Re: Can "pre installed Windows" on a laptop be used as a VM

[Jason Mitchell]

Hello,

Two ways:

1) Shrink the partition. Use dd to create an image of the partition and use 
that for the vm image.

2) If you have the restore DVD you could run it from a VM.

HTH,

Jason M.

On Nov 27, 2022, 10:51 AM, at 10:51 AM, Mayuresh  wrote:
>I have ordered a new laptop and hoping to run NetBSD as primary OS on
>it
>if things go fine. (See my other post on chipset, graphics processor
>etc.)
>
>This laptop comes with pre-installed Windows. I do not need and do not
>use
>Windows. But since I am being given one, can I just keep the option to
>use
>it open e.g. as a qemu guest on NetBSD (or Linux for that matter). Is
>there something I need to do before I wipe out the pre-installed
>Windows?
>
>--
>Mayuresh

Re: Raspberry Pi as wireless AP, with pluggable usb modem

[Jason Mitchell]

Hello,

You need to run hostapd (included in NetBSD) to do WPA-PSK and dhcpcd to assign 
ip addresses. Also, there's a flag in ifconfig to put the wlan in AP mode. This 
link is old but seems to cover what you need to do to set up an AP under NetBSD:

https://mrrooster.tumblr.com/post/62694672/netbsd-wpa-wireless-ap

I think I'd set up the phone tether first because that might be problematic as 
you're dealing with external hardware. The wireless AP stuff looks 
straightforward (unless the WLAN Pi 3b driver doesn't support AP mode). You can 
test that by running the ifconfig command (from the link) and try to get the AP 
working with no encryption first. If those two things work check out then this 
can definitely be done.

But I don't know how to get NetBSD to use any phone that's plugged in to tether 
automatically. Some phones might still appear as a serial connection whereas 
others could use RNDIS (I don't know about getting that to work on NetBSD).

HTH,

Jason M.


On Jan 2, 2022, 11:27 AM, at 11:27 AM, Mayuresh  wrote:
>Is it possible to set up RPI (3B) as a WiFi AP and use a USB device (a
>modem or USB tethered phone) to connect to the internet?
>
>A different USB device may be used at different times, so the interface
>may vary (or may sometimes be absent). Ideally it should not require
>manually running a command depending on the device plugged.
>
>If feasible, please help with more pointers or information.
>
>--
>Mayuresh

Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH

[Jason Mitchell]

On 10/5/21 12:12 PM, Manuel Bouyer wrote:

On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaro...@polynum.com wrote:

Hello,

I'm trying to set-up a node with sendmail(8).

In order to not be blocked, eventually, by some firewall rule on port
25, I'm relaying mail to a smart host, listening on port 587 for
STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme.

For relaying, forwarding to port 587 and starting TLS with sendmail, no
problem after adding the needed options for the compilation of the
package.

But whatever I'm trying to do, having added a
/usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed
cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon,
sendmail, without dialoguing with the server (for this; STARTTLS
is OK) always answers:

no worthy mechs found

So the blocking comes from sendmail. I have verified by telnet, that
doing authenfication by hand works.

>From a search on the Web, when this kind of message is issued with
Postfix, on Linux based distribution, the problem is solved whether
by adding sasl modules or by specifying a configuration variable
for Postfix allowing plaintext authenfications (that is not allowed
by default).

But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd
are sufficient and there is no such thing as this sasl-security
conf variable for sendmail.

For sasl suport (as a server, not as a client though) I have to build sendmail
with
PKG_OPTIONS.sendmail+=sasl tls

It doesn't look like you installed the cy2_login and cy2_plain packages. 
I don't quite understand how it all fits together, but you need to 
install the cy2_ package for whatever mech you want to support. I guess 
these are where the modules live on NetBSD?


HTH,

Jason M.

Re: Install on Pi3

[Jason Mitchell]

Sorry for top posting. If the instructions for the Pi4 are any guide you need 
to get the EFI bootloader for the Pi3 (if such a thing exists). The Generic 
ARM64 image expects that the boot code will execute /EFI/boot/.EFI. 
That file finds the NetBSD partition and loads the kernel from there.

The standard RPi bootcode looks for kernel.img (or kernel7.img) which is the 
operating system kernel (there are a few files in between, but I'm not sure 
which is which). NetBSD can take a kernel and convert it to .img format. That 
should be your backup plan, although you'd need a NetBSD machine to do this. It 
doesn't have to be an aarch64 machine, though.

The color mesh is usually a sign that the Pi couldn't boot. There should also 
be a green led that blinks 4 times to let you know that a boot failed (might 
only be for Pi4).

But the easiest way to run NetBSD on an RPi is to download a pre-built image. 
Check the port-arm list archives for posts by Jun Ebihara. I'm not sure if his 
Pi3 image in 32 or 64 bit, though.

HTH,

Jason M.

⁣Get BlueMail for Android ​

On Sep 16, 2021, 7:06 PM, at 7:06 PM, Greg Troxel  wrote:
>
>James Cloos  writes:
>
>>  https://wiki.netbsd.org/ports/evbarm/raspberry_pi/
>>
>> i tried using:
>>
>>
>https://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/latest/evbarm-aarch64/binary/gzimg/arm64.img.gz
>>
>> but all i get is a red-yellow-blue-cyan colour mesh
>> on the monitor.
>>
>> Does that colour mesh imply a failed boot?
>
>I hope somebody who knows more will help you, but yes, I believe that
>implies it didn't work.
>
>Presumably you did gunzip and then dd.   Also presumably a RPI2.1, 3,
>or
>4, as earlier ones do not have aarch64.
>
>You might try with no card, to see if you get the same syndrome.
>
>> (w/out net and secsh it is impossible for me to see what is wrong...)
>
>I would try hooking up a serial console if you have the cable.
>
>> (I guessed that HEAD holds current.  Is that accurate?)
>
>Yes.  Current is the logical name, and HEAD is the CVS branch
>pseudoname.
>
>> I should note that i do not have any other bsd running, and thus no
>> access to the ufs fs.
>
>You should be able to look at the uSD contents and see a partition
>table
>and I would expect a dos fs with boot stuff.

Re: IPF rules

[Jason Mitchell]

On 7/1/21 10:17 PM, Todd Gruhn wrote:

I like the point about DNS -- sooo if I accept tcp/53 and udp/53, that
can speed things
up?

On Thu, Jul 1, 2021 at 10:03 PM Todd Gruhn  wrote:

How would I know if IPF is the problem?

I stole the IPF rules from 2 of the IPF examples in /usr/share/examples/ipf

On Thu, Jul 1, 2021 at 9:39 PM Brett Lymn  wrote:

On Thu, Jul 01, 2021 at 07:05:13PM -0400, Todd Gruhn wrote:

Is there a way to order IPF-rules so I can get on gmail quicker?
What about speeding up network access in general?

A couple of thoughts:

1) are you sure it is ipf causing the issue? How is gmail without the
firewall on?  I wouldn't expect a performance impact from ipf unless
your firewalling is very complex.

2) are you sure your rules are correct?  A particularly favourite
hobby-horse of mine is people  blocking DNS over tcp/53 due to the
totally WRONG belief that only dns zone transfers use tcp/53.  This is
WRONG (did I say wrong?) - if a DNS response won't fit into a UDP packet
then the DNS server will reply to the client telling it to try over tcp.
If your firewall doesn't allow that to happen there may be delays in
name resolution which could cause the appearance that gmail is slow.

--
Brett Lymn
--
Sent from my NetBSD device.

"We are were wolves",
"You mean werewolves?",
"No we were wolves, now we are something else entirely",
"Oh"


I think you would only need to allow inbound connections to tcp port 53 
if you were running a nameserver on your machine. You would want to make 
sure that you allow outbound connections on tcp port 53 from your 
nameserver in any case. Are you using your own nameserver or are you 
using another machine for name resolution?


