Re: smtpd under different rtable + /root/.forward

2024-10-24 Thread Thomas
On Thu, 24 Oct 2024, at 00:51, Dan wrote:
> Two simple stuff:
>
> 1. Did you create the mx record among your dns records?

No, but I don't think there's any need, it works under rtable 0 and
should have access to the same DNS resolution if it remains in rdomain
0? So if I can shorten the steps:

1. Create rtable 1 with route -T1 add default $gateway
2 Move smtpd to rtable 1 with rcctl set smtpd rtable 1 and restart the
daemon
3. route -T1 exec ping google.com works or as pinging the relay: route
-T1 exec ping smtps-proxy.fastmail.com
4. route -T1 exec dig smtps-proxy.fastmail.com mx works too for that
natter
5. smtpd logs smtp-out: Failed to resolve MX for
[relay:smtps-proxy.fastmail.com,port=443,smtps,auth=secrets:label,mx]:
Host not found

> 2. DigitalOcean has qualified support engineers to ask for anything
> technical regarding your vps, including networking.

I'll reach out to them to unblock smtp (DO now defaults to blocking
smtp to prevent spam), but I am not sure that they can help on the
rest, as it's working (when using proxy smtp on port 443 for now), just 
not when using rtable 1 so I must be doing something wrong or perhaps
unwind does not provide MX records to smtpd?

> - You got the passtime to install successfully OpenBSD on
DigitalOcean?
> Let us know about it..

Yes! I have scripted my setup (though I will only test the script when
I fully re-install, so it's not tested but should work or would show the
main steps anyway...), see attached. That's from a Fedora droplet.

In short download bsd.rd and set-up grub to show the option to 
boot bsd.rd. The most tricky was figuring out which serial to use to 
be able to access grub/bsd.rd from the Digital Ocean recovery console. 
Then follow the normal installer, the recovery console is kind enough 
to show the IP, subnet, and gateway at the bottom to set up vio0.

Thomas

digitalocean-obsd-bootstrap
Description: Binary data


Fwd: smtpd under different rtable + /root/.forward

2024-10-23 Thread Thomas
Hello all,

So one thing I'm having issues to wrap my head around are rtables/domains... I
have a VPS on Digital Ocean and they have a set up with a public IP address + a
"floating" one which is accessed through another IP address on the same
interface. Eg.

vio0: flags

inet $publicIP
inet 10.10.10.10 (giving access to a gateway nating traffic to another IP 
address)

All traffic is routed to the gateway associated with the 10.10.10.10 address.
That gateway does not accept SMTP traffic which needs to be routed through the
gateway associated to the public IP (let's call it pubGW)

So, I created a 2nd routing table in rdomain 0: route -T1 add default $pubGW
and then move smtpd to it, rcctl set smtpd rtable 1, rcctl restart smtpd.
Output of netstat -R below:
Rdomain 0
  Interfaces: lo0 vio0 enc0 pflog0
  Routing tables: 0 1

This does not work, smtpd reports DNS failures:
smtpd[35722]: smtp-out: Failed to resolve MX for
[relay:xxx,port=xxx,smtps,auth=secrets:label,mx]: Host not found

The setup works on the rtable 0 (when I swap the default route) and route -T1
exec ping google.com works as well (so ping apparently can resolve names on
rtable 1...). What am I missing?

On another note, I cannot get .forward to work for root. I checked the
permissions and they are as mentioned on man forward. I don't try to pipe or
:include:, just /path/to/file (this works with only an email address). 
/path/to/file  works with a normal
user and with root gives: sendmail: command failed: 451 Temporary failure:
. Is that a security thing?

Thanks a lot in advance,

Thomas



Re: Memory upgrade

2024-10-16 Thread Thomas Frohwein
On Tue, 15 Oct 2024 16:08:03 +0200
Christian Schulte  wrote:

> On 10/15/24 15:09, Claudio Jeker wrote:
> > On Tue, Oct 15, 2024 at 02:35:03PM +0200, Christian Schulte wrote:  
> >> On 10/15/24 12:45, Claudio Jeker wrote:  
> >>> On Tue, Oct 15, 2024 at 12:28:20PM +0200, Christian Schulte
> >>> wrote:  
>  On 10/15/24 12:09, Stuart Henderson wrote:  
> > On 2024-10-15, Zé Loff  wrote:  
> >> On Tue, Oct 15, 2024 at 10:14:42AM +0200, Christian Schulte
> >> wrote:  
> >>> ulimit -d `ulimit -aH | grep data | awk '{print $2}'`
> >>> ulimit -n `ulimit -aH | grep nofiles | awk '{print $2}'`  
> >
> > ulimit -d `ulimit -dH` etc... but then there's no point setting
> > a separate hard limit in login.conf.  
> 
>  Of course. I am the only user on that system and the only limits
>  I want "my" xsession to be in effect on that system are the hard
>  limits setup by the kernel. Those make the system swap for no
>  apparent reasons. So. Why is this thing swapping?  
> >>>
> >>> Because you are out of memory (most probably the usual amd64
> >>> problem of running out of dma reachable memory and the pagedaemon
> >>> going berserk about that). You have plenty of ram just in the
> >>> wrong spot. 
> >>
> >> According to the readings of top(1) or vmstat(8) I am not hitting
> >> any physical RAM limits. Still. The system starts swapping and I
> >> am yet to find out why it does. Maybe it just cannot fulfill
> >> requests for larger chunks of memory but does not "tell" an
> >> application about it and just commits itself to swapping? Makes no
> >> sense to me reading output of top(1) or vmstat(8) displaying that
> >> the system has swapped out more than half a GB to disk when nearly
> >> half of the RAM available to the system (8GB) is not even wired
> >> up. The system reports nearly 4GB of physical RAM available for
> >> allocation together with more than half of a GB swapped out to
> >> disk. Makes no sense. 
> > 
> > Please read again. You are out of memory below 4GB (dma reachable
> > physical memory). The pagedaemon does a very poor job in that case
> > and this is what you see. It is a known issue and a fix will
> > eventually emerge.
> > 
> > If the problem was trivial it would have been fixed already.  
> 
> I am not around here for working on things a chimpanzee could be
> trained to do.
> 

You are overstepping and have been for a while. If you want any help,
better watch your tone.



Re: IPv6 static host address inside dynamic network

2024-10-14 Thread Thomas Bohl

Am 14.10.2024 um 17:47 schrieb Chris Ross:




On 2024-09-10 19:20:13, Thomas Bohl  wrote:
I used https://aloof.de/f/IPv6Aliases-en.sh for many years.
HTH


Apologies that I missed this earlier, Thomas.  I took a look at this now,
and it does do very much what I want.  I have been trying to find something
event-based, rather than polling, but this is a good tool if I go that
route.  Thank you.

But, I do notice something looking at it and my openbsd system; the
command-set that produces “publicIPv6Net” seems wrong.  Specifically,
it runs “sort -u” on the networks and then “tail -n 1”, proportedly
because newer networks are listed at the bottom.

First, sort loses ordering.


You are right. I see that my first version from 2018 didn't had it. I 
can't remember why I added it.




 Second, on my system the last address
output by "route -n show -inet6 | grep ::/64” is not the current
one.  Actually, that list seems also to be sorted lexographically
even before running sort.  I think “route show” lists them in
address-order, not time-order.


Again you seem to be right and I don't remember if it ever was 
different. The comment for tail at least implies it.
What a bummer. I used this script for 5 years on 6 machines and never 
had a problem. But now that I no longer use it myself I maybe should 
delete it or at least no longer promote it.




Re: Failed re-install with bsd.rd and full disk encryption

2024-10-10 Thread Thomas
>> I have attempted to upgrade from 7.5 to 7.6 on a VPS with encryption. As /usr
>> was too small (< 1G left), I chose to re-install and re-partition. I 
>> downloaded
>> bsd.rd, checked it, etc. and rebooted it.
>> 
>> Following the install steps, I was not offered the choice to encrypt, only to
>> choose sd0 or sd1. With hindsight, I should probably have chosen sd1,
>> re partitioned and called it a day.
>> 
>> What I did is tried to follow the OpenBSD FAQ 14 for softraid + this guide:
>> https://www.tumfatig.net/2020/fde-on-openbsd.amsterdam-opinionated-vm
>> 
>> I could not detach sd1 (bioctl -d sd1) with the following error: softraid0:
>> refusing to delete boot volume. So, I tried to erase entirely the drive,
>> thinking that since bsd.rd was in RAM, it would forget about the previous
>> volumes / partitions. It did not work, after using dd if=/dev/urandom
>> of=/dev/rsd0c bs=1m, using disklabel to create sd0a showed: disklabel:
>> DIOCWDINFO: Device busy when trying to write.
>> 
>
> Yes, bsd.rd runs from RAM, but you loaded it by unlocking the encrypted drive
> that became sd1.  The system boots, sd1 is seen by the OS, so it can't be
> casually deleted, as the kernel has already become aware of it.  Because of
> that, you can't detach the drive (I think?  I haven't tried this, but I
> recognize the rest of your problem :) )
>
> your dd'ing trash over sd0 worked, but the disklabels are stored in RAM, so
> the system wouldn't know until you rebooted.  (personally, I'd suggest
> zeros over random data if you are just trying to free up the disk. OpenBSD
> won't have a problem, but I've seen lesser OSs freak out if the disk has
> magic bytes in magic places in the early part of the disk)
>
> For what you trying to do, after zeroing the drive, you needed to reboot
> using other media for bsd.rd (netboot, usb, CD, etc).  Now you would have
> no partition tables on sd0, and thus, no sd1.
>
> For your goal -- repartitioning an established system, boot bsd.rd, then
> just delete and create partitions on sd1.  No reason to delete sd1 itself,
> your encrypted drive was just fine, it was just the disklabel partitions
> within it you wanted to rework.
>
Thanks for the response, this makes sense and is very informative. I initially
wanted to re-create sd1 to specify a higher number of rounds but after testing
it is possible to use: bioctl -r 500 -P sd1 (for instance). The only advantage 
of 
recreating sd1 would be to have a new master key (I assume) which I didn't need.

The above solves the issue then (as long as bioctl -d sd1 refuses to detach the 
boot
volume after booting bsd.rd) and so that would explain why the installer does 
not
propose re-encryption.



Failed re-install with bsd.rd and full disk encryption

2024-10-09 Thread Thomas
Hello all,

I have attempted to upgrade from 7.5 to 7.6 on a VPS with encryption. As /usr
was too small (< 1G left), I chose to re-install and re-partition. I downloaded
bsd.rd, checked it, etc. and rebooted it. 

Following the install steps, I was not offered the choice to encrypt, only to 
choose sd0 or sd1. With hindsight, I should probably have chosen sd1, 
re partitioned and called it a day.

What I did is tried to follow the OpenBSD FAQ 14 for softraid + this guide:
https://www.tumfatig.net/2020/fde-on-openbsd.amsterdam-opinionated-vm

I could not detach sd1 (bioctl -d sd1) with the following error: softraid0:
refusing to delete boot volume. So, I tried to erase entirely the drive,
thinking that since bsd.rd was in RAM, it would forget about the previous
volumes / partitions. It did not work, after using dd if=/dev/urandom
of=/dev/rsd0c bs=1m, using disklabel to create sd0a showed: disklabel:
DIOCWDINFO: Device busy when trying to write.

I have given up (and I think that's my last question of the series) and asked
for the VM to be reimaged but I wonder where that went wrong in trying to
re-install with bsd.rd.

Greetings,

Thomas



Bootloader location for encrypted root (softraid)

2024-10-09 Thread Thomas
Dear all,

I have tried to look at the doc and through this mailing list to understand
where the bootloader is located for a Full Disk Encryption (FDE) install.

There are two devices setup, sd0 and sd1 for the encrypted volume. From 
the man pages, my current understanding is that when the installer runs 
installboot sd1 (where sd1 is the where the softraid is attached), then: 
- the first stage would be installed in the first sectors of the backing disk 
(installboot -v resports sd0a: would install boot blocks on /dev/rsd0c, 
part offset 144) 
- the 2nd stage bootloader in the softraid volume, the man page says
"in the storage area oft he softraid volume".

If I wanted to check the integrity of the bootloaders against what is in
/usr/mdec, how would I go about it? - I know the possible issues with that and 
with trust, etc. I'm going down a rabbit hole for the sake of learning a few
things along the way.

Thanks in advance,

Thomas



Re: newsyslog trimming hourly despite two hours config file

2024-10-07 Thread Thomas
On Sun, 6 Oct 2024, at 20:05, Otto Moerbeek wrote:
> On Sun, Oct 06, 2024 at 05:18:18PM +0200, Otto Moerbeek wrote:
>
>> On Sun, Oct 06, 2024 at 04:35:52PM +0200, Thomas wrote:
>> 
>> > Hello everyone,
>> > 
>> > I may have run into a corner case with newsyslog. Long story short, I set 
>> > up 
>> > a second pflog interface to capture all traffic coming to/from my phone to 
>> > investigate an issue.
>> > 
>> > I want to keep 1-2 days of log. I have set-up /etc/newsyslog.conf as such:
>> > /var/log/pflog1 600 24 * 2 ZB "rcctl reload pflogd1"
>> > 
>> > When I put my phone in offline mode at night, there's no traffic, so the 
>> > only
>> > mtime of the rotated files is its creation time. stat -f '%Sm%t%z%t%N' 
>> > gives:
>> > 
>> > Oct  6 06:00:33 202444  pflog1.2.gz
>> > Oct  6 05:00:33 202444  pflog1.3.gz
>> > Oct  6 04:00:33 202444  pflog1.4.gz
>> > Oct  6 03:00:34 202444  pflog1.5.gz
>> > Oct  6 02:00:33 202444  pflog1.6.gz
>> > 
>> > I had included newsyslog -v in cron and the logs sent by cron are:
>> > Date: Sun, 6 Oct 2024 02:00:02 +0200 (CEST)
>> > /var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
>> > Date: Sun, 6 Oct 2024 03:00:03 +0200 (CEST)
>> > /var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
>> > Date: Sun, 6 Oct 2024 04:00:02 +0200 (CEST)
>> > /var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
>> > Date: Sun, 6 Oct 2024 05:00:02 +0200 (CEST)
>> > /var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
>> > Date: Sun, 6 Oct 2024 06:00:02 +0200 (CEST)
>> > /var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
>> > 
>> > So, it's always calculating 2 hours of duration (and trimming) although 
>> > it's only
>> > been one hour. This issue does not happen during the day when the logs are
>> > being filled with data.
>> > 
>> > I'm no programmer, though looking through the source code of newsyslog 
>> > shows
>> > this formula: return ((int)(timenow - sb.mt_time + 1800) / 3600
>> > 
>> > If mt_time is the modification time, my only explanation is newsyslog is 
>> > creating the file the same second, an hour later which would return 1.5:
>> > 
>> > $ bc -e "scale = 3; ($(date -j +"%s" 0600.33) - $(date -j +"%s" 0500.33) + 
>> > 1800) / 3600" -e quit
>> > $ 1.500
>> > 
>> > And that this is rounded up to 2 hrs and triggers newsyslog... I am not 
>> > sure
>> > but cannot think of anything else
>> 
>> That would suprise me, as the computation is done using integer
>> arithmetic and no rounding up plays a role there.
>> 
>>  -Otto
>> 
>> > 
>> > I think that I can work around this (and check the theory...) setting up 
>> > another
>> > cron job to touch /var/log/pflog1 every hour so that the mtime of the 
>> > archive
>> > cannot be exactly 5400 seconds later.
>> > 59  *   *   *   *   /usr/bin/touch /var/log/pflog1
>> > 
>> > Greetings,
>> > 
>> > Thomas
>> > 
>> 
>
> What is happening: the last mod time of the latest log file is
> compared to the current time. In non B mode, a banner (logfile turned
> over) is been written at rotation time, so that file always has time N
> (rotation time). In B mode, that write does not happen, so if there
> are also no log lines entries, written, it wil have time N-1 (in
> hours). That's the reason why newsyslog thinks the current log file is
> two hours old and it's time to rotate.
>
>   -Otto

Thanks, that makes sense. The "fix" of adding an hourly cronjob to touch the 
log file 
shortly before it's rotated works the same and empty log files are now rotated 
every 
2 hours.

Greetings, 

Thomas



newsyslog trimming hourly despite two hours config file

2024-10-06 Thread Thomas
Hello everyone,

I may have run into a corner case with newsyslog. Long story short, I set up 
a second pflog interface to capture all traffic coming to/from my phone to 
investigate an issue.

I want to keep 1-2 days of log. I have set-up /etc/newsyslog.conf as such:
/var/log/pflog1 600 24 * 2 ZB "rcctl reload pflogd1"

When I put my phone in offline mode at night, there's no traffic, so the only
mtime of the rotated files is its creation time. stat -f '%Sm%t%z%t%N' gives:

Oct  6 06:00:33 202444  pflog1.2.gz
Oct  6 05:00:33 202444  pflog1.3.gz
Oct  6 04:00:33 202444  pflog1.4.gz
Oct  6 03:00:34 202444  pflog1.5.gz
Oct  6 02:00:33 202444  pflog1.6.gz

I had included newsyslog -v in cron and the logs sent by cron are:
Date: Sun, 6 Oct 2024 02:00:02 +0200 (CEST)
/var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
Date: Sun, 6 Oct 2024 03:00:03 +0200 (CEST)
/var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
Date: Sun, 6 Oct 2024 04:00:02 +0200 (CEST)
/var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
Date: Sun, 6 Oct 2024 05:00:02 +0200 (CEST)
/var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log
Date: Sun, 6 Oct 2024 06:00:02 +0200 (CEST)
/var/log/pflog1 <24ZB>: age (hr): 2 [2] --> trimming log

So, it's always calculating 2 hours of duration (and trimming) although it's 
only
been one hour. This issue does not happen during the day when the logs are
being filled with data.

I'm no programmer, though looking through the source code of newsyslog shows
this formula: return ((int)(timenow - sb.mt_time + 1800) / 3600

If mt_time is the modification time, my only explanation is newsyslog is 
creating the file the same second, an hour later which would return 1.5:

$ bc -e "scale = 3; ($(date -j +"%s" 0600.33) - $(date -j +"%s" 0500.33) + 
1800) / 3600" -e quit
$ 1.500

And that this is rounded up to 2 hrs and triggers newsyslog... I am not sure
but cannot think of anything else

I think that I can work around this (and check the theory...) setting up another
cron job to touch /var/log/pflog1 every hour so that the mtime of the archive
cannot be exactly 5400 seconds later.
59  *   *   *   *   /usr/bin/touch /var/log/pflog1

Greetings,

Thomas



Re: Using ffmpeg to record x11 screen & audio

2024-09-21 Thread Thomas Frohwein
On Fri, Sep 20, 2024 at 10:47:42PM -0700, patrick keshishian wrote:
> Hi folks,
> 
> Attempting to do a screen capture (x11) including audio; say chrome is
> playing a video clip and I want to capture a portion of the screen
> along with the audio.
> 
> Quick search shows following example:
> 
>  ffmpeg -f x11grab -probesize 32M -thread_queue_size 32 -i :0 \
>   -f sndio -thread_queue_size 32 -i snd/0 \
>   -codec:v libx264rgb -crf 0 -preset ultrafast \
>   -codec:a pcm_s16le \
>   raw.mkv
> 
> Unfortunately, play back of raw.mkv file using ffplay, there is no
> audible audio.

You need to use the monitoring stream to capture audio produced by
applications. See here how to set it up:

https://www.openbsd.org/faq/faq13.html#recordmon

In the script I use to not hand-type all the ffmpeg syntax, I have this:

-f sndio -i snd/1.mon

(in your case likely snd/0.mon after setting it up)

> 
> Also, this command captures the entire screen. I am only interested in
> capturing a portion of the screen, so my modified command is:
> 
> ffmpeg -f x11grab -s:0 640x480 -framerate 25 -i :0.0+100+50 -f sndio
> -i snd/0 -crf 0 -preset ultrafast out.mp4
> 
> With this, the capture is at offset 100+50 and a size of 640x480.
> Still no audio (unsurprisingly).
> 
> Can someone give me a hint as to how to get audio to record as well?
> 
> Cheers,
> --patrick
> 
> 
> 
> ffmpeg details while playing raw.mkv
> Input #0, matroska,webm, from '/tmp/raw.mkv': 0KB sq=0B f=0/0
>   Metadata:
> ENCODER : Lavf58.76.100
>   Duration: 00:00:49.33, start: 0.00, bitrate: 10079 kb/s
>   Stream #0:0: Video: h264 (High 4:4:4 Predictive), gbrp(tv, 
> gbr/unknown/unknown
> , progressive), 1366x768, 29.25 fps, 29.25 tbr, 1k tbn, 58.50 tbc
> (default) Metadata:
>   ENCODER : Lavc58.134.100 libx264rgb
>   DURATION: 00:00:49.33300
>   Stream #0:1: Audio: pcm_s16le, 48000 Hz, 2 channels, s16, 1536 kb/s 
> (default)
> Metadata:
>ENCODER : Lavc58.134.100 pcm_s16le
>   DURATION: 00:00:48.98100
>   29.27 A-V: -0.122 fd=  11 aq=  763KB vq= 5676KB sq=0B f=0/0
> 



Re: IPv6 static host address inside dynamic network

2024-09-10 Thread Thomas Bohl

Am 02.09.2024 um 22:21 schrieb Chris Ross:

I’m trying to move from a static IPv6 network to a dynamic allocation from an
ISP.  The hard part is that some of my hosts have secondary addresses for
specific services to use.  I need to find a way to listen to router adverts
but then manually add an alias with a static lower 64 bits.  Looking for
suggestions.


