IKEv2/IPsec VPN
Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with 20-30 remote Windows clients connecting. I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The documentation doesn't make it clear -- to me -- if such a setup is possible. Ideally it would be nice if strongSwan was supported on NetBSD but it seems this is not the case. So where to begin? Does racoon support IKEv2? At one stage there was a racoon2 fork but development seems to have stalled on that. If you run such a setup some ideas to kickstart my reading would be welcome. Thank you.
IKEv2/IPsec VPN
Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with 20-30 remote Windows clients connecting. I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The documentation doesn't make it clear -- to me -- if such a setup is possible. Ideally it would be nice if strongSwan was supported on NetBSD but it seems this is not the case. So where to begin? Does racoon support IKEv2? At one stage there was a racoon2 fork but development seems to have stalled on that. If you run such a setup some ideas to kickstart my reading would be welcome. Thank you.
Re: blacklistd and bpfjit
On Tue, 28 Mar 2017, at 02:20, co...@sdf.org wrote: > npf attempts to auto load bpfjit, if it receives an error (such as > 'permission denied because securelevel=1'), it will report that bpfjit > is not loaded and this is a performance problem, even if bpfjit is > already loaded. > > in -8 it will no longer do this. Thanks for the explanation. Yes, I'm using 7.1.
Re: blacklistd and bpfjit
On Mon, 27 Mar 2017, at 17:22, atomicules wrote: > >npfctl: error loading the bpfjit module; performance will be degraded: > >Operation not permitted > >npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf > > I think that's a XEN issue. I've been playing about with npf and > building kernels and I cannot get bpfjit to work on XEN even though > I've supposedly enabled it during the kernel build. > > And not to derail you too much, but I can't really get npf to work > properly on XEN at all. Been meaning to email you about that. Sure it > "works", but it doesn't seem to respect the rules like my desktop npf > does (it basically blocks EVERYTHING). I'm 99% sure it's a XEN problem > and not me. (For some reason this reply was buried - already read - in Gmail's All Mail folder. Not sure now if I've received other replies to my post.) I don't have Xen installed on the new server yet, although that's my next step. I did have problems with npf and Xen some time ago; as far as I remember that had to do with the dom0 kernel not loading modules. You seem to have covered that by compiling a new kernel. Sorry; can't help you much more on that just now.
blacklistd and bpfjit
I have been testing blacklistd today. It works nicely, but one thing I don't understand is whether or not the bpfjit module is needed. I have securelevel=1 in rc.conf. To load the module early, before securelevel gets raised, I added bpfjit to /etc/modules.conf, and then "set bpf.jit on;" in npf.conf. However, when I reload npf rules I get the following complaint: npfctl: error loading the bpfjit module; performance will be degraded: Operation not permitted npfctl: To disable this warning `set bpf.jit off' in /etc/npf.conf So I set bpf.jit off instead, and blacklistd continues to work fine. I presume bpf.jit is not really necessary for blacklistd to work properly?
Boot selector with GPT + BIOS
Some time ago I was able to set up a NetBSD + Slackware dual boot, with fdisk MBR partitioning and the NetBSD boot selector (fdisk -B). With 3TB disks I now need to use a GPT partition scheme. I presume fdisk -B no longer works in this situation. Is there another way of installing the NetBSD boot selector?
Re: linking issue - what am I doing wrong?
On Fri, 25 Mar 2016 15:50:36 -0600 (MDT) Swift Griggs <swiftgri...@gmail.com> wrote: > > Some folks, who have had similar issues, asked what I ended up doing and if > I'd post it. Here's the skinny: > > I was doing this: > > gcc -g -Wall -I/usr/pkg/include -I/usr/X11R7/include -lXm \ >-L/usr/pkg/lib -o hello hello.c > > I switched it to this: > > gcc -Wl,-rpath,/usr/pkg/lib -Wl,-rpath,/usr/X11R7/lib -g -Wall \ >-I/usr/pkg/include -I/usr/X11R7/include -lXm \ >-L/usr/pkg/lib -o hello hello.c > > I guess that bakes in the library search path to your resulting binary. Very > helpful, actually. I just never really knew this was an alternative to > something like always having to set LD_LIBRARY_PATH, but since I saw other > programs that managed to pull it off, I thought I'd ask. I'm glad I did. > There are so many smart folks on this list. Thanks Swift. (I hit Reply instead of Reply-All, so the list never saw my request. Sorry about that.) -- Gerard Lally
Re: GPT, wedges and RAID-1 on new server with NetBSD 7
On Tue, 08 Mar 2016 15:06:32 -0500 Greg Troxel <g...@ir.bbn.com> wrote: > > Gerard Lally <gerard.la...@gmail.com> writes: > > > If I want separate / swap and /home, I presume I should delete raid1a > > and create raid1a, raid1b and raid1e instead (by clicking on its > > parent raid1 and selecting "Edit BSD partitions")? > > Separately from how to use sysinst for this (which I've never done), I > think it is sensible to have partitions within a raid. I typically > have wd0a/wd1a as type raid, being mostly the whole disk, and then > within raid0 have a/b/e/f. > > > I create these and proceed with installation as normal, selecting > > raid1 as the available disk on which I want to install NetBSD. But > > each time I do this I get the dreaded error "FATAL: No bootable medium > > found! System halted." > > > > Where am I going wrong? One thing I note is that I am not asked at any > > point to install bootcode to the disks as I would be with non-RAID > > setups. > > Probably you can boot to utility and run installboot manually on wd0a/wd1a. > > > If it's not possible to do this with sysinst is it at least possible > > to do it by dropping to a shell? > > When I want to set up a new raid system, I tend to get a bootable disk > with a minimal system and boot that and do the whole disk setup > including bootblocks by hand. But I suspect you are just missing > bootblocks. > > > Ideally I would like to use GPT with the RAID-1 setup as well, since I > > will be on 2 x 2TB disks and I anticipate this getting bigger, not > > smaller in years to come. I have successfully set up NetBSD with GPT > > by dropping to a shell but I don't know where to add RAID into that > > mix. > > As others commented it seems disklabel-in-raid-in-gpt works. So that > leads to having two raid sets. One is small enoguh to fit in 2T, and > would have root, swap, /var, /usr sorts of things. The other would be > just bare raid in gpt, and have a filesystem in raid0d. or maybe gpt > inside raid. The point is that the >2T raid doesn't have a disklabel > (because it's too big) and doesn't have root (because the bootblocks > can't yet find it). Well I successfully booted a RAID system in Virtualbox yesterday evening! I followed Tobias's instructions, and also found David Brownlee's wedgeraidbootsetup.sh script** very useful. It's a lot clearer to me now what has to be done. Here is an overview for anyone else having trouble understanding the steps: 1) create a small gpt partition on disk0 and disk1 for boot; 2) create another gpt partition on disk0 and disk1 for raid; 3) assemble the raid using the components created in 2; 4) use gpt again to partition this raid array into / swap and home partitions; 5) build filesystems on these partitions; 6) mount the filesystems and extract sets; 7) install boot on the wedges created in step 1; 8) configure the system (fstab, rc.conf, etc) I'm happy again now! I was afraid I might end up having to install "An Inferior Operating System" on my 36 euro per month server! ;-) Thank you one and all for helping me understand this. ** Posted to netbsd-users June 2015: https://mail-index.netbsd.org/netbsd-users/2015/06/16/msg016252.html -- Gerard Lally
Re: Wheel behavior
