Re: Filesystem corruption on OpenBSD routers after power outage?
Hello Tom, tom.sm...@wirelessconnect.eu (Tom Smyth), 2024.07.10 (Wed) 18:40 (CEST): > swap /var/log mfs rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0 > mfs:97883 on /var/log type mfs (asynchronous, local, nodev, noexec, > nosuid, size=524288 512-blocks) as you do not save the logs, why not syslog "to an in-memory buffer that may be read using syslogc(8)" (text taken from syslog.conf(5)? I have everything commented out in syslog.conf(5), except for: *.* :256:full And in rc.conf.local(8): syslogd_flags=-s /var/run/syslogd.sock You can then read the logs with $ syslogc -f full Marcus > On Wed, 10 Jul 2024 at 17:07, Tom Smyth wrote: > > > > Hi Kirill, > > Ill give sync a go ... and see how it impacts performance... > > thanks for the suggestion, > > > > On Wed, 10 Jul 2024 at 16:30, Kirill A. Korinsky wrote: > > > > > > On Wed, 10 Jul 2024 14:44:28 +0100, > > > Tom Smyth wrote: > > > > > > > > #cat /etc/fstab > > > > > > > > ff0023511d131fc2.a / ffs rw,softdep,noatime 1 1 > > > > ff0023511d131fc2.b /usr/local ffs rw,wxallowed,nodev,softdep,noatime 1 2 > > > > ff0023511d131fc2.d /var ffs rw,nodev,nosuid,softdep,noatime 1 2 > > > > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/tmp 0 0 > > > > swap /var/log mfs > > > > rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0 > > > > swap /var/run mfs > > > > rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/var/run 0 0 > > > > swap /dev mfs rw,nosuid,noexec,-P=/persist-fs/dev,-i=2048,-s=32768 0 0 > > > > > > > > > > You can dramatically reduce the probability of errors that can't be fixed > > > by > > > fsck on boot by adding sync. Especially with noatime, this seems like a > > > bulletproof setup. > > > > > > -- > > > wbr, Kirill > > > > > > > > -- > > Kindest regards, > > Tom Smyth. > > > > -- > Kindest regards, > Tom Smyth. >
Re: pf can't redirect outgoing traffic to localhost
Hello whistlez, whistlez...@riseup.net (whistlez), 2024.06.20 (Thu) 02:49 (CEST): > I have sslsplit listening on 127.0.0.1 port 10443 and I want redirect > all my outgoing desktop web traffic to sslsplit, then localhost port > 10443. SSLSPLIT is just a kind of transparent proxy but cannot be used > as a conventional proxy (set up on the browser config). Reading the > pf.conf man seems that there isn't a way to do that. is the sslsplit transparent proxy running on the same machine on which your web browsing happens? If the answer is yes, then PF simple rdr-to will not work. The PF examples in sslsplit(1) clearly assume running on the firewall. From cursory reading I'd play around with veb(4) if I were you. Your locally generated traffic will only be outbound on your local network interface and therefore rdr-to will not help. You need to find a way to send the trafic on a detour over a virtual network interface, where the traffic is inbound and can be rdr-to'ed. If the answer is "no" and sslsplit transparent proxy is running on your firewall, then just filter and redirect on the inbound interface, as the examples in sslsplit(1) say. Marcus > For example rdr-to does not support redirection to localhost. > man: > rdr-to is usually applied inbound. If applied outbound, rdr-to to a > local IP address is not supported. > Divert-to does not support outgoing traffic ("pass out" or "match out"). > Also I tried to make an IF alias like this > ifconfig em0 inet 192.168.0.6 255.255.255.0 > ifconfig em0 inet alias 192.168.0.7 255.255.255.0 > my gw is 192.168.0.1 > I put listening the sslsplit on 192.168.0.7 (the alias) port 10443 and I > make a pf rule like this: > pass out log on em0 proto tcp from 192.168.0.6 to port 443 rdr-to > 192.168.0.7 port 10443 > pass out log on em0 proto tcp from 192.168.0.6 to port 80 rdr-to > 192.168.0.7 port 10080 > even this does not work... I suspect that even 192.168.0.7 is local ip. > Any help ?
Re: No dhcp renewal of IP
Hello, this is not to answer the original question, but... kgo...@gmail.com (Kenneth Gober), 2024.02.17 (Sat) 22:15 (CET): > On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes wrote: > > The interface ure0 is the gateway to the Internet, connected to the ISP. > > Somehow, when this interface loses the IP, the lease is not renewed. > > This is the rule I would use in my pf.conf to allow my router to send DHCP > requests to my ISP: > > pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any > port bootps this is not necessary, because: "dhcpd reads packets off the wire using BPF, which happens as packets come off the network interface, but before the IP stack where pf runs." David Gwynne 17 Dec 2022 https://marc.info/?l=openbsd-misc=167128237931458 Marcus
Re: CARP and VRRP compliance
Hello Samuel, samueljaydan1...@gmail.com (Samuel Jayden), 2024.02.13 (Tue) 17:35 (CET): > I am reaching out to seek guidance on creating redundancy between a Cisco > Router and OpenBSD. After conducting extensive research on the subject, I > find myself in need of clarification on a specific point. This has some background info for you: https://mwl.io/archives/1866 Marcus
Re: Thinkpad Gets Very Hot
Hello, luffy20...@protonmail.com (luffy20201), 2023.11.07 (Tue) 23:08 (CET): > Hi, I've been an OpenBSD user for a year now, but I've never been able > to disable Acpitz. I have tried everything, and nothing has worked. I details would be nice... why do you want to disable acpitz(4)? > use a Thinkpad X220, and it gets really hot. I need some help with > this, can you please guys lend a hand? Thank You Have you tried obsdfreqd? +++ $ pkg_info obsdfreqd Information for inst:obsdfreqd-1.2.0 Comment: userland daemon to manage CPU frequency Description: obsdfreqd is a CPU frequency scheduler daemon working in userland. It has many parameters to tweak the frequency like min/max frequency, polling frequency, inertia, step up/down size. obsdfreqd also support limiting the frequency upon reaching a given temperature to avoid a system spending time above the threshold. While it has many parameters, the defaults are good enough for everyone. Maintainer: Florian Viehweger WWW: https://git.sr.ht/~solene/obsdfreqd +++ I run it with the "-T 60" parameter, to make sure my notebook fans are inaudible. Marcus
Re: Connecting a wireless keyboard via Bluetooth
Hello Karel, cahlu...@planet.nl (Karel Lucas), 2023.10.25 (Wed) 15:24 (CEST): > I have a computer with openBSD V7.4 without X11, to which I want to connect > a wireless keyboard via Bluetooth. The keyboard is connected via a separate > USB Bluetooth receiver. What software do I need for this, and how do I > configure it? I hope someone responds to this. to quote a real source... "Bluetooth support was incomplete and not useful in that state, it has been removed several years ago. You can use Bluetooth headphones via Creative BT-W1 / BT-W2 / BT-W3, there are also similar devices from other vendors which may work (they're often used with nintendo switch) - these attach as a USB audio device and handle the Bluetooth connection internally." Stuart Henderson 2022-11-05 misc@openbsd.org I suppose you need something equivalent to the above solution for audio, but for keyboards. Keyboard <-> Bluetooth <-> Dongle <-> USB-HID <-> OpenBSD BTW, keyboards with a proprietary (non-bluetooth) dongle for the radio interface have always worked for me with OpenBSD. Marcus
Re: Question about rdomains/rtables
Hello f., t...@seiruote.it (tetrosalame), 2023.10.23 (Mon) 18:08 (CEST): > I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about > the relation between rdomains and rtables. you do not mention reading rtable(4)/rdomain(4), online here: https://man.openbsd.org/rtable It has a section on "Routing tables" and one on "Routing domains" and the confirmation of your finding that "No tool is available to assign more than one rtable to an rdomain other than to the default one (0)." Marcus > If I got rdomain(4) right, the two facilities are designed so that a rdomain > can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold > several rtables. IP addresses can overlap if configured in different > rdomains. > > In my mind the design is somehow "hierarchical" > > rdomain 0 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > rdomain 1 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > but in practice, since there's no utility to add more rtables beyond the > default one per rdomain, in the current implementation OS tools (pf, route, > ifconfig, daemons etc...) take advantage of these facilities in a "flat" > way: > > rdomain 0 > |--> rtable 0 > > rdomain 1 > |--> rtable 0 > > and so on, where rtables are numbered after their containing rdomain. > Documentation refers to rdomains when it's appropriate to think about a > logical segment of the routing space, while it refers to rtables when the > concept is "do something with routing table number XXX". > > So while in theory one should think about rdomains first and then about the > rtables that belong to each of them, in current usage they're the same > thing: $tool -T $number and don't bother. > > But...I read the slides presented by Peter Hessler (thank you) at EuroBSD > 2012 and everything was clear...well, until I came to slide 16 and pf > ruleset "pass in on rdomain 2 rtable 4" (1). I'm puzzled: how can I "create" > rtable 4 inside rdomain 2? > > Thanks and I apologize for my lack of brevity. > > f. > > 1: > https://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/mgp00016.html
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
Hello, com...@geekandfree.org (Comète), 2023.10.07 (Sat) 17:02 (CEST): > unfortunately, yes the slider is well opened and I can confirm that > when it is closed no LED will be visible. on my thinkpad X1 Carbon 5th Gen., /dev/video0 is the infrared camera, /dev/video1 is the one I want. video -s 1920x1080 -f /dev/video1 ^ gives me the best it can do, while video -s 1920x1080 -f /dev/video0 ^ gives me a small, greenish, pixelated image. Marcus > 7 octobre 2023 15:06 "Peter Hessler" a écrit: > > > A lot of the Thinkpad laptops have a physical switch that will > > cover/uncover the camera. Can you switch it to the other and try again? > > > > -peter > > > > On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote: > > :Hi, > > : > > :$ video -f /dev/video0 > > :video: ioctl VIDIOC_DQBUF: Invalid argument > > : > > :the LED lights up near the camera and a black window is displayed... > > : > > : > > :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam > > : > > : > > :then to answer Crystal: > > : > > :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 > > :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers > > :built with OpenBSD clang version 13.0.0 > > :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug > > --disable-stripping > > :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig > > --enable-frei0r --ena > > :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d > > --enable-libfreetype > > :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus > > --ena > > :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis > > --enable-libvpx > > :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid > > --enable-libzimg --en > > :able-nonfree --enable-openssl --enable-libvidstab > > --extra-cflags='-I/usr/local/include > > :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' > > --extra-ldsofla > > :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe > > -g -Wno-redundant-decls' > > :libavutil 56. 70.100 / 56. 70.100 > > :libavcodec 58.134.100 / 58.134.100 > > :libavformat 58. 76.100 / 58. 76.100 > > :libavdevice 58. 13.100 / 58. 13.100 > > :libavfilter 7.110.100 / 7.110.100 > > :libswscale 5. 9.100 / 5. 9.100 > > :libswresample 3. 9.100 / 3. 9.100 > > :libpostproc 55. 9.100 / 55. 9.100 > > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > > :Input #0, video4linux2,v4l2, from '/dev/video0': > > :Duration: N/A, bitrate: 124416 kb/s > > :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 > > kb/s, 15 fps, 15 tbr, > > :1000k tbn, 1000k tbc > > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > > : > > : > > :and yes, to answer Jan: > > : > > :$ sysctl kern.video > > :kern.video.record=1 > > : > > : > > : > > :Thanks a lot for your help. > > : > > :Morgan > > : > > : > > :7 octobre 2023 14:36 "Thomas Frohwein" a écrit: > > : > > :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote: > > :> > > :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote: > > :>> The webcam seems well detected but no image is displayed... > > :>> > > :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg? > > :>> > > :>> # dmesg | grep "uvideo" > > :>> ^ > > :>> > > :>> Please post a full dmesg next time. > > :>> > > :>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony > > Electronics Co.,Ltd. Integrated > > :>> Camera" rev 2.01/54.20 addr 3 > > :>> video0 at uvideo0 > > :>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony > > Electronics Co.,Ltd. Integrated > > :>> Camera" rev 2.01/54.20 addr 3 > > :>> video1 at uvideo1 > > :>> > > :>> However, this camera should almost certainly just work anyway. > > :>> > > :>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0 > > :>> ^^^ > > :>> > > :>> Why? > > :> > > :> Looks like Comte followed the console instructions at [1] to the letter. > > :> It seems to me that jumping right to ffplay recording isn't the best > > :> way for you to check the camera is working. Simplest way to test seems > > :> to me: > > :> > > :> $ video -f /dev/video0 > > :> > > :> And then you should see a window with the video stream... > > :> > > :> [1] https://www.openbsd.org/faq/faq13.html#webcam > > : > > > > -- > > Do you realize how many holes there could be if people would just take > > the time to take the dirt out of them? >
Re: Installboot question
Hello, steve.shock...@shockley.net (Steven Shockley), 2023.07.25 (Tue) 16:34 (CEST): > I have a machine with two ATA drives in a softraid mirror. For the Zen > patch, do I run installboot on just sd2 (the softraid volume) or also sd0 > and sd1 (the physical disks)? Thanks. # installboot -v sd2 installboot figures that out by itself. Marcus
Re: error when pkg_add'ing
Hello Pau, lamarededeusen...@googlemail.com (Pau A.S.), 2023.06.24 (Sat) 12:16 (CEST): [...] > In any case, I noticed that when running pkg_add I was finding some strange > error messages such as: > > > # pkg_add -u firefox > quirks-6.133 signed on 2023-06-23T22:56:27Z > No pkgname in packing-list for totem-pl-parser-3.26.6p1 > No pkgname in packing-list for gom-0.4p1 > No pkgname in packing-list for libdmapsharing4-3.9.12p0 > No pkgname in packing-list for libadwaita-1.3.2p0v0 > No pkgname in packing-list for gnome-online-accounts-3.48.0p0 > No pkgname in packing-list for libmediaart-1.9.6p0 > No pkgname in packing-list for uchardet-0.0.8 > No pkgname in packing-list for grilo-0.3.16 > No pkgname in packing-list for liboauth-1.0.3 > quirks-6.133->6.133: ok > Can't install python-3.10.12 because of libraries > |library util.17.0 not found > | /usr/lib/libutil.so.16.0 (system): bad major For reference, I have, on a machine upgraded to current -current 12 hours ago: $ ls -la /usr/lib/libutil.so.* -r--r--r-- 1 root bin 222672 Jun 16 16:11 /usr/lib/libutil.so.16.0 -r--r--r-- 1 root bin 240048 Jun 23 16:51 /usr/lib/libutil.so.17.0 If I were you I'd do a sysupgrade(8) and retry "pkg_add(1) -u" afterwards. I'd run pkg_check(8) too, just to be sure. Marcus
Re: OpenBSD support for xattr on file systems other than UFS ?