I used https://aloof.de/f/IPv6Aliases-en.sh for many years.
HTH



Re: httpd & calibre-server (ebooks)

2024-09-07 Thread Greg Thomas
If I'm reading this correctly you're missing some of this:

https://www.openbsd.org/faq/pf/rdr.html

Not sure what is sending this:

"500 Internal Server Error"

because you haven't mentioned your public IP setup.

On Sat, Sep 7, 2024 at 1:58 PM Am Jam  wrote:

> Hi Everyone,
>
> I am trying to host my ebook collection via the "Calibre Content Server"
> (i.e., calibre-server) on OpenBSD 7.5, but I am having a problem with my
> /etc/httpd.conf.
>
> My ebooks (comprising epub, mobi, and pdf files) are located in
> /var/calibre/library.
>
> I've created a dedicated user, _calibre, to run the server, and I do so
> like this:
>
> # doas -u _calibre calibre-server --port=8004 /var/calibre/library
> QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to
> '/tmp/runtime-_calibre'
> calibre server listening on 0.0.0.0:8004
> OPDS feeds advertised via BonJour at: 192.168.1.78 port: 8004
> _
>
> When I do this, I can, from another computer within my network, navigate
> to http://192.168.1.78:8004 and read my ebooks. So far so good.
> I now want to access the same webpage from outside of the network using a
> domain I've purchased; however, I keep getting the following httpd error
> when I navigate to my URL:
>
> 500 Internal Server Error.
>
>
> Am I missing something obvious?
>
>
> Many Thanks.
>
>
> /etc/httpd.conf:
>
> ### Calibre
> ### https://lit.mydomain.io ###
> server "lit.mydomain.io" {
> listen on * tls port 443
>
> # enable HTTP Strict Transport Security
> hsts {
> preload
> subdomains
> max-age 15768000
> }
>
> tls {
> certificate "/etc/ssl/mydomain.io.fullchain.pem"
> key "/etc/ssl/private/mydomain.io.key"
> }
>
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> }
>
> # set logs
> log {
> access "calibre-access.log"
> error "calibre-error.log"
> }
>
> # set max upload size to 1G (in bytes)
> connection max request body 1048576000
> connection max requests 1000
> connection request timeout 3600
> connection timeout 3600
>
> # calibre access points
> location "/*" {
> fastcgi socket tcp "127.0.0.1" 8004
> # fastcgi socket tcp "192.168.1.78" 8004
> }
> }
>
> ### http://lit.mydomain.io
> server "lit.mydomain.io" {
> listen on * port 80
>
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> }
>
> location * {
> block return 302 "https://$HTTP_HOST$REQUEST_URI";
> }
>
> }
>
>
>
> /etc/acme-client.conf:
>
> $ less /etc/acme-client.conf
> authority letsencrypt {
> api url "https://acme-v02.api.letsencrypt.org/directory";
> account key "/etc/acme/letsencrypt-privkey.pem"
> }
>
> authority letsencrypt-staging {
> api url "https://acme-staging.api.letsencrypt.org/directory";
> account key "/etc/acme/letsencrypt-staging-privkey.pem"
> }
>
> domain mydomain.io {
> alternative names { www.mydomain.io, pub.mydomain.io,
> img.mydomain.io, src.mydomain.io, tar.mydomain.io, lit.mydomain.io }
> domain key "/etc/ssl/private/mydomain.io.key"
> domain certificate "/etc/ssl/mydomain.io.crt"
> domain full chain certificate "/etc/ssl/mydomain.io.fullchain.pem"
> sign with letsencrypt
> }
>
>
>
>


Re: Suggestions

2024-09-05 Thread Greg Thomas
Have you ever considered being a comedian?

On Thu, Sep 5, 2024 at 10:50 PM  wrote:

> Drag and drop does not work in xfce ...
> auto mounting of usb memories would be great
>
>


Re: hostname.if

2024-09-05 Thread Greg Thomas
Is this a trick question?

Mine has 1.

On Wed, Sep 4, 2024 at 11:50 PM  wrote:

> What should my hostname.if file look like.
> Is there a minimum amount of settings I need?
>
>


Re: avrdude can't find usbasp

2024-08-14 Thread Thomas L.
On Wed, 14 Aug 2024 01:47:05 +0300
kodcode  wrote:
> Doesn't work for me.
> Have you tried your solution (with an usbasp)?

the additional group is only applied after you relogin.

$ doas usermod -G dialer tom
$ id
uid=1000(tom) gid=1000(tom) groups=1000(tom), 0(wheel), 735(_wireshark)
$ id tom
uid=1000(tom) gid=1000(tom) groups=1000(tom), 0(wheel), 117(dialer), 
735(_wireshark)



Re: Automatic Disk Partitioning

2024-08-04 Thread Greg Thomas
I don't know if I'm misreading your inquiry but if I have more than enough
storage space why would I allocate way too much space to system partitions
by allocating it proportionally?

On Sun, Aug 4, 2024 at 12:18 PM David Uhden Collado  wrote:

> Hello,
>
> I have observed that the automatic partitioning feature of disklabel(8)
> does not allocate more than approximately 350GB to system partitions
> [1]. In my opinion, the tool should have been designed to use all
> available space on the storage device when partitioning. To address this
> limitation, I had to write a custom program that calculates partition
> sizes to maintain their initial proportions while occupying the entire
> storage device.
>
> I would like to understand the rationale behind this design choice. Is
> there a specific reason why the automatic partitioning is limited to
> around 350GB for system partitions? Any insights or explanations you can
> provide would be greatly appreciated.
>
> References:
> 1. https://man.openbsd.org/disklabel#AUTOMATIC_DISK_ALLOCATION
>
> Best regards,
> David.
>
>


Re: IPv6 ULA routing stops working after 20 hours or so

2024-06-24 Thread Thomas Bohl

Am 23.06.2024 um 19:50 schrieb Thomas Bohl:
The router doesn't have a valid NDP entry. It has a NDP entry for an 
address ifconfig says is deprecated. If I force the use of this 
deprecated address with "ping -I" the response are received.


I have to verify if it always stops if pltime reaches zero.


It doesn't always stop immediately if pltime reaches zero and a new 
temporary address is generated. Only sometimes. But in the long run it 
eventually will fail and never recover.


It has to be a NDP problem. I'm not sure who is at fault. My guess would 
be the router, because its traces will start outputting a 
xx:xx:xx:xx:xx:xx mac address (that is not me anonymizing it):


(fd00:172:17:174:d468:28ab:498e:5d0e is the new autoconf temporary 
address on the OpenBSD host.)


[ND-CACHE] 2024/06/24 23:06:17,088  Devicetime: 2024/06/24 
23:06:17,077[info] : ND state on interface HOST_O4 changed
fe80::91:51ff:fe40:c93f iface HOST_O4 lladdr 02:91:51:40:c9:3f 
(BUNDLE-1,3) host DELAY src fe80::2a0:57ff:fe3a:ac77


[ND-CACHE] 2024/06/24 23:06:17,127  Devicetime: 2024/06/24 
23:06:17,105[info] : outgoing packet on HOST_O4
target: fd00:172:17:174:d468:28ab:498e:5d0e, source: 
fe80::2a0:57ff:fe3a:ac77
fd00:172:17:174:d468:28ab:498e:5d0e iface HOST_O4 lladdr 
xx:xx:xx:xx:xx:xx host INIT src fe80::2a0:57ff:fe3a:ac77


[ND-CACHE] 2024/06/24 23:06:17,127  Devicetime: 2024/06/24 
23:06:17,105[info] : ND state on interface HOST_O4 changed
fd00:172:17:174:d468:28ab:498e:5d0e iface HOST_O4 lladdr 
xx:xx:xx:xx:xx:xx host INCOMPLETE src fe80::2a0:57ff:fe3a:ac77


[ND-CACHE] 2024/06/24 23:06:20,109  Devicetime: 2024/06/24 
23:06:20,105[info] : ND state on interface HOST_O4 changed
fd00:172:17:174:d468:28ab:498e:5d0e iface HOST_O4 lladdr 
xx:xx:xx:xx:xx:xx host UNREACHABLE src fe80::2a0:57ff:fe3a:ac77



I just don't get why Linux and Windows don't have the same problem. I 
try to collect more tcpdump and log-data.




Re: IPv6 ULA routing stops working after 20 hours or so

2024-06-23 Thread Thomas Bohl

Am 23.06.2024 um 19:05 schrieb Crystal Kolipe:

On Sun, Jun 23, 2024 at 06:42:10PM +0200, Thomas Bohl wrote:

(The log-output is indistinguishable from when it is working.) Yet I don't
see them arriving with tcpdump:

# tcpdump -n -i vio0 ip6
tcpdump: listening on vio0, link-type EN10MB
18:29:38.703181 fe80::be24:11ff:fe10:5272.46404 >
fe80::2a0:57ff:fe3a:ac77.53: 29603+ ? google.com.(28) [flowlabel
0xe0681]
18:29:38.731683 fe80::2a0:57ff:fe3a:ac77.53 >
fe80::be24:11ff:fe10:5272.46404: 29603 1/0/0 [|domain]
18:29:38.731839 fd00:172:17:170:c57c:a20c:2d74:124 >
2a00:1450:4005:801::200e: icmp6: echo request


Are you sure that the router had a valid NDP entry for
fd00:172:17:170:c57c:a20c:2d74:124 at this point?



The router doesn't have a valid NDP entry. It has a NDP entry for an 
address ifconfig says is deprecated. If I force the use of this 
deprecated address with "ping -I" the response are received.


I have to verify if it always stops if pltime reaches zero.



Re: IPv6 ULA routing stops working after 20 hours or so

2024-06-23 Thread Thomas Bohl
Maybe I should let slaacd run in the foreground till IPv6 stops working 
and see if that give out clues.


The output of slaacd looks completely normal. Like this over and over again:

ICMPv6 type(134), code(0) from fe80::2a0:57ff:fe3a:ac77%vio0 of length 112
update_iface_ra_dfr, dfr state: PROPOSAL_CONFIGURED, rl: 1800
dfr_proposal_state_transition[vio0] PROPOSAL_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 1788

update_iface_ra_prefix, addr state: PROPOSAL_CONFIGURED
updating address
configure_address: 1
iface_state_transition[vio0] IF_BOUND -> IF_BOUND, timo: -1
addr_proposal_state_transition[vio0] PROPOSAL_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 60477

update_iface_ra_prefix, addr state: PROPOSAL_CONFIGURED
updating address
configure_address: 1
iface_state_transition[vio0] IF_BOUND -> IF_BOUND, timo: -1
addr_proposal_state_transition[vio0] PROPOSAL_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 604788

update_iface_ra_rdns, rdns state: PROPOSAL_CONFIGURED, rl: 1800
rdns_proposal_state_transition[vio0] PROPOSAL_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 1788

configure_interface: vio0
configure_interface: vio0


I also dug into the debug output of my router.
Echo request goes out, reply comes back and is routed/forwarded to the 
OpenBSD host.


[IPv6-Router] 2024/06/23 18:03:27,197  Devicetime: 2024/06/23 
18:03:27,639 [INTERNET (14)]

IP packet, scope global, routing tag 0:
  IPv6: 2a00:1450:4005:801::200e -> 
2a02:810d:5fc0:f2a:bb4d:6e1a:d2f:c576, Payload-Len: 64

  ICMP: Echo (ping) reply (129), ID: 18553, Seq: 0
--> Firewall: accepted, forwarded unicast via HOST_MAIL1 (6)


(The log-output is indistinguishable from when it is working.) Yet I 
don't see them arriving with tcpdump:


# tcpdump -n -i vio0 ip6
tcpdump: listening on vio0, link-type EN10MB
18:29:38.703181 fe80::be24:11ff:fe10:5272.46404 > 
fe80::2a0:57ff:fe3a:ac77.53: 29603+ ? google.com.(28) [flowlabel 
0xe0681]
18:29:38.731683 fe80::2a0:57ff:fe3a:ac77.53 > 
fe80::be24:11ff:fe10:5272.46404: 29603 1/0/0 [|domain]
18:29:38.731839 fd00:172:17:170:c57c:a20c:2d74:124 > 
2a00:1450:4005:801::200e: icmp6: echo request
18:29:39.740141 fd00:172:17:170:c57c:a20c:2d74:124 > 
2a00:1450:4005:801::200e: icmp6: echo request
18:29:40.740110 fd00:172:17:170:c57c:a20c:2d74:124 > 
2a00:1450:4005:801::200e: icmp6: echo request
18:29:42.980121 fe80::be24:11ff:fe10:5272 > fe80::2a0:57ff:fe3a:ac77: 
icmp6: neighbor sol: who has fe80::2a0:57ff:fe3a:ac77
18:29:42.980551 fe80::2a0:57ff:fe3a:ac77 > fe80::be24:11ff:fe10:5272: 
icmp6: neighbor adv: tgt is fe80::2a0:57ff:fe3a:ac77
18:29:43.731733 fe80::2a0:57ff:fe3a:ac77 > fe80::be24:11ff:fe10:5272: 
icmp6: neighbor sol: who has fe80::be24:11ff:fe10:5272
18:29:43.731774 fe80::be24:11ff:fe10:5272 > fe80::2a0:57ff:fe3a:ac77: 
icmp6: neighbor adv: tgt is fe80::be24:11ff:fe10:5272

^C
47 packets received by filter
0 packets dropped by kernel



Again if I restart the host it works (for about a day):

# tcpdump -n -i vio0 ip6
tcpdump: listening on vio0, link-type EN10MB
18:36:23.536231 fe80::be24:11ff:fe10:5272.40542 > 
fe80::2a0:57ff:fe3a:ac77.53: 31164+ ? google.com.(28) [flowlabel 
0xb2311]
18:36:23.578447 fe80::2a0:57ff:fe3a:ac77.53 > 
fe80::be24:11ff:fe10:5272.40542: 31164 1/0/0 [|domain]
18:36:23.579030 fd00:172:17:170:202c:9944:920d:70dd > 
2a00:1450:4005:801::200e: icmp6: echo request
18:36:23.612097 fe80::2a0:57ff:fe3a:ac77 > ff02::1:ff0d:70dd: icmp6: 
neighbor sol: who has fd00:172:17:170:202c:9944:920d:70dd
18:36:23.612132 fe80::be24:11ff:fe10:5272 > fe80::2a0:57ff:fe3a:ac77: 
icmp6: neighbor adv: tgt is fd00:172:17:170:202c:9944:920d:70dd
18:36:23.612433 2a00:1450:4005:801::200e > 
fd00:172:17:170:202c:9944:920d:70dd: icmp6: echo reply
18:36:24.580102 fd00:172:17:170:202c:9944:920d:70dd > 
2a00:1450:4005:801::200e: icmp6: echo request
18:36:24.612662 2a00:1450:4005:801::200e > 
fd00:172:17:170:202c:9944:920d:70dd: icmp6: echo reply
18:36:25.580090 fd00:172:17:170:202c:9944:920d:70dd > 
2a00:1450:4005:801::200e: icmp6: echo request
18:36:25.611510 2a00:1450:4005:801::200e > 
fd00:172:17:170:202c:9944:920d:70dd: icmp6: echo reply

^C
79 packets received by filter
0 packets dropped by kernel


Strange






On 23 Jun 2024, at 2:27 AM, Thomas Bohl 
 wrote:


Hello,

I'm using ULAs for my local IPv6 networks. The hosts have internet 
access via the router doing NPTv6.


After around 20 to 24 hours of uptime the OpenBSD hosts (three in 
total) are no longer able to reach the IPv6 internet. A restart of 
the affected hosts usually helps. In rare cases a double restart is 
required. Linux and Windows don't show this problem.


Any ideas? What information should I provide in order to debug this 
further?


# uname -a
OpenBSD mail1 7.5 GENERIC#79 amd64

# cat /etc/hostname.vio0
# BEGIN ANSIBLE MANAGED BLOCK IPv6
inet6 -soii
inet6 autoconf
# END ANSIBLE MANAGED BLOCK IPv6
# BEGIN ANSIBLE MANAGED BLOCK IPv4
inet 17

Re: IPv6 ULA routing stops working after 20 hours or so

2024-06-23 Thread Thomas Bohl

Sorry for top post.

Are you doing any filtering of ICMP6 with PF?


I don't think so, it is the standard rule set:

# pfctl -s rules
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55



I assume your router is also doing rad to hand out slaac to clients?


The router is doing router advertisements and slaacd handels it on the 
OpenBSD side.


# rcctl stop slaacd
# slaacd -vd
IMSG_OPEN_ICMP6SOCK
open_icmp6sock: 0
iface_state_transition[vio0] IF_DOWN -> IF_INIT, timo: 4
send_solicitation(1)
send_solicitation(1)
ICMPv6 type(134), code(0) from fe80::2a0:57ff:fe3a:ac77%vio0 of length 112
configure_dfr: 1
dfr_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 1788

gen_dfr_proposal: iface 1: fe80::2a0:57ff:fe3a:ac77%vio0
configure_address: 1
iface_state_transition[vio0] IF_INIT -> IF_BOUND, timo: -1
addr_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 604788

gen_address_proposal: iface 1: fd00:172:17:170:be24:11ff:fe10:5272
configure_address: 1
iface_state_transition[vio0] IF_BOUND -> IF_BOUND, timo: -1
addr_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 61448

gen_address_proposal: iface 1: fd00:172:17:170:5689:59a3:3153:d825
rdns_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 1788

gen_rdns_proposal: iface 1: fe80::2a0:57ff:fe3a:ac77%vio0
failed to send route message: File exists
configure_interface: vio0
Setting MTU to 1500
configure_interface: vio0
RTM_NEWADDR: vio0[1]
RTM_CHGADDRATTR: fd00:172:17:170:5689:59a3:3153:d825 -  autoconf temporary


Maybe I should let slaacd run in the foreground till IPv6 stops working 
and see if that give out clues.





Jason.

Sent from my iPhone


On 23 Jun 2024, at 2:27 AM, Thomas Bohl  wrote:

Hello,

I'm using ULAs for my local IPv6 networks. The hosts have internet access via 
the router doing NPTv6.

After around 20 to 24 hours of uptime the OpenBSD hosts (three in total) are no 
longer able to reach the IPv6 internet. A restart of the affected hosts usually 
helps. In rare cases a double restart is required. Linux and Windows don't show 
this problem.

Any ideas? What information should I provide in order to debug this further?

# uname -a
OpenBSD mail1 7.5 GENERIC#79 amd64

# cat /etc/hostname.vio0
# BEGIN ANSIBLE MANAGED BLOCK IPv6
inet6 -soii
inet6 autoconf
# END ANSIBLE MANAGED BLOCK IPv6
# BEGIN ANSIBLE MANAGED BLOCK IPv4
inet 172.17.17.2 255.255.255.252
!route add default 172.17.17.1
# END ANSIBLE MANAGED BLOCK IPv4


When things are working:

# uptime
  5:11PM  up 9 mins, 1 user, load averages: 0.00, 0.01, 0.00


# ifconfig vio0
vio0: 
flags=648843
 mtu 1500
 lladdr bc:24:11:10:52:72
 index 1 priority 0 llprio 3
 groups: egress
 media: Ethernet autoselect
 status: active
 inet6 fe80::be24:11ff:fe10:5272%vio0 prefixlen 64 scopeid 0x1
 inet 172.17.17.2 netmask 0xfffc broadcast 172.17.17.3
 inet6 fd00:172:17:170:be24:11ff:fe10:5272 prefixlen 64 autoconf pltime 
604644 vltime 2591844
 inet6 fd00:172:17:170:1fa3:a3db:db4a:707d prefixlen 64 autoconf 
temporary pltime 74422 vltime 172248


# ping6 -vn -c 3 google.com
PING google.com (fd00:172:17:170:1fa3:a3db:db4a:707d --> 
2a00:1450:4005:801::200e): 56 data bytes
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=0 hlim=114 time=27.533 ms
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=1 hlim=114 time=30.263 ms
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=2 hlim=114 time=30.143 ms

--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 27.533/29.313/30.263/1.260 ms


# traceroute6 -vn google.com
traceroute6 to google.com (2a00:1450:4005:801::200e), 64 hops max, 60 byte 
packets
  1  fd00:172:17:170:2a0:57ff:fe3a:ac77 68 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  0.227 ms  0.159 ms  0.136 ms
  2  2a02:810d:1:bf::3 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  13.606 
ms 2a02:810d:1:bf::2 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  15.823 ms 
2a02:810d:1:bf::3 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 14.467 ms
  3  * * *
  4  * * *
  5  * * *
  6  2001:4860:1:1::2a4 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  16.263 
ms  12.806 ms  14.327 ms
  7  * 2001:4860:0:1::839f 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
15.828 ms *
  8  * * *
  9  2001:4860::c:4003:4958 152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
27.715 ms  29.765 ms  30.264 ms
10  2001:4860::c:4002:f990 152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
31.119 ms 2001:4860::c:4002:f991 152 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  29.906 ms 2001:4860::c:4002:f990 152 bytes 
to fd00:172:17:170:1fa3:a3db:db4a:707d  36.316 ms
11  2001:48

IPv6 ULA routing stops working after 20 hours or so

2024-06-22 Thread Thomas Bohl

Hello,

I'm using ULAs for my local IPv6 networks. The hosts have internet 
access via the router doing NPTv6.


