Re: Gateway server experiencing degraded performance

[J. Lewis Muir]

On 05/16, Andrew K Adams wrote:
> I've looked at traffic with tcpdump, but there is so much in both
> scenarios that I can't really say that one service, or a
> packet-of-death is triggering the degraded state.  But thinking in
> aggregate, if there was a way to monitor the average packets/sec the
> gateway is forwarding, in both scenarios, I'd at least know for
> certain that it is or is not my gateway (I guess it's conceivable that
> by rebooting I'm tweaking state in Comcast's next-hop during DHCP
> negotiation or something ...)

Hi, Andrew!

I doubt it's the same problem, but there's another thread where
rebooting helps:

  https://mail-index.netbsd.org/tech-net/2022/04/12/msg008179.html

Re monitoring in aggregate, I know there are people here way more
knowledgeable than me, but if you haven't been able to make any progress
on tracking this down, I wonder if periodically capturing the output of

  vmstat -CmW

and

  netstat -m

might help on the outside chance that they might show some statistic
change over time that could lead you to the source of the problem?

Regards,

Lewis

Re: Cant build with pkgsrc

[J. Lewis Muir]

On 01/18, Todd Gruhn wrote:
> What is "breadth first" order? I have not heard this term.

It's a computer science term indicating the order of traversal of a
graph.  See

  https://en.wikipedia.org/wiki/Breadth-first_search

Lewis

Re: Editing PDFs

[J. Lewis Muir]

On 10/04, Todd Gruhn wrote:
> Is there a nice way to edit a PDF, and delete the blank page(s) at
> the beginning of the document?

QPDF

  https://github.com/qpdf/qpdf

is a command-line program that can delete pages.  The way you delete
pages is by extracting pages from the original PDF to create a new PDF
with the pages you want to delete omitted.  For example, to delete pages
1-9 and 13 from a 14-page PDF named in.pdf:

$ qpdf in.pdf out.pdf --pages in.pdf 10-12,14 --

Here are some other command-line programs that can delete pages that I
think are probably good but that I've never actually used myself:

* PDFtk Server

https://www.pdflabs.com/tools/pdftk-server/

* pdfjam

https://github.com/rrthomas/pdfjam

Lewis

Re: Scripting for /bin/ksh

[J. Lewis Muir]

On 08/02, Chavdar Ivanov wrote:
> On Mon, 2 Aug 2021 at 14:16, Todd Gruhn  wrote:
> >
> > Thanks for the code Matt.
> > I will try this.
> > By 'execute' I mean generate
> > ${cmd}
> > then execute/do whatever ${cmd} turns out to be.
> 
> Depending on the contents of cmd, you might have to use
> 
> eval ${cmd}

Yes, and there's the rub: the corner cases.  To correctly build up
a command like this and execute it where spaces and other special
characters are parsed correctly, you have to shell-quote cmd before
passing it to eval.  See the "Shell-quoting arbitrary strings" section
in:

  https://www.etalabs.net/sh_tricks.html

For example, here's a test program that correctly constructs and
executes two commands, touch and ls, to create and list some
"interesting" test files:


#!/bin/ksh

set -e

# https://www.etalabs.net/sh_tricks.html
quote() {
  printf %s\\n "$1" | sed "s/'/'''/g;1s/^/'/;\$s/\$/'/"
}

# https://dwheeler.com/essays/filenames-in-shell.html
nl=$(printf '\nX')
nl=${nl%X}

f1='test_a space'
f2='test_b"double-quote'
f3="test_c'single-quote"
f4="test_d${nl}newline"
f5='test_e\backslash'

f1_quoted=$(quote "$f1")
f2_quoted=$(quote "$f2")
f3_quoted=$(quote "$f3")
f4_quoted=$(quote "$f4")
f5_quoted=$(quote "$f5")

cmd="touch $f1_quoted $f2_quoted $f3_quoted $f4_quoted $f5_quoted"
printf 'cmd: %s\n' "$cmd"
eval "$cmd"
cmd="ls -B1 $f1_quoted $f2_quoted $f3_quoted $f4_quoted $f5_quoted"
printf 'cmd: %s\n' "$cmd"
eval "$cmd"


Lewis

Re: What is a good pkgsrc package to use for file encryption and decryption?

[J. Lewis Muir]

On 03/10, Brian Buhrow wrote:
>   hello.  I'm considering a project that might involve storing encrypted 
> blobs on cloud
> servers such as Google Drive or Amazon Glacier.  I'd like a package that I 
> can use to encrypt
> the blobs before they're transmitted to their storage site.  I've been 
> looking at the mcrypt
> (security/mcrypt) package, but it looks pretty old.  Are there packages in 
> the pkgsrc tree that
> have similar functionality but which use newer encryption algorithms?  

It depends on what you need, but there's the following:

* security/gnupg2
* security/netpgp

I'm not positive about Netpgp, but GnuPG can be used for symmetric and
asymmetric cryptography to encrypt and decrypt files or streams.

Lewis

Re: pkgsrc binary packages security with pkgin

[J. Lewis Muir]

On 01/26, Johnny Billquist wrote:
> The code is not audited anyway, but just downloaded from various places, and
> then built.
 
I don't follow.  What code are you saying is not audited?  The source
code of each package?  If so, I think that's mostly true (of course
there are exceptions where the source code has been audited), but that's
no different than other package management systems such as RHEL's or
Ubuntu's.

But this thread is about pkgsrc *binary* packages.  Are you instead
talking about the distfiles downloaded in order to build the binary
packages from source?  Each pkgsrc package contains a distinfo file
which contains a checksum for each distfile (or other) downloaded from
the Internet, so those can all be downloaded from anywhere without HTTPS
and still be trusted as long as the checksum matches.

> If you really want to have some actual security, and not just a false sense
> of it, https or so on is not really the answer. Anyone who thinks that just
> because https is involved, it is somehow more secure, is really fooling
> themselves.
> 
> https is most properly something to use when submitting sensitive data to a
> web server, which you do not want someone to pick up along the way.
> 
> The total craziness of moving the whole internet to https is not really
> improving any security in most situations.

It protects against man-in-the-middle attacks, so I think for
downloading binary packages it does add something significant.

> Not to mention the question of how you would solve the replication of
> repositories. All needs their own signatures. So there are a whole bunch of
> places where to get packages from. How do you know that they are all legit,
> and have the "right" binary packages even? You cannot have a single
> signature to ensure they are legit, since https ties certificates to the
> specific host.

I'm sorry, but I also don't follow this.  By "repository replication" do
you mean mirroring repositories?  I would say that this can be done in a
number of ways including over HTTPS or SSH.

And for binary packages, each package could be digitally signed by
whoever built it.  You can trust more than one person or organization to
build packages, and if you trust whoever built it, and you can validate
the signature, then you can trust the package.

Regards,

Lewis

Re: pkgsrc binary packages security with pkgin

[J. Lewis Muir]

On 01/25, m...@netbsd.org wrote:
> On Sat, Jan 25, 2020 at 01:34:34AM +0100, yarl-bau...@mailoo.org wrote:
> > May I ask how is safe the use pkgsrc binary packages. For example using 
> > pkgin. Does libfetch is doing fine with https? Any thoughts?
> > 
> > Is the authenticity and integrity of packages installed this way is 
> > guaranteed assuming no bugs in software involved?
> 
> No.

Wow!  That's surprising.  Can you explain why?

I understand that the binary packages are not digitally signed, but if
the binary repo is served over HTTPS, as long as the repo has not been
compromised, the integrity and authenticity is guaranteed, no?

Or as the OP asked, is pkgin not actually validating the server's SSL
certificate?  That would be terrible if it's silently behaving that way.
If it can't handle HTTPS properly, it should refuse to use the URL.
Anyway, I would be very surprised if this is what's going on, so I'm
just asking to understand better.

Thank you!

Lewis

Re: Netbsd Zabbix 8.0 8.1

[J. Lewis Muir]

On 11/16, Martin Husemann wrote:
> On Fri, Nov 15, 2019 at 09:26:29PM +0100, free...@tango.lu wrote:
> > Just WTF? Same goes on with mytop and other not that common packages. Can't
> > you create a decent binary set for all your repos?
> 
> The binary pkgs are perfectly fine, the question is if pkg_add should be
> less restrictive by default in this case (and opinions on that differ).

Regardless of the answer to that, the user experience is poor.  If a
user has installed NetBSD 8.1 and has configured PKG_PATH appropriately
for 8.1 packages, they shouldn't get warning messages, and the install
should succeed, not fail.  Same goes for pkgin.

If it means TNF has to rebuild all packages for 8.1, fine.  If it means
TNF copies and converts all 8.0 packages to 8.1 packages by changing
each package's metadata (I don't even know if this is possible), fine.
If it means the equivalent of CHECK_OSABI=no by default, fine.  IMO,
whatever the decided solution is, the user experience should not include
warning messages when the user is doing everything correctly.

Lewis

Re: Device timeout reading fsbn ...

[J. Lewis Muir]

On 10/01, Thomas Mueller wrote:
> mueller6...@twc.com ("Thomas Mueller") writes, and Michael van Elst responds:
> > Backing up the data is of course the first thing. But please also check
> > the disk with smartmontools or 'atatctl wd1 smart status' to see if itself
> > reports problems.
> 
> What is atatctl?  "which atatctl" shows nothing.  Is atatctl part of 
> smartmontools?

I assume he made a typo with an extra 't'.  I think he meant atactl

  https://netbsd.gw.com/cgi-bin/man-cgi?atactl++NetBSD-current

Lewis

Re: How to compile x86_64 NetBSD Xen domU PV kernel and userland

[J. Lewis Muir]

On 08/21, Martin Husemann wrote:
> On Wed, Aug 21, 2019 at 01:34:12PM -0500, J. Lewis Muir wrote:
> > On an amd64 NetBSD 8 stable kernel and userland system (i.e., tracking
> > the netbsd-8 branch), how do I compile a NetBSD 8 stable kernel and
> > userland to run on an x86_64 Xen domU in PV mode?
> 
> Nothing special about userland. The kernel you need is XEN3_DOMU -
> ... or I might be misunderstanding your question.

