Re: chroot browser
I guess you should take a look at Systrace: http://en.wikipedia.org/wiki/Systrace On Thu, Mar 26, 2009 at 11:28 AM, punoseva...@gmail.com wrote: Hi misc, I was wondering if you could give me some input about the following security matter. It seems to me that using a web-browser, an email client, and a chat client (if permitted at all) are the un-safest forms of interaction of a typical desktop user with his/hers computer. Apart of standard protective techniques as using a web-proxy is there are any benefit in running web-browser in chroot environment per user? It looks to me no, especially in a light of the fact that application must have the access to X server. Could anybody elaborate on what would be a typical desktop application, if any, which would be a good candidate for chroot. Thanks, Predrag
Re: Missing security announcements
Ted, everybody knows that's not going to happen. Why no scrap the security announcement list if it's not being used or just whenever someone feels like it? The mere existence of this list implies to users that new errata are being announced to that list which is not the case. Get rid of the list and the problem is solved. The website is updated with new errata. Everybody should be able to follow the CVS. The list is flawed and obsolete. Just my 2 cents, as I remember having asked the same question YEARS AGO and nothing has changed since then. cheers, Tobias On Thu, Nov 13, 2008 at 2:55 PM, Ted Unangst [EMAIL PROTECTED] wrote: So get on the developer's case when they don't send out notifications. All this chatter now isn't going to change anything when the next errata comes out. You want security announcement? Do something to make it happen!
Re: Missing security announcements
Janne, On Thu, Nov 13, 2008 at 4:14 PM, Janne Johansson [EMAIL PROTECTED] wrote: everybody knows that's not going to happen. I remember having asked the same question YEARS AGO and nothing has changed since then. Reading those two next to eachother says everything. Why ain't you a bit more explicit? Should /I/ have managed that list? Why didn't you if you care to post messages in this thread? This kind of answer is so redundant and hypocritical at the same time.
Bernstein puts qmail in public domain
Hi everybody, I just wanted to point out that D.J. Bernstein has put qmail in public domain. I'm not implying anything but wouldn't it be a perfect opportunity to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in OpenBSD? qmail's security record is better and many OpenBSD users prefer it to sendmail. http://cr.yp.to/qmail/dist.html I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You are free to modify the package, distribute modified versions, etc. regards, Tobias W.
Re: Kuro5hin: OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD
Hi there, What a crappy article. Whoever gives a sh*t about what that guy wrote, I don't know. But that's just me. For example, notice how he starts the article. The first paragraph is supposed to sound like a compliment but in fact it's an insult. regards, Tobias W. On Aug 5, 2007, at 10:50 PM, chefren wrote: OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD By David Marcus, 2007-08-05 03:41:29 Section: Technology, Topic: I formerly had a great deal of respect, bordering on admiration, for Theo deRaadt's refusals to compromise his open source principles, even in the face of stiff opposition. Although he has occasionally gone over-the-top, recommended some frankly very dubious changes to OpenBSD, and is regularly arrogant (which is even more annoying because he's so often right!), he's always remained consistent in his devotion to the cause of GNU/Free Software. http://www.kuro5hin.org/story/2007/8/2/15233/84896
carp and alias
Hi everybody, I read the carp(4) manpage, the carp FAQ entry and http:// www.countersiege.com/doc/pfsync-carp/ yet I still have some questions. Let's say I have an OpenBSD host like this: #/etc/hostname.xl0 inet 10.0.0.1 255.255.255.0 NONE inet alias 10.0.0.2 255.255.255.0 inet alias 10.0.0.3 255.255.255.0 inet alias 10.0.0.4 255.255.255.0 This might be the external interface. Now I want to have one carp interface with the address 10.0.0.250: #/etc/hostname.carp0 inet 10.0.0.250 255.255.255.0 10.0.0.255 vhid 1 pass foo Is it possible to let carp0 have the alias definitions like this? #/etc/hostname.carp0 inet 10.0.0.250 255.255.255.0 10.0.0.255 vhid 1 pass foo inet alias 10.0.0.2 255.255.255.0 inet alias 10.0.0.3 255.255.255.0 inet alias 10.0.0.4 255.255.255.0 and remove those from /etc/hostname.xl0? regards, Tobias W. * God is real, unless declared integer.
Re: Webhosting Control Panel
Hi Karel, On May 31, 2007, at 4:27 PM, Karel Galuka wrote: Could you recommend me some Webhosting control panel for OpenBSD? How about /bin/ksh? :-) I really don't know what you're expecting from a question like this. At least name an example that might be familiar to some readers when you expect alternatives. regards, Tobias * God is real, unless declared integer.
Re: SSHJail patch for OpenBSD
Hi, On Apr 27, 2007, at 1:38 PM, Jeffrey 'jf' Lim wrote: On 4/27/07, Chris Lawson [EMAIL PROTECTED] wrote: Read the web page, it explains the reasoning right at the top. If you are instead being disingenuous (yes yes, I know you are) perhaps you could explain to us why you think this isn't a good idea. How about a solution involving systrace to lock a user's login shell within certain parameters? Such a scenario has been done, I've read about it on undeadly. regards, Tobias
Re: bcw(4) is gone
Hi there, On Apr 9, 2007, at 7:29 PM, Jeroen Massar wrote: ... GPL is good though if you want to force people to give back the code to you so that you can use it in your own dual-licensed projects. For people wanting true freedom of their code use: BSD or ISC it ;) The problem is the word free. BSD people tend to interpret free as I can do whatever I want with that code! Hell, I can even make it unfree again by turning it into a proprietary product!. In my opinion, /code/ that is labeled free should always remain free, no matter what the possible actions are. This ain't the case with BSD code. /You/ may do as you like with the code, but this doesn't make the code free, it just liberates your actions. BSD code is not free code as such. It just implies free actions. It's just a matter of perspective. Tip for coders: Start a lousy little project that many people will like, then release it as GPL, then if lucky people will use it and give you patches, now you can sell it back to them ;) Okay, that stops at the moment you have other people's code in there which you can't dual-license though, and that is the fun of GPL: you cripple yourself. You don't have to accept GPL contributions to your own codebase if you want to dual license. Their code contributions, your choice. As easy as that. It's all about respect. Respect their copyright or drop it. Easy, simple, fair. In fact, GPL projects offer more incentives of contributing that BSD projects. Someone wanting to contribute to a BSD project has to give up all control of their contribution. Not everybody is willing to follow down that road. The GPL at least makes sure that nobody can legally exploit a contribution without making it available to the users so that they can profit too. This is a much more valuable incentive to participate. If you /really/ want to include GPL contributions in your codebase in dual licensing schemes, you'll have to ask for permission of the copyright owner of that contribution. This is the most natural thing in the world. This whole bcw(4) discussion turned out to be a Those GNU/Linux/GPL fanatics don't allow us to be even more free than they claim to be! cryout. The funny thing is that it comes down to an OpenBSD contributor who didn't respect the copyright of some other party by redistributing GPL code without the GPL license through a public CVS repository. It's amazing how a community that should actually take a defensive position in a matter like this switches into attack mode and makes the violated party the culprit. The majority of the posts in this discussion, be it on undeadly, some other mailing list or here on [misc], reflect the mental pattern of six-year olds who cannot argue reasonably. I really have to admit that if these people represent the majority of the OpenBSD community, I am disgusted and most of all disappointed. But of course, it just may be so that decent people choose not to take part in these threads at all. regards, Tobias
Re: bcw(4) is gone
Hi there, On Apr 9, 2007, at 8:40 PM, Jessie D wrote: ericfurman at fastmail.net writes: To ease his work, and to let others in our group to step in in his efforts, he committet it to our work area which we call cvs. A CVS is not by any stretch of the imagination a public repository of code for anyone to use. Exactly. Exactly? How so?! If I take a look into the OpenBSD FAQ, using the public CVS repositories is a common and documented method of updating an OpenBSD system by end users. So no code was released hence no license violation. It doesn't take a genius. The amount of hipocrisy and denial among people on this list is simply amazing. Many seem to have a twisted and shifted cognition when it comes to waving with the red GPL/Linux flag. Simply unbelievable. Tobias W.