After around 20 to 24 hours of uptime the OpenBSD hosts (three in total) 
are no longer able to reach the IPv6 internet. A restart of the affected 
hosts usually helps. In rare cases a double restart is required. Linux 
and Windows don't show this problem.


Any ideas? What information should I provide in order to debug this further?

# uname -a
OpenBSD mail1 7.5 GENERIC#79 amd64

# cat /etc/hostname.vio0
# BEGIN ANSIBLE MANAGED BLOCK IPv6
inet6 -soii
inet6 autoconf
# END ANSIBLE MANAGED BLOCK IPv6
# BEGIN ANSIBLE MANAGED BLOCK IPv4
inet 172.17.17.2 255.255.255.252
!route add default 172.17.17.1
# END ANSIBLE MANAGED BLOCK IPv4


When things are working:

# uptime
 5:11PM  up 9 mins, 1 user, load averages: 0.00, 0.01, 0.00


# ifconfig vio0
vio0: 
flags=648843 
mtu 1500

    lladdr bc:24:11:10:52:72
    index 1 priority 0 llprio 3
    groups: egress
    media: Ethernet autoselect
    status: active
    inet6 fe80::be24:11ff:fe10:5272%vio0 prefixlen 64 scopeid 0x1
    inet 172.17.17.2 netmask 0xfffc broadcast 172.17.17.3
    inet6 fd00:172:17:170:be24:11ff:fe10:5272 prefixlen 64 autoconf 
pltime 604644 vltime 2591844
    inet6 fd00:172:17:170:1fa3:a3db:db4a:707d prefixlen 64 autoconf 
temporary pltime 74422 vltime 172248



# ping6 -vn -c 3 google.com
PING google.com (fd00:172:17:170:1fa3:a3db:db4a:707d --> 
2a00:1450:4005:801::200e): 56 data bytes

64 bytes from 2a00:1450:4005:801::200e: icmp_seq=0 hlim=114 time=27.533 ms
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=1 hlim=114 time=30.263 ms
64 bytes from 2a00:1450:4005:801::200e: icmp_seq=2 hlim=114 time=30.143 ms

--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 27.533/29.313/30.263/1.260 ms


# traceroute6 -vn google.com
traceroute6 to google.com (2a00:1450:4005:801::200e), 64 hops max, 60 
byte packets
 1  fd00:172:17:170:2a0:57ff:fe3a:ac77 68 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  0.227 ms  0.159 ms  0.136 ms
 2  2a02:810d:1:bf::3 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
13.606 ms 2a02:810d:1:bf::2 68 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  15.823 ms 2a02:810d:1:bf::3 68 
bytes to fd00:172:17:170:1fa3:a3db:db4a:707d 14.467 ms

 3  * * *
 4  * * *
 5  * * *
 6  2001:4860:1:1::2a4 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
16.263 ms  12.806 ms  14.327 ms
 7  * 2001:4860:0:1::839f 68 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  15.828 ms *

 8  * * *
 9  2001:4860::c:4003:4958 152 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  27.715 ms  29.765 ms  30.264 ms
10  2001:4860::c:4002:f990 152 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  31.119 ms 2001:4860::c:4002:f991 
152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  29.906 ms 
2001:4860::c:4002:f990 152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
36.316 ms
11  2001:4860::c:4001:ebf 152 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  29.679 ms 2001:4860::c:4002:7869 
152 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  33.901 ms  31.045 ms
12  2001:4860::9:4001:ecb 68 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  29.68 ms 2001:4860::9:4001:ec0 68 
bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  29.575 ms 
2001:4860::9:4001:ecb 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
36.681 ms
13  2001:4860:0:1::6b65 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
29.283 ms * *
14  2001:4860:0:1::6b65 68 bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  
30.595 ms 2a00:1450:4005:801::200e 68 bytes to 
fd00:172:17:170:1fa3:a3db:db4a:707d  40.122 ms 2001:4860:0:1::6b65 68 
bytes to fd00:172:17:170:1fa3:a3db:db4a:707d  30.369 ms



# route -n show -inet6
Routing tables

Internet6:
Destination Gateway Flags   Refs  
Use Mtu  Prio Iface
default fe80::2a0:57ff:fe3a:ac77%vio0   UGS    0    8 
- 8 vio0
::/96 ::1 UGRS   0    0 
32768 8 lo0
::1 ::1 UHhl  10   20 
32768 1 lo0
:::0.0.0.0/96 ::1 UGRS   
0    0 32768 8 lo0
2002::/24 ::1 UGRS   0    0 
32768 8 lo0
2002:7f00::/24 ::1 UGRS   
0    0 32768 8 lo0
2002:e000::/20 ::1 UGRS   
0    0 32768 8 lo0
2002:ff00::/24 ::1 UGRS   
0    0 32768 8 lo0
fd00:172:17:170::/64 fd00:172:17:170:be24:11ff:fe10:5272 UCPn   
0    1 - 4 vio0
fd00:172:17:170::/64 fd00:172:17:170:1fa3:a3db:db4a:707d UCPn   
0    0 - 4 vio0
fd00:172:17:170:1fa3:a3db:db4a:707d 
bc:24:11:10:52:72   UHLl   0  193 - 1 vio0
fd00:172:17:170:be24:11ff:fe10:5272 
bc:24:11:10:52:72   UH

Re: installing packages mentioned as dependency in ports package

2024-06-21 Thread Thomas L.
On Fri, 21 Jun 2024 20:16:57 +0530
Sandeep Gupta  wrote:
> My query is how to install build dependency of a package listed in
> ports?

i have FETCH_PACKAGES=-Dsnap in my /etc/mk.conf so that for all dependencies
pkg_add -Dsnap is tried first (see bsd.port.mk(5) for details). you can also
pass that as argument to make(1).



Re: make usb audio device always rsnd/1 - not rsnd/2

2024-06-19 Thread Thomas Frohwein
On Wed, Jun 19, 2024 at 01:25:44PM +0200, Divan Santana wrote:
> Greetings All,
> 
> I have a USB audio bluetooth dongle plugged in.
> 
> azalia0 at pci0 dev 31 function 3 "Intel 600 Series HD Audio" rev 0x01: msi
> audio0 at azalia0
> uaudio0 at uhub5 port 1 configuration 1 interface 3 "Creative Creative BT-W5" 
> rev 2.00/10.00 addr 7
> uaudio0: class v1, full-speed, sync, channels: 2 play, 1 rec, 3 ctls
> audio1 at uaudio0
> 
> I also have a usb camera plugged in.
> 
> uaudio1 at uhub1 port 6 configuration 1 interface 3 "Logitech C270 HD WEBCAM" 
> rev 2.00/0.21 addr 9
> uaudio1: class v1, high-speed, sync, channels: 0 play, 1 rec, 2 ctls
> audio2 at uaudio1
> 
> To use this bluetooth audio device I do:
> 
> doas rcctl set sndiod flags -f rsnd/0 -F rsnd/1
> 
> Sometimes upon rebooting these devices switch device numbers.  This
> makes the above sndiod flags no longer valid.
> 
> How can one make "Creative Creative BT-W5" device always rsnd/1 and not
> sometimes rsnd/2?

I don't have a perfect solution for this, but being in a similar
situation with my hardware, I've grown accustomed to keeping the
USB audio plugged, and only plugging in the camera when I need it;
therefore generally *after* the audio-only device. This way the USB
audio device is always rsnd/1 here. This may not be what you're looking
for... there are also USB hubs with physical on-off switches that I've
used for my USB camera this way. YMMV



Re: webcam not working on chromium

2024-06-13 Thread Thomas Frohwein
On Thu, Jun 13, 2024 at 03:45:55PM +0200, Walter Alejandro Iglesias wrote:
> Hello Thomas,
> 
> On Thu, 13 Jun 2024 09:27:30 -0400 Thomas Frohwein wrote
> > On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote:
> > > Hi everyone,
> > > 
> > > I followed the instructions in OpenBSD media FAQ but I coudn't make my
> > > webcam work neither on chromium nor on ungoogled-chromium.  It works
> > > fine on Firefox.  Does anyone know any trick to make it work?
> > > 
> >
> > I'm not sure how to help with that if you're not sharing anything about
> > your hardware.
> 
> At first I did not associate the issue with a hardware problem because I
> found several users complaining about this same thing with different
> machines and operating systems.  Some provided a solutions, but none of
> them worked for me.  Besides, the webcam works with the command
> video(1), ffmpeg and Firefox.  And, the webcam is recognized by
> chromium, it just shows a black screen.  Is that chromium could have
> problems with my specific video card?
> 
> In any case, below you have the info you asked me.

There are some who use their webcam with chromium frequently, including me.
It's been a few weeks but I just tested it and it still works on -current.
So if yours isn't working, it's either the configuration or your hardware...

> uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., 
> Ltd. Integrated Camera" rev 2.00/23.45 addr 4
> video0 at uvideo0

While I'm not familiar with your specific device, it's clearly detected and
attaches to video0.

In terms of configuration, you need to have kern.video.record enabled (see
FAQ) and the device /dev/video0 needs to be owned by your user (also FAQ).
If you made any prior changes, you want to make sure that /dev/video is
still a symlink to video0 and not something else.

I think in chromium, you might need ENABLE_WASM=1 for many video conferencing
web pages.



Re: webcam not working on chromium

2024-06-13 Thread Thomas Frohwein
On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote:
> Hi everyone,
> 
> I followed the instructions in OpenBSD media FAQ but I coudn't make my
> webcam work neither on chromium nor on ungoogled-chromium.  It works
> fine on Firefox.  Does anyone know any trick to make it work?
> 

I'm not sure how to help with that if you're not sharing anything about
your hardware.



Re: Sudden reboot every 5-10 minutes on latest snapshot

2024-05-25 Thread Thomas Frohwein
On Sat, May 25, 2024 at 12:06:39PM +, Ali Farzanrad wrote:
> Ali Farzanrad  wrote:
> > Alexandre Ratchov  wrote:
> > > On Fri, May 24, 2024 at 09:04:29PM +, Ali Farzanrad wrote:
> > > > Alexandre Ratchov  wrote:
> > > > > On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:

[...]

> > I have another problem here.  My USB keyboard works great in BOOTX64.EFI
> > but will not work on kernel config.
> > 
> > I created /etc/bsd.re-config file and rebooted my system twice to
> > disable azalia and then checked if it is disabled using config(8) and
> > dmesg(8).
> > 
> > Even when azalia is disabled my system gets sudden reboots.
> > First sudden reboot was just after playing a music; but next 2 reboots
> > was happened without playing anything.
> > 
> > > Then, just do your regular stuff and see if the system reboots.
> 
> I tested again with my patch.  When azalia is disabled, it suddenly
> reboots after few minutes, without playing anything.  When azalia is
> enabled, it lives.
> 

This looks to me like you are chasing down a new rabbit hole every time
I open one of your emails. I'd suggest you take a step back from all
the stuff you seem to be trying without having a firm grasp on how to
observe or report reproducibility. Have you tried out sthen@'s advice
to check old kernels + snapshots[1]? I may have missed your response to
this. You wrote that you rarely got the issue prior 17-May-2024? If
that *is correct*, then you should be able to bisect using the snapshot
archive around what date things change.

I am highlighting *is correct* above because your issue seems to be
unpredictable enough that a few minutes of testing don't mean anything.
I suggest you try to find a *clear difference*, meaning between a
snapshot where no reboot happens for ideally a whole day of use, and
the next one where it clearly happens very quickly (and reproducible
at least a second or third time).

Your reports also make me wonder how much customization you are
running. You've mentioned at least compiling custom kernels and
setting bsd.re-config. It's easy to find yourself in virtually
unsolvable scenarios by configuring too much. It might be best to try
a clean install, ideally without activating xenodm/X11.

[1] https://marc.info/?l=openbsd-misc&m=171646884302309&w=2



Re: Issue with pf route-to and routing tables

2024-04-16 Thread Thomas
On Mon, 15 Apr 2024, at 21:33, Thomas wrote:
> Hi all,
>
> I'm greatly enjoying OpenBSD and have it on most of my devices as I try 
> to set up my "perfect lab". I would like some feedback / thoughts about 
> one behaviour which I don't quite get. 
>
> I have a VM for the world facing side of my network. I have a wireguard 
> network to link it up to a home router and other devices. My wireguard 
> traffic is coming onto my VM through wg0. 
>
> On my home router, I'm redirecting all wifi traffic to wg0 using the 
> routing tables like so:
> default192.168.0.1   wg0
> IP_VM IP_Gatewaybse0
> 192.168.0.1  wg0 wg0
>
> And natting outbound traffic on wg0 like so:
> pass out on wg0 from $int_if:network nat-to wg0
>
> I wanted to try out using route-to on my VM instead of using different 
> rdomain or just to try something else. I have another wireguard tunnel, 
> wg1 to relay my internal traffic further. 
>
> I did not touch the routing tables at all and have something like:
> pass in on wg0 inet from wg0:network to !wg0:network route-to wg1
> pass out on wg1 nat-to wg1
>
> Works like a charm. Now what I don't get is that for troubleshooting 
> purposes, I needed to send some traffic to the world on my VM (instead 
> of onward through wg1) and I initially tried:
> pass in log on wg0 inet from wg0:network to !wg0:network route-to vio0
> pass out log on $vio0 nat-to $vio0
>
> Routing tables:
> default   IP_Gateway   vio0
> _Gateway MAC_Gateway  vio0
>
> But this does not work. Removing "route-to vio0" does work, eg.
> pass in log on wg0 inet from wg0:network to !wg0:network #route-to vio0
> pass out log on vio0 nat-to vio0

Never mind, I forgot to check this mailing list and read that I needed to put 
the source address on this line:
pass in log on wg0 inet from wg0:network to !wg0:network route-to IP_GATEWAY

I suppose that then the oddity is that this works with wg1 and may be a corner 
case of the wireguard interface as it's assigned xxx.xxx.xxx.xxx/32 by the VPN 
provider and so destination address = source address?

One side question as I consider using rdomain. man 4 rdomain gives as an 
example:
A pf.conf(5) snippet to block incoming port 80, and nat-to and move to
rtable 0 on interface em1:
   block in on rdomain 4 proto tcp to any port 80
   match out on rdomain 4 to !$internal_net nat-to (em1) rtable 0

Should it not be "match in" in the 2nd line? man 5 pf.conf reads:
rtable number
 Used to select an alternate routing table for the routing lookup.
 Only effective before the route lookup happened, i.e. when
 filtering inbound.
Or does it work because it's a match statement? 

Thanks all,



Issue with pf route-to and routing tables

2024-04-15 Thread Thomas
Hi all,

I'm greatly enjoying OpenBSD and have it on most of my devices as I try to set 
up my "perfect lab". I would like some feedback / thoughts about one behaviour 
which I don't quite get. 

I have a VM for the world facing side of my network. I have a wireguard network 
to link it up to a home router and other devices. My wireguard traffic is 
coming onto my VM through wg0. 

On my home router, I'm redirecting all wifi traffic to wg0 using the routing 
tables like so:
default192.168.0.1   wg0
IP_VM IP_Gatewaybse0
192.168.0.1  wg0 wg0

And natting outbound traffic on wg0 like so:
pass out on wg0 from $int_if:network nat-to wg0

I wanted to try out using route-to on my VM instead of using different rdomain 
or just to try something else. I have another wireguard tunnel, wg1 to relay my 
internal traffic further. 

I did not touch the routing tables at all and have something like:
pass in on wg0 inet from wg0:network to !wg0:network route-to wg1
pass out on wg1 nat-to wg1

Works like a charm. Now what I don't get is that for troubleshooting purposes, 
I needed to send some traffic to the world on my VM (instead of onward through 
wg1) and I initially tried:
pass in log on wg0 inet from wg0:network to !wg0:network route-to vio0
pass out log on $vio0 nat-to $vio0

Routing tables:
default   IP_Gateway   vio0
_Gateway MAC_Gateway  vio0

But this does not work. Removing "route-to vio0" does work, eg.
pass in log on wg0 inet from wg0:network to !wg0:network #route-to vio0
pass out log on vio0 nat-to vio0

I'm guessing that this may have to be since it's routed "twice"? Eg. routed-to 
and a second time with the default route of the routing tables? So I understand 
why route-to is not necessary in this case, but I would think route-to should 
still work and that means I don't get how it's working? I've tried used pflog0 
to check the above rules but cannot see any difference: in both cases, it's 
passing in on wg0 through vio0 and src IP is rewritten to VM public IP.

I'm thinking of more complex rules to split traffic from wg0 between wg1 and 
vio0 based on the ports and using route-to vio0 seemed the easiest way to do so.

Thanks in advance,

Thomas



Re: sftp server empty password login

2024-03-27 Thread Thomas L.
On Tue, 26 Mar 2024 10:28:11 +0100
Sylvain Saboua  wrote:
> Match User media
>  ForceCommand internal-sftp -d /home/media
>  ChrootDirectory /home/media
>  PasswordAuthentication yes
>  AuthenticationMethods none
>  PermitEmptyPasswords yes

you probably also want DisableForwarding there. otherwise everyone can use
your machine as a proxy. this happened to me with a similar setup to allow
anonymous git cloning. some spammer figured it out and used my server as a
relay. don't be me ... ;)



Re: No packages found for 7.5 snapshot on arm64

2024-03-09 Thread Thomas Frohwein
On Sat, Mar 09, 2024 at 02:27:36PM +0500, ofthecentury wrote:
> I had a similar problem this week, for amd64.
> The 'packages/amd64' folder on the OpenBSD
> mirrors for 7.5 snapshot is also empty. So I
> just manually set PKG_PATH to 7.4 packages
> folder for the time being.

This will likely break things. You would be effectively mixing an
almost-7.5 base with 7.4 packages. The solution is to point at the
snapshots packages directory, which is what -Dsnap does for you.

> On Sat, Mar 9, 2024 at 2:15 PM Dmitry Matveyev  wrote:
> >
> > Hi,
> >
> > I was running an OpenBSD with this description of the iso: OpenBSD
> > 7.4-current 2023-11-03 (arm64). A week ago I started getting an error
> > trying to install any package:
> >
> > # pkg_add -Uvi colorls
> > Update candidates: quirks-7.12 -> quirks-7.12
> > Update candidates: updatedb-0p0 -> updatedb-0p0
> > quirks-7.12 signed on 2024-03-05T14:52:30Z
> > Can't install colorls-7.4 because of libraries
> > |library c.99.0 not found
> > | /usr/lib/libc.so.98.0 (system): bad major
> > Couldn't install colorls-7.4
> >
> > Here I have an older version whereas the package requires a newer
> > version.
> >
> > I've read that it might be due to using -current and that I need to
> > upgrade my system to the latest snapshot. I have run sysupgrade and now
> > uname says that I'm on OpenBSD 7.5 GENERIC.MP#128 arm64. And now I can't
> > install anything at all because pkg_add complains that it can't find a
> > directory https://ftp.hostserver.de/pub/OpenBSD/7.5/packages/aarch64/. I
> > have checked several mirrors at https://www.openbsd.org/ftp.html and
> > they indeed don't have any packages under 7.5.
> >
> > How do I fix this?
> >
> 



Re: Automatic OS updates

2024-02-20 Thread Thomas Schmidt

OP did indeed mean `sysupgrade`, but fwiw, `syspatch && reboot` reboots
your system if a patch as applied. I got it in all of my servers'
cronjobs.

- Thomas

Am 17.02.2024 um 02:24 schrieb obs...@loopw.com:




On Feb 15, 2024, at 10:12 AM, b...@fea.st wrote:
am I the only one using automatic OS updates




  0  3  *  *  * root  sysupgrade


Maybe you meant “syspatch” there?

Syspatching via cron is questionable - Some of the patches wont be loaded until 
the box is rebooted.

I think its better to run either syspatch or sysupgrade when i’m in front of 
the console and can deal with consequences.







Re: Ignore some USB devices

2024-02-19 Thread Thomas L.
On Mon, 19 Feb 2024 19:43:14 +0100
Kirill A. Korinsky  wrote:
> I do have two USB audio device:
>
>   ~ $ usbdevs  -v
>   Controller /dev/usb0:
>   ...
>   addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
>high speed, self powered, config 1, rev 0.03
>driver: uaudio0
>   ...
>   addr 13: 041e:3130 Creative, Creative BT-W5
>full speed, self powered, config 1, rev 10.00, iSerial
> D97E0B7F86B95AC32000 driver: uhidev10
>driver: uhidev11
>driver: uaudio1
>   ~ $
>
> both of them is managed by uaudio. How can I dissable the first one,
> without disabling the second one?

you can select which audio device is used with -f/-F flags to sndiod
(details in man-page) in /etc/rc.conf.local. maybe that helps?



Re: OBS-Studio 26.1.0 and later

2023-12-13 Thread Greg Thomas
So you were using OBS-Studio in the past but can't remember how you
installed it?  As has been shown by others there never was a package for
7.1.  And then you blame the project for removing a package that was never
there in the first place.  Wow.

And you're also totally confusing some OS support with a full
implementation.

