Re: doas tab completion

[Jason McIntyre]

On Tue, Jul 30, 2024 at 12:42:04AM +0200, Alexander Hall wrote:
> In this specific case, I believe
> 
> $ alias doas='doas ' # Note the space
> 
> might have done the trick as well, for ksh at least. 
> 
> /Alexander
> 

is that correct? as far as i know, adding a space after an alias is used
to get the shell to expand the next item as an alias as well, not
shell/tab expansion.

jmc

> On July 29, 2024 7:30:57 PM GMT+02:00, Robert Palm  
> wrote:
> >Thanks a lot for sharing all this great solutions!
> >
> >Am 29. Juli 2024, 17:37, um 17:37, Stuart Henderson 
> > schrieb:
> >>On 2024-07-29, Robert Palm  wrote:
> >>>
> >>> Hi,
> >>>
> >>> wonder how I can get TAB completion in the shell when using doas ...
> >>>
> >>> Do I need to add something to .profile ?
> >>
> >>pkg_add dmenu, then you can add this:
> >>
> >>set -A complete_doas `dmenu_path`
> >>
> >>(note it will not update automatically if a new program is installed;
> >>either restart the shell, or re-run the 'set' command)
> >
> 

Re: doas tab completion

[Alexander Hall]

In this specific case, I believe

$ alias doas='doas ' # Note the space

might have done the trick as well, for ksh at least. 

/Alexander

On July 29, 2024 7:30:57 PM GMT+02:00, Robert Palm  
wrote:
>Thanks a lot for sharing all this great solutions!
>
>Am 29. Juli 2024, 17:37, um 17:37, Stuart Henderson 
> schrieb:
>>On 2024-07-29, Robert Palm  wrote:
>>>
>>> Hi,
>>>
>>> wonder how I can get TAB completion in the shell when using doas ...
>>>
>>> Do I need to add something to .profile ?
>>
>>pkg_add dmenu, then you can add this:
>>
>>set -A complete_doas `dmenu_path`
>>
>>(note it will not update automatically if a new program is installed;
>>either restart the shell, or re-run the 'set' command)
>

Re: doas tab completion

[Robert Palm]

Thanks a lot for sharing all this great solutions!

Am 29. Juli 2024, 17:37, um 17:37, Stuart Henderson  
schrieb:
>On 2024-07-29, Robert Palm  wrote:
>>
>> Hi,
>>
>> wonder how I can get TAB completion in the shell when using doas ...
>>
>> Do I need to add something to .profile ?
>
>pkg_add dmenu, then you can add this:
>
>set -A complete_doas `dmenu_path`
>
>(note it will not update automatically if a new program is installed;
>either restart the shell, or re-run the 'set' command)

Re: doas tab completion

[Stuart Henderson]

On 2024-07-29, Robert Palm  wrote:
>
> Hi,
>
> wonder how I can get TAB completion in the shell when using doas ...
>
> Do I need to add something to .profile ?

pkg_add dmenu, then you can add this:

set -A complete_doas `dmenu_path`

(note it will not update automatically if a new program is installed;
either restart the shell, or re-run the 'set' command)

Re: doas tab completion

[Florian Obser]

On 2024-07-29 12:05 +02, Jan Stary  wrote:
> On Jul 29 11:44:32, develo...@robert-palm.de wrote:
>> complete -cf doas
>> 
>> but I cannot figure out how to do this for ksh.
>> 

in .kshrc:

set -A complete_doas_1 -- $(ls /sbin /usr/sbin /bin /usr/bin /usr/X11R6/bin \
/usr/local/sbin /usr/local/bin)

> Why stop here? It would be "nice" if tab-completion would complete
> the hostnames from ~/.ssh/known_hosts when you have already said 'ssh';

again, in .kshrc:

HOST_LIST=`awk '{print $1}' < ~/.ssh/known_hosts | cut -f 1 -d, \
| egrep -v '^[[:digit:]]|^$|\:\:' | sort -u`

set -A complete_ssh -- ${HOST_LIST}
set -A complete_ping -- ${HOST_LIST}
set -A complete_ping6 -- ${HOST_LIST}
set -A complete_traceroute -- ${HOST_LIST}
set -A complete_traceroute6 -- ${HOST_LIST}

-- 
In my defence, I have been left unsupervised.

Re: doas tab completion

[Robert Palm]

Quoting Marcus MERIGHI :


Hello Robert,

develo...@robert-palm.de (Robert Palm), 2024.07.29 (Mon) 09:47 (CEST):

wonder how I can get TAB completion in the shell when using doas ...
Do I need to add something to .profile ?


as I understand your other messages in this thread you are looking for a
solution for ksh(1).

What you are looking for is "set -A" (or set +A).

Example from my .kshrc:

set -A complete_ifstat_1 -- iwm0 em0 ure0 athn0 umb0 wg7
set -A complete_ifstat_2 -- up down

But, unless you are running a very short list of commands with doas, this
will become a fairly long list.

Marcus


Hi Marcus!

Many thanks for your suggestion. You nailed it :)

Included now as a starter

set -A complete_doas_1 -- sysupgrade pkg_add

After reloading with . ~/.kshrc it does exactly what I wanted.

Cool.

Re: doas tab completion

[Marcus MERIGHI]

Hello Robert, 

develo...@robert-palm.de (Robert Palm), 2024.07.29 (Mon) 09:47 (CEST):
> wonder how I can get TAB completion in the shell when using doas ...
> Do I need to add something to .profile ?

as I understand your other messages in this thread you are looking for a
solution for ksh(1). 

What you are looking for is "set -A" (or set +A). 

Example from my .kshrc:

set -A complete_ifstat_1 -- iwm0 em0 ure0 athn0 umb0 wg7
set -A complete_ifstat_2 -- up down

But, unless you are running a very short list of commands with doas, this
will become a fairly long list. 

Marcus

[solved] sndiod: Cannot change bit depth and sample rate

[rfabris]

Dear Alexandre

Am 2024-07-29 09:59, schrieb Alexandre Ratchov:

The -r and -e options are device properties, so they must precede the
-f option that adds the device. Try this:

rcctl set sndiod flags -e s24 -r 96000 -f rsnd/1 -m play

This is because there may be multiple devices with different
parameters. See the last paragraphs of the DESCRIPTION section of
sndiod(8).


Thanks a lot for your prompt reply and your explanation. Works
perfectly!

I had read sndiod(8) before writing to misc@openbsd.org, but apparently
not fully understood the implications of that particular passage
(placed `-m play` at the beginning of the command ...). My apologies -
lesson learnt.

I'm 68 and and using OpenBSD since April this year, but that's no
excuse for not reading the excellent man pages carefully enough (they
have already helped me a lot in configuring our home office PCs!).

Again, many thanks, and best regards

Rolf

Re: doas tab completion

[Kirill A . Korinsky]

On Mon, 29 Jul 2024 09:47:39 +0200,
Robert Palm  wrote:
> 
> wonder how I can get TAB completion in the shell when using doas ...
> 
> Do I need to add something to .profile ?
> 

Depends on the shell you are using.

Assuming you are using BASH, you will probably get what you want by:

  complete -cf doas

but if you have bash-completion installed, you probably expect something
like this

  complete -F _command doas


-- 
wbr, Kirill

Re: doas tab completion

[Robert Palm]

Zitat von Jan Stary :


On Jul 29 11:44:32, develo...@robert-palm.de wrote:

> On Jul 29 09:47:39, develo...@robert-palm.de wrote:
> > wonder how I can get TAB completion in the shell when using doas ...


echo $SHELL
Different shells do (or don't) this differently.


> tab completion is not specific to any command.

Hm, it does work, e.g. when I start typing

$sysu

it shows me the commands starting with "sysu"


Yes. That is not specific to sysupgrade.


But I would like this to happen even if I use

$doas sysu


If I am not mistaken, command names are only completed
as the first (zeroth) argument. Doing this for the second argument
would be doas-specific: the shell would need to know that while
a command (doas) has already been given, there is still another
command to be given, because the first is doas; in other words,
the shell would need to know the semantics of the (first) command,
which it doesn't. For the > first argument, file names are completed
instead, as that is a typical argument to a command (already given).


There seems to be a solution for the bash shell (adding following to
~/.bashrc)

complete -cf doas

but I cannot figure out how to do this for ksh.

My workaround is to type in the command (using autocompletion) and then jump
to the beginning of the shell again adding doas in front of the cmd.

But it would be nice to start with doas and then simply typing in the cmd...


Why stop here? It would be "nice" if tab-completion would complete
the hostnames from ~/.ssh/known_hosts when you have already said 'ssh';
some shells do that, the OpenBSD ksh doesn't.
It is the opposite of siplicity.


Understand, thanks. Just wanted to know whether I missed some optional  
settings.

Re: doas tab completion

[Jan Stary]

On Jul 29 11:44:32, develo...@robert-palm.de wrote:
> > On Jul 29 09:47:39, develo...@robert-palm.de wrote:
> > > wonder how I can get TAB completion in the shell when using doas ...

echo $SHELL
Different shells do (or don't) this differently.

> > tab completion is not specific to any command.
> 
> Hm, it does work, e.g. when I start typing
> 
> $sysu
> 
> it shows me the commands starting with "sysu"

Yes. That is not specific to sysupgrade.

> But I would like this to happen even if I use
> 
> $doas sysu

If I am not mistaken, command names are only completed
as the first (zeroth) argument. Doing this for the second argument
would be doas-specific: the shell would need to know that while
a command (doas) has already been given, there is still another
command to be given, because the first is doas; in other words,
the shell would need to know the semantics of the (first) command,
which it doesn't. For the > first argument, file names are completed
instead, as that is a typical argument to a command (already given).

> There seems to be a solution for the bash shell (adding following to
> ~/.bashrc)
> 
> complete -cf doas
> 
> but I cannot figure out how to do this for ksh.
> 
> My workaround is to type in the command (using autocompletion) and then jump
> to the beginning of the shell again adding doas in front of the cmd.
> 
> But it would be nice to start with doas and then simply typing in the cmd...

Why stop here? It would be "nice" if tab-completion would complete
the hostnames from ~/.ssh/known_hosts when you have already said 'ssh';
some shells do that, the OpenBSD ksh doesn't.
It is the opposite of siplicity.

Re: doas tab completion

[Robert Palm]

Zitat von Jan Stary :


On Jul 29 09:47:39, develo...@robert-palm.de wrote:

wonder how I can get TAB completion in the shell when using doas ...


tab completion is not specific to any command.


Hm, it does work, e.g. when I start typing

$sysu

it shows me the commands starting with "sysu"

But I would like this to happen even if I use

$doas sysu

There seems to be a solution for the bash shell (adding following to  
~/.bashrc)


complete -cf doas

but I cannot figure out how to do this for ksh.

My workaround is to type in the command (using autocompletion) and  
then jump to the beginning of the shell again adding doas in front of  
the cmd.


But it would be nice to start with doas and then simply typing in the cmd...

Re: doas tab completion

[Jan Stary]

On Jul 29 09:47:39, develo...@robert-palm.de wrote:
> wonder how I can get TAB completion in the shell when using doas ...

tab completion is not specific to any command.

Re: sndiod: Cannot change bit depth and sample rate

[Alexandre Ratchov]

On Sun, Jul 28, 2024 at 11:39:17PM +0200, rfab...@mhsmail.ch wrote:
> 
> `$ rcctl get sndiod`
> As expected:
> 
> sndiod_class=daemon
> sndiod_execdir=
> sndiod_flags=-f rsnd/1 -m play -e s24 -r 96000

The -r and -e options are device properties, so they must precede the
-f option that adds the device. Try this:

rcctl set sndiod flags -e s24 -r 96000 -f rsnd/1 -m play

This is because there may be multiple devices with different
parameters. See the last paragraphs of the DESCRIPTION section of
sndiod(8).

doas tab completion

[Robert Palm]

Hi,

wonder how I can get TAB completion in the shell when using doas ...

Do I need to add something to .profile ?

Thank you.

sndiod: Cannot change bit depth and sample rate

[rfabris]

Dear friends

I'm trying to follow the hint given in
https://marc.info/?l=openbsd-misc=167456556214809=2:


>>I found out that I have to restart sndiod with either
>>'sndiod_flags="-m play -r 44100"' or 'sndiod_flags="-m play -r 48000"'
>>flags in /etc/rc.conf.local depending on the files I am playing,
>>and then it gets to the receiver without issues.


However, I don't succeed in changing the bit depth and sample rate -
I am at a loss what to do and would be grateful for help.

My DAC can play 44100 Hz, 48000 Hz, 88200 Hz, 96000 Hz, 192000 Hz.
No issues with ALSA in Arch Linux, and same issue with another DAC.
So I don't think it's DAC related.

What I have done so far:

---
`$ ls /dev/ | grep audioctl`

audioctl0
audioctl1
audioctl2
audioctl3


`$ dmesg | grep audio`

audio0 at azalia1
uaudio0 at uhub3 port 2 configuration 1 interface 1 "Resolution Audio 
Cantata Music Center" rev 2.00/3.11 addr 2

uaudio0: class v2, high-speed, async, channels: 2 play, 0 rec, 1 ctls
audio1 at uaudio0


`audio0` doesn`t work with this particular motherboard, therefore
using `audio1`.

`# rcctl set sndiod flags -f rsnd/1`

Using the default settings for bit depth and sample rate shows the
expected values:

`$ rcctl get sndiod`

sndiod_class=daemon
sndiod_execdir=
sndiod_flags=-f rsnd/1
sndiod_logger=
sndiod_rtable=0
sndiod_timeout=30
sndiod_user=root


`# audioctl -f /dev/audioctl1`

name=uaudio0
mode=
pause=0
active=0
nblks=2
blksz=960
rate=48000
encoding=s16le
play.channels=2
play.bytes=0
play.errors=0
record.channels=2
record.bytes=0
record.errors=0


The DAC displays "48kHz".

---
Changing the `sndiod` settings:

`# rcctl set sndiod flags -f rsnd/1 -m play -e s24 -r 96000`
`# rcctl restart sndiod`

`$ rcctl get sndiod`
As expected:

sndiod_class=daemon
sndiod_execdir=
sndiod_flags=-f rsnd/1 -m play -e s24 -r 96000
sndiod_logger=
sndiod_rtable=0
sndiod_timeout=30
sndiod_user=root`


`# audioctl -f /dev/audioctl1`
Not as expected: I expected "encoding=s24" and rate=96000".

name=uaudio0
mode=
pause=1
active=0
nblks=16
blksz=480
rate=48000
encoding=s16le
play.channels=2
play.bytes=0
play.errors=0
record.channels=2
record.bytes=0
record.errors=0


The DAC still displays "48kHz".

---
Neither did
`# audioctl -f /dev/audioctl1 encoding=s24 rate=96000`
change anything.

---
How can I change encoding and sample rate for sndiod? Any hints would
be much appreciated.

Many thanks and best regards

Rolf

Re: exFAT & NTFS

[YASUOKA Masahiko]

Hi,

On Sun, 28 Jul 2024 12:11:57 -0400
John McCue  wrote:
> On Sun, Jul 28, 2024 at 09:40:29AM -0400, openbsd_fr...@mail2tor.com
> wrote:
>>Can OpenBSD write to exFAT and NTFS partitions?
>>Thanks.
> 
> See 'man 8 mount_ntfs' (ro) and I think mount_msdos(8) for exfat.

mount_msdos(8) doesn't support exfat.  exfat-fuse in ports does.

# exFAT is not related to legacy FAT in format

Re: u-blox GPS card in Dell Latitude

[Bryan Vyhmeister]

Thanks to those who responded. I finally have the laptop with the u-blox
card installed. It appears as:

umodem0 at uhub3 port 1 configuration 1 interface 0 "u-blox AG - www.u-blox.com 
u-blox GNSS receiver" rev 1.10/4.05 addr 4
umodem0: data interface 1, has CM over data, has no break
umodem0: status change notification available
ucom0 at umodem0: usb1.5.1.1

It looks me a little bit to figure out how to use ldattach(8) but
reading umodem(4), ucom(4), and then figuring out that ttyU0 and cuaU0
were the important interfaces was the key.

# ldattach -s 4800 nmea /dev/cuaU0

With that added, I have a sensor for ntpd.

$ ntpctl -s Sensors 
sensor
   wt gd st  next  poll  offset  correction
nmea0  
1  1  06s   15s   -45.090ms 0.000ms

Thanks for the pointers and feedback from everyone who responded.

Bryan

Re: exFAT & NTFS

[John McCue]

On Sun, Jul 28, 2024 at 09:40:29AM -0400, openbsd_fr...@mail2tor.com wrote:

Can OpenBSD write to exFAT and NTFS partitions?
Thanks.


See 'man 8 mount_ntfs' (ro) and I think mount_msdos(8) for exfat.

The manuals on OpenBSD are very good and update to date :)

Regards

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

The point is exactly to point out that it is a speculation.

On Jul 28 16:31:14, mih...@gmail.com wrote:
> > So my current speculation is that OpenBSD has a problem booting _from_USB_ 
> > on this laptop.
> 
> I think it should be like this:
> "So my current speculation is that LAPTOP has a problem booting
> _from_USB_ on this OpneBSD."
> 
> As a note, every time i see "speculation" word my mind associates it
> with the speculum.
> Same with supposition, but this time the word in my mind is "suppository".
> 
> sorry for not intended offences/
> 
> 

Re: exFAT & NTFS

[Denis Fondras]

Le Sun, Jul 28, 2024 at 09:40:29AM -0400, openbsd_fr...@mail2tor.com a écrit :
> Can OpenBSD write to exFAT and NTFS partitions?
> 

OpenBSD has a ntfs-3g port to manage NTFS partitions.

Re: exFAT & NTFS

[Crystal Kolipe]

On Sun, Jul 28, 2024 at 09:40:29AM -0400, openbsd_fr...@mail2tor.com wrote:
> Can OpenBSD write to exFAT and NTFS partitions?

Sure.  You can write random data to any partition with dd.

exFAT & NTFS

[openbsd_freak]

Can OpenBSD write to exFAT and NTFS partitions?
Thanks.

Re: trying to boot on HP EliteBook 820 G1

[Mihai Popescu]

> So my current speculation is that OpenBSD has a problem booting _from_USB_ on 
> this laptop.

I think it should be like this:
"So my current speculation is that LAPTOP has a problem booting
_from_USB_ on this OpneBSD."

As a note, every time i see "speculation" word my mind associates it
with the speculum.
Same with supposition, but this time the word in my mind is "suppository".

sorry for not intended offences/

Failed syspatch 75-003 on amd64 gzip i/o error

[legrandouef]

Dear misc@,
 
 I do not know which mailing list is the best one for such report, so I
 start here.
 