Re: bcw(4) is gone
Hi there, On Apr 9, 2007, at 8:43 PM, Robby Workman wrote: It's not a matter of perspective - forced freedom is not freedom. That statement also is a matter of perspective. ;-) If you mean by freedom, the liberty to do whatever you want, then BSD is freedom. If you mean by freedom, the security that users have the same rights with the code tomorrow they already have today, even if numerous people contribute to the code, the GPL is freedom. GPL is a license that ensures code stays free in the sense of open for users. It doesn't mean you can do with it whatever you want. It's not you that's free, it's the code. That's what I ment with matter of perspective. You don't have to agree with this at all, but at least you have to understand and respect the idea and that other people contribute to this model. It's nothing that should be rejected like I have the impression it is done by many stubborn people on this list. To ignore the possibility that it was an honest mistake is part of the problem. I won't claim to know what Marcus Glocker was thinking, but it seems quite plausible that he had every intention of removing the infringing code prior to making the bcw(4) work public, but in the excitement of some initial positive results, he simply forgot. Either way, he admitted that a mistake had been made. The reason (as I see it - again, I won't speak for anyone else) that the OpenBSD community came down so hard on the bcm43xx dev is due to the way he pursued the issue. There was absolutely no good reason to initially address the issue on a public mailing list and CC'd to a bunch of other people. If the initial mail had been sent privately to Marcus, then he could/would have removed the infringing code (or perhaps the entire driver temporarily). He could have then issued a public statement on *why* he did it (which would have satisfied the need to have it out in public that some of the code wasn't actually BSD licensed). Had it happened that way, everybody wins, and we don't have all of this fuss over it. Yes, that's exactly what I have been talking about on undeadly when that stupid death of a driver article was published to promote the myth. The reason why I'm bothering to participate in this discussion at all, is that many people claiming to take the OpenBSD side in this argument are actually no better than the bcm43xx devs when they had the idea to go public. This whole issue has been escalated primarily by OpenBSD folks, not the other way around. I'd say it's time to simply drop it. kind regards, Tobias W.
Re: bcw(4) is gone
Hi there, On Apr 9, 2007, at 8:49 PM, Adam wrote: Tobias Weisserth [EMAIL PROTECTED] wrote: The problem is the word free. BSD people tend to interpret free as I can do whatever I want with that code! Hell, I can even make it unfree again by turning it into a proprietary product!. Don't believe RMSs FUD. You can't turn code unfree, the BSD licensed code is still there. Just because some evil corporation uses my BSD licensed code in a closed source product, doesn't make my code unfree. Its still there, still just as free as it always was, for anyone and everyone to use. That is free. The code they added to it is not free, but the BSD licensed code is. The GPL is not about releasing free code, its about trying to force other people into releasing their code under the GPL. Everything you said is true, fair and square. But does it really change anything? A copyright owner can decide whatever he wants when it comes to /his/ code. If he decides that other people may only use it if they offer it under the same restrictions it has been originally offered, then this is also fair and square. It's his code, his copyright. Take it as it is or leave it. As simple as that. Regarding freedom: Take the Linksys routing devices. They ship with GPL software. Taking what you said as an example, it would be OK if Linksys made proprietary changes to the free software and deliver a closed software on the device. If for example the proprietary changes make the free software work on the device in the first place, the software is in effect not free anymore, as the free version of the software is useless in effect. If there is no other option than to buy these Linksys devices or similar devices in the future and the originally free software cannot be used on any other device anymore, then the propriety changes to a free software has made this software unfree for users. What's the freedom of BSD software worth when it can't be used in its free form anymore? That can't happen with GPL'ed software. Think one step further. Take computers. Take computers that incoporate hardware that checks wether you run a signed binary from a particular vendor only. What use is BSD free code then? None at all. You'll have to start reverse-engineering. That's not a myth, that's not propaganda, that's simply a fact and that's a danger the Free Software Foundation wants to ward off by offering the GPL. You'll say: hey, what does it matter? I have plenty of choices in computer devices. What happens, when that is going to change? The GPL FORCES people to respect users rights to run free software on any devices that have been delivered with software based on free software and that ain't a bad idea at all. In fact it's pretty clever. There are many cases where a GPL license is the only sensible choice in my opinion. Of course, I don't reject the BSD license either. It all depends on what you want to bring about and secure. There is no one-and-only-free license. opinion, /code/ that is labeled free should always remain free And code that has seriously restrictive licenses like the GPL should not be labeled free in the first place. I simply can't follow this absolute rejection of the positive effect the GPL ensures. It's not that the BSD license and GPL license fight a battle for world domination. Not that it would be fair, given the viral character of the GPL... :-P regards, Tobias W.