On Mon, 24 Aug 2015 08:04:40 + Thomas Mueller mueller6...@bellsouth.net wrote: On 23 August 2015 at 03:39, Pongthep Kulkrisada ptkris...@gmail.com wrote: * Ottavio Caruso (ottavio2006-net...@yahoo.com) wrote: But Slackware doesn't have the concept of the wheel group (as long as I remember) and I myself don't like it very much. Slackware has this concept. http://alien.slackbook.org/dokuwiki/doku.php?id=linux:admin Yes, it might be in the wiki, but I remember correctly it's not implemented. I am a former user of Slackware, through 13.0, and can say there was no wheel group. # cat /etc/slackware-version Slackware 14.1 # grep wheel /etc/group wheel:x:10:root -- Gerard Lally
Re: Where to install user stuff
At date and time Thu, 16 Jul 2015 11:35:37 +, William A. Mahaffey III wrote: On various SGI, Linux FreeBSD boxen, I have always installed in-house software under /usr/local. I notice no such directory on my NetBSD 6.1.5 box. I did notice that pkg_add installed sudo under /usr/pkg. Is that the recommended/standard/canonical place to install user software under NetBSD ? If you are doing ./configure, make and make install then /usr/local will be created automatically. If you are using pkgsrc then /usr/pkg will be the default location. You can also bootstrap pkgsrc so that it operates in unprivileged mode; this way pkgsrc installs to bin, sbin and so on in /home/william/pkg/ , no root user or sudo required. This is a very nice feature of pkgsrc which honours the principle of least privilege. Just extract the pkgsrc tarball to $HOME and cd to ~/pkgsrc/bootstrap. Then do ./bootstrap --unprivileged and the configuration file ~/pkg/etc/mk.conf will be adjusted accordingly so that software is installed to ~/pkg/bin and ~/pkg/sbin. -- Gerard Lally
Re: Minor setup issues
On Wed, 15 Jul 2015 11:18:48 + William A. Mahaffey III wrote: I have my shiny new NetBSD 6.1.5 server up running, all RAID devices working AOK, several reboots completed, swap configured, etc. All is well except for a few pilot errors. Following recommendations I now login to root by su, rather than directly at the console. When I do, none of my aliases get set filename completion using the tab key doesn't work. This isn't huge, but is irritating. You're probably using sh. If so you will need the following options in .shrc: set -o emacs set -o tabcomplete NetBSD also has ksh which is, as far as I know, pdksh under the hood. A better korn shell clone is mksh, available in pkgsrc. All is well logging in at the console, although the screen is limited to 80 chars/line 25 lines, which restricts what you can see in crowded directories. I am ssh-ing in as my regular user, BTW, that probably makes a difference. When fully operational, there will be no kbd/mouse/monitor hooked up, so I do need to get this either fixed or understood. I found the best way to deal with the console is to specify a vesa mode in /boot.cfg. When booting, choose 5 to drop to a prompt and type vesa list. This will give you a list of vesa modes supported by your hardware. For example, 0x14b. You then type vesa 0x14b and then boot. You can then add your chosen mode to /boot.cfg as follows: menu=Boot normally:rndseed /var/db/entropy-file;vesa 0x14b;boot netbsd -- Gerard Lally
Printing to a network printer by IP address
(Apologies if this ends up double-posted.) (System: NetBSD 7 amd64) Is is possible to print to an ethernet-connected printer with just the standard NetBSD print commands (LPD, LPR), without going through CUPS? The printer is connected directly to the network switch and has a fixed IP address on the LAN; there is no print server. It is a business-class Ricoh Aficio MP C2800 Postscript and PCL printer. I have a hard time getting a conceptual overview of printing in BSD and Linux to be honest; it seems to be a bit of a minefield with postscript, ghostscript, CUPS, filters, foomatic, drivers, spooling, line printing and so on. At the moment I would like to print a copy of some of the text configuration files in /etc but it would be useful eventually to be able to print documents formatted with graphics as well. -- Gerard Lally
Re: Printing to a network printer by IP address
At date and time Sun, 21 Jun 2015 16:11:56 +0100, Matthias Scheler wrote: | On Sun, Jun 21, 2015 at 02:46:19PM +0100, Gerard Lally wrote: | Is is possible to print to an ethernet-connected printer with just the | standard NetBSD print commands (LPD, LPR), without going through CUPS? | | Yes, at least if the printer supports HP Jetdirect which most printers | (even non-HP ones) do. Please check whether your printer accepts | TCP connections on port 9100. Thank you Matthias. I will be able to check that tomorrow. -- Gerard Lally
Re: Printing to a network printer by IP address
At date and time Sun, 21 Jun 2015 15:49:47 +, Ron Swiernik wrote: | Allmost all my print queues are without filters. NetBSD makes is | s much easier with the lp=port@hostname. | | Sample printcap entry: | lp:\ | :sh:\ | :lp=9100@default:\ | :sd=/var/spool/output/default:\ | :lf=/var/log/lpd-errors:\ | :mx#0: | | For basic stuff the printer should be able to recongize the | input stream. I have done this to Ricoh station simular to that | class. It will only use the defaults that the printer is set to. | If you want to do anything else it is probably easier to use | some filtering thing like CUPS. This is very useful, and it clears up the concept of filters for me, to an extent. Thanks. -- Gerard Lally
Re: Printing to a network printer by IP address
At date and time Sun, 21 Jun 2015 09:18:39 -0700, jgw wrote:
| Gerard Lally lists+netbsd.current.us...@netmail.ie wrote:
|
| (NetBSD 7 amd64)
|
| Is is possible to print to an ethernet-connected printer with just the
| standard NetBSD print commands, without going through CUPS? The printer
| is connected directly to the network switch and has a fixed IP address
| on the LAN; there is no print server. It is a business-class Ricoh
| Aficio MP C2800 Postscript and PCL printer.
|
| I have a hard time getting a conceptual overview of printing in BSD and
| Linux to be honest; it seems to be a bit of a minefield with postscript,
| CUPS, filters, ghostscript, foomatic, drivers, spooling, line printing
| and so on.
|
| At the moment I would like to print a copy of some of the text
| configuration files in /etc but it would be useful eventually to be
| able to print documents formatted with graphics as well.
|
| As others mentioned, you can just setup BSD lpd. You will likely need to
| create a filter for it as well as a spool file. And probably install
| ghostscript. I believe the FreeBSD Guide has some info on it. I've been
| using it for years with an HPLJ and it works fine for occasional print
| jobs. If you want my notes let me know off-list.
That printing section in the FreeBSD Guide is very good! It gives a
great overview of the various parts and how they fit together. The
overview was what I was missing. Thanks for the reference. I'll
study the method below as well when I get back to that network
tomorrow.
| A few years ago I came across an alternate technique using just netcat/ncat
| which is actually very fast if you can avoid dealing with postscript; my
| notes are below:
|
| --
| Printing w/o lpd(8) to a Network Printer:
|
| Using ncat(1) and an appropriate print filter you can print directly to
| a network printer that understands raw input.
|
| For example, the HPLJ-2100 is a PCL-only printer (doesn't understand
| Postscript) and listens on port 9100. The following makes use of the
| current lpd(8) print filter to process plain text, Postscript and PCL
| files:
|
| % cat cat_sitter.ps | /usr/local/lib/if\-hplj_2100 | ncat 192.168.1.12
9100
|
| The filter uses gs(1) (Ghostscript), something like so:
|
| % gs -q -dSAFER -sDEVICE=lj5gray -sOutputFile=- -
|
| This requires a lot of CPU cycles and produces rather large PCL outputs.
| It's better to produce PCL source files directly if possible:
|
| ex)
| # create a PCL file created two ways:
| % groff -ms -Tlj4 my_file.ms cat_sitter.pcl
| % groff -ms my_file.ms | gs -sDEVICE=lj4 -sOutputFile=cat_sitter.PCL -
|
| # compare the files
| % ls -sh1 my_file.{pcl,PCL}
| 1.2M my_file.PCL
| 3.8K my_file.pcl = over 300x difference!