Hello, gene...@nativemethods.com (J Doe), 2023.05.12 (Fri) 04:47 (CEST): > I was configuring Samba on my OpenBSD 7.2 server and wanted to support > iOS/iPad OS and macOS clients. > > The documentation for Samba states that the following vfs options are > required to support these clients: > > /etc/samba/smb.conf > . . . > vfs = catia fruit streams_xattr I run a Samba server that does not have these options set - but successfully serves iOS/macOS clients. Apart from that, smb.conf(5) does not have the parameter "vfs", only "vfs object"/"vfs objects" (which are aliases). Marcus
Re: passing environment variables to daemons in rc.d scripts
Hello! jor...@geoghegan.ca (Jordan Geoghegan), 2023.04.20 (Thu) 23:08 (CEST): > Hello, > > tl;dr: Is there any way to pass an environment variable to a daemon started > with rc.d? There's a way via login.conf(.d), here's an example I use: sogod:\ :openfiles-cur=1024:\ :openfiles-max=2048:\ :setenv=GNUSTEP_STRING_ENCODING=NSUTF8StringEncoding:\ :tc=daemon: Marcus > A bit of context for those interested: > > I'm trying to run Apache Airflow from an rc.d script so I can make use of > rcctl and other niceties. My rc.d script is included below. > > The problem I'm facing is that it seems that Airflow looks for various > environment variables such as $HOME, $AIRFLOW_HOME, $AIRFLOW_CONFIG etc and > I'm seeing no obvious way to pass those requisite environment variables to > Airflow from my rc.d script. Without these variables set, Airflow annoyingly > just looks in /dev/null for everything and fails to function. > > I'm probably missing something obvious, but hoping the fine folks here can > point me in the right direction. > > Regards, > > Jordan > > > # Airflow scheduler rc.d script: > > #!/bin/ksh > # > > daemon="/usr/local/bin/airflow scheduler -D" > daemon_flags="-l - --stderr - --stdout -" > daemon_user="_airflowd" > daemon_logger="daemon.info" > daemon_timeout="60" > > . /etc/rc.d/rc.subr > > pexp=".*python.* ${daemon} ${daemon_flags}" > rc_reload=NO > > rc_pre() { > rm -f /var/airflow/airflow/airflow-scheduler.pid > } > > rc_cmd $1 > > > # Airflow webserver r rc.d script: > > #!/bin/ksh > # > > daemon="/usr/local/bin/airflow webserver -D -E -" > daemon_flags="-p 8080 -l - --stderr - --stdout -" > daemon_user="_airflowd" > daemon_logger="daemon.info" > > . /etc/rc.d/rc.subr > > pexp=".*python.* ${daemon} ${daemon_flags}" > rc_reload=NO > > rc_pre() { > rm -f /var/airflow/airflow/airflow-webserver.pid \ > /var/airflow/airflow/airflow-webserver-monitor.pid > } > > rc_cmd $1 >
Re: Using gzip-static with httpd location
j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 17:41 (CET): > Le 10/03/2023 à 16:41, Marcus MERIGHI a écrit : > > j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 02:31 (CET): > > > I just tried applying gzip compression on a simple test web site using > > > httpd > > > and the gzip-static option ; using OpenBSD 7.2/amd64. > > > > > > As I understood the man page, gzip-static is supposed to be used inside > > > the > > > server block ; like listen, errdocs or tls. But doing so does not seem to > > > enable gzip compression for files defined in a location block. > > > > You have to provide the .gz file manually. > > Well, the .gz file does exist. > And I can switch from working state to non-working state by just moving the > gzip-static option from inside the location section to outside of it (still > inside the server section). Sorry for the noise then, I completely missed that in your OP. Marcus
Re: openbsd get really hot/warm
Hello, l...@netc.fr (l...@netc.fr), 2023.03.09 (Thu) 19:20 (CET): > unfortuately obsdfreqd didnt solved the problem... > with just less half of hour uptime, plus running firefox without going > on the internet, it's going up to 55°C did you use any options to obsdfreqd(1)? Like in obsdfreqd -T 50 ? Apart from that... I have obsdfreqd(1) running with -T 60. I very rarely hear the fans of my Lenovo X1 Carbon 5th (2017). Your fans run at full throttle even with only 55°C? Are the fans clean or dusty? Marcus
Re: Using gzip-static with httpd location
Hello, j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 02:31 (CET): > I just tried applying gzip compression on a simple test web site using httpd > and the gzip-static option ; using OpenBSD 7.2/amd64. > > As I understood the man page, gzip-static is supposed to be used inside the > server block ; like listen, errdocs or tls. But doing so does not seem to > enable gzip compression for files defined in a location block. You have to provide the .gz file manually. httpd(8) does not create the gzip file content on the fly. This thread: https://marc.info/?t=16360323104 from when the feature was added, starts with the OP saying: In other words, if a client support gzip compression, when "file" is requested, httpd will check if "file.gz" is avaiable to serve. Also, from httpd.conf(5): Enable static gzip compression to save bandwidth. If gzip encoding is accepted and if the requested file exists with an additional .gz suffix, use the compressed file instead and deliver it with content encoding gzip. Marcus
Re: Question about pf.conf queues
Hello, gene...@nativemethods.com (J Doe), 2023.01.14 (Sat) 23:24 (CET): > On 2023-01-14 11:37, Marcus MERIGHI wrote: > > > Hello, > > > > not an answer but a little input below... > > > > gene...@nativemethods.com (J Doe), 2023.01.14 (Sat) 00:09 (CET): > > > I have a question regarding queuing and priorities in pf.conf on > > > OpenBSD 7.2. > > > > > > I have a basic gateway configuration - a PC with two NIC's (em0, em1). One > > > interface is connected to the LAN and one interface is connected to the > > > Internet with a public IP and with a bandwidth of approximately 60 Mbps > > > down > > > and 10 Mbps up. I perform NAT on the gateway. > > > > > > In terms of queuing, I'd like to make use of the following: > > > > > > ** Queue using HFSC for all outbound traffic > > > > > > ** Flow manager for the queue for fair queue utilization > > > > > > ** For TCP traffic I would like to use two priorities - one for TCP data > > > packets and one for TCP ACKs (as mentioned in Peter Hansteen's "Book of pf > > > 3rd edition" in chapter 7) > > > > > > Current configuration pf.conf: > > > > > > ext_if = "em0" > > > int_if = "em1" > > > > > > set skip on lo0 > > > > > > queue rootq on $ext_if bandwidth 55M max 55M > > > queue dataq parent rootq bandwidth 55M max 55M flows 1024 \ > > > qlimit 1024 default > > > > > > match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0) > > > > > > block all > > > > > > match in on $int_if inet tag LAN > > > match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET > > > > > > pass in quick on $int_if tagged LAN pass in quick on $int_if tagged LAN queue dataq ^^^ This way the packets get assigned to the queue when entering the machine's network handling code. And are treated accordingly when leaving on the outbound interface. (Avoid "quick", unless you want headaches as the ruleset grows.) > > > pass out quick on $ext_if tagged INTERNET > > > > In this message > > > > https://marc.info/?l=openbsd-misc=164521874319122 > > > > sthen@ said > > > > The queue is attached to a firewall state and all packets > > matching that state will pick it up. So if you have a named > > queue present on em0 but not em1, and match with "pass out on > > em1 set queue foo", packets transmitted on em1 will not be > > queued, but packets matching that state (return packets via em0) > > _will_ be queued. > > > > Marcus > > Hi Marcus, > > Thank you for your reply and thank you for the link to MARC. > > Based on what the referenced message states, am I not okay ? I have a > single queue and it is bound to a single NIC $ext_if. The pass rule that > allows the traffic to leave $ext_if should create the state for queuing of > outbound packets, should it not ? > > Or, are you saying that the queue assignment belongs on the pass rule and > not the match statement ? The queue assignment should happen as soon as the pf rules create the state, i.e. on the inbound interface, see the example above. Marcus > So instead of: > > match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET > . . . > pass out quick on $ext_if tagged INTERNET > > ... I could use: > > match out on $ext_if inet tag INTERNET > . . . > pass out quick on $ext_if set queue dataq set prio (5, 6) \ > tagged INTERNET > - J
Re: Question about pf.conf queues
Hello, not an answer but a little input below... gene...@nativemethods.com (J Doe), 2023.01.14 (Sat) 00:09 (CET): > I have a question regarding queuing and priorities in pf.conf on > OpenBSD 7.2. > > I have a basic gateway configuration - a PC with two NIC's (em0, em1). One > interface is connected to the LAN and one interface is connected to the > Internet with a public IP and with a bandwidth of approximately 60 Mbps down > and 10 Mbps up. I perform NAT on the gateway. > > In terms of queuing, I'd like to make use of the following: > > ** Queue using HFSC for all outbound traffic > > ** Flow manager for the queue for fair queue utilization > > ** For TCP traffic I would like to use two priorities - one for TCP data > packets and one for TCP ACKs (as mentioned in Peter Hansteen's "Book of pf > 3rd edition" in chapter 7) > > Current configuration pf.conf: > > ext_if = "em0" > int_if = "em1" > > set skip on lo0 > > queue rootq on $ext_if bandwidth 55M max 55M > queue dataq parent rootq bandwidth 55M max 55M flows 1024 \ > qlimit 1024 default > > match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0) > > block all > > match in on $int_if inet tag LAN > match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET > > pass in quick on $int_if tagged LAN > pass out quick on $ext_if tagged INTERNET In this message https://marc.info/?l=openbsd-misc=164521874319122 sthen@ said The queue is attached to a firewall state and all packets matching that state will pick it up. So if you have a named queue present on em0 but not em1, and match with "pass out on em1 set queue foo", packets transmitted on em1 will not be queued, but packets matching that state (return packets via em0) _will_ be queued. Marcus > My question are: > > 1. For better utilization of TCP traffic I have two priorities assigned to > the queue. Do I require more than one sub queue for this to work ? I don't > intend to subdivide my traffic up (i.e. a SSH queue, and HTTP/S queue, > etc.), I just want all my TCP traffic to benefit from better utilization > with the two priorities. > > 2. If this configuration is currently correct, are they any other changes I > should make for better queuing (ie: better bandwidth utilization) ? > > 3. Given the importance of time keeping, would it be a good idea to have > another queue for NTP traffic and use the highest priority of 7 for it ? > > Thanks, > > - J
Re: DHCP server ignoring PF rules?
hello, barbarosb...@gmail.com (Barbaros Bilek), 2022.12.17 (Sat) 15:07 (CET): > On Sat, Dec 17, 2022 at 4:40 PM Cristian Danila wrote: > > Thanks for the provided info, now it makes sense about what is happening. > > Any idea about a possible way to control these packets? > > Still investigating but I had still not found yet a way to do it. > > Thank you. > > Hello Cristian, > If you put your physical interface into veb(4) and set link1 flag you can > filter dhcp packets. > For more please read man veb > Have a nice weekend. > Barbaros tcpdump(8)'s -B switch might work, too. But beware. dlg@ already answered but he did not mention this, although he committed it and said: support configuring BIOCSFILDROP with tcpdump. this allows tcpdump to be used a quick and dirty firewall. it also looks like an amazing foot-gun, so be careful. for example `tcpdump -B drop -i ix1 udp and port 7` lets you completely drop discard packets in the hardware interrupt handler. [ I minimally edited the line flow. ] https://cvsweb.openbsd.org/src/usr.sbin/tcpdump/tcpdump.c?rev=1.89=text/x-cvsweb-markup I've not used this option, just saying... Marcus > > On Sat, Dec 17, 2022 at 3:11 PM David Gwynne wrote: > > > > > > dhcpd reads packets off the wire using BPF, which happens as packets > > come off the network interface, but before the IP stack where pf runs. > > > > > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > > > > > Good day! > > > > I finished setup an DHCP server and for some reason it seems DHCP > > > > server is ignoring PF filter. > > > > In short, in PF I have active only one rule: > > > > block drop quick all > > > > > > > > Double checked PF and it is enabled > > > > So using a windows machine to test DHCP server: > > > > 1) ifconfig /release > > > > 2) ifconfig /renew > > > > > > > > somehow dhcpd still serves the windows(only when is enabled) and > > > > ignores PF rule. > > > > Could you please help me in telling if dhcpd has some intended logic > > > > to ignore PF or what might > > > > cause this unexpected behavior? > > > > > > > > Kind Regards! > > > > > > > > > > >
Re: CyberPower cp1500PPFCLCD
Good morning, p...@thinkage.ca (Peter Fraser), 2022.11.13 (Sun) 19:56 (CET): > My old UPS dies, it was very old I had been changing batteries on it > for years. It was so old that it used a serial port for > communications. > > I replace it with a new CyberPower cp1500PPFCLCD. > > I connected the USB cable and OpenBSD found > [...] > > Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator0: Off, UNKNOWN > Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator1: Off, UNKNOWN > Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator2: On, UNKNOWN > Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator3: Off, UNKNOWN > Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent0: 100.00%, UNKNOWN > Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent0: marked invalid > Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent1: 100.00%, UNKNOWN > Nov 13 13:21:58 fw sensorsd[42763]: upd0.timedelta0: 11425.00 secs, > UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator0: Off, UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator1: Off, UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator2: On, UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator3: Off, UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent0: 100.00%, UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent0: marked invalid > Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent1: 100.00%, UNKNOWN > Nov 13 13:23:38 fw sensorsd[20386]: upd0.timedelta0: 11425.00 secs, > UNKNOWN > > My sensorsd.conf contains > > hw.sensors.upd0.percent0:low=99.00%:command=/etc/ups-shutdown %2 > > The 99.00% was to allow me to test it easily > > As far as I could tell there is no way to ask sensorsd to only run a > program when the UPS is not charging and the % left is less than a > value. > > At this point one of two things happened. Either then upd0 values > disappear from sysctl or the system dies with no messages, and I have > to do a hard reset. > > Does anyone have any ideas of what is going on and how to fix it. I have one of these CyberPower USV, it works for years already. Unfortunately it's connected to a windows server where it shows up as a laptop battery. What I do with sensorsd(8) on OpenBSD for the upd(4) USVs: $ cat /etc/sensorsd.conf hw.sensors.upd0.percent0:low=80:high=100:command=/etc/sensorsd.upd.sh \ %l %n %s %x %t %2 %3 %4 $ cat /etc/sensorsd.upd.sh #!/bin/sh -e [[ X"${1}" == X"below" && $(sysctl -n hw.sensors.upd0.indicator5) != \ "On (ACPresent), OK" ]] && shutdown -hp +1 There were long threads on sensorsd(8) in the past. Marcus
Re: Xiaomi Mi Air, Synaptic trackpad and OpenBSD 7.2.
Hello, cont...@anarchosaxophonist.org (Brian Durant), 2022.11.12 (Sat) 10:49 (CET): > I am trying to get the Synaptic trackpad (12C?) on a Xiaomi Mi Air laptop > working. I have found several references in the OpenBSD man pages, so I > believe something has been worked on, but at what stage the development is > currently at, I am a bit unsure. Usually, if something is included in > OpenBSD, it often just works, but sometimes configuration is needed. As I > have seen no references to this in the mailing list archive, I thought that > I would ask here - do I just need to configure something, or is development > still working on this? this sounds like you have OpenBSD running on that hardware with only the trackpad not working. What machine is this? I cannot find it at a local retailer and looking for "Xiaomi Mi Air" on am?zon makes me wonder if this thing really runs OpenBSD :-) https://www.amazon.com/Xiaomi-Purifier-Efficiency-Eliminate-Coverage/dp/B094NST3N8 dmesg please! Marcus
Re: Howto convert Sierra Wireless EM7455 from umsm to umb
Hello Barbaros, barbarosb...@gmail.com (Barbaros Bilek), 2022.11.06 (Sun) 13:49 (CET): > Thanks for your reply. > I've tried disabling umsm but it didn't work. > Now OpenBSD recognize it as ugen0 > ugen0 at uhub0 port 7 "Sierra Wireless, Incorporated Sierra Wireless EM7455 > Qualcomm\M-. Snapdragon? X7 LTE-A" rev 3.00/0.06 addr 2 sorry about that, but worth a try. > Also, I think the link you posted above is wrong. I have no idea how that happend. The subject was List SIMCom SIM8262E-M2 as supported for umb(4) (Kevin Lo ) https://marc.info/?l=openbsd-tech=166523975919835 If I got it right this time. It's a non-standard AT command to be sent via one of the serial ports of the card. Marcus > It talks about something different ("patch for embedded controller > detection") and I couldn't relate with this issue. > Regards. > > P.S. dmesg attached, also i can supply more. Thanks for reading. > > > On Sun, Nov 6, 2022 at 1:45 PM Marcus MERIGHI wrote: > > > barbarosb...@gmail.com (Barbaros Bilek), 2022.11.05 (Sat) 23:22 (CET): > > > I have Sierra Wireless EM7455 on my OpenBSD 7.2 router device. > > > OpenBSD detects this card like this: > > [...] > > > Is it possible to convert this card into MBIM mode to get an umb device? > > > Thanks. > > > > The man page of umb(4) lists this device, so it should work. > > You could try disabling umsm(4) with config(8) and see if this > > makes it attach as umb(4) > > Maybe you need a magical command like the one mentioned here: > > > > https://marc.info/?l=openbsd-tech=166523592618229 > > > > Marcus > > > OpenBSD 7.2 (GENERIC.MP) #0: Wed Oct 26 12:01:47 MDT 2022 > > r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 4244283392 (4047MB) > avail mem = 4098240512 (3908MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7f31 (47 entries) > bios0: vendor American Megatrends Inc. version "R1.00" date 01/31/2019 > bios0: Caswell CAN-0261 > acpi0 at bios0: ACPI 6.1 > acpi0: sleep states S0 S4 S5 > acpi0: tables DSDT FACP FPDT FIDT TCPA MCFG WDAT APIC BDAT HPET UEFI SSDT > DMAR SPCR HEST BERT ERST EINJ WSMT > acpi0: wakeup devices PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) > PEX6(S4) PEX7(S4) XHC1(S4) LAN0(S4) LAN1(S4) LAN2(S4) LAN3(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimcfg0 at acpi0 > acpimcfg0: addr 0xe000, bus 0-255 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 12 (boot processor) > cpu0: Intel(R) Atom(TM) CPU C3338 @ 1.50GHz, 1500.01 MHz, 06-5f-01 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line > 16-way L2 cache > cpu0: smt 0, core 6, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 25MHz > cpu0: mwait min=64, max=64, C-substates=0.2.0.2, IBE > cpu1 at mainbus0: apid 24 (application processor) > cpu1: Intel(R) Atom(TM) CPU C3338 @ 1.50GHz, 1500.02 MHz, 06-5f-01 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line > 16-way L2 cache > cpu1: smt 0, core 12, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins > acpihpet0 at acpi0: 2399 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (PEX0) > acpiprt2 at acpi0: bus 2 (PEX1) > acpiprt3 at acpi0: bus 3 (PEX2) > acpiprt4 at acpi0: bus 4 (PEX3) > acpiprt5 at acpi0: bus -1 (PEX4) > acpiprt6 at acpi0: bus 5 (PEX5) > acpiprt7 at acpi0: bus -1 (PEX6) > acpiprt8 at acpi0: bus -1 (PEX7) > acpiprt9 at acpi0: bus -1 (VRP2) > acpiprt10 at acpi0: bus 6 (VRP0) > acpiprt11 at acpi0: bus 7 (VRP1) > acpipci0 at acpi0 PCI0: 0x0010 0x
Re: Howto convert Sierra Wireless EM7455 from umsm to umb
barbarosb...@gmail.com (Barbaros Bilek), 2022.11.05 (Sat) 23:22 (CET): > I have Sierra Wireless EM7455 on my OpenBSD 7.2 router device. > OpenBSD detects this card like this: [...] > Is it possible to convert this card into MBIM mode to get an umb device? > Thanks. The man page of umb(4) lists this device, so it should work. You could try disabling umsm(4) with config(8) and see if this makes it attach as umb(4) Maybe you need a magical command like the one mentioned here: https://marc.info/?l=openbsd-tech=166523592618229 Marcus
Re: Re-enable trackpad after resuming from hibernate
srira...@berkeley.edu (Sriranga Veeraraghavan), 2022.10.24 (Mon) 10:18 (CEST): > I just installed OpenBSD 7.2 on my Surface Go 3, and everything seems > to work as well as it did with OpenBSD 7.1 on my Surface Go 2, except > for one thing - the trackpad is not enabled after resuming from > hibernate (the keyboard and the touch screen are enabled). I can > re-enable the trackpad manually with: > > xinput --enable /dev/wsmouse2 > > I have tried putting this in /etc/apm/resume, but it doesn’t seem to > work. When running X.Org things from hotplugd or apmd, remember these run as root and aren't allowed to run commands in your X environment. /usr/bin/su -l -s /bin/sh \ -c "xinput --enable /dev/wsmouse2" That might do the job. Possibly you have to use xhost(1) too, I do not remember atm. Marcus > Has anyone experienced something similar? If so, are there any > recommendations on how to automatically re-enabled a trackpad after > resuming from hibernate?