Re: bcw(4) is gone
Hi there, On Apr 10, 2007, at 3:20 AM, Marco Peereboom wrote: It is because you do not understand the definition of free. Who the hell do you think you are that you can impose a definition of free on me? Freedom is also a matter of perception and perspective. I have given you a practical example which you simply rejected without even considering it. Do you really think you can make a rude point by copying and pasting from a dictionary? This is ridiculous. Tobias
Re: Installing Skype
Hi there, On Mar 23, 2007, at 6:47 AM, Rafael Morales wrote: I have OpenBSD 4.0 on a HP laptop and I need to install Skype because is for the comunication in my job and I have the freedom for install my lovely OpenBSD. This what I have done: 1. I installed the redhat_base-8.0p8.tgz for the emulation. 2. Download the skype-0_90_0_1.rpm and installed it with the /emul/linux/bin/rpm, all seemed good. 3. If I try to run it, I just see a error message looking for the lib file libXss.so.1. If someone has installed the skype could help me please ???. Skype is a buggy piece of sh*t. If you have to use it, then wrap it in a solid systrace policy if that's possible at all. I don't know about systrace and Linux emulation on OpenBSD. I wouldn't use the rpm, I'd instead download the statically linked file that's available on the Skype site: http://www.skype.org/go/getskype-linux-static That should solve all library issues. kind regards, Tobias W.
Re: Installing Skype
Hi, On Mar 23, 2007, at 6:24 PM, Rafael Morales wrote: I need the shared library libasound.so.2, anybody could send to me ???, I don't have a linux box here. I need my box rooted, can anybody please send me a trojaned binary library I have to trust blindly? If you really need binary libraries at least try to get them from a trustworthy source. Use any of the RPM search engines and search for an RPM package that contains that library. Use a RPM package from any of the official mirrors of major distributions. Download the RPM, verify its signature with GnuPG and extract its contents. The GnuPG key to verify against should be on the installation CDs of the distribution. Maybe packages even have MD5 sums, I don't know... Good luck! Tobias W.
Re: OpenBSD SECURITY FIX: Incorrect mbuf handling for ICMP6 packets, 2nd revision
Hi, On Sunday, 18. March 2007 12:28, Henning Brauer wrote: * Tobias Weisserth [EMAIL PROTECTED] [2007-03-18 01:17]: Can I apply it if I already applied the first revision to 4.0 release + errata up to 010 first revision? you need to remove the first revision of th 010 patch first (patch -R). Thanks, I just did as described on undeadly and copied back the original file. or just getth ecode from the cvs stable branch, I never understand why people bother with release code and hand patching in the first place :) Easy. I don't have to download large quantities of source with CVS, I only have to compile those parts of the source that are affected by a patch. Or do I have to edit the latest patch to only add the if test? I also noticed the index is different in the two revisions of the patch. The first revision is using sys/kern/uipc_mbuf2.c as index, the second revision only uses uipc_mbuf2.c. this was an error on my side that has been fixed in the patches files since then. sorry for that. No problem. Errors happen. Keep up the good work. I can't wait to get my hands on the 4.1 CDs I already ordered. kind regards, Tobias W.
Re: OpenBSD SECURITY FIX: Incorrect mbuf handling for ICMP6 packets, 2nd revision
Hi, On Sunday, 18. March 2007 14:00, Henning Brauer wrote: ... Easy. I don't have to download large quantities of source with CVS, I only have to compile those parts of the source that are affected by a patch. err? assuming you have release code intsalled (which you need for patching too), cd /usr/src/sys; cvs -d [EMAIL PROTECTED]:/cvs up -rOPENBSD_4_0 will not download large quantitites of source I guess you're right, but compared to the amount of bits an errata takes, anything else certainly is large by comparison ;-) Also, I actually like the idea of the errata because I can grasp changes quickly without having to check CVS entries. I just open the patch file, take a quick look at the changes and most of the time I actually can grasp the differences. This doesn't take more than a couple of minutes normally. And since errata are more or less the exception I don't have to patch so often. regards, Tobias W.
Re: Seeking opinion about OpenBSD
Hi, On Sunday, 18. March 2007 19:00, Thomas Leveille wrote: Am I the only one to find this stupid ? Why should you need a browser in a server ? I sometimes depend on lynx to download stuff from sourceforge where no direct download link is supplied. regards, Tobias W.
OpenBSD SECURITY FIX: Incorrect mbuf handling for ICMP6 packets, 2nd revision
Hi everybody, I just noticed Henning's addition to the latest patch. Can I apply it if I already applied the first revision to 4.0 release + errata up to 010 first revision? Or do I have to edit the latest patch to only add the if test? I also noticed the index is different in the two revisions of the patch. The first revision is using sys/kern/uipc_mbuf2.c as index, the second revision only uses uipc_mbuf2.c. Will it apply without errors when called with cd /usr/src patch -p0 010_m_dup1.patch? thanks, Tobias W.
Re: Contradictory statement on vulnerability
Hi, On Friday, 16. March 2007 12:09, Karel Kulhavy wrote: I am not following anything - just installed OpenBSD 4.0 from a CD. What should I follow, then? That's your choice. If you just want a stable and reliable OpenBSD then install -release (that's what you did). If you want to keep it patched without tracking the development of OpenBSD, then follow -stable. Just apply the errata you can find on the OpenBSD website. A nice newbie site explaining this with examples is www.openbsd101.com, if you don't understand the OpenBSD FAQ. In other operating system the concept of upgrading is straightforward - Windows ask you and you press OK, in Gentoo Linux you type a magic sequence of magic commands and your system is up to date. But in OpenBSD it seems that the versions are not a sequence, but a tree with a lot of one way streets and that's what confuses me. OMG, you're comparing OpenBSD to Gentoo and you're still complaining?! You can't be serious. But let's put it this way: what you do in Gentoo is roughly the same you'd do when you follow -current. Or in other words: there's no way to just have a stable and reliable system that doesn't move, when you're using Gentoo. As a sidenote: I've been using Gentoo for almost two years and never have I wasted more time just to keep a computer running than with Gentoo... And I certainly won't get started about the Windows comparison... The concept of upgrading (an upgrade is something different actually than what you are obviously thinking about) is perfectly straightforward in OpenBSD - if you care to actually read the documentation that comes along with OpenBSD. I don't know any other operating system, that does documentation so well. good luck, Tobias W.
Re: Contradictory statement on vulnerability
Hi, On Friday, 16. March 2007 21:04, Karel Kulhavy wrote: ... Thanks, this is a much better explanation than in FAQ sec. 5. The explanation in FAQ doesn't mention the fact that not only the -current, but also the -stable is a moving target, though a slowly moving one. Now I have 4.0-release and want to have a fixed kernel (4.0-stable). Which version of sources should I download then? 4.0-release or 4.0-stable? You still haven't got it. This is what the FAQ states: -release: The version of OpenBSD shipped every six months on CD. -stable: Release, plus patches considered critical to security and reliability. -stable is not moving. It's just -release plus the errata from http://www.openbsd.org/errata40.html as stated in he FAQ. Get the sources from your CDs or from the FTP servers. Then apply the errata and you'll have -stable. It's as easy as that. If you're unable to grasp the concept you should buy a good book on OpenBSD and/or try a little harder to understand what you read in the FAQ. There's a book section on the OpenBSD website that names some good books on OpenBSD. Did you check www.openbsd101.com? Seemingly you didn't, otherwise you wouldn't have asked this latest question of yours. regards, Tobias W.