--
Gerard Lally
Re: How to enable quotas on /home
At date and time Mon, 4 May 2015 19:46:14 +0200, Manuel Bouyer wrote: On Sun, Apr 26, 2015 at 02:20:36PM +0100, Gerard Lally wrote: I'm trying to get quotas working on 7 beta. As far as I can tell the old way of implementing quotas in fstab has been superseded, and fstab(5) recommends turn[ing] on the new, in-file system quota with tunefs(8) or at newfs(8) time, and to not use the 'userquota' or 'groupquota' options. /home is a GPT partition - /dev/dk3. The file system was created as follows: newfs -O2 -b 16384 -f 2048 /dev/dk3 tunefs -q user -q group /home returns enabling user quotas, enabling group quotas, which appears to confirm user and group quotas have been successfully enabled. I then run fsck_ffs on /home, following the recommendation in tunefs(8). I follow the prompts to create user quota inodes and group quota inodes; one thing I notice is it repeatedly informs me of user and group quota mismatches for ID 0 and 1000. At this stage quotas seem to be enabled but edquota tells me no mounted filesystems have quota support. Forcing fsck_ffs at reboot with the -f flag in rc.conf makes no difference; as soon as I reboot tunefs -N /home tells me quotas are disabled again. Where am I going wrong? I've looked at all the quota-related man pages but it's quite hard to separate those relevant to the new quota subsystem from those relating to the older method. quotaon(8) and quotaoff(8), for example, don't seem relevant to the new method. You did run tunefs with /home unmounted, did you ? Well it appears not. Thank you once again Manuel; I'm now able to get edquota up and running for /home. Little by little I am getting there! -- Gerard Lally
How to enable quotas on /home
I'm trying to get quotas working on 7 beta. As far as I can tell the old way of implementing quotas in fstab has been superseded, and fstab(5) recommends turn[ing] on the new, in-file system quota with tunefs(8) or at newfs(8) time, and to not use the 'userquota' or 'groupquota' options. /home is a GPT partition - /dev/dk3. The file system was created as follows: newfs -O2 -b 16384 -f 2048 /dev/dk3 tunefs -q user -q group /home returns enabling user quotas, enabling group quotas, which appears to confirm user and group quotas have been successfully enabled. I then run fsck_ffs on /home, following the recommendation in tunefs(8). I follow the prompts to create user quota inodes and group quota inodes; one thing I notice is it repeatedly informs me of user and group quota mismatches for ID 0 and 1000. At this stage quotas seem to be enabled but edquota tells me no mounted filesystems have quota support. Forcing fsck_ffs at reboot with the -f flag in rc.conf makes no difference; as soon as I reboot tunefs -N /home tells me quotas are disabled again. Where am I going wrong? I've looked at all the quota-related man pages but it's quite hard to separate those relevant to the new quota subsystem from those relating to the older method. quotaon(8) and quotaoff(8), for example, don't seem relevant to the new method. -- Gerard Lally
Request to reconsider removal of groff from base system
While reading the INSTALL notes for amd64 today, I learned that groff(1)
is to be phased out in a future release, since man pages are handled
with mandoc(1), and groff(1) can still be found in pkgsrc as textproc/groff.
As someone who uses groff as a lightweight alternative to TeX and
friends**, I wonder if it could be kept in the base system. One of my
NetBSD systems is a small VPS server, where I don't have any need, or
indeed much space, to use pkgsrc. I maintain a couple of other NetBSD
systems as backup servers, and pkgsrc is not installed on them either,
but I do use groff to format automated {daily,weekly,monthly} reports.
I would be disappointed to see groff removed from the base system. It
is a nice fit for NetBSD's minimalist philosophy, and I ask that the
decision to remove it be reconsidered. Thank you.
** http://www.schaffter.ca/mom/mom-03.html
--
Gerard Lally
Re: Request to reconsider removal of groff from base system
At date and time Tue, 31 Mar 2015 15:18:36 +0200, tlaronde wrote: On Tue, Mar 31, 2015 at 12:24:51PM +0100, Gerard Lally wrote: As someone who uses groff as a lightweight alternative to TeX and friends** FWIW, I have developed a minimal TeX system: kerTeX (http://www.kergis.com/kertex.html) (french; english at http://www.kergis.com/en/kertex.html). A minimal install can be as small as 8MB. The default (with the AMS fonts, e-TeX, dvips, MetaPost, bibtex and the Adobe standard PostScript fonts metrics) is less than 40MB. The advantage of the TeX system is that it is self-sufficient : it includes fonts and the mean to design them. Thank you for this reminder Thierry. I took note of your work a long time ago and will certainly keep it in mind should I abandon groff, but for now I have invested some time in learning groff. To Greg and Eric: thank you for your replies. I suppose the long and the short of it is that a powerful typesetting system - groff - is already there, in base. It's not really about the space used, but rather that a minimal NetBSD setup comes pre-loaded with industrial-strength document layout and typesetting software. To my mind that is quite amazing, and it speaks volumes about both NetBSD and groff. NetBSD packs a lot of punch into the base system and I feel it would be sad to sacrifice that power for what seems to me little or no gain. -- Gerard Lally
Re: NPF on domU - more clarity required
At date and time Sat, 27 Dec 2014 14:49:03 +1300, Chris Bannister wrote: On Fri, Dec 26, 2014 at 11:32:26PM +, Gerard Lally wrote: Thank you Michael, and thank you to all the other senior NetBSD devs who stooped to help out this perpetual newbie, here and in private! It would be nice if people posted to the thread so as to help other users in the future. Point taken, but on this occasion it was just to let me know my question had been posted elsewhere for increased exposure. -- Gerard Lally
Re: NPF on domU - more clarity required
At date and time Fri, 26 Dec 2014 20:10:35 + (UTC), Christos Zoulas wrote: In article 20141226020448.ee93.280fc...@netmail.ie, Gerard Lally lists+netbsd.us...@netmail.ie wrote: I have been struggling to get NPF up and running on a NetBSD VPS, specifically a Xen domU. I really think for security reasons NPF should be nearly ready to go, so that we don't have to spend hours researching and pulling our hair out trying to fix what should be a straightforward issue, which leaves a machine vulnerable when it probably needs protection most. It appears this problem came up some years ago, but Googling provides me with no fix. I understand that NetBSD as a Xen domU does not support kernel modules. So the recommendation in the NPF documentation to modload npf_ext_log does not apply here. Fine, I took a wild guess and compiled a new Xen domU kernel with the following two lines added to make sure NPF logging and normalisation functionality was compiled into the kernel instead: options NPF_EXT_LOG options NPF_EXT_NORMALISE Needless to say I also made sure pseudo-device npf was enabled as well. I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0 with just the word create. I kept the contents of npf.conf to a minimum for troubleshooting, but NPF just refuses to load. This is the error I get at boot: npfctl: cannot open '/dev/npf': Device not configured npfctl: cannot open '/dev/npf': Device not configured /etc/rc.d/npf exited with code 1 See if the device driver for npf is registered with the kernel correctly: $ sysctl kern.drivers | tr , '\n' | grep npf [198 -1 npf] Thank you Christos. [root]# sysctl kern.drivers | tr , '\n' | grep npf [198 -1 npf] Make sure that the device numbers are correct: $ ls -l /dev/npf crw--- 1 root wheel 198, 0 Oct 13 2013 /dev/npf [root]# ls -la /dev/npf crw--- 1 root wheel 198, 0 Dec 26 00:38 /dev/npf Look at the ktrace output and see what operation fails: $ ktrace /sbin/npfctl start $ kdump | less [root]# ktrace /sbin/npfctl start npfctl: cannot open '/dev/npf': Device not configured [root]# kdump | less kdump.txt attached. I should have added extra information in my last post as well. Better late than never: NetBSD xx.xen.prgmr.com 7.0_BETA NetBSD 7.0_BETA (XEN3_DOMU.201412251110Z) amd64 System installed using ftp, from nyftp.netbsd.org, with all sets. I used the following config to compile the kernel with npf built-in, using syssrc.tgz from NetBSD 7.0_BETA 201412251110Z: /usr/src/sys/arch/amd64/conf/XEN3_DOMU Perhaps I caused myself a problem by extracting syssrc.tgz and compiling the kernel as a normal user instead of root? I've just noticed the owner and group on /usr/src/sys/arch/amd64/compile/custom-20141226/ are gerard:wsrc. Should that be root:wsrc instead? (I am in the wsrc group.) I seem to remember reading it's permissible to compile a kernel as a normal user once you're in the wsrc group. -- Gerard Lally kdump.txt Description: Binary data
Re: NPF on domU - more clarity required
At date and time Fri, 26 Dec 2014 22:38:05 + (UTC), Michael van Elst wrote: lists+netbsd.us...@netmail.ie (Gerard Lally) writes: compiling the kernel as a normal user instead of root? I've just noticed the owner and group on /usr/src/sys/arch/amd64/compile/custom-20141226/ are gerard:wsrc. Should that be root:wsrc instead? It doesn't matter who is the owner of the build directory, but did you actually boot this kernel? Oh dear. Problem solved. I've made a very silly mistake. With prgmr I should have placed the custom kernel in /ext2fs/boot/ instead of / The domU was not using my custom /netbsd kernel at all. It was still using the domU kernel installed by sysinst. The kernel specified in /boot.cfg, which I mistakenly assumed was the booting kernel, is irrelevant. NetBSD as a prgmr domU uses a grub setup with the domU kernel in a small ext2 partition /ext2fs/boot/ and the boot configuration file /ext2/boot/grub/menu.lst Well I am happy this problem is now solved, and I apologise for my cantankerous first post! Mea culpa. Thank you Michael, and thank you to all the other senior NetBSD devs who stooped to help out this perpetual newbie, here and in private! As a sidenote, if there's a way of eliminating the grub cruft and using NetBSD's boot manager instead I'd be glad to hear it. -- Gerard Lally
NPF on domU - more clarity required
I have been struggling to get NPF up and running on a NetBSD VPS,
specifically a Xen domU. I really think for security reasons NPF should
be nearly ready to go, so that we don't have to spend hours researching
and pulling our hair out trying to fix what should be a straightforward
issue, which leaves a machine vulnerable when it probably needs
protection most. It appears this problem came up some years ago, but
Googling provides me with no fix.
