Re: switch tacacs+ to python3

[Jan Vlach]

Hi ports@

I don't have access to openbsd tacacs boxes and switches anymore, so I can't 
really test this.

Maybe Daniel could take over maintainer as he'll be the last one to touch this? 
:-)

JV

kibana in OpenBSD 7.1

[Jan Vlach]

Hello Pavel, ports,

contacting you as a maintainer of kibana, logstash and elasticsearch; 

Does kibana still work for you in OpenBSD 7.1? 

I was able to get it running on OpenBSD 7.0 by hardcoding node version 
(10.x->12.22.6) in /usr/local/kibana/package.json, but same trick stopped 
working in 7.1, where system node is at 16.16.0. 
Kibana starts, but in web browser, it just shows loading animation and 
eventually ends up with cryptic error.

# rcctl -d start kibana 

   
doing _rc_parse_conf
doing _rc_quirks
kibana_flags empty, using default ><
doing rc_check
kibana
doing rc_start
doing _rc_wait_for_start
doing rc_check
No home directory /nonexistent!
Logging in with home = "/".
doing rc_check
Alarm clock 
doing _rc_write_runfile
(ok)


...

Kibana does not support the current Node.js version v16.16.0. Please use 
Node.js v12.16.1.

Elastic runs on same host at localhost:9200


The error is:
NetworkError when attempting to fetch resource.
Version: 7.10.0
Build: 35949
Error: NetworkError when attempting to fetch resource.
_construct@http://localhost:5601/35949/bundles/core/core.entry.js:6:4859
Wrapper@http://localhost:5601/35949/bundles/core/core.entry.js:6:4249
_createSuperInternal@http://localhost:5601/35949/bundles/core/core.entry.js:6:3388
HttpFetchError@http://localhost:5601/35949/bundles/core/core.entry.js:6:6016
_callee3$@http://localhost:5601/35949/bundles/core/core.entry.js:6:58583
l@http://localhost:5601/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380:1740519
s/o._invokehttp://localhost:5601/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380:1740273
_/http://localhost:5601/35949/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380:1740876
fetch_asyncGeneratorStep@http://localhost:5601/35949/bundles/core/core.entry.js:6:52652
_throw@http://localhost:5601/35949/bundles/core/core.entry.js:6:53084

What would be the best approach to getting this fixed? Trying to bundle node-12 
again (seems to be EOL though)? Trying to port over the Amazon opensource 
flavor that forked from 7.10? 

What do you think?

Thank you,
JV

ubench - bitrotted on AMD CPUs?

[Jan Vlach]

Hello ports@,

I've got computers of various vintage running OpenBSD and I'd like to
get a better idea what kind of workload could the machine handle
compared to others.

I came across package called ubench, but it behaves weird on these AMD CPUs:
- cpu0: AMD GX-217GA SOC with Radeon(tm) HD Graphics, 1647.11 MHz,
16-00-01
- cpu0: AMD Athlon(tm) II Neo N36L Dual-Core Processor, 1298.10 MHz,
10-06-03

Description at (http://www.phystech.com/download/ubench.html) and even
in pkg_info ubench says:

"Ubench will spawn about 2 concurrent processes for each CPU available on
the system. This ensures all available raw CPU horsepower is used."

This is not the case for AMD CPUs, as there's just one process jumping
around those two dual-core systems. (could be seen in sysstat or htop)

Intel CPUs work as expected, I can see multiple processes in top/htop
and all cores are busy and I get a "score" after run. 

The run ends with either ubench score of 0 or exiting on signal 28

$ ubench -c 
Unix Benchmark Utility v.0.3
Copyright (C) July, 1999 PhysTech, Inc.
Author: Sergei Viznyuk 
http://www.phystech.com/download/ubench.html
OpenBSD 6.9 GENERIC.MP#0 amd64
Ubench CPU:0

$ ubench -c 
  
Unix Benchmark Utility v.0.3
Copyright (C) July, 1999 PhysTech, Inc.
Author: Sergei Viznyuk 
http://www.phystech.com/download/ubench.html
OpenBSD 6.9 GENERIC.MP#0 amd64
  cpubench: exiting on signal 28
# - seems to be triggered by resizing terminal window

running or not running as root makes no difference.

Any idea what's going on here? 
The code is from 2000, should the port be decomissioned?
What do people generally use to benchmark hardware these days? 

Thank you,
Jan

isc-bind-9.16.2v0 fails to start on OpenBSD6.7, patch + note for upgrade guide might be nice

[Jan Vlach]

Hello Stuart, ports@,


latest isc-bind on OpenBSD 6.7 caught me  off-guard with upgrading, as
CWD now must be writeable or it doesn't start at all. (there's a note on
packge install, but I missed it on package upgrade)

clean isc-bind on clean new OpenBSD 6.7 install still doesn't come up,
as it has relative paths and now CWD is /tmp (in chroot). Patch for
stock named.conf below, also console log with steps to reproduce.