I think you understood perfectly; I just couldn't find it!  I was
looking in

  /usr/src/sys/arch/xen/conf

but based on your reply, I found XEN3_DOMU in

  /usr/src/sys/arch/amd64/conf

So, for using build.sh, I just specify XEN3_DOMU for the kernel name
instead of GENERIC?  In other words, instead of

  ./build.sh -O ../obj -T ../tools -U kernel=GENERIC

I would do the following?

  ./build.sh -O ../obj -T ../tools -U kernel=XEN3_DOMU

Thanks!

Lewis

How to compile x86_64 NetBSD Xen domU PV kernel and userland

[J. Lewis Muir]

Hello!

On an amd64 NetBSD 8 stable kernel and userland system (i.e., tracking
the netbsd-8 branch), how do I compile a NetBSD 8 stable kernel and
userland to run on an x86_64 Xen domU in PV mode?

I couldn't find documentation anywhere, but if I missed it, I'd be
grateful to be pointed to it.

I'm aware of the following which, as far as I can tell, do not document
how to do it:

* https://wiki.netbsd.org/ports/xen/howto/
* https://www.netbsd.org/docs/guide/en/chap-kernel.html
* https://www.netbsd.org/docs/guide/en/chap-updating.html

Thanks!

Lewis

Re: NFS client permanent mount points under /mnt?

[J. Lewis Muir]

On 07/25, Johnny Billquist wrote:
> For your question, the answer is essentially "where it fits".
>
> If you, for example have the netbsd source tree available over NFS, the
> reasonable place to mount it would be under /usr/src
> If you have user home directories over NFS, /home might be a good place.
>
> It does not make sense to have a generic universal mount point for all
> different file systems you might want to mount. NFS or otherwise. Are you
> also mounting all disk file systems under some specific point in your file
> system?

Thank you for your reply!  That makes sense.  I guess my problem is
that I'm not sure where some of these remote file systems "fit."  In
one case, I have a web app that needs read access to the log file of a
server process running on another machine.  The web app runs under nginx
and resides at

  /var/www//

I'm struggling to come up with a good idea for where the remote file
system that contains the server log file should be mounted.  One idea
for the NFS mount point I had was

  /var/www///internal/remote-server-logs

but I wasn't super thrilled about that because it would reside under
the web-app's root, hence my wondering about a more generic mount point
location.

Regards,

Lewis

NFS client permanent mount points under /mnt?

[J. Lewis Muir]

Hi, all!

I'm wondering, what's the best location for a client machine to
permanently mount NFS remote file systems?

I was thinking

  /mnt/

or maybe (but I'm less convinced that encoding the type of the remote
file system in the path is a good idea):

  /mnt/nfs/

However, in hier(7)

  https://netbsd.gw.com/cgi-bin/man-cgi?hier++NetBSD-current

it says

  /mnt/  Empty directory commonly used by system administrators as a
 temporary mount point.

The phrase "as a temporary mount point" sounds to me like /mnt is
intended to remain empty and only be used by a system administrator as a
mount point when they need to temporarily mount a file system manually
and then presumably unmount it when no longer needed.

I would like an appropriate (i.e., best practice) location where I can
permanently mount remote file systems.  Where should these go?  Or is
hier(7) just saying what /mnt is commonly used for, and if I used it for
something else, that would be considered fine?  I could even create an
empty /mnt/tmp, for example, to ensure that there still is a good place
for a system administrator to temporarily mount a file system if needed.

Also in hier(7) is

  /net/  automounted NFS shares; see auto_master(5)

That's clearly a good place, but it means using the automounter.  I was
hoping to not use the automounter, but perhaps I could if that's really
the best thing to do.

I haven't looked into the automounter, so maybe it's easy to do, but
in one case, I'm needing to have a parent directory that contains the
mount-point subdirectory because I need to ensure that the permissions
are set to 0550 on the parent directory to prevent read access by other
users on the client machine to any files in the mounted remote tree that
have their other-read bit set.

Thanks!

Lewis

Re: Serialization of binary floating point numbers

[J. Lewis Muir]

On 05/17, Sad Clouds wrote:
> A bit of a random question/thought - what is a good and portable method
> of storing/transmitting binary floating point numbers?

Maybe heavier than you'd like, but Protocol Buffers has a double type:

  https://developers.google.com/protocol-buffers/docs/proto3#scalar

Another possibility is XDR which has IEEE float and IEEE double types:

  https://en.wikipedia.org/wiki/External_Data_Representation

Lewis

Re: Alternative DVCS to git: hg?

[J. Lewis Muir]

On 04/16, Mayuresh wrote:
> On Mon, Apr 15, 2019 at 01:52:26PM -0500, J. Lewis Muir wrote:
> > Yes, it's a good alternative.  I use it for most of my projects.  It's
> > also used by a number of large projects such as Firefox, nginx, and
> > OpenJDK, and I gather it's on a short list of VCSes being evaluated by
> > NetBSD as its next VCS (which would replace CVS).
> 
> I also read somewhere facebook picking it, and also heavily contributing
> to it.

Yes, perhaps it was the "Scaling Mercurial at Facebook" post from 2014

  https://code.fb.com/core-data/scaling-mercurial-at-facebook/

> I am just intrigued by it being written in python (except may be for the
> merge algorithm which is in C). Wouldn't most engineers prefer C/C++ for
> such a low level and key component?

I'm sure some would.  But others believe it's a better choice to write
software in a high-level language (for various reasons which might
include speed of development, ease of readability, security (e.g.,
built-in protection from certain classes of security vulnerabilities),
libraries, ease of cross-platform development, etc.).  If something
is known to be or is discovered that is measurably too slow and the
application spends a significant amount of time there, then the
developers will spend effort improving the speed there.  This may be
done within the high-level language, or it might be done by writing
parts of the application in C.
 
> Regarding NetBSD, pkgsrc-wip was moved to git and pkgsrc has a git view of
> its CVS repo. So I thought git was more likely candidate in NetBSD.

Hmm, not sure about that.  See

  https://mail-index.netbsd.org/tech-repository/2017/09/01/msg000647.html

and the "NetBSD & Mercurial: One year later" talk

  https://pkgsrc.org/pkgsrcCon/2018/talks.html

and

  https://mail-index.netbsd.org/tech-repository/2019/02/12/msg000664.html

> It will help if list members with experience of both git and hg could
> share some pros and cons of both. (No flame war meant!)

A lot of people have wondered the same thing, and there's lots written
on the web about it.

Regards,

Lewis

Re: Alternative DVCS to git: hg?

[J. Lewis Muir]

On 04/15, Mayuresh wrote:
> I have tried out hg and it worked without any problems on an encfs mount.
> 
> But I have used hg very little. Is that a good alternative to git or are
> there better options? 

Yes, it's a good alternative.  I use it for most of my projects.  It's
also used by a number of large projects such as Firefox, nginx, and
OpenJDK, and I gather it's on a short list of VCSes being evaluated by
NetBSD as its next VCS (which would replace CVS).

Lewis

Re: Install kernel and userland without source?

[J. Lewis Muir]

On 02/14, Dan LaBell wrote:
> 
> On Feb 9, 2019, at 4:09 PM, J. Lewis Muir wrote:
> 
> > I have an amd64 router running the netbsd-8 stable branch that does not
> > have sources and does not have pkgsrc, and I'd like to build the kernel
> > and userland from source on another machine and then install them on the
> > router; how do I do that?
> > 
> > I'm aware of the "Updating an existing system from sources" chapter of
> > the NetBSD Guide
> > 
> >   https://www.netbsd.org/docs/guide/en/chap-updating.html
> > 
> 
> SYMLINK(7)   BSD Miscellaneous Information Manual
> SYMLINK(7)
> 
> NAME
>  symlink -- symbolic link handling
> 
> So, how 'bout a symlink in a very judicious place for you?
> ( That, works for you? ;-)

I'm sorry, but I don't understand.  What do you mean?

Lewis

Re: Install kernel and userland without source?

[J. Lewis Muir]

On 02/10, J. Lewis Muir wrote:
> On 02/09, Greg Troxel wrote:
> > see pkgsrc/systils/etcmanage.
> > It will be slightly hard to get your head around, but then it can be
> > used to install a build and update the files in /etc, preserving local
> > changes, automatically.
> >
> > It may not do what you want, but I think it might.  It does what I want,
> > for some reason :-)
> 
> Yes, funny how that works.
> 
> I have used etcmanage in the past, and indeed it does do everything I
> want!  However, I went looking for the website for it and couldn't find
> it.  The Makefile HOMEPAGE variable is set to
> 
>   http://www.ir.bbn.com/~gdt/etcmanage/
> 
> but it's commented out, and the hostname doesn't resolve in DNS at the
> moment.  So, it's a little difficult to find out more about it and look
> at the source code at the moment.  (I assume the distribution file is on
> the pkgsrc servers, though.)

Yes, I found the distribution file at

  https://cdn.netbsd.org/pub/pkgsrc/distfiles/etcmanage-0.9.4.tar.gz

However, the README contains this rather scary notice stating that
etcmanage is alpha code:

  WARNING - ETCMANAGE MAY RENDER YOUR SYSTEM UNUSABLE

  Before starting, back up all of etc (e.g., tar up and leave tarball on
  /), and ensure that you can boot from another root (e.g. floppy, cd,
  etc.).  etcmanage is alpha code and comes with no sanity checks; it is
  possible to remove most of /etc.

  At this time, etcmanage should be used only by those who have backups
  and are very familiar with system administration and recovery from
  trashed root filesystems.

Is that still true?

Regards,

Lewis

Re: Install kernel and userland without source?

[J. Lewis Muir]

On 02/09, Greg Troxel wrote:
> 
> "J. Lewis Muir"  writes:
> 
> > I have an amd64 router running the netbsd-8 stable branch that does not
> > have sources and does not have pkgsrc, and I'd like to build the kernel
> > and userland from source on another machine and then install them on the
> > router; how do I do that?
> 
> If you mean "update" rather than "install,

Yes, I mean "update."  Sorry to have been unclear on that.