I understand that NetBSD as a Xen domU does not support kernel modules.
So the recommendation in the NPF documentation to modload npf_ext_log
does not apply here. Fine, I took a wild guess and compiled a new Xen
domU kernel with the following two lines added to make sure NPF logging
and normalisation functionality was compiled into the kernel instead:
options NPF_EXT_LOG
options NPF_EXT_NORMALISE
Needless to say I also made sure pseudo-device npf was enabled as well.
I also made sure /dev/npf existed, and I created /etc/ifconfig.npflog0
with just the word create.
I kept the contents of npf.conf to a minimum for troubleshooting, but
NPF just refuses to load. This is the error I get at boot:
npfctl: cannot open '/dev/npf': Device not configured
npfctl: cannot open '/dev/npf': Device not configured
/etc/rc.d/npf exited with code 1
I have /usr on a separate partition which might cause this error at boot
but should not cause the error when I do
/etc/rc.d/npf reload ; /etc/rc.d/npf start
after the system is up and running.
Here are the contents of npf.conf:
===
# /etc/npf.conf
$wired_v4 = { inet4(xennet0) }
procedure log {
log: npflog0
}
group wired on $wired_v4 {
# disable 80 until we are sure this is running properly
# pass in final family inet4 proto tcp to $wired_v4 port 80
pass in final family inet4 proto tcp to $wired_v4 port 22022
pass stateful out final family inet4 proto tcp flags S/SA \
from $wired_v4
pass out final family inet4 proto tcp from $wired_v4
pass stateful out final family inet4 from $wired_v4
}
group default {
pass final on lo0 all
block all apply log
}
===
I have faced this issue on several occasions now and it is most
frustrating. I would like to be able to have a basic firewall up and
running within five minutes of setting up a machine. I'd been looking
forward to trying NPF but it feels as though I'm in the seven circles
of Hell trying to get it to run.
--
Gerard Lally
Sun Fire X4140
--- NetBSD 6.1/amd64 Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 The NetBSD Foundation, Inc. All rights reserved. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Build settings: Build date Mon May 13 02:23:15 UTC 2013 Built by bui...@b6.netbsd.org BSDOBJDIR = '/usr/obj' BSDSRCDIR = '/usr/src' BUILDID = '201305130021Z' DESTDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-dest' EXTERNAL_TOOLCHAIN = (undefined) HAVE_GCC = '45' HAVE_GDB = '7' INSTALLWORLDDIR = (undefined) KERNARCHDIR = 'arch/amd64' KERNCONFDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src/sys/arch/amd64/conf' KERNOBJDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj/home/builds/ab/netbsd-6-1-RELEASE/src/sys/arch/amd64/compile' KERNSRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src/sys' MACHINE = 'amd64' MACHINE_ARCH = 'x86_64' MAKE = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-tools/bin/nbmake' MAKECONF = '/home/builds/etc/make.conf' MAKEFLAGS = ' -d e -m /home/builds/ab/netbsd-6-1-RELEASE/src/share/mk -j 11 -J 15,16 -d e -m /home/builds/ab/netbsd-6-1-RELEASE/src/share/mk -j 11 -J 15,16 -j 1 HOST_OSTYPE=NetBSD-6.0.1-amd64 MKOBJDIRS=yes NOPOSTINSTALL=1 USETOOLS=yes _SRC_TOP_=/home/builds/ab/netbsd-6-1-RELEASE/src _SRC_TOP_OBJ_=/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj/home/builds/ab/netbsd-6-1-RELEASE/src _THISDIR_=etc/' MAKEOBJDIR = (undefined) MAKEOBJDIRPREFIX = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-obj' MAKEVERBOSE = '0' MKBFD = (undefined) MKBINUTILS = 'yes' MKCATPAGES = 'no' MKCRYPTO = 'yes' MKCRYPTO_RC5 = 'no' MKCVS = 'yes' MKDEBUG = 'no' MKDEBUGLIB = 'no' MKDOC = 'yes' MKDTRACE = 'no' MKDYNAMICROOT = 'yes' MKGCC = 'yes' MKGCCCMDS = 'yes' MKGDB = 'yes' MKHESIOD = 'yes' MKHTML = 'yes' MKIEEEFP = 'yes' MKINET6 = 'yes' MKINFO = 'yes' MKIPFILTER = 'yes' MKKERBEROS = 'yes' MKLDAP = 'yes' MKLINKLIB = 'yes' MKLINT = 'yes' MKMAN = 'yes' MKMANZ = 'no' MKMDNS = 'yes' MKNLS = 'yes' MKNPF = 'yes' MKOBJ = 'yes' MKOBJDIRS = 'yes' MKPAM = 'yes' MKPF = 'yes' MKPIC = 'yes' MKPICINSTALL = 'yes' MKPICLIB = 'yes' MKPOSTFIX = 'yes' MKPROFILE = 'yes' MKSHARE = 'yes' MKSKEY = 'yes' MKSOFTFLOAT = 'no' MKSTATICLIB = 'yes' MKUNPRIVED = 'yes' MKUPDATE = 'no' MKX11 = 'yes' MKYP = 'yes' NBUILDJOBS = (undefined) NETBSDSRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/src' NOCLEANDIR = (undefined) NODISTRIBDIRS = (undefined) NOINCLUDES = (undefined) OBJMACHINE = (undefined) RELEASEDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-rlse' RELEASEMACHINEDIR = 'amd64' TOOLCHAIN_MISSING = 'no' TOOLDIR = '/home/builds/ab/netbsd-6-1-RELEASE/amd64/201305130021Z-tools' USE_HESIOD = 'yes' USE_INET6 = 'yes' USE_JEMALLOC = 'yes' USE_KERBEROS = 'yes' USE_LDAP = 'yes' USE_PAM = 'yes' USE_SKEY = 'no' USE_YP = 'yes' USETOOLS = 'yes' USR_OBJMACHINE = (undefined) X11SRCDIR = '/home/builds/ab/netbsd-6-1-RELEASE/xsrc' X11FLAVOUR = 'Xorg' -- Gerard Lally
Re: Sun Fire X4140
At date and time Tue, 18 Nov 2014 21:30:18 +0300, Dima Veselov wrote: Hello! I was very, very impressed to see an oldish (mid-2013) NetBSD 6 install on this machine (I didn't have a more recent CD to hand), with hardware RAID, network adapters and video all working. I have bunch of this servers and yes, NetBSD support it almost fully. You seem to be lucky getting X4140 with LSI SAS adapter, because some of them has Adaptec, which is not supported. I tried a recent Linux as well but it failed to set up the network adapters. X4140 has strange NVIDIA bridges and network enumerator devices, which can cause problems. My configurations has many of them including Debian 6/7 and NetBSD 6 working for years in production. I plan to put NetBSD 7 on this over the next few days. Don't forget to update server firmware, because X4140 has nice but weak service processor and it is most vulnerable part of this server. Thanks for the advice Dima. I did indeed go searching for firmware updates but it seems we would need a support contract with Oracle, which is out of the question for this business. I might be able to get the person who supplied the server to download the firmware. Stock ILOM version can brick itself if it work for long time unattended. Still don't know reasons, but I have 3 bricks for past 5 yrs. Maybe they get offended without human attention? An expensive brick! Also don't be surprised if serial port speed between server and ILOM will change to default by itself - it's okay for any ILOM version :)) -- Gerard Lally
Emacs without X - eww missing libxml2
Hi, I wanted to try out the new Emacs 24.4 so I compiled it from source yesterday on a NetBSD 7 system which does not have X installed. $ ./configure --prefix=/usr --without-gif --without-tiff $ make # make install Emacs works fine, with one exception: I cannot visit websites in the new integrated browser, eww. Visiting any website gives me the following error: error in process filter: This function requires Emacs to be compiled with libxml2 I had earlier installed xmlcatmgr-2.2 and libxml2-2.9.2 libraries (to /usr/lib), but «ldd /usr/bin/emacs» shows no reference to libxml2. Should I expect eww to work in a NetBSD system without X? According to pkgsrc.se the only dependency libxml2 has is xmlcatmgr. -- Gerard Lally
Re: hp aio : netbsd won't boot ...