Re: Slightly OT: i386 Sound Card Recommendation
Hi, On Friday, 16. March 2007 21:26, JT Croteau wrote: This may seem like a simple question but it has been a long time since I've done any multimedia work on a *nix platform and never on OpenBSD. I need to add a sound card to my OpenBSD desktop box for basic audio playback from .mp3's and cd's and to do some basic recording. What would be a good PCI based card to go with? I am currently leaning towards a SoundBlaster 128 or 512. Check there first: http://www.openbsd.org/i386.html#hardware Then figure out what products have a supported chipset. Choose the product that you like most. Change the above URL if you have another architecture. I chose a Terratec soundcard that way and I am quite happy with the outcome. regards, Tobias W.
Re: Contradictory statement on vulnerability
Hi, On Friday, 16. March 2007 23:41, Jeremy Huiskamp wrote: ... Um, no. If you apply the errata to -release you have -release + errata. There are things in stable that are not in the errata, albeit not much. Tracking -stable requires using cvs which, frankly is much easier than patching -release, unless you're worried about the time spent doing a cvs update and possible extra compilation time. You're right of course. I was assuming he was looking for the easiest way to get a -release version with patches applied. That's what I wanted to explain and obviously I got it confused with -stable. regards, Tobias W.
Re: OpenBSD as Virtualbox guest
Hi there, On Tuesday, 27. February 2007 20:17, Peter wrote: I'm looking for comments from people who have installed OpenBSD 4.0 as a Virtualbox guest. I am currently running Virtualbox 1.3.6 on Gentoo Linux 2006.1. The manual does not mention OBSD as guest even though their website states that it is possible. My main question is how to create an OBSD image since it seems that I need an ISO image. You can buy the OpenBSD CDs here: http://www.openbsd.org/orders.html You can also try to do a FTP installation inside your virtual box, it should have access to the Internet if you configured your host box correctly. There's a tiny ISO on the FTP servers that allows you to boot into the installation program. Another option is to create a full ISO image yourself. Just use Google to lookup the details. It's not difficult at all. regards, Tobias W.
Re: Virtualisation on OpenBSD?
Hi there, On Jan 24, 2007, at 1:49 PM, John Tate wrote: Is there any software that supports OpenBSD that can do full virtualisation? I don't think VMware would be supported on OpenBSD. I don't think there is anything that really fits what you're looking for. The NetBSD project has neat Xen integration both for running NetBSD as host or guest system. If you're looking for something like vmware then check out www.virtualbox.de. The GPL'ed the software recently and I've got it running on openSUSE. It runs a lot of guest systems including OpenBSD and it's much faster than qemu. There's a Linux kernel module included. I guess it does the same as the closed-source qemu module, so maybe this is sufficient for you. Hope this helps somehow. regards, Tobias
SMP kernel on single CPU machines?
Hi everybody, this may be a really stupid question but I'm going to ask it anyway since I didn't find anything using Google or in the archives. I was looking at http://www.openbsd.org/faq/faq8.html#SMP I'm wondering if there are any disadvantages if I run a SMP kernel on a machine with only one CPU. Is there any harm running an SMP kernel on a machine with only one CPU? thanks, Tobias W.
Re: binpatch, was: moving kernels...
Hi there, On Saturday, 6. January 2007 17:24, Ingo Schwarze wrote: ... So if you use it, you will probably need to do maintenance work yourself, first of all adapting it to OpenBSD 4.0. Have a look here: http://erdelynet.com/binpatch/ Mike has a Makefile for 4.0 stable that I'm using too. It's a good thing to start with and add whatever you need on top of it. kind regards, Tobias W.
Re: help! 855 chipset resolution
Hi there, On Dec 13, 2006, at 3:09 PM, Vim Visual wrote: yes... that's probably the solution... gosh... this means that I have to re-install both things... anyway... Nonsense! :-) You can make room on your harddrive by resizing some of your partitions so that OpenBSD fits on it too. All you need is Knoppix or some other Live CD of your choice with some decent partitioning tools on it. regards, Tobias
Re: ahem... skype on o'bsd
Hi, On Dec 11, 2006, at 6:15 PM, Vim Visual wrote: the proof ;) http://www.aei.mpg.de/~pau/skype.png I don't have any contacts under that nickname; therefore the list is empty... I would be careful with Skype. My father's Mandriva Linux PC was trojaned using an outdated version of Skype as entry point. Maybe you should post a systrace policy along with how to use Skype in OpenBSD ;-) regards, Tobias W.