> see pkgsrc/systils/etcmanage.
> It will be slightly hard to get your head around, but then it can be
> used to install a build and update the files in /etc, preserving local
> changes, automatically.
>
> It may not do what you want, but I think it might.  It does what I want,
> for some reason :-)

Yes, funny how that works.

I have used etcmanage in the past, and indeed it does do everything I
want!  However, I went looking for the website for it and couldn't find
it.  The Makefile HOMEPAGE variable is set to

  http://www.ir.bbn.com/~gdt/etcmanage/

but it's commented out, and the hostname doesn't resolve in DNS at the
moment.  So, it's a little difficult to find out more about it and look
at the source code at the moment.  (I assume the distribution file is on
the pkgsrc servers, though.)

And it requires Perl, so it basically requires pkgsrc, or at least
pkgsrc binaries, and so far I hadn't required that.  And I was trying
to be very vanilla and only use standard tools (i.e., build.sh).  But
it could be that all that is a foolish aim, and I should just install
etcmanage via pkgin and get on with things.

Thanks!

Lewis

Install kernel and userland without source?

[J. Lewis Muir]

I have an amd64 router running the netbsd-8 stable branch that does not
have sources and does not have pkgsrc, and I'd like to build the kernel
and userland from source on another machine and then install them on the
router; how do I do that?

I'm aware of the "Updating an existing system from sources" chapter of
the NetBSD Guide

  https://www.netbsd.org/docs/guide/en/chap-updating.html

but it only explains how to install from source on the same machine.
It also has a section titled "Using sysinst", but I want to avoid an
interactive install; I'd rather just have a set of commands that I run
to do the install of the new kernel and userland, and I'd just write a
script to execute them.

That same chapter in the NetBSD Guide also references some tools
available in pkgsrc, but, again, I don't have pkgsrc (nor pkgsrc binary
packages) on the router.

I found these

  https://mail-index.netbsd.org/netbsd-help/2008/03/04/msg89.html
  https://mail-index.netbsd.org/netbsd-help/2008/03/04/msg90.html

but that's for upgrading from NetBSD 3.1 to 4, so I'm not confident that
it applies to NetBSD 8.

Thanks!

Lewis

Re: Booting NetBSD 8 install image on PC Engines apu2d4 via serial console goes blank

[J. Lewis Muir]

On Sun, Dec 30, 2018 at 2:28 PM J. Lewis Muir  wrote:
> Thank you very much for your help!  I pressed 4 (Drop to boot prompt) which 
> gave
>
>   type "?" or "help" for help.
>   >
>
> where I typed
>
>   consdev com0
>
> but after that, the boot prompt is nonresponsive, and anything I type
> is not echoed. :-(

Hmm, based on

  https://mail-index.netbsd.org/netbsd-users/2016/12/09/msg019118.html

I tried disconnecting my serial terminal client and changing the baud
rate to 9600 and reconnecting, and then it worked!

I typed "?" and got the boot prompt help message, and then I typed
"boot", and the installer booted!

It would be great if there was a more elegant solution, but this is a
minor inconvenience, and I won't often be doing an install from the
serial console.

Thanks a million!

Lewis

Re: Booting NetBSD 8 install image on PC Engines apu2d4 via serial console goes blank

[J. Lewis Muir]

On Sun, Dec 30, 2018 at 1:02 PM Michael van Elst  wrote:
> When the menu appears you can "drop to the boot prompt" and enter commands,
> e.g.:
>
> consdev com0
>
> to select COM1 (DOS starts counting from 1) and then

Thank you very much for your help!  I pressed 4 (Drop to boot prompt) which gave

  type "?" or "help" for help.
  >

where I typed

  consdev com0

but after that, the boot prompt is nonresponsive, and anything I type
is not echoed. :-(

Lewis

Booting NetBSD 8 install image on PC Engines apu2d4 via serial console goes blank

[J. Lewis Muir]

I'm trying to install NetBSD 8 on a PC Engines apu2d4

  https://www.pcengines.ch/apu2d4.htm

via a USB thumb drive with a NetBSD 8 install image

  
https://cdn.netbsd.org/pub/NetBSD/NetBSD-8.0/images/NetBSD-8.0-amd64-install.img.gz

via a serial console where I can get to the welcome screen of the
installer image

  Welcome to the NetBSD/amd64 8.0 installation image
  
===

  ACPI (Advanced Configuration and Power Interface) should work on all modern
  and legacy hardware.  However if you do encounter a problem while booting,
  try disabling it and report a bug at http://www.NetBSD.org/.

   1. Install NetBSD
   2. Install NetBSD (no ACPI)
   3. Install NetBSD (no ACPI, no SMP)
   4. Drop to boot prompt

  Choose an option; RETURN for default; SPACE to stop countdown.
  Option 1 will be chosen in 0 seconds.

  Option: [1]:

and I press Space and then Enter to start the install, and it shows
some numbers with a spinner and then shows

  18010904+813996+1283156 [1191264+821120+12847-

 but then the screen goes blank.

Does anyone know what I can try to get this to work?

I tried the "no ACPI" and "no ACPI, no SMP" install choices, but that
didn't help.

The apu2d4 says the serial port baud rate is 115200 which is what I
successfully used to communicate with the apu2d4.  Will the boot image
kernel work with this baud rate?  If not, is there a way to change it
by dropping to the boot prompt?  Or do I need to build a custom kernel
with the baud rate set to 115200?

Thank you!

Lewis

bozohttpd(8) mentions '-r' option, but not in synopsis

[J. Lewis Muir]

I noticed that the bozohttpd(8) man page

  http://netbsd.gw.com/cgi-bin/man-cgi?bozohttpd++NetBSD-current

references the '-r' option in the FILES section, but there is no '-r'
option listed in the SYNOPSIS section.

Looking at main.c

  
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/main.c?rev=1.22=text/x-cvsweb-markup_with_tag=MAIN

I see a comment that says

  -r option was removed, do not reuse it for a while

So, I think the reference in the man page should be removed.

Lewis

Re: Partition alignment for optimal disk I/O

[J. Lewis Muir]

On Sat, Aug 25, 2018 at 7:40 PM Greg Troxel  wrote:
> If the underlying actual disk(s) has 512-byte sectors, so that operations
> are the same speed whether aligned or not then it doesn't amtter.
>
> If the underlying actual disk(s) has 4K sectors (typical on > 2T disks,
> and maybe newer disks even if smaller), then you need to set things up
> so that actual write operations (that are bigger than 512 bytes) are
> lined up so they don't span 4K sectors.
>
> Filesystems typically have 8K or some other block size, and generally do
> 8K (or 4K or 16K) writes, aligned naturally relative to the beginning of
> the filesystem.
>
> But, there's the within-filesystem alignment, and then the fs within the
> disklabel, and then the disklabel within the mbr partition.
>
> All that really matters in the end is that the writes hit the disk
> controller aligned.
>
> So yes, if you use MBR, make the NetBSD partition start at a mulitple of
> 64.  Then, within disklabel, make every partition start at a multiple of
> 64.

Thank you for your reply!  Sorry to reply to this so late, but I don't
understand why everything should start at a multiple of 64 sectors
instead of 8 sectors?  Shouldn't it be a multiple of 8 sectors because
8 sectors * 512 bytes/sector = 4096 bytes which aligns with the
underlying actual disk's 4K-sized sectors?

Lewis

Partition alignment for optimal disk I/O

[J. Lewis Muir]

Hello, all!

For a regular install of amd64 NetBSD 8, should the partitions be
4K-aligned for optimal disk I/O performance?

This came up when I read

  https://mail-index.netbsd.org/netbsd-users/2018/08/15/msg021269.html

in which Michael van Elst wrote:

  Can you verify partition alignment? Modern disks require an alignment
  of 4kbyte (8 sectors), otherwise all write operations are executed as
  slow read-modify-write cycles. The effect is also somewhat true for
  reading but usually hidden by the read cache.

Which partitions does this apply to: the MBR partitions (i.e.,
partitions that can be manipulated with fdisk(8)), the NetBSD disklabel
partitions (i.e., partitions that can be manipulated with disklabel(8)),
both, others?

I couldn't find this in the NetBSD guide nor the NetBSD tutorials; did I
miss it?

Does this apply for a VPS (e.g., Vltr's Cloud Compute (VC2))?

Does this apply for a VMware guest where the disk is a sparse virtual
disk file (.vmdk) or a sparse virtual disk file split into multiple
virtual disk files?  The disk is detected by NetBSD 8 as follows (from
dmesg):

===
wd0 at atabus0 drive 0
wd0: 
wd0: drive supports 64-sector PIO transfers, LBA addressing
wd0: 20480 MB, 44384 cyl, 15 head, 63 sec, 512 bytes/sect x 41943040 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2 (Ultra/33)
wd0(piixide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA)
===

However, Andy Ball's output looked like

===
Model: HGST HTS545025A7E380, Rev: GGEOAC90
Capacity 250 Gbytes, 488397168 sectors, 512 bytes/sector
Physical sector size: 4096 bytes
===

What program displays that kind of information?

Does the NetBSD installer take this into account when it creates the
default MBR partitions and BSD disklabel partitions, or do I need to
watch out and correct it?  For example, I ran

  fdisk

in an amd64 NetBSD 8 VM, and it displayed "bytes/sector: 512" and the
following partition table:

===
0: NetBSD (sysid 169)
start 63, size 41942977 (20480 MB, Cyls 0-2610/212/34), Active
1: 
2: 
3: 
===

And I ran

  disklabel wd0

and it displayed "bytes/sector: 512" and the following partition table:

===
16 partitions:
#sizeoffset fstype [fsize bsize cpg/sgs]
 a:  4089393063 4.2BSD   2048 16384 0  # (Cyl.  0*-  43274*)
 b:   1049047  40893993   swap # (Cyl.  43274*-  44384*)
 c:  4194297763 unused  0 0# (Cyl.  0*-  44384*)
 d:  41943040 0 unused  0 0# (Cyl.  0 -  44384*)
===

So, it looks like my root file system starts at sector 63, not 64, and
my swap partition starts at sector 40893993, not 40894000, so neither
are 4K-aligned?  I haven't determined that this VM disk is 4K-aligned,
and maybe the NetBSD installer is smart enough to know when it matters,
and perhaps it doesn't matter for this VM disk detected by NetBSD?