At date and time Thu, 25 Sep 2014 01:42:47 +0530, Mayuresh Kathe wrote: okay, i finally got myself a low end machine at an affordable price. http://hpshopping.in/HP_18-5019il_All-in-One_Desktop_PC the problems started after unpacking the machine. netbsd 6.1.4 (amd64) install cd just won't boot. after fiddling around with the bios (which looks like uefi), it booted, but refused to install, after some more coaxing moved till the newfs execution phase and then barfed. i tested with a bunch of other operating systems (ubuntu 14.04 and omnios), which it install and boot up like a charm. at the moment, have upgraded the memory to 4gb, and run netbsd 6.1.4 via virtual box under ubuntu (desktop) 14.04, but the resource consumption is crazy, i can't even fire up firefox while running netbsd in that mode. any ideas about how i could make netbsd work on bare metal? or should i simply upgrade the memory to a total of 8gb (which is going to be quite difficult a proposition at the moment)? Have you disabled Secure Boot? -- Gerard Lally
Re: Can I use a native Linux installation as DomU?
At date and time Sun, 24 Aug 2014 18:39:05 +0530, Mayuresh wrote: I am running NetBSD 6.1 i386, XEN3 DOM0, xentools 41. I have a Fedora 17 installation on a separate partition. Currently I can dual boot into either of the OSes. I am trying to run Fedora 17 as DomU on NetBSD Dom0. Firstly, is it a terrible idea - particularly if I need to continue to use the Fedora 17 installation natively as well? No, not a terrible idea at all. I did this some years ago with Slackware. Quite straightforward, even though I was new to Slackware and NetBSD at the time. When you are in bare-metal Fedora make sure disk mounts are specified with UUID rather than /dev, so that the mounts are correct for both bare-metal and domU. Just run blkid to get a mapping of UUID to /dev Then replace /dev/sdaXXX with the corresponding UUID in /etc/fstab. For example, replace this: /dev/sda1 / ext3 defaults 1 2 with this: UUID=41c22818-fbad-4da6-8196-c816df0b7aa8 / ext3 defaults 1 2 Perhaps Fedora already specifies mounts this way; Slackware doesn't. I also found it easier to set up if I used LVM. Another thing you should do while in bare-metal Fedora is set up SSH, VNC and/or XDMCP, so that you will be able to log into Fedora when it's running as a domU. -- Gerard Lally
Re: Recent video-related commits: summary wanted
At date and time Mon, 18 Aug 2014 08:39:22 -0600, Roy Bixler wrote:
On Sat, Aug 16, 2014 at 09:30:50PM +0100, Gerard Lally wrote:
There have been many video-related commits to the source tree recently,
which I am doing my best to understand. Radeon, nouveau, drm, kms, and
the like. It would be nice if someone would summarise what is happening
and what difference it makes, and whether NetBSD 7 will benefit. A
question I have for starters: do these changes bring native X up to date
in -7, and if so would there be any compelling reason to choose modular
X instead?
Whether NetBSD 7 benefits is on the eye of the beholder, but I believe
the basic purpose of these commits is to import code from the Linux
Direct Rendering Manager subsystem. This is the part of the kernel
that interfaces with the Graphics Processing Unit of the system. The
idea is to put the system into graphics mode at bootup, eliminating
the classic text mode. In a sense, text mode still exists from what
I've seen of Linux systems, which generally use the DRM subsystem to
change fonts to different sizes. The X Server's operation becomes
more seamless.
I don't think I've seen the full benefit of this code yet, since the
system I've installed NetBSD 7 on has an NVidia card and it doesn't
seem that Nouveau is active by default. I will be interested to see
how it works. If it's like my expreience in Linux, then it will work
fairly well and actually be more stable than the proprietary NVidia
driver. The disadvantage is that it doesn't support as many NVidia
cards or, for the cards it does support, it may not support all of the
features of those cards. I also found that suspend/resume worked
better with the NVidia driver than with the Nouveau driver.
Thanks for the information Roy. I'm probably slow to understand this but
is this DRM a supplement to the {nvidia,nouveau,radeon} driver or a
replacement for it? It seems to me from what you say in the first
paragraph its scope is quite narrow, affecting only bootup, but then in
your second paragraph it seems to be a replacement for the driver - you
hope it is more stable than the proprietary NVidia driver.
