Jun 14 14:09:36
Re: cpu cores
Greetings, On Mon, 10 Jun 2024 13:15:13 +0100, Riccardo Mottola wrote: > > This is for workstation use, mixed user and developer. To each its own. > I bet it ends depending also on cache, memory and specific jobs. > Do not forget about IO, which can be a bottel neck in case of compiling. Have you tried to run compilation with the same parallerism with and without HT enabled? For example build kernel with -j10 which is bigger than number of CPU with enabled HT on that machine (4 / 8): without HT: 8m42.07s real27m31.80s user 4m55.68s system vs with HT: 8m38.82s real50m47.22s user 8m41.53s system -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On Sat, 08 Jun 2024 15:56:06 +0100, Stuart Henderson wrote: > > I think this should be possible with the standard route table, without > route-to. Essentially you need: > > 1. your machine to answer arp for the wg ip so other hosts will send > ethernet packets to it > > 2. your machine to not be configured with the wg ip itself > > 3. route entries such that those packets end up sent out the wg interface > (you may possibly need a route command with -ifp wg0) > Thanks, after re-reading map page for route I was able to figure it out in quite simple way, without NAT, routing domain, dedicated MAC which was added to separate things with hope to make things easy. So, here the resulted config: Client: rdomain 1 wgrtable 0 wgkey ... wgpeer ... \ wgendpoint 1.2.3.4 51820 \ wgaip 0.0.0.0/0 \ wgpka 25 \ wgpsk ... inet 1.2.4.5/28 up !route -T 1 add default 1.2.4.1 Server: wgkey ... wgpeer ... \ wgaip 1.2.4.5/32 \ wgpka 25 \ wgpsk ... wgport 51820 inet 127.255.255.255/32 up !route add -inet 1.2.4.5 -llinfo -link -static -iface \$if Without inet 127.255.255.255/32 adding a static route fails as: add host 1.2.4.5: gateway wg0: Network is unreachable -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On Fri, 07 Jun 2024 16:25:48 +0100, Stuart Henderson wrote: > > I think you'll need proxy ARP then. > After a few attempts to make it works, I think I need help. My setup. Server: where em0 is uplink with routed 1.2.3.4/24 and 1.2.4.5/24 with expected gateway 1.2.3.1 and 1.2.4.1, em0 is included into bridge0 and 1.2.3.4/24 is configured as input point at route domain 0. To make things simpler each IP is associeted with it's own MAC address and switch expects that 1.2.4.5 with 00:50:56:01:1d:40. So, I have: $ cat /etc/hostname.vether1 lladdr 00:50:56:01:1d:40 rdomain 2 up !arp -s 1.2.4.5 00:50:56:01:1d:40 pub $ cat /etc/hostname.wg0 rdomain 2 wgkey ... wgpeer ... \ wgaip 1.2.4.5/32 \ wgpka 25 wgport 51820 wgrtable 0 up $ when I run ping from client to 1.2.4.1 I see traffic on wg0 on the server, but I can't figure out how to redirect it to vether1 and send to the switch. I feel that I miss some pice. I see route-to in pf.conf which probably the missed pice but I can't figure out how to use it. -- wbr, Kirill
Re: cpu cores
On Sat, 08 Jun 2024 11:09:29 +0100, Omar Polo wrote: > > On 2024/06/08 10:09:07 +0100, Kirill A. Korinsky wrote: > > On Sat, 08 Jun 2024 04:57:49 +0100, > > Gustavo Rios wrote: > > > > > > i have installed obsd on my dell notebook 8 cores processor. When i > > > execute > > > the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), but > > > cpu1 and cpu3 is not listed. What is the problem ? > > > > > > > A blind guess: sysctl hw.smt=1 may return your hypertreading cores. > > which is a very bad advice to give. There's a reason sysctl hw.smt=1 > defaults to that value. One should rather give a "blind guess" of "your > hyperthread cores are disabled by default" rather than give a bad advice > without explanation. I'll make my advice cleaner, I defently mean that missed cores probably is disabled becuae it is hyperthreading ones which can be seen as offline in htop, or enable via sysctl. Also, I'd like to add that from security point of view SMT in general and hyperthreading as an example is very bad idea. Thus, here old but interesting results that enabling hyperthreading has negative effect on performance of have CPU used applications: https://web.archive.org/web/20220325090914/http://users.telenet.be/nicvroom/performanceP4.htm -- wbr, Kirill
Re: cpu cores
On Sat, 08 Jun 2024 04:57:49 +0100, Gustavo Rios wrote: > > i have installed obsd on my dell notebook 8 cores processor. When i execute > the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), but > cpu1 and cpu3 is not listed. What is the problem ? > A blind guess: sysctl hw.smt=1 may return your hypertreading cores. -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Fri, 07 Jun 2024 12:08:45 +0100, Florian Obser wrote: > > On 2024-06-07 12:04 +02, "Peter N. M. Hansteen" wrote: > > I tend to summarize along the lines of "BSD licensed means you can do > > whatever > > you damned well please with the code except claim that you wrote it all > > yourself" > > And this is why I get very grumpy when things like copilot steal my > code. I'm already giving it away, but oooh no, that's not enough. > ...and things will be quite ugly for users of that technology as soon as it steals AGPL or patented code. -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Fri, 07 Jun 2024 10:48:45 +0100, Stuart Longland wrote: > > GPL means they have to share changes they make with the person > "receiving" the binaries (which includes the end user, since they were > shipped the binaries stored on the boot device in said appliance). As > the copyright holder, you can then take people to court if they withhold > such modified sources, since that's a license violation. > I'd like to add that AGPL requires to share the code of netwrok services as well to anyone who uses it. Yep, via network. At the end of the day this license if banned in Google: https://opensource.google/documentation/reference/using/agpl-policy/ -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On Fri, 07 Jun 2024 12:36:20 +0100, Stuart Henderson wrote: > > Configure the IP address on the wg interface with some subnet of 1.2.4.0/24 > that > includes 1.2.4.5, and use wgaip 1.2.4.5/32 (or a larger block if you wish to > route > multiple addresses over wg) for the relevant peer. > Here the catch on which I blocked: I do have only two IPs from two different network on em0 and it's all. The switch on ISP side I assume simple routes to my port traffic for both IP and I strugle on how redirect traffic from wg interface to em, I can't use bridge and I can't expect that traffic is routed via em's IP. -- wbr, Kirill
Share one of machines IP via WireGuard
misc@, I wonder if it is possible to share an IP associated with a machine through a WireGuard connection? Suppose I have a machine that has two IPs on different networks: - 1.2.3.4/24 gw 1.2.3.1 - 1.2.4.5/24 gw 1.2.5.1 I'd like to allow incoming connections via WG to 1.2.3.4 and forward 1.2.4.5 to the WG client. The best I can do now is create rdomain with wg and vether interfaces, and use PF nat to vether. But maybe it is possible to avoid NAT somehow? -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Thu, 06 Jun 2024 03:33:53 +0100, "Peter J. Philipp" wrote: > > This isn't about Patents, this is about Copyright. And that's the sole > interest of mine, and Lawyers are there for a reason. It should interest > OpenBSD in one form or another since i used the same Copyright and License > as them, if the outcome may be that the Copyright does not protect my works > and its license then there is no need to retain a license at the top of every > source file at all. I do not understand how you plan to prove that someone infringed on some part of your code by removing copyrigths from it and selling it. Especially if the result is binary and the copyrights are comments in the source code. > Again, like I said, all I have to go on is hearsay, and I'm looking for a > mistake that the entity did indeed change the license and copyright of the > original source code. If they did that mistake, then I got them. And they > will be sued. > > This should also be interesting to the GNU open sourcers because as far as > their "Copyleft" is concerned it has come to my attention that Artificial > Intelligence has been ripping off their code, stripping their licenses in the > process and making the final outcome theirs. If you're watching the scene, > programmers are suing. And rightfully so. > This door has already been opened, and the most notable case I suppose is that Linux developers took some code from BSD and put GPL on it: https://marc.info/?l=linux-wireless=117572345902445=2 Anyway, I have seen more than once when someone puts components under a different OpenSource license and relicenses them under something else. The last example that I've seen is bzip3: https://github.com/kspalaiologos/bzip3?tab=readme-ov-file#licensing -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Wed, 05 Jun 2024 06:08:23 +0100, "Peter J. Philipp" wrote: > > I have been made aware of hearsay that someone took my open source code > protected under the same license as OpenBSD and sold it for a lot of money. > I have no proof of this personally but I ask you to help me find evidence of > this. There is not much I can do about this, except if the person or persons > were stupid enough to change the license to their names. > The only way to be protected is to try to make patent for some algorithms, but it is expensive in terms of fee to support in different countries (for example Germany fee is close to €2k/year at the end of the table) and requires a lot of paperwork by quite expensive lawyers. So in the end you never know the outcome and predicting the decision of the court is impossible. Ok, the only known outcome of the court is that your lawyer makes very good money. -- wbr, Kirill
Re: mounting audio cd
On Sat, 01 Jun 2024 07:44:10 +0100, Geoff Steckel wrote: > > On 5/31/24 15:46, Harald Arnesen wrote: > > MIZSEI Zoltán [31/05/2024 20.15]: > > > >> Interestingly BeOS and Haiku lets you to mount an audio cd, it > >> generates a vfs from the toc and shows the tracks as wav or flac > >> (fixme), it does an automatic conversion behind the courtains if you > >> copy a file from an audio cd. > > > > Linux also had such a thing in the past - I can't remember the name of > > the file-system. > fuse(4) + part of a CD player + A Simple Matter of Programming > Here quite old FUSE project which can be, probably, brings to live https://github.com/steelcandy2/audiofs -- wbr, Kirill
Re: New filters auth and sign
On Sat, 01 Jun 2024 08:45:00 +0100, "Corey Hickman" wrote: > > does it have policy server included? for instance, when DKIM fails, the > policy can be set up to deny the message. > Right now it ignores DMARC as if it doesn't exist. Doing a DMARC lookup for domain and inserting it's results into the header is possible and not a big deal, but it has some issues. The first is parsing the From header. It is durable, but different MUA may follow different logic and parser for this can be quite complicated. And complicated means bugs. The second is more ideological. DMARC needs something that aggregates the results and sends out reports. It shouldn't be a filter for smtpd. But a filter can write it's decision to log, and something should harvest it to process and create reports that need to be sent. Anyway, forensic reports, which should be close to real-time and include a lot of things from the original email, is a much more complicated story. All this brings up the question of personal data / GDPR and DMARC. I know of a very good analysis of DMARC and GDPR in the case of German law [1], which can be summarized as a quote: The reports are fundamentally permitted and justified under data protection law. However, the principle of proportionality is to be complied with at all times. Based on this analysis, I assume that only aggregated reports can be used without legal headaches in the EU. But implementing only a part of DMARC seems as much worse than not implementing it at all, and implementing it in its entirety requires a lot of pieces in place, much more than just a filter. Thus, DMARC was discussed on the OpenBSD mailing lists a few months ago [2]. As a conclusion, I personally use the p=none policy, because I assume that my mail should be delivered, and To is not the final destination, it's a kind of starting direction of the mail's way to the recipient. Footnotes: [1] https://certified-senders.org/wp-content/uploads/2018/08/Report_DMARC_and_GDPR.pdf [2] https://marc.info/?l=openbsd-misc=171015367409290=2 -- wbr, Kirill
Re: New filters auth and sign
On Sat, 01 Jun 2024 00:34:41 +0100, Kirill A. Korinsky wrote: > > Greetings, > > I'd like to announce a two new filters for OpenSMTD which better to use > together: auth and sign. > Oops, wrong list. It should be m...@opensmtpd.org. Sorry for nosy. -- wbr, Kirill
New filters auth and sign
Greetings,
I'd like to announce a two new filters for OpenSMTD which better to use
together: auth and sign.