Took me a while to fix all relative paths to absolute (from chroot point
of view) and also, DNSSEC was broken as managed-keys directive is now
deprecated. (had 2 keys there for the trust anchor))

removing managed-keys directive, stopping, deleting
/var/named/tmp/managed-keys.bind{,.jnl} and restarting fixed DNSSEC for
me. Clean package works with DNSSEC fine.

Maybe note in the upgrade guide might be helpful that paths need to be
absolute now in named.conf.

- console log on clean 6.7 in vmd below the patch
- dmesg below console log

Thank you for new release and have a nice day,
Jan

- patch for named.conf:
###

--- named.conf.orig Wed May 20 17:45:20 2020
+++ named.conf  Wed May 20 17:45:56 2020
@@ -35,24 +35,24 @@
 //
 zone "." {
  type hint;
- file "etc/root.hint";
+ file "/etc/root.hint";
 };
 
 zone "localhost" {
  type master;
- file "standard/localhost";
+ file "/standard/localhost";
  allow-transfer { localhost; };
 };
 
 zone "127.in-addr.arpa" {
  type master;
- file "standard/loopback";
+ file "/standard/loopback";
  allow-transfer { localhost; };
 };
 
 zone 
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
  type master;
- file "standard/loopback6.arpa";
+ file "/standard/loopback6.arpa";
  allow-transfer { localhost; };
 };
 
@@ -61,13 +61,13 @@
 //
 //zone "myzone.net" {
 // type master;
-// file "master/myzone.net";
+// file "/master/myzone.net";
 //};
 
 // Slave zones
 //
 //zone "otherzone.net" {
 // type slave;
-// file "slave/otherzone.net";
+// file "/slave/otherzone.net";
 // masters { 192.0.2.1; [...;] };
 //};

###


## HOW TO REPRODUCE ISSUE:
bsd67# pkg_add isc-bind
quirks-3.325 signed on 2020-05-09T19:52:28Z
Ambiguous: choose package for isc-bind
a   0: 
1: isc-bind-9.16.2v0
2: isc-bind-9.16.2v0-geoip
Your choice: 1
isc-bind-9.16.2v0: ok
The following new rcscripts were installed: /etc/rc.d/isc_named
See rcctl(8) for details.
--- +isc-bind-9.16.2v0 ---
BIND: named 9.12+ insists that the "working directory" (inside the
/var/named chroot) is writable. Simplest fix if upgrading is probably
to add 'directory "/tmp";' to the options section of named.conf.
bsd67# rcctl enable isc_named
bsd67# rcctl start isc_named  
isc_named(failed)

bsd67# tail -5 /var/log/messages 
May 20 17:48:19 bsd67 named[76037]:

May 20 17:48:19 bsd67 named[76037]: max open files (7030) is smaller
than max sockets (21000)
May 20 17:48:19 bsd67 named[76037]: could not configure root hints from
'etc/root.hint': file not found
May 20 17:48:19 bsd67 named[76037]: loading configuration: file not
found
May 20 17:48:19 bsd67 named[76037]: exiting (due to fatal error)

vim /var/named/etc/named.conf # fix absolute paths

rcctl start isc_named

May 20 17:51:57 bsd67 named[40740]: max open files (7030) is smaller
than max sockets (21000)
May 20 17:51:57 bsd67 named[40740]: command channel listening on
127.0.0.1#953
May 20 17:51:57 bsd67 named[40740]: command channel listening on ::1#953
May 20 17:51:57 bsd67 named[40740]: all zones loaded
May 20 17:51:57 bsd67 named[40740]: running
May 20 17:51:57 bsd67 named[40740]: managed-keys-zone: Initializing
automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now
trusted, waiving the normal 30-day waiting period.
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/A
(199.9.14.201) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/A
(192.228.79.201) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/
(2001:500:200::b) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/
(2001:500:84::b) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/A
(198.97.190.53) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/A
(128.63.2.53) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/
(2001:500:1::53) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/
(2001:500:1::803f:235) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: l.root-servers.net/
(2001:500:9f::42) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: l.root-servers.net/
(2001:500:3::42) extra record in hints

bsd67# dig +dnssec seznam.cz 127.0.0.1 | fgrep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; flags: qr rd ra ad; QUERY: 

Re: NEW: Tacacs+ port - shrubbery.net version

[Jan Vlach]

Hi,

tac_plus compiles and runs fine on octeon too. (Edge Router Lite,
-current)

Tested slightly with py_tacacs_plus.
Encrypted and cleartext logins work, and authentication both to syslog
and dedicated file.