Re: relayd blocking by IP
fosf...@gmail.com (Fabio Martins), 2022.05.06 (Fri) 00:43 (CEST): > On Thursday, May 5, 2022, Stuart Henderson > wrote: > > not quite, PF is looking up the IP in the table to decide which port > > number to use > > then the different port number is handled in relayd to pick between > > two contexts: > > one does not inspect Host (for those requests coming from > > addresses on "geoallow") > > the other (for all other requests) does inspect Host > > > > Understood. Also possible this way. Just got around to implement it, this is for the archives: (Thanks again for the hint, sthen@) pf.conf(5): table persist file "/etc/pf/geoallow" pass in on egress proto tcp from any port > 1023 \ to (self) port { http https } pass in on egress proto tcp from port > 1023 \ to (self) port http rdr-to 127.0.0.1 port 8880 pass in on egress proto tcp from port > 1023 \ to (self) port https rdr-to 127.0.0.1 port 8443 relayd.conf(5): relay httpredir { # without geoblocking listen on 0.0.0.0 port http listen on 0.0.0.0 port https tls protocol httpproto forward to port 19000 forward to port 17000 } http protocol httpproto { return error block match request header "Host" value "somesite.somewhere" \ forward to tag httpd match request path "/.well-known/acme-challenge/*" \ forward to tag acme pass request tagged httpd method HEAD pass request tagged httpd method GET pass request tagged httpd method POST pass request tagged acme method GET } relay httpredirgeo {# with geoblocking listen on 0.0.0.0 port 8880 listen on 0.0.0.0 port 8443 tls protocol httpprotogeo forward to port 19000 forward to port 8083 forward to port 80 forward to port 2 forward to port 18000 forward to port 17000 } http protocol httpprotogeo { return error block match request header "Host" value "somesite.somewhere" \ forward to tag httpd match request path "/.well-known/acme-challenge/*" \ forward to tag acme match request header "Host" value "webm.somesite" path "/SOGo/*" \ forward to tag dav match request tagged dav header set "X-Real-IP" \ value "https://$REMOTE_ADDR; match request tagged dav header set "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match request tagged dav header set "X-Forwarded-For" \ value "$REMOTE_ADDR" match request tagged dav header set \ "x-webobjects-server-protocol" value "HTTP/1.0" match request tagged dav header set \ "x-webobjects-remote-host" value "127.0.0.1" match request tagged dav header set \ "x-webobjects-server-name" value "webm.somesite" match request tagged dav header set "x-webobjects-server-port" \ value "$SERVER_PORT" pass request tagged httpd method HEAD pass request tagged httpd method GET pass request tagged httpd method POST pass request tagged acme method GET pass request tagged dav method HEAD pass request tagged dav method GET pass request tagged dav method POST pass request tagged dav method PUT pass request tagged dav method DELETE pass request tagged dav method MKCOL pass request tagged dav method MOVE pass request tagged dav method OPTIONS pass request tagged dav method PROPFIND pass request tagged dav method REPORT pass request tagged dav method PROPPATCH }
Re: relayd blocking by IP
Hello Stuart, Hello Fabio, thanks for reading and suggesting! fosf...@gmail.com (Fabio Martins), 2022.05.04 (Wed) 22:29 (CEST): > On Wednesday, May 4, 2022, Stuart Henderson > wrote: > > On 2022-05-04, Marcus MERIGHI wrote: > > > I need to block http/s traffic, but only for some Host: header values. > > > I.e. domain "xyz.abc" should be reachable, domain "klm.opq" not, both > > > behind the same IP. > > > > > > This rules out blocking with PF. > > > > > ... > > > > > > Thanks in advance for any pointers! > > > > Maybe redirect connections from the PF table to a different port, then > > handle the two ports differently in relayd? This is one of the "OMG, why didn't i think of that myself" moments. Thanks for the clue stick! pseudo code, order matters: pass in on egress from any to port 443 rdr-to $relayd port 8443 pass in on egress from to port 443 rdr-to $relayd port 9443 > This may be possible to do via httpd listening on different ports for each > domain, since they share the same IP address. Exactly, though it is going to be relayd that is listening and forwarding to the application (or not, in case of geoblocking). Marcus
Re: Server certs expired higher up the chain, imaps and https
Hello! benoit-li...@fb12.de (Sebastian Benoit), 2021.09.30 (Thu) 21:42 (CEST): > Chris Bennett(cpb_m...@bennettconstruction.us) on 2021.09.30 10:02:17 -0700: > > I'm getting that the certs are expired, but https works fine in Firefox, > > including when looking at the full chain. > > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect > > mail.strengthcouragewisdom.rocks:https > > This is an issue with an expired root/intermediate certificate (DST Root X3) > in use by Let's Encrypt. > > Stuart Henderson (sthen@) summarized it like this: > > LibreSSL in OpenBSD 6.9/earlier is having problems with the expiry of a > CA certificate used to cross-sign Let's Encrypt certs. > > LE decided not to switch to using their own root fully, rather they > are continuing to use the expired cross-signer to increase compatibility > with old Android devices, which is tickling this problem. > https://letsencrypt.org/2020/12/21/extending-android-compatibility.html > > An errata has just been published, you can install it using syspatch. I've syspatch(8)-ed a machine that now delivers the following error: $ ftp -VMo /dev/null \ "https://shop.theater-phoenix.at/Events.aspx?msg=0=1; TLS handshake failure: certificate verification failed: unable to get local issuer certificate $ openssl s_client -servername shop.theater-phoenix.at -connect \ shop.theater-phoenix.at:https Verify return code: 21 (unable to verify the first certificate) The server "shop.theater-phoenix.at" runs under Windows and uses letsencrypt certificates. Does this issue have the same root cause or is this something different? Marcus
Re: Server certs expired higher up the chain, imaps and https
Hello! stu.li...@spacehopper.org (Stuart Henderson), 2021.10.02 (Sat) 16:13 (CEST): > On 2021-10-02, Marcus MERIGHI wrote: > > benoit-li...@fb12.de (Sebastian Benoit), 2021.09.30 (Thu) 21:42 (CEST): > >> Chris Bennett(cpb_m...@bennettconstruction.us) on 2021.09.30 10:02:17 > >> -0700: > >> > I'm getting that the certs are expired, but https works fine in Firefox, > >> > including when looking at the full chain. > >> > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect > >> > mail.strengthcouragewisdom.rocks:https > >> > >> This is an issue with an expired root/intermediate certificate (DST Root > >> X3) > >> in use by Let's Encrypt. > > I've syspatch(8)-ed a machine that now delivers the following error: > > $ openssl s_client -servername shop.theater-phoenix.at -connect \ > > shop.theater-phoenix.at:https > > Verify return code: 21 (unable to verify the first certificate) > > Does this issue have the same root cause or is this something different? > > Different. They are using the wrong *intermediate* cert (which expired on > *Wednesday*): > > Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 > Validity > Not Before: Oct 7 19:21:40 2020 GMT > Not After : Sep 29 19:21:40 2021 GMT > Subject: C=US, O=Let's Encrypt, CN=R3 > > Specifically, at present they should be using this instead: > https://letsencrypt.org/certs/lets-encrypt-r3.pem > However it may change in future so they should use the one fetched by > their ACME client (generally this > means using the "fullchain" file) rather than fetching a separate one. I've nominated you for the "most helpful person around" award. Thanks! Marcus
Re: Permit to reprint tshirt artwork
Good morning! titomarifran...@gmail.com (Tito Mari Francis Escaño), 2021.07.26 (Mon) 04:28 (CEST): > I really like the tshirt design as illustrated here: > https://www.openbsd.org/images/tshirt-23.gif The most recent similar thread I could find: https://marc.info/?l=openbsd-misc=155439809001096 Marcus > I bought this shirt before and I was hoping to buy at least one but as per > https://www.openbsd.org/tshirts.html this is out of print. > > Can you please point me to whom I should ask permission to reprint > t-shirts with this design? > > Thanks and regards.
Re: X220 thinkpad battery issue
Hello! b...@shoshoni.info (Bryan Linton), 2021.07.15 (Thu) 11:33 (CEST): > On 2021-07-15 08:57:32, Isak Holmström wrote: > > Hello, > > I recently discovered that my battery is not charging. I really > > can’t find anything when searching the web regarding openbsd and > > A couple thoughts. > > 1) The battery may simply be dead. AFAIUI, modern laptop > > 2) Have you upgraded the laptop's internals, or changed the power > charger you use? I know that newer models of Thinkpads will > > 3) Power sockets get plugged and unplugged a lot, and tend to > wear out over time. Could the socket itself be loose? Does Some more thoughts... 4) the X220 has a LED indicator that goes off and back on again if I plug the power cord. What does yours do? 5) I've once had luck with simply taking the battery out of the notebook, waiting some time, an re-plugging it. But that did not help for long, see 1) :-) Marcus
Re: CWM+Xterm+Tmux+Vim & Copy/Paste
Hello! d...@silentsystems.org (David Anthony), 2021.07.12 (Mon) 23:12 (CEST): > Does anyone using the combination of CWM+Xterm+Tmux+Vim have any advice > for dealing with Copy/Paste? To/From Browser? Not yet seen among the valuable advice already given: $ grep M-v .cwmrc bind-key M-v "xdotool click --clearmodifiers 2 keyup alt" This emulates a middle mouse klick and lets you paste without touching your mouse. Marcus
Re: apu2 and Atheros WLE600VX not working
Hello! g.lis...@nodeunit.com (George), 2021.06.30 (Wed) 01:41 (CEST): > I am running OpenBSD 6.9 the machine recognizes an earlier version of > the same wireless PCIe card, namely the WLE200NX but for some, > unknown to me reason, the WLE600VX is not recognized. I checked the > athn driver support for the chip set which should be AR9280 and it list it. > When I boot I get in dmesg: > "Atheros QCA986x/988x" rev 0x00 at pci1 dev 0 function 0 not configured You have: https://www.pcengines.ch/wle600vx.htm Chipset Qualcomm Atheros QCA9882 "Expect some pain, ath10k drivers required. Currently not supported by pfSense / OPNsense !" => GCA9882 is not in athn(4). You want: https://www.pcengines.ch/wle200nx.htm Chipset Qualcomm Atheros AR9280. => AR9280 is in athn(4). I have the latter and it works, in an apu2. Marcus
Re: Who is responsible for ports.su? (admittedly a non-canon resource)
rop...@gmail.com (ropers), 2021.06.14 (Mon) 00:21 (CEST): > > On 2021-06-13, ropers wrote: > >> Sorry to disturb, but does anyone know how to contact whoever is > >> responsible for ports.su? > >> An email address would be great, though I'm not sure if it's okay to > >> post that on-list. Perhaps it's okay to send that off-list? > On 13/06/2021, Stuart Henderson wrote: > > It's Constantine Murenin, I'm not sure of working contact methods. Ian, if you are still into it, maybe try the email from his latest post? https://marc.info/?l=openbsd-misc=158567929032597 Marcus
Re: Maintaining modified binary kernel config
parod...@gmail.com (Parodper), 2021.05.29 (Sat) 19:03 (CEST): > # config -e -o bsd.new /bsd > ukc> disable radeondrm > ukc> quit > # mv bsd.new /bsd > > But that only lasts for one reboot (I think on some cases not even > that). After that the next reboots have the same problem. Any tips to > make the changes permanent? someone more knowledgeable than me once upon a time said: $ cat /etc/rc.shutdown printf 'disable ulpt\nq\n' | config -ef /bsd sha256 /bsd >/var/db/kernel.SHA256 (Antoine Jacoutot 19 Mar 2020 po...@openbsd.org) and: After boot, the kernel is relinked in a random order in the background ("/usr/libexec/reorder_kernel &" in /etc/rc). This is done so that there will be a different memory layout on different boots, making it harder to carry out types of attack that rely on knowing where things are in the kernel. [...] You can disable the reordering by removing /var/db/kernel.SHA256 but be aware that syspatch relies on the reorder_kernel mechanism in order to apply kernel patches. So if you do this and need to apply such patches, re-enable it temporarily before running syspatch: "sha256 -h /var/db/kernel.SHA256 /bsd" - stop any unnecessary processes - then run syspatch. After syspatch has finished you can remove kernel.SHA256 again before rebooting. (Stuart Henderson 2 Oct 2019 misc@openbsd.org) ++++++++ Hope this helps you in your quest... Marcus
ssh(1) -v gives debug1: pledge: filesystem full
Hello! By accident I noticed that $ ssh -v $host gives me, among many other lines, this debug1: pledge: filesystem full Tried with multiple hosts. None of the filesystems on the hosts (client, servers) is full. The messages appears when connecting from -current (as of yesterday) to 6.9, when connecting from 6.9 to 6.9 and when connecting from -current to -current. My .ssh/config has: Host * ServerAliveInterval 15 ServerAliveCountMax 4 AddKeysToAgent yes Host a b c d e f ForwardAgent yes host g h ProxyJump i CheckHostIP no Is this expected? Something to worry about? Marcus
Re: Managed to mess up the system encrypted disk. I can no longer boot.
