igc device does not work after install "Intel I225-V" rev 0x03: not enough msi-x vectors
I installed OpenBSD 7.5 on a new firewall appliance. I did not have any trouble setting up the network during the installation igc0 was detected and configured to use dhcp. The installer was able to download the installation sets and correctly set the time via NTP. After rebooting into the installed system, the igc devices are not listed in the ifconfig output. Dmesg shows the error "Intel I225-V" rev 0x03: not enough msi-x vectors I saw a similar message on misc@ but with no resolution. I am using a USB network adapter for now, ure0 I will try OpenBSD current to see if there are any new fixes. Full Dmesg OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8388227072 (7999MB) avail mem = 8112943104 (7737MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xeae90 (57 entries) bios0: vendor American Megatrends Inc. version "5.13" date 01/06/2022 bios0: Default string Default string acpi0 at bios0: ACPI 6.2 acpi0: sleep states S0 S3 S4 S5, can't enable ACPI mpbios0 at bios0: Intel MP Specification 1.4 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.49 MHz, 06-7a-08, patch 0024 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 19MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2.4.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.48 MHz, 06-7a-08, patch 0024 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.48 MHz, 06-7a-08, patch 0024 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.48 MHz, 06-7a-08, patch 0024 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu3: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 mpbios0: bus 0 is type PCI mpbios0: bus 1 is type PCI mpbios0: bus 2 is type PCI mpbios0: bus 3 is type PCI mpbios0: bus 4 is type PCI mpbios0: bus 5 is type PCI mpbios0: bus 6 is type PCI mpbios0: bus 7 is type ISA ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Gemini Lake Host" rev 0x06 inteldrm0 at pci0 dev 2 function 0 "Intel UHD Graphics 600" rev 0x06 drm0 at inteldrm0 inteldrm0: apic 1 int 19, GEMINILAKE, gen 9 azalia0 at pci0 dev 14 function 0 "Intel Gemini
Re: Awk split()/array bug in 7.5
On Thu, 30 May 2024 21:42:08 +0100, Jeff Penn wrote:
> I spotted the following issue, which is also present in FreeBSD.
>
> $ awk -V
> awk version 20240122
> $ awk 'BEGIN {split("A B C", ABC, " ");for (x in ABC) {print x}}'
> 2
> 3
> 1
This is not a bug. An awk associative array is effectively a hash
table so when you iterate over it like this you are not guaranteed
to get things in any particular order. In fact, our awk, mawk and
gawk all produce different output when given that snippet.
If you want consistent ordering you need to use the other form of
for() where you iterate over the array with keys in ascending (or
descending) order.
- todd
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On Mon, 15 Apr 2024 14:17:10 +0200, =?utf-8?B?0KHRgtGA0LDRhdC40ZrQsCDQoNCw0LTQu NGb?= wrote: > Just to clarify, this particular instance of this issue seems to be related t > o > terminfo. > > In general, as I stated earlier, the log message > > ... [program_name]: vfprintf %s NULL in "[format_string]" > > is output whenever NULL is passed to the *printf family of functions. That > could be vfprintf, but also printf, fprintf, sprintf... and so on and so fort > h. > The inconvenient part of this otherwise very useful mechanism of detecting > incorrect code is that there is no precise indication of the location in the > source code which is incorrectly written in this manner. It could be the > program itself, or it could be one of the libraries it uses, as is likely the > case here. The only clue is the format string in the message, which could be > not distinctive enough. I believe this is fixed by: CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2024/04/12 08:10:28 Modified files: lib/libcurses/tinfo: read_entry.c Log message: Avoid snprintf() of NULL when _nc_get_source() returns NULL. The filename buffer is not actually used in this case but it is safer to set it to the empty string than to leave it uninitialized. OK tb@
Re: OpenBSD 7.5 - relayd -> vaultwarden - websockets payload not working
It's certainly possible that some of the relayd hardening changes are to blame. Would you be able to rebuild relayd with some of those commits reverted to see if one of them is to blame? - todd
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
This thread is now closed, please don't try to continue it. - todd
Re: How to exit cu?
On Fri, 29 Mar 2024 12:35:18 +0800, Sadeep Madurange wrote: > I managed to get it working. I needed to press Enter, press ~ (and > release), then press Ctrl and D keys at the same time. Thank you. This is because the tilde escapes only work on the first character of a line. The same is true of ssh. - todd
Re: DMARC/DKIM and OpenBSD Mailinglists
On Fri, 22 Mar 2024 08:16:22 -, Stuart Henderson wrote: > I've got to say, I find the From rewrites less annoying than not > scrubbing MIME parts, though I'd prefer if Reply-To was set (to > list+sender, leaving any Mail-Followup-To in place). Many lists have > done this (often for all senders, not just those with published > DMARC policy) and, after a period of adjustment to get used to it, > it's not so bad. That's certainly possible and I think it would elininate the problem of not being able to easily reply to the sender. - todd
Re: replying to mailing list message after subscribing
On Fri, 15 Mar 2024 18:57:29 +0100, Evan Sherwood wrote: > Is that something you can do because you're a list administrator or > something? Still wondering if there is a way to do this without asking > someone to resend an email. Yes, it is something I can do because I'm a list administrator. - todd
Re: replying to mailing list message after subscribing
On Fri, 15 Mar 2024 18:19:28 +0100, Evan Sherwood wrote: > I sent a message to this list earlier from a ProtonMail account, and > none of the replies have arrived (not even in Junk), even though I see > there are replies via the web archive... so I don't have a message to > reply to. The mailing list does send you a copy of your own messages unless you disable the "selfcopy" flag (which you have not done). However, many email providers discard duplicate messages. This may include ones you have authored yourself if there is already a copy in your "sent" folder. I don't know about ProtoMail, but gmail does do this. If that is the case, you should be able to reply to the copy in your "sent" folder (or whatever they call it). > I've since subscribed to this mailing list on a different email account > where I can author messages on the command line instead of through a web > interface, but there have been no new replies on my original message > since I subscribed, so I still don't have a message to reply to. I just re-sent the original messages to your new address so you should now have a copy to reply to. - todd
Re: DMARC/DKIM and OpenBSD Mailinglists
On Wed, 13 Mar 2024 11:54:14 -0600, Todd C. Miller wrote: > I've just added support to our majordomo for rewriting the From: > header when the sender's domain has a DMARC policy. Messages from > domains using DMARC will now have a From: header like: > > From: "John Connor via misc" > > and the original From: address is preserved in the X-Original-From: > header if one is not already present. > > This seems like the only reliable way to address the problem given > that the mailing list server often reformats or otherwise modifies > the message body. I've disabled the From: rewriting for now after complaints that it makes things a lot less usable. We'll try preserving messages as sent instead, which means that text/html parts will now be passed through (sorry). - todd
Re: DMARC/DKIM and OpenBSD Mailinglists
I've just added support to our majordomo for rewriting the From: header when the sender's domain has a DMARC policy. Messages from domains using DMARC will now have a From: header like: From: "John Connor via misc" and the original From: address is preserved in the X-Original-From: header if one is not already present. This seems like the only reliable way to address the problem given that the mailing list server often reformats or otherwise modifies the message body. The rewriting currently happens even for a DMARC policy of "none" since some large senders (for example gmail.com) use a policy of "none" but receivers may still enforce SPF. I could relax this but I worry that doing so will lower the IP or domain "reputation" in Google's eyes (something that is already a black box). - todd
Re: files are going missing
On Mon, 11 Mar 2024 18:37:04 -, beecdadd...@danwin1210.de wrote: > sometimes, but I said other files are not deleted, files in same path > folder as the file that was deleted > so /tmp/folder/video got deleted, but /tmp/folder/jsonfile did not get > deleted > same with home directory I think > and with torrent there were about 3-4 other files about same size > > I told you there were other files in same folder, why still ask redundant > question? > > I didn't experience daily clearing of /tmp files and computer online > sometimes for days? The /etc/daily cron job removes files from /tmp that haven't been _accessed_ in 7 days. Empty directories in /tmp that haven't been _modified_ in over a day are also removed. This may explain why some files get removed and others do not. You can try commenting out the bits of /etc/daily after "Removing scratch and junk files" and see if that fixes your problem. - todd
Re: Problem sound
Make sure the device is not muted. https://man.openbsd.org/sndioctl.1 On Fri, Feb 2, 2024, 9:02 AM Manfred Koch wrote: > Hi all, > > I'm a newbie in openbsd. I use the xfce Desktop but without sound. I > have enabled sndiod_enable=YES > in /etc/rc.conf.local. Further I tried pulseaudio without success. > What's about dbus-daemon? > > Perhaps you can help me, to find a solution? > Are you knowing a mailinglist for newbies in openbsd? > > I would appreciate for any tips. > > Thank you > > Manfred Koch > >
Re: Asynchronous write()/send()?