Thanks!

Lewis

Re: Blocking offending IPs : How many are too many to handle for npf?

[J. Lewis Muir]

On 05/24, Mayuresh wrote:
> On Thu, May 24, 2018 at 01:55:23AM +, Christos Zoulas wrote:
> > You could collect data for a few days and then make some entries permanent 
> > :-)
> 
> Sure. May be I'd look forward to blocklistd to add 1 more column in its
> conf: "no. of repeat offences before being permanently blocked"! :-)

One issue with a permanent block is the whole cloud computing thing.
AWS (and I'm sure all the rest) recycle IP addresses.  They will give
out static IP addresses, and the addresses are yours for as long as
you keep them, but if you release them, they go back into a pool of
available IP addresses to be given out to the next person.  Obviously,
if you permanently block an IP address that used to be bad but now has
been released and given to a new owner, you end up blocking the new
owner when they have done nothing wrong.

Lewis

Re: Problem with httpd and openssl on NetBSD-7.1

[J. Lewis Muir]

On 05/02, Christopher Pinon wrote:
> By the way, another (easier) question about httpd: is there a way for
> httpd to listen to both plain http (port 80) requests and https (port
> 443) requests? (Like apache.) At the moment, as far as I can tell, it's
> either or, depending on whether or not '-Z ...' is set.

I've not tried, but can't you just run two instances of it: one
listening on port 80 and the other listening on port 443?

Lewis

How to view /usr/share/doc/psd/12.make/tutorial.ms

[J. Lewis Muir]

Hello, NetBSD Users!

On NetBSD 6 (stable branch), what is the right way to view
/usr/share/doc/psd/12.make/tutorial.ms?

I tried the following:

$ nroff -ms /usr/share/doc/psd/12.make/tutorial.ms

That mostly works, but it produces the following warnings:

  /usr/share/doc/psd/12.make/tutorial.ms:200: warning: macro `Ix' not defined
  /usr/share/doc/psd/12.make/tutorial.ms:203: warning: can't find font `C'

It also renders some lines with the word "NOT" in the left margin like
this:

 This  tutorial  is  divided  into three main sections corre-
  NOTsponding to basic, intermediate and advanced PMake usage. If
 you already know Make well, you will only need to skim chap-

Thanks!

Lewis

bozohttpd support for SNI

[J. Lewis Muir]

Hello!

Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
Identification) such that multiple SSL sites can be served from one
HTTPS server?  If not, what is NetBSD's position on the feature: is it
"we're open to accepting a quality patch," or is it more "we'd rather
not add the feature; it's better to just use separate server instances
on separate IP addresses; we're trying to keep with bozohttpd's main
feature as stated on its website which is 'the lack of features,
reducing the code size and improving verifiability'"?

Thanks!

Lewis

Re: "No route to host" in Alpine

[J. Lewis Muir]

On 3/1/16 2:34 PM, Marco Beishuizen wrote:
> Does anyone know where to look for things like this?

Just a guess, but maybe it tries IPv6 first and fails and prints that
error, but then tries IPv4 and succeeds?

Lewis

Re: tmux overhead

[J. Lewis Muir]

On 1/21/16 4:59 PM, John Klos wrote:
> Ideas about why this is so busy?

Hi, John.

It might be worth looking into what version of tmux is in the NetBSD
version you have installed; maybe it has inefficiencies?  Ted Unangst
has a blog post at [1] titled "rough idling" where he talks about the
situation you're seeing in general and also mentions that a number of
efficiency fixes were made to the tmux in OpenBSD after the OpenBSD 5.8
release.  I don't know if the same fixes made it into the version of
tmux you have; maybe it's worth a look.

Regards,

Lewis

[1] http://www.tedunangst.com/flak/post/rough-idling

Re: What is the current state financial of NetBSD?

[J. Lewis Muir]

On 11/12/15 9:50 AM, français wrote:
> What is the current state financial of NetBSD?
> 
> The NetBSD has big troubles financials? 

Hello.

I don't think so.  See the 2014 financial report at

  http://netbsd.org/foundation/

Of course I'm sure they would always be happy for more donations!

Regards,

Lewis

NetBSD website man pages down

[J. Lewis Muir]

Hello.

This is a report of a problem with the NetBSD website: I'm unable to
access the on-line man pages by clicking Documentation > "Manual pages"
which links to .

Thanks,

Lewis

Re: sh won't trap SIGHUP while waiting for jobs

[J. Lewis Muir]

On 8/21/15 10:41 AM, Timo Buhrmester wrote:
 I can't get /bin/sh to trap the SIGHUP signal on amd64 NetBSD
 6.1_STABLE.  Does anyone know why?
 On a first glance, this seems to be bourne-shell specific.  At least ksh and 
 bash both behave correctly.
 
 Looking at the source, this part is likely what causes SIGINT to work:
 (from src/bin/sh/jobs.c in the `dowait` function, note that this is -current 
 source)
 | do {
 | pid = waitproc(flags  WBLOCK, job, status);
 | TRACE((wait returns pid %d, status %d\n, pid, status));
 | } while (pid == -1  errno == EINTR  gotsig[SIGINT - 1] == 0);
 
 Note the special case granting SIGINT to exit the loop when waitproc (i.e. 
 waitpid(2)) comes back with EINTR, while other signals are effectively 
 ignored.

Hello, Timo.

Thank you for your analysis.  I think you're right; that explains it!

Regards,

Lewis

Re: sh won't trap SIGHUP while waiting for jobs

[J. Lewis Muir]

On 8/20/15 4:36 PM, J. Lewis Muir wrote:
 Hello, NetBSD Users!

 I can't get /bin/sh to trap the SIGHUP signal on amd64 NetBSD
 6.1_STABLE.  Does anyone know why?

 Here's a test program exhibiting the behavior:

 === test-program ===
 #!/bin/sh

 trap 'echo SIGHUP; exit 1' 1

 sleep 3600 
 wait
 

I have now tested trapping SIGINT, SIGQUIT, SIGPIPE, and SIGTERM too,
and of those, only SIGINT causes the program to exit.  Here's the new
test program I used:

=== test-program2 ===
#!/bin/sh

trap 'echo SIGHUP; exit 1' 1
trap 'echo SIGINT; exit 1' 2
trap 'echo SIGQUIT; exit 1' 3
trap 'echo SIGPIPE; exit 1' 13
trap 'echo SIGTERM; exit 1' 15

sleep 3600 
wait
=

As I said, nothing happens when I send the signals, with the exception
of SIGINT which causes the program to exit.  Interestingly, when I
interrupt the program by pressing Ctrl-C in the terminal, I get two
lines of output: one for the signal I sent that seemed to do nothing and
the other for the SIGINT sent by pressing Ctrl-C.  Here's the output
for the five cases in order (SIGHUP, SIGINT, SIGQUIT, SIGPIPE, SIGTERM)
including where I pressed Ctrl-C for each case except SIGINT:

=== test-program2 terminal ===
$ ./test-program2
^CSIGHUP
SIGINT
$ ./test-program2
SIGINT
$ ./test-program2
^CSIGINT
SIGQUIT
$ ./test-program2
^CSIGINT
SIGPIPE
$ ./test-program2
^CSIGINT
SIGTERM
==

I'm worried I'm rediscovering some basic behavior that is a surprise to
me but not to many others.  Is this the right behavior for waiting on
jobs?  Why does a trap for SIGINT work while waiting in the wait command
but a trap for the other signals does not?

Thank you!

Lewis

Re: Quick question about NetBSD source code

[J. Lewis Muir]

On 8/12/15 8:05 AM, Alexey Smirnov wrote:
 Hello
 Go a quick question here.
 On the documentation we have several types of geting src.
 First is to download five archives from

 *ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-6.1/source/sets/

 Seconf is do download a lot more from

 *ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-release-6/tar_files/src/

 *What is the difference between them in code ?*

Hello, Alexey.

NetBSD-6.1 is the source code for the NetBSD 6.1 release; it never
changes.  NetBSD-release-6 is the source code for the NetBSD 6 stable
branch; it changes to reflect the source of the netbsd-6 stable branch
in CVS. See [1] and [2].

As for the 5 tarballs in NetBSD-6.1 vs. 27 in NetBSD-release-6, I don't
know why that is.

Regards,

Lewis

[1] http://netbsd.org/docs/guide/en/chap-fetch.html
[2] http://www.netbsd.org/releases/release-map.html

Re: samba-4.2.1nb4 Shared object libpopt-samba3-samba4.so not found

[J. Lewis Muir]

On 8/9/15 7:06 PM, ron georgia wrote:
 All,
 I installed samba-4.2.1 under 7.0_RC2. I had to you pkg_add because
 pkgin gave me an error message.

 pkgin: samba-4.2.1nb4 is not available on the repository

Hi, Ron.

Did you do pkgin update first?

 I configured my smb.conf file and started smbd and nmbd. To test I
 entered

 smbclient -Usamba -L localhost

 and got the following message:
 Shared object libpopt-samba3-samba4.so not found

 However when a search for the file finds it here.
 /usr/pkg/lib/samba/private/libpopt-samba3-samba4.so

 Another interesting point is there are no man pages for samba or
 smbclient.

 man samba
 man: no entry for samba in the manual.
 man smbclient
 man: no entry for smbclient in the manual.

 My questions are these, being new to the NetBSD community:
 1. Is this a bug that I need to file? (I did search the bug db)

Well, it seems like there might be more than one bug.  But I think these
might all be pkgsrc bugs, not NetBSD bugs.  You might get more help
posting to the pkgsrc-users list.