Hello Samarul, samarul@gmail.com (Samarul Meu), 2021.03.08 (Mon) 10:46 (CET): > On Thu, Jan 28, 2021 at 10:27 AM Samarul Meu wrote: > > Thank you so much! You made my day! > > So I used FuguIta (6.8 - stable) attached the encrypted partition > > (accessible as sd1 now) and 'installboot sd1', reboot and surprise - > > everything is working. I still have no idea why detaching the softraid > > determined this kind of behavior. > > Today I stumbled again on the same error, but in a different situation, > let's say. [...] > 1. attach an encrypted disk (partition) with an OpenBSD installation on > it, let's say sd1a --- "bioctl -c C -l sd1a softraid0" --- you will get > the new sd2 > 2. detach the sd2 "bioctl -d sd2" > 3. The OpenBSD will no longer boot. No mount(8) and umount(8) between step 1 and 2? Marcus
Re: 4k sector disk on APU2 problems
Hello, raimo+open...@erix.ericsson.se (Raimo Niskanen), 2021.03.01 (Mon) 14:30 (CET): > The disk showed up as a 4k sector disk, and after installing OpenBSD 6.7 > over USB over the mSATA-SATA adapter I plugged it in the internal mSATA > connector, and it did not boot. I've recently had the same encounter. 14TB HDD in an external USB enclosure, to sync the data to it before putting it in the machine. The disk showed 4k sectors in the external enclosure. After days of data transfer (~11TB) I finally put the HDD it in the machine and learned the same lesson as you did: the 4k sectors turned to 512 byte sectors when connected internally via SATA. Unpleasant, but actually OT for an OpenBSD list, I'm afraid. Marcus
Re: snapshot of today, pkg_add -u changed behaviour
sven.falem...@gmail.com (Sven F.), 2021.02.24 (Wed) 19:04 (CET): > On Wed, Feb 24, 2021 at 12:06 PM Stuart Henderson > wrote: > > > > On 2021-02-24, Marcus MERIGHI wrote: > > > Hello! > > > > > > I just ugraded two machines to the snapshot of the day: > > > > > > OpenBSD 6.9-beta (GENERIC.MP) #357: Tue Feb 23 22:09:48 MST 2021 > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > > > When I run pkg_add -u afterwards, it just sits there, without output, > > > for an unusually long time. > > > > > > With ^T it says: Processing Parameters. > > > > > > After some minutes the usual output starts. > > > > > > Just thought I'd mention it here, in case someone is worried about not > > > seeing the familiar behaviour (as I was). > > > > > > Marcus > > > > > > > > > > Check for running ftp processes and you might get a better idea what > > it's doing. Do you have a slow connection to the mirror you're using? > > > > FETCH_CMD="ftp -v" pkg_add -u ? Thanks for your assistance, Sven and Stuart! It's just that ftp2.eu.openbsd.org is slow for me. As nothing in my environment had changed and the download of the base system didn't take longer than usual, I thought pkg_add(1) might be doing something differently. speedtest-cli says 20 Mbit/s download speed, while lynx http://ftp2.eu.openbsd.org/pub/OpenBSD//snapshots/packages/amd64/ takes ages. FETCH_CMD="ftp -v" did not make much of a difference, as it's the initial ftp -v -o - http://ftp2.eu.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/ that takes so long (I'm ctrl-c'ing it after 10 minutes right now, on my third machine to upgrade.) ftp.hostserver.de to the rescue... Sorry for the noise! Marcus
snapshot of today, pkg_add -u changed behaviour
Hello! I just ugraded two machines to the snapshot of the day: OpenBSD 6.9-beta (GENERIC.MP) #357: Tue Feb 23 22:09:48 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP When I run pkg_add -u afterwards, it just sits there, without output, for an unusually long time. With ^T it says: Processing Parameters. After some minutes the usual output starts. Just thought I'd mention it here, in case someone is worried about not seeing the familiar behaviour (as I was). Marcus
Re: relayd.conf prefork > 3, relayd does not answer
Hello, mcmer-open...@tor.at (Marcus MERIGHI), 2021.02.07 (Sun) 18:28 (CET): > I just saw a reason to crank relayd.conf(5)s "prefork" from its default > of 3 to 12. > After restarting relayd I could not connect anymore. PEBKAC: The "prefork" directive followed the table definitions, which is the wrong order according to relayd.conf(5). As soon as I moved it up things worked. I suspect that "prefork 3" worked even in the wrong position because it is the default value that does not change anything. Sorry for the noise, Marcus
Re: home printer
rop...@gmail.com (ropers), 2021.02.08 (Mon) 21:43 (CET): > On 08/02/2021, Pierre-Philipp Braun wrote: > > Anyway, I don't suppose any of you know whether any of your > recommended devices have printer steganography built in? I've been told, by a local xerox technician, to never print any ransom demand letter with a modern printer because any printout could be attributed to the serial number of the printer. Marcus
relayd.conf prefork > 3, relayd does not answer
hello! OpenBSD 6.8 with patches (full dmesg at the end). I just saw a reason to crank relayd.conf(5)s "prefork" from its default of 3 to 12. After restarting relayd I could not connect anymore. Reverting to "prefork 3" made things return to normal working state. The only thing I can tell from the logs is that with normal startup, after "relayd[79886]: startup", there's the "adding X hosts from table[...]" messages. With prefork greater than 3, these messages are missing. Does anyone see the same? Can anyone give it a try? Thank you in advance... Marcus OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34224320512 (32638MB) avail mem = 33172054016 (31635MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xec9b0 (74 entries) bios0: vendor American Megatrends Inc. version "3.1" date 06/07/2018 bios0: www.1he-server.com GN#15069 acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG UEFI HPET MSCT NFIT SLIT SRAT WDDT SSDT NITR SSDT SSDT PRAD DMAR HEST BERT ERST EINJ acpi0: wakeup devices IP2P(S4) EHC1(S4) EHC2(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) BR1B(S4) BR3A(S4) BR3B(S4) BR3C(S4) BR3D(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.27 MHz, 06-4f-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.01 MHz, 06-4f-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.01 MHz, 06-4f-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.01 MHz, 06-4f-01 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 8 (application processor) cpu4: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.02 MHz, 06-4f-01 cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu4: 256KB 64b/line 8-way L2 cac
Re: 6.8 and Procmail/Formail: anyone still using them?
aus...@computershop.ca (Austin Hook), 2021.01.30 (Sat) 10:52 (CET): > Marcus: > > > Regarding procmail beware of this: > > https://marc.info/?l=openbsd-ports=151256201621939 > > Fascinating. Never caught that discussion before. I gather a specially > crafted message could get control of the user's account, or at least it > would hard to prove that it couldn't. > > I guess I can appreciate further, that since the mail system processes the > .forward file, that means a task with higher privileges than even the > user, has to deal with external world possibly garbage or infected input, > which could be unfriendly, and if the code base was designed without even > such a thought, and is unwieldy -- there was the incentive to do better. > > Oh, but the years of fine tuning the procmail scripts oh yeah! and it gets even worse... sooner or later we might have to switch to sieve[1] scripts. because that is what dovecot and everything else understands. but it's standardized, as a plus. [1] https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language) > > formail is not in the ports tree, afaict. > I probably just should have said only the package for procmail; formail > comes with it. I should have used pkg_locate(1) first... > formail goes into the .forward file, and regularizes any > problems with the "From" email address, before handing off to procmail. > I guess that's somewhat a security enhancement. Perhaps not enough. > > Maybe formail isn't always used or was dropped in later version. I see a > comment from Steve (clipped below) that he doesn't use it. [Haven't yet > checked out his reference or absorbed it's implications yet. May comment > further, if I further retry procmail first, before learning fdm.] > > > I use ~/Maildir > > In your case, is that ~/Maildir (a file), or is it ~/Maildir/ a directory? It is a directory, and a different way to store mail. see https://en.wikipedia.org/wiki/Maildir > In my new install, not doing any mail sorting yet, Simple "Mail" seems to > put new mail into ~/mbox (the file) if not handled explicitly other than > looking at the subject lines -- even though it says (at run time) > something about putting it back into the user's mailbox -- which is > different wording from the documentation, and slightly confusing. ha-ha, the second time within a couple of days that mail(1) interactive use confuses people, including me :-) > Alpine (not further configured) moves all new mail from /var/mail/*user*/ > to ~/mbox (the file), soon as it is invoked. my gut feeling is that this historic behaviour is going extinct. Marcus > On Wed, 27 Jan 2021, Maurice McCarthy wrote: > > > Most use fdm from ports > > Best > > On Wed, 27 Jan 2021, Marcus MERIGHI wrote: > > > aus...@computershop.ca (Austin Hook), 2021.01.26 (Tue) 18:43 (CET): > > > Wonder if anyone is still using Procmail/Formail under 6.8 for > > > presorting incoming mail before it hits one's main inbox. > > > > Regarding procmail beware of this: > > https://marc.info/?l=openbsd-ports=151256201621939 > > > > formail is not in the ports tree, afaict. > > > > I switched from procmail to fdm: > > > > Information for inst:fdm-2.0p0 > > > > Comment: > > fetch, filter and deliver mail > > > > Description: > > fdm is a simple, lightweight replacement for mail fetch, filter and > > delivery programs such as fetchmail and procmail. It can fetch using > > POP3 or IMAP (with SSL) or from stdin, and deliver to a pipe, file, > > maildir, mbox or SMTP server, based on regexps. > > > > Maintainer: Nicholas Marriott > > ++++ > > > > > Also wondering if folks send the remainimg mail, after filtering, to > > > /var/mail/*user*, or to ~/mbox or to ~mail/mbox. Any advantage to be > > > had, > > > or any mere consensus, regardless of advantages? > > > > I use ~/Maildir > > > > Marcus > > > Date: Wed, 27 Jan 2021 09:04:43 -0700 > From: Steve Williams > To: misc@openbsd.org > Subject: Re: 6.8 and Procmail/Formail: anyone still using them? > > Hi, > > I am using procmail under 6.8 successfully.? I did have problems with it > when upgrading to (I think) 6.4. > > If you look for the mail list archives for "OpenBSD 6.4 smtpd local mail > delivery missing "From " when .forward (procmail)" > > My .procmailrc: > > "|/usr/local/bin/procmail -f -" > > Not sure if this is your problem or not.? But I have quite a large > .procmailrc file (200 lines) that makes? a historical archive of every > incoming email, filtering maillist emails, etc. > > Thanks, > Steve W. > >
Re: Installing across two SSDs, encrypted
gj...@omecha.info (Grégoire Jadi), 2021.01.30 (Sat) 11:03 (CET): > Joe Nelson writes: > > > Second, how do I get the OS to prompt me during startup for a > > passphrase, and mount the encrypted drive? (It's not the primary drive > > with the OS on it, which seems nonstandard.) > > Checkout rc(8), in particular rc.local. > > I've used something like: > > echo 'adding encrypted home partition' > bioctl -c C -l ENCRYPTED_UID.k softraid0 && \ > fsck DECRYPTED_UID.a && \ > mount /home > > Could be improved with a loop to retry in case you misstype the > passphrase. This is just another suggestion... If you run xenodm(1) you can put the following in /etc/X11/xenodm/Xsetup_0 : ssh-askpass "Pass for disk" | bioctl -s -c C -l \ DUID.slice softraid0 hotplugd(8) is your friend for automatically fscking and mounting of the softraid(4) crypt partitions. If you do not run xenodm/X11 then Grégoire's hint would fit, but interrupt your boot process; alternatively you can abuse ttys(5) by changing a line like, for instance, this: ttyC5 "/etc/ttymenu.getty" vt220 on secure "/etc/ttymenu.getty" could look like this: TERM=vt220 /etc/ttymenu < /dev/$1 > /dev/$1 "/etc/ttymenu" is a script of your liking. You have to switch to ttyC5 to enter your passphrase. rc.local(8) can take you there, via "wsconsctl display.focus=4". If you want your $HOME encrypted, I'd recommend two slices on $BIGDRIVE. One smaller (in my case 5GB) for $HOME and a huge one for a sub directory of $HOME that holds your data (but *always* listen to Nick's partition/slice size advice!). Purpose of this separation is quicker access to your $HOME in case of an unclean shutdown. $HOME gets fsck'ed quickly and you can log in. fsck on $BIGSLICE will take a while... Marcus
Re: Can't set 'from' address in .mailrc
Hello, tetrahe...@danwin1210.me (tetrahe...@danwin1210.me), 2021.01.28 (Thu) 16:00 (CET): > I'm trying to set up my system so I can use 'sendbug' to send in a bug > report for a kernel panic, and a number of issues have cropped up. > > 1. My mail provider won't let me send email from but only > from . Therefore I tried adding to ~/.mailrc: > set from "my_lap...@domain.com" > Unfortunately, this didn't fix the issue, and /var/log/maillog is still > showing "Sender address rejected" messages. > According to the mail manpage 'from' is a binary option, but this makes no > sense to me, where does one set the default from address? I have nothing to say on mail(1) interactive usage :-) and got confused reading the man page, just as you. You could use "sendbug -P > sendbug.out" to get your report in a file and send that from a different host. Or edit the file and $ cat sendbug.out | mail -s "my bug report" -r my_lap...@domain.com \ -c my_lap...@domain.com b...@openbsd.org > 2. Where can I find the message that 'sendbug' composed? 'ls > /var/spool/smtpd/queue/*' does not show any messages in any of the > subfolders, did smtpd delete it because it couldn't be delivered? Do you see smtpd[30872]: warn: queue: no return path! in /var/log/maillog? Do you have a file named "dead.letter"? Marcus
Re: 6.8 and Procmail/Formail: anyone still using them?
aus...@computershop.ca (Austin Hook), 2021.01.26 (Tue) 18:43 (CET): > Wonder if anyone is still using Procmail/Formail under 6.8 for > presorting incoming mail before it hits one's main inbox. Regarding procmail beware of this: https://marc.info/?l=openbsd-ports=151256201621939 formail is not in the ports tree, afaict. I switched from procmail to fdm: Information for inst:fdm-2.0p0 Comment: fetch, filter and deliver mail Description: fdm is a simple, lightweight replacement for mail fetch, filter and delivery programs such as fetchmail and procmail. It can fetch using POP3 or IMAP (with SSL) or from stdin, and deliver to a pipe, file, maildir, mbox or SMTP server, based on regexps. Maintainer: Nicholas Marriott > Also wondering if folks send the remainimg mail, after filtering, to > /var/mail/*user*, or to ~/mbox or to ~mail/mbox. Any advantage to be had, > or any mere consensus, regardless of advantages? I use ~/Maildir Marcus
Re: libreoffice package broken in -current 3.509
Hello, n.dellu...@gmail.com (Nicola Dell'Uomo), 2021.01.17 (Sun) 11:25 (CET): > after upgarding packages from 3.507 to 3.509 in -current, libreoffice > crashes when it starts. Already known, but (AFAIK) unsolved: https://marc.info/?t=16106348152=1=2 Marcus
Re: auto-boot
bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 18:07 (CET): > Le jeudi 14 janvier 2021 à 16:59 +0100, Marcus MERIGHI a écrit : > > bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 16:05 (CET): > > > Le jeudi 14 janvier 2021 à 15:47 +0100, Marcus MERIGHI a écrit : > > > > bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 10:20 (CET): > > > > > I have a router connected via a serial port to another machine > > > > > (which > > > > > is usually powered off), wich fails to boot until I connect and > > > > > validate the boot> prompt > > > > > > > > > > I configured my boot.conf as it follows : > > > > > > > > > > # cat > > > > > /etc/boot.conf > > > > > set timeout 10 > > > > > set tty com0 > > > > > > > > I usually have > > > > > > > > stty com0 115200 > > > > set tty com0 > > > > set timeout 2 > > > > > > > > and the machines boot automagically... > > > > > > > > Marcus > > > > > > > Actually, it looks like the automagic boot depends on the status of > > > the > > > attached computer : when it runs, the router boots automagically, > > > and > > > when it does not, then the boot waits until I press enter (after > > > booting it, obviously) > > > > Ah, I failed on getting what you meant! > > > > Emitting wild guesses now... As soon as the boot> prompt receives > > input, > > it cancels the timout counter (and doesn't auto-boot). Could it be > > that > > your non-auto-booting machine receives something that looks like > > input > > to the boot> prompt? Can you test with the serial cable detached? > > > > Done that; that's very strange : the router did not auto-boot, but did > as soon as I plugged-in the serial cable in (I left minicom running on > the other box) (or maybe after a few seconds, I did not checked in real > time) so you have ruled out the second box, good! Things I'd try... - any stray empty lines in /etc/boot.conf? I'm not saying these would cause any harm, but I'd try - add the speed setting ("stty com0 115200") - move "set timeout X" to the end good luck! and please report back if you solve this puzzle! Marcus
Re: auto-boot
bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 16:05 (CET): > Le jeudi 14 janvier 2021 à 15:47 +0100, Marcus MERIGHI a écrit : > > bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 10:20 (CET): > > > I have a router connected via a serial port to another machine > > > (which > > > is usually powered off), wich fails to boot until I connect and > > > validate the boot> prompt > > > > > > I configured my boot.conf as it follows : > > > > > > # cat > > > /etc/boot.conf > > > set timeout 10 > > > set tty com0 > > > > I usually have > > > > stty com0 115200 > > set tty com0 > > set timeout 2 > > > > and the machines boot automagically... > > > > Marcus > > > Actually, it looks like the automagic boot depends on the status of the > attached computer : when it runs, the router boots automagically, and > when it does not, then the boot waits until I press enter (after > booting it, obviously) Ah, I failed on getting what you meant! Emitting wild guesses now... As soon as the boot> prompt receives input, it cancels the timout counter (and doesn't auto-boot). Could it be that your non-auto-booting machine receives something that looks like input to the boot> prompt? Can you test with the serial cable detached? (It would be more comprehensible if it was the other way round: not booting with the supervising machine beeing *on* and by some strange mishaps sending input to the boot> prompt.) Marcus
Re: auto-boot
Hello, bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 10:20 (CET): > I have a router connected via a serial port to another machine (which > is usually powered off), wich fails to boot until I connect and > validate the boot> prompt > > I configured my boot.conf as it follows : > > # cat /etc/boot.conf > set timeout 10 > set tty com0 I usually have stty com0 115200 set tty com0 set timeout 2 and the machines boot automagically... Marcus
[OT] Re: WireGuard, Windows mobile laptop and pf.conf?