On Mon, Dec 11, 2023 at 10:06 PM hammer2_zfs  wrote:

> Hi dears!
>
> I am scripts' kitty ;-)
> I was using OBS-Studio 26.1.0 for Streaming by OpenBSD 7.1.
> since 7.1 to now...
>
> recently, My USB device was gone...
> then, I tried install by pkg_add obs-stuido on OpenBSD 7.4...
> but, I couldn't get the OBS-Studio...
>
> I want to use the OBS-Studio...
> Why, close the support for OBS-Studio...
>


Use of fw_update to bootstrap OBSD

2023-10-08 Thread Thomas
Hello,

I am installing OpenBSD on an old xps13 9380. The WiFi is not supported and so 
I am using a usb dongle for which I need the athn-firmware. I get it to work 
and now wanting to prep a USB disk with all necessary firmware. I'm following 
the FAQ#4 on the website (I suppose it works with more firmware than just the 
WiFi).

So, now to my question. Using fw_update -F to the current dir does download all 
firmware (5 files) and SHA256.sig. However, the file SHA256.sig does not 
include the signature, using signify like so: 

signify -Cp /etc/signify/openbsd-73-fw.pub -x SHA256.sig *

Fails with message: invalid comment in SHA256.sig; must start with 'untrusted 
comment: '

Downloading the SHA256.sig from firmware.openbsd.org/firmware/7.3/SHA256.sig 
which includes the signature does work.

Is it that normal behaviour? Since the firmware.openbsd.org site is not HTTPS, 
and that, at least for me, fw_update does not download signed SHA256.sig, would 
it not be possible to download unintended files?

Thanks in advance,

Thomas



Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

2023-10-07 Thread Thomas Frohwein
On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
> > The webcam seems well detected but no image is displayed...
> 
> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
> 
> > # dmesg | grep "uvideo"
> ^
> 
> Please post a full dmesg next time.
> 
> > uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
> > Co.,Ltd. Integrated Camera" rev 2.01/54.20 addr 3
> > video0 at uvideo0
> > uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
> > Co.,Ltd. Integrated Camera" rev 2.01/54.20 addr 3
> > video1 at uvideo1
> 
> However, this camera should almost certainly just work anyway.
> 
> > $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
>^^^
> 
> Why?

Looks like Comte followed the console instructions at [1] to the letter.
It seems to me that jumping right to ffplay recording isn't the best
way for you to check the camera is working. Simplest way to test seems
to me:

$ video -f /dev/video0

And then you should see a window with the video stream...

[1] https://www.openbsd.org/faq/faq13.html#webcam



Re: X11 crashing

2023-10-05 Thread Thomas Frohwein
On Thu, Oct 05, 2023 at 06:23:36AM +, Maria Morisot wrote:
> I installed the patch for X11 (October 3rd), then rebooted,
> now X is crashing every time I log in on xenodm,
> sometimes I get a blue screen with debug messages,
> other times I get a square on my screen with a black background,
> and it is otherwise completely frozen, and I can't ctrl-alt-Fn
> into a terminal. I can do this before I try logging in though,
> and I tried reverting the patch but to no avail.
> 
> My wm is xfce, and when I remove my .xsession
> everything works normal without crashing.

The obvious question that I have right off the bat is what is in your
.xsession... Sharing that file or clarifying if anything other than
xfce is in there would be a start.

> 
> I'm far from a novice user but I don't know much about
> how to properly report issues or what steps I need to take
> to isolate where the problem is.

There is some useful information on making useful bug reports here:
https://www.openbsd.org/report.html



Re: My /usr cleaning campaign..

2023-08-13 Thread Thomas Frohwein
On Sun, Aug 13, 2023 at 06:40:54PM +0200, Daniele B. wrote:
> 
> Thanks Stuart, as usual.
> 
> Stuart Henderson  wrote:
> 
> > > I still do not understand why I have gtk-doc presents on disk but I
> > > keep it for myself, not like the mistake on the signature, I mean..
> > > then we go to disturb the developers, bloood..  
> > 
> > Because you installed a package which includes them.
> > 
> > You might not need that package any more, use pkglocate to track down
> > which package provides a certain file.
> 
> pkg_info gtk-doc doesn't say me gtk-doc is installed..

I don't think that command tells you anything about the installation
status of that package. When I need to check if a package is installed,
I use for example:

$ pkg_info | grep "gtk.doc"

>From pkg_info(1):

"If no pkg-name is specified, pkg_info shows the names and one-line
comments for all installed packages except internal packages.

> But when I launch:
> 
> pkg_locate share/gtk-doc | less
> 
> from the displayed list I think there is no package missing to have
> resources installed there..

I'm not sure that that's the command to answer the question that you
have. In fact, with wc -l: 14274 this is an exceptionally noisy command
and it shows dozens if not hundreds of different packages that install
into share/gtk-doc.

Note that pkg_locate doesn't limit itself to what you have currently
installed, but shows any file from any package, installed or not, that
has the string 'share/gtk-doc' in its path.

> > > For now I moved doc and gtk-doc with their image files away reaching
> > > quota 25% free. If you say it I could probably be happy about it..  
> > 
> > Now you'll have problems when you update packages.
> 
> I move them away linking -s to them onto /usr/local, do you still think
> it can cause problems?

I think that's asking for trouble and sometimes hard-to-diagnose bugs
with packages in the future.

I'm still not sure what problem you are trying to solve... You want to
upgrade, but are afraid of having too little space in the /usr
partition?

Frankly, having /usr/local on its own partition is exactly the kind of
default that would protect you from /usr/local/share/gtk-docs impinging
on your space in the /usr partition... Not sure if that problem
situation isn't entirely self-made and you are looking for solving the
problems of unsupported customization with even more unsupported
customization...



Re: Recognition Of My Wireless Network Device

2023-08-07 Thread Greg Thomas
On Mon, Aug 7, 2023 at 2:02 PM Jay F. Shachter  wrote:

>
> It does not.  The "ifconfig -a" command reports an awareness of lo0,
> em0 (my Ethernet device), enc0, and pflog0.  And nothing else.  How do
> I get OpenBSD to recognize my Broadcom BCM4313 wireless network device?
>

Did you Google "BCM4313 OpenBSD"

The results aren't very encouraging.


Re: Recognition Of Linux LVMs

2023-08-07 Thread Greg Thomas
On Mon, Aug 7, 2023 at 12:20 PM Jay F. Shachter 
wrote:

>
> >
> > As the primary author of OpenBSD's current fdisk/disklabel/etc. I
> > was intrigued by your recent email to misc@  [I]f you want
> > disklabel(8) to say "Linux LVM" for sd0l you would need at a minimum
> > a patch to /usr/src/sys/sys/disklabel.h to add an FS_LINUXLVM define
> > and the string "Linux LVM" to the immediately following
> > fstypenames[] array
> >
>
> Please forgive me for being unclear.
>
> I was not asking whether my Linux volume group could be recognized by
> the OpenBSD "disklabel" program as a Linux volume group, and correctly
> identified as such.  That would certainly be nice, and a welcome
> improvement to the disklabel program, but it was not what I was
> asking.  I was asking whether Linux logical volumes can be recognized
> as disk devices by the OpenBSD kernel, in the way that they can be
> recognized in NetBSD, and in FreeBSD.  Thus, if I have a multiboot
> computer, on which Linux, FreeBSD, and NetBSD have been installed, and
> if, on the Linux system, I create a volume group named "vgname", and I
> then create within that volume group a logical volume named "lvname",
> then, on the NetBSD system, I can access this logical volume by using
> the exact same names that are used on Linux: either /dev/vgname/lvname,
> or /dev/mapper/vgname-lvname.  On FreeBSD the device name is slightly
> different, on FreeBSD you say /dev/linux_lvm/vgname-lvname, but in
> either case the logical volume is visible.  My question for this
> mailing list was: Are Linux logical volumes visible, or can they be
> made visible, on an OpenBSD system?
>
> I have already remarked that my Solaris, Linux, FreeBSD, and NetBSD
> systems can share disk storage (e.g., the /home/jay directory) by
> means of a ZFS pool, but that OpenBSD cannot, because OpenBSD does not
> support ZFS, and that, therefore, installing an OpenBSD system on the
> same hardware will require some duplication of otherwise shared disk
> storage (and I wonder, parenthetically, why FreeBSD and NetBSD are
> willing to support ZFS, but OpenBSD is not).
>

Stuart already told you this:

"Not likely to happen.

Even if there was an implementation written, patents are involved (use is
granted via the CDDL but that's not an acceptable license for OpenBSD)."


Re: ksh bug or just normal behaviour?

2023-08-02 Thread Thomas Frohwein
On Wed, Aug 02, 2023 at 12:14:51PM +, Thomas Schweikle wrote:
> 
> 
> Am Mi., 02.Aug..2023 um 13:45:26 schrieb Peter N. M. Hansteen:
> > On Wed, Aug 02, 2023 at 11:35:39AM +, Ioan Samarul wrote:
> > > Can you please tell me if this is a bug or it is considered normal?
> > > 
> > > $ set -A test a b c d e f g h i
> > > $ echo ${test[07]}
> > > h
> > > $ echo ${test[08]}
> > > ksh: 08: bad number `08'
> > > $ echo ${test[8]}
> > > i
> > 
> > I strongly suspect you stumbled on to a case of the old convention 
> > "numerals with
> > leading zeroes are interpreted as octal notation" (but do check the 
> > underlying
> > code to make sure).
> 
> Yes, that is it. It is considered octal notation.

And here is the proof:

$ echo ${test[010]}
i



Re: ksh bug or just normal behaviour?

2023-08-02 Thread Thomas Schweikle



Am Mi., 02.Aug..2023 um 13:45:26 schrieb Peter N. M. Hansteen:

On Wed, Aug 02, 2023 at 11:35:39AM +, Ioan Samarul wrote:

Can you please tell me if this is a bug or it is considered normal?

$ set -A test a b c d e f g h i
$ echo ${test[07]}
h
$ echo ${test[08]}
ksh: 08: bad number `08'
$ echo ${test[8]}
i


I strongly suspect you stumbled on to a case of the old convention "numerals 
with
leading zeroes are interpreted as octal notation" (but do check the underlying
code to make sure).


Yes, that is it. It is considered octal notation.


--
Thomas


OpenPGP_0x27AE2304B4974851.asc
Description: OpenPGP public key


Re: Temporary failure when sending emails to this mailing list

2023-07-24 Thread Greg Thomas
On Mon, Jul 24, 2023 at 12:12 PM Jay F. Shachter 
wrote:

>
> I question whether this topic remains of interest to the readers of
> this mailing list, since it no longer has anything to do with OpenBSD,
> only with the character of the man who insulted me when I first tried
> to join the misc@openbsd.org mailing list.  Moreover, the appearance
> on this mailing list of such postings may distract people from other
> postings more deserving of their attention, such as the long, but
> immeasurably interesting, posting that appeared yesterday about the
> inability of the OpenBSD bootloader to boot OpenBSD, which as of this
> writing has elicited no replies.
>

You might get some replies if you rewrote that email quite a bit more
succinctly.   E.g. retain the steps taken along with the results, then
delete irrelevant paragraphs, delete redundancies, delete assumptions,
delete info about other OSes that has nothing to OpenBSD, that will make it
much more readable and less tl;dr.


Re: how to startx with kde?

2023-07-23 Thread Greg Thomas
On Sat, Jul 22, 2023 at 2:46 PM Martin Schröder  wrote:

> Am Sa., 22. Juli 2023 um 23:15 Uhr schrieb Greg Thomas
> :
> > Have you read:
> >
> > https://www.openbsd.org/faq/faq11.html
>
> Where does that mention KDE?
>

It doesn't.  But it also doesn't mention many desktop environments and
display managers.

That being said I clearly haven't kept up with KDE development so I went
down the KDE/Wayland rabbit hole.  For the OP:

https://undeadly.org/cgi?action=article;sid=20210124113220


> P.S.: Please learn to quote


Mea culpa.

Greg


Re: how to startx with kde?

2023-07-22 Thread Greg Thomas
Have you read:

https://www.openbsd.org/faq/faq11.html

On Sat, Jul 22, 2023 at 12:25 PM ykla  wrote:

> Hi,
>
> I install kde by pkg_add kde but how to boot it? Here isn't any login
> manager except gdm in openbsd. But gdm seems that can only boot gnome in
> openbsd.
>
> So how can I boot it? And even it not be booted and why no any warning or
> error after installation?
>
> ykla
>


Re: tmux server recent snapshot amd64 100% CPU freeze

2023-07-17 Thread Thomas Frohwein
On Mon, Jul 17, 2023 at 12:54:05PM +, Jacqueline Jolicoeur wrote:
> Hi,
> 
> I thought I would mention I seem to be able to reproduce a tmux lock up
> where the tmux server component runs at 100% CPU. I am unable to attach
> to it at that point.
> 
> The command I run in order to reproduce this is:
> 
> Enter the tmux command prompt.
> 
> C-b and :
> 
> Run this command.
> 
> movew -r
> 
> It stays locked with the movew command still on screen. I end up having
> to kill the server process.

I have noticed tmux locking up with my original tmux.conf when closing
windows, likely because of renumber-windows on:

set-option -g default-terminal "tmux-256color"
set-option -g history-limit 3000
set-option -g renumber-windows on
set-option -ag window-status-current-style bold
set-option -ag window-status-current-style fg=black
set-option -ag window-status-current-style bg=blue
set-option -ag status-style bg=cyan
set-option -g escape-time 50

I have since switched to a more simplistic config that hasn't run into
the lock up, but I can still trigger it with movew -r as described
above:

set-option -g escape-time 50
set-option -g base-index 1
set-option -g pane-base-index 1

> 
> This started to occur in OpenBSD amd64 snapshots around July 13.
> 
> I am running my OpenBSD amd64 with sysctl vm.malloc_conf=S
> 
> ~/.tmux.conf
> 
> set -g status-keys vi
> set -g status-right "%F %R"
> set -g status-style "bg=black,fg=white"
> setw -g mode-keys vi
> 
> Thanks.
> 



Re: How Do I Get The OpenBSD Install Procedure To Stop Trashing My Bootloader?

2023-07-14 Thread Greg Thomas
"... use it for serious work."

Hah, sure bro. Seems more like you're just trying to set a personal record
for most bootable OSes on a single system.

On Fri, Jul 14, 2023 at 12:03 AM Rob Schmersel  wrote:

> On Thu, 13 Jul 2023 13:53:24 -0500 (EDT)
> "Jay F. Shachter"  wrote:
>
> > Esteemed Colleagues:
> >
> > Every time I install OpenBSD (the latest version, 7.3), it trashes
> > GRUB, and renders my computer unbootable.  I am guessing, and please
> > correct me if I am wrong, that this is because OpenBSD puts its
> > subpartition table in disk storage that has not been given to it.
> >
> > The internal hard drive is an MBR-partitioned disk belonging to a
> > computer that is configured to do Legacy boot.  Microsoft Windows,
> > Linux, and Haiku are already installed.  Microsoft Windows uses all
> > three primary partitions for itself, because that is what Windows
> > does, and every other operating system has to find a place for itself
> > within the extended partition.
> >
> > The bootloader is GRUB2, and has been, since I installed the Linux
> > system.  The Linux system resides on two logical volumes (root and
> > swap) carved out of an LVM volume group that resides on the first
> > logical slice of the extended partition (which Linux calls /dev/sda5).
> > GRUB2 boots it by means of:
> >
> >  insmod lvm
> >  set root=(lvm/m5-springdale)
> >  linux /boot/vmlinuz root=/dev/m5/springdale
> >  initrd /boot/initramfs.img
> >
> > Haiku resides on the third logical slice of the extended partition,
> > which in Linux is called /dev/sda7, and is booted by means of:
> >
> >  set root=(hd0,7)
> >  chainloader +1
> >
> > OpenBSD was installed -- repeatedly -- in the second logical slice of
> > the extended partition, which in Linux is called /dev/sda6 (and I
> > intend to install NetBSD in /dev/sda9, I have a very subtle sense of
> > humor), and there is already a stanza in my GRUB menu that has been
> > made ready for it:
> >
> >  set root=(hd0,6)
> >  chainloader +1
> >
> > although I am also ready to boot it by means of kopenbsd, if
> > necessary.
> >
> > I never got to execute that stanza in the GRUB menu, however, because
> > the OpenBSD installation has always rendered my system unbootable.  It
> > just didn't boot, not even into the GRUB menu.  I had to repair my
> > system by booting from a recovery CD, mounting /dev/m5/springdale on,
> > e.g., /mnt, furnishing /mnt with appropriate proc, sys and dev
> > filesystems, doing a chroot to /mnt, and then doing a "grub2-install
> > /dev/sda".  Which failed, complaining, inter alia, about a disk with
> > multiple partition tables.  But if I did
> >
> >   dd if=/dev/zero of=/dev/sda bs=512 skip=1 count=2
> >
> > then grub2-install ceased complaining about a disk with multiple
> > partition tables, and it succeeded, and I could then reboot into the
> > GRUB menu.  But now OpenBSD was unbootable.
> >
> > All of this has led me reasonably to theorize that OpenBSD puts its
> > subpartition table outside of the area that belongs to it, which is
> > the second logical slice of the extended partition, which is where I
> > tell it to install itself -- in particular, that it puts its
> > subpartition table near the MBR table, which is an area of disk that
> > does not belong to it, but, rather, to GRUB, which is, consequently,
> > trashed.
> >
> > If this is what is happening, then it is totally bogus.
> >
> > I have nothing against subpartitioning.  Linux doesn't do it, but many
> > respectable operating systems do, like FreeBSD, NetBSD, and Solaris,
> > although Solaris, practically speaking, is usually installed so as to
> > use ZFS rather than UFS, so the entire concept of subpartitioning is
> > obsolete.
> >
> > (Parenthetically, when is OpenBSD going to support ZFS, and join the
> > category of operating systems in which I can do serious work, i.e.,
> > Solaris, Linux, FreeBSD, and NetBSD?  NetBSD didn't use to be in that
> > category, because its implementation of ZFS was brain-damaged, but
> > now it has a good implementation of ZFS, and now it is a member in
> > good standing of the category of operating systems in which I can do
> > serious work.  OpenBSD is not, and in that regard it resembles Haiku,
> > or SkyOS, or Icaros, and that is regrettable, because OpenBSD has
> > other good features that would otherwise make me want to use it for
> > serious work.  But I digress.)
> >
> > But my FreeBSD systems manage to do subpartitioning without trashing
> > GRUB and rendering my computers unbootable.  I assume that is because
> > FreeBSD doesn't overwrite disk storage that doesn't belong to it, but
> > that, rather, it keeps its subpartition table in the area of disk
> > where it has been told to install itself.
> >
> > Now, I do not know for certain that OpenBSD overwrites parts of GRUB
> > with its subpartition table.  I am only theorizing, based on strong
> > circumstantial evidence.  What I do know is that every time I instal

Re: iked server/client OBSD/OBSD

2023-07-10 Thread Thomas Bohl

Questions about cert for roadwarrior and more? Why 192.168.1.79? i was
expecting 10.0.5.x please.


Why did you expect that?



spi=0xc166e8f236679cc9: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local
192.168.1.79:500, 255 bytes, policy 'roadwarrior'


192.168.1.79 is your local IP, which is on the interface with a link to 
the default gateway.


$ route -n show -inet


If you have multiple IPs and you want to force iked to use a specific 
one, you have to use "local":


local 10.0.5.x peer 45.77.223.7 \



spi=0xaf891eb37dd8f4cc: ca_getreq: no valid local certificate found for
FQDN/roadwarrior
spi=0xaf891eb37dd8f4cc: ca_getreq: using local public key of type RSA_KEY
spi=0xaf891eb37dd8f4cc: send IKE_AUTH req 1 peer 45.77.223.7:4500 local
192.168.1.79:4500, 947 bytes, NAT-T
spi=0xaf891eb37dd8f4cc: recv IKE_AUTH res 1 peer 45.77.223.7:4500 local
192.168.1.79:4500, 65 bytes, policy 'roadwarrior'
spi=0xaf891eb37dd8f4cc: sa_free: authentication failed notification from peer


Just a guess, since I have never worked with trusted public keys, but 
maybe you have to copy the clients local.pub it into

/etc/iked/pubkeys/fqdn/roadwarrior
(not /etc/iked/pubkeys/fqdn/roadwarrior/local.pub)
or
/etc/iked/pubkeys/ipv4/A.B.C.D
on the server.



Re: iked server/client OBSD/OBSD

2023-07-10 Thread Thomas Bohl




what is wrong? client side iked.conf:

ikev2 'roadwarrior' active esp \
 from dynamic to any \
 peer 45.77.223.7 \
 srcid roadwarrior \
 dstid server1.domain \
 request address any \
 iface lo1

# iked -dv
/etc/iked.conf: 43: invalid iface


lo1 must exist:
# ifconfig lo1 create


To create it at a reboot:
# touch /etc/hostname.lo1



Re: dhcpleased[59824]: sendto: Permission denied

2023-07-08 Thread Thomas M. Beaudry
You did not even look at the list rules.
"Do your homework first..
No desire to deprive you of a learning experience."

Nobody is here to hold your hand. They do too much of that at work. You
must be knowledgeable of the subject. If not, use Google (many web sites
for teaching) or switch to FreeBSD with support for the novice.