As far as the missing .so file, that looks problematic, but I don't
know enough about Samba to know if maybe the .so file gets loaded
depending on what is configured in smb.conf, and maybe the pkgsrc Samba
wasn't built with support for a particular option you configured in
smb.conf?? Someone else will have to answer that.

As far as the missing man pages, I'd say that's a bug.  If I install
Samba 4, I would definitely expect to get man pages with that.  Looking
at pkgsrc net/samba4/Makefile, I see the following line:

CONFIGURE_ENV+= XSLTPROC=${FALSE} # suppress generation of man pages

So, it looks like the man pages have been disabled on purpose. :-(  And
they are not listed in net/samba4/PLIST.

 2. Is somewhere I can point samba to the missing file?

It would be better for someone more knowledgeable than me to answer
about the .so file, but a hack might be to set LD_LIBRARY_PATH to
/usr/pkg/lib/samba/private in the environment of the process that
can't find the .so file.  But that's just a hack, normally you should
not do that.  The package should be fixed, or you're using an option for
which support was not built into the package.

As far as the man pages, no, they weren't provided by the package.

Regards,

Lewis

Re: installing rsync

[J. Lewis Muir]

On 7/24/15 8:52 AM, William A. Mahaffey III wrote:
 I just tried to install rsync using pkgin  I got the following:
 
 4256EE1 # pkgin install rsync
 calculating dependencies... done.
 
 nothing to upgrade.
 1 packages to be installed: rsync-3.1.1 (294K to download, 655K to install)
 
 proceed ? [Y/n]
 downloading packages...
 rsync-3.1.1 is not available on the repository
 proceed ? [y/N] y
 installing packages...
 pkg_install warnings: 0, errors: 0
 4256EE1 #

Hi, William.

What do you have in repositories.conf?

Lewis

Re: Request to reconsider removal of groff from base system

[J. Lewis Muir]

On 4/8/15 10:41 AM, Julian H. Stacey wrote:
 A multi- decades BSD developer friend  I discussed:
 It's a liability that there's no managers on *BSD.org projects to
 control the immature  instill perspective, explaining:

Hi, Julian.

But there is such a body for NetBSD; it's the Board of Directors and the
committees they oversee.  See http://netbsd.org/foundation/.

Regards,

Lewis

Re: NPF syntax

[J. Lewis Muir]

On 3/17/15 6:34 PM, Mindaugas Rasiukevicius wrote:

Hi, Mindaugas.

First, let me say thank you for your excellent work on NPF!

 D'Arcy J.M. Cain da...@netbsd.org wrote:
 I have decided to give up on pf after banging my head against
 the wall (and the OBSD mailing list) and try npf but I
 can't figure out the syntax.  I followed the example at
 http://www.netbsd.org/~rmind/npf/ but I keep getting errors when I
 validate.  I reduced npf.conf to the following two lines:

 It looks like you are using the netbsd-6.  The documentation is for
 the netbsd-7/current.  NPF in netbsd-6 does not support table naming
 so you have to use numbers.  It does not autoload ALGs, so you can
 skip that line and modload npf_alg_icmp manually.

Is there ~rmind/npf documentation for NPF in NetBSD 6?

I've run into the same problem when trying to learn NPF and finding that
the documentation did not apply to what I had (netbsd-6 stable branch).
I ended up using the ~rmind/npf documentation along with the man pages
from netbsd-6 to figure out what parts of ~rmind/npf did not apply to
netbsd-6 or had been renamed, etc.

 NPF in netbsd-6 is very old by now; netbsd-7 has many fixes as well as
 improvements and I strongly recommend to use that.

I can certainly understand that, but NetBSD 7 has not been released yet.
It doesn't seem reasonable to expect people to run -current or 7.0_BETA
in production.

Regards,

Lewis

Re: postinstall bug in mtree check?

[J. Lewis Muir]

On 9/30/14 9:48 AM, J. Lewis Muir wrote:
 On 9/30/14 8:19 AM, Greg Troxel wrote:
 There's already a fix in -current and -7, which is to put @ in front
 of the cat command in the makefile.  I've asked that this be pulled
 up to netbsd-6:
   http://releng.netbsd.org/cgi-bin/req-6.cgi?show=1163

 Thanks for the report - without it none of us would have realized
 that this fix was both needed and missing in -6!

 Hi, Greg.

 OK, great!

 FYI, I had submitted PR 49238 [1] for this, so once your pull-up
 request happens, the PR can be closed.

 Thanks!

 Lewis

 [1] http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=49238

Hello!

It appears the pull-up request has happened, so PR 49238 can be closed.

Thanks!

Lewis

Re: Listening on port 25 to receive mail

[J. Lewis Muir]

On 12/5/14 10:50 AM, Rocky Hotas wrote:
 Should I make anything else, or should I correct my configuration?

Hi, Rocky.

I would suggest you read afterboot(8).  It has two subsections that tell
you what to do: Mail Aliases and Postfix.

Regards,

Lewis

Re: nd6_setmtu0: new link MTU on iwn0 (576) is too small for IPv6 which needs 1280

[J. Lewis Muir]

On 12/3/14 1:42 PM, Christos Zoulas wrote:
 Unfortunately there is no sysctl node for that.
 You could recompile a new kernel, or use a packet filter to drop all
 ipv6 traffic.  There was a thread about that:
 
 https://mail-index.netbsd.org/netbsd-users/2012/06/27/msg010930.html
 
 Perhaps we should ask kre@ for his patch, or recreate it.

+1.  I would love that!

Lewis

Re: lighttpd and 404 error

[J. Lewis Muir]

On 10/29/14 11:33 AM, scar wrote:
 and my ~/public_html dir has mode 755 and owned by scar.users

What are the permissions and ownership of your home dir?

Lewis

Re: pf and rpi

[J. Lewis Muir]

On 10/1/14 9:57 AM, Zoran Kolic wrote:
 I intent to load pf firewall on rpi and not stay locked out of the
 node. The only comminication is via ssh.

Hi, Zoran.

You're right about putting pf=YES in /etc/rc.conf; I would not do that
until I was confident my configuration was right.

Does rpi mean Raspberry Pi?  If so, then is it easy to power cycle
the device?  If so, you can just try your rules, and if you get locked
out, power cycle it.

But normally I wouldn't even plan to power cycle my machine to recover.
Before trying new firewall rules, I just run something to disable the
firewall after a period of time in case I lock myself out.  So, I'd do
something like this:

# nohup sh -c 'sleep 15; pfctl -d'  /dev/null  /dev/null 21 

That runs the sh process in the background, detached from standard
input, standard output, and standard error, and ignoring the SIGHUP
signal.  After 15 seconds it runs pfctl -d to disable the firewall.

Or you could just start a tmux session, and do the following in a
window:

# sleep 15; pfctl -d

BTW, as of NetBSD 6, there's a new packet filter for NetBSD called
NPF.  See npf.conf(5), npfctl(8), and /usr/share/examples/npf.
There's also a document by the NPF author titled NPF documentation
http://www.netbsd.org/~rmind/npf/.  I think it documents the latest
NPF, so if you're not running the latest NetBSD, beware that some things
might be slightly different for your NPF.

Regards,

Lewis

Re: postinstall bug in mtree check?

[J. Lewis Muir]

On 9/30/14 8:19 AM, Greg Troxel wrote:
 There's already a fix in -current and -7, which is to put @ in front
 of the cat command in the makefile.  I've asked that this be pulled up
 to netbsd-6:
   http://releng.netbsd.org/cgi-bin/req-6.cgi?show=1163

 Thanks for the report - without it none of us would have realized that
 this fix was both needed and missing in -6!

Hi, Greg.

OK, great!

FYI, I had submitted PR 49238 [1] for this, so once your pull-up request
happens, the PR can be closed.

Thanks!

Lewis

[1] http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=49238

postinstall reference files without /usr/src

[J. Lewis Muir]

Hello, NetBSD Users.

I built the netbsd-6 CVS branch from source using BUILD-NetBSD from
(pkgsrc) sysutils/etcmanage (0.8.2).  This creates a directory named
releasedir which contains the binary sets and kernel.  I then copy these
binary set and kernel files to a target machine where I install them
using INSTALL-NetBSD.  Doing this enables me to not keep a source tree
on the target machine nor build from source on the target machine.

After running INSTALL-NetBSD on the target machine, I want to run
postinstall check.  Unfortunately, this does not work because
/usr/src does not exist.  Looking at the postinstall(8) man page shows
me that there's a '-s' option to specify reference files.  So, I can
do postinstall -s [RELEASEDIR]/amd64/binary/sets/etc.tgz check where
[RELEASEDIR] is the path to the releasedir directory I copied over.  For
this form of the '-s' option, it says the etc.tgz file must be specified
and the xetc.tgz file is optional.  My question is, are all the other
set files optional too?  Or put another way, is the '-s' option only for
specifying etc.tgz and xetc.tgz, or is it also intended to be used for
base.tgz, comp.tgz, and so on, and by not specifying those, some checks
will be skipped?

Thank you!

Lewis

netbsd-6 CVS branch amd64 install fails in installsets target

[J. Lewis Muir]

Hello, NetBSD Users.

After building the netbsd-6 CVS branch (i.e. stable branch) from
source, unprivileged, for amd64 on a NetBSD 6.1.4 amd64 machine using
the BUILD-NetBSD program from the sysutils/etcmanage 0.8.2 package
(i.e. cd /usr  BUILD-NetBSD all), I am now trying to install
the kernel and userland on the same machine with the BUILD-NetBSD
program as root.  Unfortunately, this fails in the installsets
target, and before that I got lots of errors like, pax: Unable to open
./stand/amd64/6.1/modules/accf_dataready/accf_dataready.kmod to read (No
such file or directory).  Below is the full console log.  The actual
build.sh command being run is listed right near the top of the log.

Does anyone know what's wrong and how to fix it?

Thank you!