auth is a filter which verify DKMI, ARC and SPF, and iprev. It adds
Authentication-Results header or ARC-Authentication-Results.
sign is a filter which adds DKMI or ARC signature, or ARC seal.
For example, I run configuration:
filter "auth" proc-exec "filter-auth"
listen on egress port smtp ... filter { admdscrub, "auth", dnsbl }
filter sign_ed25519 proc-exec "filter-sign -a ed25519-sha256 -D
/etc/mail/domains \
-s 20240125ed25519 -k /etc/mail/dkim/20240125.ed25519.key" user
_dkimsign group _dkimsign
filter sign_rsa proc-exec "filter-sign -a rsa-sha256 -D /etc/mail/domains \
-s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign
group _dkimsign
filter arc_auth proc-exec "filter-auth -A"
filter arc_sign proc-exec "filter-sign -A -a rsa-sha256 -d mx.catap.net \
-s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign
group _dkimsign
filter arc_seal proc-exec "filter-sign -S -a rsa-sha256 -d mx.catap.net \
-s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign
group _dkimsign
filter sign chain { sign_ed25519 sign_rsa arc_auth arc_sign arc_seal }
listen on egress port submission ... filter sign
Here all incomming messages is autorised by adding Authentication-Results,
and all outcomming messages:
- signed by two DKMI signature with correct domain (list in /etc/mail/domains)
- signed by one ARC signature with domain mx.catap.net
- seal by one ARC seal with domain mx.catap.net
Yeah, it is possible to use different selectors for ARC signature and seal,
but I haven't tested it.
The code is based on Martijn van Duren's filter-dkimsign, filter-dkimverify
and filter-spf, and I also used some pices from spfwalk.c from OpenSMTPD.
Man pages for both filters are updated.
Thus, sign filter is drop-in replacment for filter-dkimsign.
Code available here:
- https://github.com/catap/opensmtpd-filter-auth
- https://github.com/catap/opensmtpd-filter-sign
I also attached ports for OpenBSD which I used to run it.
How stable it is? Well, enough to share and ask for feedback. It may
contains bugs, but it should be fine to use.
Produced signature was tested against gmail, yahoo, icloud.com and dkimpy
and it holds. Anyway, outlook.com fails on ARC signature with errors 35 or
47 (what does it mean?) and produced invalid signature as the next in ARC
chain (tested by dkimpy).
Thus, this email were sent via server which uses that filters, so, headers
from this email a good example.
--
wbr, Kirill
filters.tgz
Description: Binary data
Re: amd64 bsd.rd for 7.0, 7.1, 7.2
On Fri, 31 May 2024 10:02:57 +0100,
"Quentin Carbonneaux" wrote:
>
> I want to upgrade an amd64 system running 6.9. Following
> the guide I would like to upgrade to 7.{0,1,2,3,4,5}
> sequentially. However it looks like
>
> wget https://cdn.openbsd.org/pub/OpenBSD/7.{0,1,2}/amd64/bsd.rd
>
> returns 404 for all three queries.
>
> Where can I find the bsd.rd images for these versions?
>
> Thanks for your help.
>
Not all mirrors hosts old versions.
For example https://mirror.leaseweb.com/pub/OpenBSD/ from europe has old
versions, but it migth be different from your location.
--
wbr, Kirill
Re: How to set number of blocks in fdisk GPT
On Thu, 30 May 2024 10:06:11 +0100, 04-psyche.tot...@icloud.com wrote: > > How can I choose the blocks parametres in the command: > > fdisk -gy -b blocks disk > > The man page does not indicate how to make an informed choice. I couldn’t > find relevant help on the internet. > As suggested at https://www.openbsd.org/faq/faq14.html you may use 532480. Which is the minimum size of such partition due to a limitation of FAT32. Some details can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions -- wbr, Kirill
Re: Configure User-Agent is relayd HTTP Check ?
On Wed, 29 May 2024 17:19:32 +0100, Joel Carnat wrote: > > Thank you! I went for solution 2 but it seems the string is not send > properly by relayd. > It sends as is, so the rigth approach, let me quote the man is: check binary send data expect data [tls] For each host in the table, a TCP connection is established on the port specified, then the send data is converted into binary and sent. Incoming (binary) data is then read and is expected to match against a binary conversion of the expect data using memcmp(3). data must be populated with a string containing an even number of hexadecimal single-byte characters and must not be empty. This can be useful with binary protocols such as LDAP and SNMP. If the tls keyword is present, the transaction will occur in a TLS tunnel. -- wbr, Kirill
Re: Configure User-Agent is relayd HTTP Check ?