jvl


On Fri, May 24, 2019 at 01:49:29PM +0200, Ampie Niemand wrote:
> This does the trick and installs perfectly on macppc, will test i386
> and amd64 when I get home.
> 
> My thoughts are that because all the TACACS+ ports were obsolete after
> 6.2, the _tacacs user was sort of "deauthorized" in the infrastructure
> userlist.
> Reading the error message properly this time it confirms 100% what you
> said so that even I can understand it. :-D
> 
> Thanks, this is amazing.
> 
> Regards
> Ampie
> 
> 

Re: NEW: Tacacs+ port - shrubbery.net version

[Jan Vlach]

Gleydson,

> Done.
> Thanks for the feedback, i'm pushing it to openbsd-wip.

is this the correct openbsd-wip? 
https://github.com/jasperla/openbsd-wip 

I don't see the changes sthen@ pointed out there ...

> PS.: I'm running it and works just fine  It has a dozen of Cisco Nexus 
> switches already connected. 
> privdrop (_tacacs) fine.
> 
> I will add some changes to example files provided by  Jan Vlach, for pointing 
> out how to use tac_plus on the fly on OpenBSD.(like features available with 
> and without privdrop / etc).


> 
> Also should be nice sent patches upstream. Jan Vlach, what do you think about?

not sure there's an upstream at all:

lftp ftp.shrubbery.net:/pub/tac_plus> ls -l *28*
-r--r--r--  1 7053  wheel  530049 Jan  6  2015 tacacs-F4.0.4.28.tar.gz
-r--r--r--  1 7053  wheel 287 Apr  9  2018
tacacs-F4.0.4.28.tar.gz.sig

Re: NEW: Tacacs+ port - shrubbery.net version

[Jan Vlach]

Hi Gleydson, Stuart, ports,

I'm running tac_plus with 200+ boxes with IOS, IOS-XE and IOS-XR.

please see attached tgz for updated port.

- I've taken Gleydson's latest work from openbsd-wip (I don't see the
  unexec and/or doc/shared implemented in PLIST) *
- provided simplified tac_plus.conf.sample of stuff I have tested -
  logging in as full admins with level 15 and limited show users that I
use for scripting/metrics. I can't really vouch for the functionality of
dialup users etc. The full-blown config file example is still in the
manpage
- fixed typo in manpage for accounting to syslog - using `accounting
  syslog;` (including semicolon) does not work, but parser does not
complain. If I remove the semicolon, accounting info gets logged to
syslog as daemon.info (this was nasty :) ) 
- fixed paths for tac.acct, tac.log and tac.who - all of them go to
  /var/log/tac_plus directory that's owned by _tacacs:_tacacs
- ^ This fixes the case where you don't want to log into accounting file
  and want syslog accounting only (disabling accounting file directive
leads to tacacs complaining of permission denied with with default path
of /var/log/tac.acct) Changing the default path to
/var/log/tac_plus/tac.acct and removing `accounting file = ...'
directive properly disables logging to this file. Go figure :)
- Updated paths in manpage (tac_plus.conf.5.in) as one is automatically
  substituted from configure variables, while the other is hardcoded.
- Added README file to remind administrator to rotate his/her files.

* I've tried to add the @extraunexec rm -rf /var/log/tac_plus/*, but I'm
not sure it works:

On package deletion pkg_delete complains that directory is not empty:
[20:07][root@samsara:/var/log]# pkg_delete tacacs+ 
tacacs+-4.0.4.28v0: ok
Read shared items: ok
--- -tacacs+-4.0.4.28v0 ---
You should also remove /etc/tac_plus.conf (which was modified)
You should also run rm -f /var/log/tac_plus/*
Error deleting directory /var/log/tac_plus: Directory not empty
You should also run /usr/sbin/userdel _tacacs
You should also run /usr/sbin/groupdel _tacacs

I'm sorry, I've wrestled, but I don't understand how the doc/examples 
directories work -
what needs to be done in pkg configure phase and what is done in PLIST?

Cluestick please?

I've tested the accounting part with py-tacacs_plus on -current, don't have a 
real
network box around at this time. (Gonna dogfood this tomorrow or next
week)

Could you please have a look if this is okay?

jvl

On Thu, May 23, 2019 at 11:34:23AM -0300, Gleydson Soares wrote:
> > Can you use the standard locations for doc/examples please rather
> > than /usr/local/share/tacacs?
> 
> Yep.
> 
> > Needs @extraunexec rm -f /var/log/tac_plus/* for pkg_delete -c.
> 
> Done.
> Thanks for the feedback, i'm pushing it to openbsd-wip.
> 
> PS.: I'm running it and works just fine  It has a dozen of Cisco Nexus 
> switches already connected. 
> privdrop (_tacacs) fine.
> 
> I will add some changes to example files provided by  Jan Vlach, for pointing 
> out how to use tac_plus on the fly on OpenBSD.(like features available with 
> and without privdrop / etc).
> 
> Also should be nice sent patches upstream. Jan Vlach, what do you think about?
> 
> Cheers,
> 


tacacs+-20190523-2.tar.gz
Description: application/tar-gz

Re: NEW: Tacacs+ port - shrubbery.net version

[Jan Vlach]

Hi Gleydson,

thank you for getting in touch! I'm running it in production, so yes,
taking maintainer is ok.