If the nameserver isn't on your computer than: "nc -w 4 -v ip> 53" will let you know if you can connect to that server on port 53. 
(-v = verbose, -w 4 = 4 second timeout so you don't wait forever). If 
there's a network problem the connection will timeout or you'll get an 
error. Here are examples:


# nc -w 4 -v 8.8.8.7 53
nc: connect to 8.8.8.7 port 53 (tcp) failed: Connection timed out

# nc -w 4 -v 8.8.8.8 53
Connection to 8.8.8.8 53 port [tcp/domain] succeeded!

# nc -w 4 -v  53
nc: connect to  port 53 (tcp) failed: Connection refused

Use Ctrl-D to close nc if a connection is made. If you're not sure what 
nameserver you're using then "resolvconf -l" should show you. I'm 
simplifying somewhat as things can be (much) more complicated. But 
hopefully I've made things somewhat clearer. 


And I use mail.google.com somewhat often and it goes to the same place 
as gmail.com.


Thanks,

Jason M.

Re: Cant start ipf

[Jason Mitchell]

Todd,

Well, to fix this problem you need to get the HEAD version of the ipf 
binary. If you already have all of the HEAD source code, you could go to 
/usr/src/sbin/ipf and run make and that will build the correct binary. 
If not, you could download base.tar.?z for HEAD and run:


tar -xzvpf base.tar.?z *ipf*

That would extract any files with ipf in the name (in their 
subdirectories - in this case sbin, so it will create ./sbin/ipf*). Then 
try to run "./ipf -f /etc/ipf.conf" (to use the local ipf rather than 
the one that's in /sbin and see if it works. If so, you're done. Save 
the old ipf and place the new ipf in /sbin. Then the rc.d script should 
work fine.


If not then you could run ldd against the ipf binary to show what 
libraries are needed. It might be possible to unpack those libraries 
(assuming there's no conflict with existing libraries). But, you 
probably should just do an in-place upgrade so all of your binaries 
match the kernel. There's instructions in the history of this list that 
will walk you through that.


Since I was right about the problem, I'm cc'ing the list again. Sorry 
about the top posting, the mail client I was using before has mucked up 
the formatting so I can't post at the bottom :(


Thanks,

Jason M.

Get BlueMail for Android <https://bluemail.me>
On Jun 26, 2021, at 9:59 PM, Todd Gruhn <mailto:tgru...@gmail.com>> wrote:


   Exactly, Jason. Ideas? I also  upgraded the rest of the software.
   This is a first for me.

   On Sat, Jun 26, 2021 at 9:01 PM Jason Mitchell  wrote:

   I'm guessing it means the ipf binary (named ipf) version doesn't
   match the kernel version of ipf. Are you by any chance running a
   HEAD kernel with 9.x userland (the userland comes from
   base.tar.?x, and the other sets.) Thanks, Jason M. Get BlueMail
   for Android On Jun 26, 2021, at 5:56 PM, Todd Gruhn
wrote:

   I made some changes to my ipf rulebase. Then I deleted
   /var/log/ipmonlog ; and did "touch ipmonlog" /bin/ksh
   /etc/rc.d/ipfilter start Enabling ipfilter. 0:open device:
   Device not configured 0:SIOCFRENB: Bad file descriptor open
   device: Device not configured User/kernel version check
   failed open device: Device not configured User/kernel
   version check failed 0:1:ioctl(add/insert rule)
   0:3:ioctl(add/insert rule) 0:4:ioctl(add/insert rule)
   0:6:ioctl(add/insert rule) 0:7:ioctl(add/insert rule)
   0:8:ioctl(add/insert rule) 0:10:ioctl(add/insert rule) Whats
   with the 'kernel-version check failed' ? I am currently
   running NetBSD-9.*-HEAD 

Re: VLC

[Jason Mitchell]

Just use Google and add site:NetBSD.org (or mail-index.netbsd.org) to your 
query. Other search engines probably support this also.

Jason M.

⁣Get BlueMail for Android ​

On May 27, 2021, 9:59 PM, at 9:59 PM, Todd Gruhn  wrote:
>Is there a nice way  to search these mail threads with a SE?
>
>On Thu, May 27, 2021 at 8:55 PM Jeffrey Walton 
>wrote:
>>
>> On Thu, May 27, 2021 at 8:44 PM Todd Gruhn  wrote:
>> >
>> > I been using VLC to listen to music recently.
>> > I tried to watch a DVD -- and it refuses to work.
>> >
>> > Is it better to invoke VLC 2 different ways :
>> > One way for music
>> > Another way for video
>> >
>> > Then I can stick them in an  mwm menu and click on the way I
>> > wish to invoke VLC...
>>
>> Some DVDs have CSS protection, which encrypts the DVD's data. I
>> believe VLC needs a plugin to decode the encrypted data stream.
>>
>> I don't know what is needed for NetBSD, however. You might try
>> installing libdvdcss if it is available. Also see the thread "Running
>> VLC" by Todd Gruhn at
>> https://mail-index.netbsd.org/netbsd-users/2021/03/04/msg026673.html.
>>
>> For Ubuntu, the process is shown at
>> https://help.ubuntu.com/community/RestrictedFormats/PlayingDVDs.
>>
>> Jeff

Re: Problems with spawning windows

[Jason Mitchell]

On 5/26/21 2:48 PM, Jason Mitchell wrote:

Hello,

    I'm having trouble with a set of scripts that launch different 
windows, running scripts that launch other windows. I made the 
following three simpler scripts as a test case. Here's what happens 
written out, just in case it helps someone follow along (actual 
scripts are below).


    testwin.sh opens an xterm and has the xterm run testwin2.sh. 
testwin2.sh then runs testwin3.sh which opens another xterm running 
rinetd.sh


    The problem is when testwin2.sh finishes the windows it spawned 
close as well. However, if I just run testwin2.sh from the command 
line this doesn't happen.


Obviously, I'm missing something here. What am I doing wrong? Just to 
be complete, I'm running this in a virtual X windows setup using Xvnc 
from TigerVNC. All of the applications are running from an embedded 
ram disk.


Thanks!

Jason M.


# uname -a
NetBSD ARMNUK 9.1 NetBSD 9.1 (ARMNUK) #0: Fri May  7 19:41:32 UTC 
2021  root@BreakingBad:/root/obj/sys/arch/evbarm/compile/ARMNUK evbarm


#cat testwin.sh

#!/bin/sh
#. /system.conf
( /usr/X11R7/bin/rxvt -fn 6x13 -fb fixed -g 80x35+250+250 -e 
/usr/bin/testwin2.sh ) >>/config/tmp/winout.txt 
2>>/config/tmp/winout.txt &



# cat testwin2.sh

#!/bin/sh
#. /system.conf
#showvar DISPLAY
sh /usr/bin/testwin3.sh  ( /usr/X11R7/bin/rxvt -fn 6x13 -fb fixed -g 80x25+0+0 -e 
/script/rinetds.sh ; ) 
#wait
echoerr "That's all folks!"


As soon as I post something, I immediately figure out a solution. 
Testwin2.sh would produce error messages:


root@ARMNUK:/usr/bin# sh testwin2.sh
rinetd is running. Better catch it
stty: TIOCGLINED: Operation not supported
stty: TIOCGLINED: Operation not supported
That's all folks!

So adding stty sane to testwin.sh and testwin2.sh makes the test case 
work. But, it doesn't stop the error messages in my actual scripts. 
There this error shows up repeatedly:


stty: TIOCGLINED: Operation not supported

stty -kerninfo doesn't stop it either.

Thanks,

Jason M.

Problems with spawning windows

[Jason Mitchell]

Hello,

    I'm having trouble with a set of scripts that launch different 
windows, running scripts that launch other windows. I made the following 
three simpler scripts as a test case. Here's what happens written out, 
just in case it helps someone follow along (actual scripts are below).


    testwin.sh opens an xterm and has the xterm run testwin2.sh. 
testwin2.sh then runs testwin3.sh which opens another xterm running 
rinetd.sh


    The problem is when testwin2.sh finishes the windows it spawned 
close as well. However, if I just run testwin2.sh from the command line 
this doesn't happen.