 Syspatch worked properly for 75-001 on an earlier date but syspatch
 fails on 75-003 now.
 I tried with various different installurls with the same issue.
 

 $ doas syspatch -c
 gzip: stdin: Input/output error
 tar: End of archive volume 1 reached
 003_libcrypto
 

 $ doas syspatch
 gzip: stdin: Input/output error
 tar: End of archive volume 1 reached
 

 A very similar issue to this had previously raised here - curiously
 regarding a libcrypto patch:

https://marc.info/?l=openbsd-misc=152581309214272=2

 Also note that on syspatch -c 004_bgpd is not listed

 regards
 Ian

Re: headscale segfault on openbsd 7.5

[Jona Joachim]

Hi again,

I didn't see this issue was reported and discussed on github by the 
maintainer who updated the port in -CURRENT:


https://github.com/juanfont/headscale/issues/1857

I successfully built the port from -CURRENT and got headscale up again.

The package in 7.5 is broken.


Best regards,

Jona


On 26/07/2024 11:43, Jona Joachim wrote:

Hi!

I upgraded my system to openbsd 7.5 today and headscale to 
headscale-0.22.1.


With openbsd 7.4, everything was running fine.

Now I get a segfault when I try to run headscale (see below).

I know nothing about golang so it's a bit hard to debug.

I tried to compile the software manually with "go build" with 
different options. I seems to compile fine but it doesn't generate a 
runnable binary.


I wonder if you can reproduce on 7.5.



$ sudo -u _headscale headscale serve
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x16ad5e8]

goroutine 1 [running]:
modernc.org/libc.(*TLS).setErrno(0x1c59020?, {0x292f80?, 0x656220?})
    modernc.org/libc@v1.22.2/etc.go:189 +0xa8
modernc.org/libc.Xmalloc(0x0, 0x334ec0?)
    modernc.org/libc@v1.22.2/mem.go:34 +0xc5
modernc.org/libc.init()
    modernc.org/libc@v1.22.2/libc_openbsd.go:49 +0x2a9





Best regards,

Jona JOACHIM

Re: failure to read huge .text section

[Philip Guenther]

I think we’re saying that it’s been 30+ years since .rodata instead of
.text has been the section for read-only data and that your software will
be *more* portable (particularly looking to the future) if it uses .rodata
instead of .text for data it wants to read-and-not-execute.

I guess you could write a configure test for “doesn’t have working .rodata
so use .text instead” but it was the previous millenium when I last saw a
working system like that…

Philip Guenther

On Saturday, July 27, 2024, Shein Asker  wrote:

> Dear Mr. Claudio, @misc readers,
>
> Thank you for your prompt reply.
>
> I see, OpenBSD has a restriction that .text segments are executable-only
> mapped.
>
> In porting the software, I would like to make work-around modifications,
> preferably without modifying the source.
> Does OpenBSD provide a way to loosen these restrictions?
>
> On Sat, Jul 27, 2024 at 10:22 PM Claudio Jeker 
> wrote:
>
>> On Sat, Jul 27, 2024 at 08:14:42PM +0900, Shein Asker wrote:
>> > Dear @misc readers,
>> >
>> > I have recently started using OpenBSD and have encountered the problem
>> > shown in the subject when porting a software used on Linux to OpenBSD.
>> > The problem is outlined as follows: SEGV occurs when trying to read huge
>> > size data placed in a .text section that exceeds the `PAGE_SIZE` by a
>> large
>> > amount.
>> >
>> > My environments are as follows:
>> > machine:
>> >   1. QEMU/KVM x86_64 6.2.0
>> >   2. Dynabook R63/J (Intel Core i5-7300U)
>> > OS: OpenBSD 7.5
>> > compiler: clang 16.0.6
>> >
>> > Below is the minimal code that reproduces the problem.
>> > https://github.com/sheinasker/data-asm/tree/main
>> >
>> > What this code does is to copy the contents of a global string variable
>> > defined in the assembler to a dynamically allocated area and display the
>> > address, size, and leading and trailing data. The entity of
>> `sample_code`
>> > is defined in assembler and its content is a string of 12289 bytes
>> filled
>> > with 'A'. The SEGV occurs in the part of the code below that executes
>> > `memcpy`.
>> >
>> > ```cpp
>> > #include 
>> > #include 
>> > #include 
>> >
>> > extern "C" char sample_code[];
>> > extern "C" std::uint32_t sample_code_size;
>> >
>> > int main() {
>> > std::cout << "address: " << reinterpret_cast(sample_code) <<
>> > std::endl;
>> > char* buf = (char*)std::malloc(sample_code_size);
>> >
>> > // SEGV
>> > std::memcpy(buf, sample_code, sample_code_size);
>> >
>> > std::cout << "size: " << std::strlen(buf) << std::endl;
>> > std::cout << "head: " << std::string(buf, buf + 10) << std::endl;
>> > std::cout << "tail: " << std::string(buf + sample_code_size - 11,
>> buf +
>> > sample_code_size - 1) << std::endl;
>> > }
>> > ```
>> >
>> > Running it with `make run1`, you will see that it crashes with SIGSEGV.
>> >
>> > The log when debugging with `lldb` is as follows:
>> > ```
>> > openbsd-host$ lldb sample1
>> > (lldb) target create "sample1"
>> > Current executable set to '/home/asker/src/data-asm/sample1' (x86_64).
>> > (lldb) b main
>> > Breakpoint 1: where = sample1`main, address = 0x6410
>> > (lldb) run
>> > Process 8967 launched: '/home/asker/src/data-asm/sample1' (x86_64)
>> > Process 8967 stopped
>> > * thread #1, stop reason = breakpoint 1.1
>> > frame #0: 0x0befee364410 sample1`main
>> > sample1`main:
>> > ->  0xbefee364410 <+0>:  endbr64
>> > 0xbefee364414 <+4>:  movq   0x372d(%rip), %r11;
>> __retguard_831
>> > 0xbefee36441b <+11>: xorq   (%rsp), %r11
>> > 0xbefee36441f <+15>: pushq  %rbp
>> > (lldb) c
>> > Process 8967 resuming
>> > address: 0xbefee361400
>> > Process 8967 stopped
>> > * thread #1, stop reason = signal SIGSEGV
>> > frame #0: 0x0bf2b0c282b0
>> > libc.so.99.0`memcpy(dst0=0x0bf29066c000, src0=,
>> > length=12289) at memcpy.c:103:2
>> > (lldb) c
>> > Process 8967 resuming
>> > Process 8967 exited with status = 11 (0x000b)
>> > (lldb) q
>> > ```
>> >
>> > At the same time, the history of system calls was also recorded by
>> > `ktrace`, so that is also shown.
>> > ```
>> >   8967 sample1  CALL  kbind(0x6fe6698ee708,24,0x3e7ebd77b6a5befb)
>> >   8967 sample1  RET   kbind 0
>> >   8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
>> >   8967 sample1  RET   kbind 0
>> >   8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
>> >   8967 sample1  RET   kbind 0
>> >   8967 sample1  CALL  kbind(0x6fe6698ee608,24,0x3e7ebd77b6a5befb)
>> >   8967 sample1  RET   kbind 0
>> >   8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
>> >   8967 sample1  RET   kbind 0
>> >   8967 sample1  CALL  kbind(0x6fe6698ee5d8,24,0x3e7ebd77b6a5befb)
>> >   8967 sample1  RET   kbind 0
>> >   8967 sample1  CALL
>> >  mprotect(0xbf24ee36000,0x1000,0x3)
>> >   8967 sample1  RET   mprotect 0
>> >   8967 sample1  CALL  mprotect(0xbf24ee36000,0x1000,0x1)
>> >   8967 sample1  RET   mprotect 0
>> >   8967 sample1  CALL  fstat(1,0x6fe6698ee500)
>> >   8967 

Re: failure to read huge .text section

[Shein Asker]

Dear Mr. Claudio, @misc readers,

Thank you for your prompt reply.

I see, OpenBSD has a restriction that .text segments are executable-only
mapped.

In porting the software, I would like to make work-around modifications,
preferably without modifying the source.
Does OpenBSD provide a way to loosen these restrictions?

On Sat, Jul 27, 2024 at 10:22 PM Claudio Jeker 
wrote:

> On Sat, Jul 27, 2024 at 08:14:42PM +0900, Shein Asker wrote:
> > Dear @misc readers,
> >
> > I have recently started using OpenBSD and have encountered the problem
> > shown in the subject when porting a software used on Linux to OpenBSD.
> > The problem is outlined as follows: SEGV occurs when trying to read huge
> > size data placed in a .text section that exceeds the `PAGE_SIZE` by a
> large
> > amount.
> >
> > My environments are as follows:
> > machine:
> >   1. QEMU/KVM x86_64 6.2.0
> >   2. Dynabook R63/J (Intel Core i5-7300U)
> > OS: OpenBSD 7.5
> > compiler: clang 16.0.6
> >
> > Below is the minimal code that reproduces the problem.
> > https://github.com/sheinasker/data-asm/tree/main
> >
> > What this code does is to copy the contents of a global string variable
> > defined in the assembler to a dynamically allocated area and display the
> > address, size, and leading and trailing data. The entity of `sample_code`
> > is defined in assembler and its content is a string of 12289 bytes filled
> > with 'A'. The SEGV occurs in the part of the code below that executes
> > `memcpy`.
> >
> > ```cpp
> > #include 
> > #include 
> > #include 
> >
> > extern "C" char sample_code[];
> > extern "C" std::uint32_t sample_code_size;
> >
> > int main() {
> > std::cout << "address: " << reinterpret_cast(sample_code) <<
> > std::endl;
> > char* buf = (char*)std::malloc(sample_code_size);
> >
> > // SEGV
> > std::memcpy(buf, sample_code, sample_code_size);
> >
> > std::cout << "size: " << std::strlen(buf) << std::endl;
> > std::cout << "head: " << std::string(buf, buf + 10) << std::endl;
> > std::cout << "tail: " << std::string(buf + sample_code_size - 11,
> buf +
> > sample_code_size - 1) << std::endl;
> > }
> > ```
> >
> > Running it with `make run1`, you will see that it crashes with SIGSEGV.
> >
> > The log when debugging with `lldb` is as follows:
> > ```
> > openbsd-host$ lldb sample1
> > (lldb) target create "sample1"
> > Current executable set to '/home/asker/src/data-asm/sample1' (x86_64).
> > (lldb) b main
> > Breakpoint 1: where = sample1`main, address = 0x6410
> > (lldb) run
> > Process 8967 launched: '/home/asker/src/data-asm/sample1' (x86_64)
> > Process 8967 stopped
> > * thread #1, stop reason = breakpoint 1.1
> > frame #0: 0x0befee364410 sample1`main
> > sample1`main:
> > ->  0xbefee364410 <+0>:  endbr64
> > 0xbefee364414 <+4>:  movq   0x372d(%rip), %r11;
> __retguard_831
> > 0xbefee36441b <+11>: xorq   (%rsp), %r11
> > 0xbefee36441f <+15>: pushq  %rbp
> > (lldb) c
> > Process 8967 resuming
> > address: 0xbefee361400
> > Process 8967 stopped
> > * thread #1, stop reason = signal SIGSEGV
> > frame #0: 0x0bf2b0c282b0
> > libc.so.99.0`memcpy(dst0=0x0bf29066c000, src0=,
> > length=12289) at memcpy.c:103:2
> > (lldb) c
> > Process 8967 resuming
> > Process 8967 exited with status = 11 (0x000b)
> > (lldb) q
> > ```
> >
> > At the same time, the history of system calls was also recorded by
> > `ktrace`, so that is also shown.
> > ```
> >   8967 sample1  CALL  kbind(0x6fe6698ee708,24,0x3e7ebd77b6a5befb)
> >   8967 sample1  RET   kbind 0
> >   8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
> >   8967 sample1  RET   kbind 0
> >   8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
> >   8967 sample1  RET   kbind 0
> >   8967 sample1  CALL  kbind(0x6fe6698ee608,24,0x3e7ebd77b6a5befb)
> >   8967 sample1  RET   kbind 0
> >   8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
> >   8967 sample1  RET   kbind 0
> >   8967 sample1  CALL  kbind(0x6fe6698ee5d8,24,0x3e7ebd77b6a5befb)
> >   8967 sample1  RET   kbind 0
> >   8967 sample1  CALL
> >  mprotect(0xbf24ee36000,0x1000,0x3)
> >   8967 sample1  RET   mprotect 0
> >   8967 sample1  CALL  mprotect(0xbf24ee36000,0x1000,0x1)
> >   8967 sample1  RET   mprotect 0
> >   8967 sample1  CALL  fstat(1,0x6fe6698ee500)
> >   8967 sample1  STRU  struct stat { dev=0, ino=104192, mode=crw--w ,
> > nlink=1, uid=1000<"asker">, gid=4<"tty">, rdev=1283,
> atime=1722062206<"Jul
> > 27 15:36:46 2024">.276320559, mtime=1722062206<"Jul 27 15:36:46
> > 2024">.276320559, ctime=1722062206<"Jul 27 15:36:46 2024">.276320559,
> > size=0, blocks=0, blksize=65536, flags=0x0, gen=0x0 }
> >   8967 sample1  RET   fstat 0
> >   8967 sample1  CALL
> >
> mmap(0,0x1,0x3,0x1002,-1,0)
> >   8967 sample1  RET   mmap 13137847422976/0xbf2e4ba9000
> >   8967 sample1  CALL  fcntl(1,F_ISATTY)
> >   8967 sample1  RET   fcntl 1
> >   8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
> >   

Re: failure to read huge .text section

[Claudio Jeker]

On Sat, Jul 27, 2024 at 08:14:42PM +0900, Shein Asker wrote:
> Dear @misc readers,
> 
> I have recently started using OpenBSD and have encountered the problem
> shown in the subject when porting a software used on Linux to OpenBSD.
> The problem is outlined as follows: SEGV occurs when trying to read huge
> size data placed in a .text section that exceeds the `PAGE_SIZE` by a large
> amount.
> 
> My environments are as follows:
> machine:
>   1. QEMU/KVM x86_64 6.2.0
>   2. Dynabook R63/J (Intel Core i5-7300U)
> OS: OpenBSD 7.5
> compiler: clang 16.0.6
> 
> Below is the minimal code that reproduces the problem.
> https://github.com/sheinasker/data-asm/tree/main
> 
> What this code does is to copy the contents of a global string variable
> defined in the assembler to a dynamically allocated area and display the
> address, size, and leading and trailing data. The entity of `sample_code`
> is defined in assembler and its content is a string of 12289 bytes filled
> with 'A'. The SEGV occurs in the part of the code below that executes
> `memcpy`.
> 
> ```cpp
> #include 
> #include 
> #include 
> 
> extern "C" char sample_code[];
> extern "C" std::uint32_t sample_code_size;
> 
> int main() {
> std::cout << "address: " << reinterpret_cast(sample_code) <<
> std::endl;
> char* buf = (char*)std::malloc(sample_code_size);
> 
> // SEGV
> std::memcpy(buf, sample_code, sample_code_size);
> 
> std::cout << "size: " << std::strlen(buf) << std::endl;
> std::cout << "head: " << std::string(buf, buf + 10) << std::endl;
> std::cout << "tail: " << std::string(buf + sample_code_size - 11, buf +
> sample_code_size - 1) << std::endl;
> }
> ```
> 
> Running it with `make run1`, you will see that it crashes with SIGSEGV.
> 
> The log when debugging with `lldb` is as follows:
> ```
> openbsd-host$ lldb sample1
> (lldb) target create "sample1"
> Current executable set to '/home/asker/src/data-asm/sample1' (x86_64).
> (lldb) b main
> Breakpoint 1: where = sample1`main, address = 0x6410
> (lldb) run
> Process 8967 launched: '/home/asker/src/data-asm/sample1' (x86_64)
> Process 8967 stopped
> * thread #1, stop reason = breakpoint 1.1
> frame #0: 0x0befee364410 sample1`main
> sample1`main:
> ->  0xbefee364410 <+0>:  endbr64
> 0xbefee364414 <+4>:  movq   0x372d(%rip), %r11; __retguard_831
> 0xbefee36441b <+11>: xorq   (%rsp), %r11
> 0xbefee36441f <+15>: pushq  %rbp
> (lldb) c
> Process 8967 resuming
> address: 0xbefee361400
> Process 8967 stopped
> * thread #1, stop reason = signal SIGSEGV
> frame #0: 0x0bf2b0c282b0
> libc.so.99.0`memcpy(dst0=0x0bf29066c000, src0=,
> length=12289) at memcpy.c:103:2
> (lldb) c
> Process 8967 resuming
> Process 8967 exited with status = 11 (0x000b)
> (lldb) q
> ```
> 
> At the same time, the history of system calls was also recorded by
> `ktrace`, so that is also shown.
> ```
>   8967 sample1  CALL  kbind(0x6fe6698ee708,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee608,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee5d8,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL
>  mprotect(0xbf24ee36000,0x1000,0x3)
>   8967 sample1  RET   mprotect 0
>   8967 sample1  CALL  mprotect(0xbf24ee36000,0x1000,0x1)
>   8967 sample1  RET   mprotect 0
>   8967 sample1  CALL  fstat(1,0x6fe6698ee500)
>   8967 sample1  STRU  struct stat { dev=0, ino=104192, mode=crw--w ,
> nlink=1, uid=1000<"asker">, gid=4<"tty">, rdev=1283, atime=1722062206<"Jul
> 27 15:36:46 2024">.276320559, mtime=1722062206<"Jul 27 15:36:46
> 2024">.276320559, ctime=1722062206<"Jul 27 15:36:46 2024">.276320559,
> size=0, blocks=0, blksize=65536, flags=0x0, gen=0x0 }
>   8967 sample1  RET   fstat 0
>   8967 sample1  CALL
>  mmap(0,0x1,0x3,0x1002,-1,0)
>   8967 sample1  RET   mmap 13137847422976/0xbf2e4ba9000
>   8967 sample1  CALL  fcntl(1,F_ISATTY)
>   8967 sample1  RET   fcntl 1
>   8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee798,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee668,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee568,24,0x3e7ebd77b6a5befb)
>   8967 sample1  RET   kbind 0
>   8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
>   8967 

failure to read huge .text section

[Shein Asker]

Dear @misc readers,

I have recently started using OpenBSD and have encountered the problem
shown in the subject when porting a software used on Linux to OpenBSD.
The problem is outlined as follows: SEGV occurs when trying to read huge
size data placed in a .text section that exceeds the `PAGE_SIZE` by a large
amount.