Re: livecd error
Hi, I hope this is not considered thread-highjacking but it sort of fits into this thread, so here it goes: I'm trying to follow these instructions to build a live CD based on 4.0 stable: http://www.onlamp.com/pub/a/bsd/2005/07/14/openbsd_live.html I'm in trouble when building the RAMDISK kernel with the modified Makefile.inc: cd /usr/src/distrib/i386/ramdisk_cd make make stops with an error because it tries to copy too much into a mounted device with too little space: ###make output### ... rm -f bsd ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o textdatabss dec hex 4730816 2163584 867984 7762384 7671d0 cp /usr/src/distrib/i386/ramdisk_cd/../../../sys/arch/i386/compile/RAMDISK_CD/bsd bsd cc -DDEBUG -o rdsetroot /usr/src/distrib/i386/ramdisk_cd/../../common/elfrdsetroot.c cp bsd bsd.rd /usr/src/distrib/i386/ramdisk_cd/rdsetroot bsd.rd mr.fs segment 0 rd_root_size_off = 0x490740 rd_root_image_off = 0x490760 rd_root_size val: 0x001DB000 (3800 blocks) copying root image... ...copied 1945600 bytes cp bsd.rd bsd.strip strip -s -R .comment -K cngetc bsd.strip gzip -c9 bsd.strip bsd.gz dd if=/dev/zero of=/var/tmp/image.27740 bs=10k count=288 288+0 records in 288+0 records out 2949120 bytes transferred in 0.271 secs (10881719 bytes/sec) vnconfig -v -c svnd0 /var/tmp/image.27740 svnd0: 2949120 bytes on /var/tmp/image.27740 disklabel -w -r svnd0 floppy288 newfs -m 0 -o space -i 524288 -c 80 /dev/rsvnd0a /dev/rsvnd0a: 5760 sectors in 80 cylinders of 2 tracks, 36 sectors 2.8MB in 1 cyl groups (80 c/g, 2.81MB/g, 32 i/g) super-block backups (for fsck -b #) at: 32, mount /dev/svnd0a /mnt cp /usr/mdec/boot /usr/src/distrib/i386/ramdisk_cd/boot strip -s -R .comment -K cngetc /usr/src/distrib/i386/ramdisk_cd/boot dd if=/usr/src/distrib/i386/ramdisk_cd/boot of=/mnt/boot bs=512 77+1 records in 77+1 records out 39572 bytes transferred in 0.016 secs (2371001 bytes/sec) dd if=bsd.gz of=/mnt/bsd bs=512 /mnt: write failed, file system is full dd: /mnt/bsd: No space left on device 5601+0 records in 5600+0 records out 2867200 bytes transferred in 1.233 secs (2324260 bytes/sec) *** Error code 1 Stop in /usr/src/distrib/i386/ramdisk_cd (line 30 of /usr/src/distrib/i386/ramdisk_cd/../common/Makefile.inc). # I haven't really understood what the 2.8MB device is for regarding the whole process. Can anybody explain and propose a solution? Can't I just copy the stuff to another device, that's bigger? If this is just for creating a floppy image that's bootable and is insignificant regarding my live CD, can I just delete these instructions from Makefile.inc? The instructions by Kevin Lo say: In the /usr/src/distrib/i386/ramdisk_cd directory, copy the two files bsd and cdrom36.fs to the /livecd directory. The cdrom36.fs in my case would be cdrom40.fs and has a fliesize bigger than 2.8MB anyway? I'm not able to spot any reference to any cdrom{version}.fs file being created in the Makefile.inc. What's my problem? Since I haven't been able to apply the patch to /usr/src/distrib/i386/common/Makefile.inc with patch I deleted the lines with a - in front of it in the patch file and added the lines with the + at the appropriate lines. Just to avoid simple mistakes, I'll include the whole Makefile.inc here. Sorry, if this is not appropriate. Makefile.inc## # $OpenBSD: Makefile.inc,v 1.15 2004/11/25 22:02:08 deraadt Exp $ TOP=${.CURDIR}/.. .include ${TOP}/Makefile.inc IMAGE= mr.fs CBIN?= instbin CRUNCHCONF?=${CBIN}.conf LISTS?= ${.CURDIR}/../common/list UTILS?= ${.CURDIR}/../../miniroot MOUNT_POINT=/mnt MTREE= ${UTILS}/mtree.conf XNAME?= floppy FS?=${XNAME}${REV}.fs VND?= svnd0 VND_DEV=/dev/${VND}a VND_RDEV= /dev/r${VND}a VND_CRDEV= /dev/r${VND}c PID!= echo REALIMAGE!= echo /var/tmp/image.${PID} BOOT= ${DESTDIR}/usr/mdec/boot FLOPPYSIZE?=144 FLOPPYTYPE?=floppy3 all:${FS} ${FS}: bsd.gz dd if=/dev/zero of=${REALIMAGE} bs=10k count=${FLOPPYSIZE} vnconfig -v -c ${VND} ${REALIMAGE} disklabel -w -r ${VND} ${FLOPPYTYPE} newfs -m 0 -o space -i 524288 -c 80 ${VND_RDEV} mount ${VND_DEV} ${MOUNT_POINT} cp ${BOOT} ${.OBJDIR}/boot strip -s -R .comment -K cngetc ${.OBJDIR}/boot dd if=${.OBJDIR}/boot of=${MOUNT_POINT}/boot bs=512 dd if=bsd.gz of=${MOUNT_POINT}/bsd bs=512 /usr/mdec/installboot -v ${MOUNT_POINT}/boot \ ${DESTDIR}/usr/mdec/biosboot ${VND_CRDEV} @echo @df -i ${MOUNT_POINT} @echo umount ${MOUNT_POINT} vnconfig -u ${VND} cp ${REALIMAGE} ${FS} rm ${REALIMAGE} DISKTYPE?= rdroot NBLKS?= 3800 # minfree, opt, b/i trks, sects, cpg NEWFSARGS= -m 0 -o space -c 16 -i 4096 bsd.gz: bsd.rd cp bsd.rd
Re: java on openbsd
Hi Marc, On Nov 14, 2006, at 5:27 PM, [EMAIL PROTECTED] wrote: ... I didn't try any linux 1.5/1.6 jdk, but perhaps you missed something for your linux emulation? read man compat_linux, perhaps it helps. the other options you have is having someone mail you the source on cd, or use kaffe (don't know how useful it is for your purposes). --knitti Thanks for your response. Kaffe won't work for me as it is missing a few feature s that I need (most notable swing support is not up to snuff yet). This is probably not what the poster meant. You really need to read the FAQ: http://www.openbsd.org/faq/faq8.html#Programming What your are looking for is Building the Sun JDK. The JDK requires a working Java 2 compiler as a bootstrap to build. For this purpose, since OpenBSD 4.0, the port of JDK 1.5 uses kaffe, which allows JDK 1.5 to be used on both i386 and amd64 platforms, and reduces the build time considerably. You only need kaffe to build SUN's JDK. It's all in the FAQ (and probably in the archives). @others: stop picking on SUN and Java. It's actually a nice language and going to be GPL software very soon, so I guess there will be an option for binary packages and other nice stuff soon. regards, Tobias
Re: java on openbsd
Hi list, hi Jacob, On Tuesday, 14. November 2006 19:35, Jacob Yocom-Piatt wrote: Java is a shitshow, it isn't a nice language. Stop defending Sun and their ridiculous licenses. The day Sun shows up as a real player in the open source world this could be justified. For now they are just another closed vendor. There's no other just another closed source vendor on this planet that has freed so much closed source like SUN. Solaris is going to be Open Source in the end, as will Java. This is official so stop fudding around. If you think the CDDL or the GPL are ridiculous licenses this is simply your problem. It works out fine for a majority of people, including me. Hey, if you can't comply with the GPL for personal reasons you wouldn't even be able to enjoy OpenBSD as it's still being built with a GNU toolchain. And regarding the language: Java runs on millions if not billions of devices. There's a reason for this and it's not just marketing. Anybody denying this is just plain ignorant - or stupid. Besides that, the language is easy to learn (and teach) and unlike most other languages, there's tons of high quality development tools that are user-friendly for non-UNIX-geeks and programming rookies. You don't get a cookie for trying or pretending. Well, ignorance - or stupidity for that matter - won't earn you points either ;-) don't you know you're not licensed to circulate compiled opinions about Sun source code? you're supposed to let everyone else click through the stupid menus, download source packages that are about as big as the openbsd install sets, adjust their ulimits, spend a lot of time compiling something that should be available as a package and THEN they can form a properly licensed opinion. Well Jake, that's luckily going to change soon, now that Java and its various components are going to be GPL software. You'll be able to redistribute in any form you like, given that you comply with the GPL terms and don't violate the Java trademark that SUN will still control. kind regards, Tobias W.