On Wed, 29 May 2024 12:19:15 +0100, Joel Carnat wrote: > > Is there a way to specify a User-Agent value for the check http or shall I > rather tell relayd to validate on "code 418"? here two possible way to overstep it. 1. Use `check script /some/script` which uses curl, wget, ftp or any other way to make HTTP call which is accepted by that server. 2. Use `check send "HEAD /health HTTP/1.1\r\nHost: host\r\nUser-Agent: dummy\r\n\r\n" expect "200 OK HTTP/1.1"` (I haven't tested it, it may contains typos, but it should make an idea) -- wbr, Kirill
Re: httpd & pixelfed
Greetings, On Wed, 29 May 2024 00:01:07 +0100, Am Jam wrote: > > For posterity's sake, my working /etc/httpd.conf is below: > Maybe it is worth making a port for pixelfed to allow others to install it as easily as pkg_add pixelfed with some polish documented in the description? -- wbr, Kirill
Re: how to fsck automatically at boot
On Wed, 22 May 2024 12:53:11 +0100, Nick Holland wrote: > > For reasons of multi-hour fsck's on a few systems, I'm looking at > remounting the problem file systems as "rw" when writing is actually > needed and "ro" after the writing is complete (IN THIS APPLICATION, this > is known) to reduce my "at risk of power outage" window a lot, but I > suspect this will fall deeply within the category of "when I break > things, I get to keep all the pieces". :) > Do you need atime on that FS? Disable it dramatically reduces chances of manual interraction with fsck. If you move forward and add sync which slow down write but allows to get almost zero porbability of fsck interraction. -- wbr, Kirill
Re: how to fsck automatically at boot
On Mon, 20 May 2024 14:22:26 +0100, Mik J wrote: > > aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2 You may add noatime which should decrease probability of issues when an outage had happened. Also, you may consider to use sync option which should future decrease probability of issues on an outage. -- wbr, Kirill
Re: kernel rebuild to debug problem
On Sun, 19 May 2024 20:52:56 +0100, Kapetanakis Giannis wrote: > > I'm trying to bisect a bug and compile an older kernel from cvs > > cvs checkout -D "2023-01-05" src/sys > > and following https://www.openbsd.org/faq/faq5.html#Options > + make install > > New kernel compiles and boots but I get: > > # pfctl -f /etc/pf.conf > pfctl: DIOCADDRULE: Operation not supported by device > > # pfctl -sr > pfctl: Permission denied > > # pfctl -si | head -1 > Status: Enabled for 0 days 00:05:03 Debug: err > > any ideas about this? > You need to build / use no only old kernel but the whole system. The simplest way is to use archived version of snapshots from https://openbsd.cs.toronto.edu/archive/ or another mirror. -- wbr, Kirill
Re: Kernel debugging
On Sat, 11 May 2024 21:49:42 +0100, Daniel Hejduk wrote: > > Is there any way to build the kernel on Linux preferably Arch Linux? > It is theoretically possible, but you need to change Makefiles a lot, and probably to hack your toolchain. -- wbr, Kirill
Re: Kernel debugging
On Sat, 11 May 2024 20:28:08 +0100, Daniel Hejduk wrote: > > I want to enable kernel debugging how can I do it? > See: https://man.openbsd.org/options -- wbr, Kirill
Re: Localnet Hacking
On Sat, 11 May 2024 03:52:32 +0100, Lucretia wrote: > > I have a laptop and am looking to purchase a second computer. Neither of them > will be connected to The Internet, but will be networked together. > > My goal is to study networking, starting with some of the most basic commands > and routines. This will be purely for educational purposes. I may build upon > the network later, perhaps with unconventional devices, but for now I want to > focus just on having two Amd64 machines communicating with one another. > I wonder why to buy any physical devices if you may run virtual machines? -- wbr, Kirill
Re: webssh does not install
On Mon, 06 May 2024 04:14:16 +0100, Eyüp Hakan Duran wrote: > >--- stderr >thread 'main' panicked at cryptography-cffi/build.rs:61:49: >unable to find openssl include path Try to run it with env OPENSSL_DIR="/usr" OPENSSL_STATIC=0 -- wbr, Kirill
Re: Desktop performance
On Sun, 05 May 2024 21:52:11 +0200, Bodie wrote: > > openfiles is very questionable, did you measure with fstat(1) how many of > them do you have when you run Firefox or Chrome or did you have any errors > in logs regarding exhausting that limit? > I run my desktop with default settings (512) and got an issue only once, when tried to build huge Java project with very complicated maven build which includes a few custom plugins. Restart of that build helps. Ok, I know second way to encoutner it. doveadm fetch over archive of mail which contians a user with hundreds of folders. -- wbr, Kirill
Re: ATB.com
On Sun, 05 May 2024 20:49:32 +0200, Austin Hook wrote: > > In the past 6 months is has gotten more and more difficult to sign-on > to with Firefox and OpenBSD, as they have tried to make their sites more > and more bullet proof. > Yeah, an industry to figth bots is qutie popular these days and a lot of companies tries to use it or make their own, in-house, solution. The worst things waits us tomorrow, when you can't go to the web site without using Apple or Google kind of VPN which works only on their devices and OS. Until that tomorrow is happened, here alway a hope. > It seems to go through an amazing number of redirects, and then gets hung > up in the process. Sometimes, tapping different cadences with lots of > control-R or control-F5 sequences, I can get through. It must be a matter > of timing. > > I guess it works better with other operating systems and/or browsers. In > fact I do have much better luck with Chromium + OpenBSD although not > always. Have you tried to enable WebAssembly? I do use chromium with WebAssembly enabled without any issue had openned https://personal.atb.com/ from Europe, note Canada. > > I'd prefer to use Firefox, so long as it exists semi-independently of > monsters like Google. See www/ungoogled-chromium which is chromium without google. -- wbr, Kirill
Re: Desktop performance
On Sat, 04 May 2024 22:32:46 +0200, Chris Bennett wrote: > > My luck with web searches is about zero. Even swapping to different > search engines just gives me crap that's too old or ridiculously wrong. > I have a strong feeling that LLM models adds too much "new" text that makes the OpenBSD community, which is quite small... how can I put it? Well, it looks like that search engine like Google or Bing seems this community to be too small fraction of knowledge which isn't worth to be indexed. Yes, the indexes include some old sites, but it looks like the mail listings are ignored, for example. -- wbr, Kirill
Re: obsd wifi
On Sat, 04 May 2024 21:39:18 +0200, Manuel Solis wrote: > > You could check your interfaces with "ifconfig", then you could see which > interface you have, the most common are iwm0, iwn0, or something like that, > Here the catch: they need a firmware and system needs an internet to get one. -- wbr, Kirill
Re: panic: unix: lock not held
On Fri, 03 May 2024 04:29:24 +0200, Amit Kulkarni wrote: > > Unable to boot to a prompt. How do I recover by booting an older kernel? > There is no /obsd to try out. Keep current /bsd as /obsd in the case of snapshot migth work only if you're updating quite oftne, otherwise the userland migth not work with old kernel due to changes in syscalls for example. -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Thu, 02 May 2024 00:33:47 +0200, "Nathaniel Griswold" wrote: > > Does apmd keep a running average for the current and voltage or is it based > on instantaneous (as close as that can be)? > As far as I understand the code it devides hw.sensors.acpibat0.amphour3 (remaining capacity, Ah) by hw.sensors.acpibat0.current0 (rate, A) to compute life estimation. See acpi.c -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Wed, 01 May 2024 23:58:53 +0200, "Nathaniel Griswold" wrote: > > I guess it's a matter of figuring out which drivers or kernel features are > saving so much power. > From your dmesg: iwx0 at pci6 dev 0 function 0 "Intel Wi-Fi 6 AX210" rev 0x1a, msix if you read the end of man page for iwx you'll see: This driver does not support powersave mode. -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Wed, 01 May 2024 23:54:52 +0200,
"Nathaniel Griswold" wrote:
>
> Interesting, maybe i'll test on it.
>
I've played with this patch a bit more today, as result I've inlined an
updated version to end of this email.
> > Regarding estimated life time:
> >
> > Battery state: high, 66% remaining, 152 minutes life estimate
> > AC adapter state: not connected
> > Performance adjustment mode: powersaving (400 MHz)
> >
> > which is like 2x from usual numbers.
> >
>
> This is for idle current usage?
>
> I tried disabling cores in my bios down to 3 CPUs and did comparisons and i
> didn't really notice a savings.
Yep, it is.
With a few reboot and restart heavy application like chrome with ton of
tabs, rebuilding whole kernel a few times on battery (!), it running 3 hours
10 minutes, and I've started with ~95% battery, not 100%.
A bit history from logs regarding apmd:
1. Snapshot's kernel:
Apr 28 13:32:23 matebook apmd: battery status: CRITICAL. external power
status: not connected. estimated battery life 14% (11 minutes life time
estimate)
2. Solene's patch:
May 1 11:52:28 matebook apmd: battery status: CRITICAL. external power
status: not connected. estimated battery life 14% (14 minutes life time
estimate)
3. Attached patch:
Battery state: CRITICAL, 13% remaining, 31 minutes life estimate
AC adapter state: not connected
Performance adjustment mode: powersaving (400 MHz)
Thus, the current version quite comfortable to use.
diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..c01bb93d94f 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -65,8 +65,11 @@ void update_loadavg(void *);
void schedcpu(void *);
uint32_t decay_aftersleep(uint32_t, uint32_t);
+extern struct cpuset sched_all_cpus;
extern struct cpuset sched_idle_cpus;
+extern int sched_smt;
+
/*
* constants for averages over 1, 5, and 15 minutes when sampling at
* 5 second intervals.
@@ -573,6 +576,7 @@ void (*cpu_setperf)(int);
#define PERFPOL_MANUAL 0
#define PERFPOL_AUTO 1
#define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
int perflevel = 100;
int perfpolicy = PERFPOL_AUTO;
@@ -583,7 +587,9 @@ int perfpolicy = PERFPOL_AUTO;
#include
void setperf_auto(void *);
+void setperf_powersaving(void *);
struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving =
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
extern int hw_power;
void
@@ -653,6 +659,101 @@ faster:
timeout_add_msec(_to, 100);
}
+void
+setperf_powersaving(void *v)
+{
+ static uint64_t *idleticks, *totalticks;
+ static int downbeats;
+ int i, j = 0;
+ int speedup = 0;
+ CPU_INFO_ITERATOR cii;
+ struct cpu_info *ci, *firstoffline = NULL, *lastidle = NULL;
+ uint64_t idle, total, allidle = 0, alltotal = 0;
+
+ if (perfpolicy != PERFPOL_POWERSAVING)
+ goto recover;
+
+ if (cpu_setperf == NULL)
+ goto recover;
+
+ if (hw_power)
+ goto recover;
+
+ if (!idleticks)
+ if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO)))
+ return;
+ if (!totalticks)
+ if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO))) {
+ free(idleticks, M_DEVBUF,
+ sizeof(*idleticks) * ncpusfound);
+ return;
+ }
+ CPU_INFO_FOREACH(cii, ci) {
+ if (!cpu_is_online(ci)) {
+ if (!firstoffline && (sched_smt || ci->ci_smt_id == 0))
+ firstoffline = ci;
+ continue;
+ }
+ total = 0;
+ for (i = 0; i < CPUSTATES; i++) {
+ total += ci->ci_schedstate.spc_cp_time[i];
+ }
+ total -= totalticks[j];
+ idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+ if (idle < total / 3)
+ speedup = 1;
+ alltotal += total;
+ allidle += idle;
+ idleticks[j] += idle;
+ totalticks[j] += total;
+ /* it shoul keep at least one CPU online */
+ if (j++ && cpuset_isset(_idle_cpus, ci))
+ lastidle = ci;
+ }
+ if (allidle < alltotal / 3)
+ speedup = 1;
+ if (speedup)
+ /* twice as long here because we check every 200ms */
+ downbeats = 1;
+
+ if (speedup && perflevel != 100) {
+ perflevel = 100;
+ cpu_setperf(perflevel);
+ } else if (speedup && firstoffline) {
+
atomic_clearbits_int(>ci_schedstate.spc_schedflags,
+
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 18:07:50 +0200,
"Nathaniel Griswold" wrote:
>
> What could be taking so much power? CPUs are idling.