Obviously, I'm missing something here. What am I doing wrong? Just to be 
complete, I'm running this in a virtual X windows setup using Xvnc from 
TigerVNC. All of the applications are running from an embedded ram disk.


Thanks!

Jason M.


# uname -a
NetBSD ARMNUK 9.1 NetBSD 9.1 (ARMNUK) #0: Fri May  7 19:41:32 UTC 2021  
root@BreakingBad:/root/obj/sys/arch/evbarm/compile/ARMNUK evbarm


#cat testwin.sh

#!/bin/sh
#. /system.conf
( /usr/X11R7/bin/rxvt -fn 6x13 -fb fixed -g 80x35+250+250 -e 
/usr/bin/testwin2.sh ) >>/config/tmp/winout.txt 2>>/config/tmp/winout.txt &



# cat testwin2.sh

#!/bin/sh
#. /system.conf
#showvar DISPLAY
sh /usr/bin/testwin3.sh  ( /usr/X11R7/bin/rxvt -fn 6x13 -fb fixed -g 80x25+0+0 -e 
/script/rinetds.sh ; ) 
#wait
echoerr "That's all folks!"

Re: remserial and usb converters

[Jason Mitchell]

On 5/22/21 12:40 AM, Jason Mitchell wrote:

Hello,

    I'm trying to set up a NetBSD appliance that will (among other 
things) allow access to devices connected by USB serial adapters. The 
USB serial adapter works -- using minicom I can access the far end 
device (a Cisco 819). However when I use remserial, there's a problem 
-- remserial doesn't open the TCP Port. Starting minicom on the same 
USB serial port (minicom -b 9600 -D /dev/ttyU0) fixes the problem (I 
do this while remserial is running). This is a custom appliance with 
everything in an embedded ramdisk but I have seen this problem on 
another evbarm box running a standard install.


   The remserial command is:

remserial -d -p 48310 -s "9600 sane" /dev/ttyu0 &

    The platform is evbarm/aarch64 (ODROID-C2). The serial adapter is 
identified as:


[ 4.939771] uftdi0: FTDI (0x403) FT232R USB UART (0x6001), rev 
2.00/6.00, addr 3

[ 4.939771] ucom0 at uftdi0 portno 1

And here's the output from some relevant commands.

    uname -a

NetBSD ARMNUK 9.1 NetBSD 9.1 (ARMNUK) #0: Fri May  7 19:41:32 UTC 
2021  root@BreakingBad:/root/obj/sys/arch/evbarm/compile/ARMNUK evbarm


    ls -al /dev/ttyU0

crw---  1 66  wheel  74, 0 May 21 03:55 /dev/ttyU0

    stty -f /dev/ttyU0 -a
speed 9600 baud; 0 rows; 0 columns; queue = 1024; line = termios;
lflags: -icanon -isig -iexten -echo -echoe -echok -echoke -echonl
    -echoctl -echoprt -altwerase -noflsh -tostop -flusho -pendin
    -nokerninfo -extproc
iflags: -istrip -icrnl -inlcr -igncr -ixon -ixoff -ixany -imaxbel ignbrk
    -brkint -inpck -ignpar -parmrk
oflags: -opost -onlcr -ocrnl -oxtabs -onocr -onlret
cflags: cread cs8 -parenb -parodd -hupcl clocal -cstopb crtscts -mdmbuf
    -cdtrcts
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = ;
    eol2 = ; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
    min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ^T;
    stop = ^S; susp = ^Z; time = 5; werase = ^W;

    remserial is being run as root (currently the only user account on 
the box). I'll change that once things are working. Any help is 
greatly appreciated. Thanks!


Jason M.



Replying to myself. It's an ugly hack but "echo ~. | cu -l /dev/ttyU0" 
after running remserial gets things working.

remserial and usb converters

[Jason Mitchell]

Hello,

    I'm trying to set up a NetBSD appliance that will (among other 
things) allow access to devices connected by USB serial adapters. The 
USB serial adapter works -- using minicom I can access the far end 
device (a Cisco 819). However when I use remserial, there's a problem -- 
remserial doesn't open the TCP Port. Starting minicom on the same USB 
serial port (minicom -b 9600 -D /dev/ttyU0) fixes the problem (I do this 
while remserial is running). This is a custom appliance with everything 
in an embedded ramdisk but I have seen this problem on another evbarm 
box running a standard install.


   The remserial command is:

remserial -d -p 48310 -s "9600 sane" /dev/ttyu0 &

    The platform is evbarm/aarch64 (ODROID-C2). The serial adapter is 
identified as:


[ 4.939771] uftdi0: FTDI (0x403) FT232R USB UART (0x6001), rev 
2.00/6.00, addr 3

[ 4.939771] ucom0 at uftdi0 portno 1

And here's the output from some relevant commands.

    uname -a

NetBSD ARMNUK 9.1 NetBSD 9.1 (ARMNUK) #0: Fri May  7 19:41:32 UTC 2021  
root@BreakingBad:/root/obj/sys/arch/evbarm/compile/ARMNUK evbarm


    ls -al /dev/ttyU0

crw---  1 66  wheel  74, 0 May 21 03:55 /dev/ttyU0

    stty -f /dev/ttyU0 -a
speed 9600 baud; 0 rows; 0 columns; queue = 1024; line = termios;
lflags: -icanon -isig -iexten -echo -echoe -echok -echoke -echonl
    -echoctl -echoprt -altwerase -noflsh -tostop -flusho -pendin
    -nokerninfo -extproc
iflags: -istrip -icrnl -inlcr -igncr -ixon -ixoff -ixany -imaxbel ignbrk
    -brkint -inpck -ignpar -parmrk
oflags: -opost -onlcr -ocrnl -oxtabs -onocr -onlret
cflags: cread cs8 -parenb -parodd -hupcl clocal -cstopb crtscts -mdmbuf
    -cdtrcts
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = ;
    eol2 = ; erase = ^?; intr = ^C; kill = ^U; lnext = ^V;
    min = 1; quit = ^\; reprint = ^R; start = ^Q; status = ^T;
    stop = ^S; susp = ^Z; time = 5; werase = ^W;

    remserial is being run as root (currently the only user account on 
the box). I'll change that once things are working. Any help is greatly 
appreciated. Thanks!


Jason M.

Re: Is it possible to force an application to use newer OpenSSL from pkgsrc?

[Jason Mitchell]

This loads the newer SSL libs. before the normal shared libs. are
tried. The runtime linker will then be able to satisfy program function
dependencies using the preloaded libraries.

I still prefer the "building stunnel from source against the pkgsrc 
OpenSSL"

method.

-RVP


Thanks for the info. I actually did rebuild stunnel from source but it 
still links against OpenSSL 1.1.1g. Did I need to set the 
LD_LIBRARY_PATH before make? Thanks!

Re: Is it possible to force an application to use newer OpenSSL from pkgsrc?

[Jason Mitchell]

Sorry for top posting, but the app is compiled against libcrypyo.so.14 (openssl 
1.1.1g) whereas I want it to use libcrypto.so.1.1 (OpenSSL 1.1.1i)

But your solution is useful info. Thanks!

Jason M.

⁣Get BlueMail for Android ​

On Mar 28, 2021, 5:22 PM, at 5:22 PM, RVP  wrote:
>On Sun, 28 Mar 2021, Jason Mitchell wrote:
>
>> I'm running into some problems with stunnel and I'd like to have
>stunnel use
>> the newer stunnel in pkgsrc. Currently it's using 1.1.1g (which I
>assume is
>> installed with 9.1). Recompiling stunnel didn't help matters.
>>
>> Any suggestions are welcome. If I should/could provide more
>information
>> please let me know.
>>
>
>As the library versions seem the same, try:
>
>echo /usr/pkg/lib >> /etc/ld.so.conf
>
>This is a global change.  Another way is to set
>LD_LIBRARY_PATH=/usr/pkg/lib _only_ for stunnel:
>
>env LD_LIBRARY_PATH=/usr/pkg/lib stunnel ...
>
>Wrap it up in a shell-script.
>
>-RVP

Is it possible to force an application to use newer OpenSSL from pkgsrc?