I haven't tried to rebuild with 6.5 yet, that's on my TODO list though.

Could do that in next few days for both 6.5 and -current.

Thank you,
Jan

On Mon, May 20, 2019 at 04:55:33PM -0300, Gleydson Soares wrote:
> Hi Jan,
> 
> thank you for your effort on this port.
> i've pushed it to openbsd-wip at
> https://github.com/jasperla/openbsd-wip/tree/master/net/tacacs%2B
> it addresses the joint work of you and sthen@
> 
> are you still ok regarding of taking maintanership?
> 
> i will give some extra tests and double review next days.
> 
> Thank you,
> Gleydson.
> 

Re: NEW: py-tacacs_plus (tacacs+ client written in python)

[Jan Vlach]

Hello Daniel,

thank you for feedback.

Please see updated port:
  - port is now flavored for python 2 and 3 
  - make test passes for both pythons
  - managed version conflict, so both flavors could be installed
alongside
  - incorporated your comments below.

Is this OK?

Thank you,
Jan


> I quickly looked at it. Can you please:
> - remove the license link
> - stop using GH stuff and use MODPY_PI
> - vertically align stuff
> 
> I think providing a py3 flavour would be a good thing.
> 
> Cheers,
> Daniel


py-tacacs_plus.tar.gz,2
Description: Binary data

Re: NEW: Tacacs+ port - shrubbery.net version

[Jan Vlach]

Hello Stuart,

thank you for fixing and feedback on the tacacs+ port.  I've learned a lot here.

Sorry for late response, I was missing some commmands in accounting log
and command denies were not enforced properly and I needed to find out
why. I was missing part of config on the catalyst side, so the port
works ok.

Re-tested:
  - acls 
  - password backend (running as root)
  - cleartext backend
  - bcrypt backend
  - command permit/deny

I've also tested this with HP5800 Series switch and both logging and
command enforcement work.

There's a minor typo in tac_plus.rc, there's slash missing after
${TRUEPREFIX}

--- tac_plus.rc.origThu Oct 25 14:21:34 2018
+++ tac_plus.rc Thu Oct 25 14:21:43 2018
@@ -2,7 +2,7 @@
 #
 # $OpenBSD$

-daemon="${TRUEPREFIX}sbin/tac_plus"
+daemon="${TRUEPREFIX}/sbin/tac_plus"
 daemon_flags="-C ${SYSCONFDIR}/tac_plus.conf -Q _tacacs -U _tacacs"

 . /etc/rc.d/rc.subr
###

What is the case with:
${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py ${PREFIX}/share/tacacs/do_auth.py ?

/usr/ports/infrastructure/bin/portcheck complained:

Python module without compiled version, consider using ${MODPY_BIN}
${MODPY_LIBDIR}/compileall.py: share/tacacs/do_auth.py

is this the case where packages don't provide compiled python by
default?

Would a more minimal config as sample make sense? (please see attachment:)