weird /etc/fstab problem
Hi everybody, I have setup an old Pentium with OpenBSD 3.9 to do some basic filtering and NAT at my parents place after a Smoothwall installation I did some two years ago got rooted recently. Everything works just fine, except I have a problem with mounting partitions from /etc/fstab that I don't understand. This is what my /etc/fstab looks like at the moment: /dev/wd0a / ffs ro 1 1 /dev/wd0g /home ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,noexec,nosuid 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0e /var ffs rw,nodev,noexec,nosuid 1 2 After I boot the machine, mount -v outputs this: /dev/wd0a on / type ffs (rw, local, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0g on /home type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0f on /tmp type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0d on /usr type ffs (rw, local, nodev, ctime=Sun Oct 29 11:04:57 2006) /dev/wd0e on /var type ffs (rw, local, nodev, noexec, nosuid, ctime=Sun Oct 29 11:04:57 2006) Why is / not mounted read-only? Is it because the system needs it to be writable during system startup? Do I have to remount it ro after booting? Thanks for your help, Tobias W.
Re: weird /etc/fstab problem
Hi, On Oct 29, 2006, at 12:27 PM, Stuart Henderson wrote: vi +/uw /etc/rc This is exactly what I was looking for. Thanks for the hint. I'll give it a try. regards, Tobias W.
Re: auditing when permissions are changed
Hi, On Thursday, 26. October 2006 23:07, ropers wrote: Hi, This is a sorta n00bish question, but I've just discovered that unlike what I've always assumed to be the case, changing a file's permissions doesn't touch its last modified time/date stamp. Is there any way to find out when a file's permissions were last modified? I'm using AIDE, it's in ports and there is a package. The newest version is 0.11, which I think is not yet in ports. kind regards, Tobias W.
Re: new tool: openportd
Hi, On Oct 22, 2006, at 4:41 PM, Steffen Wendzel wrote: this isn't correct. Every service had some security problems in the past. Imagin that your service X is vulnerable (only since a few h by a zero day exploit or so) and someone tries to exploit it at 2:00 in the morning. but if you run some port knocking service (and your attacker does not know the port combination/secrect key or even does not know about a running port knocking system, he can not attack your service. This is security by obscurity. if you only need the service for administration, you could do such a hiding of the service. you only would need to open the port by the portknocking service a few min while you use it to do some administration. The thing about running a port knocking service to protect or hide other services just adds another point of failure. Can you promise that this port knocking service which is running with root privileges, is not vulnerable to some overflow problem that could allow attackers to just send a knocking sequence that opens up the whole box?! No thanks. I'll stick with what I've got. If you're so worried about 0-day exploits for OpenBSD services then just jail these services you're running with systrace. With Linux you can use SELinux or AppArmor. The idea of port knocking is nice at first view but given the extra complexity it adds and the extra risk it's just not worth it, sorry. just my thoughts about this, Tobias W.
Re: How do I convert a man page to PS or PDF?
Hi, On Oct 20, 2006, at 10:53 PM, Steve B wrote: I'm leaving on vacation and wanted to have something to read on the plane and at the beach. How can I convert a couple of man pages into either PS or PDF so that I can print them? If you're talking about manpages from any OpenBSD release you can use the OpenBSD website to open them in a browser and print from the browser. The easiest solution to your specific situation I guess ;-) http://www.openbsd.org/cgi-bin/man.cgi regards, Tobias
Re: Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD 3.8 stable
Hi everybody, Darren has just become my hero of the day. Rebuilding OpenSSH like Darren described earlier works on my OpenBSD 3.8 box. No more problems. Happiness. thanks a lot Darren! regards, Tobias W.
Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD 3.8 stable
Hi everybody, I just patched OpenSSH on OpenBSD 3.8 and restarted OpenSSH. Now I can't login anymore using public/private key authentication. I get this on the client side: Enter passphrase for key '/Users/user/.ssh/id_dsa': Connection to host.xy closed by remote host. Connection to host.xy closed. The key seems to be alright (there have not been any changes to it), / var/log/authlog on the server says that OpenSSH accepts the key. There's no other stuff in there or in /var/log/messages that indicates any trouble. Any ideas? Right now, I have effectively locked myself out of my box. Luckily it's right in the next room... regards, Tobias W.
Re: /etc/motd SHA1 checksum keeps changing
Hi, On Oct 10, 2006, at 1:56 AM, Mathieu Sauve-Frankel wrote: did you read the man page ? $ man motd $ grep motd /etc/rc The manpage would have solved my question. Thanks! :-) I guess I didn't realise that there even was a manpage for /etc/motd. I should check first in the future... Thanks for your help. regards, Tobias
/etc/motd SHA1 checksum keeps changing
Hi everybody, I have a weird problem on a i386 box with OpenBSD 3.8. Im running the patch branch with the AIDE package installed. AIDE keeps reporting a change in the SHA1 checksum of /etc/motd. Even after I run a aide --update and use the updated database for future checks the checksum keeps changing. I didn't notice such a behavior in the past. I protect my AIDE database by putting it into an encrypted filesystem, that I only mount writable when I update the database. Any idea what is happening? The content of the file seems to be unchanged when I look at it. I did a thorough check of the system and didn't notice any funny stuff. A portscan from the outside doesn't reveal any additional open ports. In fact, the machine is not running any service other than OpenSSH and doesn't allow root logins via SSH. It has a tight pf ruleset. It gets patched as soon as new patches are released, there are almost no packages installed (pico, aide and dependencies). regards, Tobias
Re: Do mp3 concatenation programs exist?
Hi, On Saturday, 15. July 2006 21:24, z0mbix wrote: On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote: Hi misc@, I have a an original setup at home. I crontab logging on and off the Internet on a minutely basis, so that I aquire a new IP every minute. I do this for personal reasons and I like it this way. This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. It's pretty obvious he's trying to hide his true identity because of these mp3 activities on the Internet. If he's that paranoid about his probably illegal activities I don't understand why he talks about them in detail on a public mailing list... :-) At the same time I also stream mp3's from a radio station in Toronto. Since my IP changes every minute cheers, Tobias
Re: Voice-Chat Software (maybe even a Client wich works on openBSD? ;) ) ?