You may try this patch.
It is extention of powersave mode which disabling / enabling CPUs.
It should degradate to single-core mode, but it may contains bugs :)
Right now I'm writing this email from kernel with this patch, on this
mode. Well. It had boot and seems to work.
Anyway, I not sure that I'll run it for long, it had feeling that idle
system is overload, but I'll try.
Regarding estimated life time:
Battery state: high, 66% remaining, 152 minutes life estimate
AC adapter state: not connected
Performance adjustment mode: powersaving (400 MHz)
which is like 2x from usual numbers.
diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..8941675a7f9 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -65,8 +65,11 @@ void update_loadavg(void *);
void schedcpu(void *);
uint32_t decay_aftersleep(uint32_t, uint32_t);
+extern struct cpuset sched_all_cpus;
extern struct cpuset sched_idle_cpus;
+extern int sched_smt;
+
/*
* constants for averages over 1, 5, and 15 minutes when sampling at
* 5 second intervals.
@@ -573,6 +576,7 @@ void (*cpu_setperf)(int);
#define PERFPOL_MANUAL 0
#define PERFPOL_AUTO 1
#define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
int perflevel = 100;
int perfpolicy = PERFPOL_AUTO;
@@ -583,7 +587,9 @@ int perfpolicy = PERFPOL_AUTO;
#include
void setperf_auto(void *);
+void setperf_powersaving(void *);
struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving =
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
extern int hw_power;
void
@@ -653,6 +659,77 @@ faster:
timeout_add_msec(_to, 100);
}
+void
+setperf_powersaving(void *v)
+{
+ static uint64_t *idleticks, *totalticks;
+ static int downbeats;
+ int i, j = 0;
+ int speedup = 0;
+ CPU_INFO_ITERATOR cii;
+ struct cpu_info *ci, *firstidle = NULL, *lastonline = NULL;
+ uint64_t idle, total, allidle = 0, alltotal = 0;
+
+ if (perfpolicy != PERFPOL_POWERSAVING)
+ return;
+
+ if (cpu_setperf == NULL)
+ return;
+
+ if (!idleticks)
+ if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO)))
+ return;
+ if (!totalticks)
+ if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO))) {
+ free(idleticks, M_DEVBUF,
+ sizeof(*idleticks) * ncpusfound);
+ return;
+ }
+ CPU_INFO_FOREACH(cii, ci) {
+ if (!cpu_is_online(ci)) {
+ if (!firstidle && (sched_smt || ci->ci_smt_id == 0))
+ firstidle = ci;
+ continue;
+ }
+ total = 0;
+ for (i = 0; i < CPUSTATES; i++) {
+ total += ci->ci_schedstate.spc_cp_time[i];
+ }
+ total -= totalticks[j];
+ idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+ if (idle < total / 3)
+ speedup = 1;
+ alltotal += total;
+ allidle += idle;
+ idleticks[j] += idle;
+ totalticks[j] += total;
+ if (j++)
+ lastonline = ci;
+ }
+ if (allidle < alltotal / 3)
+ speedup = 1;
+ if (speedup)
+ /* twice as long here because we check every 200ms */
+ downbeats = 1;
+
+ if (speedup && perflevel != 100) {
+ perflevel = 100;
+ cpu_setperf(perflevel);
+ } else if (speedup && firstidle)
+ cpuset_add(_all_cpus, firstidle);
+ else if (!speedup && perflevel != 0 && --downbeats <= 0) {
+ perflevel = 0;
+ cpu_setperf(perflevel);
+ } else if (!speedup && lastonline)
+ cpuset_del(_all_cpus, lastonline);
+
+ /* every 200ms to have a better resolution of the load */
+ timeout_add_msec(_to_powersaving, 200);
+}
+
+
int
sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen)
{
@@ -691,6 +768,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
case PERFPOL_AUTO:
strlcpy(policy, "auto", sizeof(policy));
break;
+ case PERFPOL_POWERSAVING:
+ strlcpy(policy, "powersaving", sizeof(policy));
+ break;
case PERFPOL_HIGH:
strlcpy(policy, "high", sizeof(policy));
break;
@@ -709,6 +789,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 21:00:25 +0200, Kirill A. Korinsky wrote: > > On Tue, 30 Apr 2024 18:36:57 +0200, > Stuart Henderson wrote: > > > > https://cneira.github.io/posts/openbsd-save-battery-changes/ > > Do you have an idea what had happened with it? > After reading some code I have a conclusion that such hack doesn't required anymore. At least after [1]. RR works strickly from active CPU, so, no need to skip idle one. Have I missed something? Footnotes: [1] https://github.com/openbsd/src/commit/9ac452c773fe76f659962b5d2542d591385a4b06 -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 18:36:57 +0200, Stuart Henderson wrote: > > On 2024-04-30, Nathaniel Griswold wrote: > > What could be taking so much power? CPUs are idling. > > some things in this area that people have been looking into: > > https://cneira.github.io/posts/openbsd-save-battery-changes/ Quite interesting patch and approach. Seems that code were changed and such approach should be re-invented. Do you have an idea what had happened with it? -- wbr, Kirill
Re: Caddy webserver is not in the ports tree
On Tue, 30 Apr 2024 15:30:25 +0200, "Souji Thenria" wrote: > > Could you elaborate on your point that Go ports are a pain? I thought a > port written in Go would probably be easier to maintain > because no additional libraries are needed to run the program, and > cross-compilation is relatively easy, too. > Just an example of a go port which creates some issue you may see docker-compose. It requires to be patched for some dependencies to fix syscalls, and an update may requires additional patches. Also, it is distributed without vendor folder that means it requires internet access during the build. So, instead I prepare vendor folder as the second artifact. -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 15:01:43 +0200, "Nathaniel Griswold" wrote: > > My serperf seems to be at a consistent zero in my idle tests which makes > me think the patch may not help my idle tests much, but may help actual > usage. > In my personal use case it allows to win near 30 minutes of battery life. As example I've picked two morning when I haven't run anything heavy like calls in zoom. Without powersaving: Apr 27 10:13:42 matebook apmd: system resumed from sleep Apr 27 10:13:42 matebook apmd: battery status: high. external power status: not connected. estimated battery life 100% (1130 minutes life time estimate) Apr 27 11:27:52 matebook apmd: battery status: low. external power status: not connected. estimated battery life 50% (65 minutes life time estimate) Apr 27 12:24:12 matebook apmd: battery status: CRITICAL. external power status: not connected. estimated battery life 15% (20 minutes life time estimate) after 1h 14m I had left 50% of battery, and aftre 2h 11m had 15%. With powersaving: Apr 30 11:07:21 matebook apmd: system resumed from sleep Apr 30 11:07:21 matebook apmd: battery status: high. external power status: not connected. estimated battery life 100% (2506 minutes life time estimate) Apr 30 12:46:12 matebook apmd: battery status: low. external power status: not connected. estimated battery life 50% (111 minutes life time estimate) Apr 30 13:56:00 matebook apmd: battery status: CRITICAL. external power status: not connected. estimated battery life 15% (32 minutes life time estimate) after 1h 29m I had left 50% of battery, and after 2h 39m had 15%. So, this patch allows to run the same machine on the same usage longer with some performance penalty which seems quite fair. -- wbr, Kirill
Re: fw_update
On Tue, 30 Apr 2024 12:35:17 +0200, fr...@lilo.org wrote: > > How does fw_update install the drivers? It downloads firmware from http://firmware.openbsd.org/firmware/ and installs it as package in system. > How does it know which driver is missing on the system? It checks patterns from /usr/share/misc/firmware_patterns which maps firmware to a pattern in dmesg. > All these questions to install the drivers manually (offline) You may download it by hand and install as fw_update /path/to/firmware.tgz -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 11:17:35 +0200,
Kirill A. Korinsky wrote:
>
> Frankly speaking I never care about watt consumption, but offline time which
> is depend on it is important in my case, so here the recovered patch.