On Tue, 23 Jan 2024 22:31:25 +, illegalcod...@proton.me wrote: > I'm writing a program that uses sockets, and am facing a problem where I thin > k some threads block on a send() forever. I thought I could solve this by usi > ng an asynchronous write, and setting a timeout, but I cannot find anything a > bout this on OpenBSD. Is this just not available? I installed the POSIX manpa > ges and I can see aio stuff there, but it tells me to include a header that g > cc and clang won't find. Apparently FreeBSD has aio_write(), but seemingly Op > enBSD doesn't. What are the alternatives? Is there really no way to do this? The normal way to do this is to mark the socket non-blocking, use something like poll(2) for the event loop and handle partial read/write appropriately. Many of the system daemons use libevent to help abstract this. - todd
Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir
On Wed, 17 Jan 2024 11:11:36 -0500, "Sven F." wrote: > well i tried anoncvs.spacehopper.org after the fail and then > anoncvs.comstyle.com > ( default one is in the trace, is "anon...@obsdacvs.cs.toronto.edu:/cvs" ) I can confirm the problem with obsdacvs.cs.toronto.edu but other servers are fine. So it does appear to be a problem on obsdacvs.cs.toronto.edu itself. - todd
Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir
That looks like a problem on the cvs server, not the client. What cvs server are you trying to checkout from? - todd
Re: unbound resolving 10.in-addr.arpa
On Thu, 14 Dec 2023 12:05:24 -0800, "Lyndon Nerenberg (VE7TFX/VE6BBM)" wrote: > I am trying to get unbound to serve up reverse DNS for our internal > 1918 address space. I have been going hammer and tongs at unbound.conf > to try to make it forward requests for '*.10.in-addr.arpa.' to our > two internal nameservers that are authoritative for the 10.in-addr.arpa > zone. You haven't said what you have tried so far, but unbound will ignore RFC 1918 PTR queries by default. You need to use things like: local-zone: "1.1.10.in-addr.arpa." transparent See the description of "transparent" in the unbound.conf manual for more info. - todd
Re: /var/unbound/db/root.key not world-readable, unbound fails to start
The mode on /var/unbound/db/root.key is influenced by the umask. If you restart unbound from a shell with umask set to 077, /var/unbound/db/root.key will be mode 0600. If the the umask is 022, the /var/unbound/db/root.key will be mode 0644. By default, /etc/login.conf has umask set to 022. Is it more restrictive on your system? - todd
Re: include leap-seconds.list?
On Fri, 17 Nov 2023 19:23:32 +0100, "Lorenz (xha)" wrote: > i am doing a port of the hare programming language[1] to OpenBSD and have > a question regarding the zoneinfo that is packaged with OpenBSD: can > leap-seconds.list be packged at /usr/share/zoneinfo/leap-seconds.list? > it is a requirement for the time part of the stdlib to work. > > [1]: https://harelang.org/ Yes, that should be possible. I'll need to update the Makefile to support this. - todd
Re: OpenBSD_one_site_web_hosting_software_recommendation
https://www.tiltedwindmillpress.com/product/httpd-and-relayd-mastery/ An older book, but it has detailed setup of php applications on OpenBSD On Thu, Nov 9, 2023 at 5:40 AM soko.tica wrote: > Hello, > > I have a task to launch from scratch one site web hosting google cloud > instance. > > I know OpenBSD does have httpd web server, but I couldn't have found > neither wordpress nor joomla software neither in packages nor in ports (7.4 > -stable). > > Is there a possibility to launch wordpress or joomla on such an instance on > OpenBSD? Which manpages should I read? > Thanks in advance, >
Re: Smtpd is not adding message-id
On Mon, 09 Oct 2023 19:32:50 +0200, Nicolas Goy wrote: > I am hitting this issue with some go based process that send emails: > > https://github.com/OpenSMTPD/OpenSMTPD/issues/1068 > > Basically the client is not putting any Message-Id header and smtpd is > not adding it when sending the email. > > Do you have an idea how to work around it? Or do I need to patch and > recompile smtpd? I just committed the fix but I don't think there is a workaround. You will need to patch and recompile smtpd. - todd
Re: Newbie question
On Thu, 05 Oct 2023 13:07:02 -0300, Ronny Machado wrote: > Every mail I post, Majordomo asks for a confirmation...Is this normal? > Am I doing something wrong??? Non-subscribers must confirm their posts. This has almost entirely removed spam from the lists. If you don't want to confirm each post, just subscribe to the list. You can disable message delivery in your majordomo settings if you don't actually want to receive any messages. - todd
Re: Update from 6.5 to 7.3
The minimum size for /usr has changed recently. If you used auto partitioning when you installed 6.5, /usr is probably too small for 7.3. On Fri, Sep 8, 2023 at 6:52 AM Zé Loff wrote: > On Fri, Sep 08, 2023 at 10:01:45AM +0200, Alessandro Baggi wrote: > > Hi list, > > I've a problem. I need to upgrade OpenBSD from 6.5 to 7.3 on an APU2D. > This > > is a firewall. > > The problem is that I cannot find older ISO of OpenBSD. Can someone > point me > > in the right direction? > > > > Thank you in advance. > > > > Considering this is a firewall I'm assuming it doesn't differ > significantly from a base install (network config, pf.conf, perhaps some > ssh keys, a couple of packages). If this is the case I'd much rather do > a fresh install and redo the changes. Unless you have a very complex > setup, it's much quicker to start from scratch than do eight upgrades in > a row. > > -- > > >
Re: Recognition Of My Wireless Network Device
Unfortunately, no OpenBSD driver for the Broadcom BCM4313 exists. The bwfm driver support Broadcom "FullMAC" chips but the BCM4313 is a "SoftMAC" chip and would need a different driver. There is a driver for this chip in Linux (brcmsmac) so it might be possible for someone to write an OpenBSD driver but this is no small undertaking. Your best bet may be to replace the onboard wireless with a card that is supported by OpenBSD. - todd
Re: program compiled with clang from base runs 4 times slower than compiled with gcc-11.2.0p6 from ports
Take a look at the clang-local man page, it documents the difference between the OpenBSD base clang and stock llvm. You can try disabling some of the options to find which one (or combination of options) is causing the slowdown. I would try building with -fno-stack-protector and -mno-retpoline first to see if either of those are the cause. - todd
Re: mail command - change "from address" for Charlie Root
On Sat, 06 May 2023 10:03:45 +1000, Nino Sidoti wrote: > I am trying to work out how to change the “From address” for when the daily o > utput reports are run. I want to use a real email address rather than the def > ault of Charlie Root “root@hostname”. > > I have tried to use a /root/.mailrc option and set the “from” address but thi > s seems to be ignored when the daily output reports are generated. That is probably because the root crontab sets HOME to /var/log. You might try creating a /var/log/.mailrc file (owned by root) and see if that works for you. If not, you might just edit /etc/daily and pass the -r option to mail to set the from address. - todd
Re: Can't login after upgrading to 7.3
On Tue, 11 Apr 2023 17:55:52 -0600, Nathan Gilbert wrote: > I seem to stuck in a double bind, my wm needs to be recompiled, but also my s > hell (fish) is not in /etc/shells now and I can’t log in on the text console > either (I changed my root users shell to fish too.) > > I may have to chalk this up to a learning experience lol. Sounds like you need to reboot into single user mode (-s at the boot prompt) and change root's shell back to /bin/ksh ;-) - todd
Re: gdb segfaults setting breakpoint on a Rust test
On Fri, 24 Mar 2023 13:10:08 -0600, "Luke A. Call" wrote: > Hi. When I run this on the binary of a test in my Rust > application, then run these commands in gdb, I get the following output > which ends with Segmentation Fault: The in-tree gdb is old, you should try the egdb package instead. - todd
Re: Fwd: snapshot sysupgrade, /pub/OpenBSD/7.3/packages/amd64/: no such dir
On Tue, 21 Mar 2023 17:22:09 +0100, u...@mailo.com wrote: > Did snapshot sysupgrade > > On reboot in tty0: > syspatch: Error retrieving https://mirror.ihost.md/pub/OpenBSD/7.3/packages/a > md64/SHA256.sig: 404 not found > > Issuing pkg_add -u: > https://mirror.ihost.md/pub/OpenBSD/7.3/packages/amd64/: no such dir You need to use "pkg_add -Dsnap" when using a snapshot that is close to release. That will force pkg_add to use, for example, https://mirror.ihost.md/pub/OpenBSD/snapshots/packages/amd64/ - todd
Re: disk integrity checking
On Wed, 22 Feb 2023 07:52:11 -0500, Nick Holland wrote: > So...I tried it against disks with mounted file systems and > softraid partitions on them. > > It...seems to work. I did have one laptop with a softraid > encrypted drive that gave a nice, clear "Input/output error", > but I can't reproduce it (maybe it got locked out? Seems > odd on a read, but ... Sounds like the read was successful on retry, which is certainly something that happens. However, there's no guarantee that what was eventually read is the _correct_ data. Without checksums you can't really tell. > Is this sane? is it safe to attempt to read all the blocks > on an entire 'c' partition of a disk that's doing "other > things" at the same time, including a layers of softraid? Just reading should be fine, it will simply slow down other operations. - todd
Re: scp to an unwritable filesystem - err msg
The problem is that the error message has to be transferred from the remote end and there are a limited number of status messages. These are defined by the (draft) RFC for the protocol. OpenSSH supports the following: SSH_FX_OK0 SSH_FX_EOF 1 SSH_FX_NO_SUCH_FILE 2 SSH_FX_PERMISSION_DENIED 3 SSH_FX_FAILURE 4 SSH_FX_BAD_MESSAGE 5 SSH_FX_NO_CONNECTION 6 SSH_FX_CONNECTION_LOST 7 SSH_FX_OP_UNSUPPORTED8 It looks like there are more status codes defined by the draft specification(s). For example: SSH_FX_WRITE_PROTECT 12 But that is not currently supported by OpenSSH. I don't know whether there is interest in supporting other sftp v3 error codes in OpenSSH. - todd
Re: crontab and /usr/local/{,s}bin
The default root crontab on OpenBSD sets a more limited PATH: PATH=/bin:/sbin:/usr/bin:/usr/sbin Perhaps that is what you are talking about? We might want to consider removing PATH from root's crontab and just use the value from login.conf. - todd
Re: crontab and /usr/local/{,s}bin
On Tue, 14 Feb 2023 23:45:29 +0100, "Thomas L." wrote:
> what is the reason that /usr/local/{,s}bin is not in PATH in crontab?
