Re: uninstalling packages

[Craig Skinner]

On Thu, 13 Dec 2018 11:20:37 +0100 Sebastian Benoit wrote:
> --- -cups-2.2.8p1 ---
> You should also run rm -rf /etc/cups/*.conf.O /var/log/cups
> You should also remove /etc/cups/cupsd.conf (which was modified)
> You should also remove /etc/cups/classes.conf (which was modified)
> You should also remove /etc/cups/printers.conf (which was modified)
> You should also remove /etc/cups/subscriptions.conf (which was modified)
> You should also remove /etc/cups/snmp.conf (which was modified)
> You should also run rm -rf /var/cache/cups
> You should also run rm -rf /var/spool/cups
> 
> If I want to actually delete all that stuff, thats a lot of
> copy Are we actually expecting users to do that?

It is trying to help by not deleting modified, cached & spooled
files/logs. If /etc/cups/snmp.conf wasn't modified, it would already
have been removed. The remove list depends on what the admin changed,
which varies from machine to machine.

If everything is backed up and you want to re-install it later,
everything can be nuked. Simple version:

rm -rf /etc/cups/ /var/cache/cups/ /var/log/cups/ /var/spool/cups/

or even:

rm -rf /etc/cups/ /var/{cache,log,spool}/cups/


Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7

Re: sshguard-2.2.0 (still problems with startup) Re: UPDATE: security/sshguard, 1.5-->2.1.0 (2nd try)

[Craig Skinner]

On Wed, 5 Dec 2018 17:11:46 -0500 trondd wrote:
> The init process send HUP. If HUP means to shutdown, it's not going
> to work.

Oh That could explain these 2014/15 hack "solutions":

http://marc.info/?l=openbsd-ports=142109480706198

http://marc.info/?l=openbsd-ports=141951815113690


Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7

Re: Drop maintainership completely

[Craig Skinner]

On Fri, 10 Aug 2018 01:56:58 +0300 (EEST) Leonid Bobrov wrote:
> ... ignore my update over 2 weeks ...

Summer holidays/people out enjoying the weather/with family/etc?

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7

Re: webmail

[Craig Skinner]

On Mon, 22 Jan 2018 17:33:30 +0100 Jan Stary wrote:
> What do people use as a light-weight webmail

Base ssh & packaged mutt. (Works fine with PuTTY on Widows, etc.)

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7

Re: sshguard 2.0 startup assistance

[Craig Skinner]

Hi J.B.,

On Sun, 8 Jan 2017 00:21:56 -0800 jungle boogie wrote:
> During the boot up process, I can see sshguard attempts to
> start but after a little while, it will fail.
> 
> Any ideas on how to get sshguard to start at boot?
> 

It crashes when /etc/rc exits (with a blacklist db file),
so it needs to be started after /etc/rc has finished.

Delayed @reboot cron or rc.local at(1) jobs both work:

http://marc.info/?l=openbsd-ports=2=1=sshguard+boot

Cheers,
-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7

Re: [NEW] mail/ungrey-robins port

[Craig Skinner]

Hello,

On 2016-05-07 Sat 23:27 PM |, Craig Skinner wrote:
> Hi folks,
> 
> Attached here is a new port of ungrey-robins:
> 
> $ fgrep COMMENT Makefile
> COMMENT= pf spamd auto-whitelister of round-robin SMTP clients
> 
> 
> $ cat pkg/DESCR
> ungrey-robins assists postmasters by automatically whitelisting
> round robin SMTP clients (which often fail to pass greylisting),
> without resorting to manual maintenance of whitelists.
> 

Here's 1 of the included syslog samples, showing auto-whitelisting:


Feb 15 20:56:15 teak spamd[12533]: 209.85.220.50: connected (1/0)
Feb 15 20:57:51 teak spamd[326]: new entry 209.85.220.50 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f50.google.com
Feb 15 20:57:51 teak spamd[12533]: 209.85.220.50: disconnected after 96 seconds.
Feb 15 21:01:16 teak spamd[12533]: 209.85.220.41: connected (1/0)
Feb 15 21:02:47 teak spamd[326]: new entry 209.85.220.41 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f41.google.com
Feb 15 21:02:47 teak spamd[12533]: 209.85.220.41: disconnected after 91 seconds.
Feb 15 21:22:24 teak spamd[12533]: 209.85.220.44: connected (1/0)
Feb 15 21:24:00 teak spamd[326]: new entry 209.85.220.44 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f44.google.com
Feb 15 21:24:00 teak spamd[12533]: 209.85.220.44: disconnected after 96 seconds.
Feb 15 21:54:07 teak spamd[12533]: 209.85.220.54: connected (1/0)
Feb 15 21:55:42 teak spamd[326]: new entry 209.85.220.54 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f54.google.com
Feb 15 21:55:43 teak spamd[12533]: 209.85.220.54: disconnected after 96 seconds.
Feb 15 22:45:57 teak spamd[12533]: 209.85.220.52: connected (1/0)
Feb 15 22:47:32 teak spamd[326]: new entry 209.85.220.52 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f52.google.com
Feb 15 22:47:33 teak spamd[12533]: 209.85.220.52: disconnected after 96 seconds.
Feb 15 23:50:00 teak spamd[12533]: 209.85.220.50: connected (1/0)
Feb 15 23:51:36 teak spamd[12533]: 209.85.220.50: disconnected after 96 seconds.
Feb 15 23:52:09 teak spamd[18136]: queueing add of 209.85.220.50
Feb 15 23:52:09 teak spamd[18136]: whitelisting 209.85.220.50 in /var/db/spamd
Feb 16 00:11:02 teak ungrey-robins: 209.85.160.177 mail-yk0-f177.google.com. 
scored 18 (granted grace)
Feb 16 00:11:03 teak ungrey-robins: 209.85.220.41 mail-pa0-f41.google.com. 
scored 18 (granted grace)
Feb 16 00:11:03 teak ungrey-robins: 209.85.220.52 mail-pa0-f52.google.com. 
scored 18 (granted grace)
Feb 16 00:11:04 teak ungrey-robins: 209.85.220.44 mail-pa0-f44.google.com. 
scored 17 (granted grace)
Feb 16 00:11:05 teak ungrey-robins: 209.85.220.54 mail-pa0-f54.google.com. 
scored 18 (granted grace)
Feb 16 00:11:05 teak ungrey-robins: spamdb whitelisted: 209.85.160.177 
209.85.220.41 209.85.220.52 209.85.220.44 209.85.220.54
Feb 16 00:44:18 teak spamd[12533]: 209.85.220.43: connected (1/0)
Feb 16 00:45:53 teak spamd[326]: new entry 209.85.220.43 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f43.google.com
Feb 16 00:45:53 teak spamd[12533]: 209.85.220.43: disconnected after 95 seconds.
Feb 16 00:58:13 teak spamd[18136]: queueing deletion of 209.85.220.50 
mail-pa0-f50.google.com <redac...@gmail.com> <redac...@britvault.co.uk>
Feb 16 01:03:13 teak spamd[18136]: queueing deletion of 209.85.220.41 
mail-pa0-f41.google.com <redac...@gmail.com> <redac...@britvault.co.uk>
Feb 16 01:24:14 teak spamd[18136]: queueing deletion of 209.85.220.44 
mail-pa0-f44.google.com <redac...@gmail.com> <redac...@britvault.co.uk>
Feb 16 01:56:18 teak spamd[18136]: queueing deletion of 209.85.220.54 
mail-pa0-f54.google.com <redac...@gmail.com> <redac...@britvault.co.uk>
Feb 16 02:16:56 teak spamd[12533]: 209.85.220.45: connected (1/0)
Feb 16 02:18:31 teak spamd[326]: new entry 209.85.220.45 from 
<redac...@gmail.com> to <redac...@britvault.co.uk>, helo mail-pa0-f45.google.com
Feb 16 02:18:32 teak spamd[12533]: 209.85.220.45: disconnected after 96 seconds.
Feb 16 02:48:20 teak spamd[18136]: queueing deletion of 209.85.220.52 
mail-pa0-f52.google.com <redac...@gmail.com> <redac...@britvault.co.uk>
Feb 16 04:11:03 teak ungrey-robins: 209.85.220.43 mail-pa0-f43.google.com. 
scored 17 (granted grace)
Feb 16 04:11:03 teak ungrey-robins: 209.85.220.45 mail-pa0-f45.google.com. 
scored 18 (granted grace)
Feb 16 04:11:04 teak ungrey-robins: spamdb whitelisted: 209.85.220.43 
209.85.220.45
Feb 16 04:16:37 teak spamlogd[12344]: inbound 209.85.220.45
Feb 16 04:16:37 teak postfix/postscreen[7556]: CONNECT from 
[209.85.220.45]:34165 to [78.33.153.148]:25
Feb 16 04:16:38 teak postfix/dnsblog[24767]: addr 209.85.220.45 listed by 
domain hostkarma.junkemailfilter.com as 127.0.0.3
Feb 16 04:16:38 teak postfix/dnsblog[2

Re: [new] devel/cargo

[Craig Skinner]

On 2016-05-24 Tue 13:52 PM |, Theo de Raadt wrote:
> 
> Any verbiage after "public domain" is purely advisory.  So judge --
> either it has absolutely no impact and can be ignored, or the text is
> dangerous.  I cannot decide.
> 

Here is an exposition of the 5 paragraphs:
http://ar.to/2010/01/dissecting-the-unlicense

Cheers.
-- 
The opposite of a correct statement is a false statement.
But the opposite of a profound truth may well be another profound truth.
-- Niels Bohr

Re: [NEW] mail/ungrey-robins port

[Craig Skinner]

ping

On 2016-05-07 Sat 23:27 PM |, Craig Skinner wrote:
> Hi folks,
> 
> Attached here is a new port of ungrey-robins:
> 
> 
> $ fgrep COMMENT Makefile
> COMMENT= pf spamd auto-whitelister of round-robin SMTP clients
> 
> 
> $ cat pkg/DESCR
> ungrey-robins assists postmasters by automatically whitelisting
> round robin SMTP clients (which often fail to pass greylisting),
> without resorting to manual maintenance of whitelists.
> 
> 
> Also at: http://web.Britvault.Co.UK/products/ungrey-robins/
> With syslog samples, a more descriptive README + man pages in HTML too.
> 
> 
> The project name of 'ungrey-robins' is a word play on:
>   o greylisting
> o the 'un-' prefix, to mean not grey
>   o round-robin
>   o the popular and silly computer game 'Angry Birds'
> 
> ungrey-robins is a computer tool which ungreylists silly squawking
> round robin SMTP sending mail servers, which stupidly play about with
> established Internet mail delivery standards.
> 
> 
> Comments/improvements?
> Craig.


OpenBSD-port-ungrey-robins.tar.gz
Description: application/tar-gz

[NEW] mail/ungrey-robins port

[Craig Skinner]

Hi folks,

Attached here is a new port of ungrey-robins:


$ fgrep COMMENT Makefile 
COMMENT= pf spamd auto-whitelister of round-robin SMTP clients


$ cat pkg/DESCR
ungrey-robins assists postmasters by automatically whitelisting
round robin SMTP clients (which often fail to pass greylisting),
without resorting to manual maintenance of whitelists.


Also at: http://web.Britvault.Co.UK/products/ungrey-robins/
With syslog samples, a more descriptive README + man pages in HTML too.


The project name of 'ungrey-robins' is a word play on:
  o greylisting
o the 'un-' prefix, to mean not grey
  o round-robin
  o the popular and silly computer game 'Angry Birds'

ungrey-robins is a computer tool which ungreylists silly squawking
round robin SMTP sending mail servers, which stupidly play about with
established Internet mail delivery standards.