>
Here a bit updated version which introduced a flag -P in apmd which you may
control via rcctl and enable / disable that feature without rebooting and
recompiling kernel, apmd and apm.
diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..b1e5bd142c3 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -573,6 +573,7 @@ void (*cpu_setperf)(int);
#define PERFPOL_MANUAL 0
#define PERFPOL_AUTO 1
#define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
int perflevel = 100;
int perfpolicy = PERFPOL_AUTO;
@@ -583,7 +584,9 @@ int perfpolicy = PERFPOL_AUTO;
#include
void setperf_auto(void *);
+void setperf_powersaving(void *);
struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving =
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
extern int hw_power;
void
@@ -653,6 +656,76 @@ faster:
timeout_add_msec(_to, 100);
}
+void
+setperf_powersaving(void *v)
+{
+ static uint64_t *idleticks, *totalticks;
+ static int downbeats;
+ int i, j = 0;
+ int speedup = 0;
+ CPU_INFO_ITERATOR cii;
+ struct cpu_info *ci;
+ uint64_t idle, total, allidle = 0, alltotal = 0;
+
+ if (perfpolicy != PERFPOL_POWERSAVING)
+ return;
+
+ if (cpu_setperf == NULL)
+ return;
+
+ if (hw_power) {
+ speedup = 1;
+ goto faster;
+ }
+
+ if (!idleticks)
+ if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO)))
+ return;
+ if (!totalticks)
+ if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO))) {
+ free(idleticks, M_DEVBUF,
+ sizeof(*idleticks) * ncpusfound);
+ return;
+ }
+ CPU_INFO_FOREACH(cii, ci) {
+ if (!cpu_is_online(ci))
+ continue;
+ total = 0;
+ for (i = 0; i < CPUSTATES; i++) {
+ total += ci->ci_schedstate.spc_cp_time[i];
+ }
+ total -= totalticks[j];
+ idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+ if (idle < total / 3)
+ speedup = 1;
+ alltotal += total;
+ allidle += idle;
+ idleticks[j] += idle;
+ totalticks[j] += total;
+ j++;
+ }
+ if (allidle < alltotal / 3)
+ speedup = 1;
+ if (speedup)
+ /* twice as long here because we check every 200ms */
+ downbeats = 1;
+
+ if (speedup && perflevel != 100) {
+faster:
+ perflevel = 100;
+ cpu_setperf(perflevel);
+ } else if (!speedup && perflevel != 0 && --downbeats <= 0) {
+ perflevel = 0;
+ cpu_setperf(perflevel);
+ }
+
+ /* every 200ms to have a better resolution of the load */
+ timeout_add_msec(_to_powersaving, 200);
+}
+
+
int
sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen)
{
@@ -691,6 +764,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
case PERFPOL_AUTO:
strlcpy(policy, "auto", sizeof(policy));
break;
+ case PERFPOL_POWERSAVING:
+ strlcpy(policy, "powersaving", sizeof(policy));
+ break;
case PERFPOL_HIGH:
strlcpy(policy, "high", sizeof(policy));
break;
@@ -709,6 +785,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
perfpolicy = PERFPOL_MANUAL;
else if (strcmp(policy, "auto") == 0)
perfpolicy = PERFPOL_AUTO;
+ else if (strcmp(policy, "powersaving") == 0)
+ perfpolicy = PERFPOL_POWERSAVING;
else if (strcmp(policy, "high") == 0)
perfpolicy = PERFPOL_HIGH;
else
@@ -716,6 +794,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
if (perfpolicy == PERFPOL_AUTO) {
timeout_add_msec(_to, 200);
+ } else if (perfpolicy == PERFPOL_POWERSAVING) {
+ timeout_add_msec(_to_powersaving, 200);
} else if (perfpolicy == PERFPOL_HIGH) {
perflevel = 100;
cpu_setperf(perflevel);
diff --git usr.sbin/apmd/apm-proto.h usr.sbin/apmd/apm-proto.h
index 867d0afbd70..166618e996f 100644
--- usr.sbin/apmd/apm-p
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 05:31:21 +0200, "Nathaniel Griswold" wrote: > > > I had near the same question sometime ago but on different machine, and I've > > discovered a patch which I've inlinded into this email. > > > > Hm, ok, i'll try it. Do you have any insight into whether obsdfreqd has > similar power saving to this patch? It seems to set the perf similarly. I > wasn't having much luck with obsdfreqd as far as wattage, however... > Well, I haven't tried it but I've read documentation [1] and it seems a bit differently, isn't it? On idle this laptop has on 400 MHz, and provided patch decrease responsibility of system when it runs on battery, but allows to win some time on it. Like additionall half an hour or a bit more. Frankly speaking I never care about watt consumption, but offline time which is depend on it is important in my case, so here the recovered patch. Footnotes: [1] https://git.sr.ht/~solene/obsdfreqd -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
Greetings,
On Sun, 28 Apr 2024 18:53:09 +0200,
"Nathaniel Griswold" wrote:
>
> Any ideas if it's remediable or where to start digging?
>
I had near the same question sometime ago but on different machine, and I've
discovered a patch which I've inlinded into this email.
My laptop on last snapshot has consumption:
hw.sensors.acpibat0.volt1=11.14 VDC (current voltage)
hw.sensors.acpibat0.current0=0.97 A (rate)
and after this patch:
hw.sensors.acpibat0.volt1=11.14 VDC (current voltage)
hw.sensors.acpibat0.current0=0.52 A (rate)
anyway, it has a price tag: response of the system is a bit slower.
So, the Alternate cpu policy on battery patch.
Original author of this patch is Solene which she announced at
https://marc.info/?l=openbsd-tech=163259444331471=2
She also made benchmarks and some explanation:
https://dataswamp.org/%7Esolene/2021-09-26-openbsd-power-usage.html
Here the version which follows minor changes.
It requires to rebuild kernel, apm and apmd.
diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..b1e5bd142c3 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -573,6 +573,7 @@ void (*cpu_setperf)(int);
#define PERFPOL_MANUAL 0
#define PERFPOL_AUTO 1
#define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
int perflevel = 100;
int perfpolicy = PERFPOL_AUTO;
@@ -583,7 +584,9 @@ int perfpolicy = PERFPOL_AUTO;
#include
void setperf_auto(void *);
+void setperf_powersaving(void *);
struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving =
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
extern int hw_power;
void
@@ -653,6 +656,76 @@ faster:
timeout_add_msec(_to, 100);
}
+void
+setperf_powersaving(void *v)
+{
+ static uint64_t *idleticks, *totalticks;
+ static int downbeats;
+ int i, j = 0;
+ int speedup = 0;
+ CPU_INFO_ITERATOR cii;
+ struct cpu_info *ci;
+ uint64_t idle, total, allidle = 0, alltotal = 0;
+
+ if (perfpolicy != PERFPOL_POWERSAVING)
+ return;
+
+ if (cpu_setperf == NULL)
+ return;
+
+ if (hw_power) {
+ speedup = 1;
+ goto faster;
+ }
+
+ if (!idleticks)
+ if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO)))
+ return;
+ if (!totalticks)
+ if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+ M_DEVBUF, M_NOWAIT | M_ZERO))) {
+ free(idleticks, M_DEVBUF,
+ sizeof(*idleticks) * ncpusfound);
+ return;
+ }
+ CPU_INFO_FOREACH(cii, ci) {
+ if (!cpu_is_online(ci))
+ continue;
+ total = 0;
+ for (i = 0; i < CPUSTATES; i++) {
+ total += ci->ci_schedstate.spc_cp_time[i];
+ }
+ total -= totalticks[j];
+ idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+ if (idle < total / 3)
+ speedup = 1;
+ alltotal += total;
+ allidle += idle;
+ idleticks[j] += idle;
+ totalticks[j] += total;
+ j++;
+ }
+ if (allidle < alltotal / 3)
+ speedup = 1;
+ if (speedup)
+ /* twice as long here because we check every 200ms */
+ downbeats = 1;
+
+ if (speedup && perflevel != 100) {
+faster:
+ perflevel = 100;
+ cpu_setperf(perflevel);
+ } else if (!speedup && perflevel != 0 && --downbeats <= 0) {
+ perflevel = 0;
+ cpu_setperf(perflevel);
+ }
+
+ /* every 200ms to have a better resolution of the load */
+ timeout_add_msec(_to_powersaving, 200);
+}
+
+
int
sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen)
{
@@ -691,6 +764,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
case PERFPOL_AUTO:
strlcpy(policy, "auto", sizeof(policy));
break;
+ case PERFPOL_POWERSAVING:
+ strlcpy(policy, "powersaving", sizeof(policy));
+ break;
case PERFPOL_HIGH:
strlcpy(policy, "high", sizeof(policy));
break;
@@ -709,6 +785,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
perfpolicy = PERFPOL_MANUAL;
else if (strcmp(policy, "auto") == 0)
perfpolicy = PERFPOL_AUTO;
+ else if (strcmp(policy, "powersaving") == 0)
+ perfpolicy = PERFPOL_POWERSAVING;
else if (strcmp(policy, "high") == 0)
perfpolicy = PERFPOL_HIGH;
else
@@ -716,6 +794,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp,
Re: OpenSMTP lmtp without unix users
Greetings,
On Sat, 27 Apr 2024 17:31:24 +0200,
"Nicolas Goy" wrote:
>
> How can I make it work with a single vmail unix user? Without losing the
> catchall?
>
I do have a bit more complicated setup.
smtpd.conf:
table local-emails file:/etc/mail/local-emails
table aliasesfile:/etc/mail/aliases
table domainsfile:/etc/mail/domains
table credentialspasswd:/etc/mail/credentials
...
listen on egress inet4 port smtp tls pki mx.catap.net \
filter { admdscrub, "auth", dnsbl }
action deliver_lmtp lmtp "/var/dovecot/lmtp" rcpt-to virtual
match from any for domain \
! rcpt-to action deliver_lmtp
so tables:
1. local-emails is a list of email which can be reached only inside mail
server. For example I like to have nice email for printer, but I don't like
when it start to recieve spam :)
2. credentials is shared with dovecot and has format:
:::extra_fields
thus, usually I use short version:
:::
where password is hash which I get via smtpctl encryp.
3. domains is just a list of supported domains. I don't really need it here,
but keep it because it is re-used inside DKIM signature generator.
4. alisases, it is usual alliases plus each user from credentials should
have record like:
u...@email.com: vmail
to redirect his email to dovecot. No record here means user may send email
(auth on mail server) but never get anything back. And mail server says that
user do not exists which can be an issue for some servers.