Thank you again,
Jan



> : daemon="/usr/local/sbin/tac_plus"
> 
> should use ${TRUEPREFIX}, see all other rc scripts in ports
> 
> : daemon_flags="-C /etc/tac_plus.conf -Q _tacacs -U _tacacs"
> 
> should use ${SYSCONFDIR}
> 
> : Before running tac_plus, a configuration file needs to be created.
> : Copy the provided ${PREFIX}/share/tacacs/tac_plus.conf.sample to
> : /etc/tac_plus.conf and modify as necessary.
> 
> should use @sample to copy the file, so it's registered in the package
> database (e.g. used by sysmerge -p, sysclean, pkg_delete -c) and you can
> set permissions/ownership appropriately.
> 
> editing the config file is expected, it doesn't really need a MESSAGE
> for this.
> 
> : encrypt(1) could be used to generate hashes for login = des $HASH
> : directives.
> 
> encrypt(1) doesn't generate des hashes, so by itself this adds confusion.
> I'd modify the sample config to explain it better and get rid of MESSAGE
> completely.
> 
> :# use `encrypt -p' to get blowfish hash (see: man encrypt(1))
> :# test123
> :login = des $2b$10$rhfyMY/VeB7Tm1nCy4hDpeJNcfI32EcEZBYZ1sy/qpQf5YhAahVqG
> 
>  # "login = des" actually uses the OS crypt() function, it is not really
>  # using DES encryption. On OpenBSD this uses bcrypt. See encrypt(1) to
>  # generate suitable hashes.
> 
> : ${MODPY_BIN} ${MODPY_LIBDIR}/compileall.py 
> ${PREFIX}/share/tacacs/do_auth.py
> 
> that's not needed here, but on the other hand the #! line does need fixing
> (MODPY_ADJ_FILES = do_auth.py) and it's not marked as executable.
> 
> : CONFIGURE_ENV = YACC="${LOCALBASE}/bin/bison -y"
> : YACC =  bison -y
> : 
> : pre-configure:
> : ln -sf ${LOCALBASE}/bin/bison ${WRKDIR}/bin/yacc
> 
> I think this whole lot can just be replaced by
> 
> CONFIGURE_ENV = YACC=bison
> 
> : COMMENT =   version of Cisco System's TACACS+ AAA service
> 
> "the name of Cisco Systems, Inc. not be used in advertising or publicity
> pertaining to distribution of the program without specific prior
> permission"
> 
> Other things, the old tacacs+ package version was tacacs+-4.0.4ap1
> which compares as "newer" than 4.0.4.28, so needs EPOCH.
> 
> Picks up libwrap if present at build time.
> 
> Some patch parts are no longer needed.
> 
> Simpler to just remove the built tac_pwd rather than do a more complex
> patch to an automake-generated Makefile.
> 
> Above are addressed in the tar attached, does that still work ok for you?
> 
> 


# $OpenBSD$

key = "your key here"
accounting file = /var/log/tac_plus/tac.acct
# authentication users not appearing elsewhere via
# the file /etc/passwd
# 
# passwd backend needs tac_plus running a root,
# `cleartext' and `des' backends can run as 
# _tacacs:_tacacs
# 


acl = management_networks_acl {
permit = ^192\.168\.50\.
deny = .*
}

acl = monitoring_acl {
permit = 192\.168\.10\.
deny = .*
}

# administrators with direct enable mode access
group = admin {
default service = permit
service = exec {
priv-lvl = 15
}

acl = management_networks_acl
}

# group for monitoring
group = monitoring {
default service = deny

service = exec {
priv-lvl = 15
}

# COMWARE example
cmd = display {
permit mac-address
deny .*
}

# IOS example
cmd = show {
permit version
deny .*
}

acl = monitoring_acl
}

user = fred {
# "login = des" actually uses the OS crypt() function, it is not really
# using DES encryption. On 

Re: UPDATE: devel/cmake (i386 build wanted)

[Jan Vlach]

> Hi Rafael,
> 
> Builds fine on 6.4-current i386 running in VMM VM on 6.4-current amd64.
> Tomorrow I will have access to real i386 laptop with Pentium 4. I could
> test there too.
> 
> Have build libmusicbrainz and colobot packages that seem to use/require
> cmake.
> 
> Jan

Hello Rafael,

as promised, I've also built cmake + colobot on real i386. Works just
fine.

Jan

dmesg attached:

OpenBSD 6.4-current (GENERIC) #940: Mon Oct 22 22:31:08 MDT 2018
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 267804672 (255MB)
avail mem = 247877632 (236MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 03/04/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 
0xf7690 (61 entries)
bios0: vendor Dell Computer Corporation version "A08" date 03/04/2003
bios0: Dell Computer Corporation Latitude C640
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP
acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) UAR1(S3) USB0(S1) USB1(S1) 
USB2(S1) MODM(S3) PCIE(S3) MPCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (PCIE)
acpiprt3 at acpi0: bus -1 (MPCI)
acpipwrres0 at acpi0: PADA, resource for ADPT
acpitz0 at acpi0: critical temperature is 99 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 model "LIP8120DLP" serial 32546 type LION oem "Sony 
Corp."
acpibat1 at acpi0: BAT1 not present
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
"PNP0A03" at acpi0 not configured
acpicmos0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
bios0: ROM list: 0xc/0xf000 0xcf000/0x800! 0xcf800/0x800!
cpu0 at mainbus0: (uniprocessor)
cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz ("GenuineIntel" 686-class) 
1.80 GHz, 0f-02-07
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,PERF,MELTDOWN
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xe800, size 0x400
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 0 function 0 "ATI Radeon Mobility M7" rev 0x00
drm0 at radeondrm0
radeondrm0: irq 11
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11, address 
00:0b:db:9f:29:2a
exphy0 at xl0 phy 24: 3Com internal media interface
cbb0 at pci2 dev 1 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11
cbb1 at pci2 dev 1 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 19077MB, 39070080 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02: irq 11, ICH3
ac97: codec id 0x4352595b (Cirrus Logic CS4205 rev 3)
ac97: codec features mic channel, tone, simulated stereo, bass boost, 20 bit 
DAC, 18 bit ADC, SRS 3D
audio0 at auich0
"Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
isa0 at ichpcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics touchpad, firmware 5.9, 0x9b4cb1 0x0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd0 at scsibus3 targ 1 lun 0:  SCSI2 0/direct fixed
sd0: 19076MB, 512 bytes/sector, 39069488 sectors
root on sd0a (9e331bf883a9d7df.a) swap on sd0b dump on sd0b
initializing kernel modesetting (RV200 0x1002:0x4C57 0x1028:0x012A).
radeondrm0: 1024x768, 8bpp
wsdisplay0 at radeondrm0 mux 1: 