[Jason Mitchell]

Hello,

I'm running into some problems with stunnel and I'd like to have stunnel 
use the newer stunnel in pkgsrc. Currently it's using 1.1.1g (which I 
assume is installed with 9.1). Recompiling stunnel didn't help matters.


Any suggestions are welcome. If I should/could provide more information 
please let me know.


Thanks!

Jason M.

root@sevenofnine:/usr/lib# /usr/pkg/bin/openssl version
OpenSSL 1.1.1i  8 Dec 2020
root@sevenofnine:/usr/lib# /usr/bin/openssl version
OpenSSL 1.1.1g  21 Apr 2020
root@sevenofnine:/usr/lib# ldd /usr/bin/openssl
/usr/bin/openssl:
    -lssl.14 => /usr/lib/libssl.so.14
    -lcrypto.14 => /usr/lib/libcrypto.so.14
    -lcrypt.1 => /usr/lib/libcrypt.so.1
    -lc.12 => /usr/lib/libc.so.12
root@sevenofnine:/usr/lib# ldd /usr/lib/bin/openssl
ldd: /usr/lib/bin/openssl: No such file or directory
root@sevenofnine:/usr/lib# ldd /usr/pkg/bin/openssl
/usr/pkg/bin/openssl:
    -lssl.1.1 => /usr/pkg/lib/libssl.so.1.1
    -lcrypto.1.1 => /usr/pkg/lib/libcrypto.so.1.1
    -lpthread.1 => /usr/lib/libpthread.so.1
    -lc.12 => /usr/lib/libc.so.12
root@sevenofnine:/usr/lib# ldd /usr/pkg/bin/stunnel
/usr/pkg/bin/stunnel:
    -lssl.14 => /usr/lib/libssl.so.14
    -lcrypto.14 => /usr/lib/libcrypto.so.14
    -lcrypt.1 => /lib/libcrypt.so.1
    -lc.12 => /usr/lib/libc.so.12
    -lutil.7 => /usr/lib/libutil.so.7
    -lwrap.1 => /usr/lib/libwrap.so.1
    -lpthread.1 => /usr/lib/libpthread.so.1
root@sevenofnine:/usr/lib# /usr/pkg/bin/stunnel -v
[ ] Initializing inetd mode configuration
[ ] Clients allowed=500
[.] stunnel 5.57 on x86_64--netbsd platform
[.] Compiled/running with OpenSSL 1.1.1g  21 Apr 2020
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP

Re: Creating a GPT tab

[Jason Mitchell]

On 1/24/21 11:52 PM, Brook Milligan wrote:


The drive I am trying to replicate manually is from an evbmips (octeon) system 
that is working fine and was (more or less) created by NetBSD tools for a 
release.


This is key information. I'm guessing, in the past, that the hpcmips 
boot loader (u-boot) didn't recognize the GPT MSDOS partition that 
contained bootefi. I wonder if that's still the case.


You could try deleting the the msdos partition from the MBR (I'd back 
the MBR up first) and see if the machine still boots. If so then you 
should make the GPT protective partition in the MBR cover the entire disk.


If the MBR MSDOS partition is needed then you should have the GPT 
protective partition start at 196608 (32768 + 163840) and cover the 
remainder of the disk. Are you looking to script the creation of the 
disk image? If not, sysinst should create the GPT partitions with no 
difficulty. You'll need to add the MBR partition(s) by hand.


If you're having getting the machine to boot, you may be missing the 
u-boot code that's in the blank space before the start of the MSDOS 
partition (sectors 34 to 32767). You could copy the u-boot code using dd 
or look for in pkgsrc for a package that will build the boot code for 
you. Such a package would give you the command to copy the boot loader 
to other disks.


Having the GPT partition table start at sector 1 shouldn't be a problem. 
An unscientific survey of the machines I have with GPT tables shows that 
all of them have the GPT header in sector 1.


HTH,

Jason M.

Re: postfix for 2 domains on 1 vps 1 ip

[Jason Mitchell]

On 1/3/21 1:08 AM, Bob Proulx wrote:

Jason Mitchell wrote:

Everything you have written is totally accurate, but self signed
certificates for SMTP may be going away.

The latest version of Thunderbird requires a valid certificate on
the SMTP server it uses.

(Sorry for the formatting, I can't send mail from my laptop until I
fix the certificate issue (: )

Uhm... yes... your formatting problematic.  Your message was missing
entirely from the plain text version of the message!  That's not good.
That made things super confusing.  It only appeared in the html text
version of the message.  I had to dig it out! :-)

I am not using Thunderbird (mutt user here) but I must ask for
clarification.  Perhaps there are other Thunderbird users who know?

As far as I know Thunderbird will *read* mail using many possible
different protocols perhaps the most typical today being IMAPS using a
TLS IMAP connection and that TLS connection needs a valid certificate.
That is most easily done using Let's Encrypt and a Domain Validation
certificate.  Works great.  Zero cost.  Dovecot is typical to serve
IMAPS.

Then Thunderbird will *send* mail using again many possible protocols
but perhaps most typically using an authenticated SMTP to the
submission port 587 on the configured mail server.  Postfix is my
preference.  This outbound connection to the submission port will use
STARTTLS most typically and will require authentication credentials.
An account name and password.



I'm referring to implicit SSL for SMTP -- port 465. I'm doing it with 
stunnel, but I assume later MTA's do this internally. However, it 
appears I was wrong, it wasn't the certificate being the problem, it was 
the TLS version.


And mail.com is one site that requires the forward/reverse DNS lookups 
to match (regardless of SPF), in case anyone wanted an example.


Jason M.

Re: postfix for 2 domains on 1 vps 1 ip

[Jason Mitchell]

On Jan 1, 2021, 8:53 PM, at 8:53 PM, Bob Proulx  wrote:
>Mayuresh wrote:
>> I am faced with a requirement to merge the mail servers running on 2
>VPSes
>> into 1, with a single ip address on NetBSD 9.1 amd64.
>
>Generally this should not be a problem for a single server to handle
>email for multiple domains.  Assuming that one FQDN is chosen to be
>the exit node.  Then all is easy and straight forward.
>
>> I searched around, mainly tls certificate of both domains being
>different
>> looks a bit gray to me. Some posts say it is possible, while some
>cite
>> issues with it.
>
>STARTTLS for SMTP is opportunistic unless specifically configured for
>the point-to-point connection between sites.  Therefore most SMTP
>servers use a self-signed certificate by default and without validity
>checking.  Many use CA valid certificates because that is also easy to
>set up.  But for the most part SMTP is not a high security transfer
>protocol when connecting between random servers.  Only when
>specifically configured between two cooperating servers.
>
>In any case the authoritative documentation is better than any summary
>I might make.
>
>http://www.postfix.org/TLS_README.html
>
>> I can get into experimenting, but thought of getting a word of advice
>on
>> the overall idea, feasibility, alternatives etc.
>
>I think you are asking if you can make one IP address appear as if it
>is the two original servers.
>
>http://www.postfix.org/MULTI_INSTANCE_README.html
>
>At some level of outbound direction traffic that is possible, but my
>opinion is that it is not worth the effort.  And not for the inbound
>direction.  That would require multiple IP addresses and binding to
>the specific one individually.  One of those questions where "if you
>have to ask, then you shouldn't do it" types of things.
>
>Instead I would configure one server that can handle multiple domains.
>
>http://www.postfix.org/VIRTUAL_README.html
>
>> If performance isn't critical, purely from networking point of view,
>would
>> it be possible to run one of the domains in a VM so that both postfix
>> instances can be watertight.
>
>> Alternatively if getting 2 ip addresses is considered as an option
>would
>> it ease anything?
>
>Running VMs with their own address would make them look exacty like
>different hosts.  And the extra layers would add to the security.
>
>Postfix is very secure in a standard configuration.
>
>> [Similar question would arise for http, but as of now one domain uses
>http
>> and the other uses https, so that should be manageable.]
>
>My opinion is that this just sets things up to be a problem later when
>the one domain that uses http decides that https is now needed.  And
>for when the https domain decides that they would like to switch to
>Domain Validation certificates using Let's Encrypt on http.
>
>SNI for HTTP is very well supported now.  I would just use one host,
>one IP, and multiple HTTP Virtual Hosts.
>
>Bob

sysinst bug in changing gpt partition type?