Comments/improvements?
Craig.


OpenBSD-port-ungrey-robins.tar.gz
Description: application/gzip

Re: lynx on OpenBSD moved from base to ports

[Craig Skinner]

On 2016-04-13 Wed 20:46 PM |, Thomas Dickey wrote:
> On Wed, Apr 13, 2016 at 10:01:19AM +0100, Craig Skinner wrote:
> > Hello Thomas,
> > 
> > Lynx was moved from OpenBSD's base to ports
> > tree at release 5.6 (1st November 2014):
> > http://www.openbsd.org/faq/upgrade56.html#ToPorts
> 
> thanks for the reminder (I was aware of this, but had not thought of
> the note in the webpage...)
> 
> > OpenBSD
> >   (OpenBSD provides an older version in the base system, does not provide a 
> > port)
> > http://lynx.invisible-island.net/current/index.html
> 
> done
> 

Thanks Thomas.

The cvs@ mailling list post you linked to is about some html files,
not the actual removal of lynx from base. This commit log seems better:
http://marc.info/?l=openbsd-cvs=140547383709719
(A related item: http://marc.info/?l=openbsd-cvs=140547620010284)

My gut instinct is OpenBSD people might be more comfortable with
the OpenBSD.org links provided, rather than those offsite.
http://www.openbsd.org/faq/upgrade56.html#ToPorts
http://www.openbsd.org/56.html
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/lynx/


Here is a link to the tech@ mailling list long discussion:
http://news.gmane.org/group/gmane.os.openbsd.tech/thread=37492
Or 4 pages. starting from here:
http://openbsd-archive.7691.n7.nabble.com/lynx-disable-old-protocols-td251700.html

Thanks again!
-- 
How wonderful opera would be if there were no singers.

lynx on OpenBSD moved from base to ports

[Craig Skinner]

Hello Thomas,

Lynx was moved from OpenBSD's base to ports
tree at release 5.6 (1st November 2014):
http://www.openbsd.org/faq/upgrade56.html#ToPorts

"Lynx has been removed from the base system and added to the ports tree."
http://www.openbsd.org/56.html

Web link to the port:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/lynx/

Recently, the port has also been pledged:
http://man.openbsd.org/pledge

Please update this (and any other pages) which currently reads:
OpenBSD
  (OpenBSD provides an older version in the base system, does not provide a 
port)
http://lynx.invisible-island.net/current/index.html

Cheers!
-- 
The party adjourned to a hot tub, yes. Fully clothed, I might add.
-- IBM employee, testifying in California State Supreme Court

Re: moving sudo to ports

[Craig Skinner]

On 2015-06-18 Thu 14:38 PM |, Todd C. Miller wrote:
 After discussions with Theo we've agreed to move sudo from base to
 ports.  That way people who want sudo can run a modern version, as
 opposed to the ancient thing in base.

Superb.

http://marc.info/?l=openbsd-bugsm=142270265216628w=2

Thanks.
-- 
Rembrandt's first name was Beauregard, which is why he never used it.
-- Dave Barry

[NEW] print/cups-readonly-usr

[Craig Skinner]

Hi there,

Works for me, maybe it's useful for others too.

NO_BUILD, just an alternative rc script + {en,dis}able script:


$ cat pkg/DESCR
An alternative CUPS rc script  toggle script, which enables CUPS to run
on production boxes which usually read-only mount /usr (and /usr/local).

Items in /usr, /dev  /etc aren't altered with each CUPS start/box boot.

For print servers running cupsd, not for clients using cups_browsed.

Inspiration taken from the postfix-{enable,disable,install} scripts,
with much code copied from the cupsd rc script and into
'cups-toggle (enable|disable)'.

See: http://marc.info/?t=14342232901

Cheers,
Craig.


cups-readonly-usr.tar.gz
Description: application/tar-gz

Re: [UPDATE] print/cups enable/disable script for ro /usr mount

[Craig Skinner]

On 2015-06-14 Sun 08:36 AM |, Antoine Jacoutot wrote:
 On Sat, Jun 13, 2015 at 10:31:28PM +0100, Craig Skinner wrote:
  On 2015-06-13 Sat 22:39 PM |, Antoine Jacoutot wrote:
   On Sat, Jun 13, 2015 at 08:18:41PM +0100, Craig Skinner wrote:

Inspiration taken from the postfix-{en,dis}able,install scripts:
Much moved out of the rc script and into 'cups-toggle (enable|disable)'.

   
   I prefer the way it's done now.
   It's automatic -- I don't want to have to remember to run yet another 
   command each time I update (which is very often).
   
   

As the changes made to /dev, /etc  /usr by either script aren't in
PLIST, they should be OK during an upgrade.

The /usr symlinks just point to upgraded files in /usr/local
Ownership of the /dev items wont matter.
/etc/printcap isn't in PLIST as it's a symlink to a cups generated file.

So once cups-toggle is run once, /usr can be mounted read only.
And then /usr/local after the install/upgrade too.

Also /usr, /dev  /etc aren't altered with each reboot.

  
  Would something like these in the PLIST automate it Antoine?
  
  @extraexec ${TRUEPREFIX}/sbin/cups-toggle enable
  @extraunexec ${TRUEPREFIX}/sbin/cups-toggle disable
 
 No because that means it will run at pkg_add time -- which is not good at all.

In that case, is the MESSAGE better?

As 'cups-toggle disable' needs run before cups-toggle is removed,
I put in an @extraunexec rather than an UNMESSAGE.

 At least with the rc.d script it makes sense: if I want to start cups, then I 
 obviously want it to replace lpd the time it is running. And when I stop it, 
 lpd is back.
 

Sorry Antoine,... I don't understand;-
If CUPS has been set up as the printing system,
why would lpd be needed back regularily on a production host?

Postfix doesn't renable smtpd on each stop/start.
Does nginx do that for httpd?