--
Gerard Lally
Recent video-related commits: summary wanted
There have been many video-related commits to the source tree recently, which I am doing my best to understand. Radeon, nouveau, drm, kms, and the like. It would be nice if someone would summarise what is happening and what difference it makes, and whether NetBSD 7 will benefit. A question I have for starters: do these changes bring native X up to date in -7, and if so would there be any compelling reason to choose modular X instead? -- Gerard Lally
Re: Reliable way to run emulated Linux under NetBSD
At date and time Thu, 14 Aug 2014 19:16:15 +0200, Kamil Rytarowski wrote: Hello, So nobody actually uses qemu? I will give a try to XEN. Thanks, I think Xen is a better choice myself. I tested it a couple of years ago and found it stable and fast. I had the following domUs running under a NetBSD dom0: NetBSD (x3) -- paravirtualised Slackware (x1) -- paravirtualised Windows 2008 (x1) -- HVM Windows XP (x1) -- HVM The Slackware domU was very interesting. I'll try to explain from memory, but it's been a while so I don't have all the details. I do have notes but they're not accessible to me right now. If you get stuck i'll dig them out and see if they help. What I did was to install NetBSD first, using just 5 or 10 GB of the disk, and then set up Xen. I then installed Slackware on the remainder of the disk, making sure to install Lilo to /boot, not MBR. I installed Slackware on Logical Volumes (LVM) - lvm-root, lvm-home, etc. I compiled a new kernel and initrd in Slackware with Xen support (leaving out all hardware and other options not relevant to a Xen domU), and I copied this kernel and the initrd to NetBSD's / . I did not delete the old kernel, but left it as the first option for Lilo. I aslo configured the NetBSD bootloader to boot into Slackware, using the fdisk -b option. I then made sure to configure /etc/fstab in Slackware with blkid references, to ensure Slackware would be able to boot as a domU and as a physical machine. Another thing I did was to set up Slackware with a VNC server and also XDMCP. I also set up NFS to share files between the dom0 and domU. After all this I was able to return to NetBSD and configure a domU for Slackware, running in paravirtualised mode (PV is lightning fast). To access the Slackware domU from the dom0 I used either VNC or XDMCP. Both of these were fast; the only thing I couldn't configure at the time was audio. But the icing on the cake for me was also being able to boot into the same Slackware as a physical machine, by using the first kernel. So I had a physical Linux setup dual-booting with NetBSD which also served as a domU inside NetBSD's Xen! To my mind this was incredible. I fully intend to replicate this setup as my day-to-day working setup when NetBSD 7 is released. I've learnt a lot about NetBSD since that I didn't know then. I recommend NetBSD Xen highly: you have all the benefits of NetBSD and with a paravirtualised Linux domU you also have the benefit of a very fast Linux setup. And if you do what I did, you can also dual-boot into this Linux setup whenver you want, if there is something you find you can't do while it is running under Xen as a domU. Hope this helps. -- Gerard Lally
Re: NPF not loading and starting at boot
At date and time Tue, 12 Aug 2014 15:14:05 -0500, J. Lewis Muir wrote: On 8/10/14, 4:11 PM, J. Lewis Muir wrote: Hello. I'm running amd64 NetBSD 6.1.4 (GENERIC) in a Red Hat KVM (RHEL 6.4.0 PC) virtual machine. I have configured NPF to load and start at boot by adding npf=YES to /etc/rc.conf. However, after booting, NPF is not running: === # npfctl show Filtering: inactive Configuration: empty === Starting it by hand using the rc.d system works fine: === # /etc/rc.d/npf start Enabling NPF. === I investigated some more. I looked at /etc/rc and discovered that /var/run/rc.log contains a log of the rc.d system start-up. I checked it, and it contains: === [running /etc/rc.d/npf] Enabling NPF. === So, it looks like it's starting NPF OK. To further check this, I added the following to the end of /etc/rc.local: === /sbin/npfctl show /tmp/rc.local-npfctl-show.txt 21 === And after booting, that file in /tmp contains what I would expect as if everything was OK at that point in the boot (which I understand is fairly late in the start-up): === # head -n 2 /tmp/rc.local-npfctl-show.txt Filtering: active Configuration: loaded === But again, when I log into the machine via SSH after it boots and run npfctl show, somehow NPF is off and the configuration is empty: === # npfctl show Filtering: inactive Configuration: empty === So, NPF is ending up turned off with an empty configuration between when /etc/rc.local ran and when the rc.d system start-up finished. Any ideas on what is causing this? Thanks! Lewis As a complete newcomer to npf I'm not sure if this is helpful, but here goes anyway: do you have logging turned on in your npf.conf, and if so, have you created the interface npflog0? -- Gerard Lally
Re: Veriexec - automatic notification of mismatch?
At date and time Mon, 7 Jul 2014 10:51:48 +0200, Martin Husemann wrote: On Mon, Jul 07, 2014 at 05:25:59AM +0100, Gerard Lally wrote: Without checking /var/log/messages manually, how would I go about triggering an instant notification if a file or files monitored by veriexec had changed? I suppose you could set up a program specification in syslog.conf and send mail or text yourself. A simple script reading one line and echoing it to mail should do. Thank you Martin. I am studying syslog.conf now. -- Gerard Lally
Veriexec - automatic notification of mismatch?
I've set up veriexec to monitor a data directory (20GB) containing documents, pictures, music, and other personal files. I've tested veriexec at Strict level 1 and it is working as expected. The reason I'm doing this is to see whether or not veriexec can be used to monitor a data directory for silent bitrot or file corruption. Without checking /var/log/messages manually, how would I go about triggering an instant notification if a file or files monitored by veriexec had changed? A cron job doesn't seem the right way to do this. Is there some other blindingly obvious way of doing this which has sailed right over my head? ;) -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Fri, 20 Jun 2014 09:22:14 -0700, Jeff Rizzo wrote: On 6/19/14, 5:20 PM, Gerard Lally wrote: 3) Using NAME=dk0 in /etc/fstab didn't work for me; I had to specify /dev/dk0, /dev/dk1, etc. dk names also do not persist across reboots. For example, if I create a wedge as follows the dk_swap name reverts to dk1 after rebooting. dkctl wd0 addwedge dk_swap 64 2097152 swap This is not a big deal but it leaves me wondering how NAME=xxx in fstab is supposed to work. Does it work with GPT labels instead? The NAME= stuff is in NetBSD-current but not -6, so it will first appear in NetBSD 7.0. Thanks for the info. -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Fri, 20 Jun 2014 18:54:03 +0930, Brett Lymn wrote: On Fri, Jun 20, 2014 at 01:20:03AM +0100, Gerard Lally wrote: 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page leave me less than 100% confident. Yes. I am using GPT on my laptop in a multiboot netbsd/linux/win8 set up. It takes some care to set up but works fine. I do intend to write up what I have done when I have some time. Please do, and let us know when you do. -- Gerard Lally
Re: GPT questions - gpt reliability, wedge naming, and filesystem scaling.
At date and time Thu, 19 Jun 2014 21:51:12 -0400, Greg Troxel wrote: Gerard Lally lists+netbsd.us...@netmail.ie writes: 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page leave me less than 100% confident. On NetBSD 6, I would say yes. Even on 5, I think so. I am not really clear on booting from GPT, but for other than the boot/root fs it should be fine. I have multiple systems with gpt disks and no issues. 2) As I understand it the NetBSD FFS filesystem is capable of growing to 8 zettabytes, but MBR partitioning combined with traditional disklabels meant we were restricted to 2 (or 4) TB partitions in practice. Am I right in saying that GPT and wedges remove this restriction, and we can now create partitions and filesystems greater than 4TB? I think disklabels are limited to 2TB; I'm not sure if it's the whole disk or per partition. (Maybe that's 4TB.) That is correct - GPT does not have a 2TB limit. That's great. It will be a while before I get 2TB disks for my data but I'm glad the restrictions won't be there when I do. 3) Using NAME=dk0 in /etc/fstab didn't work for me; I had to specify /dev/dk0, /dev/dk1, etc. This is not a big deal but it leaves me wondering how NAME=xxx in fstab is supposed to work. Does it work with GPT labels instead? My impression is that NAME matched the gpt label, so you could mount a disk with label foo on /volumes/foo repeatedly. 4) To get the sector offsets and sizes right I first created a traditional MBR + disklabel setup, sizing partitions in MB and taking note of the sector offsets and sector sizes this produced. I started at 2048. After destroying the MBR + disklabel setup I then used this information to create GPT partitions. I assume this is a safe way to do it? I am not really familiar with partition alignment, and even less so since the new disks came out. In the modern world, disks don't really have consistent geometries. So the big alignment issue is to make sure that you line up on physical blocks, which are often 4K (on disks 2T and greater, or maybe 1T or greater). And, there is some threat of larger physical sizes later. So, two recommendations are: start the first partition at some multiple of 64 (because it's a multiple of any sane near-term size). start the first partition at 1 MB (2048 * 512 sectors), which is an even rounder number, and is still a negligible space waste. (This really surprised me when I did the math; I remember using 2.5 MB disks.) Whatever you do - don't start things at sector 34, which is the start of available space. Here's gpt show from a 1T disk I have in use. Note that I didn't worry about the exact size being round. startsize index contents 0 1 PMBR 1 1 Pri GPT header 2 32 Pri GPT table 34 30 64 1953525071 1 GPT part - NetBSD FFSv1/FFSv2 1953525135 32 Sec GPT table 1953525167 1 Sec GPT header So I really don't see why you are making disklabels and then transferring numbers. Just make all the start and size values a multiple of 2048 sectors, for some size that's round in binary, or close to what you want. Or live on the edge at 64 like I did (I'm kidding; I don't think there's anything wrong with 64). Well I did it that way because I hadn't really looked into sizing partitions by sector before, but when you mentioned it I went off and learned how to do it, using basic maths. Very straightforward actually. Thanks! If you find the man pages saying things that are wrong, feel free to send a patch fixing it. Yes I would like to start contributing back to NetBSD, but it will be mostly documentation (English and Philosophy were my subjects). -- Gerard Lally
GPT questions - gpt reliability, wedge naming, and filesystem scaling.