> this seems to be the case on all unix-like systems and it regularly
> bites people. sometimes someone says it's for security w/o being
> able to tell what is being prevented by this. or is it just some
> historic default noone bothered to change?
On OpenBSD, the path setting in the /etc/login.conf file determines
what the default PATH will be used for commands run via cron. By
default this is:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbi
n
If you have PATH set in the crontab file that will override the
default.
- todd
Re: Weirdness with du/df/my brain (latter more likely)
On Sun, 22 Jan 2023 21:06:29 +, Steve Fairhead wrote: > I was cloning a server with rsync in preparation for a major upgrade > (elderly OpenBSD to 7.2). I noticed that the home partition usage was a > good deal greater on the new machine than the old (as seen by df). > > After a lot of analysis, I found that all user folders (and all other > folders/partitions) were near-enough identical on both machines, except > for one - my boss's ;) . After more analysis, I found that it was his > Maildir (using dovecot) that was weird: > >- Old machine: 49 GB >- New machine: 188 GB > > Figures as measured with du -sk, which I realise is sector-oriented, but > still... And yes, my boss does a *lot* of email. > > After yet more testing, I did a recursive copy of the old 49 GB Maildir > to a spare folder on the same home partition on the old machine. This > came up, again, as 188 GB. You probably copied a large number of sparse files where the holes got expanded. If you use rsync with the -S flag (or use tar) you should end up with a similar disk usage on the new machine. > (FWIW, Windows via Samba reported "140 GB; size on disk 204 GB" for both > the original "49 GB" Maildir and the 188 GB copy.) That is because Windows is summing the file sizes which include the holes whereas du doesn't count the holes (since they take up no space on the disk). - todd
Re: smtpd.comf: '... reject "message"' fails
On Fri, 21 Oct 2022 15:58:54 -, Stuart Henderson wrote: > (For those that don't know, it seems that T-Online.de block incoming > email from most IPs by default and anyone wanting to send them mail > has to explicitly contact them to ask permissions, and they make you > jump through hoops before they'll grant that - see recent posts on > the mailop list for more. It is quite astonishing.) At least they provide a way to contact them, unlike Google which just rejects my mail with no way to contact a human being. - todd
Re: readpassphrase(3) buffer needs explicit_bzero(3) on error?
On Wed, 28 Sep 2022 15:49:08 +0200, Alejandro Colomar wrote: > I'd like to clarify if it's necessary to clear the buffer in the case > that the function failed. Most errors seem to be clearly triggered > before the first byte is written to the buffer: EINVAL, EIO, EMFILE, > ENFILE, ENOTTY. > > But there is one, EINTR, which is not clear if there was any data > written or not. I think this should be clarified, for such a sensitive > function. There is no way to know whether or not any data was written to the buffer before the signal was received. It is safest to assume that some data may have been written and use explicit_bzero() to clear the buffer. - todd
Re: whither struct __kvm?
On Fri, 09 Sep 2022 20:22:38 -0700, "Lyndon Nerenberg (VE7TFX/VE6BBM)" wrote: > The first declaration in is: > > typedef struct __kvm kvm_t; > > and yet 'grep -r __kvm /usr/include /sys' returns only the above > line. What am I missing? It is an opaque type that is only passed as a pointer to libkvm. The actual struct definition is in src/lib/libkvm/kvm_private.h but the definition is intentionally not in the public headers. - todd
Re: Relayd Questions
I just wanted to clarify, for relayd..
Is it possible to filter / loadbalance based on the SPI information of the
4 byte headers within ipsec?
https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload
*Security Parameters Index* (32 bits)Arbitrary value used (together with
the destination IP address) to identify the security association
<https://en.wikipedia.org/wiki/Security_association> of the receiving party
I could not find any information that relates specifically to ipsec traffic
Thanks Again.
On Sun, Aug 7, 2022 at 3:59 AM Stuart Henderson
wrote:
> On 2022-08-06, Todd Carpenter wrote:
> > Hi all,
> >
> > I've been trying to get relayd up and running on my configuration and
> had a
> > couple of questions I could not find answers for.
> >
> > As I understand it, relayd is capable of making a "protocol" where you
> > could essentially take connection details and call it whatever you like,
> > then create rules in pf via that protocol.
> >
> > for example, in mwl's relayd book he creates a "dns fix protocol"
> > relay dns {
> > listen on 203.0.113.213 port 53
> > forward to check tcp
> > protocol dnsfix
> > }
> >
> > questions:
> > how can I pass this to pf.conf and apply stickines to it to ensure that
> if
> > the protocol dnsfix was routed to server 52 on the back end.. that all
> > future requests are sent to server 52 and not server 17 (ie is this a
> > relayd.conf thing.. or a pf.conf thing)?
>
> Relays are userland TCP proxies done inside relayd. Configuring them
> is done in relayd.conf. See
>
> man relayd.conf | less "+/set the scheduling algorithm"
>
> > is it possible to have multiple ports and protocols wrapped into a new
> > protocol?
> > for example I need port 443 tcp, 10443 tcp, 8000 udp and 8001 tcp .. to
> be
> > treated as a single connection. Is a protocol even the right tool for
> the
> > job? If so, how do you add multiple ports? or does each rule need to be
> > seperate? (an example would be awesome)
>
> As a single protocol definition? You can't, you need separate ones.
>
> > Next question, in regards to the previous question. How would you apply a
> > stickiness state to ensure that all 4 ports from the same client are sent
> > to the same server?
>
> "mode source-hash" is probably the only option.
>
> > last question..
> > how do you decide what configuration should be placed in pf.conf vs
> > relayd.conf? and if your using an anchor like relayd .. in terms of pf,
> is
> > there 1 config or are they seperate?
> >
> > IE: if i have a in relayd.conf that defines {server1,2,3,4} do I
> > need the same table in my pf.conf file? or should I make the exact same
> > table with a unique name? or are the relayd.conf tables used as both an
> > anchor and expanded into the default pf.conf?
>
> For the main part relayd loads what it needs into PF under the anchor.
>
> If you're using _redirections_ with sticky-address and want that to persist
> across multiple connections then see "src.track" in pf.conf(5).
>
>
> --
> Please keep replies on the mailing list.
>
>
Re: Relayd Questions
thank you for your comments, I will dig into it.
cheers
Get Outlook for iOS<https://aka.ms/o0ukef>
From: owner-m...@openbsd.org on behalf of Stuart
Henderson
Sent: Sunday, August 7, 2022 3:56:16 AM
To: misc@openbsd.org
Subject: Re: Relayd Questions
On 2022-08-06, Todd Carpenter wrote:
> Hi all,
>
> I've been trying to get relayd up and running on my configuration and had a
> couple of questions I could not find answers for.
>
> As I understand it, relayd is capable of making a "protocol" where you
> could essentially take connection details and call it whatever you like,
> then create rules in pf via that protocol.
>
> for example, in mwl's relayd book he creates a "dns fix protocol"
> relay dns {
> listen on 203.0.113.213 port 53
> forward to check tcp
> protocol dnsfix
> }
>
> questions:
> how can I pass this to pf.conf and apply stickines to it to ensure that if
> the protocol dnsfix was routed to server 52 on the back end.. that all
> future requests are sent to server 52 and not server 17 (ie is this a
> relayd.conf thing.. or a pf.conf thing)?
Relays are userland TCP proxies done inside relayd. Configuring them
is done in relayd.conf. See
man relayd.conf | less "+/set the scheduling algorithm"
> is it possible to have multiple ports and protocols wrapped into a new
> protocol?
> for example I need port 443 tcp, 10443 tcp, 8000 udp and 8001 tcp .. to be
> treated as a single connection. Is a protocol even the right tool for the
> job? If so, how do you add multiple ports? or does each rule need to be
> seperate? (an example would be awesome)
As a single protocol definition? You can't, you need separate ones.
> Next question, in regards to the previous question. How would you apply a
> stickiness state to ensure that all 4 ports from the same client are sent
> to the same server?
"mode source-hash" is probably the only option.
> last question..
> how do you decide what configuration should be placed in pf.conf vs
> relayd.conf? and if your using an anchor like relayd .. in terms of pf, is
> there 1 config or are they seperate?
>
> IE: if i have a in relayd.conf that defines {server1,2,3,4} do I
> need the same table in my pf.conf file? or should I make the exact same
> table with a unique name? or are the relayd.conf tables used as both an
> anchor and expanded into the default pf.conf?
For the main part relayd loads what it needs into PF under the anchor.
If you're using _redirections_ with sticky-address and want that to persist
across multiple connections then see "src.track" in pf.conf(5).
--
Please keep replies on the mailing list.
Relayd Questions
Hi all,
I've been trying to get relayd up and running on my configuration and had a
couple of questions I could not find answers for.
As I understand it, relayd is capable of making a "protocol" where you
could essentially take connection details and call it whatever you like,
then create rules in pf via that protocol.
for example, in mwl's relayd book he creates a "dns fix protocol"
relay dns {
listen on 203.0.113.213 port 53
forward to check tcp
protocol dnsfix
}
questions:
how can I pass this to pf.conf and apply stickines to it to ensure that if
the protocol dnsfix was routed to server 52 on the back end.. that all
future requests are sent to server 52 and not server 17 (ie is this a
relayd.conf thing.. or a pf.conf thing)?
is it possible to have multiple ports and protocols wrapped into a new
protocol?
for example I need port 443 tcp, 10443 tcp, 8000 udp and 8001 tcp .. to be
treated as a single connection. Is a protocol even the right tool for the
job? If so, how do you add multiple ports? or does each rule need to be
seperate? (an example would be awesome)
Next question, in regards to the previous question. How would you apply a
stickiness state to ensure that all 4 ports from the same client are sent
to the same server?
last question..
how do you decide what configuration should be placed in pf.conf vs
relayd.conf? and if your using an anchor like relayd .. in terms of pf, is
there 1 config or are they seperate?