NEW: py-tacacs_plus (tacacs+ client written in python)

[Jan Vlach]

Hello ports@

this is py-tacacs_plus python module / standalone tacacs+ client. It
could speak with the new tacacs+ power based on shrubbery.net's
implementation.

basic usage/syntax is here:
https://github.com/ansible/tacacs_plus/





py-tacacs_plus.tar.gz
Description: application/tar-gz

NEW: Tacacs+ port - shrubbery.net version

[Jan Vlach]

Hi,

this is NEW port of tacacs+ based on the version from people at
shrubbery.net (as hinted in net/tacacs+ in attic)

  * I've patched out tac_pwd, so it is not being built. It just
segfaults, can generate md5 and des passwords. encrypt(1) is better
choice to get supported hash.
   
  * Verified against real Catalyst 2960
  * Verified with py-tacacs+ client (might send port later, if this one is okay)
  * _tacacs:_tacacs needs to get re-enabled in user.list
  * init script runs it by default as _tacacs:tacacs
  - that enables: cleartext, empty and crypt authenticators
(blowfish passwords as generated by encrypt(1)
  - system users could get verified too, but tac_plus needs to run
as root then.
  * build and run tested on i386 and amd64
  * sample tac_plus.conf is provided, copied out from the manpage for now
  
Can you please look and provide feedback?

Thank you,
Jan


tacacs+.tar.gz
Description: application/tar-gz

Re: UPDATE: devel/cmake (i386 build wanted)

[Jan Vlach]

On Sat, Oct 20, 2018 at 10:56:35PM +0200, Rafael Sadowski wrote:
> Hi All.
> 
> Please find below diff to update cmake to the latest stable version. The
> last time it failed on i386 so it would be great if someone could build
> it on i386 and report to me/ports@. Please ignore the wrong CVS tags,
> the diff based on an old diff from sthen@.
> 
> Rafael Sadowski

Hi Rafael,

Builds fine on 6.4-current i386 running in VMM VM on 6.4-current amd64.
Tomorrow I will have access to real i386 laptop with Pentium 4. I could
test there too.

Have build libmusicbrainz and colobot packages that seem to use/require
cmake.

Jan

Re: NEW: games/pioneer

[Jan Vlach]

Thank you for the port Anthony! 

Compiles and runs fine on 6.3-stable on amd64.

There is a bug in the 20180203 tag though: When you pause the game, you
can sell 10% of your fuel indefinitely and the level of your ship's tank
does not change. (i.e. infinite money)

I've asked around on pioneer IRC channel and devs over there said that
February tag is too old and there have been lots of fixes and
improvements. I wasn't able to reproduce the bug with latest release
(GH_COMMIT = 2df911dc2a70592cd54eb3e36820ff51621a5f09)

The  patch-contrib_imgui_imgui_draw_cpp does not apply anymore, but
 seems to be included correctly on OpenBSD.

The game segfaults when I quit from the menu for me though.

Jan


On Thu, Oct 04, 2018 at 05:12:36AM -0600, Anthony J. Bentley wrote:
> On Wed, Sep 19, 2018 at 3:55 AM Anthony J. Bentley  wrote:
> > Here's a port for pioneer, a game of lonely space and adventure.
> >
> > Pioneer is a space adventure game set in the Milky Way galaxy at the
> > turn of the 31st century.
> >
> > The game is open-ended, and you are free to explore the millions of star
> > systems in the game. You can land on planets, slingshot past gas giants,
> > and burn yourself to a crisp flying between binary star systems. You can
> > try your hand at piracy, make your fortune trading between systems, or
> > do missions for the various factions fighting for power, freedom or
> > self-determination.
> >
> > ok?
> 
> Any interest in this port?
> 
> -- 
> Anthony J. Bentley




pioneer.tar.gz
Description: application/tar-gz

surf2-0.6.20160922p0 segmentation fault on -current (#155) on i386

[Jan Vlach]

Hello openbsd-ports,

I'm trying to move away from surf towards surf2 on my Asus EeePC, but surf2 
segfaults on right at start. Deleting ~/.surf does not help.