--
wbr, Kirill
Re: mongo shell on openBSD
On Mon, 22 Apr 2024 17:40:22 +0200, Luca Leone wrote: > > I successfully installed the mongodb-4.4.2 package on the server which run > openBSD 7.4. It's the db of a node js app. > Locally on my Mac, I interact with the local mongo db through the mongo > shell. I'd like to do the same on the server with the installed mongo db BUT > there's no "mongo shell" package and I could not find any doc explaining how > to install the mongo shell on openBSD. Is there a way? Or is there an > alternative way to interact directly with the db? > Base on doc [1] you're looking for binary with name mongo which is part of port mongodb version 44 [2]. So, I assume that if you install mongodb, you'll have that you're looking for. Footnotes: [1] https://www.mongodb.com/docs/v4.4/mongo/ [2] https://github.com/openbsd/ports/blob/master/databases/mongodb/44/pkg/PLIST -- wbr, Kirill
Re: syntax error in httpd.conf file
On Fri, 19 Apr 2024 13:30:47 +0200,
Luca Leone wrote:
>
> I'll keep working on it, but after a couple of days spent on this stuff I'm
> starting to think that maybe to serve my node app there should be an easier
> way than openbsd ;)
>
I guess you mean someting like that?
table { 127.0.0.1 }
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
tls keypair birbi.biz:443
pass request forward to
}
relay https {
listen on egress port https tls
protocol https
forward to port 3000
}
--
wbr, Kirill
Re: Migrate to different FS layout of OpenBSD
On Sun, 07 Apr 2024 12:02:05 +0200, Stuart Henderson wrote: > > softraid doesn't allow creating a 'degraded mirror' i.e. a single drive > that you can later add another drive to make a RAID1. You would need at > least one spare drive to do what you want. > Thanks, that is a kind of inside which I've been looking for. -- wbr, Kirill
Re: Migrate to different FS layout of OpenBSD
On Sat, 06 Apr 2024 23:14:39 +0200, Peter Hessler wrote: > > RAID0 is called that because zero is what you'll recover if you lose a > disk. This is amazingly dangerous, and you're going to have a bad time. > > Do a backup, then restore from backup. > I was totally misslead. I mean that I have RAID1 which is know as mirror. To be clear: here a two identical servers where I'd like to change FS layout, and before I go to reinstall everything, I can try this approach. -- wbr, Kirill
Migrate to different FS layout of OpenBSD
Folks, I'm looking for a way to migrate to different layout some OpenBSD systems. All of them has RAID0 and as far as I think I may something like this: 1. Remove second disk from RAID. 2. Build a new RAID0 on the second disk. 3. Make desires layout on the second RAID. 4. dump | restore 5. Boot from the second RAID. 6. Add the first disk to the second RAID. I have re-read https://www.openbsd.org/faq/faq14.html a few times and I feel that this is quite risky. So, questions: 1. Has anyone done something like this before? 2. Do you have any instruction or that to expect? Thanks in advance. -- wbr, Kirill
Re: Bash instead of ksh
On Mon, 01 Apr 2024 18:24:06 +0200, Karel Lucas wrote: > > Instead of ksh I want to use bash as a general shell. But how can I set > it up that way? Bash is already installed. > https://man.openbsd.org/chsh -- wbr, Kirill
Re: Today's snapshot brokes some Qt app?
On Mon, 01 Apr 2024 04:03:11 +0200, Lucas de Sena wrote: > > Telegram-desktop (net/tdesktop) also crashed here after a package update. > > I then noticed it was caused by linking issues with the qt6 libraries. > Deleting and adding net/tdesktop simply solved that. > > That should not be a problem tho. Applications are normally reinstalled > after the library is updated (or does that only happen when a major > version of the library is installed?). I'd like to confirm that reinstall of tdesktop helps. Also, when I run an upgrade of packgages, I saw that wireshark was updated after update of qt that may explains why did it work. -- wbr, Kirill
Today's snapshot brokes some Qt app?
Folks, I just run: pkg_add -D snap -u After that I've discovered that some Qt apps are crashing with errors like: Cannot add multiple registrations for QtQuick Abort trap (core dumped) for example telegram-desktop crashes but wireshark doesn't. -- wbr, Kirill
Touchpad stuck on click
Folks, I have encountered a wired issue with touchpad: it stay in status similar to pushed left button. I can move it, but I can't select anything. If I make rigth click, it may clicks, or may ignore it. I have no idea how to dig it, but it appears after move from 7.4 to snapshot, and it's here for couple of weeks. Hardware: Huawei Matebook X 2020 ~ $ doas wsconsctl mouse mouse.type=touchpad mouse.rawmode=0 mouse.scale=0,3643,0,2000,0,31,31 mouse.reverse_scrolling=1 mouse.tp.tapping=1,3,2 mouse.tp.mtbuttons=1 mouse.tp.scaling=0.221 mouse.tp.swapsides=0 mouse.tp.disable=0 mouse.tp.edges=0.0,5.0,10.0,5.0 ~ $ Rigth now it was reproduced on snapshot without any additional patches. If you have any idea how to dig future, I'll appriciete that. Thanks. -- wbr, Kirill
Re: Camera or mic works on video calls, but not both
On Sun, 24 Mar 2024 02:45:16 +0100, Sadeep Madurange wrote: > > Then I tried Zoom on firefox (doesn't work with chromium at all). I can > both see and hear the other party. They can hear me, but can't see my > video. I see a warning on my end saying that it couldn't detect my > camera. As far as I recall zoom requries WebAssembly to work which is disabled by default at chromiun. You may enable it by starting chromium with environment variable ENABLE_WASM=1. Keep in mind that you should close all it's processes, and not just run command like `env ENABLE_WASM=1 chromium` because it uses IPC to open a new window / frame from current process, if it exists. -- wbr, Kirill
Re: Fwd: Disk encryption cipher
On Wed, 06 Mar 2024 10:40:31 +0100, Daniele B. wrote: > > Initially I blacklisted his ip. Then, understood the music, I started to find > its approaching intriguing.. ;D > I wonder how did you blacklist someone by IP who sents his emails into maillist? By parsing all Received headers to find some bad IP? Or? -- wbr, Kirill
Re: how to external encrypted drive that supports OpenBSD and FreeBSD?
On Fri, 01 Mar 2024 18:08:39 +0100, beecdadd...@danwin1210.de wrote: > > that will do! is just backup! thank you very much If you need only backup... why not use restic? > what if it wasn't read-only and was active partition with writing? > See https://www.openbsd.org/faq/faq14.html#softraid as anoter way. -- wbr, Kirill
Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?
On Tue, 27 Feb 2024 14:59:32 +0100, Kenneth Gober wrote: > > Slightly off topic, but does anyone know of any archives that have > packages for 3.0, 3.1, 3.2, and/or 3.3? Especially 3.0 -- the only > site I've ever found with 3.0 packages may have been incomplete. > https://mirror.leaseweb.com/pub/OpenBSD whcih also has rsync mirror BTW -- wbr, Kirill
Re: YubiKey blocked by pcscd(8)
On Tue, 27 Feb 2024 15:05:08 +0100, Lévai, Dániel wrote: > > Hi all, > > I was wondering if it's possible to use a YubiKey 5 a bit more conveniently > if trying to use more than one of its features. > I use it for: - GnuPG signature and as SSH key; - a TOTP generator See: ~ $ doas rcctl check pcscd pcscd(ok) ~ $ ykman list WARNING: No OTP HID backend available. OTP protocols will not function. ERROR: Unable to list devices for connection YubiKey 5C Nano (5.1.0) [CCID] Serial: XXX ~ $ ykman oath accounts list | wc -l WARNING: No OTP HID backend available. OTP protocols will not function. 72 ~ $ -- wbr, Kirill
Re: Automatic OS updates
On Wed, 21 Feb 2024 21:11:05 +0100, Stuart Henderson wrote: > > If you're using sysupgrade -s, you also want -Dsnap in pkg_add. > After double check in man it seems not nessesary, let me quote: %c Expands to the string "snapshots" when running a -current or -beta kernel, or if the command line option -D snap | -D snapshot is specified. Otherwise, %c expands to %v, which selects a release version. -- wbr, Kirill
Re: Automatic OS updates
On Wed, 21 Feb 2024 18:05:56 +0100, b...@fea.st wrote: > > FWIW if you guys want to yell at me for spreading bad ideas, > I've posted how to do automatic updates here: > > https://openbsd.pages.dev/auto-updates/ > > I'm both trying out the Hugo package and like, documenting > how I've set things up in case I have to reinstall. > > Time moves fast and I'm damn impressed by how smooth the > BSD experience is. > I suggest to add that regression may occure during an upgrade. And personally, bug fixing a nigth upgrade is not something that I prefer to do with morning coffee. -- wbr, Kirill
Re: Block HTTP requests from non-browser clients
On Wed, 21 Feb 2024 14:57:29 +0100, Sadeep Madurange wrote: > > Is there a way to block non-browser clients from accessing a website > (e.g., scraping attempts by bots or even software like Selenium that > might programmatically control a browser), preferrably before the > requests reach the webserver? > > I'm wondering if there's a to do that with, for example, pf to block > such requests completely rather than responding with a 403. > Here the whole industry which is called Bot Managment which solves that issue via analyzing request, offers to some edge cases captcha and so on. A trivial bot can be catch by regex against User-Agent, or via rate limit. But more sophisticated ones need a lot of tools, which may include things like crossing user agent with TLS-level extentions inside Hello packet, checks against lists of blacklisted IPs and so on. As far as I know the best public availabe list of "bad IP" is https://www.blocklist.de/ which isn't full but allows to ban automatically something. Thus, you may use spamd-setup in blocking mode to fill pf rules via cron. -- wbr, Kirill
Re: certbot in cron - best way?