IE: if i have a in relayd.conf that defines {server1,2,3,4} do I
need the same table in my pf.conf file? or should I make the exact same
table with a unique name? or are the relayd.conf tables used as both an
anchor and expanded into the default pf.conf?
Apologies if my questions seem silly, I'm still kind of new to pf/openbsd.
Kind regards
Re: [Need help about bsd_auth.h/ question with Rust]
On Mon, 01 Aug 2022 17:20:30 +0200, Bilal Emohmadian wrote: > I'm a new user of OpenBSD, trying to port KDE5 > (Plasma/Workspace/KWin/KScreenLocker) with wayland v1.19.0 in /usr/ports/ > on OpenBSD 7.2-beta. > > . Can you explain how work the typedef struct authsession_t ? (Because i > can't find him on github repo T-T) > . That is because auth_session_t is an opaque type, you are not meant to modify it. Usually, all you need is something like a call to one of the simplified auth APIs like auth_userokay(). Take a look out how BSD auth is used in lock(1) and xlock(1). - todd
Re: serial console works only if system is booted from it
On Thu, 28 Jul 2022 15:11:58 -0500, Andrew Daugherity wrote: > This is probably worth a mention in the ttys(5) man page. It's one of > those things that once you've worked through it, you know, but it's > not at all obvious that HUP-ing init applies changes from every other > column but NOT any flags changes. I think the wording NetBSD has [1] > is decent: > "Nota Bene: Sending SIGHUP to init(8) does not change the state of the > various tty(4) device flags listed above; the ttyflags(8) program must > be run for changes in those flags to take effect on the devices." How does this look? I couldn't resist making some other minor tweaks while there. - todd Index: libexec/getty/ttys.5 === RCS file: /cvs/src/libexec/getty/ttys.5,v retrieving revision 1.13 diff -u -p -u -r1.13 ttys.5 --- libexec/getty/ttys.58 Feb 2020 01:09:57 - 1.13 +++ libexec/getty/ttys.529 Jul 2022 01:46:57 - @@ -1,4 +1,5 @@ .\"$OpenBSD: ttys.5,v 1.13 2020/02/08 01:09:57 jsg Exp $ +.\" .\" Copyright (c) 1985, 1991, 1993 .\"The Regents of the University of California. All rights reserved. .\" @@ -42,6 +43,7 @@ and control the use of terminal special This information is read with the .Xr getttyent 3 library routines. +.Pp There is one line in the .Nm file per special device file. @@ -54,24 +56,29 @@ are delimited by hash marks and newlines. Any unspecified fields will default to null. .Pp +Each line in +.Nm +is of the format: +.Dl tty command type flags +.Pp The first field is the name of the terminal special file as it is found in .Pa /dev . .Pp -The second field of the file is the command to execute for the line, +The second field is the command to execute for the line, usually .Xr getty 8 , which initializes and opens the line, setting the speed, waiting for a user name and executing the .Xr login 1 -program. +utility. It can be, however, any desired command, for example the start up for a window system terminal emulator or some other daemon process, and can contain multiple words if quoted. .Pp The third field is the type of terminal usually connected to that -TTY line, normally the one found in the -.Xr termcap 5 +tty line, normally the one found in the +.Xr terminfo 5 database file. The environment variable .Dv TERM @@ -87,7 +94,7 @@ entry (see or specify a window system process that .Xr init 8 will maintain for the terminal line. -The following is a list of permitted flags for each TTY: +The following is a list of permitted flags for each tty: .Bl -tag -width xxx .It Ar on Specify that @@ -98,7 +105,7 @@ The opposite of on. .It Ar secure If .Ar on -is also specified, allows users with a UID of 0 to log in on this line. +is also specified, allows users with a user ID of 0 to log in on this line. If set for the .Ar console entry, then @@ -130,11 +137,21 @@ will execute .Em before starting the command specified by the second field. .Pp -Changes to the ttys file take effect after it has been reloaded by +Changes to the +.Nm +file take effect after it has been reloaded by .Xr init 8 , which can be triggered by sending it a .Dv HUP signal. +Reloading the +.Nm +file does +.Em not +change the state of the device-specific terminal flags described above. +The +.Xr ttyflags 8 +utility can be used to set those flags. .Sh FILES .Bl -tag -width /etc/ttys -compact .It Pa /etc/ttys
Re: serial console works only if system is booted from it
On Sun, 24 Jul 2022 23:50:11 -0700, Kastus Shchuka wrote: > Apparently, restarting getty on tty00 was not enough. > After reboot, I got login prompt on tty00 line. Running "ttyflags -a" as root would probably also fix it without the need for a reboot. - todd
Re: Getting archived mailing list mail with majordomo
On Fri, 24 Jun 2022 12:43:56 -0400, Isaac Meerwarth wrote: > Is there an official repository for browsing mailing list archives? > marc.info seems reputable but unofficial. > > Unfortunately, there isn't currently a way to download the > > archives in mailbox format, which is probably what you want. > Luckily, I am young and can build a nice repository myself! You can access the archives from lists.openbsd.org as long as you are subscribed to the list (and thus have a password). https://lists.openbsd.org/cgi-bin/mj_wwwusr?user===lists-long-full=misc - todd
Re: Getting archived mailing list mail with majordomo
On Fri, 24 Jun 2022 12:18:46 -0400, Isaac Meerwarth wrote: > I've been trying to retrieve archived mailing list mail. I tried > sending "archive-get misc 101001" to majord...@openbsd.org but my > request is denied. > > I haven't found any remedies google-dorking marc.info. Ideally, I'd > like to download a full archive of misc and ports. Any ideas or solutions? This is disabled in majordomo because it doesn't act the way people expect. What that would do is to cause majordomo to re-send all the archived messages to you, one by one. That can quickly overwhelm the destination and get the mail server banned as a spam source. Unfortunately, there isn't currently a way to download the archives in mailbox format, which is probably what you want. - todd
Re: smtpd
On Wed, 08 Jun 2022 08:16:20 -0700, latin...@vcn.bc.ca wrote: > Hello misc > > Could somebody please tell me what cert is smtpd refering to? > > smtpd[11054]: 106b2cfae48c5616 mta cert-check result="unverified" This is probably a warning that the remote side of the connection is using a self-signed certificate. You should be able to tell which connection this is from by matching 106b2cfae48c5616 to other lines in /var/log/mail. For example, in my own maillog I see things like: smtpd[8486]: 09b3582e47599342 mta connecting address=smtp://142.250.138.27:25 host=142.250.138.27 smtpd[8486]: 09b3582e47599342 mta connected smtpd[8486]: 09b3582e47599342 mta tls ciphers=TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256 smtpd[8486]: 09b3582e47599342 mta cert-check result="unverified" smtpd[8486]: 09b3582e47599342 mta delivery evpid=5e4cf104b920fff4 from= to= rcpt=<-> source="10.1.1.1" relay="142.250.138.27 (142.250.138.27)" delay=4s result="Ok" stat="250 ok 1654617630 qp 52476" smtpd[8486]: 09b3582e47599342 mta disconnected reason=quit messages=1 I've changed the addresses in the log but you get the idead (gmail has a real certificate). - todd
Re: Cron running at 99% CPU for seemingly no reason
On Sun, 15 May 2022 16:02:03 +0200, Hrvoje Popovski wrote: > I know how to rebuild cron > > cd /usr/src/usr.sbin/cron/ > make obj && make depend && make && make install > > but i don't know how to enabled debug symbols .. Easiest would be to do: cd /usr/src/usr.sbin/cron/ make obj && make depend && make DEBUG=-g && make install - todd
Re: Cron running at 99% CPU for seemingly no reason
On Sun, 15 May 2022 14:29:28 +0200, Hrvoje Popovski wrote: > I'm seeing same as Stephan on few servers in lab. > I've killed cron and did ktrace -i cron. Is this ok? > In attachment you can find kdump -f ktrace.out output. That's very odd. It looks like cron parses root's crontab and then somehow gets into a cpu loop. I don't see how that can happen from code inspection. What would be most useful is to get a stack trace of cron when this occurs but that will require rebuilding cron from source with debug symbols. - todd
Re: disk space issue
I like ncdu when searching for what is using disk space. ncdu -x / https://openports.se/sysutils/ncdu On Wed, Feb 16, 2022 at 4:32 AM Lourens wrote: > Hello to Everyone, > > Thank you for your time and expertise. > > This is my first OpenBSD installation**so I am an obsd greenhorn, this > is 7.0 that has been kept up to date > * > * > My / has run out of disk space and I cannot see any perculiar content in > it and I am a little nervous to > mess with anything in /. > > > puffy7# sysctl hw.disknames > hw.disknames=sd0:51e8581cb33ae259,sd1:fe144bc22452a8e3 > > puffy7# disklabel -h sd0 > # /dev/rsd0c: > > 16 partitions: > #size offset fstype [fsize bsize cpg] >a: 1.0G 256 4.2BSD 2048 16384 12960 # / >b:16.1G 2097408swap # none >c: 3726.0G0 unused >d: 4.0G 35862752 4.2BSD 2048 16384 12960 # /tmp >e:35.7G 44251328 4.2BSD 2048 16384 12960 # /var >f: 6.0G119122016 4.2BSD 2048 16384 12960 # /usr >g: 1.0G131704928 4.2BSD 2048 16384 12960 # > /usr/X11R6 >h:20.0G133802080 4.2BSD 2048 16384 12960 # > /usr/local >i: 2.0G175745120 4.2BSD 2048 16384 12960 # > /usr/src >j: 6.0G179939424 4.2BSD 2048 16384 12960 # > /usr/obj >k: 300.0G192522368 4.2BSD 4096 32768 26062 # /home > > puffy7# cat /etc/fstab > 51e8581cb33ae259.b none swap sw > 51e8581cb33ae259.a / ffs rw 1 1 > 51e8581cb33ae259.k /home ffs rw,nodev,nosuid 1 2 > 51e8581cb33ae259.d /tmp ffs rw,nodev,nosuid 1 2 > 51e8581cb33ae259.f /usr ffs rw,nodev 1 2 > 51e8581cb33ae259.g /usr/X11R6 ffs rw,nodev 1 2 > 51e8581cb33ae259.h /usr/local ffs rw,wxallowed,nodev 1 2 > 51e8581cb33ae259.j /usr/obj ffs rw,nodev,nosuid 1 2 > 51e8581cb33ae259.i /usr/src ffs rw,nodev,nosuid 1 2 > 51e8581cb33ae259.e /var ffs rw,nodev,nosuid 1 2 > fe144bc22452a8e3.c /home/lourens/mnt/t1 ffs rw,nodev,nosuid 1 2 > > puffy7# df -h > Filesystem SizeUsed Avail Capacity Mounted on > /dev/sd0a 986M985M -48.2M 105%/ > /dev/sd0k 295G274G6.4G98%/home > /dev/sd0d 3.9G8.3M3.7G 0%/tmp > /dev/sd0f 5.8G1.1G4.4G20%/usr > /dev/sd0g 986M295M642M31%/usr/X11R6 > /dev/sd0h 19.4G6.3G 12.1G34%/usr/local > /dev/sd0j 5.8G2.0K5.5G 0%/usr/obj > /dev/sd0i 1.9G2.0K1.8G 0%/usr/src > /dev/sd0e 34.6G 64.2M 32.8G 0%/var > /dev/sd1c 902G507G350G59%/home/lourens/mnt/t1 > > puffy7# ls -lh > total 135564 > -rw-r--r-- 1 root wheel 578B Sep 30 22:00 .cshrc > -rw-r--r-- 1 root wheel 468B Sep 30 22:00 .profile > drwxr-xr-x 2 root wheel 512B Sep 30 22:00 altroot > drwxr-xr-x 2 root wheel 1.0K Sep 30 22:01 bin > -rw-r--r-- 1 root wheel 86.3K Dec 26 16:59 boot > -rwx-- 1 root wheel 20.7M Feb 16 05:40 bsd > -rwx-- 1 root wheel 20.7M Feb 15 06:19 bsd.booted > -rw--- 1 root wheel 4.0M Dec 26 16:58 bsd.rd > -rw--- 1 root wheel 20.6M Dec 26 16:58 bsd.sp > drwxr-xr-x 6 root wheel 19.5K Feb 16 05:39 dev > drwxr-xr-x 43 root wheel 2.0K Feb 16 05:40 etc > drwxr-xr-x 3 root wheel 512B Dec 26 16:59 home > drwxr-xr-x 3 root wheel 512B Feb 14 09:06 mnt > drwx-- 10 root wheel 512B Jan 20 18:19 root > drwxr-xr-x 2 root wheel 1.5K Dec 26 17:15 sbin > lrwxrwx--- 1 root wheel11B Sep 30 22:00 sys -> usr/src/sys > drwxrwxrwt 11 root wheel 1.0K Feb 16 09:57 tmp > drwxr-xr-x 16 root wheel 512B Dec 26 16:59 usr > drwxr-xr-x 23 root wheel 512B Sep 30 22:57 var > > > Any pointers to improving my knowledge and skill will be most welcome. > * > * > Awesome O/S, thank you to all involved in it. > > Lourens. > ** > * > * > >