$ surf2
Segmentation fault (core dumped) 

--->8---
(gdb) backtrace
#0  L1 () at /usr/src/lib/libc/arch/i386/string/strchr.S:16
#1  0x071a8c78 in g_param_spec_pool_lookup () from 
/usr/local/lib/libgobject-2.0.so.4200.4
#2  0x071a61bf in g_object_new_valist () from 
/usr/local/lib/libgobject-2.0.so.4200.4
#3  0x074a7fbe in webkit_settings_new_with_settings ()
   from /usr/local/lib/libwebkit2gtk-4.0.so.2.1
#4  0x170b0fe9 in newview () from /usr/local/bin/surf2
#5  0x170af7c2 in newclient () from /usr/local/bin/surf2
#6  0x170b3938 in main () from /usr/local/bin/surf2
Current language:  auto; currently asm
(gdb)
--->8---

Building with  `DEBUG="-ggdb -O0" INSTALL_STRIP= make' does not provide 
"better" backtrace.

Dmesg and full gdb log follows.

What am I doing wrong?

Thank you,
Jan

P.S. re-post to ports@ after cluestick from misc@

### FULL GDB script log

[21:57][janus@maya:~]$ gdb $(which surf2) surf.core
[?1034hGNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd6.0"...(no debugging symbols 
found)

Core was generated by `surf2'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.23.0...done.
Loaded symbols for /usr/lib/libpthread.so.23.0
Loaded symbols for /usr/local/bin/surf2
Reading symbols from /usr/local/lib/libwebkit2gtk-4.0.so.2.1...done.
Loaded symbols for /usr/local/lib/libwebkit2gtk-4.0.so.2.1
Reading symbols from /usr/local/lib/libgtk-3.so.2200.2...done.
Loaded symbols for /usr/local/lib/libgtk-3.so.2200.2
Reading symbols from /usr/local/lib/libgdk-3.so.2200.2...done.
Loaded symbols for /usr/local/lib/libgdk-3.so.2200.2
Reading symbols from /usr/local/lib/libgobject-2.0.so.4200.4...done.
Loaded symbols for /usr/local/lib/libgobject-2.0.so.4200.4
Reading symbols from /usr/local/lib/libglib-2.0.so.4200.4...done.
Loaded symbols for /usr/local/lib/libglib-2.0.so.4200.4
Reading symbols from /usr/lib/libc.so.89.2...done.
Loaded symbols for /usr/lib/libc.so.89.2
Reading symbols from /usr/X11R6/lib/libX11.so.16.1...done.
Loaded symbols for /usr/X11R6/lib/libX11.so.16.1
Reading symbols from /usr/local/lib/libpangocairo-1.0.so.3800.0...done.
Loaded symbols for /usr/local/lib/libpangocairo-1.0.so.3800.0
Reading symbols from /usr/local/lib/libpango-1.0.so.3800.0...done.
Loaded symbols for /usr/local/lib/libpango-1.0.so.3800.0
Reading symbols from /usr/local/lib/libatk-1.0.so.21809.1...done.
Loaded symbols for /usr/local/lib/libatk-1.0.so.21809.1
Reading symbols from /usr/local/lib/libcairo-gobject.so.1.1...done.
Loaded symbols for /usr/local/lib/libcairo-gobject.so.1.1
Reading symbols from /usr/local/lib/libcairo.so.12.3...done.
Loaded symbols for /usr/local/lib/libcairo.so.12.3
Reading symbols from /usr/local/lib/libgdk_pixbuf-2.0.so.3200.1...done.
Loaded symbols for /usr/local/lib/libgdk_pixbuf-2.0.so.3200.1
Reading symbols from /usr/local/lib/libgio-2.0.so.4200.4...done.
Loaded symbols for /usr/local/lib/libgio-2.0.so.4200.4
Reading symbols from /usr/local/lib/libintl.so.6.0...done.
Loaded symbols for /usr/local/lib/libintl.so.6.0
Reading symbols from /usr/local/lib/libnotify.so.4.0...done.
Loaded symbols for /usr/local/lib/libnotify.so.4.0
Reading symbols from /usr/local/lib/libjavascriptcoregtk-4.0.so.2.1...done.
Loaded symbols for /usr/local/lib/libjavascriptcoregtk-4.0.so.2.1
Reading symbols from /usr/local/lib/libicudata.so.11.0...
warning: Lowest section in /usr/local/lib/libicudata.so.11.0 is .hash at 
2000
done.
Loaded symbols for /usr/local/lib/libicudata.so.11.0
Reading symbols from /usr/local/lib/libicui18n.so.11.0...done.
Loaded symbols for /usr/local/lib/libicui18n.so.11.0
Symbols already loaded for /usr/lib/libpthread.so.23.0
Reading symbols from /usr/local/lib/libicuuc.so.11.0...done.
Loaded symbols for /usr/local/lib/libicuuc.so.11.0
Reading symbols from /usr/X11R6/lib/libGL.so.17.1...done.
Loaded symbols for /usr/X11R6/lib/libGL.so.17.1
Reading symbols from /usr/X11R6/lib/libEGL.so.1.1...done.
Loaded symbols for /usr/X11R6/lib/libEGL.so.1.1
Reading symbols from /usr/local/lib/libgstapp-1.0.so.3.1...done.
Loaded symbols for /usr/local/lib/libgstapp-1.0.so.3.1
Reading symbols from /usr/local/lib/libgstbase-1.0.so.3.1...done.
Loaded symbols for /usr/local/lib/libgstbase-1.0.so.3.1
Reading symbols from /usr/local/lib/libgstreamer-1.0.so.3.1...done.
Loaded symbols for /usr/local/lib/libgstreamer-1.0.so.3.1
Reading symbols from /usr/local/lib/libgstpbutils-1.0.so.3.1...done.
Loaded symbols for /usr/local/lib/libgstpbutils-1.0.so.3.1
Reading symbols from 