Greetings,
On Tue, 20 Feb 2024 16:43:27 +0100,
m...@phosphorus.com.br wrote:
>
> Which setup are you using to automatically update certs with certbot, in
> cron, and keeping /etc/httpd.conf updated accordingly?
>
I use records in /etc/acme-client.conf like:
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory;
account key "/etc/acme/letsencrypt-privkey.crt"
}
domain mx1.catap.net {
alternative names { mx.catap.net }
domain key "/etc/ssl/private/mx1.catap.net.key"
domain full chain certificate "/etc/ssl/mx1.catap.net.crt"
sign with letsencrypt
}
which is very similar to an example with one notable exception: I use
path which complaint with relayd pki settings, and also keep full chain.
The certificates is updated on two possible way.
When a machine is dedicated for a single service and it has only one
certificate I keep inside /etc/daily.local
acme-client $(hostname) && /usr/sbin/rcctl restart relayd smtpd dovecot
which restart relayed daemons when certificate is updated.
Or machine which is used as web hosting with multiple domain, here I use
relayd to terminate SSL and update is via /etc/daily.local as:
SSL_UPDATED=0
for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
do
acme-client $domain && SSL_UPDATED=1
done
if [ $SSL_UPDATED -ne 0 ]; then
rcctl restart relayd
fi
--
wbr, Kirill
Re: Ignore some USB devices
On Tue, 20 Feb 2024 00:21:30 +0100, Stuart Henderson wrote: > > No - ugen acts as a fallback. If a USB device is claimed by another driver, > ugen won't get a chance to attach to it. > > There is a common mechanism to recognise devices by vid/pid for special > handling - sometimes to prevent attaching - sometimes for other adaptations > which are needed. If you're interested, see sys/dev/usb/usb_quirks.c and look > at how UQ_BAD_HID is used to knock out devices which would normally be > claimed by uhid(4); you could use something similar to prevent e.g. uaudio > from attaching to a certain device. However, it would require compiling > the kernel to configure it. > Thanks, this is that I'm looking for. I hope that I can do it without rebuilding the kernel, but after reading some code around I see that adding a global flag to ignore some USB devices makes code quite frigile. Or should be duplicated a lot. -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 23:09:35 +0100, Stuart Henderson wrote: > > > I read that as it is impossible to blacklist a device, right? > > Only by running a kernel where the driver's attach routine has been > modified to skip attaching the device e.g. if it matches certain > vendor/device id. OpenBSD doesn't have any other way to detach a USB > driver from a device. > As an alternative solution, is it possible to enforce ugen to specific device by vendor and product IDs? I've tried: $ doas config -e -o /bsd.new /bsd ukc> find ugen 309 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 product -1 release -1 flags 0x0 ukc> find uaudio 303 uaudio* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 product -1 release -1 flags 0x0 ukc> add ugen Device not complete number or * is missing ukc> add ugen* Clone Device (DevNo, 'q' or '?') ? 309 Insert before Device (DevNo, 'q' or '?') ? 303 303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 product -1 release -1 flags 0x0 ukc> change 303 303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 product -1 release -1 flags 0x0 change [n] y port [-1] ? configuration [-1] ? interface [-1] ? vendor [-1] ? 0x041e product [-1] ? 0x3130 release [-1] ? flags [0] ? 303 ugen* changed 303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor 0x41e product 0x3130 release -1 flags 0x0 ukc> find ugen* 303 ugen* at uhub*|uhub* disable port -1 configuration -1 interface -1 vendor 0x41e product 0x3130 release -1 flags 0x0 310 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 product -1 release -1 flags 0x0 ukc> quit Saving modified kernel. with no luck. -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 22:43:45 +0100, Jan Stary wrote: > > On Feb 19 22:33:53, kir...@korins.ky wrote: > > > > I use the rsnd/1 or rsnd/2 to listen music via wireless headphones, > > Why do you have two of those? > Because it depends on the order of attaching devices. > > and rsnd/0 with wired headset to make video calls. > > > > I never use display's audio and it creates only issue for me. > > To be clear: even when you connect the display, > presumably because you want to use it as a display > (and maybe even its camera), you want the sound > to stay at whatever snd device you are using; > in particular, you don't want sndio to switch > to the new snd device provided by the newly plugged > display's uaudio. > > Is there a setting in the display > that would completely disable its audio? > No, this display hasn't got any settigns which I'm aware of. See: LG UltraFine 5K > > Let take two use cases: > > 1. Listen some music when laptop is connected to the display on wireless > >headphones by attaching USB dongle; > > 2. Connect laptop to the display when listen some music on wireless > >headphones via USB dongle. > > > > The first one leads to rsnd/2 as desired device, and the second one to > > rsnd/1 as desired device. > > > > As side effect of (2) music might be redirect to the display which has > > quite hight default level of volume. > > > > So, right now to attach laptop to the screen and do not wake famly up at > > the night I should: > > - pause the music; > > - deattach USB dongle; > > - connect laptop to the screen; > > - attach USB dongle; > > - and finaly resume music. > > You could also detach-and-reattach the headphones dongle > *after* you attach the display. > Yeah, it still to many things to do :( > You could also send a dmesg showing all of those devies. > attched -- wbr, Kirill OpenBSD 7.5-beta (GENERIC.MP) #39: Mon Feb 19 12:28:22 CET 2024 ca...@matebook.sa31-home.catap.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16890646528 (16108MB) avail mem = 16357588992 (15599MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x8e2c2000 (32 entries) bios0: vendor HUAWEI version "1.10" date 01/12/2023 bios0: HUAWEI EUL-WX9 efi0 at bios0: UEFI 2.7 efi0: XX rev 0x10010 acpi0 at bios0: ACPI 5.1 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP UEFI SSDT SSDT SSDT SSDT SSDT TPM2 SSDT MSDM LPIT WSMT SSDT DBGP DBG2 SSDT NHLT HPET APIC MCFG SSDT SSDT DMAR FPDT BGRT acpi0: wakeup devices XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3292.33 MHz, 06-8e-0c, patch 00f8 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,RRSBA,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 6MB 64b/line 12-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3292.33 MHz, 06-8e-0c, patch 00f8 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,RRSBA,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 6MB 64b/line 12-way L3 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3189.24 MHz, 06-8e-0c, patch 00f8 cpu2:
Re: Ignore some USB devices
On Mon, 19 Feb 2024 22:32:18 +0100, Jan Stary wrote: > > So get some normal headphones that plug into the laptop > (without creating a new device) > and simply connect the display when you want, > or don't connect it when you don't. > I read that as it is impossible to blacklist a device, right? -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 22:15:40 +0100, Jan Stary wrote: > > On Feb 19 22:08:40, kir...@korins.ky wrote: > > On Mon, 19 Feb 2024 21:58:51 +0100, > > Thomas L. wrote: > > > > > > you can select which audio device is used with -f/-F flags to sndiod > > > (details in man-page) in /etc/rc.conf.local. maybe that helps? > > > > thanks, but I right now I do have: > > > > ~ $ rcctl get sndiod flags > > -f rsnd/0 -F rsnd/1 -F rsnd/2 > > Do you actualy want to switch between the three? > What are the three audio devices you want to use, and why? I use the rsnd/1 or rsnd/2 to listen music via wireless headphones, and rsnd/0 with wired headset to make video calls. I never use display's audio and it creates only issue for me. > > > that works almost fine, but requires to deattach USB dongle > > What USB dongle? Creative BT-W5 > > > before I connect laptop to the display. > > If I forgot to do it, the display's audio will be rsnd/2 with priority. > > What is the rsnd/2 you _want_? > How does _detaching_ anything before the display attaches help that? > Right now I do have 3 audio devices: - embeded inside laptop; - embeded inside display; - USB dongle to connect to bluetooth headphones. The first one is always rsdn/0; and the next two depends on the order of connection. Let take two use cases: 1. Listen some music when laptop is connected to the display on wireless headphones by attaching USB dongle; 2. Connect laptop to the display when listen some music on wireless headphones via USB dongle. The first one leads to rsnd/2 as desired device, and the second one to rsnd/1 as desired device. As side effect of (2) music might be redirect to the display which has quite hight default level of volume. So, right now to attach laptop to the screen and do not wake famly up at the night I should: - pause the music; - deattach USB dongle; - connect laptop to the screen; - attach USB dongle; - and finaly resume music. If I find the way to blacklist display's audio device, this can be as simple as connect laptop to the display. -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 21:58:51 +0100, Thomas L. wrote: > > you can select which audio device is used with -f/-F flags to sndiod > (details in man-page) in /etc/rc.conf.local. maybe that helps? thanks, but I right now I do have: ~ $ rcctl get sndiod flags -f rsnd/0 -F rsnd/1 -F rsnd/2 ~ $ that works almost fine, but requires to deattach USB dongle before I connect laptop to the display. If I forgot to do it, the display's audio will be rsnd/2 with priority. -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 20:34:10 +0100, Nowarez Market wrote: > > After all your list of *american gigs* missed only that OS. > Just do a switch to Windows and you solved. Maybe... > Well, I doubt that this display works well on Windows. The first OS which supports it was macOS, but support of this display isn't stable and if attach and deattach it often, the macOS may hang out on some iteration :) -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 20:10:46 +0100, Nowarez Market wrote: > > >Feb 19, 2024 19:46:21 Kirill A. Korinsky : > > > >I can't disable uaudio because I use it, and I can't uplug (physically) > >the LG's Audio because it is integrated into the display which I'm > >using. > > Curious, what is the connection between your display audio that comes > watched so magically by your station ? > > Sorry for my investigation..but sometimes seems falks just miss Windows > left click to unplug stuff.. > This is USB-C display and I connect my laptop to it via single USB-C port. This connection attach the display, the AC addpater, the USB hub, and integrated video and audio. If I can do not connect it, I won't ask about how to ban some devices. -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 19:09:16 +0100, deich...