The boss gave up a DARPA research grant rather than make changes for them.

On Sat, Jul 8, 2023, 11:42 Mark  wrote:

> What kind of anger and rudeness is that?
>
> We're all (at least those who ask questions) learning here. @misc is for
> that, right?
>
> And I think you should learn, too. You must.
>
> You said it's -no way- related to PF. Yet, it was PF in the end.
>
> Anyway, stop blindly insulting people here.
>
>
>
> Zack Newman , 8 Tem 2023 Cmt, 20:02 tarihinde
> şunu yazdı:
>
> > I am only replying to this in the interest of closure since I am
> > already part of this thread, but disclaimer here is some tough love.
> >
> > You need to stop being lazy and actually understand your network
> > topology, the security/privacy real or contrived-I see you adhere to
> > the whole security by obscurity nonsense with the masking of the last
> > 2 octets of that IPv4 address-and pf. Besides your first attempt at
> > "magically" fixing your problem which was doomed to fail for the
> > reasons I gave, you are now asking for people to guess what rules you
> > need.
> >
> > Do you "really need to block 'martians'"? Seriously? Ignoring the
> > philosophical trap of what you mean by "need", do you even know what a
> > "martian" is; and if not, then why are you blindly blocking them? If you
> > don't know what you are doing, then just don't do it. I don't even know
> > what a "martian" is other than an alien thing from outer space. In the
> > interest of providing a modicum of constructive criticism as opposed to
> > just criticism, here you go:
> >
> >
> https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
> > .
> >
> >
> https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
> > Not sure if that is what "martians" refer to, but your "martians"
> > appear to be a proper subset of what is listed there or at least close.
> > With that information, seek out what those blocks mean and decide based
> > on your topology and security/privacy needs if you should block
> > them.
> >
> > Should I block 192.168.3.2 on my laptop? What about
> > ingress traffic from 2343:24ad:afde:8224::23 destined to UDP port 764
> > on my VPS? Those are obviously rhetorical questions as only I know (or
> > at least _should_ know) what my network topology is like, what
> > services I run, to whom I want to serve, etc.
> >
> > You clearly blindly copied and pasted some rules you found without
> > knowing what they do or why you are doing it as evidenced by the rather
> > embarrassing blocking of your DHCP server. If you are going to be lazy
> > and just want stuff to magically work, then disable pf. Bam. Don't need
> > to worry about anything. If you plan to block stuff though, then
> > actually learn about what you are blocking and why.
> >
> > Here is a tiny olive branch: I would allow all egress traffic from your
> > VPS since that is within _my_ wheel of trust. If my VPS is trying to
> > talk to an IP, then either it is already compromised or at least running
> > software it shouldn't at which point I have bigger problems; or it
> > needs to. Does that "magical" rule apply to you? I don't know, and it
> > sounds like you don't either. Even if it does, you will still need to
> > decide if you want to allow other IPs to send traffic; but that requires
> > you to learn more about your topology, pf, and security/privacy needs.
> >
> >
>


Re: APCI on old Thinkpad

2023-07-03 Thread Thomas Vetere
Yep, Claudio is correct. I have an old 600e and this is an official
statement from IBM support page long ago:

*"The ThinkPad 600E is ACPI ready. ACPI is not installed, but the system
hardware supports ACPI. While ACPI shows a great deal of promise for the
future, numerous problems affect the operation of ACPI on ThinkPad and
other notebook systems. Therefore, the system comes with Windows 98 running
in APM mode."*

So while it might 'support' ACPI theoretically, it probably wont work very
well ;)

Il Lun 3 Lug 2023, 4:47 PM Claudio Jeker  ha
scritto:

> Also keep in mind that laptops that old most often had bad or broken early
> ACPI implementations and it was better to not enable ACPI on those.
> Normally there was some BIOS knob to just use apm(4) which often worked
> much better.
>
> On Mon, Jul 03, 2023 at 08:58:45PM +0200, Daniele B. wrote:
> > Thanks Peter, point got.
> >
> > I also go ahead with very old hardware, kind of 10 years old minipc/pc
> (including a Mac Pro).. and
> > we are in so good habits with our OpenBSD os that we tend to think no
> problem will never arise.
> > Saddly enough we maybe forget what is really feasible..
> >
> >
> > -- Daniele Bonini
> >
> >
> > Jul 3, 2023 14:47:57 Peter N. M. Hansteen :
> >
> > > On Mon, Jul 03, 2023 at 01:36:10PM +0200, Michael Hekeler wrote:
> > >> oh dear I have forgotten the model number - Sorry!
> > >>
> > >> It is Thinkpad 570
> > >
> > > I had to look this up, since I had forgotten that Thinkpads used to
> come
> > > with model numbers not prefixed and/or postfixed with letters.
> > >
> > > I think one of several issues you will bump into is that the machine is
> > > almost a quarter century old (released April 1999 if Wikipedia is to
> be trusted),
> > > and you may be one of fairly few people who have kept one around this
> long.
> > >
> > > This means in practice that in all likelihood, recent versions of any
> now-useful
> > > software has been only lightly tested (if at all) on that vintage
> hardware.
> > >
> > > If you can get someone with the right skillset interested (as in, not
> me, by
> > > any measure) it is conceivable that a fix is within reach. That said,
> however,
> > > I suspect that improving support for more current hardware would tend
> to
> > > take priority when developers decide what to spend their time on.
> > >
> > > All the best,
> > > Peter
> > >
> > > --
> > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> > > https://bsdly.blogspot.com/ https://www.bsdly.net/
> https://www.nuug.no/
> > > "Remember to set the evil bit on all malicious network traffic"
> > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673
> seconds.
> >
>
> --
> :wq Claudio
>
>


Fwd: tmux only possible as root and not as normal user in 7.3?

2023-06-09 Thread Thomas Schnell
forgot mailinglist in reply, everything works now and my apologies: can not 
figure out how I missed this one alias for 3 days ...

Greetings
sarag


> Von: sarag 
> Datum: 9. Juni 2023 um 13:30:38 MESZ
> An: Janne Johansson 
> Betreff: Aw: tmux only possible as root and not as normal user in 7.3?
> 
> oh stupid me! You were absolutely right: there was a aliases-file from my
> dotfile-safes that I copied over and there was indeed a "attach"-alias ... 
> cleaned it and now it works like a charm!
> 
> Thanks a lot for your help! :-)
> Wish you a nice and sunny weekend!
> Greetings
> sarag
> 
> 
> 
> 
>> On 09.&m.2023 12:26, Janne Johansson wrote:
>> Den fre 9 juni 2023 kl 09:44 skrev sa...@sarag.net :
>> 
>>> Ah, sorry, forgot to mention that: no, neither root nor user have any
>>> config file, this is directly after fresh install, so system defaults
>>> should have been used…
>>> 
>> 
>> 
>>> >> I have three new installed machines, that show the same strange
>>> behaviour: tmux is only startable as root, if I want to start it with
>>> command "tmux" as normal user (which is in wheel group, btw), I get the
>>> error "no sessions", if I try to start it with command "tmux start-server",
>>> the error is "no server running on /tmp/tmux-1000/default".
>>> 
>> 
>> This looks a lot like it is running "tmux attach" and not "tmux" when that
>> message appears. Are you sure you are not using some kind of shell alias
>> that makes it go "tmux a" instead?
>> 
>> -- 
>> May the most significant bit of your life be positive.
> 
> -- 
> 
> Viele Grüsse
> Thomas Schnell


tmux only possible as root and not as normal user in 7.3?

2023-06-08 Thread Thomas Schnell
Hi there,

I have three new installed machines, that show the same strange behaviour: tmux 
is only startable as root, if I want to start it with command "tmux" as normal 
user (which is in wheel group, btw), I get the error "no sessions", if I try to 
start it with command "tmux start-server", the error is "no server running on 
/tmp/tmux-1000/default".
On another machine, where OpenBSD has been installed and upgraded since version 
6.7, tmux starts without problems as said user.
I searched FAQ, manpages, www up and down and can not figure out, what goes 
wrong.
Is there anything I missed in manual or release notes? Was there any change in 
tmux startup?
Any hints would be highly appreciated!

thanks in advance
sarag




Re: build go projects with current: bad system call (core dumped)

2023-06-06 Thread Thomas Huber
This issue seems to be related to hardware limits eg. not enough RAM.
I came across these errors on a 1gig openbsd.amsterdam VM (thanks mischa
for your great service!!)
But all the mentioned go projects build fine on larger OpenBSD-VMs (eg.
4gig exoscale VM) and this builds run fine on the smaller VM.

Thanks Stuart for helping out again and verifying the build step.


On Thu, 1 Jun 2023 at 16:34, Thomas Huber  wrote:

> On Thu, 1 Jun 2023 at 16:28, Stuart Henderson 
> wrote:
>
>> On 2023-06-01, Thomas Huber  wrote:
>> > Hi @misc,
>> >
>> > I face a problem with -current when building golang projects.
>> > This worked fine on 7.2 and I think it stopped working with 7.3 release.
>> > Now I try it on -current.
>> >
>> > I get the following error:
>> > "go: error obtaining buildID for go tool compile: signal: bad system
>> call
>> > (core dumped)"
>> >
>> > The Projects I´m trying to build are the nats-server[1] and natscli[2].
>> > go version go1.20.4 openbsd/amd64
>> >
>> > Maybe someone on this list has a clue...
>> > Thanks Thomas (the u2k20 host)
>> >
>> > --
>> > [1] https://github.com/nats-io/nats-server
>> > [2] https://github.com/nats-io/natscli
>> >
>>
>> If you have any old cached compiles lying around (.cache/go-build?) then
>> clear
>> them out and try again.
>>
>>
> thanks so far.
> but didn´t work with updated project dependencies nor a clean
> .cache/go-build.
>
>


Re: build go projects with current: bad system call (core dumped)

2023-06-01 Thread Thomas Huber
On Thu, 1 Jun 2023 at 16:28, Stuart Henderson 
wrote:

> On 2023-06-01, Thomas Huber  wrote:
> > Hi @misc,
> >
> > I face a problem with -current when building golang projects.
> > This worked fine on 7.2 and I think it stopped working with 7.3 release.
> > Now I try it on -current.
> >
> > I get the following error:
> > "go: error obtaining buildID for go tool compile: signal: bad system call
> > (core dumped)"
> >
> > The Projects I´m trying to build are the nats-server[1] and natscli[2].
> > go version go1.20.4 openbsd/amd64
> >
> > Maybe someone on this list has a clue...
> > Thanks Thomas (the u2k20 host)
> >
> > --
> > [1] https://github.com/nats-io/nats-server
> > [2] https://github.com/nats-io/natscli
> >
>
> If you have any old cached compiles lying around (.cache/go-build?) then
> clear
> them out and try again.
>
>
thanks so far.
but didn´t work with updated project dependencies nor a clean
.cache/go-build.


build go projects with current: bad system call (core dumped)

2023-06-01 Thread Thomas Huber
Hi @misc,

I face a problem with -current when building golang projects.
This worked fine on 7.2 and I think it stopped working with 7.3 release.
Now I try it on -current.

I get the following error:
"go: error obtaining buildID for go tool compile: signal: bad system call
(core dumped)"

The Projects I´m trying to build are the nats-server[1] and natscli[2].
go version go1.20.4 openbsd/amd64

Maybe someone on this list has a clue...
Thanks Thomas (the u2k20 host)

--
[1] https://github.com/nats-io/nats-server
[2] https://github.com/nats-io/natscli


Re: PC Engines APU platform EOL

2023-05-01 Thread Thomas M. Beaudry
Linux is slowly losing it's appeal for servers. IT is starting to notice
that Linux servers are cracked almost as much as Windows servers. A large
problem with any OS lacking a central authority to insure that nothing is
added before being fully verified as not introducing a vulnerability.

On Fri, Apr 28, 2023, 12:53 Mihai Popescu  wrote:

> On Wed, Apr 19, 2023 at 11:30 AM Martin Schröder 
> wrote:
>
> > https://www.pcengines.ch/eol.htm
> > The end is near for APUs :-(
>
> It may be the end for open/free source as we know it.
>
> The market is moving to ARM for hardware. As for the software, Linux
> is preferred -  a lot of code, a lot of options, very flexible, very
> configurable.
> There are other options of course, like RISC IV and BSDs, but those
> are just for research and fun (TM).
>
>


Re: Encrypted softraid - Operational question

2023-05-01 Thread Thomas Bohl

Hi

In a server with an encrypted root - server boots with key in USB stick, 
not passphrase.


Can I remove the USB stick with the key, after the server is up and 
running?


Yes



Will I have any problems doing that?


No. Though not at the moment, I used such a setup for years. Only 
inserting the stick for reboots.




IBM X220 drm errors

2023-04-17 Thread Greg Thomas
Just found my backup laptop had powered off while in the middle of rsyncing
to it over WiFi.  Full dmesg is down below these handful of lines:

Apr 17 14:24:28 grits /bsd: sd1 detached
Apr 17 14:24:28 grits /bsd: scsibus2 detached
Apr 17 14:24:28 grits /bsd: drm:pid7291:cpt_set_fifo_underrun_reporting
*ERROR* [drm] *ERROR* uncleared pch fifo underrun on pch transcoder A
Apr 17 14:24:28 grits /bsd: drm:pid7291:intel_pch_fifo_underrun_irq_handler
*ERROR* [drm] *ERROR* PCH transcoder A FIFO underrun
Apr 17 14:24:28 grits /bsd: xhci0: command ring abort timeout



Apr 17 16:03:12 grits /bsd: OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25
10:36:29 MDT 2023
Apr 17 16:03:12 grits /bsd: dera...@amd64.openbsd.org:
/usr/src/sys/arch/amd64/compile/GENERIC.MP
Apr 17 16:03:12 grits /bsd: real mem = 8451125248 (8059MB)
Apr 17 16:03:12 grits /bsd: avail mem = 8175603712 (7796MB)
Apr 17 16:03:12 grits /bsd: random: good seed from bootblocks
Apr 17 16:03:12 grits /bsd: mpath0 at root
Apr 17 16:03:12 grits /bsd: scsibus0 at mpath0: 256 targets
Apr 17 16:03:12 grits /bsd: mainbus0 at root
Apr 17 16:03:12 grits /bsd: bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000
(66 entries)
Apr 17 16:03:12 grits /bsd: bios0: vendor LENOVO version "8DET69WW (1.39 )"
date 07/18/2013
Apr 17 16:03:12 grits /bsd: bios0: LENOVO 428767U
Apr 17 16:03:12 grits /bsd: acpi0 at bios0: ACPI 4.0
Apr 17 16:03:12 grits /bsd: acpi0: sleep states S0 S3 S4 S5
Apr 17 16:03:12 grits /bsd: acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT
HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT UEFI UEFI UEFI
Apr 17 16:03:12 grits /bsd: acpi0: wakeup devices LID_(S3) SLPB(S3)
IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4)
Apr 17 16:03:12 grits /bsd: acpitimer0 at acpi0: 3579545 Hz, 24 bits
Apr 17 16:03:12 grits /bsd: acpihpet0 at acpi0: 14318179 Hz
Apr 17 16:03:12 grits /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
Apr 17 16:03:12 grits /bsd: cpu0 at mainbus0: apid 0 (boot processor)
Apr 17 16:03:12 grits /bsd: cpu0: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz,
2790.99 MHz, 06-2a-07
Apr 17 16:03:12 grits /bsd: cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
Apr 17 16:03:12 grits /bsd: cpu0: 32KB 64b/line 8-way D-cache, 32KB
64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way
L3 cache
Apr 17 16:03:12 grits /bsd: cpu0: smt 0, core 0, package 0
Apr 17 16:03:12 grits /bsd: mtrr: Pentium Pro MTRR support, 10 var ranges,
88 fixed ranges
Apr 17 16:03:12 grits /bsd: cpu0: apic clock running at 99MHz
Apr 17 16:03:12 grits /bsd: cpu0: mwait min=64, max=64,
C-substates=0.2.1.1.2, IBE
Apr 17 16:03:12 grits /bsd: cpu1 at mainbus0: apid 1 (application processor)
Apr 17 16:03:12 grits /bsd: cpu1: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz,
2790.97 MHz, 06-2a-07
Apr 17 16:03:12 grits /bsd: cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
Apr 17 16:03:12 grits /bsd: cpu1: 32KB 64b/line 8-way D-cache, 32KB
64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way
L3 cache
Apr 17 16:03:12 grits /bsd: cpu1: smt 1, core 0, package 0
Apr 17 16:03:12 grits /bsd: cpu2 at mainbus0: apid 2 (application processor)
Apr 17 16:03:12 grits /bsd: cpu2: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz,
2790.98 MHz, 06-2a-07
Apr 17 16:03:12 grits /bsd: cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
Apr 17 16:03:12 grits /bsd: cpu2: 32KB 64b/line 8-way D-cache, 32KB
64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way
L3 cache
Apr 17 16:03:12 grits /bsd: cpu2: smt 0, core 1, package 0
Apr 17 16:03:12 grits /bsd: cpu3 at mainbus0: apid 3 (application processor)
Apr 17 16:03:12 grits /bsd: cpu3: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz,
2791.00 MHz, 06-2a-07
Apr 17 16:03:12 grits /bsd: cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
Apr 17 16:03:12 grits /bsd: cpu3: 32KB 64b/line 8-way D

Re: File system is full after using dd

2023-04-15 Thread Thomas Bohl

Am 15.04.2023 um 16:14 schrieb Lorenzo Torres:

Hello, I've run the dd command to wipe the data of an SD card:dd if=/dev/zero 
of=/dev/rsdb1c bs=1MAfter quite some time it crashed saying that the / 
filesystem is full and even after a reboot the same happens. Now I can't even 
run xorg because the fs is full. Any idea on why this happened?
You most likely wrote into a file and not onto the SD card. Just delete 
the file.




Re: Help for another wiped out disklabel

2023-04-13 Thread Greg Thomas
Ok, now that 7.3 is up and running fine on sd0 I can re do my sd1 USB SSD.

This SSD was set up as a 2nd disk back when I originally installed 6.8 on
it so it's hard for me to remember how I would have had it start at 0
rather than 64 as mentioned in the FAQ.

Thanks for reading and reminding me Nick.



On Thu, Apr 13, 2023 at 4:32 PM Nick Holland 
wrote:

> On 4/13/23 16:08, Greg Thomas wrote:
> > Thank you!  I gave it one more shot before attempting the script and I'm
> > back in.  I figured I'd try 0 for the beginning of the partition.
> >
> > grits# disklabel sd1
> > # /dev/rsd1c:
> > type: SCSI
> > disk: SCSI disk
> > label: Ext SSD
> > duid: 2eeb6058175bf1f7
> > flags:
> > bytes/sector: 512
> > sectors/track: 20
> > tracks/cylinder: 22
> > sectors/cylinder: 440
> > cylinders: 2131143
> > total sectors: 937703088
> > boundstart: 0
> > boundend: 937703088
> >
> > 16 partitions:
> > #size   offset  fstype [fsize bsize   cpg]
> >a:9377030400  4.2BSD   4096 32768 1
> >c:9377030880  unused
>
> OUCH.  Don't do this!
>
> I'm not sure why your disklabel got overwritten *in your case*, but there
> is stuff that's supposed to be at sector zero, and a disklabel is NOT IT.
> Something someday will clobber it.  And it did.
>
> Please, back your data up, put either a UEFI or MBR partition table on it,
> and then use the rest of the disk for your backup.  With modern disk
> sizes, the amount of space you "save" isn't worth the first time this
> happens to you.
>
> Nick.
> (who went back to look at your dmesg to make sure it wasn't a sparc64 :)
>
>


Re: Help for another wiped out disklabel

2023-04-13 Thread Greg Thomas
Thank you!  I gave it one more shot before attempting the script and I'm
back in.  I figured I'd try 0 for the beginning of the partition.

grits# disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: Ext SSD
duid: 2eeb6058175bf1f7
flags:
bytes/sector: 512
sectors/track: 20
tracks/cylinder: 22
sectors/cylinder: 440
cylinders: 2131143
total sectors: 937703088
boundstart: 0
boundend: 937703088

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:9377030400  4.2BSD   4096 32768 1
  c:9377030880  unused

On Thu, Apr 13, 2023 at 2:51 AM  wrote:

> Greg Thomas writes:
> > I just ran through a fresh 7.3 install onto sd0 on an old 6.8 laptop and
> I
> > have no idea what happened to the disklabel on sd1 (during the install I
> > only did an automatic disklabel on sd0).  This is just a backup of my
> > current laptop so not the end of the world (unless my current laptop dies
> > before I have a chance to back it up again).
>
> Part of the solution I used previously to recover my trashed disklabel
> was a script to create a partition on the disklabel with every
> starting value (a simple brute force approach). This proved to be
> far too slow so I resorted to hacking scan_ffs but that's because
> I had other partitions and swap of unknown size to skip over first
> to find the /var/backup partition that I needed.
>
> Since your lost partition is at the beginning of the disc somewhere
> this shouldn't be much of a problem. The end sector doesn't really
> matter if you'll mount the partition read-only provided it's large
> enough; just don't run fsck on it.
>
> Something along the lines of:
>
> for k in `jot 2048`; do echo  | disklabel -e sd0; mount -r
> /dev/sd1a /mnt && echo $k; umount /mnt; done
>
> Where  is multi-line input to disklabel to delete and create
> partition a. Alternatively investigate disklabel's -R option.
>
> Then locate your disklabel backup, investigate -R if you didn't
> already, and restore it exactly.
>
> Matthew
>
>


Help for another wiped out disklabel

2023-04-12 Thread Greg Thomas
I just ran through a fresh 7.3 install onto sd0 on an old 6.8 laptop and I
have no idea what happened to the disklabel on sd1 (during the install I
only did an automatic disklabel on sd0).  This is just a backup of my
current laptop so not the end of the world (unless my current laptop dies
before I have a chance to back it up again).