Re: dmesg - cpu, smt, core, package
On Thu, 10 Feb 2022 08:46:37 +, Stuart Henderson wrote: > The numbers come from what's reported by the relevant CPUID instruction, > the only one actually used by OpenBSD is smt to disable all but one > thread in a core, otherwise they're just for information. > > I'm not sure the reason for the gaps in numbering on some AMDs, but the > documentation just talks about IDs and doesn't imply that they have to > be contiguous. (https://www.amd.com/system/files/TechDocs/24594.pdf > page 629). I'd guess that the gaps represent cores present on the chiplet that have been disabled. - todd
Re: What password manager do you recommend?
I use https://www.passwordstore.org/ pkg_add password-store On Fri, Jan 7, 2022 at 2:03 PM wrote: > Hello. I hope this these types of questions are okay for an mailing list.. > I completely understand if they are not.. > > There's password-store, but it does need some shitty dependencies.. > Then there's opm, but since it doesn't seem to be popular fuck-knows-who > if it's secure(ish).. > > If I were to use password-store, I'd have dmenu pipe in the query, then > just pipe the password to `xclip -i -selection clipboard` which is a > decent setup I guess.. > >
Re: type checking/signalling shell and utilities?
On Thu, 18 Nov 2021 01:30:25 +1100, Reuben ua =?UTF-8?B?QnLDrcSh?= wrote: > Does anyone know of any shell and utilities where, for example, if > > -rf > > is a file name, the rm utility will understand so, and not think it is > a controlling flag (ugh! in-band signalling)? One where an array of > strings can be past as a single argument? Etc? etc? This is why POSIX requires utilities to treat "--" as end of options. That way a script can run: rm -- $possibly_evil_pattern and not have things interpreted as options. But if you don't trust the input I sure hope this rm is not being run in a privileged context. - todd
Re: cron sh script fork
On Mon, 15 Nov 2021 20:13:01 +0300, misc@abrakadabra.systems wrote:
> [/opt/bin]$ cat check.sh
> #!/bin/sh
>
> _ret=$(ps aux | grep sleeploop.sh | grep -v grep | awk '{print $2}')
> test -z ${_ret} && /opt/bin/sleeploop.sh &
By default, ps uses 80 columns so the information is probably being
cut off. I'm guessing your interactive terminal is wider than 80
columns. You can add 'w' a few times to your ps options to extend
the width but you are much better off using pgrep for this.
- todd
Re: Can't figure out what's taking up space on /
On Wed, 04 Aug 2021 13:32:54 -0700, Greg Thomas wrote: > I'm at a loss, I booted in single user mode, ran fsck on /dev/sd0a and it > shows clean. I still have a large discrepancy between df and du. Did you verify that nothing was hiding under the mount points? For example, when booted in single user mode with only the root partition mounted the /tmp, /home, /var, /usr and /backup directories should be empty. - todd
Re: WireGuard host crashes roughly every week
On Thu, 29 Jul 2021 20:09:12 -0500, "Matt P." wrote: > I have an OpenBSD box that breaks after a week or so of running. All network > traffic stops reaching the box. If I look at the screen or serial output, I c > an get the "login:" prompt, and when I enter my name I get prompted for a pas > sword, but once I enter a password it hangs. Key presses and control codes st > ill show on the screen, but the login never succeeds or fails. I thought cont > rol-C might cause it to go back to the login prompt, but it doesn't. I have t > o hard reboot the box to get it back. This may be due to a memory leak. You could monitor the output of "netstat -m" and also "vmstat -m" and watch for memory use increasing over time. The number of mbufs in use reported by "netstat -m" should be relatively stable. - todd
Re: style.9 typos
You are expected to know that ^I (control-I) is the tab character. Using ^I instead of a literal tab character in the manual was supposed to make it clear that this is a tab and not a series of spaces but maybe it is not so obvious... - todd
Re: while do done
On Fri, 02 Jul 2021 14:16:20 +1000, Reuben ua =?UTF-8?Q?Br=C3=AD=C4=A1?= wrote: > you CAN interrupt > > while do sleep 0; done > > there is no need for exit, and it doesnt fix > > while do done > > or > > while :; do :; done > > if your shell needs something to not do. Actually, the following _can_ be interrupted: while :; do done while :; do :; done The only problem is: while do done which may not actually be valid syntax. I checked some other bourne/korn-like shells: dash: $ while do done sh: 1: Syntax error: "do" unexpected AT ksh: $ while do done ksh: syntax error: `do' unexpected bash: bash-5.1$ while do done bash: syntax error near unexpected token `do' zsh: % while do done [CPU loop like OpenBSD ksh] I think the proper fix here is to reject the empty while in OpenBSD's sh/ksh. - todd
Re: C style in OpenBSD
The reason to a style guide is not that one style is inherently better than another. It is because consistency makes the code easier to read for anyone familiar with that style. Part of that means using common idioms that are immediately recognizable by someone familiar with the style. This reduces the amount of time is takes someone to understand the code. We want to make the code easy to read, since time spent in maintenance is much greater than the time spent initially writing it. This means that being clever when writing code is a _bad_ thing if it reduces readability. There is plenty of use of the ternary operator in the OpenBSD code base but it tends to be used sparingly. Nesting the ternary operator must be done with care due to C's operator precedence. We've seen bugs in the past due to this. In other words, just because you can doesn't mean you should ;-) What one person finds clear and obvious may seem obfuscated to someone else. We try to use a consistent style so that everyone can read and understand the code once they are familiar with that style and common idioms. - todd
Re: Home Assistant
There is some guidance for installing Home Assistant on FreeBSD. Probably the most useful piece of the article is the init script that starts Home Assistant from a virtual env. I bet with minor tweaks, you could get this to work on OpenBSD. https://community.home-assistant.io/t/installation-of-home-assistant-on-your-freenas/195158 On Sat, May 8, 2021 at 1:12 PM pas...@pascallen.nl wrote: > Dear all, > > What would be the best way to install HASS on Openbsd? > Containers are a nogo? > > Run it in virtual env from python? > > Any Howto on the subject with Openbsd? > > > Currently I got it running as from the website with the "core" version. > But a startup script which runs with a non-root user is where I get > stuck. > > > > > -- > Met vriendelijke groet, > > Pascal Huisman > > > Fundamentally, there may be no basis for anything. > >
Re: PPPoE mtu overwrites/ignores
Note that pppoe caches the MTU value of the parent device (em0 in this case) so if you increased the MTU of em0 after pppoe0 has been configured it probably didn't have an effect. You can tell this is what happened by ifconfig failing with an invalid argument error. You can also check your kernel messages (dmesg) to see if there is an error like "No valid PPP-Max-Payload tag received in PADO". If you see this, then the ISP or telco's equipment probably doesn't support RFC 4638 and you can't do baby jumbos with pppoe. - todd
Re: Bufferbloat, FQ-CoDel, and performance
On Tue, 23 Feb 2021 11:29:00 +0100, Stefan Sperling wrote: > I've noticed a similar effect on a slower link (VDSL with 50 down/ 10 up). > In this case the VDSL modem presents an Ethernet switch, so there is no > pppoe or vlan involved in the box that runs pf. > > As soon as I enable this example given in pf.conf(5): > >queue outq on em0 bandwidth 9M max 9M flows 1024 qlimit 1024 \ > default > > I see only about 2 or 3 Mbit/s max upload during tcpbench. > Which is indeed quite a hit compared to 10M. That's odd. I haven't had any problems with a VDSL connection with 100 down / 11 up. My config is very similar to yours: queue outq on em2 flows 1024 bandwidth 10M max 10M qlimit 1024 default where em2 the underlying interface used by pppoe0. Without queueing I have major problems when utilizing the upstream bandwidth, probably due to dropped ACKs. - todd
Re: Shared memory segments are note removed after process exit
On Sat, 06 Feb 2021 01:43:09 +, Chris Narkiewicz wrote: > When I check ipcs, I see a lot of shm segments: > > # ipcs | grep _x11 | grep wc -l > 137 > > Both processes are dead at this stage, so I'm not sure why those shm > segments are not collected? This is expected behavior. Shared memory segments are not garbage collected when a process exits (or when the last reference to them is removed). They need to be explicitly removed, either by one of the processes that is using them or manually using ipcrm(1). - todd
Re: Best way to increase openfiles-max and -cur for NGINX/PHP?