[Jason Mitchell]

Hello,

I just tried to use sysinst to tweak one got partition on an nvme disk 
(9.0_STABLE). I was trying to change the partition from NetBSD Swap to 
NetBSD FFS and got this error message:


 Status: Command failed
    Command: gpt label -b 42352674 -T 
49f48d5a-b10e-11dc-b99b-0019d1879648 ld4


(I was doing this as a test). It seems as if sysinst is using “gpt 
label”where it should use “gpt type”. If you take the original command 
substitute “type” for “label”:


gpt type -b 42352674 -T 49f48d5a-b10e-11dc-b99b-0019d1879648 ld4

then the command succeeds.

AFAIK "gpt type" is the way to give a gpt partition a new type whereas 
"gpt label" assigns a label to the partition (to be used with "NAME=" in 
fstab. Is that correct? Should I file a PR?


Thanks,

Jason M.

Re: Configure NetBSD as a gateway for LAN hosts

[Jason Mitchell]

⁣Get BlueMail for Android ​

On Oct 12, 2020, 2:10 PM, at 2:10 PM, Rocky Hotas  
wrote:
>Hello!
>Thanks to your suggestions for a NIC (in particular, thanks to Martin:
>Realtek worked), I configured a second NIC in a NetBSD 9.0 (release)
>machine.
>I would like to use it as a 1) gateway and 2) DHCP server, but didn't
>find much documentation as regards problem 1).
>
>Assume that the machine's hostname is netbsd_gateway and its two NICS
>are NIC1 and NIC2.
>
>My intention is to create two subnets: subnet1 for all the LAN hosts,
>included NIC1, and subnet2 just for NIC2 and the modem. This second
>subnet should never be directly accessible from the LAN hosts.
>
>In this moment, netbsd_gateway should simply forward the packets
>(sent from LAN hosts to the external internet) to the modem and the
>packets from the modem (coming from internet) to the proper LAN
>destination host.
>
>(As a further step, I would like to use a traffic shaping tool, to
>tweak
>the available bandwidth and priority for single hosts, but this is a
>separate problem).
>
>IIUC, some preliminary operations are:
>
>- put `net.inet.ip.forwarding=1' in /etc/sysctl.conf;
>- put `gateway_enable="YES"' in /etc/rc.conf.
>
>But then I don't know how to proceed. Which is the correct approach?
>Should I use npf? I found that /usr/share/examples/npf/l2tp_gw-npf.conf
>depicts something similar to what I'm trying to do, but it includes
>several filterings and protocols.
>Should I build a bridge? And how to configure the routing tables?
>
>I'm aware that these are many questions.
>Of course, if anyone knows about a tutorial or guide, it's hugely
>welcome!
>
>Thank you in any case,
>
>Rocky

Re: Installation troubles on UEFI/GPT laptop (possible bug?)

[Jason Mitchell]

On 9/30/20 5:48 PM, James Browning wrote:

Hi all,

I am attempting to install NetBSD 9.0 on my UEFI enabled laptop's GPT disk. 
This disk also contains
windows and linux paritions, so I do not want to clear the partition table. I 
attempted installation
using a usb drive with the install image 'NetBSD-9.0-amd64-uefi-install.img'. 
The laptop model is
Acer Aspire E15 E5-575G-57D4.

I have attempted many methods to correctly format the partition, but nothing 
seems to be working,
and I am not sure if this is the result of bugs or user ignorance. From my 
perspective the problem
appears to be Sysinst not cooperating with my GPT.

My steps to attempt this installation are:

1. In linux, use gparted to create a new partiton which will contain NetBSD, I 
figured the file system
type I select is arbitrary because Sysinst will format the partition to FFS


This is almost certainly the cause of your problems. NetBSD wants a GPT 
partition with the NetBSD GUID (49F48D5A-B10E-11DC-B99B-0019D1879648, 
unless you're creating an encrypted partition). Technically you'd want a 
separate GPT partition for swap as well (same GUID).



Any ideas on what is going on here? I really have no idea if it is me or 
Sysinst that is in the wrong here.


Step 3 fails because the GUID says the partition is not a NetBSD. That's 
what the error means: newfs: /dev//rdk5/ partition type is not '4.2BSD'. 
It would be very bad form to newfs a non NetBSD partition (i.e. that is 
it could erase user data), so this seems like a reasonable sanity check.


Step 4 fails because sysinst is trying to label a GPT partition that 
doesn't have the NetBSD GUID (I think).Sysinst may not know to change 
the GUID for the partition.


I'm not sure about step 5, however I second the suggestion to delete the 
partition and let sysinst create new partition(s) with the appropriate 
types. The other option is changing the GUID in another OS or doing it 
from the command line. From the command line there are three steps. 
Backup the GPT table, find the index number of the partition you want to 
use, and then change the GUID.


For example:

#gpt backup -o /tmp/gpt-backup ld0

#gpt show ld0
  start   size  index  contents
  0  1 PMBR
  1  1 Pri GPT header
  2 32 Pri GPT table
 34   4062  4  GPT part - 
bfbfafe7-a34f-448a-9a5b-6213eb736c22


    ^ 
^^^


   4096 262144  1  GPT part - EFI System
 266240  115343360  2  GPT part - NetBSD FFSv1/FFSv2
  115609600    6529024  3  GPT part - NetBSD swap
  122138624   4063 Unused
  122142687 32 Sec GPT table
  122142719  1 Sec GPT header

I'm changing the GUID of the first listed GPT partition. (I created a 
(very small) partition for testing). It is index #4. Then


#gpt type -i 4 -T 49F48D5A-B10E-11DC-B99B-0019D1879648 ld0

    (For you I think it would be -i 6, but check first)

#gpt show ld0

root@liva2:~# gpt show ld0
  start   size  index  contents
  0  1 PMBR
  1  1 Pri GPT header
  2 32 Pri GPT table
 34   4062  4  GPT part - NetBSD FFSv1/FFSv2

    ^  ^

   4096 262144  1  GPT part - EFI System
 266240  115343360  2  GPT part - NetBSD FFSv1/FFSv2
  115609600    6529024  3  GPT part - NetBSD swap
  122138624   4063 Unused
  122142687 32 Sec GPT table
  122142719  1 Sec GPT header

Now the partition has the NetBSD GUID. Once the GUID is correct, sysinst 
shouldn't have problems.


HTH,

Jason M.

Re: Working ZFS RAID/SAS controller support/mpii

[Jason Mitchell]

On 7/15/20 6:44 AM, Peter Kay wrote:

On Wed, 15 Jul 2020 at 09:59, Sad Clouds  wrote:

On Wed, 15 Jul 2020 00:20:33 +0100
Peter Kay  wrote:


Configuration : Boot drive on SATA, other drives on LSI 3008 8i SAS in
JBOD, boot ROM disabled. The mpii driver gets very upset (causes a
kernel panic on boot, even though the boot drive is on SATA [1]) if
some of the drive bays aren't occupied, throws unhappy messages about
drives disappearing from bays, and generally doesn't provide any
confidence that I could ever remove a drive from a running system and
have it work.