My environments are as follows:
machine:
  1. QEMU/KVM x86_64 6.2.0
  2. Dynabook R63/J (Intel Core i5-7300U)
OS: OpenBSD 7.5
compiler: clang 16.0.6

Below is the minimal code that reproduces the problem.
https://github.com/sheinasker/data-asm/tree/main

What this code does is to copy the contents of a global string variable
defined in the assembler to a dynamically allocated area and display the
address, size, and leading and trailing data. The entity of `sample_code`
is defined in assembler and its content is a string of 12289 bytes filled
with 'A'. The SEGV occurs in the part of the code below that executes
`memcpy`.

```cpp
#include 
#include 
#include 

extern "C" char sample_code[];
extern "C" std::uint32_t sample_code_size;

int main() {
std::cout << "address: " << reinterpret_cast(sample_code) <<
std::endl;
char* buf = (char*)std::malloc(sample_code_size);

// SEGV
std::memcpy(buf, sample_code, sample_code_size);

std::cout << "size: " << std::strlen(buf) << std::endl;
std::cout << "head: " << std::string(buf, buf + 10) << std::endl;
std::cout << "tail: " << std::string(buf + sample_code_size - 11, buf +
sample_code_size - 1) << std::endl;
}
```

Running it with `make run1`, you will see that it crashes with SIGSEGV.

The log when debugging with `lldb` is as follows:
```
openbsd-host$ lldb sample1
(lldb) target create "sample1"
Current executable set to '/home/asker/src/data-asm/sample1' (x86_64).
(lldb) b main
Breakpoint 1: where = sample1`main, address = 0x6410
(lldb) run
Process 8967 launched: '/home/asker/src/data-asm/sample1' (x86_64)
Process 8967 stopped
* thread #1, stop reason = breakpoint 1.1
frame #0: 0x0befee364410 sample1`main
sample1`main:
->  0xbefee364410 <+0>:  endbr64
0xbefee364414 <+4>:  movq   0x372d(%rip), %r11; __retguard_831
0xbefee36441b <+11>: xorq   (%rsp), %r11
0xbefee36441f <+15>: pushq  %rbp
(lldb) c
Process 8967 resuming
address: 0xbefee361400
Process 8967 stopped
* thread #1, stop reason = signal SIGSEGV
frame #0: 0x0bf2b0c282b0
libc.so.99.0`memcpy(dst0=0x0bf29066c000, src0=,
length=12289) at memcpy.c:103:2
(lldb) c
Process 8967 resuming
Process 8967 exited with status = 11 (0x000b)
(lldb) q
```