Hello! hamdi201...@gmail.com (Andreas X), 2020.12.29 (Tue) 13:53 (CET): > > > I happen to come across this blog today that may help > > > you clarify some of your questions: > > > > https://ozgur.kazancci.com/secure-fast-vpn-server-wireguard-setup-on-openbsd-and-configure-windows-10-clients-to-connect-through-it/ > > > > I hope it helps. I am planning to set up one myself in the near future. > > Please keep us posted how yours turn out. > > > > Hakan Duran > > > Hi Hakan, thank you for this! > It works nicely, and has helped me a lot! I recently got it to work, too, after some fiddling, with this client: https://download.wireguard.com/windows-client/wireguard-installer.exe But... this requires admin rights under windows. Not for the installation, which would be natural, but for connecting, too. There's talk about workarounds: https://www.reddit.com/r/WireGuard/comments/frizel/solution_managing_wireguard_on_windows_as_a/ Which are... ugly? So, my question is: do you have a non-admin way to connect or are you just taking the risk? Sorry for the non-OpenBSD talk here, we should take this elsewhere; better reply privately, thanks! Marcus
Re: Internal microphone not working
Hello Ashton, ash...@fagg.id.au (Ashton Fagg), 2020.10.28 (Wed) 01:31 (CET): > However, I'm having problems getting my internal microphone to work. what does $ sysctl kern.audio.record say? Marcus
Re: LTE SIM in a ThinkPad T400
h...@stare.cz (Jan Stary), 2020.09.29 (Tue) 10:19 (CEST): > This is current/amd64 on a ThinkPad T400 (dmesg below). I don't see any umsm(4) or umb(4) device in you dmesg. (Or anything else that looks like a 2/3/4/5G modem.) Could it be that the SIM slot is provided on all models, though yours doesn't have the "modem"-hardware? Or do you need to enable it in the BIOS? Marcus > The machine has a slot for a SIM card, and I'm considering > getting a data-tarif SIM to put in there so it has its own > connection (although iwn works as a client to a mobile AP). > > Is anyone using a data SIM in a laptop? > Is that supported at all? > > Jan > > > OpenBSD 6.8-beta (GENERIC.MP) #0: Fri Sep 18 11:00:33 CEST 2020 > h...@lenovo.stare.cz:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8463781888 (8071MB) > avail mem = 8192241664 (7812MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (80 entries) > bios0: vendor LENOVO version "7UET94WW (3.24 )" date 10/17/2012 > bios0: LENOVO 64741EG > acpi0 at bios0: ACPI 3.0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA > SSDT SSDT SSDT > acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) > EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) EHC1(S3) > HDEF(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.31 MHz, 06-17-06 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN > cpu0: 3MB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges > cpu0: apic clock running at 266MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2.1.3, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.01 MHz, 06-17-06 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN > cpu1: 3MB 64b/line 8-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped > acpimcfg0 at acpi0 > acpimcfg0: addr 0xe000, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus -1 (EXP2) > acpiprt5 at acpi0: bus 5 (EXP3) > acpiprt6 at acpi0: bus 13 (EXP4) > acpiprt7 at acpi0: bus 21 (PCI1) > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 > extent `acpipci0 pcibus' (0x0 - 0xff), flags=0 > extent `pciio' (0x0 - 0x), flags=0 > 0x1 - 0x > extent `pcimem' (0x0 - 0x), flags=0 > 0x0 - 0xbfff > 0xe000 - 0xefff > 0xfec0 - 0xfec0 > 0xfed0 - 0xfed003ff > 0xfed1 - 0xfed13fff > 0xfed18000 - 0xfed19fff > 0xfed1c000 - 0xfed8 > 0xfee0 - 0xfee00fff > 0xff80 - 0x > 0x400 - 0x > acpicmos0 at acpi0 > tpm0 at acpi0 TPM_ addr 0xfed4/0x5000, device 0x10208086 rev 0x6 > acpibat0 at acpi0: BAT0 model "92P1137" serial57 type LION oem "SANYO" > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0: version 1.0 > "PNP0C14" at acpi0 not configured > acpicpu0 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), > C1(1000@1 mwait.1), PSS > acpicpu1 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), > C1(1000@1 mwait.1), PSS > acpipwrres0 at acpi0: PUBS, resource for USB0, USB3, USB5, EHC0, EHC1 > acpitz0 at acpi0: critical temperature is 127 degC > acpitz1 at acpi0: critical temperature is 100 degC > acpidock0 at acpi0: GDCK not docked (0) > acpivideo0 at acpi0: VID_ > acpivout0 at acpivideo0: LCD0 > acpivideo1 at acpi0: VID_ > cpu0: Enhanced SpeedStep 2261 MHz: speeds: 2267, 2266, 1600, 800 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07 > inteldrm0 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07 > drm0 at inteldr
Re: how to figure out reverse package dependency?
Hello, j...@jsg.id.au (Jonathan Gray), 2020.08.23 (Sun) 08:58 (CEST): > On Sun, Aug 23, 2020 at 08:15:01AM +0200, Matthias wrote: > > How do I figure out which packages directly or indirectly depend on a > > specific package? Let's assume that only installed packages shall be > > considered. > > > > For example, if 'glib2' is the package in question, 'cairo', > > 'gdk-pixbuf', 'shared-mime-info', 'ImageMagick', etc. should be returned > > as all those depend on 'glib2'. > > > > Thank you. > > This is really a question for ports@ > > One way would be to install databases/sqlports then run > 'show-reverse-deps devel/glib2' I thought Matthias was just asking for "pkg_info -R". ("Show which packages require a given package") Marcus
phone syncing [was: Re: how to mount phone?]
pe...@bsdly.net (Peter Nicolai Mathias Hansteen), 2020.07.14 (Tue) 17:11 (CEST): > > 13. jul. 2020 kl. 23:39 skrev Justin Muir : > > Just wishing to mount my phone to access photos. > > I believe I have at some point managed to mount a phone as storage, > but not recently. > > What usually works better is to install an sftp client (I use AndFTP > in sftp mode) on the phone and use that to transfer the pictures to > your machine. now that this thread turns to general phone syncing: syncthing (in ports/packages) works very well for me, unless you want sycthing to have write access to all of your sdcard in the phone. on my lineagos17/android10 phone, syncthing only gets read-only access to the sdcard, apart from its app-folder. other than that: start syncthing on both ends, wait, have files on both ends reliably synced. (i am not affiliated, btw.) Marcus
Re: how to mount phone?
get.misc.open...@gmail.com (Greg Thomas), 2020.07.14 (Tue) 00:33 (CEST): > Have you set your USB preferences on your phone? To File transfer? My > Android defaults to charging only. Mine too; but "File transfer" does not work for me, either. I get a ugen(4) instead of umass(4), on -current. Therefore I currently use gphoto2(1) from the gphoto-2.5.23 package: $ gphoto2 --get-all-files --skip-existing Watch out for the permissions on the USB device files: $ more /usr/local/share/doc/pkg-readmes/libgphoto Marcus > On Mon, Jul 13, 2020 at 2:57 PM Justin Muir wrote: > > > Hi, > > > > Just wishing to mount my phone to access photos. > > > > Here's the output from dmesg: > > > > ugen0 at uhub0 port 3 "Alcatel U50? Alcatel U50?" rev 2.00/3.10 addr 2 > > > > Any ideas on how this might be mounted?? > > > > > > tia! > >
Re: Input Filter and LPD
punoseva...@gmail.com (Predrag Punosevac), 2020.06.08 (Mon) 23:57 (CEST): > It seems that there is another change on 6.7 perhaps among packages > which broke printing for me. I am using built in LPD to print onto the > network connected Brother HL-5250DN. I am getting row PostScript output > on the printer instead of the document. I think I've seen the same. Though I could still print simple text files, like "cat foo.txt | lpr". Printing PDFs from xournal failed, with raw PS output as you describe. The machine is currently not available, probably online this afternoon, will post the configs then. I guess you want to avoid it, but cups still works on that machine. Marcus
Re: Getting HDMI Events
switch1...@gmail.com (Switch 1024), 2020.06.07 (Sun) 17:48 (CEST): > On Sun, 7 Jun 2020 at 14:06, Marcus MERIGHI wrote: > > > > switch1...@gmail.com (Switch 1024), 2020.06.07 (Sun) 08:59 (CEST): > > > tldr; My question is, how can I get HDMI Events, I want to execute > > > scripts > > > when a new HDMI (or DP, for that matter) device is connected or > > > disconnected. > > > Maybe there is a really obvious or simple way or solution but I did not > > > see it. > > > > x-on-resize might have some clues: > > https://marc.info/?l=openbsd-misc=157104216604576 > > > > marcus > > Ok, Thank you, I downloaded the sources for x-on-resize [1], got it to > compile with clang, but I do not receive events. Sorry to hear that; I just made sure that "it works for me", on amd64 -current. dmesg below. marcus OpenBSD 6.7-current (GENERIC.MP) #250: Sun Jun 7 19:48:27 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16035282944 (15292MB) avail mem = 15536517120 (14816MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec2f0 (82 entries) bios0: vendor American Megatrends Inc. version "1.06" date 03/04/2015 bios0: Shuttle Inc. DS57U acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT ASF! SLIC SSDT SSDT SSDT DMAR acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.60 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.24 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimadt0: bogus nmi for apid 0 acpimadt0: bogus nmi for apid 2 acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus -1 (RP02) acpiprt6 at acpi0: bus 2 (RP03) acpiprt7 at acpi0: bus 3 (RP04) acpiprt8 at acpi0: bus -1 (RP05) acpiprt9 at acpi0: bus -1 (RP06) acpiprt10 at acpi0: bus -1 (RP07) acpiprt11 at acpi0: bus -1 (RP08) acpiec0 at acpi0: not present acpicpu0 at acpi0: C2(500@67 mwait.1@0x10), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C2(500@67 mwait.1@0x10), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 extent `acpipci0 pcibus' (0x0 - 0xff), flags=0 0x3f - 0xff extent `acpipci0 pciio' (0x0 - 0x), flags=0 0xcf8 - 0xcff 0x1 - 0x extent `acpipci0 pcimem' (0x0 - 0x), flags=0 0x0 - 0x9 0xc - 0xdfff 0xfeb0 - 0x acpicmos0 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB "PNP0C0B" at acpi0 not configured "PN
Re: Getting HDMI Events
switch1...@gmail.com (Switch 1024), 2020.06.07 (Sun) 08:59 (CEST): > tldr; My question is, how can I get HDMI Events, I want to execute scripts > when a new HDMI (or DP, for that matter) device is connected or disconnected. > Maybe there is a really obvious or simple way or solution but I did not see > it. x-on-resize might have some clues: https://marc.info/?l=openbsd-misc=157104216604576 marcus
Re: Howto change login mechanism on OpenBSD
hello, valdrin.m...@zoho.com (Valdrin MUJA), 2020.05.25 (Mon) 16:47 (CEST): > Actually I updated the /etc/ttys file and add my program instead of > getty. However, after boot, there was still OpenBSD login prompt > before my program started. as already mentioned, init(8) respawns the program specified in ttys(5) if the program stops. it also throttles respawning if it happens to often. after changes to ttys(5), run "kill -s HUP 1". > On the other hand, I tried chpass -s $myprogram $user, but still I'm This only changes the login shell that is run after you have logged in via login(1). > In short, I want to disable OpenBSD login prompt and execute my > program. If user exits this external program, my program should run > again etc. use with care! $ grep ttyC5 /etc/ttys ttyC5 "/etc/ttymenu.getty"vt220 on secure cat /etc/ttymenu.getty #!/bin/sh -e TERM=vt220 /etc/ttyprog < /dev/$1 > /dev/$1 /etc/ttyprog would be the program you want to run. stdin and stdout are connected to the tty. Marcus > On Thu, 21 May 2020 01:53:29 +0200 Jeff Joshua Rollin > wrote > > > On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote: > > On Wed, May 20, 2020 at 09:50:17PM + > > > > > > I believe /etc/ttys controls getty, which may or not help. Getty is > > > respawned too. > > > https://man.openbsd.org/man5/ttys.5 > > > > I think you're right. Might just need to change a line in /etc/ttys > > to > > execute /bin/{my_program}. > > > > Edgar > > > > Perhaps a better way would be just to change the user's login shell to > the name of your program: chpass -s $myprogram $user. That way you can > use OpenBSD's login authentication, and login automatically runs the > program when the user logs in; when the user quits the program they are > automatically logged out. Provided there's no way to execute a shell > from within the program, they therefore can't execute arbitrary code > once logged in. It's easy to add a user for this single purpose: just > add the user as normal, and specify $myprogram as the shell. > > Jeff.
Re: rc.d: Webserver is removing daemonization - now what?