So the issue only happens when you remove drives from a live system? If
that's the case, the obvious workaround would be to power off the
system and then replace faulty drive.

No, it also causes a problem if the system is booted up from cold with
drives missing/in a different order than before (the boot drive still
being in the same location). It'd be nice to have the ability to hot
swap, but if it was a cold boot only issue for failed drives that
would be ok.


There is LSI binary Linux command line tool (MegaCli64), so I imagine
you could offline/online individual disks, but you'd need Linux
emulation packages setup on NetBSD.

Interesting, thank you.


There's also a FreeBSD version of the utility:

https://www.freebsd.org/cgi/man.cgi?query=mfiutil=8

I'd think the FreeBSD version of the utility would work better given 
that FreeBSD and NetBSD are similar.


--
Thanks,

*Jason Mitchell*

Re: How can I get to display the boot menu in serial console?

[Jason Mitchell]

> On Jan 20, 2020, at 5:03 PM, Ottavio Caruso 
>  wrote:
> 
> Hi,
> 
> I'm booting a NetBSD 9.0_RC1 VM in qemu (Linux host).
> 
> For various reasons (one being that qemu VGA rendering of text mode is
> crap), I need to boot the image over an emulated serial console:
> 
> ...
> I can see the boot menu if I boot in VGA mode, but not over serial console.
> 
> The system boots fine; I just can't select any other option.
> 
> Is there anything I can do or is it a limitation of how NetBSD sees
> serial consoles?
> 
> 
> 
> 
> 
> -- 
> Ottavio Caruso

The boot blocks determine where the boot menu is displayed. The installboot 
command lets you write new boot blocks which will send the messages to the 
serial port. There should be examples either on this list or on the port-amd64 
lists ( I’m assuming you are using amd64, otherwise it’s port-i386).

If you have trouble then reply — I’m not in front of a NetBSD box right now but 
I will be later.

Jason M.

Re: Weird network performance problem

[Jason Mitchell]

> On Jan 19, 2020, at 12:01 PM, Greg Troxel  wrote:
> 
> Chavdar Ivanov  writes:
> 
>>>  It looks like you are using vlan support on Y.  Try without also.
>> 
>> That may be something to look at. This is my NVMM host as well, every
>> boot I recreate tap[0..5] for use by the NVMM guests (but the tests
>> were done without any of them running).
>> 
>> I am not using vlans deliberately - the switch upstairs is a dumb one,
>> although the one downstaris is managed and has (unusued at the moment)
>> vlan support. The interfaces are created simply with /etc/ifconfig.wm0
>> - just 'inet 192.168.0.29 netmask 255.255.255.0 up description "My
>> LAN"' and /etc/ifconfig.bridge0 -
> 
> I meant that hardware vlan support was enabled.  I really doubt this is
> the issue, but it seems easy to try the easy things.
> 
> Also, I forgot my other usual advice.
> 
>  $ netstat -s > BEFORE
>  $ # do iperf
>  $ netstat -s > AFTER
>  $ diff -u BEFORE AFTER
> 
> to find out which counters that you didn't even know existed are
> changing  in perhaps interesting ways.
> 
>> From the XCP-NG host to the NetBSD laptop:
>> 
>> $ iperf3 -c ymir.lorien.lan
>> Connecting to host ymir.lorien.lan, port 5201
>> [  4] local 192.168.0.5 port 36036 connected to 192.168.0.29 port 5201
>> [ ID] Interval   Transfer Bandwidth   Retr  Cwnd
>> [  4]   0.00-1.00   sec  45.9 MBytes   385 Mbits/sec0   66.5 KBytes
>> [  4]   1.00-2.00   sec  64.2 MBytes   539 Mbits/sec0100 KBytes
>> [  4]   2.00-3.00   sec  81.3 MBytes   682 Mbits/sec0132 KBytes
>> [  4]   3.00-4.00   sec  99.4 MBytes   834 Mbits/sec0163 KBytes
>> [  4]   4.00-5.00   sec   109 MBytes   911 Mbits/sec0205 KBytes
>> [  4]   5.00-6.00   sec   111 MBytes   928 Mbits/sec0205 KBytes
>> [  4]   6.00-7.00   sec   111 MBytes   928 Mbits/sec0205 KBytes
>> [  4]   7.00-8.00   sec   111 MBytes   932 Mbits/sec0205 KBytes
>> [  4]   8.00-9.00   sec   111 MBytes   930 Mbits/sec0205 KBytes
>> [  4]   9.00-10.00  sec   111 MBytes   932 Mbits/sec0205 KBytes
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>> [ ID] Interval   Transfer Bandwidth   Retr
>> [  4]   0.00-10.00  sec   954 MBytes   800 Mbits/sec0 sender
>> [  4]   0.00-10.00  sec   953 MBytes   800 Mbits/sec  
>> receiver
>> 
>> Starts a bit slower, but after the fourth interval reaches along the maximum.
> 
> That's just 1s periods within the same TCP connection.  That is more
> expected than subsequent TCP connections.  But, this is a clue of
> something to perhaps change.  NetBSD has defaults for send and receive
> buffer sizes, and some notion of auto tuning.  I am not really clear
> where iperf3 is getting those "Cwnd" values, but perhaps it is able to
> obtain them from the Linux kernel?
> 
> On some machines I have
> 
> net.inet.tcp.sendspace=131072
> net.inet.tcp.recvspace=131072
> net.inet6.tcp6.sendspace=131072
> net.inet6.tcp6.recvspace=131072
> 
> net.inet.tcp.recvbuf_auto=0
> net.inet.tcp.sendbuf_auto=0
> net.inet6.tcp6.recvbuf_auto=0
> net.inet6.tcp6.sendbuf_auto=0
> 
> which may not be the right thing, but at one point I had trouble with
> the auto stuff not rampning up fast enough.
> 
>> When the server is the B laptop running W10, I get:
>> 
>> $ iperf3 -c brutus.lorien.lan
>> Connecting to host brutus.lorien.lan, port 5201
>> [  4] local 192.168.0.5 port 43654 connected to 192.168.0.36 port 5201
>> [ ID] Interval   Transfer Bandwidth   Retr  Cwnd
>> [  4]   0.00-1.00   sec   106 MBytes   885 Mbits/sec0220 KBytes
>> [  4]   1.00-2.00   sec   108 MBytes   902 Mbits/sec0220 KBytes
>> [  4]   2.00-3.00   sec   112 MBytes   938 Mbits/sec0220 KBytes
>> [  4]   3.00-4.00   sec   111 MBytes   934 Mbits/sec0220 KBytes
>> [  4]   4.00-5.00   sec   112 MBytes   935 Mbits/sec0220 KBytes
>> [  4]   5.00-6.00   sec   112 MBytes   941 Mbits/sec0220 KBytes
>> [  4]   6.00-7.00   sec   112 MBytes   941 Mbits/sec0220 KBytes
>> [  4]   7.00-8.00   sec   109 MBytes   917 Mbits/sec0220 KBytes
>> [  4]   8.00-9.00   sec   112 MBytes   943 Mbits/sec0220 KBytes
>> [  4]   9.00-10.00  sec   112 MBytes   942 Mbits/sec0220 KBytes
>> - - - - - - - - - - - - - - - - - - - - - - - - -
>> [ ID] Interval   Transfer Bandwidth   Retr
>> [  4]   0.00-10.00  sec  1.08 GBytes   928 Mbits/sec0 sender
>> [  4]   0.00-10.00  sec  1.08 GBytes   928 Mbits/sec  
>> receiver
>> 
>> - e.g. from the start the speed is close to the max.
> 
> close, but the first interval is slower, indicating some rampup.
> That's expected.
> 
>> The lack of symetry is strange - from NetBSD to W10 - full speed; from
>> W10 to NetBSD - about a third... At the same time there is no
>> significant difference if instead of W10 you put Linux or FreeBSD -
>> both ways it is similar. And it can't be thrown at 

Re: Write an install image to a flash drive?