At the same time, the history of system calls was also recorded by
`ktrace`, so that is also shown.
```
  8967 sample1  CALL  kbind(0x6fe6698ee708,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee608,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee628,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee5d8,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL
 mprotect(0xbf24ee36000,0x1000,0x3)
  8967 sample1  RET   mprotect 0
  8967 sample1  CALL  mprotect(0xbf24ee36000,0x1000,0x1)
  8967 sample1  RET   mprotect 0
  8967 sample1  CALL  fstat(1,0x6fe6698ee500)
  8967 sample1  STRU  struct stat { dev=0, ino=104192, mode=crw--w ,
nlink=1, uid=1000<"asker">, gid=4<"tty">, rdev=1283, atime=1722062206<"Jul
27 15:36:46 2024">.276320559, mtime=1722062206<"Jul 27 15:36:46
2024">.276320559, ctime=1722062206<"Jul 27 15:36:46 2024">.276320559,
size=0, blocks=0, blksize=65536, flags=0x0, gen=0x0 }
  8967 sample1  RET   fstat 0
  8967 sample1  CALL
 mmap(0,0x1,0x3,0x1002,-1,0)
  8967 sample1  RET   mmap 13137847422976/0xbf2e4ba9000
  8967 sample1  CALL  fcntl(1,F_ISATTY)
  8967 sample1  RET   fcntl 1
  8967 sample1  CALL  kbind(0x6fe6698ee6b8,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee798,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee668,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee568,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  kbind(0x6fe6698ee738,24,0x3e7ebd77b6a5befb)
  8967 sample1  RET   kbind 0
  8967 sample1  CALL  write(1,0xbf2e4ba9000,0x17)
  8967 sample1  GIO   fd 1 wrote 23 bytes
   "address: 0xbefee361400
   "
  8967 sample1  RET   write 23/0x17
  8967 sample1  CALL  

Alder Lake motherboard (i3-N305) not booting

[Rob Schmersel]

Hi,

I recently got a new motherboard with an alder lake CPU (i3-N305),
which uses a JMicron JMB585 SATA multipler connect to one of the
PCI-E lanes. Disk connected to this will get detected (albeit a bit
slower as direct connected SATA disks)

(There is no serial console, waiting for a IP KVM switch. So all typed
by hand and apologies for any typos)

A number of devices  are not configured (just in case that is relevant
and only those that are still visible, there might be more): 

"Intel ADL-N eSPI" rev 0x00 at pci0 dev31 function 0 not configured
"Intel ADL-N HD Audio" rev 0x00 at pci0 dev31 function 3 not configured
"Intel ADL-N SMBus" rev 0x00 at pci0 dev31 function 4 not configured
"Intel ADL-N SPI" rev 0x00 at pci0 dev31 function 5 not configured

The system hangs when trying to determine if softraid is
available (does not matter if disk are connected or not):

softraid0 at root
scsibus4 at softraid0: 256 targets
> hanging forever after this

The disks used are from my older system (also an AMD64 system based on
an intel J3720 CPU) was used before, but no softraid was ever
configured. 

The hanging occurs for both booting from the old disk and booting with a
current snapshot miniroot75.img

The system only supports USB and the connected keyboard does not work
when trying to use 'boot -c' to see if I could disable softraid.

Apart from building my own kernel anyhting I could do?

BR/Rob

PS. does this belong in bugs@ ?

Re: avoid single-user mode boot

[Odhiambo Washington]

On Wed, Jul 24, 2024 at 2:01 PM <04-psyche.tot...@icloud.com> wrote:

> Hi all,
>
> I have a machine that will be placed in a remote location, and have no
> physical access to. The connection will be made through ssh only.
>
> I'd like to make it as resilient to failure as possible.
>
> A big concern to me is for a disk failure to happen (say a power outage),
> and the machine to be rebooted in single user mode. At that point, the
> machine has no network access, and so I lose contact to it.
>
> Is there any way to disable going to single user mode when fsck is not
> happy?
>
> Is it reasonable to change the /etc/fstab to modify the fsck flag from 1
> and 2 to 0, to bypass the fsck checks ?
>
> Alternatively, is there a way to have ssh access in single user mode?
>
> Thanks!
> Jake
>

Can they give you an extra IP address??
If yes, take a look at this:
1. https://www.youtube.com/watch?v=cVWF3u-y-Zg
2.
https://www.jeffgeerling.com/blog/2022/blikvm-pcie-puts-computer-your-computer


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: avoid single-user mode boot

[04-psyche . totter]

Thanks Matthew, that's helpful. I will look into that.

headscale segfault on openbsd 7.5

[Jona Joachim]

Hi!

I upgraded my system to openbsd 7.5 today and headscale to headscale-0.22.1.

With openbsd 7.4, everything was running fine.

Now I get a segfault when I try to run headscale (see below).

I know nothing about golang so it's a bit hard to debug.

I tried to compile the software manually with "go build" with different 
options. I seems to compile fine but it doesn't generate a runnable binary.


I wonder if you can reproduce on 7.5.



$ sudo -u _headscale headscale serve
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x16ad5e8]

goroutine 1 [running]:
modernc.org/libc.(*TLS).setErrno(0x1c59020?, {0x292f80?, 0x656220?})
    modernc.org/libc@v1.22.2/etc.go:189 +0xa8
modernc.org/libc.Xmalloc(0x0, 0x334ec0?)
    modernc.org/libc@v1.22.2/mem.go:34 +0xc5
modernc.org/libc.init()
    modernc.org/libc@v1.22.2/libc_openbsd.go:49 +0x2a9





Best regards,

Jona JOACHIM

upsdrvctl issue (nut/UPS) since sysupgrade to 7.5 (and nut update)

[Steve Fairhead]

Hi folks,

I have no doubt this will turn out to be pilot error, so apologies in advance.

We have a server with an APC UPS via USB, which was working fine over
several sysupgrades to 7.4. Since 7.5, not so much.

I also did a package update (pkg_add -ui) as part of the process, and
saw that nut was updated - but didn't see anything change of
significance.

I'm familiar with restoring the ownerships and rights to /dev/ugen0.00
and /dev/usb0 (in my case) after the sysupgrade.

Running "upsdrvctl start" now returns an error, including:

USB communication driver (libusb 1.0) 0.46
interrupt pipe disabled (add 'pollonly' flag to 'ups.conf' to get rid
of this message)
libusb1: Could not open any HID devices: insufficient permissions on everything
No matching HID UPS found

The thing I find very odd is that running nut-scanner before the
sysupgrade gave me a sensible result:

Scanning USB bus.
[nutdev1]
driver = "usbhid-ups"
port = "auto"
vendorid = "051D"
productid = "0003"
product = "Smart-UPS_3000 FW:UPS 06.0 / ID=1027"
serial = "xxx"
vendor = "American Power Conversion"
bus = "000"

Afterwards, it's odd:

Cannot load SNMP library (libnetsnmp.so) : file not found. SNMP search disabled.
Cannot load XML library (libneon.so) : file not found. XML search disabled.
Scanning USB bus.
[nutdev1]
driver = "apc_modbus"
port = "auto"
vendorid = "051D"
productid = "0003"
product = "Smart-UPS_3000 FW:UPS 06.0 / ID=1027"
serial = "xxx"
vendor = "American Power Conversion"
bus = "000"
device = "002"
busport = "003"
###NOTMATCHED-YET###bcdDevice = "0001"

Modbus? Really? (I tried it anyway; didn't work. No surprise.)

I conclude that I've missed permissions on something (new?), as
suggested by the error message. But what?

Any help gratefully received.

Steve

Re: Startup script for Netbox: can't start with a user and can't stop

[Mik J]

Hello Stuart,

Thank you for your answer.

1)
>but you start as _netbox:
>> daemon_user="_netbox"
>that won't work, it needs root to change uid (to www).
I finally chose to run it as _netbox and change this line
daemon_flags="--name netbox --pid /var/run/netbox.pid --user=_netbox 
--group=_netbox --config=${_BASEDIR}/gunicorn.py"
So that everything is aligned


2)
>this doesn't make a lot of sense, why not either start it from the
>rc script itself, or save a separate script to disk, rather than
>writing to /var/run?

>also if you run commands from the venv bin directory, they set
>things up for you so you don't need to source "activate".

I didn't understand what you wrote except that what I did was not correct.

To run the application that acts like a daemon, I need to do these tasks 
manually

_BASEDIR=/var/www/htdocs/applications/netbox-4.0.7
APPDIR=${_BASEDIR}/netbox
daemon_flags="--name netbox --pid /var/run/netbox.pid --user=_netbox 
--group=_netbox --config=${_BASEDIR}/gunicorn.py"
daemon_flags="${daemon_flags} --log-level=info --log-file=- netbox.wsgi"

cd ${_BASEDIR}/netbox
. ${_BASEDIR}/env/bin/activate
export 
PYTHONPATH=${_BASEDIR}/env/lib/python3.10/site-packages:${APPDIR}${PYTHONPATH:+:${PYTHONPATH}}
exec gunicorn ${daemon_flags}

Q: When you write "start it from the rc script itself", should I try to add 
instructions in the rc_pre() section ?
Q: You - write if you run commands from the venv bin directory, they set things 
up for you so you don't need to source "activate" -
So I don't need to use . ${_BASEDIR}/env/bin/activate
Should my rc_start() only contain rc_exec ${daemon} ${daemon_flags} ?

Regards



Le jeudi 25 juillet 2024 à 09:45:10 UTC+2, Stuart Henderson 
 a écrit : 





here you tell it to run it as www:

> daemon_flags="--name netbox --pid /var/run/netbox.pid --user=www --group=www 
> --config=${_BASEDIR}/gunicorn.py"
> daemon_flags="${daemon_flags} --log-level=info --log-file=- netbox.wsgi"

but you start as _netbox:

> daemon_user="_netbox"

that won't work, it needs root to change uid (to www).

> pexp="${_BASEDIR}/env/bin/python3.10 ${daemon}${daemon_flags:+ 
> ${daemon_flags}}"

> echo "pkill -f ${daemon}"

?

> rc_pre() {
>     cat  APPDIR=${_BASEDIR}/netbox
>
> packages:${APPDIR}${PYTHONPATH:+:${PYTHONPATH}}
> cd ${_BASEDIR}/netbox
> . ${_BASEDIR}/env/bin/activate
> export 
> PYTHONPATH=${_BASEDIR}/env/lib/python3.10/site-packages:${APPDIR}${PYTHONPATH:+:${PYTHONPATH}}
> exec gunicorn ${daemon_flags}
> EOF
>     chmod u+x /var/run/netbox_start
>     chmod o+x /var/run/netbox_start
> }

this doesn't make a lot of sense, why not either start it from the
rc script itself, or save a separate script to disk, rather than
writing to /var/run?

also if you run commands from the venv bin directory, they set
things up for you so you don't need to source "activate".

> rc_stop() {
>     pkill -f "${_BASEDIR}/env/bin/gunicorn"
> }

if pexp was set correctly then you wouldn't need to override rc_stop.

> doing rc_check
> [2024-07-25 00:52:55 +0200] [61573] [INFO] Starting gunicorn 22.0.0
> ...
> PermissionError: [Errno 13] Permission denied: '/var/run/tmp5jrbni2l'
> doing _rc_rm_runfile
> (failed)
>
> I don't know why it's trying to create /var/run/tmp5jrbni2l

must be something in gunicorn or netbox.

> If I remove daemon_user="_netbox", everything works

in that case, it starts as root, so it can write there (at least until
it drops privs).

> ii) When I try to stop the process, it doesn't work
> # ps ax | grep /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
> 61611 p1  S    0:00.75 
> /var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
> /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox 
> --pid /var/run/netbox.pid --user=www --group=www 
> --config=/var/www/htdocs/appli
...
> # /etc/rc.d/netbox -d stop
> doing _rc_parse_conf
> netbox_flags empty, using default >--name netbox --pid /var/run/netbox.pid 
> --user=www --group=www 
> --config=/var/www/htdocs/applications/netbox-4.0.7/gunicorn.py 
> --log-level=info --log-file=- netbox.wsgi<
> pkill -f /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
> doing _rc_parse_conf /var/run/rc.d/netbox
> doing rc_check

I didn't check carefully but I guess pexp doesn't match this process,
so rc_check doesn't find it running.

You could try

pexp="/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox.*"



-- 
Please keep replies on the mailing list.

Re: M-Audio Fast Track Ultra 8R

[Jan Stary]

On Jul 07 18:03:56, h...@stare.cz wrote:
> On Jul 01 15:07:48, a...@caoua.org wrote:
> > On Sun, Jun 30, 2024 at 08:26:06AM +0200, Jan Stary wrote:
> > > This is current/amd64 on a PC (full dmesg below).
> > > I got my hands on an M-Audio Fast Track Ultra 8R,
> > > an USB audio interface; eight tracks, 24/96, nice.
> > > 
> > > It doesn't seem to be supported though:
> > > it attaches as an ugen, but no uaudio.
> > > 
> > > umidi0 at uhub4 port 2 configuration 1 interface 3 "M-Audio Fast Track 
> > > Ultra 8R" rev 2.00/1.51 addr 3
> > > umidi0: (genuine USB-MIDI)
> > > umidi0: out=1, in=1
> > > midi0 at umidi0: 
> > > ugen0 at uhub4 port 2 configuration 1 "M-Audio Fast Track Ultra 8R" rev 
> > > 2.00/1.51 addr 3
> > > 
> > > This happens in any USB slot.
> > > 
> > > What can I do to debug this?
> > > Is anyone using this on OpenBSD?
> > > 
> > > It is an USB-compliant audio device,
> > > macOS and Windows use it just fine.
> > 
> > It seems that the uaudio driver doesn't even try to attach. You could
> > instrument the uaudio_match() kernel function, and try to figure out
> > why it returns UMATCH_NONE for your device.
> 
> For the record, it is _not_ a USB-compliant audio device.
> I had another one plugged into mac by mistake (sorry),
> and on win, it only works with the latest = 2014 drivers.

But then again, it attaches like this on FreeBSD:

ugen0.6:  at usbus0
uaudio0 on uhub2
uaudio0:  on 
usbus0
uaudio0: Play[0]: 96000 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer. 
(selected)
uaudio0: Play[0]: 88200 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer.
uaudio0: Play[0]: 48000 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer.
uaudio0: Play[0]: 44100 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer.
uaudio0: Record[0]: 96000 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer. 
(selected)
uaudio0: Record[0]: 88200 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer.
uaudio0: Record[0]: 48000 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer.
uaudio0: Record[0]: 44100 Hz, 8 ch, 24-bit S-LE PCM format, 2x4ms buffer.
uaudio0: Single command MIDI quirk enabled
uaudio0: MIDI sequencer.
pcm3 on uaudio0
uaudio0: No HID volume keys found.

But according to wiki, class 0xef (= 239) is "miscelaneous",
i.e. not audio, which is 0x01, so I still don't believe
it is a class-compliant device ...

Jan

Re: firefox crashes on an M1 macbook

[Jan Stary]

On Jul 25 15:14:01, benni+openbsd-m...@stuerz.xyz wrote:
> On 4/12/23 11:11 AM, Jan Stary wrote:
> > This is current/arm64 on an Apple M1 MacBook Air (dmesg below).
> > While everything mostly works, Firefox keeps crashing.
> > 
> > Reproducibly, it always crashes on calendar.google.com;
> > _sometimes_ it crashes when playing a video.
> > On simple sites, it works withotu problems.
> > 
> > How can I debug this?  Is it related to
> > the lack of video acceleration on these machines?
> > 
> > Thanks,
> > 
> > Jan
> > 
> 
> I had an M1 Mac Mini a while ago and ironically apple.com would crash.
> Does that happen to you too?

No. With current/arm64 and an upgraded firefox as of now,
both calendar.google.com and apple.com seem to work fine.

Jan

Re: trying to get openbsd nfs client to work

[void]

On Thu, 25 Jul 2024, at 15:09, Stefan Kapfhammer wrote:
> Do you have an /etc/exports file? 
> Here is an example: /etc/examples/exports. 
> -Stefan 

Do you mean on the nfs server?

1. on the freebsd server - it's an empty file because nfs is via the zfs 
property "sharenfs" with the value

maproot=root -alldirs -network 192.168.1.0 -mask 255.255.255.0

2. Or do you mean on the OpenBSD client? /etc/exports is not present.
-- 

trying to get openbsd nfs client to work

[void]

Hi,

I'm trying to get openbsd (7.5) nfs client to see a (freebsd14) server nfs
share. The freebsd and debian clients work well, it's only OpenBSD
where I can't mount the share.

After looking at man fstab and man mount_nfs, in fstab I have this line

192.168.1.102:/home/void/docs /home/void/docs nfs rw,nodev,nosuid,soft,intr 0 0

this results in the following at reboot

NFS Portmap: RPC: Port mapper failure - RPC: Timed out
NFS Portmap: RPC: Port mapper failure - RPC: Timed out

(etc)

similarly if I try manually like this 


# mount_nfs 192.168.1.102:/home/void/docs /home/void/docs
# mount_nfs -T 192.168.1.102:/home/void/docs /home/void/docs
# mount_nfs -T -3 192.168.1.102:/home/void/docs /home/void/docs
# mount_nfs -U 192.168.1.102:/home/void/docs /home/void/docs
# mount_nfs -U -3 192.168.1.102:/home/void/docs /home/void/docs

But portmapper on the server can be seen from openbsd client:

$ rpcinfo -p 192.168.1.102
  program vers proto   port
  104   tcp111  portmapper
  103   tcp111  portmapper
  102   tcp111  portmapper
  104   udp111  portmapper
  103   udp111  portmapper
  102   udp111  portmapper
  104 7111  portmapper
  103 7111  portmapper
  102 7111  portmapper
  151   udp927  mountd
  153   udp927  mountd
  151   tcp927  mountd
  153   tcp927  mountd
  132   udp   2049  nfs
  133   udp   2049  nfs
  132   tcp   2049  nfs
  133   tcp   2049  nfs

$

and the nfs server is allowed from the whole (internal) network of which
the openbsd machine is part. The openbsd machine is on 192.168.1.100.

What am I doing wrong?

--

Re: firefox crashes on an M1 macbook

[Benjamin Stürz]

On 4/12/23 11:11 AM, Jan Stary wrote:

This is current/arm64 on an Apple M1 MacBook Air (dmesg below).
While everything mostly works, Firefox keeps crashing.

Reproducibly, it always crashes on calendar.google.com;
_sometimes_ it crashes when playing a video.
On simple sites, it works withotu problems.

How can I debug this?  Is it related to
the lack of video acceleration on these machines?

Thanks,

Jan



I had an M1 Mac Mini a while ago and ironically apple.com would crash.
Does that happen to you too?

Fwd: POSIX.1-2024 now online

[Katherine Mcmillan]

Dear all,
>
> It seems the Open Group Base Specifications Issue 8 now is available
> online:
>
> https://pubs.opengroup.org/onlinepubs/9799919799

-Katie

From: owner-t...@openbsd.org  on behalf of Jason 
McIntyre 
Sent: Thursday, July 25, 2024 1:47:16 AM
To: t...@openbsd.org 
Subject: Re: POSIX.1-2024 now online

Attention : courriel externe | external email

On Thu, Jul 25, 2024 at 12:56:37AM +, Job Snijders wrote:
> Dear all,
>
> It seems the Open Group Base Specifications Issue 8 now is available
> online:
>
> https://pubs.opengroup.org/onlinepubs/9799919799/
>
> Kind regards,
>
> Job
>

thanks!
jmc

Re: avoid single-user mode boot

[chohag]

04-psyche.tot...@icloud.com writes:
> Thanks Stuart for all these thoughts. That's a lot of great ideas.
>
> Let me try to clarify a few things:
>
> - change `do_fsck` to `do_fsck -y`
> -
>   I assume you mean Line 410. That seems like a great idea.
>   Do I understand correctly that the normal behaviour for this `do_fsck` is 
> to run the check, and mark filesystems dirty, and then enter single-user mode?
>   Whereas if I replace it with `do_fsck -y `, the filesystems will not be 
> marked dirty, and it will not enter singe user mode?

More or less.

If the filesystem is already marked dirty (ie. has been mounted
read-write and was not cleanly unmounted) then fsck will check it
and mark it as clean or, if its problems are too much, abort without
making any changes.

Including the -y option makes fsck fix some problems that are common
and often harmless without giving up. Most of the time when plain
fsck fails you will simply run fsck -y yourself anyway.

But it's useful to know if a regular fsck was not enough to repair
the filesystem because it should then be examined manually as files
might have been lost or damaged.

> - starting network and sshd in single user mode
> 
>   In /etc/profile, I guess I can add something like:
>
>if [IS_SINGLE_USER_MODE]; then
>   sh /etc/netstart
> rcctl start sshd
>fi
>
> does that seem reasonable?
>
> (I have to figure out how to check if I am in user mode)

I would create a script to do it by hand. Someone has to press a
key to enter single user mode after all, they might as well also
run an activation script. This means you won't have to put any kind
of dangerous magic in the shell profile.

I have a feeling sshd may require more system state to have been
set up though, and pf in particular will not have been configured.

You will have to read /etc/rc and figure out which parts you need
then test it thoroughly. Consider what happens when /etc/netstart
runs while the router is still booting, for example, or when the
enter-presser has tripped over the ethernet cable.

Matthew

Re: Startup script for Netbox: can't start with a user and can't stop

[Stuart Henderson]

here you tell it to run it as www:

> daemon_flags="--name netbox --pid /var/run/netbox.pid --user=www --group=www 
> --config=${_BASEDIR}/gunicorn.py"
> daemon_flags="${daemon_flags} --log-level=info --log-file=- netbox.wsgi"

but you start as _netbox:

> daemon_user="_netbox"

that won't work, it needs root to change uid (to www).

> pexp="${_BASEDIR}/env/bin/python3.10 ${daemon}${daemon_flags:+ 
> ${daemon_flags}}"

> echo "pkill -f ${daemon}"

?

> rc_pre() {
>     cat  APPDIR=${_BASEDIR}/netbox
>
> packages:${APPDIR}${PYTHONPATH:+:${PYTHONPATH}}
> cd ${_BASEDIR}/netbox
> . ${_BASEDIR}/env/bin/activate
> export 
> PYTHONPATH=${_BASEDIR}/env/lib/python3.10/site-packages:${APPDIR}${PYTHONPATH:+:${PYTHONPATH}}
> exec gunicorn ${daemon_flags}
> EOF
>     chmod u+x /var/run/netbox_start
>     chmod o+x /var/run/netbox_start
> }

this doesn't make a lot of sense, why not either start it from the
rc script itself, or save a separate script to disk, rather than
writing to /var/run?

also if you run commands from the venv bin directory, they set
things up for you so you don't need to source "activate".

> rc_stop() {
>     pkill -f "${_BASEDIR}/env/bin/gunicorn"
> }

if pexp was set correctly then you wouldn't need to override rc_stop.

> doing rc_check
> [2024-07-25 00:52:55 +0200] [61573] [INFO] Starting gunicorn 22.0.0
> ...
> PermissionError: [Errno 13] Permission denied: '/var/run/tmp5jrbni2l'
> doing _rc_rm_runfile
> (failed)
>
> I don't know why it's trying to create /var/run/tmp5jrbni2l

must be something in gunicorn or netbox.

> If I remove daemon_user="_netbox", everything works