Lewis

~~
# cd /usr
# BUILD-NetBSD install
BUILDALL OVERALL start Wed Sep 24 11:47:19 CDT 2014
Building with branch token 6
INSTALL with METALOG: doing UNPRIVed install
INSTALL: ASSUMING DISTRIBUTION ALREADY COMPLETE!
ls: netbsd-*.gz: No such file or directory
BUILDALL MAIN install=/ start Wed Sep 24 11:47:19 CDT 2014
=== build.sh command:./build.sh -m amd64 -j2 -u -U -O 
/usr/obj/stable-6/amd64 -T /usr/obj/stable-6/tools -D 
/usr/obj/stable-6/destdir/amd64 -R /usr/obj/stable-6/releasedir -X /usr/xsrc 
install=/
=== build.sh started:Wed Sep 24 11:47:19 CDT 2014
=== NetBSD version:  6.1_STABLE
=== MACHINE: amd64
=== MACHINE_ARCH:x86_64
=== Build platform:  NetBSD 6.1.4 amd64
=== HOST_SH: /bin/sh
=== TOOLDIR path:/usr/obj/stable-6/tools
=== DESTDIR path:/usr/obj/stable-6/destdir/amd64
=== RELEASEDIR path: /usr/obj/stable-6/releasedir
=== Updated makewrapper: /usr/obj/stable-6/tools/bin/nbmake-amd64
installsets === distrib/sets   (with: INSTALLDIR=/ INSTALLSETS=)
cd /usr/src/distrib/sets   DESTDIR=/usr/obj/stable-6/destdir/amd64  
MACHINE=amd64  MACHINE_ARCH=x86_64  AWK=/usr/obj/stable-6/tools/bin/nbawk  
CKSUM=/usr/obj/stable-6/tools/bin/nbcksum  DB=/usr/obj/stable-6/tools/bin/nbdb  
HOST_SH=/bin/sh  MAKE=/usr/obj/stable-6/tools/bin/nbmake  
MKTEMP=/usr/obj/stable-6/tools/bin/nbmktemp  
MTREE=/usr/obj/stable-6/tools/bin/nbmtree  
PAX=/usr/obj/stable-6/tools/bin/nbpax  COMPRESS_PROGRAM=gzip  
PKG_CREATE=/usr/obj/stable-6/tools/bin/nbpkg_create  
SED=/usr/obj/stable-6/tools/bin/nbsed  
TSORT=/usr/obj/stable-6/tools/bin/nbtsort\ -q  /bin/sh ./maketars -d 
/usr/obj/stable-6/destdir/amd64   -M 
/usr/obj/stable-6/destdir/amd64/METALOG.sanitised -N /usr/src/etc  -L base -i / 
Copying set base
Copying set comp
Copying set games
Copying set man
Copying set misc
Copying set modules
pax: Unable to open 
./stand/amd64/6.1/modules/accf_dataready/accf_dataready.kmod to read (No such 
file or directory)
pax: Unable to open 
./stand/amd64/6.1/modules/accf_httpready/accf_httpready.kmod to read (No such 
file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpiacad/acpiacad.kmod to read 
(No such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpibat/acpibat.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpibut/acpibut.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpicpu/acpicpu.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpidalb/acpidalb.kmod to read 
(No such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpifan/acpifan.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpilid/acpilid.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpipmtr/acpipmtr.kmod to read 
(No such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpitz/acpitz.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpiverbose/acpiverbose.kmod to 
read (No such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpivga/acpivga.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpiwdrt/acpiwdrt.kmod to read 
(No such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/acpiwmi/acpiwmi.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/adosfs/adosfs.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/aibs/aibs.kmod to read (No such 
file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/aio/aio.kmod to read (No such 
file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/amdtemp/amdtemp.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/aps/aps.kmod to read (No such 
file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/asus/asus.kmod to read (No such 
file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/au8522/au8522.kmod to read (No 
such file or directory)
pax: Unable to open ./stand/amd64/6.1/modules/auvitek/auvitek.kmod to 

Re: netbsd-6 CVS branch amd64 install fails in installsets target

[J. Lewis Muir]

On 9/24/14, 12:52 PM, Greg Troxel wrote:
 I stopped using 'BUILD-NetBSD install' a long time ago, in favor of
 INSTALL-NetBSD, which basically just unpacks the sets, plus unpacks
 {,x}etc.tgz to /usr/netbsd-etc to use with etcmanage.

Hi, Greg.

OK, I used INSTALL-NetBSD instead, and it worked!

Thanks!

Lewis

postinstall bug in mtree check?

[J. Lewis Muir]

Hello, NetBSD Users.

I just built on and for amd64 from the netbsd-6 CVS branch source and
installed and ran a postinstall check of the mtree item and got an
unexpected difference.  The output is below.  Looking at the postinstall
source, I'm thinking (but haven't confirmed) the problem is that make is
echoing to stdout the command executed for the emit_dist_file target,
and that is getting erroneously captured when postinstall invokes it
and redirects stdout to create the expected NetBSD.dist mtree file thus
causing the expected and actual files to differ.

Thank you!

Lewis

~~~
# postinstall -s '/usr/src' -d / diff -u mtree
Source directory: /usr/src
Target directory: /
mtree check:
/tmp/_postinstall.3630.0/NetBSD.dist != /etc/mtree/NetBSD.dist
--- /etc/mtree/NetBSD.dist  2014-09-23 16:01:14.0 -0500
+++ /tmp/_postinstall.3630.0/NetBSD.dist2014-09-24 15:21:59.0 
-0500
@@ -1,3 +1,4 @@
+cat /usr/src/etc/mtree/NetBSD.dist.base /usr/src/etc/mtree/NetBSD.dist.x86_64 
/usr/src/etc/mtree/NetBSD.dist.tests
 #  $NetBSD: NetBSD.dist.base,v 1.97.2.5 2012/11/18 22:38:37 riz Exp $
 #  @(#)4.4BSD.dist 8.1 (Berkeley) 6/13/93
 
postinstall checks passed:
postinstall checks failed: mtree
To fix, run:
sh /usr/sbin/postinstall -s '/usr/src' -d / fix mtree
Note that this may overwrite local changes.
~~~

Re: postinstall bug in mtree check?

[J. Lewis Muir]

On Wed, Sep 24, 2014 at 03:41:49PM -0500, J. Lewis Muir wrote:
 Hello, NetBSD Users.
 
 I just built on and for amd64 from the netbsd-6 CVS branch source
 and installed and ran a postinstall check of the mtree item and
 got an unexpected difference.  The output is below.  Looking at
 the postinstall source, I'm thinking (but haven't confirmed) the
 problem is that make is echoing to stdout the command executed for the
 emit_dist_file target, and that is getting erroneously captured when
 postinstall invokes it and redirects stdout to create the expected
 NetBSD.dist mtree file thus causing the expected and actual files to
 differ.

Adding '-s' to the make invocation in postinstall fixes the problem.
Below is a patch against the netbsd-6 CVS branch.

Thanks,

Lewis

Index: usr.sbin/postinstall/postinstall
===
RCS file: /cvsroot/src/usr.sbin/postinstall/postinstall,v
retrieving revision 1.129.2.11
diff -u -r1.129.2.11 postinstall
--- usr.sbin/postinstall/postinstall21 May 2014 20:29:02 -  
1.129.2.11
+++ usr.sbin/postinstall/postinstall24 Sep 2014 20:57:20 -
@@ -998,7 +998,7 @@
if ! $SOURCEMODE; then
MTREE_DIR=${SRC_DIR}/etc/mtree
else
-   ${MAKE} -C ${SRC_DIR}/etc/mtree emit_dist_file  \
+   ${MAKE} -s -C ${SRC_DIR}/etc/mtree emit_dist_file  \
${SCRATCHDIR}/NetBSD.dist
MTREE_DIR=${SCRATCHDIR}
fi

Re: Binary solution for security advisory 2014-009..012?

[J. Lewis Muir]

On 9/19/14, 6:01 PM, Greg Troxel wrote:
 For me, the normal thing is to build from source with
 BUILD-NetBSD and do an overlay install with INSTALL-NetBSD from
 pkgsrc/sysutils/etcmanage, following netbsd-6 (or -5 or -7).  Once
 you get etcmanage set up, this is nearly trivial, and updates lots of
 fixes, not just security patches.

Hi, Greg.

OK, I've started to try that.

Thanks for the suggestion!

Lewis

netbsd-6 CVS branch amd64 build fails with gcc internal error

[J. Lewis Muir]

Hello, NetBSD Users.

I tried to build the netbsd-6 CVS branch (i.e. stable branch) from
source for amd64 on a NetBSD 6.1.4 amd64 machine using the BUILD-NetBSD
program from the sysutils/etcmanage 0.8.2 package, but the build
fails partway through with the message, x86_64--netbsd-gcc: Internal
error: Killed (program cc1 received signal 9). :-(

The console output for the beginning and end (after [snip]) of the
build is below.  Right near the top is the actual build.sh command that
was run.

The machine is a VMware virtual machine.  I checked available disk
space, and that seems fine.  The machine has 256 MB of memory; I assume
that's fine.  The build is running with '-j2'; I assume that's fine,
but I could try no parallelism if that might help, but I'd be surprised
since I assume most everyone builds with parallelism.

I updated the CVS branch source just yesterday before building.

Does anyone know what's wrong and how to fix it?

Thank you!