On Sat, 16 Jan 2021 18:05:57 +0100, Unicorn wrote: > 2021/01/16 13:40:45 [alert] 68769#0: *1 socket() failed (24: Too many > open files) while connecting to upstream, client: 123.45.67.89, > server: cloud.mydomainhere.tld, request: "GET /core/preview?blah=1 > HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: > "cloud.mydomainhere.tld" Error 24 is EMFILE, too many open files for the process (not the system). > I am running a Nextcloud server with NGINX and PHP 7.3. Since OpenBSD > Is quite conservative with open file limits by default, I assume that > NGINX/PHP is running into this limit. > > I have already significantly increased 'kern.maxfiles' in sysctl.conf, > but the problem persists after a reboot, leading me to believe that it > is a login.conf limit that I am running into. That would only work if you were getting error 23, ENFILE which is the system limit. > Both PHP and NGINX are running as user 'www', which does not have a > login class. Since I have not been in this situation before and > struggled to find a pointer online, I'd be thankful if you could tell > me the "recommended" or "best practice" way of doing this. The recommended way to increase a limit is to add a new login class with the same name as the daemon. For example: nginx:\ :openfiles=4096:\ :tc=daemon: This will be used automatically by the rc.d startup script. See the rc.d man page for more details. - todd
Re: M2 SSD in a PCI-E adapter
On Fri, 08 Jan 2021 16:19:02 +0100, Jan Stary wrote: > I know the disk itself works: this is the disk plugged into > an M.2 slot in a Dell Latitude E5570 (full dmesg below): > sd0 at scsibus1 targ 0 lun 0: naa.5001b448b85325 > 30 > sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin That is not an NVME SSD, it is an M.2 SATA SSD. You need a different adaptor. - todd
Re: adding user to a group
On Fri, 08 Jan 2021 16:21:08 +0100, Rudolf Sykora wrote: > I tried to add myself to the "dialer" group: > > #usermod -G dialer ruda > > But when I write > > $groups > > in a terminal I still do not see the new group. Not even if I open a new logi > n > shell (by writing "ksh -l"). However, when I log in in a text console > (ctrl-alt-1), I see the new group there. Yes, group membership it set at login time. Running ksh as a login shell is not the same as actually logging in with a new session. > What is it that I have to do to have the membership updated, i.e., how > can I open e.g. a terminal in the running environment that would see my > new groups? You need to login in again. Logging in via ssh, a virtual console, X11 or running su will set the groups list. Setting groups is a privileged operation so simply starting a new shell or opening a new xterm is not sufficient. - todd
Re: Dissing Misks
On Tue, 22 Dec 2020 17:30:08 -0700, Duncan Patton a Campbell wrote: > I've added two identical 4TB disks to my system to set up a duald RAID. > > When I boot, they come up as > > sd2 at scsibus1 targ 2 lun 0: naa.50014ee268199 > 5d6 > sd2: 3815447MB, 512 bytes/sector, 7814037168 sectors > > and > > wd0 at pciide1 channel 0 drive 0: > wd0: 16-sector PIO, LBA48, 3815447MB, 7814037168 sectors > > One of these things is not like the other, and I've not located > how this distinction is made at boot time. You should check your BIOS settings and make sure all the SATA channels are configured to use AHCI and not legacy ATA. - todd
Re: httpd location statement
On Fri, 11 Dec 2020 09:54:43 +0200, Alexey Vatchenko wrote: > Sorry, still don’t understand how captures can help in this case. > In my understanding, it lacks "OR” to avoid duplicating identical > location blocks. Sorry, I misremembered. You are correct that lua patterns don't support alternation. - todd
Re: httpd location statement
On Thu, 10 Dec 2020 19:24:20 +0200, Alexey Vatchenko wrote:
> I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 OpenBSD’s htt
> pd.
> In my configuration I use Handler for .html, .htm, .css, .js and 4 more exten
> sions.
> I’ve found a way to configure it for one extension and it works great!
>
> location “*.html” {
> fastcgi {
> socket “/run/slowcgi.sock”
> param SCRIPT_FILENAME “/path/to/handler.pl"
> }
> }
Can't you just use lua-style patterns with "location match ..."?
See the CAPTURES section in pattern(7) for details.
- todd
Re: gcc: error trying to exec 'cc1': execvp: no such file or directory
On Thu, 19 Nov 2020 22:07:33 +, Roderick wrote: > g++, gcc and gcov in /bin are from Apr 13, 2019. The rest are from > Oct 5, 2020. That explains your problem. The upgrade would have removed any obsolete /usr/lib/gcc-lib/amd64-unknown-openbsd* directory which the old gcc binaries require. There should now be a /usr/lib/gcc-lib/amd64-unknown-openbsd6.8 directory for use by the updated gcc/g++ but for some reason you don't have those updated gcc binaries. Perhaps you ran out of space in /usr or some other problem prevented the sysupgrade from finishing. Nick's advice is good. There are obsolete file removal instructions in the Upgrade Guide, e.g. http://www.openbsd.org/faq/upgrade68.html#RmFiles http://www.openbsd.org/faq/upgrade67.html#RmFiles Once you have the obsolete files removed, do a manual upgrade from the 6.8 bsd.rd and it should fix things. - todd
Re: uvn_flush: WARNING: changes to page may be lost
On Wed, 11 Nov 2020 10:20:41 +0100, Jan Stary wrote: > This is current/amd64 on an APU2 (dmesg below). > It seems that after every sysupgrade, > there is a storm of messages like these: > > uvn_flush: obj=0x0, offset=0x7c2. error during pageout. > uvn_flush: WARNING: changes to page may be lost! > > They appear right after the booting sequence is finished, > and never appear again. This does not happen after a regular > reboot, only after sysupgrade's reboot. The logs of the last > three occasions follow. This happens when /usr/libexec/reorder_kernel runs and your /usr is full. If you have upgraded the system multiple times there is probably cruft in /usr you can remove such as old shared libraries and obsolete binaries. Your removal of /usr/X11R6 probably is what "fixes" it after sysupgrade. - todd
Re: Set environment variable for non-interactive shell
Typically, this kind of thing is done in /etc/login.conf. - todd
Following the upgrade to 6.8, sshguard is reporting that it fails to start
I have been using the sshguard package for the last several releases. Following the upgrade to 6.8, rcctl is reporting that sshguard fails to start. rcctl check sshguard sshguard(failed) Below is the relevant information I can think of to provide. Are there additional troubleshooting steps or other data that would help? I can see from the logs that sshguard is working. 2020 Oct 28 10:08:48: 192.168.10.10 (auth/notice) [sshguard] Attack from "52.187.117.17" on service SSH with danger 2. 2020 Oct 28 10:08:48: 192.168.10.10 (auth/notice) [sshguard] Attack from "52.187.117.17" on service SSH with danger 2. 2020 Oct 28 10:08:48: 192.168.10.10 (auth/notice) [sshguard] Attack from "213.32.22.189" on service SSH with danger 10. 2020 Oct 28 10:08:48: 192.168.10.10 (auth/warning) [sshguard] Blocking "213.32.22.189/32" forever (1 attacks in 0 secs, after 1 abuses over 0 secs.) And I can see the sshguard process is running apu# ps aux|grep sshguard root 76181 0.0 0.0 284 1248 p0 S+p12:44PM0:00.01 grep sshguard root 64083 0.0 0.0 732 760 00- Ip 12:22PM0:00.01 /bin/sh /usr/local/sbin/sshguard -l /var/log/authlog -a 5 -b 10:/var/db/sshguard/bla root 51935 0.0 0.0 732 652 00- Ip 12:22PM0:00.01 /bin/sh /usr/local/sbin/sshguard -l /var/log/authlog -a 5 -b 10:/var/db/sshguard/bla root 51242 0.0 0.4 11712 17876 00- Ip 12:22PM0:02.36 /usr/local/libexec/sshg-blocker -a 5 -b 10:/var/db/sshguard/blacklist.db -p 120 -s 1 The sshguard flags are (Employer's IP address redacted): apu$ rcctl get sshguard sshguard_class=daemon sshguard_flags=-l /var/log/authlog -a 5 -b 10:/var/db/sshguard/blacklist.db -w xxx.xxx.xxx.xxx sshguard_rtable=0 sshguard_timeout=30 sshguard_user=root I see on https://openports.se/security/sshguard that there was a version update from sshguard-2.3.1to sshguard-2.4.1 I've ran pkg_add -u to make sure I was not missing an update apu# pkg_info sshguard Information for inst:sshguard-2.4.1 apu# sshguard -v SSHGuard 2.4.1 /etc/sshguard.conf is unmodified from the package example apu# diff /etc/sshguard.conf /usr/local/share/examples/sshguard/sshguard.conf.sample apu# OpenBSD 6.8 (GENERIC.MP) #98: Sun Oct 4 18:13:26 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4259885056 (4062MB) avail mem = 4115726336 (3925MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xcfe8c020 (13 entries) bios0: vendor coreboot version "v4.12.0.1" date 05/29/2020 bios0: PC Engines apu2 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP SSDT MCFG TPM2 APIC HEST SSDT SSDT HPET acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH2(S3) UOH3(S3) UOH4(S3) UOH5(S3) UOH6(S3) XHC0(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-64 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD GX-412TC SOC, 998.14 MHz, 16-30-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD GX-412TC SOC, 998.14 MHz, 16-30-01 cpu2:
Re: filters in OpenBSD in printing