in that case, it starts as root, so it can write there (at least until
it drops privs).

> ii) When I try to stop the process, it doesn't work
> # ps ax | grep /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
> 61611 p1  S    0:00.75 
> /var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
> /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox 
> --pid /var/run/netbox.pid --user=www --group=www 
> --config=/var/www/htdocs/appli
...
> # /etc/rc.d/netbox -d stop
> doing _rc_parse_conf
> netbox_flags empty, using default >--name netbox --pid /var/run/netbox.pid 
> --user=www --group=www 
> --config=/var/www/htdocs/applications/netbox-4.0.7/gunicorn.py 
> --log-level=info --log-file=- netbox.wsgi<
> pkill -f /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
> doing _rc_parse_conf /var/run/rc.d/netbox
> doing rc_check

I didn't check carefully but I guess pexp doesn't match this process,
so rc_check doesn't find it running.

You could try

pexp="/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox.*"



-- 
Please keep replies on the mailing list.

Re: iked authentication logging ?

[Michael Dinon]

Yes
Kind regards,
Mike


On Thu, Jul 25, 2024 at 3:13 AM Crystal Kolipe 
wrote:

> On Wed, Jul 24, 2024 at 06:20:26PM -0400, J Doe wrote:
> > My hypothesis is that iked does not name an identity because this is
> > certificate based authentication vs. MSCHAPv2 for EAP authentication
> > which would provide an identity (ie: a username).
> >
> > Is that correct ?
>
> No.
>
> The identity that would be printed is the srcid of the peer.  By default
> this
> would be it's hostname, and should be present in the SAN field of any
> certificate used for iked.
>
> You can see that error message displayed both with and without a named ID
> when
> using certificate authentication, depending on the cause of the error.
>
> It will also display without an ID even if one if known, if the printing
> code
> in iked fails some internal consistency checks, (which is unlikely but
> possible).
>
>

Re: iked authentication logging ?

[Crystal Kolipe]

On Wed, Jul 24, 2024 at 06:20:26PM -0400, J Doe wrote:
> My hypothesis is that iked does not name an identity because this is
> certificate based authentication vs. MSCHAPv2 for EAP authentication
> which would provide an identity (ie: a username).
> 
> Is that correct ?

No.

The identity that would be printed is the srcid of the peer.  By default this
would be it's hostname, and should be present in the SAN field of any
certificate used for iked.

You can see that error message displayed both with and without a named ID when
using certificate authentication, depending on the cause of the error.

It will also display without an ID even if one if known, if the printing code
in iked fails some internal consistency checks, (which is unlikely but
possible).

iked authentication logging ?

[J Doe]

Hi list,

I sent the following on 2024-07-05 and didn't receive any responses, so
I thought I would post it again - please see below and thanks in advance!

--

Hi list,

It occurs to me that I did not include the configuration I have for iked
(iked.conf), which would probably be helpful ... I also didn't mention
the version of OpenBSD I was running as my server, which is 7.5.

I run a "road-warrior" configuration similar to what is displayed in the
OpenBSD FAQ[0].  Here is my configuration:


ikev2 "VPN" passive ipcomp tunnel esp \
from any to dynamic \
local egress peer any \
srcid server.home.arpa \
dstid client.home.arpa \
rsa \
config address 10.0.5.0/24 \
tag "ROADW"


As mentioned in my previous e-mail, sometimes connections will be made
to my VPN server that display the following:

Jul  5 10:55:47 server iked[15172]: spi=0x7680ddead2051f3c:
ikev2_send_auth_failed: authentication failed for

I am wondering if this is an indication of someone attempting to
authenticate using public key/certificate authentication and being
_rejected_ by iked ?

My hypothesis is that iked does not name an identity because this is
certificate based authentication vs. MSCHAPv2 for EAP authentication
which would provide an identity (ie: a username).

Is that correct ?

Thanks,

- J

Startup script for Netbox: can't start with a user and can't stop

[Mik J]

Hello,

I'm trying to write a startup script for an application called netbox (it's an 
opensource IPAM).

I created a user and a group
# grep netbox /etc/group
_netbox:*:9994:
# grep netbox /etc/passwd
_netbox:*:9994:9994::/home/netbox:/sbin/nologin

And I have this script
#!/bin/ksh

_BASEDIR=/var/www/htdocs/applications/netbox-4.0.7

daemon="${_BASEDIR}/env/bin/gunicorn"
daemon_flags="--name netbox --pid /var/run/netbox.pid --user=www --group=www 
--config=${_BASEDIR}/gunicorn.py"
daemon_flags="${daemon_flags} --log-level=info --log-file=- netbox.wsgi"
daemon_user="_netbox"

. /etc/rc.d/rc.subr

pexp="${_BASEDIR}/env/bin/python3.10 ${daemon}${daemon_flags:+ ${daemon_flags}}"
rc_reload=YES
rc_bg=YES

echo "pkill -f ${daemon}"

APPDIR=${_BASEDIR}/netbox

rc_pre() {
    cat --name netbox --pid /var/run/netbox.pid 
--user=www --group=www 
--config=/var/www/htdocs/applications/netbox-4.0.7/gunicorn.py --log-level=info 
--log-file=- netbox.wsgi<
pkill -f /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
doing rc_check
netbox
doing rc_pre
doing rc_start
doing _rc_wait_for_start
doing rc_check
doing rc_check
[2024-07-25 00:52:55 +0200] [61573] [INFO] Starting gunicorn 22.0.0
...
PermissionError: [Errno 13] Permission denied: '/var/run/tmp5jrbni2l'
doing _rc_rm_runfile
(failed)

I don't know why it's trying to create /var/run/tmp5jrbni2l

If I remove daemon_user="_netbox", everything works

Q1: What can I do to avoid this permission problem ? Because I'm not supposed 
to give write access to /var/run


ii) When I try to stop the process, it doesn't work
# ps ax | grep /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
61611 p1  S    0:00.75 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
79274 p1  S    0:04.63 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
50615 p1  S    0:04.12 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
 9700 p1  S    0:04.08 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
88687 p1  S    0:04.14 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
72441 p1  S    0:04.05 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli

# /etc/rc.d/netbox -d stop
doing _rc_parse_conf
netbox_flags empty, using default >--name netbox --pid /var/run/netbox.pid 
--user=www --group=www 
--config=/var/www/htdocs/applications/netbox-4.0.7/gunicorn.py --log-level=info 
--log-file=- netbox.wsgi<
pkill -f /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
doing _rc_parse_conf /var/run/rc.d/netbox
doing rc_check

# ps ax | grep /var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn
61611 p1  S    0:00.78 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
79274 p1  S    0:04.66 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
50615 p1  S    0:04.15 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/python 
/var/www/htdocs/applications/netbox-4.0.7/env/bin/gunicorn --name netbox --pid 
/var/run/netbox.pid --user=www --group=www --config=/var/www/htdocs/appli
 9700 p1  S    0:04.11 

Re: avoid single-user mode boot

[04-psyche . totter]

Thanks Stuart for all these thoughts. That's a lot of great ideas.

Let me try to clarify a few things:

- change `do_fsck` to `do_fsck -y`
-
  I assume you mean Line 410. That seems like a great idea.
  Do I understand correctly that the normal behaviour for this `do_fsck` is to 
run the check, and mark filesystems dirty, and then enter single-user mode?
  Whereas if I replace it with `do_fsck -y `, the filesystems will not be 
marked dirty, and it will not enter singe user mode?


- starting network and sshd in single user mode

In /etc/profile, I guess I can add something like:

   if [IS_SINGLE_USER_MODE]; then
sh /etc/netstart
rcctl start sshd
   fi

does that seem reasonable?

(I have to figure out how to check if I am in user mode)


- noatime, memory buffers, mfs
--
All great ideas, I will implement that.


@crystal, thank you, unfortunately, even an SBC on the router is not a viable 
option for this specific use case.

Re: avoid single-user mode boot

[Anon Loli]

On Wed, Jul 24, 2024 at 07:11:40AM -0300, Crystal Kolipe wrote:
> On Wed, Jul 24, 2024 at 09:04:17AM +0100, 04-psyche.tot...@icloud.com wrote:
> > Alternatively, is there a way to have ssh access in single user mode?
> 
> The normal way to handle this and other boot-related problems is with a serial
> connection from another machine that is still accessible via the network.
> 
> Depending on your budget, what this system is being used for, and the
> connectivity that is available at the remote location, there are various ways
> of making that happen.
> 

Yeah I got the same reply when asking a bunch of people how someone could
update a machine that's FDE, or even sysupgrade... the answer is 2 machines via
a serial connection heh..
I didn't try this yet, but sounds like hella fun!

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

On Jul 24 09:28:16, n...@holland-consulting.net wrote:
> On 7/24/24 08:24, Jan Stary wrote:
> > On Jul 24 07:46:09, kolip...@exoticsilicon.com wrote:
> > > On Wed, Jul 24, 2024 at 12:19:34PM +0200, Jan Stary wrote:
> > > > The problem persists with every USB stick,
> > > > with each of miniroot75.img, install75.img
> > > > and a full usb stick install, on every USB port.
> > > 
> > > Out of curiosity, does the machine successfully boot OpenBSD/i386 from a 
> > > USB
> > > stick?
> > 
> > No. Booting install75,img gets to boot>, but stops at the
> > 
> > booting hd0a:/7.5/i386/bsd.rd: |
> > 
> > The rotating slash stops rotating and the machine freezes
> > This is what _sometimes_ also happens with amd64,
> > but more often, the amd64 reboots at that point.
> > 
> 
> Interesting twist -- boots from installed SSD but not from install image
> on USB.  So ... while you are thinking there's a boot issue with USB, I'm
> more inclined to believe it is the install kernel vs. the full kernel.

The USB boot failure happens with both the install kernel
(as in install75.img or miniroot75.img) and the full kernel
of a full installation on an USB stick.

> So ... two tests...one easy, one slow:
> 1) Can the installed system boot the install kernel from SSD?
> boot> boot bsd.rd

Yes; dmesg below in case the difference is of any interest.

> 2) IF on another computer you build an installed system on a USB stick,
> so rather than booting the installer, it boots an installed OpenBSD, will
> that work on this machine?

No; that is my original problem: I have a USB stick with a full amd64
install that I regularly boot and use on various machines, but it
does not boot on this machine.

> I'm betting a very tiny amount of money #2 works, but #1 fails.

Exactly the opposite, so I win a very tiny amount.

So my current speculation is that OpenBSD has
a problem booting _from_USB_ on this laptop.

Jan


OpenBSD 7.5-current (RAMDISK_CD) #204: Mon Jul 22 21:45:30 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 7962357760 (7593MB)
avail mem = 7716790272 (7359MB)
random: good seed from bootblocks
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9de3f000 (32 entries)
bios0: vendor Hewlett-Packard version "L71 Ver. 01.49" date 02/24/2020
bios0: Hewlett-Packard HP EliteBook 820 G1
acpi0 at bios0: ACPI 5.0
acpi0: tables DSDT FACP HPET APIC MCFG TCPA SSDT SSDT SLIC FPDT BGRT SSDT SSDT 
SSDT SSDT ASF!
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 1995.40 MHz, 06-45-01, patch 
0026
cpu0: cpuid 1 
edx=bfebfbff
 
ecx=77fafbff
cpu0: cpuid 6 eax=77 ecx=9
cpu0: cpuid 7.0 ebx=27ab 
edx=9c000600
cpu0: cpuid a vers=3, gp=4, gpwidth=48, ff=3, ffwidth=48
cpu0: cpuid d.1 eax=1
cpu0: cpuid 8001 edx=2c100800 ecx=21
cpu0: cpuid 8007 edx=100
cpu0: MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 40 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEGP)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus 2 (RP04)
acpiprt4 at acpi0: bus 3 (RP06)
acpiprt5 at acpi0: bus -1 (RP07)
acpiprt6 at acpi0: bus -1 (RP08)
acpiec0 at acpi0
"HPQ6001" at acpi0 not configured
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"SYN3008" at acpi0 not configured
"HPQ6007" at acpi0 not configured
"PNP0C0A" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"PNP0C0E" at acpi0 not configured
"PNP0C0D" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"IFX0102" at acpi0 not configured
acpicpu at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpipwrres at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
cpu0: using VERW MDS workaround
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x0b
vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel Core 4G HD Audio" rev 0x0b at pci0 dev 3 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x04: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
"Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
"Intel 8 Series KT" rev 0x04 at pci0 dev 22 function 3 not 

Re: trying to boot on HP EliteBook 820 G1

[Nick Holland]

On 7/24/24 08:24, Jan Stary wrote:

On Jul 24 07:46:09, kolip...@exoticsilicon.com wrote:

On Wed, Jul 24, 2024 at 12:19:34PM +0200, Jan Stary wrote:
> The problem persists with every USB stick,
> with each of miniroot75.img, install75.img
> and a full usb stick install, on every USB port.

Out of curiosity, does the machine successfully boot OpenBSD/i386 from a USB
stick?


No. Booting install75,img gets to boot>, but stops at the

booting hd0a:/7.5/i386/bsd.rd: |

The rotating slash stops rotating and the machine freezes
This is what _sometimes_ also happens with amd64,
but more often, the amd64 reboots at that point.



Interesting twist -- boots from installed SSD but not from install image
on USB.  So ... while you are thinking there's a boot issue with USB, I'm
more inclined to believe it is the install kernel vs. the full kernel.

So ... two tests...one easy, one slow:
1) Can the installed system boot the install kernel from SSD?
boot> boot bsd.rd

2) IF on another computer you build an installed system on a USB stick,
so rather than booting the installer, it boots an installed OpenBSD, will
that work on this machine?

I'm betting a very tiny amount of money #2 works, but #1 fails.

I have a machine where bsd.rd fails because there's no monitor attached
to the HDMI port.  Attach a monitor or HDMI "fake monitor" plug, and the
thing boots bsd.rd fine.  But...it's a thin client machine, no monitor
at all..I'm having trouble believing your laptop is having this same
issue.  (this particular machine is noted for this problem on Linux, too,
except Linux won't boot headless at all; the full OpenBSD kernel boots
just fine headless, but you can't do a headless upgrade.)

Nick.

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

On Jul 24 07:46:09, kolip...@exoticsilicon.com wrote:
> On Wed, Jul 24, 2024 at 12:19:34PM +0200, Jan Stary wrote:
> > The problem persists with every USB stick,
> > with each of miniroot75.img, install75.img
> > and a full usb stick install, on every USB port.
> 
> Out of curiosity, does the machine successfully boot OpenBSD/i386 from a USB
> stick?

No. Booting install75,img gets to boot>, but stops at the

booting hd0a:/7.5/i386/bsd.rd: |

The rotating slash stops rotating and the machine freezes
This is what _sometimes_ also happens with amd64,
but more often, the amd64 reboots at that point.

Re: avoid single-user mode boot

[04-psyche . totter]

Thanks Crystal, unfortunately for this specific case, adding another machine to 
the same network is not an option.

> On 24 Jul 2024, at 11:11, Crystal Kolipe  wrote:
> 
> On Wed, Jul 24, 2024 at 09:04:17AM +0100, 04-psyche.tot...@icloud.com wrote:
>> Alternatively, is there a way to have ssh access in single user mode?
> 
> The normal way to handle this and other boot-related problems is with a serial
> connection from another machine that is still accessible via the network.
> 
> Depending on your budget, what this system is being used for, and the
> connectivity that is available at the remote location, there are various ways
> of making that happen.

Re: avoid single-user mode boot

[Crystal Kolipe]

On Wed, Jul 24, 2024 at 10:53:28AM -, Stuart Henderson wrote:
> On 2024-07-24, Crystal Kolipe  wrote:
> > The normal way to handle this and other boot-related problems is with a 
> > serial
> > connection from another machine that is still accessible via the network.
> >
> > Depending on your budget, what this system is being used for, and the
> > connectivity that is available at the remote location, there are various 
> > ways
> > of making that happen.
> 
> Exactly. (Note that some consumer/small business-ish routers can handle
> running as a serial console server over a USB/RS232 interface - e.g.
> picocom and USB serial port drivers can often be installed on openwrt -
> routeros has /system serial-terminal or /system special-login).

Failing that, an arm SBC running OpenBSD and connected to a spare port on the
router is also an option.

Re: avoid single-user mode boot

[Stuart Henderson]

On 2024-07-24, 04-psyche.tot...@icloud.com <04-psyche.tot...@icloud.com> wrote:
> Hi all,
>
> I have a machine that will be placed in a remote location, and have no
> physical access to. The connection will be made through ssh only.
>
> I'd like to make it as resilient to failure as possible.
>
> A big concern to me is for a disk failure to happen (say a power
> outage), and the machine to be rebooted in single user mode. At that
> point, the machine has no network access, and so I lose contact to it.

If there's an actual disk failure, you're going to have to visit.
I guess you mean "dirty filesystem that requires changes before it
can be marked clean".

> Is there any way to disable going to single user mode when fsck is not
> happy?

No.

You can reduce the chance of fsck failing by:

- reduce writes to mounted filesystems: noatime, use memory buffers
or network for syslog, use mfs for things like /tmp /var/run
- mounting filesystems read-only where possible

Sometimes people modify /etc/rc to use "do_fsck -y" instead of just
"do_fsck" on systems like this. (imho: if the only thing you'd do when
running fsck manually is hit 'F' or keep hitting 'y' then this change
is no worse, though some people don't like it).

> Is it reasonable to change the /etc/fstab to modify the fsck flag from
> 1 and 2 to 0, to bypass the fsck checks ?

If a filesystem is marked "dirty" you can't mount it read-write.

> Alternatively, is there a way to have ssh access in single user mode?

Sure, start network and run sshd. You may be able to do this from
/etc/profile. You just need someone/something to press enter to the
question about running the shell...


On 2024-07-24, Crystal Kolipe  wrote:
> The normal way to handle this and other boot-related problems is with a serial
> connection from another machine that is still accessible via the network.
>
> Depending on your budget, what this system is being used for, and the
> connectivity that is available at the remote location, there are various ways
> of making that happen.

Exactly. (Note that some consumer/small business-ish routers can handle
running as a serial console server over a USB/RS232 interface - e.g.
picocom and USB serial port drivers can often be installed on openwrt -
routeros has /system serial-terminal or /system special-login).

Re: trying to boot on HP EliteBook 820 G1

[Crystal Kolipe]

On Wed, Jul 24, 2024 at 12:19:34PM +0200, Jan Stary wrote:
> The problem persists with every USB stick,
> with each of miniroot75.img, install75.img
> and a full usb stick install, on every USB port.

Out of curiosity, does the machine successfully boot OpenBSD/i386 from a USB
stick?

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

On Jul 22 15:22:21, h...@stare.cz wrote:
> I am trying to boot current/amd64 on this HP laptop from  USB stick.
> 
> Disabling the "secure boot" in BIOS, so that something else
> than the preinstalled windows is even allowed to boot,
> and choosing USB Flash Disk as the boot source,
> I see the usual
> 
>   Using drive 0, partition 3
> 
> etc, up to
> 
>   boot>
> 
> There, the rotating slash either stops and nothing else happens,
> or the machine reboots after the first number in
> 
>   booting hd0a:/bsd 12345678 + [reboot]
> 
> This happens with both bsd and bsd.rd.
> 
> The USB stick holds a full current/amd64 installation
> which I regularly boot on various amd64 machines,
> so I don;t suppose that is the problem.
> 
> Any clues please?

Ha, progress: after replacing the SSD with another one,
from another amd64 laptop, it runs just fine (it has
recompiled itself for example). So it is perhaps the
_booting_from_usb_ which is the problem; booting from
a preinstalled SSD works fine.

Is there something I can do to help debug this?

The problem persists with every USB stick,
with each of miniroot75.img, install75.img
and a full usb stick install, on every USB port.

Jan


OpenBSD 7.5-current (GENERIC.MP) #207: Mon Jul 22 21:40:56 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3667390464 (3497MB)
avail mem = 3533099008 (3369MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9de3f000 (31 entries)
bios0: vendor Hewlett-Packard version "L71 Ver. 01.10" date 03/25/2014
bios0: Hewlett-Packard HP EliteBook 820 G1
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG TCPA SSDT SSDT SLIC FPDT BGRT SSDT SSDT 
SSDT SSDT ASF!
acpi0: wakeup devices LANC(S5) EHC1(S0) XHC_(S0) PCIB(S5) NIC_(S5) RP04(S5) 
WNIC(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.86 MHz, 06-45-01, patch 
0026
cpu0: cpuid 1 
edx=bfebfbff
 
ecx=77fafbff
cpu0: cpuid 6 eax=77 ecx=9
cpu0: cpuid 7.0 ebx=27ab 
edx=9c000600
cpu0: cpuid a vers=3, gp=4, gpwidth=48, ff=3, ffwidth=48
cpu0: cpuid d.1 eax=1
cpu0: cpuid 8001 edx=2c100800 ecx=21
cpu0: cpuid 8007 edx=100
cpu0: MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.87 MHz, 06-45-01, patch 