I was using the whole sd1 disk attached by USB for the backup and from what
I recall I had one big /dev/sd1a mounted on /backup.  Here's the current
disklabel.  The only thing I've tried is changing the boundstart from 2048
to 64, and then creating an a partition with offset of 2048 and 64.  No
luck there.  I'm foggy from getting through the end of a case of COVID so
let me know if there are some obvious parameters I should be using, or if
its futile.

And next time I'll disconnect the USB disk before doing a fresh install.

Thanks for reading.

 grits# disklabel /dev/sd1c
# /dev/sd1c:
type: SCSI
disk: SCSI disk
label: Ext SSD
duid: 2eeb6058175bf1f7
flags:
bytes/sector: 512
sectors/track: 20
tracks/cylinder: 22
sectors/cylinder: 440
cylinders: 2131143
total sectors: 937703088
boundstart: 2048
boundend: 937699328

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  c:9377030880  unused


dmesg:

OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8451125248 (8059MB)
avail mem = 8175603712 (7796MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (66 entries)
bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013
bios0: LENOVO 428767U
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA
SSDT SSDT UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3)
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.98 MHz, 06-2a-07
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.97 MHz, 06-2a-07
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.98 MHz, 06-2a-07
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2791.04 MHz, 06-2a-07
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 

Re: Can't login after upgrading to 7.3

2023-04-11 Thread Thomas Frohwein
On Tue, Apr 11, 2023 at 05:12:34PM -0600, Nathan Gilbert wrote:
> Hi,
> 
> I ran sysupgrade on a ThinkPad X1 Carbon running 7.2 and am unable to login 
> afterwards. I’m unable to log in as my normal user in either the WM (LeftWM) 
> or the terminal, I immediately get kicked back to login. I’m able to login 
> with root to fvwm or cwm but can’t open a terminal. On the terminal, I get 
> kicked back to login as well. This system reports that I am on 7.3 at boot.
> 
> Is there any way to debug this issue? I’m at a loss.

Going out on a limb here, but this sounds an awful lot like your window
manager might error out and kick yo back to xenodm. I can't find LeftWM
in the ports - is that a self-compiled window manager?

Also can you specify what you mean by "the terminal". If you make it to
the xenodm login manager, you should be able to switch to the text
console with Ctrl+Alt+F1-F4. If that works, then you could log in there
and examine ~/.xsession-errors after a failed xenodm login to see what
error messages are produced.

> 
> Thanks!
> 



Re: Cannot connect to iked, authenticate fails

2023-04-07 Thread Thomas Bohl

Hello,


ikev2 "vpn" passive esp \
     from dynamic to 185.21.22.23/32 \
     local egress peer any \
     ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group 
modp2048 \

     childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
     srcid 185.21.22.23 \
     dstid p7.local \
     config address 172.24.24.0/24 \
     config name-server 172.24.24.1 \





Any ideas / working config for a dynamic client hosting an iked on a VPS?


When using certificates I always use ASN1_DN for srcid and dstid. It 
should look something like this:


srcid "/C=DE/ST=Lower 
Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=185.21.22.23/emailAddress=r...@openbsd.org 
" \
dstid "/C=DE/ST=Lower 
Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=p7.local/emailAddress=r...@openbsd.org" 
\


(I have never used "ikectl ca", so I'm not sure what the files a called. 
But with something like this you should be able get the srcid/dstid-lines:

openssl x509 -subject -noout -in 185.21.22.23.crt
openssl x509 -subject -noout -in p7.local.crt)



Re: Command At Startup

2023-04-01 Thread Thomas Frohwein
On Sat, Apr 01, 2023 at 04:28:20PM +0200, Peter N. M. Hansteen wrote:
> On Sat, Apr 01, 2023 at 11:26:31AM +0200, Computer Planet wrote:
> > Hi Guys, OpenBSD 7.2 
> > I have no way to get a stupid autorun script to load. Can anyone tell me 
> > where to put this script?
> > In /etc/rc.local it doesn't work...
> > The scirtp is located in the path /home/tech
> > and contains only this:
> > --
> > #!/bin/ksh
> > /usr/sbin/apm -C

Besides what Peter replied, are you sure the flag is right?

$ man apm | grep -- "-C"
$

> > --
> 
> I would think the place to put flags for apm or apmd would be the
> to put a line in /etc/rc.conf.local with apmd_flags= and the flags you
> want. 
> 
> - Peter
> 
> 
> -- 
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> 



Re: ikev2_resp_create_child_sa: no proposal chosen

2023-02-26 Thread Thomas Bohl
But the VPN-Router has a IKE-I-General-failure 0x21ff. All of the sudden 
it's a problem that I only want to route specific networks?! IPSec is so 
exhausting.


I got it working. The trick is to have iked send the CREATE_CHILD_SA 
request / initiate the rekeying first. Either by having lower 
ikelifetime and lifetime values than on the VPN-router, or by setting 
higher values on the VPN-router than the iked standards.


I configured iked with halved values my LANCOM router uses. This is 
stable over time as well as over bytes transferred.


# cat /etc/iked.conf
set dpd_check_interval 30

ikev2 "rathaus" active \
from 192.168.0.0/24 to any \
from dynamic to 192.168.0.0/24 \
from dynamic to 192.168.11.55/32 \
local 192.168.1.210 peer IPv4.example.com \
childsa enc aes-256-gcm group modp2048 \
srcid "/C=DE/ST=.../CN=o2.example.local" \
dstid "/C=DE/ST=.../CN=vpn.example.com" \
ikelifetime 54000 \
lifetime 14400 bytes 1G \
request address any \
iface lo1



Re: ikev2_resp_create_child_sa: no proposal chosen

2023-02-24 Thread Thomas Bohl

Thanks for your responses.


Try adding some non-modp2048 options. Maybe look at the SA installed
from the initial negotiation (ipsecctl -vvsa) for ideas.


I think this is the right answer. The log tells you what the other side sent:

spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ENCR=AES_CBC-256
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA2_256_128
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA1_96
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ESN=NONE

There isn't any DH group for PFS here, so drop the modp2048 or add it on the
other side.


I tried countless different childsa lines, without success. Modp2048 
didn't show up because I deactivated PFS. I didn't knew this was 
correlated. Now it shows up:

ikev2_log_proposal: ESP #1 DH=MODP_2048

I than removed SHA1 and AES-CBC-256 from the IKE-/Child-SA hash/chiper 
list on the VPN-router. Having now only:

DH group: DH14 (MODP-2048)
PFS: Yes
IKE-/Child-SA: Chiper: AES-GCM-256, Hash: SHA-256
(Available settings are described here 
https://www.lancom-systems.com/docs/LCOS/Refmanual/EN/#topics/lanconfig_vpn_ikev2-ipsec_encryption.html 
)


And this line in iked.conf:
childsa enc aes-256-gcm group modp2048 \


At first it looks ok. iked reports:
spi=0xf3e9aaf0b7009e4e: recv CREATE_CHILD_SA req 0 peer 
88.14.XXX.YYY:4500 local 192.168.1.210:4500, 461 bytes, policy 'rathaus'
spi=0xf3e9aaf0b7009e4e: send CREATE_CHILD_SA res 0 peer 
88.14.XXX.YYY:4500 local 192.168.1.210:4500, 497 bytes, NAT-T
spi=0xf3e9aaf0b7009e4e: ikev2_childsa_enable: loaded SPIs: 0x2f843f59, 
0x18f271c6 (enc aes-256-gcm group modp2048)



But the VPN-Router has a IKE-I-General-failure 0x21ff. All of the sudden 
it's a problem that I only want to route specific networks?! IPSec is so 
exhausting.



For those who are interested, this is what the VPN-router reports:
...
[VPN-Status] 2023/02/25 02:01:49,268  Devicetime: 2023/02/25 02:01:49,040
Peer O2 [responder]: Received an CREATE_CHILD_SA-RESPONSE of 497 bytes 
(encrypted)

Gateways: 88.14.XXX.YYY:4500<--84.17.XXX.ZZZ:4500
SPIs: 0xF3E9AAF0B7009E4E6A017F990A97DF8F, Message-ID 0
  Determining best intersection for TSi
  Expected TS :(  0, 0-65535, 0.0.0.0-255.255.255.255)
  Received TS :(  0, 0-65535, 0.0.0.0-255.255.255.255)
  Intersection:(  0, 0-65535, 0.0.0.0-255.255.255.255)
  Determining best intersection for TSi
  Expected TS :(  0, 0-65535, 0.0.0.0-255.255.255.255)
  Received TS :(  0, 0-65535, 192.168.0.0-192.168.0.255  )
  Intersection:(  0, 0-65535, 192.168.0.0-192.168.0.255  )
  Determining best intersection for TSi
  Expected TS :(  0, 0-65535, 0.0.0.0-255.255.255.255)
  Received TS :(  0, 0-65535,   192.168.11.55-192.168.11.55  )
  Intersection:(  0, 0-65535,   192.168.11.55-192.168.11.55  )
  Best:(  0, 0-65535, 0.0.0.0-255.255.255.255)
  Determining best intersection for TSr
  Expected TS :(  0, 0-65535,   192.168.0.206-192.168.0.206  )
  Received TS :(  0, 0-65535, 192.168.0.0-192.168.0.255  )
  Intersection:(  0, 0-65535,   192.168.0.206-192.168.0.206  )
  Determining best intersection for TSr
  Expected TS :(  0, 0-65535,   192.168.0.206-192.168.0.206  )
  Received TS :(  0, 0-65535, 0.0.0.0-0.0.0.0)
  -No intersection
  Best:(  0, 0-65535,   192.168.0.206-192.168.0.206  )
-Received Traffic selectors are super set of proposed traffic selectors 
-> abort

Proposed TSi: (  0, 0-65535, 0.0.0.0-255.255.255.255)
Proposed TSr: (  0, 0-65535,   192.168.0.206-192.168.0.206  )

[VPN-Status] 2023/02/25 02:01:49,268  Devicetime: 2023/02/25 02:01:49,041
Hard lifetime event occurred for '' (initiator  flags 0x4008)
  CHILD_SA ESP
No IKE_SA found for

[VPN-Status] 2023/02/25 02:01:49,268  Devicetime: 2023/02/25 02:01:49,041
VPN: policy manager error indication: O2 (84.17.XXX.ZZZ), cause: 8703

[VPN-Status] 2023/02/25 02:01:49,268  Devicetime: 2023/02/25 02:01:49,048
VPN: Error: IKE-I-General-failure (0x21ff) for O2 (84.17.XXX.ZZZ) IKEv2



ikev2_resp_create_child_sa: no proposal chosen

2023-02-23 Thread Thomas Bohl

Hello,

I have several OpenBSD 7.2 connected to a commercial VPN-Router (LANCOM 
1781EW+) using iked. It works, except every time the Child SA 
negotiation starts, iked answers NO_PROPOSAL_CHOSEN to the router. Which 
leads to closed connections and a new IKE SA negotiation.

I don't understand this because the proposal looks supported to me.

# cat /etc/iked.conf
set dpd_check_interval 30

ikev2 "rathaus" active \
    from 192.168.0.0/24 to any \
    from dynamic to 192.168.0.0/24 \
    from dynamic to 192.168.11.55/32 \
    local 192.168.1.210 peer 88.14.XXX.YYY \
    srcid "/C=DE/ST=.../CN=o2.example.com" \
    dstid "/C=DE/ST=.../CN=vpn.example.com" \
    request address any \
    iface lo1


# iked -d
ikev2_init_ike_sa: initiating "rathaus"
spi=0xd2135463734ddcce: send IKE_SA_INIT req 0 peer 88.14.XXX.YYY:500 
local 192.168.1.210:500, 518 bytes
spi=0xd2135463734ddcce: recv IKE_SA_INIT res 0 peer 88.14.XXX.YYY:500 
local 192.168.1.210:500, 38 bytes, policy 'rathaus'

spi=0xd2135463734ddcce: sa_free: reinitiating with new DH group
ikev2_init_ike_sa: initiating "rathaus"
spi=0x0a131729beeb819a: send IKE_SA_INIT req 0 peer 88.14.XXX.YYY:500 
local 192.168.1.210:500, 742 bytes
spi=0x0a131729beeb819a: recv IKE_SA_INIT res 0 peer 88.14.XXX.YYY:500 
local 192.168.1.210:500, 487 bytes, policy 'rathaus'
spi=0x0a131729beeb819a: send IKE_AUTH req 1 peer 88.14.XXX.YYY:4500 
local 192.168.1.210:4500, 3144 bytes, NAT-T
spi=0x0a131729beeb819a: recv IKE_AUTH res 1 peer 88.14.XXX.YYY:4500 
local 192.168.1.210:4500, 2885 bytes, policy 'rathaus'

spi=0x0a131729beeb819a: ikev2_ike_auth_recv: obtained lease: 192.168.0.206
spi=0x0a131729beeb819a: ikev2_ike_auth_recv: obtained DNS: 192.168.1.254
spi=0x0a131729beeb819a: ikev2_childsa_enable: loaded SPIs: 0xc9b95a8c, 
0xd6296d4a (enc aes-256-gcm)
spi=0x0a131729beeb819a: ikev2_childsa_enable: loaded flows: 
ESP-192.168.0.0/24=0.0.0.0/0(0), ESP-192.168.0.206/32=192.168.0.0/24(0), 
ESP-192.168.0.206/32=192.168.11.55/32(0)
spi=0x0a131729beeb819a: established peer 
88.14.XXX.YYY:4500[ASN1_DN//C=DE/ST=.../CN=vpn.example.com] local 
192.168.1.210:4500[ASN1_DN//C=DE/ST=.../CN=o2.example.com] policy 
'rathaus' as initiator (enc aes-256-gcm group modp2048 prf hmac-sha2-256)



The VPN-Router eventually does this:

[VPN-Status] 2023/02/23 21:12:41,019  Devicetime: 2023/02/23 21:12:45,358
Soft lifetime event occurred for 'IPSEC-0-O2-PR0-L0-R0' (responder 
70/28800 sec  flags 0x0001)

  CHILD_SA ESP IPSEC_ESP Outbound-SPI 0x31B16169 Inbound-SPI 0x8F1A3175
Establishing CREATE_CHILD_SA exchange for IPSEC-0-O2-PR0-L0-R0 (O2)
CHILD_SA ('', '' ) entered to SADB
Peer O2: Constructing an CREATE_CHILD_SA-REQUEST for send
Soft-Event occurred for peer IPSEC-0-O2-PR0-L0-R0 (Responder, flags 
0x2001)

Starting a CHILD_SA rekeying for CHILD_SA:
Rekeyed SA:
  ESP outgoing [0x31B16169], incoming [0x8F1A3175]
+CHILD-SA:
  ESP-Proposal-1 My-SPI: 0xE9D1F2BD (5 transforms)
    ENCR : AES-GCM-16-256 AES-CBC-256
    INTEG: HMAC-SHA-256 HMAC-SHA1
    ESN  : NONE
+Rekeying TSi 0: (  0, 0-65535, 0.0.0.0-255.255.255.255)
+Rekeying TSr 0: (  0, 0-65535,   192.168.0.206-192.168.0.206  )
Message scheduled for retransmission (1) in 8.773356 seconds
Sending an CREATE_CHILD_SA-REQUEST of 217 bytes (responder encrypted)
Gateways: 88.14.XXX.YYY:4500-->84.17.XXX.ZZZ:4500, tag 0 (UDP)
SPIs: 0x6ECF7D9294CBC2A7FE91F645321E6EEE, Message-ID 0



Which iked response to with:

spi=0x0a131729beeb819a: recv CREATE_CHILD_SA req 0 peer 
88.14.XXX.YYY:4500 local 192.168.1.210:4500, 217 bytes, policy 'rathaus'

ikev2_resp_create_child_sa: no proposal chosen
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ENCR=AES_GCM_16-256
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ENCR=AES_CBC-256
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA2_256_128
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA1_96
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ESN=NONE
spi=0x0a131729beeb819a: ikev2_add_error: NO_PROPOSAL_CHOSEN
spi=0x0a131729beeb819a: send CREATE_CHILD_SA res 0 peer 
88.14.XXX.YYY:4500 local 192.168.1.210:4500, 65 bytes, NAT-T
spi=0x0a131729beeb819a: recv INFORMATIONAL req 1 peer 88.14.XXX.YYY:4500 
local 192.168.1.210:4500, 77 bytes, policy 'rathaus'

spi=0x0a131729beeb819a: ikev2_ikesa_recv_delete: received delete
spi=0x0a131729beeb819a: send INFORMATIONAL res 1 peer 88.14.XXX.YYY:4500 
local 192.168.1.210:4500, 57 bytes, NAT-T

spi=0x0a131729beeb819a: sa_free: received delete



I got desperate and tried adding this to iked.conf, which didn't help:

childsa group modp2048 \
childsa group modp2048 noesn\
childsa enc aes-256-gcm group modp2048 \
childsa enc aes-256-gcm group modp2048 noesn \
childsa enc aes-256 group modp2048 \
childsa enc aes-256 group modp2048 noesn \
childsa enc aes-256-gcm group modp2048 prf hmac-sha2-256 \
childsa enc aes-256-gcm group modp2048 prf hmac-sha2-256 noesn \
childsa enc aes-256 group modp2048 

crontab and /usr/local/{,s}bin

2023-02-14 Thread Thomas L.
hi,

what is the reason that /usr/local/{,s}bin is not in PATH in crontab?
this seems to be the case on all unix-like systems and it regularly
bites people. sometimes someone says it's for security w/o being
able to tell what is being prevented by this. or is it just some
historic default noone bothered to change?

kind regards,

thomas



Suggestion for improving FAQ14: UUIDs

2023-02-06 Thread Thomas Dettbarn
Hello!
 
tl;dr: I would like to suggest adding a line about the virtues of UUID to the 
FAQ14.
Something along the lines of "Remember to set up the UUID in
your /etc/fstab afterwards." or something.
 
 
The thing is, I have a RAID-5 setup in my system. One which I was able to set 
up, thanks to this one:
 
https://www.openbsd.org/faq/faq14.html
 
The entry in my /etc/fstab is now
 
/dev/sd7p /home ffs rw,nodev,nosuid 1 2
 
Which. Is. Stupid. I know: Yesterday, I wanted to boot my System, but I forgot 
to unplug a
USB-Device, which got mapped to sd7. So then I was unable to mount the /home. 
If I WOULD HAVE BEEN smarter, I would have used a UUID in my fstab.
 
Anyways, it is my believe that adding a line to each section might help the 
next person as
stupid as me, hence my suggestion.
 
 
Thomas
 


Re: Making MS teams work on openbsd

2023-01-18 Thread Thomas Frohwein
On Wed, Jan 18, 2023 at 10:19:25PM +0200, Divan Santana wrote:
> Greetings friends :)
> 
> In short MS teams works via chrome on openbsd7.2 for me except for the
> camera.

I was on an MS Teams meeting a few weeks ago with camera working. The
main issue from my experience was the web client auto disconnecting
after a while.

> 
> (The camera with webrtc works fine for other sites, just not teams)
> 
> The screen share too works, but not the camera.  It detects the camera,
> but when you try switch it on, it remains black.

I've seen testing/preview camera output being just a black rectangle, but
it worked in the meeting itself.

I have package libv4l installed; not sure if that is involved.
Otherwise, would check that everything has been set up correctly -
correct permissions on /dev/video0 (rw), sysctl kern.video.record=1,
and chromium running with ENABLE_WASM=1 in the environment.

Do other browser-based video calls work? Can test for example with Zoom
here: https://zoom.us/test 

> Anyway, I'm pretty sure a workaround to get teams video to work via
> chrome on openbsd is to create a virtual camera with a res up to 720p
> and make chrome use that (or buy another camera).  It seems anything
> higher, and teams has an issue with it.

That seems like a painful workaround; check the above if that helps
narrow down the problem.



Re: Configure OpenBSD for remote server rarely used

2022-11-28 Thread Greg Thomas
You should reboot whenever patches or upgrades require it.  Was that a
trick question or something?