I don't run that many daemons. Are there other base replacing daemons
which do this enable/disable dance each stop/start?

Confused.
-- 
UNIX was half a billion (5) seconds old on
Tue Nov  5 00:53:20 1985 GMT (measuring since the time(2) epoch).
-- Andy Tannenbaum

[UPDATE] print/cups enable/disable script for ro /usr mount

[Craig Skinner]

 ]; then
-   mv -f $i.pre-cups $i
-   fi
-   done
-   fi
-   fi
+   # XXX cups-driverd(8) can crash when setting up a printer driver
+   # find /var/cache/cups -type f -name ppds.dat -exec rm -- {} \;
 
-   [ -e /dev/lpt0 ]  chown root /dev/lp[a,t][0-2]
+   # rcexec is needed if openfiles limits are bumped and cupsd(8)
+   # runs in debug mode to prevent MaxClients warnings in logs
+   ${rcexec} ${daemon} ${daemon_flags} -t
 }
+
 
 rc_cmd $1
--- /dev/null   Sat Jun 13 19:28:37 2015
+++ pkg/MESSAGE-mainSat Jun 13 16:41:13 2015
@@ -0,0 +1,10 @@
+CUPS can be set up to replace lpd entirely.
+
+To backup the lp* tools and symlink in the CUPS replacements, do:
+
+${PREFIX}/sbin/cups-toggle enable
+
+To revert to the base lp* tools, do:
+
+${PREFIX}/sbin/cups-toggle disable
+
--- /dev/null   Sat Jun 13 19:29:04 2015
+++ files/cups-toggle   Sat Jun 13 19:17:39 2015
@@ -0,0 +1,161 @@
+#!/bin/ksh
+#
+# $OpenBSD$
+#
+#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+#
+# Copyright (c) 2015 Craig Skinner skin...@britvault.co.uk
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+#
+
+
+EX_USAGE='64'
+BINARIES='/usr/bin/lp{q,r,rm} /usr/sbin/lp{c,d}'
+MAN_PAGES='/usr/share/man/man1/lp{q,r,rm}.1 /usr/share/man/man8/lp{c,d}.8'
+
+readonly EX_USAGE BINARIES MAN_PAGES
+
+
+function enable
+{
+   print $0()
+
+   ${RCDIR}/lpd check 
+   {
+   ${RCDIR}/lpd stop || return
+   }
+
+   print -n 'Backing up:'
+   for _lpfile in ${BINARIES} ${MAN_PAGES} ${SYSCONFDIR}/printcap
+   do
+   [[ -f ${_lpfile} ]] || continue
+   [[ -h ${_lpfile} ]]  continue
+   [[ -f ${_lpfile}.pre-cups ]]  continue
+   print -n  ${_lpfile##*/}
+   mv ${_lpfile} ${_lpfile}.pre-cups || return
+   done
+   print '.'
+
+   [[ -h ${SYSCONFDIR}/printcap ]] ||
+   {
+   print -n 'Symlinking ${SYSCONFDIR}/printcap'
+   ln -s ${SYSCONFDIR}/cups/printcap ${SYSCONFDIR}/printcap || 
return
+   print '.'
+   }
+
+   print -n 'Symlinking binaries:'
+   for binary in ${BINARIES}
+   do
+   [[ -h ${binary} ]]  continue
+   [[ -f ${TRUEPREFIX}/bin/${binary##*/} ]] 
+   {
+   print -n  ${binary##*/}
+   ln -s ${TRUEPREFIX}/bin/${binary##*/} ${binary} || 
return
+   continue
+   }
+   [[ -f ${TRUEPREFIX}/sbin/${binary##*/} ]] 
+   {
+   print -n  ${binary##*/}
+   ln -s ${TRUEPREFIX}/sbin/${binary##*/} ${binary} || 
return
+   continue
+   }
+   print -n  ${binary##*/}
+   ln -s /usr/bin/false ${binary} || return
+   done
+   print '.'
+
+   chown_lp_devs _cups
+}
+
+
+function disable
+{
+   print $0()
+
+   ${RCDIR}/cups_browsed check 
+   {
+   ${RCDIR}/cups_browsed stop || return
+   }
+   ${RCDIR}/cupsd check 
+   {
+   ${RCDIR}/cupsd stop || return
+   }
+
+   print -n 'Reverting to base:'
+   for _lpfile in ${BINARIES} ${MAN_PAGES} ${SYSCONFDIR}/printcap
+   do
+   [[ -h ${_lpfile} ]] 
+   {
+   rm ${_lpfile} || return
+   }
+   [[ -f ${_lpfile}.pre-cups ]] || continue
+   print -n  ${_lpfile##*/}
+   mv ${_lpfile}.pre-cups ${_lpfile} || return
+   done
+   print '.'
+
+   chown_lp_devs root
+}
+
+
+function usage
+{
+   print -u2 usage: ${0##*/} (enable|disable)
+   exit ${EX_USAGE}
+}
+
+
+function chown_lp_devs
+{
+   print $0() $1
+   userinfo -e $1 || return
+
+   lp_devs='/dev/lp[a,t][0-2]'
+   log_devs_are=$(mktemp)
+   ls -l ${lp_devs}  ${log_devs_are}
+
+   for lp_dev in ${lp_devs}
+   do
+   [[ -c ${lp_dev} ]] || continue
+   [[ $(stat -f %Su ${lp_dev}) == $1 ]]  continue
+   chown $1 ${lp_dev} || return
+   done
+
+   log_devs_now

Re: [UPDATE] print/cups enable/disable script for ro /usr mount

[Craig Skinner]

On 2015-06-13 Sat 20:18 PM |, Craig Skinner wrote:
 
 Inspiration taken from the postfix-{en,dis}able,install scripts:
 Much moved out of the rc script and into 'cups-toggle (enable|disable)'.
 