On Mon, 19 Oct 2020 21:19:26 -0600, "Raymond, David" wrote: > I tried putting a filter that drives an HP Deskjet printer (works with > lprng on linux) as an output filter in printcap and it didn't work. > Would it be more proper to put it as an input filter? I am still on > version 6.7 of the OS. (I saw a recent post indicating that changes > were made to the lpr system in 6.8.) Yes, an input filter should work. I used to have an HP printer years ago and I used the following printcap entries. Maybe it will give your a starting point. There is some info at http://www.linuxprinting.org/lpd-doc.html on using foomatic-rip with BSD lpd, which appears to be what I based this on. psc2410|psc2400|psc 2410|HP PSC 2410:\ :lp=/dev/ulpt0:lf=/var/log/lpd-errs:mx#0:sh:sf:\ :sd=/var/spool/output: # See http://www.linuxprinting.org/lpd-doc.html printer|lp|ps|PostScript|HP PSC 2410 (PostScript):\ :if=/usr/local/libexec/lpr/foomatic-rip:tc=psc2410:\ :af=/usr/local/share/ppd/HP-PSC_2400-hpijs.ppd:
Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3
Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3
Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3
Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3
Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3
Re: time_t
On Mon, 05 Oct 2020 15:16:24 -, Roderick wrote: > The result of time() has type time_t and we know what kind of number > goes there: seconds since 0 hours, 0 minutes, 0 seconds, January 1, > 1970, Coordinated Universal Time. 32-bit time_t rolls over at 03:14:07 on Tuesday, 19 January 2038. > In my FreeBSD running on a 64 bit processor this type is: int (__32_t). > It considers this size enough for above information. Are you sure about that? FreeBSD declares __time_t to be __int64_t on amd64. On FreeBSD/amd64 __int64_t is defined as a long. > In my OpenBSD running on a 32 bit processor this type is: long long > (__64_t). Correct. OpenBSD uses long long for int64_t on all architectures for consistency. Other OSes use long for int64_t on 64-bit systems. > None of both has an unsigned type, although time moves forward > (more or less fast!!!). time_t must be signed in order to represent times in the past. > Is there a reason for this discrepancy? Is there no standard for the > size of time_t? The POSIX standard does not really specify the size of time_t. Most (all?) 64-bit system use a 64-bit time_t. Some 32-bit systems use a 64-bit time_t too, in order to support times after 2038. OpenBSD is one of them. > And what does mean the types with __? I find it so confusing. :) It is to avoid namespace pollution. The underlying types need to be visible to other header files but unless you pull in the specific header file they are not visible in the main namespace. You can't really print a time_t via printf(3) without a cast. On OpenBSD we generally print it with %lld and cast the argument to long long. - todd
Re: Must disable /usr/libexec/security on backup disks
On Mon, 14 Sep 2020 13:40:03 +0200, Ingo Schwarze wrote: > I think that is an interesting idea. That would be the patch below. > Given that the function find_special_files() looks for SUID, SGID, > and device files, i suggest this logic: skip a mount point if any > of the following is true: > > - it does not have the "local" mount option > - or it has both the "nodev" and the "nosuid" mount options > > I don't think explicitly matching the parentheses is needed. > The code below is simpler and possibly even more robust. I like it. The other idea I had was to simply declare that mounts under a certain directory (such as /mnt) would not be checked, but I think this is a more elegant approach. - todd
Re: Must disable /usr/libexec/security on backup disks
On Sun, 13 Sep 2020 09:17:02 -, Rupert Gallagher wrote: > Since /usr/libexec/security runs blindly on every attached storage media, it > also runs on mounted tape and backup data volumes. It might be best to only check file systems listed in /etc/fstab that don't have noauto in the options field. - todd
Re: Troubleshooting rsync
On Fri, 04 Sep 2020 22:57:03 -0700, Greg Thomas wrote: > Hey all, I'm trying to use WSL on Windows 10 to backup to my OpenBSD server > running 6.7 release. It looks like Debian on WSL is using rsync version > 3.1.2. I tried both the rsync package and openrsync on OpenBSD with the > same results.Basically rsync never exits and when I use four Vs for > verbosity the last line is 'client_run waiting on..." rsync locally works > fine. Are you using WSL 1 or WSL 2? If possible, I'd suggest testing with WSL 2. You can convert between WSL 1 and 2 pretty easily. - todd
Re: Can I boot without GPU ("headless")?
On Mon, 31 Aug 2020 15:49:24 +0200, Zeljko Jovanovic wrote: > But wasn't the conclusion of this discussion that you can just buy > one, connect it to computer only for booting, and then disconnect > it and use on another one? He needs to be able to enter the encryption key at boot time. Opening up the case and temporarily installing the motherboard serial cable doesn't seem like a good solution. > Somebody mentioned serial ports not being "hot-plugable". This is > not a concern here, as the serial port is built into chipset and > remains there - you are just moving the connector. > > The connector/adapter you need is something like this: > http://www.kelco.rs/katalog/detalji.php?ID=19753 , but as somebody > else wrote, the pinout is only informally "standardized", so it is > best to check it in advance. You can also find these cheaply direct from china. I saw ones for $2.35US/each shipped at AliExpress, cheaper options probably exist. You do need to be mindful of the distance from the pins on the motherboard to the slot you are using, some of those cables are quite short. > Alternatively, instead of buying it, you can find such bracket > (usually with one DB-9 and one DB-25 port) on old (very old!) PCs. > I found mine many years ago in some old 486 waiting to be recycled. Yes, this was fairly common in pre-ATX machines. I have a few harvested from old machines before I recycled them. - todd
Re: mfs reported full, but empty
On Wed, 19 Aug 2020 23:47:57 +0200, Vincent wrote: > After several days, I have to reboot my machine because of mfs full. This is > not the first time. > I have few mfs on this machine, but I observe that this is always a full > filesystem on /tmp after +40 days of uptime. > But on other mfs, I have very low filesystem activity. It is possible for a process to have a file open that doesn't have a directory entry. This can happen when a process opens a file, unlinks it, and continues to write to it. You can use the fstat utility to see what processes have files open on a file system. E.g. $ fstat -f /tmp This won't tell you how big those unlinked files are, but it will give you a list of suspects. You can restart them and see which one releases the space. - todd
Re: Tunefs(8)
On Mon, 10 Aug 2020 16:05:12 -, Rupert Gallagher wrote: > Omit the last line of the manual, because there is no need for it. It's a play on the old joke: What's the difference between a piano and a fish? You can tune a piano, but you can't tuna fish! No one would dare remove the line in tunefs(8) due to the curse listed in the man page source: .\" Take this out and a Unix Demon will dog your steps from now until .\" the time_t's wrap around. You can tune a file system, but you can't tune a fish. - todd
Re: Rsync is too slow
On Thu, 30 Jul 2020 13:37:39 -0700, Chris Cappuccio wrote: > Rupert Gallagher [r...@protonmail.com] wrote: > > No, I am not using USB. > > your dmesg didn't make it to the list because you are attaching a text file > and attachments are not allowed on misc. Actually, these days they are allowed. I didn't have any problem reading the attached dmesg. - todd
Re: ksh very slow compared to bash when running ghostscript's ./configure script
On Wed, 22 Jul 2020 18:38:42 +0200, Theo Buehler wrote: > Likely glob. Many glob implementations were found to suffer from > complexity issues: https://research.swtch.com/glob > > The glob(3) in libc was fixed > https://github.com/openbsd/src/commit/5c36dd0c22429e7b00ed5df80ed1383807532b5 > 9 > but ksh's builtin glog still has the issue. At the very least we should collapse consecutive stars. This is a separate issue from making gmatch() iterative. - todd Index: bin/ksh/misc.c === RCS file: /cvs/src/bin/ksh/misc.c,v retrieving revision 1.74 diff -u -p -u -r1.74 misc.c --- bin/ksh/misc.c 7 Jul 2020 10:33:58 - 1.74 +++ bin/ksh/misc.c 22 Jul 2020 19:08:20 - @@ -615,6 +615,9 @@ do_gmatch(const unsigned char *s, const break; case '*': + /* collapse consecutive stars */ + while (ISMAGIC(p[0]) && p[1] == '*') + p += 2; if (p == pe) return 1; s--;
Re: OpenSMTPd stops after connection errors
Yes, smtpd should not die in this case. Can you share the nmap command and script you are running? I tried the following and it worked as expected: nmap -sV -Pn -p 25,587 --version-intensity 8 --script ssl-enum-ciphers \ servername The server did not exit and nmap returned the list of ciphers as expected. The log message: smtpd: process pony socket closed makes it sound like the smtpd pony express process crashed. - todd
Re: awk segfaults on RS regexp
On Mon, 13 Jul 2020 13:02:44 +0200, Jan Stary wrote:
> This is current/amd64.