chad.hoo...@protonmail.com (Chad Hoolie), 2020.05.03 (Sun) 15:43 (CEST): > So the folks over at my webserver is removing its daemonization > feature, telling its users to use systemd/upstart/a process supervisor > instead. Ugly move by upstream! > But what does this mean to my webserver's startup script in /etc/rc.d, > isn't it dependent on the webserver's ability to daemonize? You could have shown the content of that rc.d(8) script...? > Pretty sure I can't manually daemonize it by adding a "&" to the end > of my rcexecs so... Read rc.subr(8), look for "rc_bg". Marcus
Re: flashrom on APU2
Hello Jan, just asking because you did not mention: you are running single user, right? I documented an firmware upgrade on 2020-03-04, for an APU2: first I tried "flashrom -p internal -w apu2.rom", then I noted "needs boardmismatch=force", which i then used. That machine is still running, unbricked. before: bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries) bios0: vendor coreboot version "88a4f96" date 03/11/2016 (I was a bit lazy there, it seems...) after: bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xcfe8d020 (13 entries) bios0: vendor coreboot version "v4.11.0.4" date 02/26/2020 Marcus h...@stare.cz (Jan Stary), 2020.04.23 (Thu) 15:02 (CEST): > I am flashing my APU2's firmware on current/amd64, > using the flashrom port; script and dmesg below. > I would like to make sure about a few nits before going ahead. > > Probe first: > > # flashrom -p internal > flashrom v1.1 on OpenBSD 6.7 (amd64) > flashrom is free software, get the source code at https://flashrom.org > > Using clock_gettime for delay loops (clk_id: 3, resolution: 1ns). > coreboot table found at 0x77fae000. > Found chipset "AMD FCH". > Enabling flash write... OK. > Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical address > 0xff80. > No operations were specified. > > Make a backup: > > # flashrom -r /tmp/rom -p internal > flashrom v1.1 on OpenBSD 6.7 (amd64) > flashrom is free software, get the source code at https://flashrom.org > > Using clock_gettime for delay loops (clk_id: 3, resolution: 1ns). > coreboot table found at 0x77fae000. > Found chipset "AMD FCH". > Enabling flash write... OK. > Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical > address 0xff80. > Reading flash... done. > > Then write: > > # flashrom -V -w /home/hans/apu2_v4.11.0.5.rom -p internal > > After probing for various chips, flashrom finds: > > Found Winbond flash chip "W25Q64.V" (8192 kB, SPI). > This chip may contain one-time programmable memory. flashrom cannot read > and may never be able to write it, hence it may not be able to completely > clone the contents of this chip (see man page for details). > > I am confused: flashrom -r has just read this memory, > and flashrom -w is supposed to overwrite it, right? > > It also says > > coreboot last image size (not ROM size) is 8388608 bytes. > > Indeed, 8388608 is the size of /home/hans/apu2_v4.11.0.5.rom > which is precisely 8192 * 1024, which is also the size of the > backup obtained with flashrom -r. Should I be concerned about > some mismatch, or is flashrom just emphasizing this is the > image file size (and not stating any difference)? > > Eventually, flashrom aborts with > > Manufacturer: PC Engines > Mainboard ID: apu2 > This coreboot image (PC Engines:apu2) does not appear to > be correct for the detected mainboard (PC Engines:PCEngines apu2). > Aborting. You can override this with -p internal:boardmismatch=force. > > Is this a banal mismatch in the names > ("PC Engines" vs "PC Engines:PCEngines") > or is there some real concern? > > Can anyone please confirm they have flashed > their APU2 like this before I brick mine? > > Thank you > > Jan > > > > # flashrom -V -w /home/hans/apu2_v4.11.0.5.rom -p internal > > flashrom v1.1 on OpenBSD 6.7 (amd64) > flashrom is free software, get the source code at https://flashrom.org > > flashrom was built with libpci 3.6.3, LLVM Clang 8.0.1 > (tags/RELEASE_801/final), little endian > Command line (5 args): flashrom -V -w /home/hans/apu2_v4.11.0.5.rom -p > internal > Using clock_gettime for delay loops (clk_id: 3, resolution: 1ns). > Initializing internal programmer > Found candidate at: 0500-0510 > Found coreboot table at 0x0500. > Found candidate at: -0170 > Found coreboot table at 0x. > coreboot table found at 0x77fae000. > coreboot header(24) checksum: 41fb table(368) checksum: 2ad9 entries: 14 > Vendor ID: PC Engines, part ID: PCEngines apu2 > Using Internal DMI decoder. > DMI string chassis-type: "Desktop" > DMI string system-manufacturer: "PC Engines" > DMI string system-product-name: "APU2" > DMI string system-version: "1.0" > DMI string baseboard-manufacturer: "PC Engines" > DMI string baseboard-product-name: "APU2" > DMI string baseboard-version: "1.0" > Found chipset "AMD FCH" with PCI ID 1022:780e. > Enabling flash write... SPI base address is at 0xfec1
Re: X start failure - OpenGL Version
Hello Riccardo, startx(1) had it's setuid bit removed. I think in the timeframe you are upgrading over. The canonical advice is to use xenodm(1). Marcus riccardo.mott...@libero.it (Riccardo Mottola), 2020.04.06 (Mon) 11:57 (CEST): > Hi, > > lockdown times gave me finally times to update my workstation/home > server to 6.6 too, after my successful laptop upgrades. > > I was a moment scared when fw_update told me to reboot due to microcode > update :-P But it went fine. > > I followed 6.5 -> 6.6 upgrade. All packages are upgraded too (although X > should not depent on any pkg, right?) > > startx fails: > > (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d" > Require OpenGL version 2.1 or later. > (EE) > Fatal server error: > (EE) AddScreen/ScreenInit failed for driver 0 > (EE) > (EE) > Please consult the The X.Org Foundation support > at http://wiki.x.org > for help. > (EE) Please also check the log file at > "/home/multix/.local/share/xorg/Xorg.0.log" for additional information. > (EE) > (EE) Server terminated with error (1). Closing log file. > > > $ glxinfo | grep "OpenGL version" > OpenGL version string: 3.1 Mesa 19.0.8 > > and 3.1 is > 2.1 I do think... > > However, if I look into xorg.log, there is no "EE"! I am confused. > > I have an Intel graphics card and from Xorg.log everything looks fine: > > [ 89.926] ABI class: X.Org Video Driver, version 23.0 > [ 89.926] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets: > i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G, > 915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, > Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, > Q33, > GM45, 4 Series, G45/G43, Q45/Q43, G41, B43 > [ 89.927] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000 > [ 89.927] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100 > [ 89.927] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: > 5200, 6200, P6300 > [ 89.930] (II) intel(0): Using Kernel Mode Setting driver: i915, > version 1.6.0 20151010 > [ 89.933] (--) intel(0): Integrated Graphics Chipset: Intel(R) 915G > [ 89.933] (--) intel(0): CPU: x86, sse2, sse3 > [ 89.933] (II) intel(0): Creating default Display subsection in > Screen section > "Default Screen Section" for depth/fbbpp 24/32 > [ 89.933] (==) intel(0): Depth 24, (--) framebuffer bpp 32 > [ 89.934] (==) intel(0): RGB weight 888 > [ 89.934] (==) intel(0): Default visual is TrueColor > [ 89.935] (II) intel(0): Output VGA1 has no monitor section > [ 89.935] (II) intel(0): Enabled output VGA1 > [ 89.935] (--) intel(0): Using a maximum size of 256x256 for hardware > cursors > [ 89.935] (II) intel(0): Output VIRTUAL1 has no monitor section > [ 89.935] (II) intel(0): Enabled output VIRTUAL1 > [ 89.935] (--) intel(0): Output VGA1 using initial mode 1024x768 on > pipe 0 > [ 89.936] (==) intel(0): TearFree disabled > [ 89.936] (==) intel(0): Using gamma correction (1.0, 1.0, 1.0) > [ 89.936] (==) intel(0): DPI set to (96, 96) > [ 89.936] (II) Loading sub module "dri3" > [ 89.936] (II) LoadModule: "dri3" > [ 89.936] (II) Module "dri3" already built-in > [ 89.936] (II) Loading sub module "dri2" > [ 89.936] (II) LoadModule: "dri2" > [ 89.936] (II) Module "dri2" already built-in > [ 89.936] (II) Loading sub module "present" > [ 89.936] (II) LoadModule: "present" > [ 89.936] (II) Module "present" already built-in > [ 89.936] (==) Depth 24 pixmap format is 32 bpp > [ 89.970] (II) intel(0): SNA initialized with Alviso (gen3) backend > [ 89.970] (==) intel(0): Backing store enabled > [ 89.970] (==) intel(0): Silken mouse enabled > [ 89.970] (II) intel(0): HW Cursor enabled > [ 89.970] (II) intel(0): RandR 1.2 enabled, ignore the following > RandR disabled message. > [ 89.973] (==) intel(0): DPMS enabled > [ 89.974] (II) intel(0): [DRI2] Setup complete > [ 89.974] (II) intel(0): [DRI2] DRI driver: i915 > [ 89.974] (II) intel(0): [DRI2] VDPAU driver: i915 > [ 89.974] (II) intel(0): direct rendering: DRI2 DRI3 enabled > [ 89.974] (II) intel(0): hardware support for Present enabled > [ 89.974] (--) RandR disabled > [ 90.163] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer > [ 90.163] (II) AIGLX: enabled GLX_ARB_create_context > [ 90.163] (II) AIGLX: enabled GLX_ARB_create_context_profile > [ 90.163] (II) AIGLX: enabled GLX_EXT_create_context_es{,2}_profile > [
mirror hostserver.de packages behind
Hello! I wanted to mention that https://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/aarch64/ is showing packages as of 2020-03-14 (3/14). But https://ftp.OpenBSD.org/pub/OpenBSD/snapshots/packages/aarch64/ is at 2020-04-02 (04/02). Regarding snapshots the lag is only a single day. Marcus
Re: List of binary packages which needs update.
pe...@bsdly.net (Peter N. M. Hansteen), 2020.03.27 (Fri) 09:52 (CET): > On Fri, Mar 27, 2020 at 08:07:03AM +0100, Ján Rusnák wrote: > > > Is there a simple command to list update canditates of binary packages for > > latest release? (For cron script). Something similar to 'syspatch -c' for > > base system or m:tier 'openup -c'. 'pkg_add -us' is simulation of upgrade. > > pkg_info may be suitable command for such feature. > > would 'pkg_add -un' be suitable? I use "pkg_add -us | grep -v 'quirks-.* signed on '", because "pkg_add -un" behaves differently when run from cron(8). Marcus
Re: dhcpd and unbound on a small LAN
Morning! What I have not seen mentioned: dhcpd.conf -> "deny unknown-clients;" Beware if you use static leases as already mentioned, then dhcpd does *not* feed the IPs to it's PF tables when it hands the IP out to the client. If you do: host foobar { hardware ethernet a8:34:6a:e1:1d:1c; } with "deny unknown-clients" directive, then the IP is taken from the "range" pool but only for known MACs. See net/arpd and net/arpwatch packages(7)! As for your hosts(5) versus unbound(8) problem, I've the following: $ whence vihosts 'doas vi /etc/hosts; hoststounbound' $ whence hoststounbound 'grep -v -e ^# -e ^$ /etc/hosts | hoststounbound.sh hosts > \ /var/unbound/etc/localzone.hosts.conf; reload-unbound' $ whence reload-unbound 'doas unbound-control -c /var/unbound/etc/unbound.conf reload' "hoststounbound.sh" is a script that parses hosts(5) lines and outputs a valid unbound.conf(5) config. feedback, improvements, all welcome: #!/bin/sh -eu _zone=${1:-"hosts"} _ttl=${2:-"3600"} _ip="" _names="" _name="" _line="" _word="" print "server:\n" print "local-zone: \"${_zone}\" transparent\n" while read _line; do _ip="" _names="" for _word in $_line; do if [[ "X${_word}" == X"#"* ]]; then break elif [[ -z $_ip ]]; then _ip="${_word}" else _names="${_names}${_word} " fi done #[[ "X${_ip}" == X"127.0.0.1" || "X${_ip}" == X"::1" ]] && continue a="A" [[ "X${_ip}" == X*":"* ]] && a="" for _name in ${_names}; do [[ ${_name%%.*} == "*" ]] && { _name=${_name#*.}; \ print "local-zone: \"${_name}.\" redirect"; } print "local-data: \"${_name}. ${_ttl} ${a} ${_ip}\"" [[ "X${_ip}" == X"0.0.0.0" ]] || \ print "local-data-ptr: \"${_ip} ${_ttl} ${_name}\"\n" done done Marcus pipat...@gmail.com (Anders Andersson), 2020.01.06 (Mon) 13:24 (CET): > I'm in the process of replacing an aging OpenWRT device on my home LAN > with an apu4d4 running OpenBSD as my personal router. > > I would like to use unbound as a caching DNS server for my local > hosts, but I'm trying to figure out how to handle local hostnames. It > seems like a common scenario but I can't find a solution that feels > like the "right" way. I have two problems, one is trivial compared to > the other. > > > My first and very minor issue is that I would like to register my > static hosts in a more convenient way than what's currently offered by > unbound. From what I understand you would configure your local hosts > something like this: > > local-zone: "home.lan." static > local-data: "laptop.home.lan.IN A 10.0.0.2" > local-data-ptr: "10.0.0.2 laptop.home.lan" > > Every time information has to be entered twice there is room for error > and inconsistencies, so preferably this list should be automatically > generated from a simpler file, maybe /etc/hosts. I can of course > easily write such a script, but I'm wondering if there might be a > standard, go-to way of doing this. > > > > My second and more difficult issue is that I can't seem to find a way > to feed information from the DHCP server into unbound, so that locally > assigned hosts can be queried by their hostnames. To clarify with an > example: > > 1. I install a new system and in the installation procedure I name it "alice". > 2. "alice" asks for and receives an IP number from my DHCP server. > 3. Every other machine can now connect to "alice" by name, assuming > that "alice" informed the DHCP server of its name when asking for an > address. > > Currently this works because OpenWRT is using dnsmasq which is both a > caching DNS server and a DHCP server, so the left hand knows what the > right hand is doing. How can I solve this in OpenBSD base without > jumping through hoops? > > Right now I'm considering something that monitors dhcpd.leases for > changes and updates a running unbound using unbound-control(8) but I > don't feel confident enough writing such a tool that does not miss a > lot of corner cases and handle startup/shutdown gracefully. I'm also > thinking that it can't be such an unusual use case, so someone surely > must have written such a tool already. I just haven't found any in my > search. > > Or am I doing this the wrong way? I've now read about things like mDNS > and Zeroconf and Avahi and I'm just getting more and more confused. > Ideas are welcome!
Re: Hardware for Access Point on OpenBSD
Hello, s...@spacehopper.org (Stuart Henderson), 2020.01.02 (Thu) 13:56 (CET): > On 2020-01-01, List wrote: > > I therefore need some kind of WIFI Hardware. This piece of hardware > > needs to be connected over usb. > > Do you have any suggestions or recommendations ? As far as I can see > > bwfm(4) also supports hostap on USB devices and probably has the > least-worst performance of devices that will attach directly to > OpenBSD rather than as a separate "hardware" AP. > > These are Broadcom "fullmac" devices. IIRC there's a list of actual > devices using these somewhere on wikidevi.com but the site is > currently down so I can't check. The old "official raspberry pi thanks for the pointer! last archive.org crawl from 2019-10-31: https://web.archive.org/web/20191031174603/https://wikidevi.com/wiki/Broadcom https://web.archive.org/web/20191031174603/https://wikidevi.com/wiki/Broadcom#tab=Wireless_chipsets but the links to the real-world products ("adapters") do not work. src/sys/dev/usb/if_bwfm_usb.c has: BCM43143, BCM43236, BCM43242, BCM43569 BCM43143 was the famous rpi usb dongle. I could not find a place to buy it anymore. The others (BCM43236, BCM43242, BCM43569) are hiding from me, too. Marcus > usb wifi" devices work, there should be some others (they're often > the only devices that work wifi dongles for some smart TVs that don't > have built-in wifi). > > But as others have mentioned separate network devices are usually a > better way to go for APs.
Re: Hardware for Access Point on OpenBSD
Hello Stephan, l...@md5collisions.eu (List), 2020.01.01 (Wed) 16:54 (CET): > mode. Only ones that do are: athn(4), ral(4), ath(4). > Finding those is hard. > Maybe you guys know things I couldn't find ? i've bought athn(4) here: https://www.pcengines.ch/wle200nx.htm https://www.pcengines.ch/order.htm i am not affiliated etc... Marcus > Stephan
Re: Advices on AD implementation with OpenBSD
Hello! fm+obsd+misc+l...@phosphorusnetworks.com (Fabio Martins), 2019.12.26 (Thu) 20:26 (CET): > I am drawing a scenario to replace the Windows 2003 Server with OpenBSD, > acting as AD/DC and firewall. There is a need to share folders and AFAIK this is the current status of samba AD/DC on OpenBSD: "This update doesn't include lmdb support (now the default upstream); and doesn't fix the AD DC support in the samba daemon either." https://marc.info/?l=openbsd-ports=157019016817459 There have been updates (and downgrades) since then, but nothing indicates that AD/DC works. Have not tried myself in a lng time. Marcus > printers, restrict access to folders based on logins, and no GPO are > needed at all. > > Is it possible with the current samba+winbind? Anyone has done it before? > > Thanks for 6.6! > > -- > Fabio Martins > http://www.nabundapode.com.br/
Re: relayd(8) Tables and pfctl -T
Hello Thomas, miracu...@gmail.com (Thomas Huber), 2019.12.26 (Thu) 16:42 (CET): > I just tried to get a little deeper into load-balancing and try > to use relayd(8) in a dynamic (translate to microservices) environment > where I´l like to add and remove hosts on the fly. > After some reading I thought I should use tables for this purpose. > > relayctl(8) only allows to enable or disable complete tables but not > to alter a table. But relayctl(8) lets you disable hosts of a table? $ relayctl show hosts $ relayctl host disable 3 You cannot add/remove/change, though. Marcus > So I checked out > > 'pfctl -t -T add ' > > which should do exactly what I want. > > But unfortunatelly the tables (to relay or redirect) are not > present in 'pfctl -s Table' > > I just hava a small setup to play, no real hosts or serverices attached > but before growing bigger I wanted to ask here if this should be > possible how I try it or another idea how to alter realyd(8) tables > without updating relay.conf(5) and reload. > > thanks > --mirac
Re: Softdep and noatime
Hello, david.raym...@nmt.edu (Raymond, David), 2019.11.30 (Sat) 14:12 (CET): > I am switching to OpenBSD from Linux and I have questions about the > use of softdep and noatime in mounting disks. I have a variety of > systems with a mix of SSDs and rotating disks. > > Softdep seems to have some advantages in speeding file access, but it > is not the default. Are there any downsides in using softdep? > > On SSDs in particular, is it worth setting noatime to reduce the > number of disk writes? The most recent thread on that topic that I could find: https://marc.info/?t=15181182685 Marcus
Re: How to dock laptop more easily
j...@begriffs.com (Joe Nelson), 2019.10.14 (Mon) 04:32 (CEST): > I'd like to write a daemon to change machdep.lidaction and the xrandr output > as > an external monitor or power is attached/detached from my laptop. Is there a > way to detect those events from a C program? x-on-resize[1] might help with detecting plug/unplug events of external monitors. [1] https://keithp.com/blogs/x-on-resize/ git://people.freedesktop.org/~keithp/x-on-resize https://github.com/thedward/x-on-resize https://marc.info/?l=openbsd-misc=148839239518671 Marcus > Here is how I want the sleep state and output display to change based on > whether power is connected, an external monitor is attached, and the laptop is > open: > > PowerMon Open| SleepDisplay > --+-- > xxx | awakeboth > xx| awakeexternal > x x | awakelaptop > x | asleep > xx | awakeboth > x| asleep > x | awakelaptop > | asleep > > -- > Joe Nelson https://begriffs.com >
Re: How can I remove sets installed by sysupgrade?