0026
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.87 MHz, 06-45-01, patch 
0026
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.89 MHz, 06-45-01, patch 
0026
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEGP)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus 2 (RP04)
acpiprt4 at acpi0: bus 3 (RP06)
acpiprt5 at acpi0: bus -1 (RP07)
acpiprt6 at acpi0: bus -1 (RP08)
acpiec0 at acpi0
"HPQ6001" at acpi0 not configured
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"SYN3008" at acpi0 not configured
"HPQ6007" at acpi0 not configured
tpm0 at acpi0 GTPM 1.2 (TIS) addr 0xfed4/0x5000, Infineon SLB9635 1.2 rev 
0x10
acpibat0 at acpi0: BAT0 not present
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: LID_
"PNP0C14" at acpi0 not configured
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: APPR, resource for HDEF
acpipwrres1 at acpi0: COMP, resource for COM1
acpipwrres2 at acpi0: LPP_, resource for LPT0
acpipwrres3 at acpi0: PXP6, resource for RP06
acpitz0 at acpi0: critical temperature is 128 degC
acpitz1 at acpi0: critical temperature is 128 degC
acpitz2 at acpi0: critical temperature is 128 degC
acpitz3 at acpi0: critical temperature is 128 degC
acpitz4 at acpi0: critical temperature is 128 degC
acpitz5 at acpi0: critical temperature is 128 degC
acpivideo0 at acpi0: GFX0
acpivout0 at 

Re: avoid single-user mode boot

[Crystal Kolipe]

On Wed, Jul 24, 2024 at 09:04:17AM +0100, 04-psyche.tot...@icloud.com wrote:
> Alternatively, is there a way to have ssh access in single user mode?

The normal way to handle this and other boot-related problems is with a serial
connection from another machine that is still accessible via the network.

Depending on your budget, what this system is being used for, and the
connectivity that is available at the remote location, there are various ways
of making that happen.

avoid single-user mode boot

[04-psyche . totter]

Hi all,

I have a machine that will be placed in a remote location, and have no physical 
access to. The connection will be made through ssh only.

I'd like to make it as resilient to failure as possible.

A big concern to me is for a disk failure to happen (say a power outage), and 
the machine to be rebooted in single user mode. At that point, the machine has 
no network access, and so I lose contact to it.

Is there any way to disable going to single user mode when fsck is not happy?

Is it reasonable to change the /etc/fstab to modify the fsck flag from 1 and 2 
to 0, to bypass the fsck checks ?

Alternatively, is there a way to have ssh access in single user mode?

Thanks!
Jake

Re: trying to boot on HP EliteBook 820 G1

[Eike Lantzsch ZP5CGE / KY4PZ]

On Tuesday, 23 July 2024 16:27:03 -04 Nick Holland wrote:
> On 7/22/24 09:22, Jan Stary wrote:
> > I am trying to boot current/amd64 on this HP laptop from  USB stick.
> >
> > Disabling the "secure boot" in BIOS, so that something else
> > than the preinstalled windows is even allowed to boot,
> > and choosing USB Flash Disk as the boot source,
> > I see the usual
> >
> > Using drive 0, partition 3
> >
> > etc, up to
> >
> > boot>
> >
> > There, the rotating slash either stops and nothing else happens,
> > or the machine reboots after the first number in
> >
> > booting hd0a:/bsd 12345678 + [reboot]
> >
> > This happens with both bsd and bsd.rd.
> >
> > The USB stick holds a full current/amd64 installation
> > which I regularly boot on various amd64 machines,
> > so I don;t suppose that is the problem.
> >
> > Any clues please?
> >
> > Jan
>
> Have you tried UEFI and "Legacy" modes?
> I've seen some machines that like one over the other.
> But yes, HPs are weird.  Some work great, others are horribly
> non-standard, "Works with windows, ship it!".
>
> Nick.

Hi Jan and Nick,

I'm sorry to say the following because it is not helpful to you Jan.
[rant]
HP notebooks were very weird when they still were COMPAQS.
Now any HP is weird. HP h/w comes with shackles for the customer.
They even don't take their own products if those are not officially HP-
listed as viable additions / upgrades for the exact model. No, there are
no error pop-ups that say e.g. - "we are sorry but this nnn device does
not work for this model" No, it is always just weird behaviour,
unpredictable and unexplainable behaviour.
That is only hardware. HP even managed to brick some of their notebook
models with s/w updates of MS-Windows.
When it comes to other OS than MS it is even worse.
The problem has always been the BIOS / FW since COMPAQ days.
I suspect that is on purpose - for over 30 years.
[\rant]

All the best and I hope that you eventually find a solution.

--
Eike Lantzsch KY4PZ / ZP5CGE

Re: trying to boot on HP EliteBook 820 G1

[Nick Holland]

On 7/22/24 09:22, Jan Stary wrote:

I am trying to boot current/amd64 on this HP laptop from  USB stick.

Disabling the "secure boot" in BIOS, so that something else
than the preinstalled windows is even allowed to boot,
and choosing USB Flash Disk as the boot source,
I see the usual

Using drive 0, partition 3

etc, up to

boot>

There, the rotating slash either stops and nothing else happens,
or the machine reboots after the first number in

booting hd0a:/bsd 12345678 + [reboot]

This happens with both bsd and bsd.rd.

The USB stick holds a full current/amd64 installation
which I regularly boot on various amd64 machines,
so I don;t suppose that is the problem.

Any clues please?

Jan




Have you tried UEFI and "Legacy" modes?
I've seen some machines that like one over the other.
But yes, HPs are weird.  Some work great, others are horribly
non-standard, "Works with windows, ship it!".

Nick.

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

> > > - "machine mem" output might be useful to someone looking at this

> Region 0: type 1 at 0x0 for 631KB
> Region 1: type 2 at 0x9dc00 for 9KB
> Region 2: type 2 at 0xe for 128KB
> Region 3: type 1 at 0x10 for 3058172KB
> Region 4: type 2 at 0xbab7f000 for 19456KB
> Region 5: type 4 at 0xbbe7f000 for 1024KB
> Region 6: type 3 at 0xbbf7f000 for 512KB
> Region 7: type 1 at 0xbbfff000 for 4KB
> Region 8: type 2 at 0xbc00 for 16384KB
> Region 9: type 2 at 0xbd00 for 34816KB
> Region 10: type 2 at 0xe000 for 262144KB
> Region 11: type 2 at 0xfec0 for 4KB
> Region 12: type 2 at 0xfed1 for 16KB
> Region 13: type 2 at 0xfed18000 for 4KB
> Region 14: type 2 at 0xfed19000 for 4KB
> Region 15: type 2 at 0xfed1c000 for 16KB
> Region 16: type 2 at 0xfee0 for 4KB
> Region 17: type 2 at 0xff80 for 8192KB
> Region 18: type 1 at 0x1 for 1030144KB
> Low ram: 631KB  High ram: 3058172KB
> Total free memory: 4088951KB

I guess is tells the same s above, but for completenes,
here is the memory mapping as reported by Debian.

[0.00] Linux version 6.9.9-amd64 (debian-ker...@lists.debian.org) 
(x86_64-linux-gnu-gcc-13 (Debian 13.3.0-3) 13.3.0, GNU ld (GNU Binutils for 
Debian) 2.42.50.20240710) #1 SMP PREEMPT_DYNAMIC Debian 6.9.9-1 (2024-07-13)
[0.00] Command line: BOOT_IMAGE=/boot/vmlinuz-6.9.9-amd64 
root=UUID=c6f79696-79f9-4557-8ae2-1f927694a8f7 ro quiet
[0.00] BIOS-provided physical RAM map:
[0.00] BIOS-e820: [mem 0x-0x0009dbff] usable
[0.00] BIOS-e820: [mem 0x0009dc00-0x0009] reserved
[0.00] BIOS-e820: [mem 0x000e-0x000f] reserved
[0.00] BIOS-e820: [mem 0x0010-0xbab7efff] usable
[0.00] BIOS-e820: [mem 0xbab7f000-0xbbe7efff] reserved
[0.00] BIOS-e820: [mem 0xbbe7f000-0xbbf7efff] ACPI NVS
[0.00] BIOS-e820: [mem 0xbbf7f000-0xbbffefff] ACPI data
[0.00] BIOS-e820: [mem 0xbbfff000-0xbbff] usable
[0.00] BIOS-e820: [mem 0xbc00-0xbf1f] reserved
[0.00] BIOS-e820: [mem 0xe000-0xefff] reserved
[0.00] BIOS-e820: [mem 0xfec0-0xfec00fff] reserved
[0.00] BIOS-e820: [mem 0xfed1-0xfed13fff] reserved
[0.00] BIOS-e820: [mem 0xfed18000-0xfed19fff] reserved
[0.00] BIOS-e820: [mem 0xfed1c000-0xfed1] reserved
[0.00] BIOS-e820: [mem 0xfee0-0xfee00fff] reserved
[0.00] BIOS-e820: [mem 0xff80-0x] reserved
[0.00] BIOS-e820: [mem 0x0001-0x00023edf] usable
[0.00] NX (Execute Disable) protection: active
[0.00] APIC: Static calls initialized
[0.00] SMBIOS 2.7 present.
[0.00] DMI: Hewlett-Packard HP EliteBook 820 G1/1991, BIOS L71 Ver. 
01.10 03/25/2014
[0.00] tsc: Fast TSC calibration using PIT
[0.00] tsc: Detected 2494.316 MHz processor
[0.001229] e820: update [mem 0x-0x0fff] usable ==> reserved
[0.001234] e820: remove [mem 0x000a-0x000f] usable
[0.001246] last_pfn = 0x23ee00 max_arch_pfn = 0x4
[0.001254] MTRR map: 8 entries (3 fixed + 5 variable; max 23), built from 
10 variable MTRRs
[0.001257] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
[0.001636] last_pfn = 0xbc000 max_arch_pfn = 0x4
[0.013671] Using GB pages for direct mapping
[0.014036] RAMDISK: [mem 0x3070f000-0x3437efff]
[0.014042] ACPI: Early table checksum verification disabled
[0.014046] ACPI: RSDP 0x000F2FE0 24 (v02 HPQOEM)
[0.014053] ACPI: XSDT 0xBBFFE120 A4 (v01 HPQOEM SLIC-MPC 
0001  0113)
[0.014061] ACPI: FACP 0xBBFFC000 00010C (v05 HPQOEM 1991 
0001 HP   0001)
[0.014069] ACPI: DSDT 0xBBFD1000 025314 (v02 HPQOEM 1991 
0001 INTL 20110112)
[0.014074] ACPI: FACS 0xBBDE4000 40
[0.014078] ACPI: FACS 0xBBDE4000 40
[0.014082] ACPI: HPET 0xBBFFB000 38 (v01 HPQOEM 1991 
0001 HP   0001)
[0.014087] ACPI: APIC 0xBBFFA000 BC (v01 HPQOEM 1991 
0001 HP   0001)
[0.014092] ACPI: MCFG 0xBBFF9000 3C (v01 HPQOEM 1991 
0001 HP   0001)
[0.014097] ACPI: TCPA 0xBBFF7000 32 (v02 HPQOEM 1991 
 HP   0001)
[0.014101] ACPI: SSDT 0xBBFCE000 000313 (v01 HPQOEM SataAhci 
1000 INTL 20110112)
[0.014106] ACPI: SSDT 0xBBFCD000 00048A (v01 HPQOEM PtidDevc 
1000 INTL 20110112)
[0.014111] ACPI: SLIC 0xBBFCC000 000176 (v01 HPQOEM SLIC-MPC 
0001 HP   0001)
[0.014116] ACPI: FPDT 0xBBFCA000 44 (v01 HPQOEM 1991 
0001 HP   0001)
[0.014121] 

Re: pf.conf syntax highlighting in your favourite editor

[Dan]

I started my RADXIDE peeking code (MIT) from

https://github.com/aplsimple/alited/

My RADXIDE has been lauched in few days and it has not syntax highlighing.
Alited is written completely in a simple Tcl/tk and it has syntax highlighting 
functionalities.

Alex is also, often, available and friendly to talk with.

Please refer to him if you want go for Tcl/tk.

Best wishes,

-Dan

Jul 23, 2024 16:50:08 Tom Smyth :

> I was just wondering if any had done highlighting for vim, emacs
> etc...  ?  or at least something I can get started with ...

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

On Jul 22 15:22:21, h...@stare.cz wrote:
> I am trying to boot current/amd64 on this HP laptop from  USB stick.
> 
> Disabling the "secure boot" in BIOS, so that something else
> than the preinstalled windows is even allowed to boot,
> and choosing USB Flash Disk as the boot source,
> I see the usual
> 
>   Using drive 0, partition 3
> 
> etc, up to
> 
>   boot>
> 
> There, the rotating slash either stops and nothing else happens,
> or the machine reboots after the first number in
> 
>   booting hd0a:/bsd 12345678 + [reboot]
> 
> This happens with both bsd and bsd.rd.
> 
> The USB stick holds a full current/amd64 installation
> which I regularly boot on various amd64 machines,
> so I don;t suppose that is the problem.

FWIW, here is a dmesg of FreeBSD on the machine.


---<>---
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64
FreeBSD clang version 18.1.5 (https://github.com/llvm/llvm-project.git 
llvmorg-18.1.5-0-g617a15a9eac9)
VT(vga): resolution 640x480
CPU: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz (2494.38-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x40651  Family=0x6  Model=0x45  Stepping=1
  
Features=0xbfebfbff
  
Features2=0x7ffafbff
  AMD Features=0x2c100800
  AMD Features2=0x21
  Structured Extended 
Features=0x2fbb
  XSAVE Features=0x1
  VT-x: (disabled in BIOS) PAT,HLT,MTF,PAUSE,EPT,UG,VPID
  TSC: P-state invariant, performance statistics
real memory  = 8589934592 (8192 MB)
avail memory = 8171106304 (7792 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
arc4random: WARNING: initial seeding bypassed the cryptographic random device 
because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
ioapic0  irqs 0-39
Launching APs: 1 2 3
random: entropy device external interface
kbd1 at kbdmux0
vtvga0: 
smbios0:  at iomem 0xf2fc0-0xf2fde
smbios0: Version: 2.7, BCD Revision: 2.7
aesni0: 
acpi0: 
acpi0: Power Button (fixed)
cpu0:  on acpi0
hpet0:  iomem 0xfed0-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
Event timer "HPET3" frequency 14318180 Hz quality 440
Event timer "HPET4" frequency 14318180 Hz quality 440
atrtc0:  port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.00s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0:  port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
acpi_ec0:  port 0x62,0x66 on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
vgapci0:  port 0x3000-0x303f mem 
0xd000-0xd03f,0xc000-0xcfff irq 16 at device 2.0 on pci0
vgapci0: Boot video device
hdac0:  mem 0xd073-0xd0733fff irq 16 at 
device 3.0 on pci0
xhci0:  mem 0xd072-0xd072 irq 
16 at device 20.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
xhci0: Port routing mask set to 0x
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pci0:  at device 22.0 (no driver attached)
uart2:  port 0x30b0-0x30b7 mem 
0xd073f000-0xd073 irq 19 at device 22.3 on pci0
uart2: Using 1 MSI message
em0:  port 0x3080-0x309f mem 
0xd070-0xd071,0xd073e000-0xd073efff irq 20 at device 25.0 on pci0
em0: EEPROM V0.3-4
em0: Using 1024 TX descriptors and 1024 RX descriptors
em0: Using an MSI interrupt
em0: Ethernet address: 28:80:23:d8:c3:93
em0: netmap queues/slots: TX 1/1024, RX 1/1024
hdac1:  mem 0xd0734000-0xd0737fff irq 22 at 
device 27.0 on pci0
pcib1:  irq 16 at device 28.0 on pci0
pci1:  on pcib1
pcib2:  irq 19 at device 28.3 on pci0
pci2:  on pcib2
pci2:  at device 0.0 (no driver attached)
pcib3:  irq 17 at device 28.5 on pci0
pci3:  on pcib3
pci3:  at device 0.0 (no driver attached)
ehci0:  mem 0xd073d000-0xd073d3ff irq 
17 at device 29.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
usbus1: 480Mbps High Speed USB v2.0
isab0:  at device 31.0 on pci0
isa0:  on isab0
ahci0:  port 
0x30a8-0x30af,0x30bc-0x30bf,0x30a0-0x30a7,0x30b8-0x30bb,0x3060-0x307f mem 
0xd073c000-0xd073c7ff irq 19 at device 31.2 on pci0
ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier not supported
ahcich0:  at channel 0 on ahci0
battery0:  on acpi0
acpi_acad0:  on acpi0
acpi_button0:  on acpi0
acpi_lid0:  on acpi0

Re: pf.conf syntax highlighting in your favourite editor

[Sven F.]

On Tue, Jul 23, 2024 at 12:22 PM  wrote:
>
> On Tue, Jul 23, 2024 at 03:46:56PM +0100, Tom Smyth wrote:
> >Folks,
> >I wondering had anyone tried to make a syntax highlighting for  pf.conf 
> >syntax,
> >
> >to help folks new to the pf.conf syntax in the editor of their choice...
> >
> >I was thinking that this approach might be lower hanging fruit rather
> >than trying to write a rule editor in nsh (for now at least), and it
> >might be more generally useful for for the community or those in the
> >community who like syntax highlighting
> >
>
> This already exists in the vim port.
>


/usr/local/share/vim/vim82/syntax/ipfilter.vim
/usr/local/share/vim/vim82/syntax/pf.vim
/usr/local/share/vim/vim82/syntax/pfmain.vim

" pf syntax file
" Language:OpenBSD packet filter configuration (pf.conf)
" Original Author: Camiel Dobbelaar 
" Maintainer:  Lauri Tirkkonen 
" Last Change: 2018 Jul 16

Interesting.

Re: pf.conf syntax highlighting in your favourite editor

[readme]

On Tue, Jul 23, 2024 at 03:46:56PM +0100, Tom Smyth wrote:
>Folks,
>I wondering had anyone tried to make a syntax highlighting for  pf.conf syntax,
>
>to help folks new to the pf.conf syntax in the editor of their choice...
>
>I was thinking that this approach might be lower hanging fruit rather
>than trying to write a rule editor in nsh (for now at least), and it
>might be more generally useful for for the community or those in the
>community who like syntax highlighting
>

This already exists in the vim port.

Re: pf.conf syntax highlighting in your favourite editor

[Joel Carnat]

I think vim already has it.
share/vim/${P}/syntax/pf.vim

> Le 23 juil. 2024 à 16:49, Tom Smyth  a écrit :
> 
> Folks,
> I wondering had anyone tried to make a syntax highlighting for  pf.conf 
> syntax,
> 
> to help folks new to the pf.conf syntax in the editor of their choice...
> 
> I was thinking that this approach might be lower hanging fruit rather
> than trying to write a rule editor in nsh (for now at least), and it
> might be more generally useful for for the community or those in the
> community who like syntax highlighting
> 
> i saw some pf.conf syntax highlighting for sublime text editor,
> 
> I was just wondering if any had done highlighting for vim, emacs
> etc...  ?  or at least something I can get started with ...
> 
> Thanks again
> 
> Tom Smyth.
> 

Re: pf.conf syntax highlighting in your favourite editor

[Omar Polo]

On 23/07/24 16:46, Tom Smyth wrote:

Folks,
I wondering had anyone tried to make a syntax highlighting for  pf.conf syntax,

to help folks new to the pf.conf syntax in the editor of their choice...

I was thinking that this approach might be lower hanging fruit rather
than trying to write a rule editor in nsh (for now at least), and it
might be more generally useful for for the community or those in the
community who like syntax highlighting

i saw some pf.conf syntax highlighting for sublime text editor,

I was just wondering if any had done highlighting for vim, emacs
etc...  ?  or at least something I can get started with ...


emacs has a built-in `conf-mode' which, while not knowing the exact 
syntax of any specific configuration file, usually does a decent job at 
handling configuration files (these includes pf.conf, httpd.conf, 
etc...). It's enabled by default for file that ends in *.conf (among 
other things.)

pf.conf syntax highlighting in your favourite editor

[Tom Smyth]

Folks,
I wondering had anyone tried to make a syntax highlighting for  pf.conf syntax,

to help folks new to the pf.conf syntax in the editor of their choice...

I was thinking that this approach might be lower hanging fruit rather
than trying to write a rule editor in nsh (for now at least), and it
might be more generally useful for for the community or those in the
community who like syntax highlighting

i saw some pf.conf syntax highlighting for sublime text editor,

I was just wondering if any had done highlighting for vim, emacs
etc...  ?  or at least something I can get started with ...

Thanks again

Tom Smyth.

Re: trying to boot on HP EliteBook 820 G1

[Stuart Henderson]

On 2024/07/22 21:04, Jan Stary wrote:
> On Jul 22 15:08:15, stu.li...@spacehopper.org wrote:
> > On 2024-07-22, Jan Stary  wrote:
> > > I am trying to boot current/amd64 on this HP laptop from  USB stick.
> > >
> > > Disabling the "secure boot" in BIOS, so that something else
> > > than the preinstalled windows is even allowed to boot,
> > > and choosing USB Flash Disk as the boot source,
> > > I see the usual
> > >
> > >   Using drive 0, partition 3
> > >
> > > etc, up to
> > >
> > >   boot>
> > >
> > > There, the rotating slash either stops and nothing else happens,
> > > or the machine reboots after the first number in
> > >
> > >   booting hd0a:/bsd 12345678 + [reboot]
> > >
> > > This happens with both bsd and bsd.rd.
> > >
> > > The USB stick holds a full current/amd64 installation
> > > which I regularly boot on various amd64 machines,
> > > so I don;t suppose that is the problem.
> > >
> > > Any clues please?
> > 
> > Some things you could perhaps try -
> 
> Thanks for the hints.
> 
> > - does a 7.5 kernel boot? 7.4? (7.3, [..]?)
> 
> No. The same happens with 7.5, 7.4 and 7.3;
> also, the current/amd64 I was trying was about two weeks old,
> but the same happens with the currently current current.
> 
> > - "machine mem" output might be useful to someone looking at this
> 
> Sorry for the jpeg (attached), no cereal here.

so that's approx 19GB of mail sending to all misc subscribers, plus
the people who you want to see this might well be reading mail somewhere
that image attachments are at least a slight pain.

typing is not so hard, so we can at least do something about the
second part of that:

Region 0: type 1 at 0x0 for 631KB
Region 1: type 2 at 0x9dc00 for 9KB
Region 2: type 2 at 0xe for 128KB
Region 3: type 1 at 0x10 for 3058172KB
Region 4: type 2 at 0xbab7f000 for 19456KB
Region 5: type 4 at 0xbbe7f000 for 1024KB
Region 6: type 3 at 0xbbf7f000 for 512KB
Region 7: type 1 at 0xbbfff000 for 4KB
Region 8: type 2 at 0xbc00 for 16384KB
Region 9: type 2 at 0xbd00 for 34816KB
Region 10: type 2 at 0xe000 for 262144KB
Region 11: type 2 at 0xfec0 for 4KB
Region 12: type 2 at 0xfed1 for 16KB
Region 13: type 2 at 0xfed18000 for 4KB
Region 14: type 2 at 0xfed19000 for 4KB
Region 15: type 2 at 0xfed1c000 for 16KB
Region 16: type 2 at 0xfee0 for 4KB
Region 17: type 2 at 0xff80 for 8192KB
Region 18: type 1 at 0x1 for 1030144KB
Low ram: 631KB  High ram: 3058172KB
Total free memory: 4088951KB

Re: folks is there any VPN pseudo device that allows for spliting a fullsized frame or packet across 2x VPN encapsulated packets

[Claudio Jeker]

On Tue, Jul 23, 2024 at 09:04:45AM +0100, Tom Smyth wrote:
> Do you ever have issues with the IP fragments being broken across
> broken NAT implementations... or are the IP fragmensts encapsulated in
> the IPSec Packets ?
> i.e.
> gif fragments and IPsec wraps the gif packet + ip fragment  in 2
> encapsulated ipsec packets ?

IPsec has PMTU support so as long as you get ICMP errors then it will
adjust so that you end up with 2 packets. If it is badly broken you can
adjust the MTU of the route the gif tunnel uses (make it a host route).

I think that should also work with wg(4) but I do not use wg(4).
 
> On Tue, 23 Jul 2024 at 08:54, Claudio Jeker  wrote:
> >
> > On Tue, Jul 23, 2024 at 08:51:19AM +0100, Tom Smyth wrote:
> > > Folks,
> > >
> > > As an ISP we often have to manage wans for customers where we don't