Lewis

~~
$ cd /usr
$ BUILD-NetBSD all   
BUILDALL OVERALL start Mon Sep 22 21:47:28 CDT 2014
Building with branch token 6
Not ROOT: doing UNPRIVed build
ALL: doing full build to iso
BUILDALL MAIN release start Mon Sep 22 21:47:28 CDT 2014
=== build.sh command:./build.sh -m amd64 -j2 -u -U -O 
/usr/obj/stable-6/amd64 -T /usr/obj/stable-6/tools -D 
/usr/obj/stable-6/destdir/amd64 -R /usr/obj/stable-6/releasedir -X /usr/xsrc 
release
=== build.sh started:Mon Sep 22 21:47:28 CDT 2014
=== NetBSD version:  6.1_STABLE
=== MACHINE: amd64
=== MACHINE_ARCH:x86_64
=== Build platform:  NetBSD 6.1.4 amd64
=== HOST_SH: /bin/sh
=== No $TOOLDIR/bin/nbmake, needs building.
=== Bootstrapping nbmake
checking for sh... /bin/sh
checking for gcc... cc
[snip]
--- insn-preds.o ---
#   compile  backend/insn-preds.o
/usr/obj/stable-6/tools/bin/x86_64--netbsd-gcc -O2 -std=gnu99 -Werror
-Wno-stack-protector  -I. 
-I/usr/src/external/gpl3/gcc/usr.bin/backend/../gcc/arch/x86_64 -DIN_GCC 
-DHAVE_CONFIG_H -I/usr/src/external/gpl3/gcc/dist/gcc 
-I/usr/src/external/gpl3/gcc/dist/gcc/. 
-I/usr/src/external/gpl3/gcc/dist/gcc/../include 
-I/usr/src/external/gpl3/gcc/dist/gcc/../libcpp/include 
-I/usr/src/external/gpl3/gcc/dist/gcc/../libdecnumber 
-I/usr/src/external/gpl3/gcc/dist/gcc/../libdecnumber/dpd -I/usr/include/libelf 
-DTARGET_NAME=\x86_64--netbsd\ -I/usr/src/external/gpl3/gcc/dist/libgcc 
--sysroot=/usr/obj/stable-6/destdir/amd64 -DLOCALEDIR=\/usr/share/locale\ 
-DNETBSD_NATIVE -I. -std=gnu89  -cinsn-preds.c -o insn-preds.o
/usr/obj/stable-6/tools/bin/x86_64--netbsd-objcopy -x insn-preds.o
--- insn-recog.o ---
#   compile  backend/insn-recog.o
/usr/obj/stable-6/tools/bin/x86_64--netbsd-gcc -O2 -std=gnu99 -Werror
-Wno-stack-protector  -I. 
-I/usr/src/external/gpl3/gcc/usr.bin/backend/../gcc/arch/x86_64 -DIN_GCC 
-DHAVE_CONFIG_H -I/usr/src/external/gpl3/gcc/dist/gcc 
-I/usr/src/external/gpl3/gcc/dist/gcc/. 
-I/usr/src/external/gpl3/gcc/dist/gcc/../include 
-I/usr/src/external/gpl3/gcc/dist/gcc/../libcpp/include 
-I/usr/src/external/gpl3/gcc/dist/gcc/../libdecnumber 
-I/usr/src/external/gpl3/gcc/dist/gcc/../libdecnumber/dpd -I/usr/include/libelf 
-DTARGET_NAME=\x86_64--netbsd\ -I/usr/src/external/gpl3/gcc/dist/libgcc 
--sysroot=/usr/obj/stable-6/destdir/amd64 -DLOCALEDIR=\/usr/share/locale\ 
-DNETBSD_NATIVE -I. -std=gnu89  -cinsn-recog.c -o insn-recog.o
x86_64--netbsd-gcc: Internal error: Killed (program cc1 received signal 9)
Please submit a full bug report.
See http://www.NetBSD.org/Misc/send-pr.html for instructions.
*** [insn-recog.o] Error code 1
nbmake: stopped in /usr/src/external/gpl3/gcc/usr.bin/backend
--- insn-attrtab.o ---
/usr/obj/stable-6/tools/bin/x86_64--netbsd-objcopy -x insn-attrtab.o
1 error
nbmake: stopped in /usr/src/external/gpl3/gcc/usr.bin/backend
*** [dependall] Error code 2
nbmake: stopped in /usr/src/external/gpl3/gcc/usr.bin/backend
1 error

nbmake: stopped in /usr/src/external/gpl3/gcc/usr.bin/backend
*** [dependall-backend] Error code 2
nbmake: stopped in /usr/src/external/gpl3/gcc/usr.bin
1 error
nbmake: stopped in /usr/src/external/gpl3/gcc/usr.bin
*** [dependall-usr.bin] Error code 2
nbmake: stopped in /usr/src/external/gpl3/gcc
1 error

nbmake: stopped in /usr/src/external/gpl3/gcc
*** [dependall-gcc] Error code 2
nbmake: stopped in /usr/src/external/gpl3
1 error

nbmake: stopped in /usr/src/external/gpl3
*** [dependall-gpl3] Error code 2
nbmake: stopped in /usr/src/external
1 error

nbmake: stopped in /usr/src/external
*** [dependall-external] Error code 2
nbmake: stopped in /usr/src
1 error

nbmake: stopped in /usr/src
*** [do-build] Error code 2
nbmake: stopped in /usr/src
1 error

nbmake: stopped in /usr/src
*** [build] Error code 2
nbmake: stopped in /usr/src
1 error
nbmake: stopped in /usr/src
*** [distribution] Error code 2
nbmake: stopped in /usr/src
1 error

nbmake: stopped in /usr/src
*** [release] Error code 2

nbmake: stopped in /usr/src
1 error

nbmake: stopped in /usr/src

Re: netbsd-6 CVS branch amd64 build fails with gcc internal error

[J. Lewis Muir]

On 9/23/14, 3:08 PM, J. Lewis Muir wrote:
 The machine is a VMware virtual machine.  I checked available disk
 space, and that seems fine.  The machine has 256 MB of memory; I
 assume that's fine.  The build is running with '-j2'; I assume that's
 fine, but I could try no parallelism if that might help, but I'd be
 surprised since I assume most everyone builds with parallelism.

Hmm, I just noticed the following error message on the machine's
console:

  UVM: pid 19753 (cc1), uid 1000 killed: out of swap

So, maybe I am running out of memory?  Or a process has gone rogue?  Or
some other problem?

Thanks,

Lewis

Binary solution for security advisory 2014-009..012?

[J. Lewis Muir]

Hello, NetBSD Users.

In the NetBSD security advisories released on September 8 (i.e. 2014-009
to 2014-012 [1][2][3][4]) there are no binary-only instructions; the
only instructions are for compiling from source.

I'm not adverse to compiling from source, but so far I have avoided
needing to do that and have simply applied binary fixes according to
the instructions in each security advisory.  (I'm running 6.1.4.)  My
question, then, is what is the normal way to stay fully patched when
running the latest stable version not compiled from source?  Is it
normal to try to do what I've been doing, and the security advisories
noted above should have included binary instructions but didn't?  Or
is it basically required that I have a full source tree and be able to
compile the kernel and userland in order to address security advisories?

Thank you!

Lewis

[1] 
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-009.txt.asc
[2] 
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-010.txt.asc
[3] 
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-011.txt.asc
[4] 
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-012.txt.asc

Re: releng: how to follow NetBSD-6 STABLE branch

[J. Lewis Muir]

On 8/27/14, 5:59 PM, Greg Troxel wrote:
 It took me a while to be sure, but I think your detangling of
 maintenance/stable/security is supportable by the previous
 definitions.  I've committed this and presumably it should show up
 soonish on the server.  Please keep an eye out and let me know if it's
 ok.

Hi, Greg.

It has shown up for me and looks good!  Thanks!

Lewis

Source tarballs corresponding to CVS netbsd-6-1 branch?

[J. Lewis Muir]

Hello, NetBSD Users.

What source tarballs on the FTP server should I download as a starting
point for the CVS netbsd-6-1 branch (i.e. the security/critical
maintenance branch) to avoid doing an initial full checkout from CVS?

(I would then do a cvs update -Pd to ensure I've got the latest
changes for that branch.)

Here's my understanding of what's on the FTP server:

  NetBSD-6.1/source/sets  Snapshot at time of 6.1 release
  NetBSD-6.1.4/source/setsSnapshot at time of 6.1.4 release
  NetBSD-release-6/tar_files  Tri-weekly snapshot of CVS netbsd-6 branch

So, there are no tri-weekly snapshot source tarballs of the CVS
netbsd-6-1 branch, correct?

If correct, what source tarballs should I start with?  Should I start
with the latest security/critical release (a.k.a. teeny release), for
example, NetBSD-6.1.4/source/sets, and then do cvs update -r netbsd-6-1
-Pd?

Thanks!

Lewis

Re: NPF not loading and starting at boot

[J. Lewis Muir]

On 8/10/14, 4:11 PM, J. Lewis Muir wrote:
 Hello.

 I'm running amd64 NetBSD 6.1.4 (GENERIC) in a Red Hat KVM (RHEL 6.4.0
 PC) virtual machine.  I have configured NPF to load and start at boot
 by adding npf=YES to /etc/rc.conf.  However, after booting, NPF is
 not running:

 ===
 # npfctl show
 Filtering:  inactive
 Configuration:  empty
 ===

 Starting it by hand using the rc.d system works fine:

 ===
 # /etc/rc.d/npf start
 Enabling NPF.
 ===

I investigated some more.  I looked at /etc/rc and discovered that
/var/run/rc.log contains a log of the rc.d system start-up.  I checked
it, and it contains:

===
[running /etc/rc.d/npf]
Enabling NPF.
===

So, it looks like it's starting NPF OK.  To further check this, I added
the following to the end of /etc/rc.local:

===
/sbin/npfctl show  /tmp/rc.local-npfctl-show.txt 21
===

And after booting, that file in /tmp contains what I would expect as
if everything was OK at that point in the boot (which I understand is
fairly late in the start-up):

===
# head -n 2 /tmp/rc.local-npfctl-show.txt
Filtering:  active
Configuration:  loaded
===

But again, when I log into the machine via SSH after it boots and run
npfctl show, somehow NPF is off and the configuration is empty:

===
# npfctl show
Filtering:  inactive
Configuration:  empty
===

So, NPF is ending up turned off with an empty configuration between when
/etc/rc.local ran and when the rc.d system start-up finished.

Any ideas on what is causing this?

Thanks!