Re: 10GB zipfile

[Jan Vlach]

Hi Jan,

I believe 7z (p7zip package) can uncompress *zip files too. Give it a
shot.

Jan

On Wed, Jan 18, 2017 at 06:33:17PM +0100, Jan Stary wrote:
> I have a big zipfile that I am trying to unzip witn archivers/unzip.
> 
> $ unzip -ql file.zip 
> warning [file.zip]:  6682546438 extra bytes at beginning or within
> zipfile (attempting to process anyway)
>   error [file.zip]:  start of central directory not found; zipfile corrupt.
> 
> $ ls -l file.zip
> -rw-r--r--  1 hans  hans  10977521995 Jan 18 18:24 file.zip
> 
> I am pretty sure the zipfile is OK. Given that the fie size
> minus the "extra bytes" is very near 4GB, could this be
> a 4GB file-size problem? If so, would people please recommend
> an unzipper which can go beyond 4GB?
> 
>   Thank you
> 
>   Jan

Re: Forcing reinstall of a port

[Jan Vlach]

Hi Alan,

the locale should be 
LC_CTYPE=en_US.UTF-8

not 

en-US.UTF-8

(underscore versus minus)

Jan

On Fri, Oct 23, 2015 at 11:07:38PM -0400, Alan Corey wrote:
> When I set LC_CTYPE to en-US.UTF-8 as has been mentioned here and in
> the OpenBSD FAQ, then do something like type uxterm into an rxvt
> window I get the warning:
> 
> Warning: locale not supported by Xlib, locale set to C
> 
> So could the Xlib version be causing this?  I'm floundering.  Maybe
> uxterm's trying to set a locale on startup.
> 
> On 10/23/15, Stuart Henderson  wrote:
> > On 2015/10/23 14:48, Alan Corey wrote:
> >> This is related to my pasting from Abiword which at the moment seems
> >> to be a gettext/libiconv order thing.
> >
> > I think this is probably an Abiword bug. They've had problems in this
> > area before, and even just copying and pasting entirely within Abiword
> > doesn't work for me (-current amd64).
> >
> >
> 
> 
> -- 
> Credit is the root of all evil.  - AB1JX
> 

-- 
Be the change you want to see in the world.

Re: CVS: cvs.openbsd.org: ports

[Jan Vlach]

Hello Antoine,
any chance of putting this back? I still use my Palm Tungsten E2 with
DateBk as a PDA. (I understand it's 2015, neither ipod + pocket informant,
nor android + pimlical work for me ...)
should I take maintainer?

Thank you,
Jan
__
> Od: Antoine Jacoutot 
> Komu: 
> Datum: 20.09.2015 00:22
> Předmět: CVS: cvs.openbsd.org: ports
>
>CVSROOT: /cvs
>Module name: ports
>Changes by: ajacou...@cvs.openbsd.org 2015/09/19 16:21:20
>
>Modified files:
> comms : Makefile
>
>Log message:
>-jpilot
>-pilot-link
>
>

Re: [tobi...@tmux.org: mark net/rtorrent as broken on powerpc]

[Jan Vlach]

Hello Martin,

 There's only one atomic operation on a 64bit value and it is just for
 instrumentation.  So by adding --disable-instrumentation to the
 configure arguments libtorrent builds just fine on macppc.  I did not
 try i386 but it should be the same.

Works fine on i386 for me.

Thank you,
Jan