> > > have access to customers firewalls, and the customers expect full
> > > sized frames / packets across the wan,
> > > the issue is when we used 3rd party networks with constrained MTUs,
> > > while we can adjust TCP MSS if we control the network devices  putting
> > > packets across the VPN, this is not always possible,
> > >
> > > IP fragmentation (sometimes) works but it breaks load balancing
> > > (hashes of IP fragments do not match the hashes for original packet
> > > being sent.  but sometimes is not good enough.
> > >
> > > Possible solutions which we have seen in in other vendors
> > > MLPPP on L2TP / PPPoE  with MRRU (Maximum Received Reconstructed Unit)
> > > which allowed for packet splitting outbound  and reconstruction  on
> > > inbound
> > >
> > > OpenVPN have UDP fragment option (which works by encapsulating a
> > > packet across 2 equal sided packets once the encapsulated packet would
> > > be greater than 1/2 the size of the Max UDP fragment,  ( packets would
> > > have the same size, same src & destination port and src and
> > > destination ip (so packet ordering / LACP load balancing path would be
> > > consistent or at least more consistent  for those packets
> > >
> > > OpenVPN & tap interface performance is not brilliant ,  so I'm hopping
> > > there is a kernel driver device that would allow
> > >
> > > I was wondering if anyone else ran into this issue and resolved it
> > > with an existing device driver in  OpenBSD...
> > >
> >
> > I run gif tunnels over ipsec with MTU 1500 and the stack just does the
> > fragmentation. Not sure if the performance of that is much better than
> > OpenVPN.
> >
> > --
> > :wq Claudio
> 
> 
> 
> -- 
> Kindest regards,
> Tom Smyth.
> 

-- 
:wq Claudio

Re: folks is there any VPN pseudo device that allows for spliting a fullsized frame or packet across 2x VPN encapsulated packets

[Tom Smyth]

Do you ever have issues with the IP fragments being broken across
broken NAT implementations... or are the IP fragmensts encapsulated in
the IPSec Packets ?
i.e.
gif fragments and IPsec wraps the gif packet + ip fragment  in 2
encapsulated ipsec packets ?

On Tue, 23 Jul 2024 at 08:54, Claudio Jeker  wrote:
>
> On Tue, Jul 23, 2024 at 08:51:19AM +0100, Tom Smyth wrote:
> > Folks,
> >
> > As an ISP we often have to manage wans for customers where we don't
> > have access to customers firewalls, and the customers expect full
> > sized frames / packets across the wan,
> > the issue is when we used 3rd party networks with constrained MTUs,
> > while we can adjust TCP MSS if we control the network devices  putting
> > packets across the VPN, this is not always possible,
> >
> > IP fragmentation (sometimes) works but it breaks load balancing
> > (hashes of IP fragments do not match the hashes for original packet
> > being sent.  but sometimes is not good enough.
> >
> > Possible solutions which we have seen in in other vendors
> > MLPPP on L2TP / PPPoE  with MRRU (Maximum Received Reconstructed Unit)
> > which allowed for packet splitting outbound  and reconstruction  on
> > inbound
> >
> > OpenVPN have UDP fragment option (which works by encapsulating a
> > packet across 2 equal sided packets once the encapsulated packet would
> > be greater than 1/2 the size of the Max UDP fragment,  ( packets would
> > have the same size, same src & destination port and src and
> > destination ip (so packet ordering / LACP load balancing path would be
> > consistent or at least more consistent  for those packets
> >
> > OpenVPN & tap interface performance is not brilliant ,  so I'm hopping
> > there is a kernel driver device that would allow
> >
> > I was wondering if anyone else ran into this issue and resolved it
> > with an existing device driver in  OpenBSD...
> >
>
> I run gif tunnels over ipsec with MTU 1500 and the stack just does the
> fragmentation. Not sure if the performance of that is much better than
> OpenVPN.
>
> --
> :wq Claudio



-- 
Kindest regards,
Tom Smyth.

Re: folks is there any VPN pseudo device that allows for spliting a fullsized frame or packet across 2x VPN encapsulated packets

[Claudio Jeker]

On Tue, Jul 23, 2024 at 08:51:19AM +0100, Tom Smyth wrote:
> Folks,
> 
> As an ISP we often have to manage wans for customers where we don't
> have access to customers firewalls, and the customers expect full
> sized frames / packets across the wan,
> the issue is when we used 3rd party networks with constrained MTUs,
> while we can adjust TCP MSS if we control the network devices  putting
> packets across the VPN, this is not always possible,
> 
> IP fragmentation (sometimes) works but it breaks load balancing
> (hashes of IP fragments do not match the hashes for original packet
> being sent.  but sometimes is not good enough.
> 
> Possible solutions which we have seen in in other vendors
> MLPPP on L2TP / PPPoE  with MRRU (Maximum Received Reconstructed Unit)
> which allowed for packet splitting outbound  and reconstruction  on
> inbound
> 
> OpenVPN have UDP fragment option (which works by encapsulating a
> packet across 2 equal sided packets once the encapsulated packet would
> be greater than 1/2 the size of the Max UDP fragment,  ( packets would
> have the same size, same src & destination port and src and
> destination ip (so packet ordering / LACP load balancing path would be
> consistent or at least more consistent  for those packets
> 
> OpenVPN & tap interface performance is not brilliant ,  so I'm hopping
> there is a kernel driver device that would allow
> 
> I was wondering if anyone else ran into this issue and resolved it
> with an existing device driver in  OpenBSD...
> 

I run gif tunnels over ipsec with MTU 1500 and the stack just does the
fragmentation. Not sure if the performance of that is much better than
OpenVPN.

-- 
:wq Claudio

folks is there any VPN pseudo device that allows for spliting a fullsized frame or packet across 2x VPN encapsulated packets

[Tom Smyth]

Folks,

As an ISP we often have to manage wans for customers where we don't
have access to customers firewalls, and the customers expect full
sized frames / packets across the wan,
the issue is when we used 3rd party networks with constrained MTUs,
while we can adjust TCP MSS if we control the network devices  putting
packets across the VPN, this is not always possible,

IP fragmentation (sometimes) works but it breaks load balancing
(hashes of IP fragments do not match the hashes for original packet
being sent.  but sometimes is not good enough.

Possible solutions which we have seen in in other vendors
MLPPP on L2TP / PPPoE  with MRRU (Maximum Received Reconstructed Unit)
which allowed for packet splitting outbound  and reconstruction  on
inbound

OpenVPN have UDP fragment option (which works by encapsulating a
packet across 2 equal sided packets once the encapsulated packet would
be greater than 1/2 the size of the Max UDP fragment,  ( packets would
have the same size, same src & destination port and src and
destination ip (so packet ordering / LACP load balancing path would be
consistent or at least more consistent  for those packets

OpenVPN & tap interface performance is not brilliant ,  so I'm hopping
there is a kernel driver device that would allow

I was wondering if anyone else ran into this issue and resolved it
with an existing device driver in  OpenBSD...

Thanks

-- 
Kindest regards,
Tom Smyth.

igc device does not work after install "Intel I225-V" rev 0x03: not enough msi-x vectors

[Todd]

I installed OpenBSD 7.5 on a new firewall appliance.
I did not have any trouble setting up the network during the installation

igc0 was detected and configured to use dhcp.
The installer was able to download the installation sets and correctly set
the time via NTP.

After rebooting into the installed system, the igc devices are not listed
in the ifconfig output.
Dmesg shows the error "Intel I225-V" rev 0x03: not enough msi-x vectors

I saw a similar message on misc@ but with no resolution.

I am using a USB network adapter for now, ure0
I will try OpenBSD current to see if there are any new fixes.

Full Dmesg

OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8388227072 (7999MB)
avail mem = 8112943104 (7737MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xeae90 (57 entries)
bios0: vendor American Megatrends Inc. version "5.13" date 01/06/2022
bios0: Default string Default string
acpi0 at bios0: ACPI 6.2
acpi0: sleep states S0 S3 S4 S5, can't enable ACPI
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.49 MHz, 06-7a-08, patch
0024
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB
64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 19MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.2.4.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.48 MHz, 06-7a-08, patch
0024
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB
64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.48 MHz, 06-7a-08, patch
0024
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB
64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz, 1994.48 MHz, 06-7a-08, patch
0024
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,MISC_PKG_CT,ENERGY_FILT,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 4MB
64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
mpbios0: bus 0 is type PCI
mpbios0: bus 1 is type PCI
mpbios0: bus 2 is type PCI
mpbios0: bus 3 is type PCI
mpbios0: bus 4 is type PCI
mpbios0: bus 5 is type PCI
mpbios0: bus 6 is type PCI
mpbios0: bus 7 is type ISA
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Gemini Lake Host" rev 0x06
inteldrm0 at pci0 dev 2 function 0 "Intel UHD Graphics 600" rev 0x06
drm0 at inteldrm0
inteldrm0: apic 1 int 19, GEMINILAKE, gen 9
azalia0 at pci0 dev 14 function 0 "Intel Gemini 

Re: Filesystem corruption on OpenBSD routers after power outage?

[Tom Smyth]

Hi Jan sorry for the late reply,
Thanks for your comments and questions ,
Replies are in line

On Wed, 17 Jul 2024 at 13:12, Jan Stary  wrote:
>
> On Jul 10 17:05:55, tom.sm...@wirelessconnect.eu wrote:
> > Hi Jan
> > thanks for your Reply and feedback,
> >  please find my replies  in line ,
> >
> > On Wed, 10 Jul 2024 at 16:28, Jan Stary  wrote:
> > >
> > > On Jul 10 14:44:28, tom.sm...@wirelessconnect.eu wrote:
> > > > we have been using  mfs mounted /var /dev and /tmp for years
> > >
> > > Why?
> > so any writes to disk would be simply written a memory filesystem and
> > if  there was a power cut
>
> How often do you get these power cuts?
Not Often in Ireland but want to avoid truck rools,
>
> > there would be no changes happening to the
> > disk because it is being just written to memory
>
> To be clear, you are concerned with changes to the filesystem
> (not disk as such), which makes a dirty fs and invokes fsck
> at reboot, right?

one of the main reasons which I didnt articulate was repeated log
writes of chatty daemons,
OpenVPN with a very short timeout/ retry interval  writing to disk and
causing flash / ssd wear

>
> > > > however  the impact of mfs (/var in particular) on upgrades has been
> > > > quite painful,
> > >
> > > How?
> > Losing new files in /var if the box is rebooted without first copying
> > the /var (in memory) to where the persistent storage is  (on shutdown)
>
> Whht do you mean by "new files"? Those coming to exist
> during regular operation (as in /var/run), or "new" if
> they get installed under /var on an upgrade?
the New files that would be installed in /var on upgrade yes,

>
> The above (losing the nonpersistent mfs storage) is exactly
> what would happen on a power outage; but what does that have
> to do with upgrades? If you reboot (cleanly) after an upgrade,
> the content of /var gets stored to persitent storage.
Oh ok ... I had not seen that behaviour  ...and  sometimes /var/db
the relinked kernel hash would throw the
relink failure ...

>
> > > > #cat /etc/fstab
> > > > ff0023511d131fc2.a / ffs rw,softdep,noatime 1 1
> > > > ff0023511d131fc2.b /usr/local ffs rw,wxallowed,nodev,softdep,noatime 1 2
> > > > ff0023511d131fc2.d /var ffs rw,nodev,nosuid,softdep,noatime 1 2
> > >
> > > So you _don't_ have /var on mfs ...
> > > Also, softdep no loger exists.
> > Thanks  it was an older option (now a noop (for backward compatibility
> > ) just checked the manual there...  Ill drop it off the deployment
> > script
> >
> > > > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/tmp 0 0
> > > > swap /var/log mfs 
> > > > rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0
> > > > swap /var/run mfs 
> > > > rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/var/run 0 0
> > > > swap /dev mfs rw,nosuid,noexec,-P=/persist-fs/dev,-i=2048,-s=32768 0 0
> > >
> > > Why do you need /tmp to persist?
> > Fair point  I was more interested in getting /tmp to be memory mounted
> > (dont care about persistence) in that case
> > checking manual
> >
> > > Why do you have a separate /dev?
> > when programs write to /dev/blah  is there a possibility of the
> > filesystem being updated...
>
> Above you talk about an upgrade, here about an update.
> What you mean is just a write to the filesystem?
>
> I never saw a / filesystem (holding /dev)
> been screwed in a way that fsck couldn't get out of
> because a file under /dev was being written ...
I think I took this advice so that / could be mounted read only (if I
Recall correctly )
so I was being cautious ... on this front ...

>
> > > Why don't you have a separate /home?
> > it is a router /firewall / network appliance  /not a standard desktop
> > / server ...  users are admins... etc .
> > >
> > > > ###
> > > > This seems to solve problems with  upgrades and  package updates,
> > basically if the partition was not synced with a copy on shutdown you
> > would lose the updated files ...
>
> Wll, you wouldn't have this problem
> if you were not using mfs :-)

indeed yes :)
>
> Filesystem inconsistency after a power outage is normal;
> fsck will deal with it. You might lose some files -
sometimes you lose the wrong file...  and the system requires manual
intervention / truck roll... I want to avoid that

> with mfs, you lose everything.

so I wanted to have  a reliable boot and prefer losing logs and tmp
files rather than risking corruption...

>
> Jan
>
Thanks for your feedback Jan
really appreciate it

Re: trying to boot on HP EliteBook 820 G1

[Stuart Henderson]

On 2024-07-22, Jan Stary  wrote:
> I am trying to boot current/amd64 on this HP laptop from  USB stick.
>
> Disabling the "secure boot" in BIOS, so that something else
> than the preinstalled windows is even allowed to boot,
> and choosing USB Flash Disk as the boot source,
> I see the usual
>
>   Using drive 0, partition 3
>
> etc, up to
>
>   boot>
>
> There, the rotating slash either stops and nothing else happens,
> or the machine reboots after the first number in
>
>   booting hd0a:/bsd 12345678 + [reboot]
>
> This happens with both bsd and bsd.rd.
>
> The USB stick holds a full current/amd64 installation
> which I regularly boot on various amd64 machines,
> so I don;t suppose that is the problem.
>
> Any clues please?

Some things you could perhaps try -

- does a 7.5 kernel boot? 7.4? (7.3, [..]?)
- how about trying an older bootloader (extract usr/share/mdec
files from old baseXX.tgz and installboot)
- "machine mem" output might be useful to someone looking at this

HP machines are often a bit awkward, have been for many years.


-- 
Please keep replies on the mailing list.

Re: security(8) for linux?

[Rubén Llorente]

Give aide a try. It isn't exactly a security(8) replacement but it is 
fine for detecting filesystem changes.


chrootkit and rkhunter are also fine for detecting suspicious activity 
and tracking critical filesystem changes, but adapting them to your 
environment might take some work.


Allan Streib wrote:

I am guessing that many of us also manage linux systems, is anyone
aware of a port or adaptation of security(8) for linux, specifically
Ubuntu or Debian distributions?

Allan

Re: trying to boot on HP EliteBook 820 G1

[Jan Stary]

On Jul 22 10:38:44, kolip...@exoticsilicon.com wrote:
> On Mon, Jul 22, 2024 at 03:22:21PM +0200, Jan Stary wrote:
> > There, the rotating slash either stops and nothing else happens,
> > or the machine reboots after the first number in
> > 
> > booting hd0a:/bsd 12345678 + [reboot]
> > 
> > This happens with both bsd and bsd.rd.
> > 
> > The USB stick holds a full current/amd64 installation
> > which I regularly boot on various amd64 machines,
> > so I don;t suppose that is the problem.
> > 
> > Any clues please?
> 
> Is it related to the issue described here? :
> 
> https://marc.info/?l=openbsd-misc=171650034722844

No idea. I saw that thread, but it's not the same problem.

Re: trying to boot on HP EliteBook 820 G1

[Crystal Kolipe]

On Mon, Jul 22, 2024 at 03:22:21PM +0200, Jan Stary wrote:
> There, the rotating slash either stops and nothing else happens,
> or the machine reboots after the first number in
> 
>   booting hd0a:/bsd 12345678 + [reboot]
> 
> This happens with both bsd and bsd.rd.
> 
> The USB stick holds a full current/amd64 installation
> which I regularly boot on various amd64 machines,
> so I don;t suppose that is the problem.
> 
> Any clues please?

Is it related to the issue described here? :

https://marc.info/?l=openbsd-misc=171650034722844

Re: security(8) for linux?

[Eric Pruitt]

On Sat, Jul 20, 2024 at 03:11:08PM -0400, Allan Streib wrote:
> I am guessing that many of us also manage linux systems, is anyone
> aware of a port or adaptation of security(8) for linux, specifically
> Ubuntu or Debian distributions?

The closest thing I'm familiar with is tripwire
(https://packages.debian.org/buster/tripwire), but it doesn't do most of
what security(8) does.

Eric

security(8) for linux?

[Allan Streib]

I am guessing that many of us also manage linux systems, is anyone
aware of a port or adaptation of security(8) for linux, specifically
Ubuntu or Debian distributions?

Allan

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[José Maldonado]

El vie, 19 jul 2024 a la(s) 9:08 p.m., Justin Yates Fletcher
(jyfletc...@gmail.com) escribió:
>
> On Fri, 2024-07-19 at 17:18 +, Anon Loli wrote:
> > Please stop joking and get serious.
>
> This is my favorite part so far. Everything written on almost every
> post has been hilarious: Inane ramblings, word salads, delusions of
> grandeur, help vampirism, thread hijacking, and even more!
>
> Top level trolling, really. I think congratulations are in order.
>

Don´t feed the troll.

-- 
"Dios en su Cielo, todo bien en la Tierra"
***

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[Justin Yates Fletcher]

On Fri, 2024-07-19 at 17:18 +, Anon Loli wrote:
> Please stop joking and get serious.

This is my favorite part so far. Everything written on almost every
post has been hilarious: Inane ramblings, word salads, delusions of
grandeur, help vampirism, thread hijacking, and even more!

Top level trolling, really. I think congratulations are in order.

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[Anon Loli]

On Thu, Jul 18, 2024 at 11:23:08PM -0400, José Maldonado wrote:
> >
> > I don't really deserve OpenBSD, I get that, but there is a reason as to why
> > Theo De Raadt and other folks are still active on mailing lists and respond 
> > to
> > topics like these, everything else should click and make sense now, I don't
> > know how much clearer I can get, low critical thinking is required to 
> > understand
> > what I wrote right now, and the only thing I can be wrong about here is that
> > OpenBSD folks don't need new people (in general) who might even have greater
> > potential than some of existing folks, to work on OpenBSD and related 
> > projects
> > and I'd love to know why if that's the case.
> >
> > If that's not the case (I hope it's not), then I've already started my 
> > payback,
> > and hope to somewhat give back to the OpenBSD
> >
> 
> Personally, I don't give a shit about anything you've said.

Excellent, then what I said doesn't apply to you, it applies to people who care
about mutual contributions and contribution-investments.


> RTFM and stop crying on the list.

I read your incomplete buggy and discriminating (against skill levels) manuals,
if you want mutual contributions and contribution-investment-returns - which
you don't so just stop replying because it doesn't concern you after that
point.


> ...That you are autistic is not, at least on my part,
> something that matters to me. If you're looking for help, at least be friendly
> and stop pointing fingers at everyone else to try to
> "fit into your world and your vision of it."

You think I'm here to just get help and run away? I thought for a OpenBSD
contributor(or whatever you are) that you'd be smarter than that, I literally
explained your how shit works in real life, what is here to not understand?

You either agree with me and literally admit that butterfly effect is real and 
very
strong and you help me (and all which that entails), or you don't and you don't
respond, it's very simple


> Don´t be a troll.

If you cared enough to read and think about what I wrote (talking about the 1st
reply line you wrote here), then you'd realize that you're the troll, not me,
because I care about this conversation, you literally admitted you don't, so
please kindly stop replying, there might be people who do care, you just aren't
one of those and that's (not) okay, please stop wasting everyone's time if you

aren't invested in the conversation (like literally closing your ears and
yelling, that's you right now)

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[Anon Loli]

On Thu, Jul 18, 2024 at 10:34:23PM +0100, cho...@jtan.com wrote:
> Anon Loli writes:
> > On Thu, Jul 18, 2024 at 07:15:28PM +0100, cho...@jtan.com wrote:
> > > Anon Loli writes:
> > > > On Tue, Jul 16, 2024 at 11:04:17PM +0100, cho...@jtan.com wrote:
> > > > > I think there is a fundamental misunderstanding here.
> > > > > 
> > > > > Anon Loli writes:
> > > > > > Hello list, after I compiled ...