So as to not clutter the last mail, here's a sample script run:


craig@spruce:~ 0$ sudo cups-toggle enable
enable()
Backing up: lpq lpr lprm lpc lpd lpq.1 lpr.1 lprm.1 lpc.8 lpd.8.
Symlinking /etc/printcap.
Symlinking binaries: lpq lpr lprm lpc lpd.
chown_lp_devs() _cups
devices are:
crw---  1 root  wheel   16, 128 Jan 22 11:31 /dev/lpa0
crw---  1 root  wheel   16, 129 Jan 22 11:31 /dev/lpa1
crw---  1 root  wheel   16, 130 Jan 22 11:31 /dev/lpa2
crw---  1 root  wheel   16,   0 Jan 22 11:31 /dev/lpt0
crw---  1 root  wheel   16,   1 Jan 22 11:31 /dev/lpt1
crw---  1 root  wheel   16,   2 Jan 22 11:31 /dev/lpt2
devices now:
crw---  1 _cups  wheel   16, 128 Jan 22 11:31 /dev/lpa0
crw---  1 _cups  wheel   16, 129 Jan 22 11:31 /dev/lpa1
crw---  1 _cups  wheel   16, 130 Jan 22 11:31 /dev/lpa2
crw---  1 _cups  wheel   16,   0 Jan 22 11:31 /dev/lpt0
crw---  1 _cups  wheel   16,   1 Jan 22 11:31 /dev/lpt1
crw---  1 _cups  wheel   16,   2 Jan 22 11:31 /dev/lpt2
lrwxr-xr-x  1 root  wheel  18 May 28 21:27 /etc/printcap@ - 
/etc/cups/printcap
lrwxr-xr-x  1 root  wheel  18 May 28 21:27 /usr/bin/lpq@ - 
/usr/local/bin/lpq
-r-xr-sr-x  1 root  daemon  26660 Aug  8  2014 /usr/bin/lpq.pre-cups*
lrwxr-xr-x  1 root  wheel  18 May 28 21:27 /usr/bin/lpr@ - 
/usr/local/bin/lpr
-r-sr-sr-x  1 root  daemon  30724 Aug  8  2014 /usr/bin/lpr.pre-cups*
lrwxr-xr-x  1 root  wheel  19 May 28 21:27 /usr/bin/lprm@ - 
/usr/local/bin/lprm
lrwxr-xr-x  1 root  wheel  19 May 28 21:27 /usr/bin/lprm@ - 
/usr/local/bin/lprm
-r-sr-sr-x  1 root  daemon  26596 Aug  8  2014 /usr/bin/lprm.pre-cups*
-r-sr-sr-x  1 root  daemon  26596 Aug  8  2014 /usr/bin/lprm.pre-cups*
lrwxr-xr-x  1 root  wheel  19 May 28 21:27 /usr/sbin/lpc@ - 
/usr/local/sbin/lpc
-r-xr-sr-x  1 root  daemon  37796 Aug  8  2014 /usr/sbin/lpc.pre-cups*
lrwxr-xr-x  1 root  wheel  14 May 28 21:27 /usr/sbin/lpd@ - /usr/bin/false
-r-xr-s---  1 root  daemon  72452 Aug  8  2014 /usr/sbin/lpd.pre-cups*
-r--r--r--  1 root  bin  4525 Aug  8  2014 
/usr/share/man/man1/lpq.1.pre-cups
-r--r--r--  1 root  bin  7230 Aug  8  2014 
/usr/share/man/man1/lpr.1.pre-cups
-r--r--r--  1 root  bin  4496 Aug  8  2014 
/usr/share/man/man1/lprm.1.pre-cups
-r--r--r--  1 root  bin  5799 Aug  8  2014 
/usr/share/man/man8/lpc.8.pre-cups
-r--r--r--  1 root  bin  9392 Aug  8  2014 
/usr/share/man/man8/lpd.8.pre-cups

Cheers
-- 
Numeric stability is probably not all that important when you're guessing.

Re: [UPDATE] print/cups enable/disable script for ro /usr mount

[Craig Skinner]

On 2015-06-13 Sat 22:39 PM |, Antoine Jacoutot wrote:
 On Sat, Jun 13, 2015 at 08:18:41PM +0100, Craig Skinner wrote:
  
  Inspiration taken from the postfix-{en,dis}able,install scripts:
  Much moved out of the rc script and into 'cups-toggle (enable|disable)'.
  
 
 I prefer the way it's done now.
 It's automatic -- I don't want to have to remember to run yet another command 
 each time I update (which is very often).
 
 

Would something like these in the PLIST automate it Antoine?

@extraexec ${TRUEPREFIX}/sbin/cups-toggle enable
@extraunexec ${TRUEPREFIX}/sbin/cups-toggle disable


Cheers.
-- 
Zero Defects, n.:
The result of shutting down a production line.

Re: [UPDATE] print/hplip + RUN_DEP of py-gobject

[Craig Skinner]

On 2015-06-06 Sat 09:46 AM |, Craig Skinner wrote:
 Hi,
 
 I've found installing the OpenPrinting HPLIP plugins
 with their python script needs py-gobject installed.
 

So as to not clutter the last mail, here's steps to show the dep:

$ cd $(mktemp -d)
$ umask 022
$ sudo pkg_delete py-gobject
$ sudo /etc/rc.d/dbus_daemon restart
$ sudo /etc/rc.d/avahi_daemon restart
$ sudo /etc/rc.d/cupsd restart 
$ ftp 
http://www.openprinting.org/download/printdriver/auxfiles/HP/plugins/hplip-3.15.4-plugin.run
$ sh hplip-3.15.4-plugin.run --keep --nox11 --noexec
$ cd plugin_tmp/
$ patch plugin_install.py /tmp/plugin_install.py.patch # attached here
$ python ./plugin_install.py -g -i

...
..

error: Unable to load pkit...is HPLIP installed?
error: No module named gobject

162c162
 except ImportError:
---
 except ImportError, e:
163a164
 log.error(e)

[UPDATE] print/hplip + RUN_DEP of py-gobject

[Craig Skinner]

Hi,

I've found installing the OpenPrinting HPLIP plugins
with their python script needs py-gobject installed.