[Jason Mitchell]

On Aug 25, 2019, at 8:26 AM, Rhialto  wrote:

>>  | I _can't imagine_ how many stupid things I just did, but could 
>>  | someone please tell me how to get that install image onto the 
>>  | flash drive in a form that will boot?
>> 
>> You cannot.  "That" image is in ISO format, which have a booting
>> method unique in the universe.  You need an image set up for booting
>> from a memory stick, which is much more similar to a regular drive
>> than a CD (ISO format).
> 
> *Some* BIOSes allow booting USB sticks even if they contain ISO images.
> I'm certain I've done it a few times with Ubuntu images. But last time I
> tried it with a NetBSD ISO image, it failed. (But I'm not sure if I
> actually tried it on the same computer for instance, or if maybe the
> Ubuntu images contain something special to make this possible).
> 
> -Olaf.
> -- 
> Olaf 'Rhialto' Seibert -- rhialto at falu dot nl
> ___  Anyone who is capable of getting themselves made President should on
> \X/  no account be allowed to do the job.   --Douglas Adams, "THGTTG"

Are you talking about an .iso image on a FAT filesystem or what programs like 
Rufus (Windows) or Etcher (MacOS) do, which is taking an iso image and writing 
it to a USB drive. I always assumed that there was some conversion involved, 
but I could be wrong. Rufus also talks about “hybrid” iso images which have a 
partition table, apparently.

Re: Write an install image to a flash drive?

[Jason Mitchell]

>> On Aug 20, 2019, at 9:47 PM, Bob Bernstein  wrote:
>> 
>> On Tue, Aug 20, 2019 at 09:31:00PM -0400, Bob Bernstein wrote:
>> 
>> I'm wondering: was there any preparation of the flash drive 
>> that should have been done before dd'ing the install-image.img 
>> onto it? Formatting? Filesystem? MBR?
> 
> The above bit of speculation was inspired by this wiki article:
> 
> https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/
> 
> 
> -- 
> What can be asserted without evidence can be 
> dismissed without evidence.
>Hitchens' Razor

I just did an install of 8.1 and all I did was dd the img file to a flash drive 
(I also used amd64). My guess is there’s something wrong with the image or your 
flash drive. Do you have another flash drive to test with?

Also, is there an easy way to remove the first 2048 sectors from the image so 
the FFS part could be mounted using a vnd device? Or would this work without 
making changes?

vnconfig -c /dev/vnd0 install.img
mount /dev/vnd0a /mnt

If the above works it would verify the image is correct.

I’ll test in the AM if no one answers.

Jason M.

Re: Laptop Recommendations for NetBSD?

[Jason Mitchell]

> On Jun 24, 2019, at 1:58 AM, Thomas Mueller  wrote:
> 
> from Brett Lymn:
> 
>> As a lot of other people, silent because my laptop is ~5 years old so
>> hardly helpful.  Most of my NetBSD is done on a fujitsu S904 lifebook, I
>> chose is for the combination of power and light weight.  It took quite a
>> while but my laptop is now well supported, built in wireless works,
>> intel drm works, suspend/resume works (though I have to do the console
>> switch dance to restore X after a sleep).
> 
>> I multi-boot my laptop NetBSD/Linux/Windows 10 using uefi & grub2.
> 
> How do you set up to boot NetBSD using UEFI?
> 
> I am trying to set up UEFI to boot FreeBSD, NetBSD, and future installation 
> of Linux, even Haiku if I can cross-compile that.
> 
> I succeeded booting FreeBSD by UEFI, but NetBSD attempt hung early (8.99.46 
> amd64).
> 
> Tom
> 
Tom,

I’m assuming you followed the guide below. It worked for me on 8.0 on amd64 and 
obviously worked for the person who wrote the guide.

https://wiki.netbsd.org/Installation_on_UEFI_systems/

Maybe try 8.1_STABLE?

HTH,

Jason M.

P.S. FYI, A direct email to you bounced.

Sent from my iPhone

Re: amd64 SBCs on which NetBSD would run ?

[Jason Mitchell]

> On May 7, 2019, at 6:17 PM, Greg Troxel  wrote:
> 
> Andrew Luke Nesbit  writes:
> 
>> For the same money as the APU2 you can get a real mainboard, one with a
>> much more solid construction and better performance.  Similarly with
>> many other SBC's in that price level.  If you look hard enough you can
>> get an entry-level serverboard with IPMI for not much more money.
> 
> Sure, but there is also "runs on small amounts of 12V".  I think often
> people want (I do) a low power machine that will cause zero trouble, and
> improvements in performance aren't that big a deal.   (I'm not entirely
> clear on apu2 power, but the Soekris boxes run on 12V.  They are of
> course unobtainable and by now very slow (net5501) or unreliable and
> slow (net6501), it seems.)

Hello,

The apu1c runs on 12V (I’ve used these) as does the apu2c @ 6W to 12W, that’s 
according to pcengines.ch. Unfortunately their 12V connector on the apu1c 
doesn’t seem to be the same size as any of the other 12V power supplies I’ve 
tried.

Thanks,

Jason M.

Sent from my iPhone

Re: Bump: Anyone get NetBSD to work on ANTSLE?

[Jason Mitchell]

> On Jan 15, 2019, at 11:20 AM, Palmer, John  wrote:
> 
> No, I don’t have those.  Please send and I’ll try.
>  
> Thanks
>  
> From: Jason Mitchell  
> Sent: Tuesday, January 15, 2019 10:18
> To: Palmer, John 
> Cc: NetBSD Users ; supp...@antsle.com
> Subject: Re: Bump: Anyone get NetBSD to work on ANTSLE?
>  
> On Jan 15, 2019, at 9:20 AM, Palmer, John  wrote:
>  
> Just checking again to see if someone has had success in getting NetBSD to 
> run as a virtual system under Antsle’s platform.
>  
> My issue is that the filesystems get corrupted almost immediately. Its so bad 
> that I most times, the install won’t even complete.
>  
> Not sure if its due to compression or not.
>  
> Antsle’s support has so far been useless.
>  
> Hello,
>  
> Did you try the suggestions I sent you (disable SMP and ACPI) from the boot 
> menu? Did I forget to send them?
>  
> Thanks,
>  
> Jason M.

Hello,

From the boot menu, choose the option that disables ACPI (option 2). Configure 
the VM with one processor only. If this doesn’t work, there’s an option that 
disables SMP as well (3?).

I got these options by looking up what Antsle is (was?) using as its VM Manager 
(KVM). There’s a table out there (that’s very out of date) that recommended 
these settings. The last NetBSD version they got to work was 5.0.2

Thanks,

Jason M.

Sent from my iPhone

Re: Bump: Anyone get NetBSD to work on ANTSLE?

[Jason Mitchell]

On Jan 15, 2019, at 9:20 AM, Palmer, John  wrote:
> 
> Just checking again to see if someone has had success in getting NetBSD to 
> run as a virtual system under Antsle’s platform.
>  
> My issue is that the filesystems get corrupted almost immediately. Its so bad 
> that I most times, the install won’t even complete.
>  
> Not sure if its due to compression or not.
>  
> Antsle’s support has so far been useless.
>  
Hello,

Did you try the suggestions I sent you (disable SMP and ACPI) from the boot 
menu? Did I forget to send them?

Thanks,

Jason M.

Re: Problems loading NetBSD on an ANTSLE box

[Jason Mitchell]

> On Dec 14, 2018, at 10:32 AM, Palmer, John  wrote:
> 
> I’m trying out one of those Antsle virtual server boxes with NetBSD and am 
> getting issues with file system becoming corrupt almost immediately

Re: Recommendations for small router?