On Mon, Nov 28, 2022 at 12:51 AM Greg Thomas 
wrote:

>
>
> On Sun, Nov 27, 2022 at 12:08 PM James Johnson 
> wrote:
>
>> Thank you for this interesting perspective.
>>
>> Combined with the previous advice, I am convinced. I will not try to have
>> the machine sleep, or even try to put the drives in spun down. From what
>> you guys are saying, it seems doing so would be over-engineering.
>>
>> What are your thoughts regarding reboots? Should I do a daily, weekly,
>> monthly reboot?
>>
>>
>> > On 27 Nov 2022, at 20:00, Bodie  wrote:
>> >
>> >
>> >
>> > On 27.11.2022 10:37, James Johnson wrote:
>> >> Hi all,
>> >> OpenBSD is amazing. But I need help in configuring it correctly as a
>> >> remote server, rarely used.
>> >> The main thing I am trying to do is to make it sleep every now and
>> >> then to protect resources. I am very flexible on how to do this, but
>> >> have been unable to do so.
>> >> Here's what I tried :
>> >> 1) Make it sleep and wake up when woken up remotely
>> >> I investigated Wake On Lan, which I enabled via ifconfig. However,
>> >> this system is deployed remotely, and I have no access to other
>> >> computers on the LAN, so I am unable to make this work.
>> >> 2) Make it sleep for a few hours and then wake up
>> >> After 3hours+ of research in man pages and the internet, I have not
>> >> seen any solution for that.
>> >> 3) hard drives Spin down, CPU lower freq
>> >> I have been able to lower the CPU speed by running `apm -L`.
>> >> I haven't been able to spin down the hard drives.
>> >> How important is it to manually send a command to spin down the unused
>> >> harddrives? Will it be down by the system automatically?
>> >> I am trying to get info on the drives from the system but `atactl sd0
>> >> checkpower ` always shows `standby` even after I have just written on
>> >> the disk. I understand this does not work because my drives are SCSI
>> >> and not ATA.
>> >> I read the man page for scsi, and I see the command to spin down hard
>> >> drives : `scsi -f /dev/rsd2c -c "1b 0 0 0 0 0"`
>> >> However, I see no command to spin them back up. Is it automatic?
>> >> How can I request information on the spin state of the drive. I am
>> >> just a little worried about starting to send low levels instructions
>> >> to the hard drive, with little understanding of it. Is it safe to send
>> >> this command?
>> >> Thanks all !
>> >> PS : dmesg : I cannot share the full dmesg for security reasons, but
>> >> it is a fairly standard i386 machine, with 2 drives mounted as SCSI.
>> >
>> > As already pointed out by others. Don't do that ;-) Unless you explain
>> > why you need to do that (I'm sure it is possible without disclosing
>> much)
>> >
>> > I build systems running for eg. 12 years, amd64 architecture, SATA
>> disks,
>> > DDR RAM and so on. Serving number of virtual machines with constantly
>> > higher number of utilizations and in dozens of them only 2 problems
>> > during those years - battery for internal RAID run out :-)
>> >
>> > Saw systems which were running for over 30 years and nothing wrong with
>> > them.
>> >
>> > Can't talk about electricity as those are basically underground cities
>> > and there are different problems then if CPU is running 3 or 1GHz ;-)
>> >
>> > Sounds like maybe some IoT solution, but then go for ARM or use virtual
>> > machine in eg. OpenBSD Amsterdam or you really need compute power on
>> > demand then go for free options in eg. Azure (12 months free basic
>> Linux)
>> > or Oracle Cloud Infrastructure or whatever else you find fit.
>> >
>> > Either it is so important, need to be physically under your control and
>> > then small differences in electricity does not matter or solutions above
>> > are perfectly fine for your needs.
>> >
>> > Just one hint. No matter if own machine or something rented you want
>> that
>> > machine to be worth the money that means to do something on it and not
>> > have it shut down ;-)
>>
>>


Re: Configure OpenBSD for remote server rarely used

2022-11-28 Thread Greg Thomas
On Sun, Nov 27, 2022 at 12:08 PM James Johnson 
wrote:

> Thank you for this interesting perspective.
>
> Combined with the previous advice, I am convinced. I will not try to have
> the machine sleep, or even try to put the drives in spun down. From what
> you guys are saying, it seems doing so would be over-engineering.
>
> What are your thoughts regarding reboots? Should I do a daily, weekly,
> monthly reboot?
>
>
> > On 27 Nov 2022, at 20:00, Bodie  wrote:
> >
> >
> >
> > On 27.11.2022 10:37, James Johnson wrote:
> >> Hi all,
> >> OpenBSD is amazing. But I need help in configuring it correctly as a
> >> remote server, rarely used.
> >> The main thing I am trying to do is to make it sleep every now and
> >> then to protect resources. I am very flexible on how to do this, but
> >> have been unable to do so.
> >> Here's what I tried :
> >> 1) Make it sleep and wake up when woken up remotely
> >> I investigated Wake On Lan, which I enabled via ifconfig. However,
> >> this system is deployed remotely, and I have no access to other
> >> computers on the LAN, so I am unable to make this work.
> >> 2) Make it sleep for a few hours and then wake up
> >> After 3hours+ of research in man pages and the internet, I have not
> >> seen any solution for that.
> >> 3) hard drives Spin down, CPU lower freq
> >> I have been able to lower the CPU speed by running `apm -L`.
> >> I haven't been able to spin down the hard drives.
> >> How important is it to manually send a command to spin down the unused
> >> harddrives? Will it be down by the system automatically?
> >> I am trying to get info on the drives from the system but `atactl sd0
> >> checkpower ` always shows `standby` even after I have just written on
> >> the disk. I understand this does not work because my drives are SCSI
> >> and not ATA.
> >> I read the man page for scsi, and I see the command to spin down hard
> >> drives : `scsi -f /dev/rsd2c -c "1b 0 0 0 0 0"`
> >> However, I see no command to spin them back up. Is it automatic?
> >> How can I request information on the spin state of the drive. I am
> >> just a little worried about starting to send low levels instructions
> >> to the hard drive, with little understanding of it. Is it safe to send
> >> this command?
> >> Thanks all !
> >> PS : dmesg : I cannot share the full dmesg for security reasons, but
> >> it is a fairly standard i386 machine, with 2 drives mounted as SCSI.
> >
> > As already pointed out by others. Don't do that ;-) Unless you explain
> > why you need to do that (I'm sure it is possible without disclosing much)
> >
> > I build systems running for eg. 12 years, amd64 architecture, SATA disks,
> > DDR RAM and so on. Serving number of virtual machines with constantly
> > higher number of utilizations and in dozens of them only 2 problems
> > during those years - battery for internal RAID run out :-)
> >
> > Saw systems which were running for over 30 years and nothing wrong with
> > them.
> >
> > Can't talk about electricity as those are basically underground cities
> > and there are different problems then if CPU is running 3 or 1GHz ;-)
> >
> > Sounds like maybe some IoT solution, but then go for ARM or use virtual
> > machine in eg. OpenBSD Amsterdam or you really need compute power on
> > demand then go for free options in eg. Azure (12 months free basic Linux)
> > or Oracle Cloud Infrastructure or whatever else you find fit.
> >
> > Either it is so important, need to be physically under your control and
> > then small differences in electricity does not matter or solutions above
> > are perfectly fine for your needs.
> >
> > Just one hint. No matter if own machine or something rented you want that
> > machine to be worth the money that means to do something on it and not
> > have it shut down ;-)
>
>


Re: Locking network card configuration

2022-11-22 Thread Thomas Bohl

mac2dev() {
# This got long
ifconfig | while IFS= read _line; do
if [[ "$_line" = [a-z]!(\ *):* ]]; then
_dev=${_line%%:*}
elif [[ "$_line" = *lladdr*$1* && $_dev != vlan* ]]; then
echo $_dev
fi
done
}

_if=$(mac2dev "$_mac") # or just _if=$(mac2dev ${_hn#*.})


My solution would have been:

_if=`ifconfig | while read _line; do
[[ $_line == "lladdr "$_mac ]] && \
echo ${_lineabove%:*} && break
_lineabove=$_line
done`

I didn't know about vlan though.




Note that the vlan devices need to be excluded. Are there other
circumstances which could confuse this in ifconfig's output?


svlan





Re: Locking network card configuration

2022-11-21 Thread Thomas Bohl

Hello,


I suppose there is some argument that we should support hostname.MAC
files


Maybe a function in netstart right before vifscreate could be enough to 
achieve this? I creates this diff, against stable for now though, as a test.


Create a /etc/hostname.MAC file like you would create a /etc/hostname.if 
file. (MAC = lladdr as shown with ifconfig. Like 
/etc/hostname.08:00:27:14:26:0d)
/etc/netstart than creates a symbolic link to the corresponding 
hostname.if. If there is a hostname.if file it is not overwritten. The 
rest works the same.



--- netstartTue Sep 27 19:39:43 2022
+++ netstartTue Nov 22 03:39:49 2022
@@ -104,6 +104,21 @@ ifcreate() {
fi
 }

+# Symlink hostname.MAC to hostname.if.
+# Existing hostname.if-file (no symlink) wins.
+link_MAC_to_if() {
+   local _hn _mac _if
+
+   for _hn in /etc/hostname.??:??:??:??:??:??; do
+   _mac=`echo $_hn | cut -c 15-31`
+   _if=`ifconfig | grep -B 1 $_mac | head -n 1 | awk -F ": " 
'{print $1}'`
+   # Only create a symlink if /etc/hostname.$_if is not a normal 
file.
+   if [[ -h /etc/hostname.$_if ]] || [[ ! -e /etc/hostname.$_if 
]]; then
+   ln -fs /etc/hostname.$_mac /etc/hostname.$_if
+   fi
+   done
+}
+
 # Create interfaces for network pseudo-devices referred to by 
hostname.if files.

 # Optionally, limit creation to given interfaces only.
 # Usage: vifscreate [if ...]
@@ -356,6 +371,9 @@ if ifconfig lo0 inet6 >/dev/null 2>&1; then
 else
ip6kernel=NO
 fi
+
+# Symlink hostname.MAC to hostname.if.
+link_MAC_to_if

 # Create all the pseudo interfaces up front.
 vifscreate



Re: OpenIKE2 question

2022-11-20 Thread Thomas Bohl

Hello everyone.I'm planning to use OpenIKEv2 not just for VPN tunnel, but also 
to give client Internet access through that tunnel (none other for that 
client). Is it possible? Do I need additional config options or will default 
gateway become available on the system once connected to VPN?


Yes, and it also sets the DNS server to what the VPN server tells it to.



Re: [SPAM] Re: opensmtpd-filter-dkimsign-0.5

2022-11-10 Thread Thomas Bohl

# openssl genrsa -out /etc/mail/dkim/agroena.org.private.key 2048


and

# chown _dkimsign:_dkimsign /etc/mail/dkim/agroena.org.private.key
# chmod 440 /etc/mail/dkim/agroena.org.private.key



Re: opensmtpd-filter-dkimsign-0.5

2022-11-10 Thread Thomas Bohl

Now dkimsign is failing and i have not been able to repair it, could
somebody please help?

# smtpd -d
info: OpenSMTPD 7.0.0 starting
dkimsign: Can't open key file (/etc/mail/dkim/agroena.org.private.key):
Permission denied
warn: lost processor: dkimsign exited abnormally
Exiting

# doas -u _dkimsign openssl genrsa -out /etc/mail/dkim/private.rsa.key 2048
/etc/mail/dkim/private.rsa.key: Permission denied
5824620405456:error:02FFF00D:system library:func(4095):Permission
denied:/usr/src/lib/libcrypto/bio/bss_file.c:257:fopen('/etc/mail/dkim/private.rsa.key',
'w')
5824620405456:error:20FFF002:BIO routines:CRYPTO_internal:system
lib:/usr/src/lib/libcrypto/bio/bss_file.c:259:


Please share

cat /etc/mail/smtpd.conf
ls -la /etc/mail/dkim/



Re: iked RoadWarrior IPv6

2022-11-03 Thread Thomas Bohl

# cat /etc/iked.conf
ikev2 "rathaus" active esp \
     from 192.168.0.0/24 to any \
     from dynamic to 192.168.0.0/24 \
     peer vpn.example.com \
     srcid o2@rathaus \
     psk "will-change-to-certs-if-testing-is-finished" \
     request address any \
     iface lo1


I discovered that

peer vpn.example.com local 2003:c8:2721:cc00:f773:7319:68a6:8ed8

works. (Even though the logs show that this address is already used you 
have to explicitly mention it via "local" again.) Since "local" accepts 
a hostname, my workaround/solution is:


peer vpn.example.com local dyndns-client.example.com



Re: Disable amdgpu driver without a working keyboard in UKC?

2022-11-01 Thread Thomas Bohl

Hello,

I wanted to try that out by running the same `disable amdgpu` command in 
UKC, but neither the built-in keyboard nor my external keyboard work in 
UKC mode.


Is there an alternative way of disabling amdgpu when my keyboards don't 
work? Perhaps I can echo to some config file during the `boot>` prompt?


You could SSH into the machine or use the the install kernel to drop 
into a shell. From there you could create a bsd.re-config file.


man bsd.re-config



iked RoadWarrior IPv6

2022-10-29 Thread Thomas Bohl

Hello,

I want to integrate a remote OpenBSD 7.2 machine into my local network. 
So it will be reachable via a local IPv4 address like 192.168.0.206. My 
local router and IPSec server is a LANCOM 1781EW+.


The setup works already, but only if iked uses IPv4 and not IPv6. (I 
have a working IPv6 setup with strongSwan on Android tough.)


# cat /etc/iked.conf
ikev2 "rathaus" active esp \
    from 192.168.0.0/24 to any \
    from dynamic to 192.168.0.0/24 \
    peer vpn.example.com \
    srcid o2@rathaus \
    psk "will-change-to-certs-if-testing-is-finished" \
    request address any \
    iface lo1

This config works if the peer entry is a IPv4 address or if 
vpn.example.com has only an A record. If vpn.example.com has an  
record or peer is a IPv6 address it will not work.



Working:
# iked -d
ikev2_init_ike_sa: initiating "rathaus"
spi=0x6fa20e5d5cc463ce: send IKE_SA_INIT req 0 peer 91.65.56.196:500 
local 0.0.0.0:500, 518 bytes
spi=0x6fa20e5d5cc463ce: recv IKE_SA_INIT res 0 peer 91.65.56.196:500 
local 192.168.1.210:500, 38 bytes, policy 'rathaus'

spi=0x6fa20e5d5cc463ce: sa_free: reinitiating with new DH group
ikev2_init_ike_sa: initiating "rathaus"
spi=0x22213067a8f10273: send IKE_SA_INIT req 0 peer 91.65.56.196:500 
local 0.0.0.0:500, 742 bytes
spi=0x22213067a8f10273: recv IKE_SA_INIT res 0 peer 91.65.56.196:500 
local 192.168.1.210:500, 487 bytes, policy 'rathaus'
spi=0x22213067a8f10273: send IKE_AUTH req 1 peer 91.65.56.196:4500 local 
192.168.1.210:4500, 327 bytes, NAT-T
spi=0x22213067a8f10273: recv IKE_AUTH res 1 peer 91.65.56.196:4500 local 
192.168.1.210:4500, 239 bytes, policy 'rathaus'

spi=0x22213067a8f10273: ikev2_ike_auth_recv: obtained lease: 192.168.0.206
spi=0x22213067a8f10273: ikev2_ike_auth_recv: obtained DNS: 192.168.1.254
spi=0x22213067a8f10273: ikev2_childsa_enable: loaded SPIs: 0xcffacc66, 
0xe1e53f59 (enc aes-256-gcm)
spi=0x22213067a8f10273: ikev2_childsa_enable: loaded flows: 
ESP-192.168.0.0/24=0.0.0.0/0(0)
spi=0x22213067a8f10273: established peer 
91.65.56.196:4500[UFQDN/o2@rathaus] local 
192.168.1.210:4500[UFQDN/o2@rathaus] policy 'rathaus' as initiator (enc 
aes-256-gcm group modp2048 prf hmac-sha2-256)



Not working:
# iked -vd
ikev2 "rathaus" active tunnel esp inet6 from 192.168.0.0/24 to 0.0.0.0/0 
from 0.0.0.0 to 192.168.0.0/24 local any peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821 ikesa enc aes-128-gcm enc aes-256-gcm 
prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 
group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 
group modp3072 group modp2048 group modp1536 group modp1024 ikesa enc 
aes-256 enc aes-192 enc aes-128 enc 3des prf hmac-sha2-256 prf 
hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 auth hmac-sha2-256 auth 
hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group curve25519 group 
ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group 
modp2048 group modp1536 group modp1024 childsa enc aes-128-gcm enc 
aes-256-gcm group none esn noesn childsa enc aes-256 enc aes-192 enc 
aes-128 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth 
hmac-sha1 group none esn noesn srcid o2@rathaus lifetime 10800 bytes 
4294967296 psk 0xfoobar config address any iface lo1

ikev2_init_ike_sa: initiating "rathaus"
spi=0x12efeecdd9b0e8b6: send IKE_SA_INIT req 0 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local :::500, 518 bytes
spi=0x12efeecdd9b0e8b6: recv IKE_SA_INIT res 0 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500, 38 bytes, policy 'rathaus'

spi=0x12efeecdd9b0e8b6: sa_free: reinitiating with new DH group
ikev2_init_ike_sa: initiating "rathaus"
spi=0x4657d2d35de226ed: send IKE_SA_INIT req 0 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local :::500, 742 bytes
spi=0x4657d2d35de226ed: recv IKE_SA_INIT res 0 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500, 487 bytes, policy 'rathaus'


(Around this point the router reports: "IKEV2C_O2 connected")

spi=0x4657d2d35de226ed: send IKE_AUTH req 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500, 359 bytes
spi=0x4657d2d35de226ed: retransmit 1 IKE_AUTH req 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500
spi=0x4657d2d35de226ed: retransmit 2 IKE_AUTH req 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500
spi=0x4657d2d35de226ed: retransmit 3 IKE_AUTH req 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500
spi=0x4657d2d35de226ed: retransmit 4 IKE_AUTH req 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500
spi=0x4657d2d35de226ed: retransmit 5 IKE_AUTH req 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f773:7319:68a6:8ed8:500
spi=0x4657d2d35de226ed: recv IKE_AUTH res 1 peer 
2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 
2003:c8:2721:cc00:f

Re: Auto layout for disk partitions - a new user's perspective

2022-04-18 Thread Thomas Frohwein
On Mon, Apr 18, 2022 at 01:36:18PM -, Stuart Henderson wrote:

[...]

> > 2) Should there be a /usr/local/pobj partition created with correct mount 
> > options? (I appreciate building ports is an "advanced" thing to do - but it 
> > feels weird having to mess with partition layout after a fresh install just 
> > to 
> > build them)
> 
> Ports doesn't use /usr/local/pobj by default (you can set it via WRKOBJDIR
> in mk.conf, but /usr/local isn't a great place for a filesystem with rapid
> changes during a port build). Also, /usr/local/pobj *is* normally wxallowed.
> 
> If you are using ports I would strongly recommend a separate filesystem
> for /usr/ports, either with default ports-related directories (i.e. don't
> change dirs in mk.conf) and set that wxallowed, or with a separate WRKOBJDIR
> on a wxallowed filesystem.

I think it might be worth repeating that packages are the recommended
way to use third-party software. And that's also a great justification
why there is no /usr/ports partition on a default install.

Unless you are doing ports development work, you shouldn't need the
ports tree. There are rare ports which don't have a package (for
license reasons). If you need one of them, CVS has the advantage over
git that you can checkout a subdirectory. If you do this for an
individual port, the space requirements should be minimal. Still, for
regular use you shouldn't need to deal with any of this.



Re: tcpdump rotating issue with newsyslog

2022-04-10 Thread Thomas L.
On Sun, 10 Apr 2022 17:00:25 -0400
Nick Holland  wrote:
> On 4/10/22 9:39 AM, Yogendra Kumar Chaudhary wrote:
> > I am running the following command in the OpenBSD 6.2.

You should really upgrade. That version no longer gets security patches
for several years.

> So, I'm thinking you probably want a 'b' and a SIGHUP sent to tcpdump.
> You can validate my second point by disabling the compression, I
> suspect you will see your .0 file continue to grow in size, until it
> becomes .1, etc.

What Nick suspects is likely true, but tcpdump will just quit on
SIGHUP. You could restart the capture instead. Capturing network traffic
for days might use a lot of disk space though.

Kind regards,

Thomas



Re: How to track system changes?

2022-04-04 Thread Eric Thomas
Very valuable insights. That’s a great idea. 

The rysnc script was ksh/bash or cron? Ideally I’d like to use Python to tackle 
something like this but I’m not against learning shell. 


> On Apr 4, 2022, at 2:02 PM, Nick Holland  wrote:
> 
> On 4/4/22 11:32 AM, Eric Thomas wrote:
>> I want to have a high degree of confidence in my system's state
>> (packages that have been added, configs that have changed, permissions
>> changed, etc). I've read about "read only filesystems" and the
>> pro's/con's [here](http://geodsoft.com/howto/harden/OpenBSD/no_changes.htm).
>> Aside from that, is there a way to...
>> 1. ...hash the file system in some way and monitor for changes? OR
>> 2. ...somehow review changes that have taken place (a log somewhere)?
>> The goal is to concretely know whether the state of the system has
>> changed, then point to what EXACTLY has changed.
>> Anyone doing something similar?
>> Thank you
> 
> Something I came up with which worked out really well at my employer was
> a backup system that used rsync and the --link-dest option to make a useful
> rotated disk-based backup of current systems.  When they said, "We want some
> kind of file integrity monitoring system", I puzzled over all kinds of ways
> to look for altered files...but it suddenly hit me -- I HAD a list of all the
> altered files -- the output of the rsync --link-dest backup run!
> 
> Took that output, ran it through a "grep -vf exclusionlist", where
> "exclusionlist" was a list of files (in regex form) I EXPECTED change on...and
> I had a daily output of all unexpected changed files.  I called it the
> "File Alteration Reporting Tool", but my coworkers thought another name would
> be more appropriate for some reason. :D
> 
> It was really quite interesting.  Never found a real security breach (yay),
> but learned a LOT of new things about the software running on our systems,
> and to the point -- we found a few things that prompted us to go kicking trees
> to find out what someone had done that we weren't aware of.  I call that 
> success.
> 
> Yes, I'm working on re-doing it (i.e., clean slate so my (former)employer has
> no gripes (and no internal information disclosure), but if you are adept at
> scripting, it wasn't too difficult.
> 
> Nick.
> 



How to track system changes?