Hi, On Thursday, 13. July 2006 04:16, Sebastian Rother wrote: Hello everybody, I`m looking for a Voice-Chat/VoIP Solution. Requirements: Peoples with different OSs should be able to talk to each other (maybe even some little meetings). The peoples I know use mainly: Linux, OpenBSD, rare FreeBSD and Windows. I'd use open standards and Open Source software whereever possible. Don't go for Skype, Teamspeak... Probably a good solution would be the use of the SIP protocoll. There are many applications that support this. For OpenBSD I'd recommend KCall, which integrates with Kontact in KDE. I don't know if it's in the ports but it compiles fine on my i386 3.9 box if you compile it from source. Other SIP clients work fine also probably if you rather prefer something from the GNOME universe. You also need some server setup to route calls from the Internet to ordinary landlines. Asterisk is the way to go these days, I guess. If you don't want to setup your own server, you could investigate the use of the services of GMX, 11 and so on. kind regards, Tobias W.
Re: Partitions
Hi, So am I going overboard? or am I missing any good partions. I never understood why putting /tmp on its own partition is good when nobody notices /var/tmp. In addition to /tmp I always put /var/tmp on its own partition too, so that I can mount it with nodev,noexec,nosuid. I also try to split things up in a way that I can mount many things with the ro option where there should be no changes to the filesystems unless you perform an update, patch something etc. regards, Tobias W.
Re: public_html and apache chroot
Hi, On Jun 24, 2006, at 9:53 PM, n.v.t n.v.t wrote: Hello, I hope all of you are in best shape of health. I'm experiencing some problems with apache. I'm trying to enable Userdirs and keep the chroot. (root here) 1) mkdir /var/www/user/me 2) cd /var/www/user/me ; ln -s /var/www/user/me /home/me/ 3) modified my httpd.conf in /var/www/conf/ If you want to benefit from Apache chroot, then you certainly don't want to escape it with a symlink! :-) You have to put things into the chroot if Apache is supposed to read them. Apache can't follow smylinks out of the chroot if you run it within a chroot. That would Just create your home directories inside the chroot and you're fine. I suggest you read the FAQ: http://www.openbsd.org/faq/ faq10.html#httpdchroot and http://www.openbsd.org/cgi-bin/man.cgi? query=chrootsektion=2 ;-) kind regards, Tobias W.
Re: XF4 Patches (Again) :(
Hi, I asked exactly the same question a couple of weeks ago, by the time the patch was released. You should be able to find the answers to your question in the archives ;-) kind regards, Tobias W. On Jun 21, 2006, at 10:56 PM, Jack J. Woehr wrote: Okay, I read the threads on misc@ and I'm still confused. The XF4 patch (3_9.002) says: Apply by doing: cd /usr/src/XF4 patch -p0 002_xorg.patch The website (http://openbsd.org/anoncvs.html) says: # cd /usr # tar xzf XF4.tar.gz which puts XF4 in /usr/XF4 Should I make a link to X4 in /usr/src or just build in /usr/X4? Thanks (before I screw up my system).
Re: cruxports for OpenBSD
Hi, On Saturday, 17. June 2006 18:36, Deanna Phillips wrote: ... As I see it, this is an example of working _against_ a project instead of with and for it. A personal NIH syndrome, if you will. It's not just some Linux thing he put together that also works here. Look at his quote: package-manger for OpenBSD. and the hidden subtext: With -MY- name on it! I don't see any harm in what he does. Is he forcing you to use his software? No. So what's the harm? Why the hostility? And concerning the hidden subtext: isn't that part of the reason OpenBSD exists after all? I guess we would be using NetBSD instead then. I haven't taken a look at his software but in general I welcome any addition to the choices there already are. What I don't welcome is this hostile environment on this list. This is not the spirit I'm used to when getting involved with Open Source projects. It's his freedom to create things, it's his freedom to announce such stuff here. I can't understand the lack of respect. regards, Tobias W.
Re: they say openbsd is not as scalable as others
Hi, On Sunday, 28. May 2006 19:06, Matthias Kilian wrote: ... Oh, but comparing general performance of Linux vs. OpenBSD on a typical desktop/development PC, I *can* tell you that OpenBSD performs much better, especially when the machine does lots of IO in the background. A daring statement. On my office PC (running Gentoo Linux), an emerge-webrsync pushes the box into a nearly unusable state for 10 to 15 minutes. Incomparision, when I rsync /usr/{XF4,ports,src} within my home network from one machine to another, or just run cvs up on those trees, the system is still usable. So much about Linux and performance (sometimes I've the impression that Linux is only fast when idling). This statement is clearly ridiculous. This whole discussion is ridiculous and pointless. There is no such thing as Linux and there CERTAINLY is no such thing as Gentoo. Matthias, if /your/ Gentoo box is nearly unusable when you emerge-webrsync then *you* certainly suck at maintaining an Gentoo installation! :-) You really should consider running something else, maybe something with sane default settings and a decently compiled kernel, since obviously you don't know how to. Consider Debian, Ubuntu, Fedora, SuSE and the like. I'm running OpenBSD 3.9 release branch and OpenSuSE 10.1 in dualboot on the same 1400MHz Athlon, both with KDE 3.5.1. I haven't changed either kernel. Converting the same Audio CD into OGG/Vorbis coded files takes 80 seconds less running KAudioCreator in SuSE than it does running KAudioCreator in OpenBSD 3.9. And guess what: the drive SuSE has to write the finished files to is encrypted with AES256 which takes some additional CPU time. Both installations remain responsive while doing this. I'm pretty confident that if I'd change the SuSE kernel with a somewhat more experimental kernel like one of the MM series, SuSE would still gain a little bit. But anyway, who the f*ck cares about this? I didn't choose OpenBSD because I wanted the fastest, most performant system for desktop use! Then I'd probably installed FreeBSD instead of OpenBSD which comes with a better package/ports management, many more ports for desktop use and offers a great deal of what OpenBSD offers in other respects as well. I chose OpenBSD because of its small installation footprint, good documentation, stability (because heck, it's certainly the most stable OS I've ever used!), security and the chance to learn something useful. Trying to get into Linux development is nearly impossible because there is no common direction, every major company is trying to get their stuff into it no matter what and interfaces change from kernel release to kernel release. There is no strong link between kernel and userland and documentation is weak. And then there are the distributors. Ever compared a Mandriva kernel against the Vanilla one? Happy nightmares! It's hard to find a decent Linux distributor. Debian has always been a stable choice yet their release cycles are so darn f*cked up and they lack good people for a security response team (one person just isn't enough!). OpenBSD is a sane choice if you need stability and quality in general. If you plan to use OpenBSD for a product or other solution, then these two count more than the nebulous term scalability IMHO. well, these were my two cents, for what it's worth. kind regards, Tobias W.