@placebonol.com wrote: > > You can enter the kernel on boot and disable device drivers, > boot-config(8) . I do have two USB audio device: ~ $ usbdevs -v Controller /dev/usb0: ... addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio high speed, self powered, config 1, rev 0.03 driver: uaudio0 ... addr 13: 041e:3130 Creative, Creative BT-W5 full speed, self powered, config 1, rev 10.00, iSerial D97E0B7F86B95AC32000 driver: uhidev10 driver: uhidev11 driver: uaudio1 ~ $ both of them is managed by uaudio. How can I dissable the first one, without disabling the second one? I can't disable uaudio because I use it, and I can't uplug (physically) the LG's Audio because it is integrated into the display which I'm using. Ideally I'm looking for a syntax like: disable uaudio vendor 0x043e product 0x9a66 -- wbr, Kirill
Re: Ignore some USB devices
On Mon, 19 Feb 2024 17:10:27 +0100, Nowarez Market wrote: > > You should be able to do it by the /etc/bsd.re-config file, you can start > from here: > > http://man.openbsd.org/bsd.re-config > > Please be very careful. > > (It needs two reboots to apply any change) > I feel consfused: isn't it a way to exclude some module? If yes, it isn't that I'm looking. For example, I'm using USB audio, but I'd like to ban USB audio which is included into my display, but not ban the module because if I do so, I won't able to use USB audio dingle which I use to connect to wireless headphones. Right now I have: ~ $ usbdevs Controller /dev/usb0: addr 01: 8086: Intel, xHCI root hub addr 02: 1050:0404 Yubico, YubiKey CCID addr 03: 13d3:56f2 Azurewave, USB camera addr 04: 8087:0026 Intel, Bluetooth addr 05: 043e:9a61 LG Electronics Inc., USB2.1 Hub addr 06: 043e:9a73 LG USA, product 0x9a73 addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera addr 09: 05ac:0265 Apple Inc., Magic Trackpad addr 10: 05ac:026c Apple Inc., Magic Keyboard with Numeric Keypad addr 11: 043e:9a70 LG Electronics Inc., LG UltraFine Display Controls addr 12: 0a12:4010 Cambridge Silicon Radio, product 0x4010 addr 13: 041e:3130 Creative, Creative BT-W5 ~ $ and I would like somehow to disable addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera but keeping addr 03: 13d3:56f2 Azurewave, USB camera addr 13: 041e:3130 Creative, Creative BT-W5 I've tried to play with config -e /bsd but the best that I can figure out is how to disable uaudio, and not only one, specific, device. -- wbr, Kirill
Ignore some USB devices
Folks, I run OpenBSD and some times connect an external display which contains integraded web cam, microphone and speakers. Web-cam doesn't work, but both microphone and speakers work. Is it possible to ignore it somehow? Ideally I'm for a black list of usb divecs base on some id. Thanks. -- wbr, Kirill
Re: sysupgrade fails firmware fetch
On Sun, 18 Feb 2024 10:57:27 +0100, Stuart Henderson wrote: > > It's not too bad as long as the person building firmware tgz gets a > heads-up before the version number is updated. > Specially that right now it still can be run as: env VERSION=74 fw_update -p http://firmware.openbsd.org/firmware/snapshots I do not say that is good, but it isn't a disaster. Special for guys who runs on development snapshots. -- wbr, Kirill
Re: sysupgrade fails firmware fetch
On Sat, 17 Feb 2024 22:27:52 +0100, Sonic wrote: > > Seems it's looking for a 7.5 directory (-current apparently just moved > to 7.5-beta) instead of the snapshot directory. > And using snapshot directory fails because wrong signature: ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots fw_update: failed. signify: verification failed: checked against wrong key Signature check of SHA256.sig failed ~ $ -- wbr, Kirill
Re: Improve support of Go
On Thu, 15 Feb 2024 15:09:01 +0100, Joel Sing wrote: > > The operating system specific parts of the Go syscall package are effectively > deprecated/frozen (and have been for nearly 10 years, hence not being > updated): > > https://pkg.go.dev/syscall > > > https://go.googlesource.com/proposal/+/refs/heads/master/design/freeze-syscall.md > > On the other hand, golang.org/x/sys/unix is maintained and updated > semi-regularly: > > https://pkg.go.dev/golang.org/x/sys/unix > > With the exception of the OpenBSD syscall numbers: > > > https://cs.opensource.google/go/x/sys/+/master:unix/zsysnum_openbsd_amd64.go;l=8 > Anyway, some systems are rebuild qutie often. For example Solaris [1] or FreeBSD [2]. And current state of syscall numbers for OpenBSD misses a lot [3]. Here my point: it is deprected, but still in use for some large applications like Docker, and we have two options here: (1) update it / fix it in Go, (2) patch each application by replacing Syscall.EBADMSG for example [4]. From my point of view move by (1) seems the simpler way which allows to reduce number of hacks / patches in ports. Footnotes: [1] https://github.com/golang/go/commit/ea14b633627f467a2e35eb7f67df6f3ed60469c0 [2] https://go-review.googlesource.com/c/go/+/563835 [3] https://github.com/catap/go/commit/c9cb73913d79e490f167ff1c0a651d69c700f02a [4] https://github.com/search?q=repo%3Aopenbsd%2Fports%20EBADMSG=code -- wbr, Kirill
Re: Improve support of Go
On Tue, 13 Feb 2024 13:10:44 +0100, Janne Johansson wrote: > > I can run them on mips64 for you at least. > I'll appriciete this. After that I only need - arm - arm64 - ppc64 - riscv64 Can you run something like this? doas pkg_add bash git go git clone -b opebsd-syscalls https://github.com/catap/go.git cd go/src ulimit -S -d $(ulimit -H -d) env CGO_ENABLED=1 CC=cc CXX=c++ ./make.bash cd syscall env GOOS=openbsd GOARCH=%ARCH% CC=cc CXX=c++ PATH=$(pwd)/../../bin:$PATH ./mkall.sh git diff > /tmp/go-mips64.diff and send me back /tmp/go-mips64.diff? But it requires some time to bootstrap go and everything. Inside full virtulization for i386 it works near an hour on not that fast host. I assume that on real mips64 it might be something like this. -- wbr, Kirill
Improve support of Go
Good day, I'm updating go's syscall table to modern OpenBSD (7.4). For some architectures it was updated more than decade ago, and a lot of things had changed. To do it I need to run commands like: cd src ulimit -S -d $(ulimit -H -d) env CGO_ENABLED=1 CC=cc CXX=c++ ./make.bash cd syscall env GOOS=openbsd GOARCH=%ARCH% CC=cc CXX=c++ PATH=$(pwd)/../../bin:$PATH ./mkall.sh where %ARCH% is one of go's architecutres: - 386 - amd64 - arm - arm64 - mips64 - ppc64 - riscv64 The part with amd64 and 386 was quite easy. But the next parts... well.. I stuck with attempt to install OpenBSD into qemu. I can't figure out how to boot an installer :( To move forward I need some help. The first way if someone can share the way to boot / install OpenBSD into qemu. And an alternative and simpler way I guess, if someone can grand me shell to that machine or run commands above on OpenBSD with installed go inside source tree from this branch: https://github.com/catap/go/tree/opebsd-syscalls Thanks. -- wbr, Kirill
Re: Run VM with 16G or more?
And one more noticed bug in vmd regarding memory. If I changed memory in /etc/vm.conf for running machine, run rcctl reload vmd, and restart VM... It has no effect. The VM should be shutdown before reload. -- wbr, Kirill
Re: Run VM with 16G or more?
> On 2. Jan 2024, at 19:58, Kirill A. Korinsky wrote: > > Anyway, right now it fails as: > >> vmctl: start vm command failed: Invalid argument > > and if I revert may changes (to 10G for example) at cat /etc/login.conf.d/vmd > from: >> vmd:\ >> :datasize=100G:\ >> :tc=daemon: > > > it's failed as (which is expected): >> vmctl: start vm command failed: Cannot allocate memory > > Forgotten log for the error "Invalid argument" that says nothing I assume > Jan 2 20:14:07 island vmd: vmd: config_setvm: vm 3 restarted after 11.346817 > seconds, limit 0/3 > Jan 2 20:14:07 island vmd: vmd: vm_opentty: vm podman tty /dev/ttyp2 uid > 1000 gid 4 mode 620 > Jan 2 20:14:07 island vmd: vmm: vm_register: registering vm 3 > Jan 2 20:14:07 island vmd: vmm: vm_remove: vmm vmm_start_vm removing vm 3 > from running config > Jan 2 20:14:07 island vmd: vmm: vm_stop: vmm vmm_start_vm stopping vm 3 > Jan 2 20:14:07 island vmd: vmd: podman: failed to start vm > Jan 2 20:14:07 island vmd: vmd: vm_stop: vmd vmd_dispatch_vmm stopping vm 3 > Jan 2 20:14:07 island vmd: vmm: vmm_sighdlr: handling signal 20 -- wbr, Kirill