2022-04-04 Thread Eric Thomas
I want to have a high degree of confidence in my system's state
(packages that have been added, configs that have changed, permissions
changed, etc). I've read about "read only filesystems" and the
pro's/con's [here](http://geodsoft.com/howto/harden/OpenBSD/no_changes.htm).

Aside from that, is there a way to...

1. ...hash the file system in some way and monitor for changes? OR
2. ...somehow review changes that have taken place (a log somewhere)?

The goal is to concretely know whether the state of the system has
changed, then point to what EXACTLY has changed.

Anyone doing something similar?

Thank you



Internal Logging?

2022-04-04 Thread Eric Thomas
I'd like to understand more about how OpenBSD logs internal events such as:

- pkg_add/delete events
- user logins
- X session start/stops
etc.

Is there "one big log" where all of these types of events are stored?
Or are they logged in specific directories depending on log type?
Which log directories do you monitor?

Thank you!



Re: How to rebuild the ports tree?

2022-04-02 Thread Eric Thomas
@Stuart

Disregard! I see now that the `make FETCH_PACKAGES= install` installed
everything. I assumed it would get the large packages only.

Looks like running `unifi info` yields all relevant info.

Thank you very much for the patience and expertise.

On Sat, Apr 2, 2022 at 6:16 PM Eric Thomas  wrote:
>
> @Stuart
>
> > I really recommend using FETCH_PACKAGES
>
> Thank you for the (repeated!) recommendation to use `make
> FETCH_PACKAGES= install`. I had originally tried the command but
> missed that CRITICAL space ' ' between `=` and `install`. Now that I
> have that corrected, the `make` went very quickly.
>
> >"pkg_info | grep unifi" will show some output if it is installed
>
> Nice! After running `make`, `pkg_info | grep unifi` shows:
> "unifi-6.2.26 controller for Ubiquit..."
>
> Last(?) issue:
> Running `pkg_add unifi` (or `unifi-6.2.26`) from
> `/urs/ports/net/unifi/6.2` results in:
> "quirks-4.54 signed on 2022-03-26T14:02:422
> Can't find unifi"
>
> How do I get the custom build to a location where pkg_add can "see it"?
>
> On Fri, Apr 1, 2022 at 8:30 AM Stuart Henderson
>  wrote:
> >
> > On 2022-04-01, Eric Thomas  wrote:
> > > @Crystal
> > >
> > >> If you want to work with the ports tree, it's _much_ better to set up
> > >> DPB than just running 'make' in the various directories:
> > >
> > > Very cool blog! I def spent some time reading. The dpb method feels
> > > like a litle too advanced for me at this moment. I'm struggling to
> > > get this UniFi port built using the standard setup.
> >
> > The only places I use dpb are 1) for bulk builds, i.e. building the
> > whole set of ports in one go, and 2) if I want to download all the
> > distfiles (source code to all the ports) if I want to run a search
> > over it all.
> >
> > It's useful but I would not describe it as useful for what most people
> > need to do with the ports tree.
> >
> > > @Stuart
> > >
> > > 1. I was able to restore a previous checkpoint (I'm in a virtual
> > > machine) where the port tree was freshly installed.
> > > 2. I ran `make install` in the correct directory ( thank you:
> > > `/usr/ports/net/unifi/6.2`) and piped the results to a log.txt file.
> >
> > I really recommend using FETCH_PACKAGES so you aren't spending hours
> > building difficult-to-build ports needlessly, unifi itself cannot be
> > distributed as packages, but the other software which it requires aren't
> > a problem.  i.e. this bit from my mail:
> >
> > >> memory limits, you probably want to install those from packages instead
> > >> ("make FETCH_PACKAGES= install" should do that - the unifi port would
> > >> have displayed a hint about this when you ran "make").
> >
> >
> > > 3. I wish I could figure out how to get the dang log.txt file out of
> > > the OpenBSD VM (email?, USB thumbdrive?, other?) and into your hands!
> >
> > the easiest options are based around connecting to the machine by ssh
> > e.g.
> >
> > - ssh in, copy and paste from the terminal
> > - scp or sftp the file to another machine
> >
> > > - Seems like an act of congress to setup external email. At least
> > > I can't find a simple example on the web
> >
> > either use a mail client that can connect to your mail server directly,
> > or use something like this
> > https://blog.joelg.net/post/2020-09-20-setting-up-opensmtpd-with-an-external-relay/
> >
> > if you need to use a From address that is something other than
> > @ then it gets more complicated
> >
> > > - It'll probably be easier for me to determine how to add USB
> > > drives to the VM (working on it)
> > > 4. I can't tell whether the `make install` worked or not
> >
> > "pkg_info | grep unifi" will show some output if it is installed
> >



Re: How to rebuild the ports tree?

2022-04-02 Thread Eric Thomas
@Stuart

> I really recommend using FETCH_PACKAGES

Thank you for the (repeated!) recommendation to use `make
FETCH_PACKAGES= install`. I had originally tried the command but
missed that CRITICAL space ' ' between `=` and `install`. Now that I
have that corrected, the `make` went very quickly.

>"pkg_info | grep unifi" will show some output if it is installed

Nice! After running `make`, `pkg_info | grep unifi` shows:
"unifi-6.2.26 controller for Ubiquit..."

Last(?) issue:
Running `pkg_add unifi` (or `unifi-6.2.26`) from
`/urs/ports/net/unifi/6.2` results in:
"quirks-4.54 signed on 2022-03-26T14:02:422
Can't find unifi"

How do I get the custom build to a location where pkg_add can "see it"?

On Fri, Apr 1, 2022 at 8:30 AM Stuart Henderson
 wrote:
>
> On 2022-04-01, Eric Thomas  wrote:
> > @Crystal
> >
> >> If you want to work with the ports tree, it's _much_ better to set up
> >> DPB than just running 'make' in the various directories:
> >
> > Very cool blog! I def spent some time reading. The dpb method feels
> > like a litle too advanced for me at this moment. I'm struggling to
> > get this UniFi port built using the standard setup.
>
> The only places I use dpb are 1) for bulk builds, i.e. building the
> whole set of ports in one go, and 2) if I want to download all the
> distfiles (source code to all the ports) if I want to run a search
> over it all.
>
> It's useful but I would not describe it as useful for what most people
> need to do with the ports tree.
>
> > @Stuart
> >
> > 1. I was able to restore a previous checkpoint (I'm in a virtual
> > machine) where the port tree was freshly installed.
> > 2. I ran `make install` in the correct directory ( thank you:
> > `/usr/ports/net/unifi/6.2`) and piped the results to a log.txt file.
>
> I really recommend using FETCH_PACKAGES so you aren't spending hours
> building difficult-to-build ports needlessly, unifi itself cannot be
> distributed as packages, but the other software which it requires aren't
> a problem.  i.e. this bit from my mail:
>
> >> memory limits, you probably want to install those from packages instead
> >> ("make FETCH_PACKAGES= install" should do that - the unifi port would
> >> have displayed a hint about this when you ran "make").
>
>
> > 3. I wish I could figure out how to get the dang log.txt file out of
> > the OpenBSD VM (email?, USB thumbdrive?, other?) and into your hands!
>
> the easiest options are based around connecting to the machine by ssh
> e.g.
>
> - ssh in, copy and paste from the terminal
> - scp or sftp the file to another machine
>
> > - Seems like an act of congress to setup external email. At least
> > I can't find a simple example on the web
>
> either use a mail client that can connect to your mail server directly,
> or use something like this
> https://blog.joelg.net/post/2020-09-20-setting-up-opensmtpd-with-an-external-relay/
>
> if you need to use a From address that is something other than
> @ then it gets more complicated
>
> > - It'll probably be easier for me to determine how to add USB
> > drives to the VM (working on it)
> > 4. I can't tell whether the `make install` worked or not
>
> "pkg_info | grep unifi" will show some output if it is installed
>



Re: How to rebuild the ports tree?

2022-04-01 Thread Eric Thomas
@Crystal

> If you want to work with the ports tree, it's _much_ better to set up
> DPB than just running 'make' in the various directories:

Very cool blog! I def spent some time reading. The dpb method feels
like a litle too advanced for me at this moment. I'm struggling to
get this UniFi port built using the standard setup.
---

@Stuart

1. I was able to restore a previous checkpoint (I'm in a virtual
machine) where the port tree was freshly installed.
2. I ran `make install` in the correct directory ( thank you:
`/usr/ports/net/unifi/6.2`) and piped the results to a log.txt file.
3. I wish I could figure out how to get the dang log.txt file out of
the OpenBSD VM (email?, USB thumbdrive?, other?) and into your hands!
- Seems like an act of congress to setup external email. At least
I can't find a simple example on the web
- It'll probably be easier for me to determine how to add USB
drives to the VM (working on it)
4. I can't tell whether the `make install` worked or not
- Running `pkg_add unifi` results in:
- 'quirks-4.54 signed on 2022-03-26T14:02:42Z /n Can't find unifi`


On Thu, Mar 31, 2022 at 5:53 PM Stuart Henderson
 wrote:
>
> On 2022-03-31, Eric Thomas  wrote:
> > --c9bb7b05db88e7ee
> > Content-Type: text/plain; charset="UTF-8"
> >
> > I'm stuck. I need to install the UniFi 6.2.26 port, I used the [FAQ to
> > setup the ports tree](https://www.openbsd.org/faq/ports/ports.html).
> > This seemed to work just fine. However, the last few messages in the
> > `make install` output showed errors. To debug the issue, I decided to
> > completely uninstall the UniFi port then pipe the `make install`
> > output to a log.txt.
>
> As you mentioned 6.2 and this shows 5.6 you'll want to cd into the
> relevant subdirectory of /usr/ports/net/unifi.
>
> Compiling mongodb and java aren't very much fun and may need raised
> memory limits, you probably want to install those from packages instead
> ("make FETCH_PACKAGES= install" should do that - the unifi port would
> have displayed a hint about this when you ran "make").
>
> > To uninstall:
> >
> > - TRIED: `make uninstall`
> > - ERROR: `make: don't know how to make uninstall`
>
> This would be "make deinstall", but it isn't installed yet, what you
> showed is where it was trying to compile/install the dependencies.
>
> > Content-Type: image/png; name="image.png"
>
> Hopefully that will help, if not please copy the text from a terminal
> rather than send a screenshot, it may be helpful to scroll up a bit
> to show preceding lines too.
>



How to rebuild the ports tree?

2022-03-31 Thread Eric Thomas
I'm stuck. I need to install the UniFi 6.2.26 port, I used the [FAQ to
setup the ports tree](https://www.openbsd.org/faq/ports/ports.html).
This seemed to work just fine. However, the last few messages in the
`make install` output showed errors. To debug the issue, I decided to
completely uninstall the UniFi port then pipe the `make install`
output to a log.txt.

To uninstall:

- TRIED: `make uninstall`
- ERROR: `make: don't know how to make uninstall`

- TRIED:
  - `make clean`
  - `pkg_delete -a`
  - `make clean=dist`
  - `make clean=packages`
  - `make install`
- ERRORS: MANY (attached)

The question is, how to I just rebuild the ports tree and/or get it
back in a known good state?


How to determine if WiFi AP is compatible?

2022-03-28 Thread Eric Thomas
I'm trying to determine if a WiFi AP is compatible with OpenBSD. For
example, checking the [Wireless FAQ's](
https://www.openbsd.org/faq/faq6.html#Wireless), I don't see whether the
chipset used by the [UniFi Access Point WiFe 6 Pro](
https://dl.ui.com/ds/u6-pro_ds.pdf) is compatible or not.

I want to know if I need use a particular [switch](
https://store.ui.com/collections/unifi-network-switching/products/usw-lite-16-poe)
to plug the WiFi AP into, or whether I can plug the WiFi AP directly into
the OpenBSD server.

Sheet of music:
https://i.stack.imgur.com/IkBMf.png


OpenBSD Home Server + Workstation on same machine?

2022-03-21 Thread Eric Thomas
Hello,

I'd like to learn about secure networking (PKI, x509 certs, DNS, IPS, etc.)
and generally
harden my home network using OpenBSD. Can I use OpenBSD services AND have
it act as a desktop workstation on the same machine?

Ref:
https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine

Thanks,
Eric


Re: OpenSSH 8.8 ECCN REQUEST

2022-03-11 Thread Greg Thomas
Since the project is based in Canada I don't know if anyone on this list
would have an ECCN.  Unless there's someone on this list from one of the US
companies that exports OpenSSH.

On Fri, Mar 11, 2022 at 12:38 PM  wrote:

> Hello,
>
> Our company is exporting a computer with OpenSSH 8.8 software installed.
>
> We would like to confirm the ECCN of this software.  Would you please
> reply with US ECCN?
>
>
>
> Regards,
> [Icon  Description automatically generated]
> Marella Abraham
> Import/Export Compliance Analyst
> Email: marella.x.abra...@us.tel.com
>
>


Re: no serial access anymore after upgrade

2022-02-22 Thread Thomas

yes, I think you are right.

/etc/ttys shows this line:

tty00   "/usr/libexec/getty std.9600"   unknown off

I for sure messed it up manually with sysmerge...

Thanks a lot, Nick!

Thomas

On 22.02.22 17:25, Nick Holland wrote:

On 2/22/22 8:21 AM, Thomas wrote:

Hello,

I have a bunch of firewall and router devices with serial ports only. No
vga ports at all. After upgrading two of the devices to 7.0 I lose
access to the console after the boot process has finished. Last thing
that is printed on the screen is the date. Normally the log-in prompt is
showing up after that. After boot I'm now not able to access the server
via serial console at all anymore.

Has anyone made the same experience after upgrading?

Thanks and have a nice day,
Thomas


/etc/boot.conf
stty com0
set tty com0



IF you are getting the dmesg output but not the login prompt, sounds
like you lost the change to the tty00 line in /etc/ttys, it should
look something like:
   tty00   "/usr/libexec/getty std.115200" vt220    on secure

HOW that happened is worthy of investigation. sysmerge should not
have blindly overwritten that file, but you might have done it
manually not remembering that's an important file.

Nick.



dmesg:

OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022

[snipped for size, but thanks!]







Re: no serial access anymore after upgrade

2022-02-22 Thread Thomas

Unfortunalty I don't have a dmesg from prior versions :/
When the machine is booting the serial console shows the output. So it 
seems to work in general. But after booting is finished...nothing.


Thomas

On 22.02.22 15:04, deich...@placebonol.com wrote:

Do you have dmesg output prior to upgrade?  I see 2 serial ports in the 7.0 
dmesg.



On February 22, 2022 6:21:00 AM MST, Thomas  wrote:

Hello,

I have a bunch of firewall and router devices with serial ports only. No vga 
ports at all. After upgrading two of the devices to 7.0 I lose access to the 
console after the boot process has finished. Last thing that is printed on the 
screen is the date. Normally the log-in prompt is showing up after that. After 
boot I'm now not able to access the server via serial console at all anymore.

Has anyone made the same experience after upgrading?

Thanks and have a nice day,
Thomas


/etc/boot.conf
stty com0
set tty com0


dmesg:

OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022

r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17083424768 (16292MB)
avail mem = 16549654528 (15782MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec150 (77 entries)
bios0: vendor American Megatrends Inc. version "4.6.5" date 01/23/2017
bios0: INTEL Corporation DENLOW_WS
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S1 S5
acpi0: tables DSDT FACP APIC FPDT SSDT MCFG HPET SSDT SSDT DMAR
acpi0: wakeup devices RP01(S1) PXSX(S1) RP02(S1) PXSX(S1) RP03(S1) PXSX(S1) 
RP04(S1) PXSX(S1) RP05(S1) PXSX(S1) RP06(S1) PXSX(S1) RP07(S1) PXSX(S1) 
RP08(S1) PXSX(S1) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.44 MHz, 06-3c-03
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.01 MHz, 06-3c-03
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBD

no serial access anymore after upgrade

2022-02-22 Thread Thomas

Hello,

I have a bunch of firewall and router devices with serial ports only. No 
vga ports at all. After upgrading two of the devices to 7.0 I lose 
access to the console after the boot process has finished. Last thing 
that is printed on the screen is the date. Normally the log-in prompt is 
showing up after that. After boot I'm now not able to access the server 
via serial console at all anymore.


Has anyone made the same experience after upgrading?

Thanks and have a nice day,
Thomas


/etc/boot.conf
stty com0
set tty com0


dmesg:

OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022

r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17083424768 (16292MB)
avail mem = 16549654528 (15782MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec150 (77 entries)
bios0: vendor American Megatrends Inc. version "4.6.5" date 01/23/2017
bios0: INTEL Corporation DENLOW_WS
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S1 S5
acpi0: tables DSDT FACP APIC FPDT SSDT MCFG HPET SSDT SSDT DMAR
acpi0: wakeup devices RP01(S1) PXSX(S1) RP02(S1) PXSX(S1) RP03(S1) 
PXSX(S1) RP04(S1) PXSX(S1) RP05(S1) PXSX(S1) RP06(S1) PXSX(S1) RP07(S1) 
PXSX(S1) RP08(S1) PXSX(S1) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.44 MHz, 06-3c-03
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.01 MHz, 06-3c-03
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,

Re: New desktop CPU/chipset recommendation

2022-02-13 Thread Thomas Frohwein
On Thu, 3 Feb 2022 19:16:55 -0500
Andre Smagin  wrote:

> Replying to my own thread from months ago. Took some time to get
> this done, buying one part per paycheck, but I have a new desktop now.
> Ryzen 9 5950x on x570 chipset motherboard, should last ten years at
> least. Everything "just works" - NVMe hard drives, SPDIF audio, video,
> etc.

Does the audio work? No audio hangs/wedging anymore on more than just
a few minutes of usage? I have a machine like this, too, but audio would
hang with MSI on like previous Ryzen generations. Unlike previous Ryzen
generations, patching to switch to legacy interrupts didn't work. That
was about 1.5 years ago; it currently serves as a Windows box ...

It would be good to know if that issue went away... I wouldn't mind
putting a better OS on my machine again *cough*.

> 
> Big thanks to OpenBSD developers! No issues to complain about, fresh
> install, copied my configuration files from old desktop, was up and
> running in 30 minutes. Day 3 to configure Windows 11 on a second hard
> drive (to run 3d CAD software mostly) and now I have to reinstall -
> broke something completely while trying to set it up to be usable...



Mirrors down for maintenance?

2022-02-01 Thread Thomas Vetere
Hello everyone,

Is anyone else getting "ftp Connection refused" when trying to access the
mirrors? I checked the announcements email archive today and didn't see
anything about maintenance. I found this email chain in the archives which
is exactly what I'm experiencing.

https://www.mail-archive.com/misc@openbsd.org/msg152927.html

This chain references another set of emails that showed some mirrors were
down for maintenance at that time. I have two laptops running OpenBSD and
both seem to have this issue. I tried a bunch of other mirrors to no
success. Also I used one of them yesterday and was able to connect
successfully then so that leads me to believe the issue isn't on my end.

Thank you for your help!


Re: How to install yfklog

2022-01-11 Thread Greg Thomas
I'd read through this:

https://www.openbsd.org/faq/faq15.html

After you read that you should be able to verify if the required packages
are available on OpenBSD or not.

And then go through what you think are the correct steps.  And then ask
questions after you've written exactly what you've done if things don't
work.

On Tue, Jan 11, 2022 at 12:06 AM Pascal  wrote:

>
> I want to install yfklog software
> ( https://fkurz.net/ham/yfklog.html ) on OpenBSD. I have no experience.
> The author, Fabian Kurz, says in the installation manual:
>
> "Install the required packages:
>
> Perl
>
> DBI
>
> SQLite
>
> Curses
>
> Make
>
> libwww-perl
>
> On Ubuntu or Debian Linux, you can satisfy all requirements simply by
> running:
> sudo apt-get install perl libdbd-sqlite3-perl libclass-dbi-sqlite-perl
> make libsqlite3-0 libcurses-perl libwww-perl libnet-telnet-perl "
>
>
>
> Do these packets have equivalents on OpenBSD? How do I install them?
>
> Thank you for your help.
>
> Pascal
>
>


Are there any OpenBSD Kernel/Architecture Books?

2021-12-20 Thread Thomas Windisch
What resources would be a good primer on the OpenBSD kernel and general
architecture and give me a good understanding of the internals?

FreeBSD has this:

https://docs-legacy.freebsd.org/doc/13.0-RELEASE/usr/local/share/doc/freebsd/en_US.ISO8859-1/books/arch-handbook/book.html

I understand that in OpenBSD there is the mantra that source code is
documentation. But as a beginner I'm afraid that I do need something 
explicit that would allow me read the source code in an effective manner.



  1   2   3   4   5   6   7   8   9   10   >