Morning Judah! koche...@hotmail.com (Judah Kocher), 2019.09.15 (Sun) 05:12 (CEST): > I ran it and found too late that it installed all the x*, Comp and Game > sets, which were not part of the original install. Unfortunately this > overfilled my /usr partition and I'm getting errors on boot. > > Is there a simple way to uninstall these sets? I need the space but > would much rather not start over from scratch. please do *not* copy/paste/run this command! something along these lines for the sets you did not want: $ ftp -MVo- $( I did find an email (too late) on this list about how there is no way to > tell sysupgrade to just upgrade an existing system without adding > everything else too. do you mean "sysupgrade -n; rm /home/_sysupgrade/xserv66.tgz; reboot"? Marcus
Re: Who has an ancient -current snapshot
Hello Luke, lukensm...@gmail.com (Luke Small), 2019.09.07 (Sat) 00:56 (CEST): > I need an old kernel image older than maybe a couple weeks old. I have the I think http://ftp.hostserver.de/archive/ has what you want. Marcus
Re: handling snapshot installation in production environment
Hello Joerg, just passing on my user experience...: streckf...@dfn-cert.de (Joerg Streckfuss), 2019.09.02 (Mon) 10:15 (CEST): > Furthermore I'm not sure which snapshot should I run. Almost every day > there will be a fresh one. you seem to be watching closely, therefore you will notice a time when there are no new daily snapshots for a couple of days. this is usually when the next release is tagged/built. additionally you can monitor ports@ to see when the ports tree gets locked for the next release. > Perhaps is there a moment/date where a > freeze of the code base will be done which reflects the 6.6 release? Yes, the moment I tried to describe above. Marcus
Re: L2TP/IPSec PSK with Android -- INVALID_ID_INFORMATION
Hello Dani... this is just a report from the "works for me" department: l...@ecentrum.hu (Lévai, Dániel), 2019.06.30 (Sun) 19:12 (CEST): > I know (saw) this has come up numerous times, and someone has been > successful, others weren't. I thought I'd try this out myself, and not > surprisingly it wasn't successful :) > > So this is my configuration: > OpenBSD 6.5-stable Same here. > /etc/ipsec.conf: > ike passive esp transport \ > proto udp \ > from any to any port l2tp \ ^^^ I have my external IP here > main auth "hmac-sha2" enc "aes-256" group modp1024 \ ^ 1 here ^^^ just "aes" 2048 here > quick auth "hmac-sha2" enc "aes-256" \ ^ 1 here ^^^ just "aes" I have "group modp2048" here, too > psk "thisismykey" ^^^ same here :-) Just tested auth "hmac-sha2" - does not work. enc "aes-256"- does not work. Complete snippet: ike passive esp transport proto udp \ from AAA.BBB.CCC.DDD to any port 1701 \ main auth "hmac-sha1" enc "aes" group modp2048 \ quick auth "hmac-sha1" enc "aes" group modp2048 \ psk "thisismykey" > Then doing an: > /sbin/ipsecctl -vf /etc/ipsec.conf For testing configs I had to make this "ipsecctl -Fvf /etc/ipsec.conf"! [snip log] > /etc/npppd/npppd.conf: > =8<= Same here. Marcus > So now when I connect from my Android 9 phone, set up as an L2TP/IPsec > PSK connection, specifying the Server address as my internal LAN IP on > the OpenBSD router (no NAT, just direct connection on the local > network), setting the IPSec preshared key to the real key, and > entering my username and password I've set for npppd(8), I'm getting > this output from isakmpd(8): > =8<= > 190048.505560 Default attribute_unacceptable: HASH_ALGORITHM: got SHA2_384, > expected SHA2_256 > 190048.505768 Default attribute_unacceptable: GROUP_DESCRIPTION: got > MODP_1024, expected MODP_3072 > 190048.505943 Default attribute_unacceptable: HASH_ALGORITHM: got SHA2_384, > expected SHA2_256 > 190048.530050 Default isakmpd: phase 1 done (as responder): initiator id > 192.168.5.17, responder id 192.168.0.1, src: 192.168.0.1 dst: 192.168.5.17 > 190049.556596 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190049.556699 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190052.571991 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190052.572093 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190055.594500 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190055.594593 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190058.615783 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190058.615909 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190101.642382 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190101.642478 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190104.674817 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190104.674885 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190107.702932 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190107.703001 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190110.728935 Default responder_recv_HASH_SA_NONCE: peer proposed invalid > phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1 > 190110.729004 Default dropped message from 192.168.5.17 port 500 due to > notification type INVALID_ID_INFORMATION > 190113.760991 Default responder_recv_HASH_SA_NONCE: peer proposed invalid &g
Re: Is it possible to build bioctl -c C -l ... on a bioctl -c 1 -l ... ?
Hello, wo...@intermezzo.net (Wolly), 2019.06.18 (Tue) 13:58 (CEST): > 3 years ago I tried to build a "bioctl -c C -l ... " over a "bioctl -c 1 > -l ..." on a hetzner server and I failed. > Is it possible to do so, and when, what are the requirements? it is possible but it will not automagically assemble when booting (and is therefore not endorsed). Marcus
Re: Software caused connection abort (53) squid 4.6 on OpenBSD 6.5
Hello, same here. I guess bugs@ or ports@ would be better. w...@wootsie.com (w...@wootsie.com), 2019.05.23 (Thu) 14:36 (CEST): > I have been running into a repeatable error reported by squid 4.6 from > packages once the system has been under a steady load for ~12 hours. I would not call it repeatable because I can't repeat it at will. I did not notice the 12 hours interval. But I have by far less users behind squid. > Example squid cache.log entry: > 2019/05/22 15:03:41 kid1| oldAccept FD 18, 0.0.0.0 [ job2]: (53) Software > caused connection abort 2019/05/23 11:51:43 kid1| oldAccept FD 18, 0.0.0.0 [ job4]: (53) Software caused connection abort I see this on one machine with windows clients (max. 4) behind it. I do not see this on another machine with an OpenBSD client (just 1) behind it. Both are pcengines APUs, but different versions. dmesgs below. Both setups are up for years, the problem on one of the machines showed right after upgrading last week. Marcus the machine that does *not* show the symptom: OpenBSD 6.5 (GENERIC.MP) #0: Wed Apr 24 23:38:54 CEST 2019 r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4246003712 (4049MB) avail mem = 4107694080 (3917MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdf16d820 (7 entries) bios0: vendor coreboot version "4.0" date 09/08/2014 bios0: PC Engines APU acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3) UOH4(S3) UOH5(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD G-T40E Processor, 1000.14 MHz, 14-02-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD G-T40E Processor, 1000.00 MHz, 14-02-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: 8 4MB entries fully associative cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpiprt0 at acpi0: bus -1 (AGPB) acpiprt1 at acpi0: bus -1 (HDMI) acpiprt2 at acpi0: bus 1 (PBR4) acpiprt3 at acpi0: bus 2 (PBR5) acpiprt4 at acpi0: bus 3 (PBR6) acpiprt5 at acpi0: bus -1 (PBR7) acpiprt6 at acpi0: bus 5 (PE20) acpiprt7 at acpi0: bus -1 (PE21) acpiprt8 at acpi0: bus -1 (PE22) acpiprt9 at acpi0: bus -1 (PE23) acpiprt10 at acpi0: bus 0 (PCI0) acpiprt11 at acpi0: bus 4 (PIBR) acpicpu0 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS acpicpu1 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 acpibtn0 at acpi0: PWRB cpu0: 1000 MHz: speeds: 1000 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00 ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:3f:78:18 rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ppb1 at pci0 dev 5 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi pci2 at ppb1 bus 2 re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:3f:78:19 rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ppb2 at pci0 dev 6 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi pci3 at ppb2 bus 3 re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:3f:78:1a rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int 19, AHCI 1.2 ahci0: port 0: 3.0Gb/s ahci0: port 1: 6.0Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed
Re: Blind OpenBSD users
aa...@bolddaemon.com (Aaron Bieber), 2019.05.10 (Fri) 16:05 (CEST): > I am looking to understand / enhance the OpenBSD experience for blind > users. :flan_thumbsup: > Do we have any blind users reading misc that can offer any insight > into their usecases / pain points / work flows / wants? I vaguely remembered the thread and even found it, somewhat dated (2013-07-07): https://marc.info/?l=openbsd-misc=137316509908904 and parts of (search for "oyen"): https://marc.info/?t=13729967261 and finally: https://marc.info/?w=2=1=eric+oyen=a Marcus
Re: Puffy Security smtpd out of date
z...@znedw.com (Zach Nedwich), 2019.03.08 (Fri) 08:06 (CET): > http://tomd.tel > > It appears the author has contact details on their personal site > (which references puffysecurity). Might be worth getting in touch with > them via the email listed. I did this on "Thu, 7 Mar 2019 19:41:57 +0100", the answer was along the lines of "thanks for the heads up, I'm currently moving, no idea when there will be time to update the guide". Marcus > On 8 March 2019 9:51:02 am AEST, Stuart Henderson > wrote: > >On 2019-03-07, Christer Solskogen wrote: > >> On Thu, Mar 7, 2019, 13:19 Geir Svalland > >wrote: > >> > >>> Hello all. > >>> > >>> Any chance to get the http://puffysecurity.com/wiki/opensmtpd.html > >>> updated ? > >>> > >> > >> Probably. But why not rather ask the person behind the site instead > >of this > >> mailing list? > >> > > > >No contact details on the site. > > > >If people are going to put up content like this, PLEASE: > > > >- mention the date and relevant OpenBSD version number up front > >and clearly visible so people aren't tricked into thinking something > >4 years old is still valid. (the iked page on this site is better in > >this regard). > > > >- provide contact details > > > >- keeping it up to date would be nice too. getting it into shape > >for www/faq/ would be even nicer, there's some useful information > >there which would likely make a good addition. > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: apu2 em0/dhclient problems
Hello, ed...@pettijohn-web.com (Edgar Pettijohn), 2019.01.27 (Sun) 18:44 (CET): > I'm trying to replace my dieing soekris box with an apu2 dmesg below. > However, I can't seem to get em0 to connect to my isp. It will work > when connecting to the soekris box though. So I don't think its the > interface that is the problem. But everything I try seems to rule out > eachother as the problem, leaving me in a viscious cycle. have you tried any of the other ethernet ports with your uplink? Give it a go, I've had a similiar failure with em0 on apu2, running with em1 for the uplink since then without problems. Marcus > I'm going to try disabling pf and after that current. If you have > any other suggestions please send them. > > Thanks, > > edgar > > OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 1996152832 (1903MB) > avail mem = 1926434816 (1837MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x77fb7020 (7 entries) > bios0: vendor coreboot version "4.0.7" date 02/28/2017 > bios0: PC Engines APU2 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S2 S3 S4 S5 > acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET > acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) > UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT > cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD GX-412TC SOC, 998.13 MHz, 16-30-01 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT > cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: AMD GX-412TC SOC, 998.13 MHz, 16-30-01 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT > cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: AMD GX-412TC SOC, 998.13 MHz, 16-30-01 > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT > cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line > 16-way L2 cache > cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu3: smt 0, core 3, package 0 > ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins > ioapic1 at mainbus0: apid 5 pa 0xfec2, version 21, 32 pins, remapped > acpihpet0 at acpi0: 14318180 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1
Re: openbsd : foundation : donation : annual : automatic : any method?
mayur...@kathe.in (Mayuresh Kathe), 2019.01.23 (Wed) 13:12 (CET): > not currently, but when i work with openbsd, > i work at the text-console exclusively. > i do use the web occasionally, via "lynx". [...] > i prefer to make annual donations to the > openbsd foundation, typically 1st april. > is there any method to automate that > process? If recurring transfers by a bank are an option: http://www.openbsdfoundation.org/banktransfer.html (Works with lynx :-) Marcus
Re: mount_ffs Permission denied as root
Hello, myml...@gmx.com (myml...@gmx.com), 2019.01.03 (Thu) 01:21 (CET): > On 1/1/19 10:02 PM, Philip Guenther wrote: > > On Tue, Jan 1, 2019 at 6:27 PM myml...@gmx.com <mailto:myml...@gmx.com> > > mailto:myml...@gmx.com>> wrote: [snip] > I unmounted the drive and tried to create an image of the drive, but it > fails > > 20190102-1435:root@curry:/root:#time dd if=/dev/rsd2c of=/root/corsair.iso > bs=1k > dd: /dev/rsd2c: Input/output error > 15958016+0 records in > 15958016+0 records out > 16341008384 bytes transferred in 7313.789 secs (2234274 bytes/sec) > 122m03.94s real 0m16.54s user 6m36.66s system To make dd(1) continue after such errors read up on these operands: conv=noerror(,sync) Marcus
Re: howto set terminus font in .Xresources for xterm
niyal...@gmail.com (shadrock uhuru), 2019.12.31 (Mon) 11:01 (CET): > what is the correct command to put in .Xresources for the terminus font, Works for me: XTerm*faceName:Terminus* XTerm*faceSize:12 Marcus > the following is my Xresources file, > i've tried a few variation but all i get when i start xterm is cannot > load font, > font loading is new to me so i have only try examples off the web > --- > > > XTerm*utf8: 1 > ! XTerm*font: -*-terminus-medium-*-*-*-18-*-*-*-*-*-iso10646-1 > XTerm*font: terminus-12 > XTerm*italicFont: terminus-12 > XTerm*selectToClipboard: true > > > ! ! Use a nice truetype font and size by default... > ! xterm*faceName: DejaVu Sans Mono Book > ! xterm*faceSize: 11 > > xterm*loginshell: true > > xterm*savelines: 16384 > > ! double-click to select whole URLs :D > xterm*charClass: 33:48,36-47:48,58-59:48,61:48,63-64:48,95:48,126:48 > XTerm*on3Clicks: regex > ([[:alpha:]]+://)?([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+ > *VT100*translations: #override Shift : > exec-formatted("google-chrome '%t'", PRIMARY) > > ! DOS-box colours... > ! xterm*foreground: rgb:a8/a8/a8 > xterm*foreground: rgb:ff/ff/00 > xterm*background: rgb:00/00/00 > xterm*color0: rgb:00/00/00 > xterm*color1: rgb:a8/00/00 > xterm*color2: rgb:00/a8/00 > xterm*color3: rgb:a8/54/00 > xterm*color4: rgb:00/00/a8 > xterm*color5: rgb:a8/00/a8 > xterm*color6: rgb:00/a8/a8 > xterm*color7: rgb:a8/a8/a8 > xterm*color8: rgb:54/54/54 > xterm*color9: rgb:fc/54/54 > xterm*color10: rgb:54/fc/54 > xterm*color11: rgb:fc/fc/54 > xterm*color12: rgb:54/54/fc > xterm*color13: rgb:fc/54/fc > xterm*color14: rgb:54/fc/fc > xterm*color15: rgb:fc/fc/fc > > ! right hand side scrollbar... > xterm*rightScrollBar: true > xterm*ScrollBar: true > > ! stop output to terminal from jumping down to bottom of scroll again > xterm*scrollTtyOutput: false > > --- > > thanks shadrock >
Re: Best way to change disk layout?
codeb...@inbox.lv (John Long), 2018.12.24 (Mon) 23:34 (CET): > Are smbd and nmbd supposed to run as root? httpd changes to www but I > don't see anything like that for samba. I can't remember how it was > working before. It runs as root and changes to the user that connects, when she/he connects. Unless you use some configuration options that prevents samba from doing so ("force user" and the like). Marcus
Re: procmail and new grammar in smtpd.conf
cl...@syntheticnation.com (schwack), 2018.12.11 (Tue) 22:36 (CET): > On Wed, Dec 05, 2018 at 10:07:34AM -0500, Daniel Corbe wrote: > > at 6:22 AM, Eda Sky wrote: > > > > > > > Executive summary: delete the procmail port; the code is not safe and > > > should not be used as a basis for any further work. > > Is maildrop a recommended alternative? $ pkg_info fdm "fdm is a simple, lightweight replacement for mail fetch, filter and delivery programs such as fetchmail and procmail." Using it since my departure from procmail, no problems seen. Marcus
Re: install portslist?