FreshPorts shows devel/py-gobject as both build  runtime dependencies: 
http://www.freshports.org/print/hplip/

I'm not sure if it would be better in some other port, such as py-dbus.

Also update the README for mostly non-root plugins fetch/install:


Index: Makefile
===
RCS file: /cvs/ports/print/hplip/Makefile,v
retrieving revision 1.127
diff -u -p -r1.127 Makefile
--- Makefile17 Apr 2015 04:18:13 -  1.127
+++ Makefile6 Jun 2015 07:49:27 -
@@ -10,6 +10,7 @@ COMMENT-hpijs=HP ghostscript driver (s
 COMMENT-gui=   HPLIP graphical tools
 
 V= 3.15.4
+REVISION=  0
 DISTNAME=  hplip-${V}
 SUBST_VARS=V
 
@@ -107,6 +108,8 @@ LIB_DEPENDS-hpijs=  print/hplip,-common \
 
 # foomatic-rip(1), foomatic-db(-engine)
 RUN_DEPENDS-hpijs +=   print/cups-filters
+
+RUN_DEPENDS-hplip +=   devel/py-gobject
 
 ### -gui
 WANTLIB-gui += #empty
Index: pkg/README-common
===
RCS file: /cvs/ports/print/hplip/pkg/README-common,v
retrieving revision 1.6
diff -u -p -r1.6 README-common
--- pkg/README-common   15 Aug 2014 15:45:38 -  1.6
+++ pkg/README-common   6 Jun 2015 07:49:27 -
@@ -103,8 +103,10 @@ Plugin installation
 Some devices will not work properly without a corresponding proprietary
 binary plugin. HPLIP plugins automated installation is not available on
 OpenBSD but it can be installed manually by running the following as
-root:
-cd /tmp
+non-root:
+cd $(mktemp -d)
 ftp 
http://www.openprinting.org/download/printdriver/auxfiles/HP/plugins/hplip-${V}-plugin.run
-/bin/sh ./hplip-${V}-plugin.run --keep 2/dev/null
-cd plugin_tmp  ${MODPY_BIN} ./plugin_install.py -i
+umask 022
+/bin/sh ./hplip-${V}-plugin.run --keep --nox11 --noexec
+cd plugin_tmp  sudo ${MODPY_BIN} ./plugin_install.py -g -i
+

Re: mj2.org

[Craig Skinner]

On 2015-03-13 Fri 07:47 AM |, Todd C. Miller wrote:
 On Tue, 10 Mar 2015 16:29:41 -, Kevin Chadwick wrote:
 
  I am looking into using majordomo with opensmtpd and I am unsure
  whether to use majordomo from ports or majordomo from mj2.org.
  
  Any advice?
 
 The OpenBSD list machine uses mj2 but it will take some minor patches
 to make it work with modern perl.  Unfortunately, mj2 is effectively
 abandonware at ths point.
 

mlmmj works well.

Ported  packaged  runs the OpenSMTPd lists.

-- 
Claude believed that only smart attractive people had the right to
fuck, and it sincerely hurt him when he discovered evidence to the
contrary.
-- Tom Robbins

[UPDATE] security/sshguard: temp boot death workaround

[Craig Skinner]

Hi folks,

Addition of pkg/{UN}MESSAGE with workarounds to sshguard's death on boot

Sorry I don't know the root cause of the problem...


Index: Makefile
===
RCS file: /cvs/ports/security/sshguard/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile25 Mar 2014 12:31:50 -  1.8
+++ Makefile12 Jan 2015 20:17:18 -
@@ -3,7 +3,7 @@
 COMMENT=   protect against brute force attacks on sshd and others
 
 DISTNAME=  sshguard-1.5
-REVISION=  1
+REVISION=  2
 CATEGORIES=security
 
 # BSD
Index: pkg/MESSAGE
===
RCS file: pkg/MESSAGE
diff -N pkg/MESSAGE
--- /dev/null   1 Jan 1970 00:00:00 -
+++ pkg/MESSAGE 12 Jan 2015 20:17:18 -
@@ -0,0 +1,13 @@
+
+sshguard is reported to die on boot:
+http://marc.info/?l=openbsd-portsw=2r=1s=sshguard+boot
+
+Known workarounds are EITHER:
+
+1) a root cron job (will operate everytime cron starts):
+@rebootsleep 5; /etc/rc.d/sshguard 
start
+
+2) an addition to /etc/rc.local (will operate once on boot):
+print unset INRC\nprint -n -- '$0 start '\n/etc/rc.d/sshguard start |
+   at -q a 'now + 2 minutes'
+
Index: pkg/UNMESSAGE
===
RCS file: pkg/UNMESSAGE
diff -N pkg/UNMESSAGE
--- /dev/null   1 Jan 1970 00:00:00 -
+++ pkg/UNMESSAGE   12 Jan 2015 20:17:18 -
@@ -0,0 +1 @@
+Remove boot re-starter from root's crontab or /etc/rc.local

sshguard dies on boot + workaround

[Craig Skinner]

$ uname -mrsv
OpenBSD 5.6 GENERIC#274 i386

# reboot
/var/log/authlog:
Dec 25 14:04:11 palm sshd[23898]: Server listening on 0.0.0.0 port 22.
Dec 25 14:04:16 palm sshguard[18164]: Started successfully [(a,p,s)=(30, 3600, 
6000)], now ready to scan.
/etc/rc exits:
Dec 25 14:04:41 palm sshguard[18164]: Got exit signal, flushing blocked 
addresses and exiting...
root cronjob: @reboot sleep 5; /etc/rc.d/sshguard check || /etc/rc.d/sshguard 
start
Dec 25 14:04:48 palm sshguard[13329]: Started successfully [(a,p,s)=(30, 3600, 
6000)], now ready to scan.