[Jason Mitchell]

> On Nov 25, 2018, at 10:54 PM, Santhosh Raju  wrote:
> 
>> On Mon, Nov 26, 2018 at 12:56 AM Lars-Johan Liman  wrote:
>> 
>> [Sorry, sent a version of this from the wrong account a minute ago ...]
>> 
>> Hi!
>> 
>> Can anyone recommend a small piece of equipment for a home router that
>> supports the following:
>> 
>> *) Decently supported by and stable operation with NetBSD.
>> 
>> *) At least 4 GB RAM.
>> 
>> *) At least 2 GigE-ports (preferrably 3-4), and able to shuffle bits at
>>   line speed between the two.
>> 
>> *) Able to take a fairly large disk (possibly external) for medium speed
>>   storage. It doesn't have to blindingly fast (no video editing!), but
>>   I want to be able to have my home directory on it and use it from a
>>   different machine.
>> 
>> *) Not too noisy (fanless preferred but not required).
>> 
>> *) Graphics can be very basic, or it can have a serial interface.
>> 
>>Cheers,
>>  /Lars-Johan Liman
> 
> Have you had a look at https://pcengines.ch/apu2.htm
> 
> More specifically https://pcengines.ch/apu4c4.htm The APU4C4 is quite
> nice in terms of specifications and it meets almost all of the
> requirements that you have mentioned. For storage you can use SD cards
> or even better mSATA drive.
> 
> The cost comes to ~120 USD with the board and enclosure (shipping cost
> not considered).
> 
> The only thing I have not tried out is NetBSD on the APU, however I
> have tried out other BSD flavors and they did work quite well.
> 
> I have come across some threads in the mailing list with slower than
> expected network transfer speeds in APU2 (but this was with NetBSD
> 7.0), I am not aware of the current status of NetBSD 8.0 on APU2.
> 
> Hope this reply has been helpful
> Regards
> Santhosh

Hello,

I have tested NetBSD on the first APU2 (with 3 Realtek Ethernet chips/re0) on 
i386.

One problem i did have is that NetBSD would lose its connection to the SD after 
idling for 12+ hours. This was with 6.1.5. So I used an mSSD.

As for speed the APU could do 580Mbit on iperf. This seemed pretty good 
(another device I have that has Realtek chips has done slightly worse with a 
better processor).

HTH,

Jason M.

Re: BSD disklabel partition letters in NetBSD

[Jason Mitchell]

On Oct 4, 2018, at 3:59 PM, Rocky Hotas  wrote:

>> Sent: Saturday, September 29, 2018 at 4:41 AM
>> From: "Jason Mitchell" 
>> To: "Michael van Elst" 
>> Cc: netbsd-users@NetBSD.org
>> Subject: Re: BSD disklabel partition letters in NetBSD
> 
> [...]
> 
>> I don’t think this is possible. At least I remember reading here that
>> FreeBSD’s disklabel is in a different place then the NetBSD’s disklabel
>> and that NetBSD would unintentionally overwrite FreeBSD’s disklabel. (This
>> seems to imply that the FreeBSD disklabel is not in the FreeBSD MBR
>> partition, but I’m not sure about that).
> 
> Ok, this is absolutely possible and thank for remembering this probable
> issue. I put this however only as an example: the real question was not
> about compatibility, but about the... cohabitation of two bootable systems 
> ... 

This posting (though old) says that FreeBSD disklabels are different from 
NetBSD disklabels. Also back in 2011 NetBSD would overwrite a FreeBSD disklabel 
on a FreeBSD MBR partition of type 165. FYI, NetBSD has been using a MBR 
partition type of 169 for a long, long time.

https://mail-index.netbsd.org/tech-kern/2011/02/04/msg009919.html

My objection was to NetBSD and FreeBSD sharing a disklabel, not to two 
instances of NetBSD sharing a disklabel.

Thanks,

Jason M.

Re: BSD disklabel partition letters in NetBSD

[Jason Mitchell]

> I guess you can have NetBSD and FreeBSD using different partitions but
> the same disklabel 

I don’t think this is possible. At least I remember reading here that FreeBSD’s 
disklabel is in a different place then the NetBSD’s disklabel and that NetBSD 
would unintentionally overwrite FreeBSD’s disklabel. (This seems to imply that 
the FreeBSD disklabel is not in the FreeBSD MBR partition, but I’m not sure 
about that).

Thanks,

Jason M.

Sent from my iPhone

Re: SMB

[Jason Mitchell]

> On Feb 21, 2018, at 9:16 AM, Stephen Borrill  wrote:
> 
>> On Wed, 21 Feb 2018, Patrick Welche wrote:
>> I haven't tried SMB in years (it definitely worked against a different
>> windows server). Quick attempt on -current/amd64 gets:
>> 
>> $ smbutil -v login -I wibble //prlw1@wibble
>> Password:
>> smbutil: can't get handle to requester (no /dev/nsmb* device available)
>> smbutil: can't get handle to requester (no /dev/nsmb* device available)
>> smbutil: could not login to server WIBBLE: syserr = Invalid argument
> 
> I guess it is possible the error messages are spurious and the real problem 
> is that SMBv1 is disabled on the target (unless SMBFS supported SMBv2 or 
> later).
> 
> -- 
> Stephen
> 
If this is the case, then the following might help. It talks about how to 
enable SMBv1 on Windows 7 and later:

https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and

Jason M.

Re: Install i386 or amd64?

[Jason Mitchell]

Brett,

Makes sense. Maybe I did over-react. But Thor's virtual girlfriend comment 
pushed me over the edge so I'm taking a break from NetBSD and replies from 
NetBSD.org will bounce.

Thanks,

Jason M.

Sent from my iPhone

 On Jan 31, 2014, at 2:06 AM, Brett Lymn bl...@internode.on.net wrote:
 
 On Thu, Jan 30, 2014 at 09:44:20PM -0500, jmitc...@bigjar.com wrote:
 
 I implied nothing of the sort. I asked a question (read my original post):
 
 Not to advocate i386 over amd64, but doesn't NetBSD/i386 support PAE and
 thus can access 2GB of RAM?
 
 Roght. Which is, in itself, rather vague.  I was trying to clarify that.
 
 I was hoping that someone would provide helpful information about PAE
 support in i386. What I got was cryptic and would have required that I
 spend a fair amount of time reading about PAE to actually understand it.
 
 Or you could have asked for a better explanation.  What I wrote was a
 genuine attempt by me to provide some further information about the
 limitations of PAE.
 
 Usually people here are helpful. You were dismissive and rude.
 
 That was not intentional.
 
 I apologize
 for responding in kind, but this was the first time I was ever unhappy
 that I posted to a NetBSD mailing list.
 
 Right, now here is a trick - unless someone is outright abusing you,
 just assume that they are trying to help and if you find something too
 cryptic then just ask for clarification.
 
 -- 
 Brett Lymn
 Staple Guns: because duct tape doesn't make that KerCHUNK sound - xkcd.com

Re: spurious reboot

[Jason Mitchell]

I had a machine (a Dell Dimension 9200, I think) that showed 2Gb of RAM 
(without PAE) with 4Gb or more of memory.

Thanks,

Jason M.

Sent from my iPhone

 On Nov 28, 2013, at 11:35 AM, Manuel Bouyer bou...@antioche.eu.org wrote:
 
 On Thu, Nov 28, 2013 at 04:31:48PM +, Emmanuel Dreyfus wrote:
 On Thu, Nov 28, 2013 at 05:27:15PM +0100, Manuel Bouyer wrote:
 A GENERIC/i386 won't see more than 4Gb anyway, and usually it's more
 like 3Gb because 1Gb mapped to PCI memory space. GENERIC/i386 with PAE
 should see the 8Gb but maybe it has not been tested as much as i386 or 
 amd64.
 
 Sure, but 3GB is not 2GB...
 
 Yes, but depending on the hardware and BIOS, I can immagine that only 2GB can
 be below the 2^32 limit, and the remaming above (eventually well above).
 Splitting at 3Gb is more annoying, hardware-wise, than at 2Gb.
 
 -- 
 Manuel Bouyer bou...@antioche.eu.org
 NetBSD: 26 ans d'experience feront toujours la difference
 --