As an experiment I installed NetBSD 6 in a virtual machine to try and figure out GPT partitions and wedges. The experiment went well, and I learned for the first time how to install NetBSD by dropping to a shell from sysinst and running setup from the shell. As always Pierre-Philipp Braun was a great help. I have some questions. Answers to one or more of these questions are most welcome. 1) Is it safe to use GPT on NetBSD? The warnings on the gpt man page leave me less than 100% confident. 2) As I understand it the NetBSD FFS filesystem is capable of growing to 8 zettabytes, but MBR partitioning combined with traditional disklabels meant we were restricted to 2 (or 4) TB partitions in practice. Am I right in saying that GPT and wedges remove this restriction, and we can now create partitions and filesystems greater than 4TB? 3) Using NAME=dk0 in /etc/fstab didn't work for me; I had to specify /dev/dk0, /dev/dk1, etc. dk names also do not persist across reboots. For example, if I create a wedge as follows the dk_swap name reverts to dk1 after rebooting. dkctl wd0 addwedge dk_swap 64 2097152 swap This is not a big deal but it leaves me wondering how NAME=xxx in fstab is supposed to work. Does it work with GPT labels instead? 4) To get the sector offsets and sizes right I first created a traditional MBR + disklabel setup, sizing partitions in MB and taking note of the sector offsets and sector sizes this produced. I started at 2048. After destroying the MBR + disklabel setup I then used this information to create GPT partitions. I assume this is a safe way to do it? I am not really familiar with partition alignment, and even less so since the new disks came out. -- Gerard Lally
Re: openbsd - netbsd : same yet feels different ...
At date and time Wed, 18 Jun 2014 07:39:59 +0300, Terho Uotila wrote: On Wed, 18 Jun 2014 00:06:12 +0100 Gerard Lally wrote: guide. Indeed I am still not 100% clear about it. It's also difficult to get mk.conf working so that GNU and Perl and Sourceforge software is pulled from a local mirror. No matter what I try to get it pulled from HEAnet in Dublin most of it still seems to come from Vienna! Have you tried setting MASTER_SORT in /etc/mk.conf? (see /usr/pkgsrc/mk/defaults/mk.conf) Sites seem to be listed in /usr/pkgsrc/mk/fetch/sites.mk, and most do not have irish mirror listed, maybe you also need to add MASTER_SITE_XXX+= ftp://your.nearest.mirror to /etc/mk.conf (I haven't tried these, but they don't seem unreasonable ideas to try.) Yes I tried it with .ie first in MASTER_SORT but it didn't seem to make any difference. I then disabled MASTER_RANDOM_SORT and then added the following at the bottom of mk.conf: MASTER_SITE_GNU=ftp://ftp.heanet.ie/pub/gnu/ MASTER_SITE_SOURCEFORGE=ftp://ftp.heanet.ie/mirrors/sourceforge/ This seems to have fixed it for me so far. I'll now try Irish mirrors for Perl. Many thanks! -- Gerard Lally
Re: openbsd - netbsd : same yet feels different ...
At date and time Tue, 17 Jun 2014 13:43:05 +, Mayuresh Kathe wrote: hello, it's been 3 days since i took advice from aaron b and migrated to netbsd from openbsd. i won't go overboard and say that i'm an instant fan-boy, but frankly, the system feels the same, yet quite different. for one, the responsiveness while using the operating system is much better than under openbsd (or even freebsd). secondly, the community (mailing list) isn't grumpy. :) i migrated primarily because of the upcoming support for lua throughout the operating system, hope it materializes. what else could someone who's not so much into system setup and administration, nor into systems programming do with netbsd? ah yes, i am not much of a 'gui' user, so will be working at the console, primarily, but would be nice to know if there's anyone here using or carrying over 'cwm' from openbsd, it's kinda nice. I too moved from OpenBSD to NetBSD. (For 20+ years before that I was an illiterate product of the Irish education system, knowing and caring for nothing other than Microsoft Windows.) I liked and still like OpenBSD: their pf packet filter with queueing integrated; their work on OpenSSH; and their commitment to security. But a couple of things nagged me. One was the recommendation not to install from source. The other was the outright refusal to countenance OpenBSD as a host for virtual machines. When I discovered NetBSD it was like a breath of fresh air. The whole system has a feel to it that is just right. And NetBSD has Xen! pkgsrc has just-in-time su! NetBSD has veriexec! LVM and npf have arrived! NetBSD 7 will have ipfilter 5, which can block based on domain names! Honestly, to my mind NetBSD feels like a beautifully engineered system, much more than any other system I have tried. I am not a programmer or a professional sysadmin. I understand every system has its flaws, and I certainly have encountered them along the way in NetBSD. Things I'd love to see in NetBSD: Dragonfly BSD's Hammer; a more complete wiki, which supersedes all the conflicting and out-of-date documentation out there. I would also like to see a *step-by-step* guide to pkgsrc on NetBSD. The pkgsrc guide falls short of giving this. For example, it makes the assumption we know where mk.conf is, and where it should go, and what adjustments we need to make to the file before we start using pkgsrc. It took me a long time to understand the difference between just-in-time su and compiling an unprivileged build: this will seem ridiculously obvious to those in the know but to absolute beginners it is thoroughly confusing and there is no clear explanation in the guide. Indeed I am still not 100% clear about it. It's also difficult to get mk.conf working so that GNU and Perl and Sourceforge software is pulled from a local mirror. No matter what I try to get it pulled from HEAnet in Dublin most of it still seems to come from Vienna! These criticisms aside, NetBSD remains for me the gold standard in operating system design and behaviour. The NetBSD developers and users here are patient and friendly. They don't tolerate anything less than excellence, and they are patient. Too patient sometimes! I am dying to see 7 branched! But at least their conservatism means we will never see any of the brain-dead rubbish that has infested Linux make its way into NetBSD. -- Gerard Lally
naviserver on NetBSD: is Linux emulation possible?