Dinnae ken if it dies due to the parent process (rc) exiting:

/etc/rc reboot output:
...
..
setting tty flags
keyboard.encoding - uk
display.vblank - on
display.screen_off - 30
display.msact - off
display.kbdact - on
display.outact - off
pf enabled
starting network
starting early daemons: syslogd pflogd nsd unbound ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 - 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd dhcpd nginx spamd spamlogd.
starting package daemons: sshguard greyscanner postfix viagrad.
starting local daemons: cron.
sshguard up
Thu Dec 25 14:04:41 GMT 2014   dies now



$ tail -n 6 /etc/rc
echo -n 'starting local daemons:'
start_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm
echo '.'
/etc/rc.d/sshguard check  print 'sshguard up'
date
exit 0



Whatever,... the cronjob hack gets it back up. Then my brain quits.


Ta,
-- 
The Story of Your Enslavement
http://www.youtube.com/watch?v=Xbp6umQT58Afeature=related

Re: please remove the procmail port

[Craig Skinner]

On 2014-11-18 Tue 22:01 PM |, frantisek holop wrote:
 Philip Guenther, 18 Nov 2014 12:42:
  Executive summary: delete the procmail port; the code is not safe and 
  should not be used as a basis for any further work.
 
 just for the record, what is the alternative
 you would recommend?
 

$ pkg_info dovecot-pigeonhole
Information for inst:dovecot-pigeonhole-0.4.2p2v0

Comment:
Sieve mail filtering for Dovecot

Description:
Sieve mail filtering for Dovecot.

Maintainer: Brad Smith b...@comstyle.com

WWW: http://pigeonhole.dovecot.org/



http://wiki2.dovecot.org/Pigeonhole
http://wiki2.dovecot.org/Pigeonhole/ManageSieve/


-- 
The press conference THEY didn't want broadcast:
http://www.youtube.com/watch?v=Bzim6hQUoC8index=18list=PLHLREeMe4S0OmV_BYAfWNWi0qQzu2FWzK

Re: make plist ignores @rcscript

[Craig Skinner]

On 02/05/2013 15:54, Stuart Henderson wrote:

On 2013/05/02 12:36, Craig Skinner wrote:


I see there is a plist database under /usr/ports/plist  those have
extra @depend, @name  @comment lines not present in generated
pkg/PLISTs.


These are the lists as written in +CONTENTS files in the packages,
see the bsd.port.mk(5) manual about PLIST_DB.



I get it now.

I wrongly thought that 'make plist' populated the DB, rather than 'make 
package'


Thanks.

Re: make plist ignores @rcscript

[Craig Skinner]

On 01/05/2013 22:36, Craig Skinner wrote:


When I remove the @rcscript stuff from the PLIST  run this:


make clean=all  \
make clean=fake  \
make fetch-all  \
make checksum  \
make build  \
make fake  \
make plist || { sudo make plist; sudo chmod g+w pkg/PLIST; }

I get:

...
Installing /usr/ports/mystuff/net/vgrd/pkg/vgrd.rc as
/usr/ports/pobj/vgrd-1.13/fake-i386/etc/rc.d/vgrd
=== Updating plist for vgrd-1.13
Subpackage -: Stripping dirs from sysutils/libsysexits
Scanning destdir
Getting old lists
1st pass identifying files
Attaching annotations
Sorting out destdir files
make-plist: Bogus element outside of every prefix: /etc/rc.d/vgrd


So 'make plist' fails when the rc script is present in the fake tree,
while not mentioned in the PLIST.




Any thoughts on how to get around the bogus element problem?

Is it essential that I run 'make plist' before 'make package', or can I 
use my handwritten PLIST?


I see there is a plist database under /usr/ports/plist  those have 
extra @depend, @name  @comment lines not present in generated pkg/PLISTs.


I've successfully built 29 other packages without rc scripts.

What direction should I proceed in?

Craig.

Re: make plist ignores @rcscript

[Craig Skinner]

On 01/05/2013 20:02, Stuart Henderson wrote:

'make plist' only gets you part-way there, manual editing is still required.


Ta.

When I remove the @rcscript stuff from the PLIST  run this:


make clean=all  \
make clean=fake  \
make fetch-all  \
make checksum  \
make build  \
make fake  \
make plist || { sudo make plist; sudo chmod g+w pkg/PLIST; }

I get:

...
Installing /usr/ports/mystuff/net/vgrd/pkg/vgrd.rc as 
/usr/ports/pobj/vgrd-1.13/fake-i386/etc/rc.d/vgrd

===  Updating plist for vgrd-1.13
Subpackage -: Stripping dirs from sysutils/libsysexits
Scanning destdir
Getting old lists
1st pass identifying files
Attaching annotations
Sorting out destdir files
make-plist: Bogus element outside of every prefix: /etc/rc.d/vgrd


So 'make plist' fails when the rc script is present in the fake tree, 
while not mentioned in the PLIST.


What should I do now? Remove the rc script from pkg/?

Ta,
Craig.

Re: Add -f flags to rm and mv

[Craig Skinner]

On Mon, May 14, 2007 at 09:30:48PM +0200, Tobias Ulmer wrote:
  I export ENV=~/.profile
  
 
 
 
 That leads to 'funny' results. Do something like this in your
 .profile:
 
 if [ -o interactive ]; then
 :
 fi
 

$ cat /etc/profile
[ -o interactive ]  [ $SHELL = /bin/ksh ]  . /etc/ksh.kshrc


$ diff /etc/ksh.kshrc /etc/ksh.kshrc.orig | grep ^ | fgrep -v \#
   HOST=${HOST:-`hostname -s`}
   PROMPT=[EMAIL PROTECTED] \W$PS1S
   export TERM=xterm-color

   alias rm='rm -i'
   alias cp='cp -i'
   if [ -x /usr/local/bin/colorls ]; then
 alias ls='colorls -GF'
   fi
   alias ns='netstat -naf inet; netstat -naf inet6'
   alias mutt='mutt -y'
   alias vim='vim -u /etc/vimrc'
   if [ -e /usr/local/bin/view ]; then
 alias view='/usr/local/bin/view -u /etc/vimrc'
   fi



   alias df='df -h'
   alias du='du -h'

Re: mbox(3) man page error?