> > > > > 
> > > > > Once you have crossed this Rubicon you are a developer and On Your 
> > > > > Own.
> > > >
> > > > That's mean!
> > > 
> > > But it is the truth. Do I not correctly recall you writing that you
> > > prefer to hear the truth, however blunt? I believe asshole was the
> > > term you used. Is it a one-way phenomenon?
> >
> > I forgot that my mood can't be transfered
> > automatically trough text, and that my joke won't be understood
> 
> Funny, that.
> 
> > > If you want to code get coding. If you want a working system that's
> > > built by others others then put the compiler down and use what they
> > > have produced.
> > > 
> > > There is no middle ground. You break it, you get to keep both halves.
> >
> > When undoing 1 screw, I didn't expect the whole wheel to fall off (you can
> > still drive with 3 wheels, but like not for long)
> 
> You still get to keep all the parts. If you play with power tools
> you can expect to get hurt.

This is why people go insane and do terrorist attacks, because more and more
people don't really give a shit what they're selling and poor people don't have
a choice..
I know it's bad to compare this to OpenBSD, because it's for free, but we also
don't have a good enough alternative yet (I'm semi-serious here, if it wasn't
obvious)


> > > > I didn't change the source code related to Xenocara, I was just curious 
> > > > if
> > > > Xenocara compiles with different Makefile or something.. it'd be nice 
> > > > if at
> > > > least someone told me if it affects the mouse profile/driver somehow.
> > > 
> > > Incorrect. If you had followed the build instructions as they are
> > > written with the xenocara sources unchanged then xenocara would
> > > have compiled. It didn't therefore you changed something.
> >
> > What do you mean it didn't compile? What did I say which would indicate 
> > that I
> > got a error message while compiling Xenocara?
> 
> I'm sorry I rushed. I meant to say that xenocara would have been
> compiled in the same way. If you follow the instructions correctly
> against a pristine source repository you will get the same binary
> artefacts that upstream produce and so of course they will do the
> same thing in the same way.
> 
> I mixed up "broken" with "didn't build".

Yeah, that's what I expected too, but it doesn't seem to be compiling-related
perhaps...
Also by UEFI I think that I meant BIOS related


> > > > I have a lot of experience when it comes to helping each other and "do 
> > > > to
> > > > others as you want done to yourself"(or something like that phrase), 
> > > > which is
> > > 
> > > When you are thrown in the deep end of a pool, you will learn to
> > > swim or you will sink. Conveniently in this metaphor you don't also
> > > drown, so consider it done unto you. You're welcome.
> > > 
> > > Coincidentally you've (mis-)quoted from the book of Matthew. Chapter 7.
> >
> > Most people will sink if such continues
> 
> That is up to them. Each of us gets to choose.
> 
> > > > > Use the source, Luke.
> > > >
> > > > But source big big big
> > > 
> > > Then you have a lot of reading to do.
> > > 
> > > The OpenBSD developers have also put a lot of work into their
> > > exceptionally fine manuals. I suggest you read those too.
> >
> > Exceptionally fine manuals? Are you joking?
> 
> *whoosh*
> 
> RTFM. And S.

I can see that you're joking about this, that says a lot


> > You obviously don't know what a manual written by a perfectionist autist 
> > look
> > like - literally perfection
> 
> You cannot use autism as an excuse for anything in a group of engineers.

Excuse? You mean I can't excuse my perfection?
I write better shit than OpenBSD does, but not really on same topic, but lets
say that when I put an effort (like OpenBSD hints to do or else it's a bug), I
perfectly explain stuff about what I'm talking or the contex as if my reader is
a loli... almost no one has time to decipher text and gamble wether or not they
are SKILLED ENOUGH TO RTFM provided.

Please stop joking and get serious.


> And you cannot comment on perfectionism with bad grammar. It is "looks like".

I know how to write it, I just missed it, I don't have infinite free time
and/or patience to reread my replies a bunch of times until absolute
perfection, I think I got my points across well and had explained as if.. you
know the rest.


> Matthew
> 
> Fig leaf: If you would like to know why you are not getting the
> support you wish and how to present your questions in such a way
> that they might actually be dealt with amicably, that is way off
> topic and you can contact 

pf af-to silently dropping oversized packets (affects pmtud)

[Jason Healy]

I'm working on setting up an OpenBSD box to perform CLAT services for 464XLAT 
on my network.  v4-only clients will be behind the pf box, which uses af-to to 
translate v4 packets to v6 and send them to my border NAT64 gateway.

Things are working pretty well, but I've bumped into an issue with large 
packets.  If the v4 client sends a max-size packet (1500 bytes), it looks like 
the pf box is silently dropping them.  I've tested this by setting DF on an 
ICMP ping that is too big to fit in an IPv6 packet (1453 bytes).  tcpdump shows 
the packet arriving on the pf box, but not leaving.  Because the IPv6 headers 
are 20 bytes bigger, this makes sense (the resulting translated packet is too 
large).

I was hoping that pf would return an ICMP type 3, code 4 (dest 
unreachable/fragmentation needed), but I'm not getting anything back.  I have a 
default "pass out" rule so I don't believe I am blocking any ICMP sourced by 
the pf box.  Without the ICMP feedback, the v4 client is unaware of the v6 bump 
in the path (essentially, the MTU is reduced to 1480), and path MTU discovery 
cannot detect it.

Am I missing any config, or does af-to not generate ICMP messages in this 
circumstance?  As a workaround I tried to find a pf rule to filter on packet 
size, but that doesn't exist either.

I did add a scrub rule for max-mss, and that has helped with TCP.  However, I 
was hoping to get full coverage on UDP and ICMP as well.

I'm going to try lowering the MTU on the clients, but some of them are IoT 
garbage that doesn't give me access to those settings, so pmtud is really my 
best bet.

Thanks,

Jason

Re: POSIX Inquiry

[Страхиња Радић]

Дана 24/07/18 08:53PM, Katherine Mcmillan написа:
> In the Core Program for the POSIX standards, a relational database is 
> listed.

Link?

Re: Dual boot with 2 openbsd

[Crystal Kolipe]

On Thu, Jul 18, 2024 at 10:38:42PM +0200, Martin Schrder wrote:
> Am Mi., 17. Juli 2024 um 00:18 Uhr schrieb <04-psyche.tot...@icloud.com>:
> > Does this idea make sense?
> 
> No.
> You'll have to keep both systems up-to-date.

Only if you expect the system to come up 100% automatically when the first
disk fails.

Otherwise all that is necessary is to arrange for it to boot in to a fresh
installation of the base system which has enough minimal configuration to
ensure that it can be accessed remotely, and you can then update and
reconfigure it in one go as required.

So no need to mirror each update and configuration change step by step on both
installations.

Since the OP is planning to store user data on disk 2, it would be trivial to
write a script that tars up essential config files from the main installation
on disk 1 and writes them to the other disk, ready for reference in case of
failing over to the second installation.  Running the script on a daily basis
from cron and deleting backups over a week old would probably suffice.

Re: Apache chroot ?

[J Doe]

> On Jul 16, 2024, at 05:16, Stuart Henderson  wrote:
> On 2024-07-15, J Doe  wrote:
>> I know in the past (before OpenBSD's httpd), the Apache package on
>> OpenBSD was packaged to run in a chroot.  Does this still hold for
>> Apache 2.4.61 on OpenBSD 7.5 ?
> 
> The version of Apache httpd (1.x) that used to be in the base OS (before
> it was replaced by nginx) included a patch to chroot by default. That's
> never (IIRC) been the case for the 2.x versions in ports/packages.
> 
> The mod_unixd module is included in the port though - that has a way to
> chroot (see https://httpd.apache.org/docs/2.4/mod/mod_unixd.html) but
> isn't done by default.
> 

Hi Stuart,

Ok, thanks for the clarification.

- J

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[José Maldonado]

>
> I don't really deserve OpenBSD, I get that, but there is a reason as to why
> Theo De Raadt and other folks are still active on mailing lists and respond to
> topics like these, everything else should click and make sense now, I don't
> know how much clearer I can get, low critical thinking is required to 
> understand
> what I wrote right now, and the only thing I can be wrong about here is that
> OpenBSD folks don't need new people (in general) who might even have greater
> potential than some of existing folks, to work on OpenBSD and related projects
> and I'd love to know why if that's the case.
>
> If that's not the case (I hope it's not), then I've already started my 
> payback,
> and hope to somewhat give back to the OpenBSD
>

Personally, I don't give a shit about anything you've said.

RTFM and stop crying on the list. That you are autistic is not, at
least on my part,
something that matters to me. If you're looking for help, at least be friendly
and stop pointing fingers at everyone else to try to
"fit into your world and your vision of it."

Don´t be a troll.

-- 
"Dios en su Cielo, todo bien en la Tierra"
***

Re: POSIX Inquiry

[Philip Guenther]

On Thursday, July 18, 2024, Katherine Mcmillan  wrote:
>
> In the Core Program for the POSIX standards, a relational database is
> listed.  I am wondering what this is referring to?
>

You’ll need to be more specific about what you’re referring to and how it
relates to OpenBSD.

Philip Guenther

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[chohag]

Anon Loli writes:
> On Thu, Jul 18, 2024 at 07:15:28PM +0100, cho...@jtan.com wrote:
> > Anon Loli writes:
> > > On Tue, Jul 16, 2024 at 11:04:17PM +0100, cho...@jtan.com wrote:
> > > > I think there is a fundamental misunderstanding here.
> > > > 
> > > > Anon Loli writes:
> > > > > Hello list, after I compiled ...
> > > > 
> > > > Once you have crossed this Rubicon you are a developer and On Your Own.
> > >
> > > That's mean!
> > 
> > But it is the truth. Do I not correctly recall you writing that you
> > prefer to hear the truth, however blunt? I believe asshole was the
> > term you used. Is it a one-way phenomenon?
>
> I forgot that my mood can't be transfered
> automatically trough text, and that my joke won't be understood

Funny, that.

> > If you want to code get coding. If you want a working system that's
> > built by others others then put the compiler down and use what they
> > have produced.
> > 
> > There is no middle ground. You break it, you get to keep both halves.
>
> When undoing 1 screw, I didn't expect the whole wheel to fall off (you can
> still drive with 3 wheels, but like not for long)

You still get to keep all the parts. If you play with power tools
you can expect to get hurt.

> > > I didn't change the source code related to Xenocara, I was just curious if
> > > Xenocara compiles with different Makefile or something.. it'd be nice if 
> > > at
> > > least someone told me if it affects the mouse profile/driver somehow.
> > 
> > Incorrect. If you had followed the build instructions as they are
> > written with the xenocara sources unchanged then xenocara would
> > have compiled. It didn't therefore you changed something.
>
> What do you mean it didn't compile? What did I say which would indicate that I
> got a error message while compiling Xenocara?

I'm sorry I rushed. I meant to say that xenocara would have been
compiled in the same way. If you follow the instructions correctly
against a pristine source repository you will get the same binary
artefacts that upstream produce and so of course they will do the
same thing in the same way.

I mixed up "broken" with "didn't build".

> > > I have a lot of experience when it comes to helping each other and "do to
> > > others as you want done to yourself"(or something like that phrase), 
> > > which is
> > 
> > When you are thrown in the deep end of a pool, you will learn to
> > swim or you will sink. Conveniently in this metaphor you don't also
> > drown, so consider it done unto you. You're welcome.
> > 
> > Coincidentally you've (mis-)quoted from the book of Matthew. Chapter 7.
>
> Most people will sink if such continues

That is up to them. Each of us gets to choose.

> > > > Use the source, Luke.
> > >
> > > But source big big big
> > 
> > Then you have a lot of reading to do.
> > 
> > The OpenBSD developers have also put a lot of work into their
> > exceptionally fine manuals. I suggest you read those too.
>
> Exceptionally fine manuals? Are you joking?

*whoosh*

RTFM. And S.

> You obviously don't know what a manual written by a perfectionist autist look
> like - literally perfection

You cannot use autism as an excuse for anything in a group of engineers.

And you cannot comment on perfectionism with bad grammar. It is "looks like".

Matthew

Fig leaf: If you would like to know why you are not getting the
support you wish and how to present your questions in such a way
that they might actually be dealt with amicably, that is way off
topic and you can contact me off-list.

Re: POSIX Inquiry

[Dan]

Oh, that means it is an old standard.

Sorry for the joke ;-)

-Dan

Jul 18, 2024 22:57:11 Katherine Mcmillan :

> In the Core Program for the POSIX standards, a relational database is listed. 
>  I am wondering what this is referring to?

POSIX Inquiry

[Katherine Mcmillan]

Hello all,

In the Core Program for the POSIX standards, a relational database is listed.  
I am wondering what this is referring to?

Thank you,
Katie

Re: Dual boot with 2 openbsd

[Martin Schröder]

Am Mi., 17. Juli 2024 um 00:18 Uhr schrieb <04-psyche.tot...@icloud.com>:
> Does this idea make sense?

No.
You'll have to keep both systems up-to-date.
Learn how to do backups and how to restore.

Best
Martin

Re: Dual boot with 2 openbsd

[tetrosalame]

Il 17/07/2024 12:05, 04-psyche.tot...@icloud.com ha scritto:


RAID1 on the overlapping capacity: I don't like that idea much because RAID1 
has an extra cost where any modification on disk1 will be performed on disk2. I 
want to reap the benefits of having disk1 for the OS and disk2 for data. That 
makes the overall system much faster, because each drive is ddicated to 1 task, 
and each task is independent.


If you simply want to make sure disk2 is somehow bootable, investigate 
altroot too. man daily(8), see ROOTBACKUP.


BTW, in my own experience, BIOS manufacturers always find new, funny 
ways to make sure machines won't come back up without manual 
intervention if the primary disk fails.

Good luck,
--
f

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[Anon Loli]

On Thu, Jul 18, 2024 at 07:15:28PM +0100, cho...@jtan.com wrote:
> Anon Loli writes:
> > On Tue, Jul 16, 2024 at 11:04:17PM +0100, cho...@jtan.com wrote:
> > > I think there is a fundamental misunderstanding here.
> > > 
> > > Anon Loli writes:
> > > > Hello list, after I compiled ...
> > > 
> > > Once you have crossed this Rubicon you are a developer and On Your Own.
> >
> > That's mean!
> 
> But it is the truth. Do I not correctly recall you writing that you
> prefer to hear the truth, however blunt? I believe asshole was the
> term you used. Is it a one-way phenomenon?

Your recall returns exit code 0.. I forgot that my mood can't be transfered
automatically trough text, and that my joke won't be understood, because of
course, this isn't real life, sorry..


> If you want to code get coding. If you want a working system that's
> built by others others then put the compiler down and use what they
> have produced.
> 
> There is no middle ground. You break it, you get to keep both halves.

When undoing 1 screw, I didn't expect the whole wheel to fall off (you can
still drive with 3 wheels, but like not for long)


> > I didn't change the source code related to Xenocara, I was just curious if
> > Xenocara compiles with different Makefile or something.. it'd be nice if at
> > least someone told me if it affects the mouse profile/driver somehow.
> 
> Incorrect. If you had followed the build instructions as they are
> written with the xenocara sources unchanged then xenocara would
> have compiled. It didn't therefore you changed something.

What do you mean it didn't compile? What did I say which would indicate that I
got a error message while compiling Xenocara?


> > I have a lot of experience when it comes to helping each other and "do to
> > others as you want done to yourself"(or something like that phrase), which 
> > is
> 
> When you are thrown in the deep end of a pool, you will learn to
> swim or you will sink. Conveniently in this metaphor you don't also
> drown, so consider it done unto you. You're welcome.
> 
> Coincidentally you've (mis-)quoted from the book of Matthew. Chapter 7.

Most people will sink if such continues, but if someone were to swim out, and
for that spot to be known as a location where people get thrown to like learn
swimming or something, someone could throw in a few life jackets or have
someone be on ready, this example is so stupid, but still somewhat applicable,
because either I don't understand you or you don't understand me, and of course
now you'll say something like "you're the one who doesn't understand me", but
what is there to understand, you seemingly just wanted to say that steel is
forged with fire, without a care for that not everyone is steel, some people
are still iron ;) 


> > > Use the source, Luke.
> >
> > But source big big big
> 
> Then you have a lot of reading to do.
> 
> The OpenBSD developers have also put a lot of work into their
> exceptionally fine manuals. I suggest you read those too.

Exceptionally fine manuals? Are you joking?
You obviously don't know what a manual written by a perfectionist autist look
like - literally perfection - and OpenBSD manuals are lacking in some places,
and if my recall is correct, then I've already complained about manual pages,
and not much has been done about it, as far as I know.

Not sure if this is it, but it might have something to do with that SOME
manual pages are for developers that are approximately the same skill-level as
the author of them, so this is represents a huge problem, which is unless
someone is extremely motivated, the skill-gap will never be bridged, people
will not learn, OpenBSD will not gain more passionate people, and I suspect
that everyone using OpenBSD is at a loss per-say

Excellent example:
So if say you buy a car, and you say have to connect it together, and the
provided manual requires you to say have finished some related school or
something like that, then most people are unlikely to ever fully build that
car and since they won't ride in it, other people also won't get to see that
type/model of car in the streets and thus won't buy one for themselves.
Very similar thing happens with most things in our live, same goes for OpenBSD

Now you might say something like: "So then help write better manual pages", but
there are still parts of OpenBSD (manual pages) which I don't understand,
partially because a significant amount of it expects you to know something
which isn't mentioned directly (for example it doesn't say "you're expected to
know/have read this this and this).


> Appeals of "but it is le hard" to people who have openly published
> every scrap of their work for anybody to learn from for over 50
> years are not likely to find much sympathy.
> 
> Matthew

Won't find much sympathy? I don't understand why.. just because they had to
swim trough shit doesn't mean that everyone is, because even if OpenBSD isn't a
commercial thing for profit doesn't mean you know what - above I gave 

Re: Mouse profile and behavior changed to wtf after Xenocara compiling

[chohag]

Anon Loli writes:
> On Tue, Jul 16, 2024 at 11:04:17PM +0100, cho...@jtan.com wrote:
> > I think there is a fundamental misunderstanding here.
> > 
> > Anon Loli writes:
> > > Hello list, after I compiled ...
> > 
> > Once you have crossed this Rubicon you are a developer and On Your Own.
>
> That's mean!

But it is the truth. Do I not correctly recall you writing that you
prefer to hear the truth, however blunt? I believe asshole was the
term you used. Is it a one-way phenomenon?

If you want to code get coding. If you want a working system that's
built by others others then put the compiler down and use what they
have produced.

There is no middle ground. You break it, you get to keep both halves.

> I didn't change the source code related to Xenocara, I was just curious if
> Xenocara compiles with different Makefile or something.. it'd be nice if at
> least someone told me if it affects the mouse profile/driver somehow.

Incorrect. If you had followed the build instructions as they are
written with the xenocara sources unchanged then xenocara would
have compiled. It didn't therefore you changed something.

> I have a lot of experience when it comes to helping each other and "do to
> others as you want done to yourself"(or something like that phrase), which is

When you are thrown in the deep end of a pool, you will learn to
swim or you will sink. Conveniently in this metaphor you don't also
drown, so consider it done unto you. You're welcome.

Coincidentally you've (mis-)quoted from the book of Matthew. Chapter 7.

> > Use the source, Luke.
>
> But source big big big

Then you have a lot of reading to do.

The OpenBSD developers have also put a lot of work into their
exceptionally fine manuals. I suggest you read those too.

Appeals of "but it is le hard" to people who have openly published
every scrap of their work for anybody to learn from for over 50
years are not likely to find much sympathy.

Matthew