Hi, naviserver is a fork of AOLserver, which is a high-performing web server based on Tcl. http://en.wikipedia.org/wiki/NaviServer I am interested in naviserver because I am learning Tcl, and I would like to see how far I can go developing web applications in Tcl without using the standard Apache-MySQL-PHP stack. However, I have been unable to install naviserver from source on NetBSD 6 or current. I do not have the errors at hand but as far as I remember they related to pthreads. There is no pkgsrc entry available. Could naviserver perhaps run under Linux emulation in NetBSD? I have never tried Linux emulation. I can build naviserver on Slackware. I don't think there would be too many libraries to carry over. I'd like to know if it's possible and relatively straightforward before I invest too much time in it. -- Gerard Lally
Re: How to install rxvt-unicode-256color termcap entry on machine without X
At date and time Sat, 31 May 2014 11:40:14 +0930, Brett Lymn wrote: On Fri, May 30, 2014 at 10:42:04PM +0100, atomicules wrote: On 30-May-2014 14:31:11, Gerard Lally wrote: I copied this terminfo source file to my home directory in NetBSD and ran tic on it: tic -s rxvt-unicode-256color.terminfo. This created a .terminfo directory in HOME, and a subdirectory r with a single file in r called rxvt-unicode-256color. No cdb extension in other words. I'm stumped and confused. I don't understand how NetBSD could do that (not create a database file; a file with the .cdb extension). According to the man page for tic: DESCRIPTION The tic utility compiles terminfo(5) source into a database for use by other programs. The created database path name is the same as the source but with .cdb appended. The .terminfo directory and subdirecotry you describe is what I see on Arch Linux, but not NetBSD. Make sure you run the right tic - if you have ncurses installed due to some package dependency you may be accidentally running the ncurses tic which will produce the wrong results, try using /usr/bin/tic and see what happens. This catches me out from time to time. Well I finally found a way around it, although it feels like a kludge, but it's working now. There is only one tic by the way, in /usr/bin/tic. I'll give a summary in case someone else stumbles over this issue. Three machines: remote = remote NetBSD without X11 (and therefore without rxvt-unicode) local = local X11 client with rxvt-unicode terminal installed (Slackware) vm = temporary local NetBSD virtual machine with X11 and rxvt-unicode installed I installed NetBSD 6.1.4 with X11 on $vm, and installed rxvt-unicode on that machine. Running make install created three files in the doc/etc/ subdirectory of the working source directory. These three files were: rxvt-unicode.terminfo rxvt-unicode.termcap rxvt-unicode.terminfo.cdb. I copied these files to $HOME on $remote, and logged in to $remote from $local. Once again I ran tic on $remote: $ tic -s rxvt-unicode.terminfo But once again this failed to create a file with extension .cdb, although it did report successfully adding 2 entries to the database, creating ~/.terminfo and ~/.terminfo/r/, together with the two files rxvt-unicode and rxvt-unicode-256color in ~/.terminfo/r/. Once again top reported an error: no termcap entry for rxvt-unicode-256color. Now this is where I returned to the tic(1) and terminfo(5) man pages on $remote, but to my mind they are not clear here. terminfo(5) specifies the file $HOME/.terminfo.cdb as the database which contains terminal descriptions for personal use, but tic(1) doesn't seem to care, just saying that the created database path name is the same as the source but with .cdb appended. I take that to mean tic -s rxvt-unicode.terminfo should produce a file named rxvt-unicode.terminfo.cdb in $HOME. Needless to say it doesn't. At this point I took terminfo(5) literally and created $HOME/.terminfo.cdb by renaming the rxvt-unicode.terminfo.cdb file I had copied from $vm. Lo and behold that solved the problem straight away! top was happy, although tput complained about an unknown terminal but I solved this by logging in as root and running tic -s /home/gerard/rxvt-unicode.terminfo, which created these two files: /usr/share/terminfo/r/rxvt-unicode.terminfo /usr/share/terminfo/r/rxvt-unicode.terminfo-256color Now tput was happy as well. Problem solved, in a most convoluted way! I'm sure there must be an easier and less stressful way to solve this but I don't have the knowledge or time to go into it too deeply. All I want is a good terminal that works! Thanks to you and atomicule for the help. -- Gerard Lally
Re: How to install rxvt-unicode-256color termcap entry on machine without X
At date and time Sat, 31 May 2014 15:53:46 +0100, Gerard Lally wrote: At date and time Sat, 31 May 2014 11:40:14 +0930, Brett Lymn wrote: On Fri, May 30, 2014 at 10:42:04PM +0100, atomicules wrote: On 30-May-2014 14:31:11, Gerard Lally wrote: I copied this terminfo source file to my home directory in NetBSD and ran tic on it: tic -s rxvt-unicode-256color.terminfo. This created a .terminfo directory in HOME, and a subdirectory r with a single file in r called rxvt-unicode-256color. No cdb extension in other words. I'm stumped and confused. I don't understand how NetBSD could do that (not create a database file; a file with the .cdb extension). According to the man page for tic: DESCRIPTION The tic utility compiles terminfo(5) source into a database for use by other programs. The created database path name is the same as the source but with .cdb appended. The .terminfo directory and subdirecotry you describe is what I see on Arch Linux, but not NetBSD. Make sure you run the right tic - if you have ncurses installed due to some package dependency you may be accidentally running the ncurses tic which will produce the wrong results, try using /usr/bin/tic and see what happens. This catches me out from time to time. Well I finally found a way around it, although it feels like a kludge, but it's working now. There is only one tic by the way, in /usr/bin/tic. I'll give a summary in case someone else stumbles over this issue. Three machines: remote= remote NetBSD without X11 (and therefore without rxvt-unicode) local = local X11 client with rxvt-unicode terminal installed (Slackware) vm= temporary local NetBSD virtual machine with X11 and rxvt-unicode installed I installed NetBSD 6.1.4 with X11 on $vm, and installed rxvt-unicode on that machine. Running make install created three files in the doc/etc/ subdirectory of the working source directory. These three files were: rxvt-unicode.terminfo rxvt-unicode.termcap rxvt-unicode.terminfo.cdb. I copied these files to $HOME on $remote, and logged in to $remote from $local. Once again I ran tic on $remote: $ tic -s rxvt-unicode.terminfo But once again this failed to create a file with extension .cdb, although it did report successfully adding 2 entries to the database, creating ~/.terminfo and ~/.terminfo/r/, together with the two files rxvt-unicode and rxvt-unicode-256color in ~/.terminfo/r/. Once again top reported an error: no termcap entry for rxvt-unicode-256color. Now this is where I returned to the tic(1) and terminfo(5) man pages on $remote, but to my mind they are not clear here. terminfo(5) specifies the file $HOME/.terminfo.cdb as the database which contains terminal descriptions for personal use, but tic(1) doesn't seem to care, just saying that the created database path name is the same as the source but with .cdb appended. I take that to mean tic -s rxvt-unicode.terminfo should produce a file named rxvt-unicode.terminfo.cdb in $HOME. Needless to say it doesn't. At this point I took terminfo(5) literally and created $HOME/.terminfo.cdb by renaming the rxvt-unicode.terminfo.cdb file I had copied from $vm. Lo and behold that solved the problem straight away! top was happy, although tput complained about an unknown terminal but I solved this by logging in as root and running tic -s /home/gerard/rxvt-unicode.terminfo, which created these two files: /usr/share/terminfo/r/rxvt-unicode.terminfo /usr/share/terminfo/r/rxvt-unicode.terminfo-256color Correction: it created two files as follows: /usr/share/terminfo/r/rxvt-unicode /usr/share/terminfo/r/rxvt-unicode-256color -- Gerard Lally
How to install rxvt-unicode-256color termcap entry on machine without X
Hi, I am trying to access a NetBSD 6.1.4 amd64 machine from a Slackware machine, using the rxvt-unicode terminal, compiled with 256-color support. I do not have X installed on the NetBSD machine, and I would prefer to do without it if at all possible. Is there a way of installing the terminfo or termcap entry for this terminal in the database? I tried the command below, as recommended on the urxvt website, but I still get an error: REMOTE=myremoteserver.domain infocmp rxvt-unicode | ssh $REMOTE mkdir -p .terminfo cat /tmp/ti tic /tmp/ti When running top I get the following error: top: no termcap entry for a `rxvt-unicode-256color' terminal -- Gerard Lally ger...@netmail.ie
Re: spurious reboot
On Thu, 28 Nov 2013 21:06:36 +0100 m...@netbsd.org (Emmanuel Dreyfus) wrote: Manuel Bouyer bou...@antioche.eu.org wrote: Yes, but depending on the hardware and BIOS, I can immagine that only 2GB can be below the 2^32 limit, and the remaming above (eventually well above). Splitting at 3Gb is more annoying, hardware-wise, than at 2Gb. I wondered if it could be related with the i386 kernel being unstable on that machine. Is the BIOS up-to-date?