[Craig Skinner]

On Sat, Dec 30, 2006 at 10:37:52PM +, Tom Cosgrove wrote:
  Craig Skinner 30-Dec-06 19:41 
 
  Hi misc@
 
  There is probably some history here that I am unaware of, but at first
  glance there seems to be an error with the mbox(3) man page:
 
  FILES
 /var/spool/mail/$LOGNAME
$LOGNAME's incoming mail folder.
 
 
  Should that not be, as per hier(7):
 /var/mail/$LOGNAME
 
 There is no such man page in OpenBSD (base).  What port/package have
 you installed that included such a strange (and wrong) man page?
 
 (Section 3 is for the C library; section 5 is more properly for file
 formats.)
 

typo on my part, should be 5:

$ pkg_info -L mutt-1.5.12
Information for mutt-1.5.12

Files:
..
/usr/local/man/man5/mbox.5

I guess this is a Linuxism.

CC'd the maintainer

mailgraph on 4.0 [SOLVED:ldconfig path - for archives]

[Craig Skinner]

Hi misc@  ports@

I'm migrating boxes from 3.9 to 4.0 and was unable to run mailgraph on
4.0/i386.

# /usr/local/bin/mailgraph -d -l /var/log/maillog --rbl-is-spam
Can't load '/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so' 
for module RRDs: Cannot load specified object at 
/usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm line 230.
 at /usr/local/bin/mailgraph line 287
Compilation failed in require at /usr/local/bin/mailgraph line 287.
BEGIN failed--compilation aborted at /usr/local/bin/mailgraph line 287.


Perl is not yet one of my languages, so I checked a few basics
(permissions, mounts, and wotnot as below) and did'nae come up with
anything obvious.

Google said this was due to ldconfig on 3.9:
http://archives.neohapsis.com/archives/openbsd/2006-05/3009.html

I cannae mind having to dae this on 3.9/i386, nevertheless:

# ldconfig /usr/lib /usr/local/lib /usr/X11R6/lib
# /usr/local/bin/mailgraph -d -l /var/log/maillog --rbl-is-spam
$ ps ax | fgrep mailgraph
22431 ??  Is  0:11.94 /usr/bin/perl -w /usr/local/bin/mailgraph -d -l 
/var/log/maillog --rbl-
$ /sbin/ldconfig -r | fgrep fontconfig
73:-lfontconfig.3.0 = /usr/X11R6/lib/libfontconfig.so.3.0



I have not yet applied errata 005 for ld.so

Any pointers would be great, eg: do I have to place /usr/X11R6/lib in
$shlib_dirs variable in /etc/rc.conf.local? I did'nae have xbase40.tgz
installed, so had to untar it as part of the install of mailgraph. Would
this have fixed it selv on the next boot? Thanks.

$ ls -lh /usr/local/bin/mailgraph
-r-xr-xr-x  1 root  bin  24.6K Sep  2 12:27 /usr/local/bin/mailgraph*

$ ls -lh /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so
-rwxr-xr-x  1 root  bin   120K Sep  2 20:41 
/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/RRDs/RRDs.so*

$ ls -lh  /usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm
-r--r--r--  1 root  wheel  27.5K Sep 17 02:17 
/usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm

$ mount | fgrep /usr
/dev/wd0i on /usr type ffs (local, noatime, nodev)
/dev/wd0j on /usr/local type ffs (local, noatime, nodev)


$ grep ^use /usr/local/bin/mailgraph
use Carp;
use Symbol;
use Time::Local;
use strict;
use vars qw($VERSION);
use RRDs;
use strict;
use File::Tail;
use Getopt::Long;
use POSIX 'setsid';

$ pkg_info
apg-2.2.3p0 automated password generator
colorls-3.9 ls that can use color to display file attributes
expat-2.0.0 XML 1.0 parser written in C
expect-5.43.0p0-no_tk sophisticated scripter based on Tcl/Tk
gd-2.0.33p3 library for dynamic creation of images
gdbm-1.8.3p0GNU dbm
gettext-0.14.5p1GNU gettext
jpeg-6bp3   IJG's JPEG compression utilities
libiconv-1.9.2p3character set conversion library
links-0.99  text browser, displays while downloading
maildrop-1.7.0  local mail delivery agent with filtering abilities
mailgraph-1.12  a RRDtool frontend for Postfix statistics
mod_gzip-1.3.26.1ap0 transparently compress Apache output
mutt-1.5.12 tty-based e-mail client, development version
nsping-0.8  DNS ping
p5-File-Tail-0.99.3 library for reading from continuously updated files
passwdqc-0.1plugin password complexity checker for passwd(1)
pcre-6.4p1  perl-compatible regular expression library
png-1.2.12  library for manipulating PNG images
postfix-2.3.2   fast, secure sendmail replacement
rrdtool-1.0.49p3system to store and display time-series data
squid-2.5.STABLE13  WWW and FTP proxy cache and accelerator
tcl-8.4.7p1 Tool Command Language
vim-7.0.42-no_x11   vi clone, many additional features


$ cat -n /usr/local/bin/mailgraph | fgrep 287
   287  use RRDs;

$ cat -n /usr/libdata/perl5/i386-openbsd/5.8.8/DynaLoader.pm | egrep '230|231'
   230  my $libref = dl_load_file($file, $module-dl_load_flags) or
   231  croak(Can't load '$file' for module $module: .dl_error());

$ uname -a
OpenBSD teak.kepax.co.uk 4.0 GENERIC#1107 i386