Lewis

Re: NPF not loading and starting at boot

[J. Lewis Muir]

On 8/12/14, 4:08 PM, Gerard Lally wrote:
 As a complete newcomer to npf I'm not sure if this is helpful, but
 here goes anyway: do you have logging turned on in your npf.conf, and
 if so, have you created the interface npflog0?

Hi, Gerard.

No, I don't have logging turned on (i.e. no 'procedure log { log:
npflog0 }' and no 'apply log' on any of my rules), and so I think I
shouldn't need the npflog0 interface.

Thanks,

Lewis

Re: NPF not loading and starting at boot

[J. Lewis Muir]

On 8/12/14, 4:38 PM, Leonardo Taccari wrote:
 Another possible problem... do you use inet4() or inet6()? If the
 interfaces are not up you will get an error (altough you can read it
 during the boot messages and probably in /var/log/messages too).

Hi, Leonardo.

Thanks for your comment.  I use inet4() in /etc/npf.conf.  But
/var/run/rc.log shows the interface being brought up before
/etc/rc.d/npf is run, so I would think it would be fine.  And I don't
see any related error messages in /var/log/messages.

Thanks,

Lewis

NPF not loading and starting at boot

[J. Lewis Muir]

Hello.

I'm running amd64 NetBSD 6.1.4 (GENERIC) in a Red Hat KVM (RHEL 6.4.0
PC) virtual machine.  I have configured NPF to load and start at boot by
adding npf=YES to /etc/rc.conf.  However, after booting, NPF is not
running:

===
# npfctl show
Filtering:  inactive
Configuration:  empty
===

Starting it by hand using the rc.d system works fine:

===
# /etc/rc.d/npf start
Enabling NPF.
===

Ideas?  How should I go about debugging this?

Thanks!

Lewis

Re: gethostbyname(3) doesn't appear to work under NetBSD-5.2 and NetBSD-6.1.x when hostnames appear only in /etc/hosts

[J. Lewis Muir]

On 6/19/14, 3:37 AM, Brian Buhrow wrote:
 Has anyone else run into this behavior?

Hi, Brian.

I do not have that problem on my system:

===
$ uname -a
NetBSD violin.my.domain 6.1.4 NetBSD 6.1.4 (GENERIC) amd64
$ grep piano /etc/hosts
192.168.98.1piano.my.domain piano
$ getent hosts piano
192.168.98.1  piano.my.domain  piano
===

I have not built a custom kernel, and I have not built the base system
from source.  Everything is from the install ISO or NetBSD build
tarballs.

Lewis

Re: gethostbyname(3) doesn't appear to work under NetBSD-5.2 and NetBSD-6.1.x when hostnames appear only in /etc/hosts

[J. Lewis Muir]

On 6/19/14, 2:19 PM, Martin Husemann wrote:
 On Thu, Jun 19, 2014 at 09:18:01PM +0200, Martin Husemann wrote:
 On Thu, Jun 19, 2014 at 01:58:27PM -0500, J. Lewis Muir wrote:
 I do not have that problem on my system:

 I can reproduce it both on netbsd-6 as well as on -current when using
 names that are not in DNS.

 Actually I can *ONLY* reproduce it with IPv6 entries, v4 ones work
 fine.

The only IPv6 entry in my /etc/hosts is the loopback entry:

===
::1 localhost localhost.
===

Lewis

Re: NPF: newbie experiencing some strange behavior

[J. Lewis Muir]

On 6/17/14, 4:02 PM, g.lister wrote:
 The next rule there is

 +++
 pass out final all
 +++

 I think it should be evaluated as it is after the blocking of TCP
 transactions so UDP should be going out, but following your comment I
 played around with allowing everything and/or adding a rule for UDP
 and I could get some date from a look up only when I let everything
 in and out. I think I am forgetting something about DNS and how query
 responses are delivered...

Hi, George.

Is the pass out final all rule stateful by default?  If not, then your
UDP query may be going out, but NPF would be blocking the response since
I don't see a rule to pass it in.

A client DNS query usually uses a UDP connection to a DNS server on port
53, but it can sometimes use a TCP connection on port 53.  It will send
a query to the server and expect a response.  It looks like your NPF
rules might be blocking that response.

 Thanks Lewis for getting me going on that path.

Sure.  Hope you get it working!

Best,

Lewis

Re: releng: how to follow NetBSD-6 STABLE branch

[J. Lewis Muir]

On 5/14/14, 1:31 PM, Helge Mühlmeier wrote:
 On 05/14/14 00:25, Jeff Rizzo wrote:
 Yep, it's the latest stable netbsd-6 branch code, which will
 eventually become NetBSD 6.2.

 If I understand you in right way there is a bug in CVS- Branch of
 NetBSD-6?

 What will happen now?

Hi, Helge.

I doubt there's a bug in how the branching was done.  I think there
might be some confusion about what branch tag you should be using.

What exact branch tag did you use when you retrieved the source from
CVS?

Conceptually, what branch are you wanting?

Lewis

Re: releng: how to follow NetBSD-6 STABLE branch

[J. Lewis Muir]

On 5/14/14, 5:14 PM, Helge Mühlmeier wrote:
 If I understand the terminology right there are maintenance branches
 like netbsd-6.1 which will be forked from netbsd-6 if the releng-team
 think it is time for it... netbsd-6 should be the same on that time
 stamp (tag) but will differ in future because netbsd-6 will get minor
 features too (not only security fixes).

 Am I right?

Hi, Helge.

(I'm new to NetBSD, so I could be mistaken.  If I am, hopefully an
experienced NetBSD user can correct me.)

I think you're mixing the names of branches with the CVS branch tag
names; they're not the same.  You mention netbsd-6: that's a CVS
branch tag name.  However, you also mention netbsd-6.1: that's *not* a
CVS branch tag name.

 I want to follow the most recent version of netbsd-6 on my computer.
 I guess there should be a NetBSD-6_STABLE if I build a distribution
 and kernel from those source (tag = netbsd-6).

If by netbsd-6 you mean the CVS branch tagged netbsd-6, then that's
obviously what you're following.  The problem may be that perhaps that's
not actually what you want.

The CVS branch tagged netbsd-6 is referred to as a stable branch and
will contain changes intended for the next minor release.  Right now,
the next minor release is 6.2.  So, assuming a 6.2 release is eventually
made, you will get changes that will eventually be in NetBSD 6.2.  To
say that in another way, if you do a CVS checkout with -r netbsd-6,
you will get all the changes that went into the 6.1 release, and you
will get all the changes intended for the 6.2 release (assuming that
release is eventually made).

Is that what you want?  If so, then there's nothing more to discuss.

But if by, I want to follow the most recent version of netbsd-6, you
actually mean you want to follow NetBSD 6.0 with any security/critical
fixes, then the branch you want is referred to as a security/critical
branch.  In CVS that branch has the tag name netbsd-6-0.  Right now,
that will include the changes for the NetBSD 6.0.5 release and any
changes intended for 6.0.6 (if that release is eventually made).

If you want to follow NetBSD 6.1 with any security/critical fixes, then
the CVS branch name is netbsd-6-1.  Right now, that includes changes
for the NetBSD 6.1.4 release and any changes intended for 6.1.5 (if that
release is eventually made).

Lewis

Re: NFS performances

[J. Lewis Muir]

On 5/12/14, 10:03 AM, Emmanuel Dreyfus wrote:
 Hello

 I have a NFS setup with both NetBSD 6 client and server over a gigabit
 network. Theperformance seems week, even whle client, server and
 network are almost idle.

 The test: time dd if=/dev/zero of=test bs=1024k count=100

 Done on the NFS server itself:
5.31s real 0.00s user 0.39s system

 Done over NFS:
9.82s real 0.00s user 0.12s system

 The overhead looks huge. This is a UDP mount with a 1500 bytes MTU,
 ping is at 0.8 ms from a virtualized client, ang 0.28 ms for a
 physical one.

 Are the numbers reasonable? Should I consider a 59% NFS overhead as
 acceptable, or are there some parameters to tweak?

Hi, Emmanuel.

I have no idea if it will help, but have you tried adjusting
the kernel's UDP send and receive buffer sizes (i.e., for IPv4,
net.inet.udp.sendspace and net.inet.udp.recvspace) with sysctl?

Lewis

Re: NFS performances

[J. Lewis Muir]

On 5/12/14, 10:03 AM, Emmanuel Dreyfus wrote:
 Hello

 I have a NFS setup with both NetBSD 6 client and server over a gigabit
 network. Theperformance seems week, even whle client, server and
 network are almost idle.

 The test: time dd if=/dev/zero of=test bs=1024k count=100

 Done on the NFS server itself:
5.31s real 0.00s user 0.39s system

 Done over NFS:
9.82s real 0.00s user 0.12s system

 The overhead looks huge. This is a UDP mount with a 1500 bytes MTU,
 ping is at 0.8 ms from a virtualized client, ang 0.28 ms for a
 physical one.

 Are the numbers reasonable? Should I consider a 59% NFS overhead as
 acceptable, or are there some parameters to tweak?

Hi, Emmanuel.

RHEL 5 machine writing to an NFS v3 mount over GigE (1500 MTU):
   1.22s real 0.00s user 0.06s system

That's way faster than even your local test.  So, I'd say your numbers
do not seem reasonable.

Have you already determined that the problem is with NFS, not the
network (e.g. by using netperf or maybe just time dd if=/dev/zero
bs=1024k count=100 | ssh NFS_SERVER 'cat  test')?

Lewis

Re: SVG viewer with zoom and pan (without loosing resolution)

[J. Lewis Muir]

On 9/27/13 11:37 PM, Mayuresh wrote:
 Is there an SVG viewer that lets zoom and pan SVG images without loss
 of resolution?

 Tried qiv, gimp, ImageMagick and firefox, all of whom render but don't
 maintain resolution when zooming.

 firefox used to have a plugin to do this. Seems discontinued by Adobe
 now.

 Mayuresh


Hi, Mayuresh.

Not a just a viewer, but since you've considered GIMP and ImageMagick,
what about Inkscape?

Lewis