Hello, rsyk...@disroot.org (Rudolf Sykora), 2018.12.14 (Fri) 15:40 (CET): > odin$ pwd > /usr/ports > > odin$ make search key=texmacs > Please install portslist > pkg_add portslist > *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit > 1) > > odin$ doas pkg_add portslist > portslist-6.8: ok > odin$ make search key=texmacs > Please install portslist portslist does not bring back "make search key=" but gives you a flat text file: $ pkg_info -L portslist $ less /usr/local/share/sqlports.list Marcus > pkg_add portslist > *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit > 1) > > odin$ pkg_info -Q portslist > portslist-6.8 (installed) > > odin$ make search key=texmacs > Please install portslist > pkg_add portslist > *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit > 1) > > > Is this expected? What am I doing wrong? > > Thanks > Ruda >
Re: does 'xset(1) dpms 20' activate xidle(1) after 20sec?
Hello, alexan...@beard.se (Alexander Hall), 2018.11.28 (Wed) 23:24 (CET): > On Wed, Nov 28, 2018 at 10:56:13AM +0100, Marcus MERIGHI wrote: > > j...@openbsd.org (joshua stein), 2018.11.27 (Tue) 18:12 (CET): > > > On Tue, 27 Nov 2018 at 14:32:50 +0100, Marcus Merighi wrote: > > > > does 'xset(1) dpms 20' activate xidle(1) after 20 seconds? > > > > How to repeat: > > > > $ xset dpms 20 > > > > $ xidle -timeout 180 & > > > > With this I am locked out after 20 seconds, not 180. > > > > > > The DPMS event activates the X screensaver which generates an X > > > event that xidle is listening for. xidle then runs its specified > > > program (or defaults to xlock). > > > > Thanks for confirming and the explanation of the cause! > > > > I know you are having piles of experience with OpenBSD on all sorts of > > fancy hardware... what do you do for dimming the display and locking? > > This is what I use to give myself a three second grace period between the > screen going blank and the lock kicking in. The scroll lock led was for > fun and cosmetics. > $ egrep '^xidle|^xlock' .Xresources > xidle.*.timeout: 300 > xidle.*.delay: 9 > xlock.*.lockdelay: 3 > xlock.*.startCmd: xset dpms 3; sleep 3; xset led named "Scroll Lock" > xlock.*.endCmd: xset -dpms; xset -led named "Scroll Lock" > I start xidle in my ~.xsession especially "startCmd" with "xset dpms" was a precious hint! xlock(1) always woke up my DPMS dimmed display, and it remained lit. Not anymore, thank you! But I had to return to xautolock(1), since xidle(1) does not play well with my "xset dpms 20", as stated in the Subject:. I dug through the code of xidle(1), but see no way of telling if it is "xset dpms" running or the XScreenSaver(3) doing its thing. But I found the reason why some DEBUG printf()s did not show up, below. Thanks! Marcus Index: xidle.c === RCS file: /cvs/xenocara/app/xidle/xidle.c,v retrieving revision 1.6 diff -u -p -u -r1.6 xidle.c --- xidle.c 6 Sep 2018 07:21:34 - 1.6 +++ xidle.c 29 Nov 2018 11:10:03 - @@ -366,7 +366,9 @@ main(int argc, char **argv) if (fd < 0) err(1, _PATH_DEVNULL); dup2(fd, STDIN_FILENO); +#ifndef DEBUG dup2(fd, STDOUT_FILENO); +#endif dup2(fd, STDERR_FILENO); if (fd > 2) close(fd);
Re: does 'xset(1) dpms 20' activate xidle(1) after 20sec?
j...@openbsd.org (joshua stein), 2018.11.27 (Tue) 18:12 (CET): > On Tue, 27 Nov 2018 at 14:32:50 +0100, Marcus Merighi wrote: > > does 'xset(1) dpms 20' activate xidle(1) after 20 seconds? > > > > How to repeat: > > > > $ xset dpms 20 > > $ xidle -timeout 180 & > > > > With this I am locked out after 20 seconds, not 180. > > The DPMS event activates the X screensaver which generates an X > event that xidle is listening for. xidle then runs its specified > program (or defaults to xlock). Thanks for confirming and the explanation of the cause! I know you are having piles of experience with OpenBSD on all sorts of fancy hardware... what do you do for dimming the display and locking? Marcus
does 'xset(1) dpms 20' activate xidle(1) after 20sec?
Hello, does 'xset(1) dpms 20' activate xidle(1) after 20 seconds? How to repeat: $ xset dpms 20 $ xidle -timeout 180 & With this I am locked out after 20 seconds, not 180. I looked hard to make sure everything runs with default settings. Just saying, maybe someone has time to reproduce. Marcus
Re: vmm(4) on apu2c4
miracu...@gmail.com (Thomas Huber), 2018.10.29 (Mon) 08:27 (CET): > Hi misc, > > is vmm(4) working on the PC-Engines APU2 with -release 6.4 ? > I thought I've read something like that a view months ago but can not find > any further information about which CPU-Feature is needed and how it is > named at the AMD. > > This are the CPU-Specs for the APU2: > "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and > AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 > cache." The test from faq16.html, on pcengines apu2c4: $ dmesg | egrep '(VMX/EPT|SVM/RVI)' vmm0 at mainbus0: SVM/RVI A little more info: $ dmesg | grep -e apu -e vmm0 -e GX-412TC bios0: PC Engines PC Engines apu4 cpu0: AMD GX-412TC SOC, 998.31 MHz cpu1: AMD GX-412TC SOC, 998.26 MHz cpu2: AMD GX-412TC SOC, 998.15 MHz cpu3: AMD GX-412TC SOC, 998.31 MHz vmm0 at mainbus0: SVM/RVI Following faq16.html I got: $ vmctl show ID PID VCPUS MAXMEM CURMEM TTYOWNER NAME 3 15040 11.0G 1.0M ttyp1 root example Marcus
want.html: Unifi wifi gear for interop debugging
Dear all, not everyone is reading want.html every day, therefore I wanted to hint at: https://www.openbsd.org/want.html stsp@wifi is asking for gear and we should deliver :-) "Ubiquity Unifi Ufo / Unifi AP Pro are needed for wifi driver debugging in Berlin, Germany. Contact s...@openbsd.org" I cannot find "Unifi Ufo", but "Unifi AP Pro" is not a cheapo Access Point, around EUR 160,-- here. Marcus
Re: USB Ethernet adapter
i...@konstankino.com (Bogdan Kulbida), 2018.09.25 (Tue) 02:00 (CEST): > It does have few extra USB ports, ta-da... > Anyway, what USB network interface would you recommend that would run > smoothly with the OBSD 6.3? Works for years already, not a single hickup that I know of: axe0 at uhub0 port 4 configuration 1 interface 0 "ASIX Electronics AX88772A" rev 2.00/0.01 addr 2 If I enter "AX88772A" at my favourit hardware page I get, e.g.: "Digitus DN-10050-1, RJ-45, USB-A 2.0" Marcus
Re: wifi manager
ed...@pettijohn-web.com (Edgar Pettijohn III), 2018.09.22 (Sat) 16:49 (CEST): > I've just uploaded what I feel to be a completed gui wifi manager to > complement the base tools. > https://sourceforge.net/projects/openbsd-wifi-manager/ I tried it, what I found: - I had to "pkg_add p5-Gtk2", which isn't mentioned in the README - I do not like that it quits when it finds an existing connection. Why? - it did not detect that my interface was down. - the list of wlans looked like ifconfig output parsing was broken, always. - it took about 15 seconds to see the GUI, not only on the first invocation. (lenovo x230, 8GB, 2,6GHz, iwn, -current, cwm.) - Quit via "q", "ctrl+q" or "Esc" does not work. - In line 341 you should remove the "doas" for mere scanning. Marcus
Re: Running your own mail server
marko.cu...@mimar.rs (Marko Cupać), 2018.09.18 (Tue) 10:58 (CEST): > On Tue, 18 Sep 2018 10:32:25 +0100 > Kevin Chadwick wrote: > > > I see clamav and other scanning stuff as an insecurity personally. > > Can you elaborate, please? It's a case of Enumerating Badness :-) http://www.ranum.com/security/computer_security/editorials/dumb/ Marcus
Re: Resize keydisk (softraid) partition...
program...@netzbasis.de (Benjamin Baier), 2018.09.08 (Sat) 00:08 (CEST): > On Fri, 7 Sep 2018 21:00:58 +0200 > Zbyszek Żółkiewski wrote: > > > > > > Wiadomość napisana przez Marcus MERIGHI w dniu > > > 07.09.2018, o godz. 18:09: > > > > > > $ dd bs=8192 skip=1 if=/dev/rsd99z of=backup-keydisk.img > > > $ dd bs=8192 seek=1 if=backup-keydisk.img of=/dev/rsd99z > > > > thanks for answers but that will make dump of whole 14GB - i would > > like to shrink it to reasonable size… I never realized that since my keydisks were always set up a la FAQ! > Well, from reading the code a little seems the keydisk metadata is at > offset > SR_META_OFFSET = 8192 bytes and is SR_META_SIZE (64) * DEV_BSIZE (512 > bytes) = 32768 bytes long. > > Time ran out so do what you will with it. This is untested and always > keep a good backup. Thanks for reading the code! this would do, then $ dd bs=8192 skip=1 count=4 if=/dev/rsd99z of=backup-keydisk.img ^^^ though I am going to test this: $ dd bs=8192 skip=1 count=5 if=/dev/rsd99z of=backup-keydisk.img ^^^ Thanks, Marcus
Re: Resize keydisk (softraid) partition...
alexan...@beard.se (Alexander Hall), 2018.09.07 (Fri) 16:56 (CEST): > On September 7, 2018 12:16:03 PM GMT+02:00, "Zbyszek Żółkiewski" > wrote: > >Hi, > > > >So i did something stupid: during creation of keydisk > >(https://www.openbsd.org/faq/faq14.html#softraid), i was in hurry and I > >allocated whole 14GB partition a for keydisk… > >Now i would like to shrink it somehow, what’s the best and safest way > >to do it… ? > > I'd take a disk with some unpartitioned space, create a small(er) RAID > partition, and dd as much as possible of the 14GB keydisk into it. > Then test if the new keydisk works. > /Alexander I once noted (and have used various times) the following for backup/restore of keydisks. It was mentioned on one of theses lists, unfortunately I cannot find the source atm: $ dd bs=8192 skip=1 if=/dev/rsd99z of=backup-keydisk.img $ dd bs=8192 seek=1 if=backup-keydisk.img of=/dev/rsd99z Marcus
Re: Some information needed, HELP!
k...@mack-z.com (Ken M), 2018.09.02 (Sun) 16:21 (CEST): > So I did something careless and stupid. Don't get me started but I > really messed up the group ownership of /usr by carelessly running a > command not paying attention. Yes I know, my stupidity. > > Can anyone shoot me a quick list of what group should own what under > /usr. see /etc/mtree/special ! $ ls -la /usr drwxr-xr-x 7 root wheel 512 Aug 24 09:19 X11R6 drwxr-xr-x 2 root wheel 5632 Aug 24 16:04 bin drwxr-xr-x 2 root wheel 1024 Aug 24 16:04 games drwxr-xr-x 29 root bin3072 Aug 24 16:04 include drwxr-xr-x 7 root wheel 3584 Aug 24 16:06 lib drwxr-xr-x 5 root wheel 512 Aug 24 08:39 libdata drwxr-xr-x 6 root wheel 1024 Aug 24 16:06 libexec drwxr-xr-x 15 root wheel 512 Aug 24 09:18 local drwxr-xr-x 2 root wheel 512 Aug 24 08:40 mdec drwxrwx--- 2 build wobj512 Jan 20 2017 obj drwxr-xr-x 1 root wheel25 Mar 6 2017 ports drwxr-xr-x 2 root wheel 4096 Aug 25 11:49 sbin drwxr-xr-x 17 root wheel 512 Aug 24 08:40 share drwxrwxr-x 2 root wsrc512 Jan 20 2017 src drwxrwx--- 2 build wobj512 Jan 20 2017 xobj Marcus
Re: Block TLD senders with opensmtpd
Hello, compli...@risei.net (Scott Seekamp), 2018.08.31 (Fri) 00:55 (CEST): > Looking at the manpage for smtpd.conf it’s possible to block a domain > with: > reject sender > and put: > @domain.tld > Is it possible to block entire tld’s and if so what would the syntax be? > I’d like to filter out high spam content senders “.bid, .date, .us” > that I”m seeing and avoid spam processing altogether. I think you cannot match on the "From:" in the mail header. Remember config syntax and structure in 6.4 will be different from 6.3, you did not tell what you use... What I *would* try for -current: table denydomains { "*.bid", "*.data" } match mail-from reject match helo reject "smtpd -n -v -f" says that's OK, I'm not going to test it live. And it's only for "MAIL FROM:" and "HELO", easy to forge. I think with 6.3 (or earlier) this is *not* going to work, unless someone sends with "MAIL FROM:": table badsenders { "@biz", "@date" } reject from any sender Marcus
Re: What is the proper way to release a DHCP lease
jh...@kevla.org (Jay Hart), 2018.08.19 (Sun) 17:19 (CEST): > > > > On Aug 7, 2018 5:57 PM, Jay Hart wrote: > >> > >> Hello all, > >> > >> About ready to put a new box online, but need to "release" the MAC / IP > >> address [of the old box] > >> if I can prior to swapping out the boxes. This might save me a call to > >> Verizon. > >> > >> I tried "dhcp release", but the OS returned a "command not found" error, > >> essentially. > >> > >> What is the proper way to get this done? I'm drawing a blank with my > >> google fu tonight. > >> > >> Thanks, > >> > >> Jay > >> > > > > dhclient -r 'interface' > > -r seems to be a deprecated option. I get an unknown option error. Works here(tm). Did you - cough - run "dhcpd -r" to produce this error? It's quite similar when tab-expanding in a hurry... Marcus
Re: Moving filesystems around
Hello Jay, jh...@kevla.org (Jay Hart), 2018.07.27 (Fri) 04:42 (CEST): > > Hello, > > jh...@kevla.org (Jay Hart), 2018.07.25 (Wed) 21:31 (CEST): > >> Running a stock 6.3 machine. I just bought a new server and hope to > >> move this drive over, but think I need to move two partitions around > >> at get more space. > > > > I'm not sure you need to... > > My /usr is just 895M. Yours is fuller because you have /usr/local on the > > same slice? > > If so, I'd consider this the problem. > > You'd have slices left after your wd0i[1], but is there unassigned > > space left on the disk? > > If so, I'd create a new slice and put /usr/local there. > > > > More info would have been helpful, show output of mount(8) and df(1), > > disklabel, fdisk, dmesg, perhaps? > > > > [1] what, a wd(4)?! ;-) > > > > Marcus > > > > Actually, I have a separate /usr/local partition, just didn't mention > it. Why has your /usr twice as much on it than mine, then? /usr/src? /usr/ports? du -sh /usr/*? > Your post got me thinking (as did some of the others). I've been > upgrading this box since 5.6 or > so and maybe its time to wipe it and start fresh on the new box. Just > copy over my config files after I'm done. I've recently upgraded an equally outdated box and sysmerge(8) was no fun. Lots of differences in config files after such a looong time makes merging hard. Thus installing might be the right thing. > Since I just follow stable releases, I don't bother downloading the > source code and building patches, so /usr should stay small and clean > with syspatch and sysclean, unless I'm very wrong about how they work. I think you got it right. /usr is rather static, unless it grows rapidly, like recently for /usr/share/relink/. syspatch(8) gives you patches for errata for the latest release and one version before, IIRC. sysclean(8) gives you a list of files not required by the installed base system and the installed ports. Marcus > >> I have one drive installed, with about 6 partitions. > >> > >> /var is a 6.3G partition (wd0e) using 50M of space > >> /usr is a 2.0G partition (wd0f) using 1.6G of space > >> > >> Last partition number is wd0i. > >> > >> What would the recommended procedure to use to swap these two partitions?