Upgrading packages from ports question
Hi everybody, I'm getting familiar with ports at the moment since I restricted myself to using packages exclusively in the past. I have been skimming throught the FAQ and the manpages covering ports and the possible make targets. I have also read the chapter covering ports in Secure architectures with OpenBSD. There are some questions that I couldn't find the answers to, however. I have read about the out-of-date tool in /usr/ports/infrastructure/ build/ yet I coudn't find a manpage on the OpenBSD website or any other reference to it. What I'm after is something like this: I'm using DarwinPorts on an Apple Mac OS X machine. When I want to sync the tree I simply do a port sync and maybe a port selfupdate to update the DarwinPorts system itself. This would correspond to doing a CVS checkout or update. So far no problem :-) Now I'd do a port outdated to see what ports need upgrading. This corresponds to doing a ./infrastructure/build/out-of-date in /usr/ src. Still no problem. Now comes the tricky part. Using DarwinPorts I'd do a port upgrade installed to upgrade all installed ports. What would correspond to this in OpenBSD? Do I have to go after each individual port and its dependencies myself that gets mentioned by out-of-date like described in Secure architectures with OpenBSD? Brandon Palmer and Jose Nazario write that it would be easier to just upgrade an entire ports tree. How is this done? Let's say, out-of-date outputs a collection of 7 packages. How do I get rid of the 7 old installed packages, install the seven newer versions of those packages, including removing, rebuilding and installing all depending packages through ports in a convenient way like port upgrade installed? kind regards, Tobias W.
Re: basic questions regarding patching, errata and stable branch
Hi, On Monday, 22. May 2006 19:55, Ted Unangst wrote: I have read that mixing up checked out subsystems from CVS like src, ports and XF4 cannot be done across different branches without breaking the system at some time. Let's assume I don't want to spend the extra compile time and bandwidth following stable and I'll stick with the release and apply the patches. How does that leave me with ports? Is it safe to use a release, apply the errata and checkout/use the ports from CVS stable? If not, what alternative do I have? that's ok. you can't mix stable src and current ports, or other combos, but stable ports and errata patches are the same. OK, I have found it in the FAQ, though I have to admit this is hidden pretty deep: http://www.openbsd.org/faq/faq15.html#NoFun Because no intrusive changes are made in -stable, it is possible to use a -stable ports tree on a -release system, and vice versa. There is no need to update all your installed packages after applying a few errata patches to your system. This answers my question to the point! :-) Why is this hidden behind such a no giveaway question like I'm getting all kinds of crazy errors. I just can't seem to get this ports stuff working at all.?! This information should be sticked with information about the release branch, wouldn't you agree? thanks everybody, Tobias W.
basic questions regarding patching, errata and stable branch
Hi everybody, I am still trying to sort out some of the information on the OpenBSD website about how to follow a specific branch and what are the benefits of each method. I understood what STABLE, CURRENT and RELEASE are and how to follow them. I still have some difficulties figuring out what the difference between stable and release+applied errata is: Starting with 2.7, OpenBSD provides a source tree that contains important patches and fixes (i.e. those from the errata plus others which are obvious and simple, but do not deserve an errata entry) and makes it available via CVS in addition to the current source. from http://www.openbsd.org/stable.html So having a release and applying patches to it is not exactly the same as following the stable branch. How far are those methods apart? I have read that mixing up checked out subsystems from CVS like src, ports and XF4 cannot be done across different branches without breaking the system at some time. Let's assume I don't want to spend the extra compile time and bandwidth following stable and I'll stick with the release and apply the patches. How does that leave me with ports? Is it safe to use a release, apply the errata and checkout/use the ports from CVS stable? If not, what alternative do I have? Mixing and matching of patching solutions can be done if you understand how everything works, but new users should pick one method and stick with it. from http://www.openbsd.org/faq/faq10.html#Patches Is this what I was reffering at? I guess the best solution would be to follow stable but speaking honestly this seems like a lot of wasted bandwidth and CPU time for a few small changes at best? kind regards and thanks, Tobias W.
Re: XF4.tar.gz in /usr or /usr/src?
Hi, On Saturday, 20. May 2006 12:06, Joachim Schipper wrote: Ultimately, it doesn't matter where you keep X. My tree lives under /usr/src/XF4, with a symlink from /usr/XF4 just to be sure. I'm fairly certain both things work; the canonical way, though, is to put XF4 under /usr. I solved this out by reading the documentation on the OpenBSD website concerning rebuilding OpenBSD from source: http://www.openbsd.org/faq/faq5.html#Xbld First, I extracted XF4.tar.gz in /usr (like the OpenBSD FAQ suggests) and made a symbolic link in /usr/src similar to like you suggested (since this can't be bad). I then patched the source with the patch: Apply by doing: cd /usr/src/XF4 patch -p0 002_xorg.patch And then rebuild and install X: make build But instead of following the patch instructions to rebuild and install X which in my opinion just suck, I reread the FAQ from above and followed those instructions and everything worked out fine. * First I installed the tcl and tk packages. * Then, I followed this: # rm -rf /usr/Xbld # mkdir -p /usr/Xbld # cd /usr/Xbld # lndir ../XF4 [...lots of output...] # make build [...lots of output...] This is what the patch should have been including, not the really mistakable instructions, which suggest that the source is located in /usr/src/XF4 instead of /usr/XF4 (as described in the FAQ, which a user is probably going to follow) and that all that is required to build X is running make build. I'm going to mistrust the instructions from the patches from now on. The FAQ is the most valuable source of information I have found so far. kind regards, Tobias Weisserth
XF4.tar.gz in /usr or /usr/src?
Hi everybody, I hope this is the right place to post this. I was just installing my 3.9 release from the CDs Wim sent me (Thanks Wim!!) and right now I'm in the process of applying the errata patches. I have spent the last three hours reading the online documentation from the website when I stumbled across something I cannot explain as I read the instructions for the second errata (ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch). It reads: Apply by doing: cd /usr/src/XF4 patch -p0 002_xorg.patch And then rebuild and install X: make build This conflicts with what I did according to http://www.openbsd.org/ anoncvs.html: To extract the source tree from the CD to /usr/src (assuming the CD is mounted on /mnt): # cd /usr/src; tar xzf /mnt/src.tar.gz # cd /usr; tar xzf /mnt/XF4.tar.gz # tar xzf /mnt/ports.tar.gz I unpacked XF4.tar.gz in /usr like the web page suggests, but the patch assumes the XF4 sources are located in /usr/src. So I have no / usr/src/XF4 directory. I assume the patch instructions are correct and the web page is wrong? I just moved the XF4 directory into /usr/src and applied the instructions from the patch. It compiled for some time and just as I'm writing this it aborted with multiple error code 1 messages in the Makefile. I guess I misunderstood something here. Can anybody help me out please? I'm a little confused about this. Thanks. kind regards, Tobias W.