>
> On UTF input, awk segfaults when using a multi-character RS:
>
> $ cat /tmp/in
> č
>
> $ hexdump -C /tmp/in
> c4 8d 0a|...|
> 0003
>
> $ cat /tmp/in | awk '{print$1}'
> č
>
> $ cat /tmp/in | awk -v RS=x '{print$1}'
> č
>
> $ cat /tmp/in | awk -v RS=xy '{print$1}'
> Segmentation fault (core dumped)
Nice catch. The actual bug is caused by using a signed char as an
index into an array, resulting in a negative index. Once debugged,
the fix is simple.
- todd
diff --git a/b.c b/b.c
index c167b50..f7fbc0e 100644
--- a/b.c
+++ b/b.c
@@ -684,7 +684,7 @@ bool fnematch(fa *pfa, FILE *f, char **pbuf, int *pbufsize,
int quantum)
FATAL("stream '%.30s...' too
long", buf);
buf[k++] = (c = getc(f)) != EOF ? c : 0;
}
- c = buf[j];
+ c = (unsigned char)buf[j];
/* assert(c < NCHARS); */
if ((ns = pfa->gototab[s][c]) != 0)
Re: ls -R bug?
On Sat, 04 Jul 2020 20:59:08 +0200, Richard Ipsum wrote:
> Output of ls -R between OpenBSD and GNU coreutils seems to differ,
> OpenBSD ls -R will apparently list "hidden" directories like .git,
> whereas GNU coreutils will not, is this expected behaviour or a bug?
I think this is actually a bug. Historic behavior is to not descend
into directories that begin with a '.'. Our existing ls code looks
like it is written to support that behavior but is missing one
thing.
- todd
Index: bin/ls/ls.c
===
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.51
diff -u -p -u -r1.51 ls.c
--- bin/ls/ls.c 13 Sep 2018 15:23:32 - 1.51
+++ bin/ls/ls.c 4 Jul 2020 20:13:39 -
@@ -369,8 +369,11 @@ traverse(int argc, char *argv[], int opt
switch (p->fts_info) {
case FTS_D:
if (p->fts_name[0] == '.' &&
- p->fts_level != FTS_ROOTLEVEL && !f_listdot)
+ p->fts_level != FTS_ROOTLEVEL && !f_listdot) {
+ if (fts_set(ftsp, p, FTS_SKIP))
+ err(1, "%s", p->fts_path);
break;
+ }
/*
* If already output something, put out a newline as
Re: OpenBSD Readonly File System
On Sat, 13 Jun 2020 12:12:05 -0400, Nick Holland wrote: > On 2020-06-11 12:07, Strahil Nikolov wrote: > > I always thought that 'sync' mount option is enough to avoid > > corruption of the FS. Am I just "fooling" myself ? > > As "sync" is the default...yes, I think you are. Actually, by default only metadata is written synchronously. The "sync" mount option causes data to be written synchronously too. Of course, the disk *itself* has a cache so even with synchronous writes you can't be sure the data has actually made it to the platter. So yes, I agree that sync mounts are not really enough to help here. You are probably correct that softdep is better for this kind of thing since it does a better job of keeping the filesystem in a consistent state, at the cost of missing data when there is an unclean shutdown. In theory, the on-device cache can still cause issues when you lose power though. - todd
Re: Potential awk bug?
On Sun, 07 Jun 2020 17:02:03 -0700, Jordan Geoghegan wrote: > Thanks for the quick response. I certainly wasn't expecting to find an > ancient bug like this. Should I be reporting this bug upstream, or are > you planning on upstreaming a diff? I've created a pull request to fix this upstream: https://github.com/onetrueawk/awk/pull/80 - todd
Re: Potential awk bug?
On Sat, 06 Jun 2020 18:16:39 -0900, Philip Guenther wrote: > Todd, are we up to date with upstream, or is this latent there too? We are not up to date but upstream (https://github.com/onetrueawk/awk) exhibits the same bug. - todd
Re: late pppoe address
On Sat, 06 Jun 2020 19:14:28 +0200, Jan Stary wrote: > Is the aim to let the ISP know that the iface is down, > so that it gets set up afresh on boot, as opposed to > waiting for some PPP keep-alive timeout? Basically. It is to work around an issue where the pppoe ethernet interface goes down during reboot before the pppoe disconnect message can be sent to the ISP. I'm not sure it is needed anymore, though I still have it in my own rc.shutdown file. - todd
Re: timegm()
On Wed, 22 Apr 2020 21:21:28 -0600, "Todd C. Miller" wrote: > That's fine with me. Those interfaces appeared in SunOS 4.0 according > to tzcode (which is where we got them from). They did *not* originate > in NetBSD. I've verified that they were present in SunOS 4.1.3U1, > though that code appears to be derived from tzcode too. Bit Savers has scans of the SunOS 4.0 print manuals which includes a hard-copy of the man pages. Here you can see that timegm() and timelocal() were present in SunOS in 1987: archive.org/details/bitsavers_sunsunos4.erenceManual198805_78292584/page/n823/mode/2up However, they are not present in SunOS 3.5. You can see the list of library functions from intro(3) which includes gmtime(3) and localtime(3) but not their inverses: https://archive.org/details/bitsavers_sunsunos3.eManualInsertionPagesforRelease3.5198711_7929431/page/n145/mode/2up So I think it is safe to say that those interfaces originated in SunOS 4.0 and not an earlier version. - todd
Re: timegm()
On Thu, 23 Apr 2020 04:21:42 +0200, Ingo Schwarze wrote: > Calling timelocal(3) deprecated makes sense to me because it is > nothing but a trivial wrapper around mktime(3), and the latter > is standardized, while timelocal(3) is not. > > But i don't quite see why timegm(3) should be marked as deprecated: > sure it was never standardized, but i don't see a better portable > way to achieve the same. > > Consequently, i suggest dropping millert's deprecation notice > from timegm(3) and instead adding the missing STANDARDS and > HISTORY sections. That's fine with me. Those interfaces appeared in SunOS 4.0 according to tzcode (which is where we got them from). They did *not* originate in NetBSD. I've verified that they were present in SunOS 4.1.3U1, though that code appears to be derived from tzcode too. I would suggest that the HISTORY section be updated accordingly if you feel the need to document their origin. If you look at the 4.4BSD ctime.c you'll see that Keith actually removed timegm() after updating it from tzcode. D 5.16 89/03/16 20:34:41 bostic 22 21 remove offtime, timegm, timeoff D 5.15 89/03/12 16:32:29 bostic 21 20 latest Olson/Harris time package The reason they were marked as deprecated is that tzcode has a comment that "These functions may well disappear in future releases of the time conversion package". However, that hasn't happened in at least 30 years so it seems likely that they are here to stay... Note that we also provide timeoff() but don't document it. - todd
Re: chattr on OpenBSD???
On Fri, 17 Apr 2020 15:27:33 -0600, "Raymond, David" wrote: > Hmm... Why would I want e2fsprogs on OpenBSD??? Oh, I see, > libreoffice drags it in. One more thing I wish I could dispense with. A bunch of ports pull it in for its uuid code. - todd
Re: chattr on OpenBSD???
On Fri, 17 Apr 2020 09:11:15 -0600, "Raymond, David" wrote: > I noticed that chattr exists on OpenBSD. The man page says it applies > to Linux file systems (ext* etc). Two questions: > > 1. Does this also apply to OpenBSD's fast file system? (The man page > would suggest not.) No. > 2. If not, is it of any use on OpenBSD? Not unless you are using one of the Linux ext* file systems on OpenBSD. For native OpenBSD file systems you can use the BSD chflags(8) command. - todd
Re: Compiler warning in ctype.h
On Thu, 05 Mar 2020 16:07:48 +0100, Thomas de Grivel wrote: > Actually I see the same problem on 6.6-stable : > including readline/readline.h produces warnings. > > Any -Werror hope some day ? You still haven't bothered to include: 1) the compiler you are using 2) the compiler flags to reproduce the problem 3) a sample program to reproduce the problem The _l parameter in those inline functions already has the __unused__ attribute set which is supposed to suppress those warnings. I can't reproduce this using clang (base or ports) or gcc (base or ports) using -Wall, -Wextra and -Wunused-parameter. But since you haven't provided any details, we just have to guess at what you are doing. - todd
Re: OpenBSD PPPOE
On Mon, 20 Jan 2020 22:42:51 -0700, peterwkc wrote: > /etc/hostname.pppoe0 > pppoedev fxp0 authproto pap authname "" authkey "" up > dest 0.0.0.1 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > > Not able to get a connection. What wrong with it? Try using authproto chap instead of pap and see if that makes a difference. I doubt there are many ISPs still using PAP with PPPoE due to its weaknesses so we may want to update the example in the manual page. - todd
