signify: signature verification failed

I downloaded the jumbo patches from ftp://ftp.eu.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz which includes the latest opensmtpd patch, only it doesn't check out against signify. # signify -Vep /etc/signify/openbsd-57-base.pub -x 017_smtpd.patch.sig \ > -m - | (cd /usr/src && patch -p0)

Re: 10Gb single mode fibre adapters

- Original Message - | James A. Peltier [jpelt...@sfu.ca] wrote: | > Hi Misc, | > | > I'm looking to get some insight into those that have 10Gb single mode fibre | > adaptors in their OpenBSD machines and if they're being used in bridging | > mode? I've got a user who is asking what the

Re: signify: signature verification failed

On Fri, Oct 02, 2015 at 08:27:55AM +0200, Peter J. Philipp wrote: > I downloaded the jumbo patches from > ftp://ftp.eu.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz which includes > the latest opensmtpd patch, only it doesn't check out against signify. > > # signify -Vep

Re: inet6 autoconf will not remove invalid addresses on -current

On 02/10/15(Fri) 12:53, Stuart Henderson wrote: > [...] > I think it would probably make sense to remove an autoconfigured > prefix/address if an interface goes down (and one could argue for this > being the right thing to do for IPv4/DHCP as well - I lost count of > the number of times I have to

Re: inet6 autoconf will not remove invalid addresses on -current

On 2015-10-02, Martin Pieuchot wrote: > On 01/10/15(Thu) 19:00, Daniel Gillen wrote: >> # ndp -p >> 2001:XX:XX:7c5::/64 if=pppoe0 >> flags=LAD vltime=2592000, pltime=604800, expire=29d23h59m47s, ref=2 >> advertised by >> fe80::46d3:caff:fe9c:ef00%pppoe0 (no neighbor state) >>

Re: inet6 autoconf will not remove invalid addresses on -current

On 01/10/15(Thu) 19:00, Daniel Gillen wrote: > [...] > I managed to reproduce the issue and executed the commands you told me. > > # ifconfig pppoe0 > IPv4 address is 80.XX.XX.227 > Autoconfigured IPv6 address is 2001:XX:XX:707:XX:XX:XX:6c3a > > # ping6 -c 1 -S 2001:XX:XX:707:XX:XX:XX:6c3a

/bsd: em0: watchdog timeout -- resetting

Hi, I'm following -current and the last *good* snapshots was from Sep 25. I made a few updates including the snapshot from Oct 02 and today was the third time I get: /bsd: em0: watchdog timeout -- resetting ifconfig down; ifconfig up corrects the problem. OpenBSD 5.8-current (GENERIC.MP)

Re: /bsd: em0: watchdog timeout -- resetting

On 02.10.2015 16:58, Atanas Vladimirov wrote: Hi, I'm following -current and the last *good* snapshots was from Sep 25. I made a few updates including the snapshot from Oct 02 and today was the third time I get: ^^

Re: Opensmtpd+user forom "table baseuser"

On Thu, Oct 01, 2015 at 06:05:57AM +0200, Krzysztof Strzeszewski wrote: > Hi, > I add in my smtpd.conf: > > table users file:/path/to/file > accept userbase > > but smtpd get users from local system: > > "getpwnam: -> 0" > > what is wrong? > unless you provide the full configuration file

Re: carp/pfsync-problem: carp states stuck in "INIT" on boot on both machines but work correctly if called manually via /etc/netstart

...I don't believe it... I ssh'd all the time to the gateways and never had a look to the bootmessages 2x "ifconfig invalid argument" was the hint at boot. The fault (syntax typo?) was included in hostname.carp[0,1] - "\" for a 2-liner didn't work... despite the usage of blanks

carp/pfsync-problem: carp states stuck in "INIT" on boot on both machines but work correctly if called manually via /etc/netstart

Hello @list, perhaps I'm stupid but I've got a problem with two CARPed gateways running 5.7-amd64 stable. Hardware: two supermicro-board machines with four network interfaces each (em0 .. em3). Networks: LAN A : 172.16.210/24 via em0 LAN B : 172.16.0/24 via em1 direct connect for

Re: signify: signature verification failed

On Fri, Oct 02, 2015 at 03:14:08AM -0400, Clint Sand wrote: > On Fri, Oct 02, 2015 at 08:41:31AM +0200, Stefan Sperling wrote: > > Apparently, there was a mishap during signing. Use the fixed version at > > http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig > > That's the

Re: OpenBSD sendfile

Running linux in production is not an option, for me at least. I was surprised too. They put it recently into deps tree. Is disabled at run time, but is required at compile time.. I have scrambled the Makefiles and rebar.configs and rebar.config.scripts and got rid of sendfileand compiles and

Re: OpenBSD sendfile

On Fri, Oct 02, 2015 at 08:19:28AM +, Bogdan Andu wrote: > Running linux in production is not an option, for me at least. > > I was surprised too. They put it recently into deps tree. > > Is disabled at run time, but is required > at compile time.. > I have scrambled the Makefiles and

Re: OpenBSD sendfile

There is a general "mantra" many apps havenot just yaws, that real oses that realy matterand make a difference are regarded as secondhand citizens(do it yourself if u really need it) forthe simple fact that are no so "popular".On the low end of the spectrum are those popular osesthat are supported

Re: /bsd: em0: watchdog timeout -- resetting

Looks similar for my machine, em0 works for a short time and then timeouts. `ifconfig em0 up` seems to hang though. This is my em0: em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: msi, address 00:21:86:a1:1f:2b Full dmesg: OpenBSD 5.8-current (GENERIC.MP) #124: Wed Sep 30

Re: mini itx from intel

thanks everyone for the dmesg. i bought 2 of these with 8G of RAM and intel SSD drives. they will be used as headless servers, so DRM is not an issue, i was aware of that. they are remote, so openbsd is not installed on them yet, and i had the techie remove the wlans, as they will be in a small

Re: OpenBSD sendfile

On Fri, 2 Oct 2015 07:38:28 + (UTC) Stuart Henderson wrote: > On 2015-09-30, Bogdan Andu wrote: > > If one needs this linux-like crap, sendfile,and cannot disable it, > > how is he suppose to handle it? > > Run it on linux? > > I'm surprised Yaws

Web Filtering with the Blowfish

Hi Misc, This might be slightly OT as it is not only OpenBSD specific. I am working on improving my OpenBSD home router. I am seeking advises/opinions with respect to Web filtering. About a year ago I started using Privoxy as the number of ads, banners, pop-ups, and similar junk became to much

Re: inet6 autoconf will not remove invalid addresses on -current

On 2015/10/02 21:24, Daniel Gillen wrote: > But does an ifconfig down really does not remove autoconfigured IPv6 > addresses? Nope, they stay there. > I can't test it as ifconfig pppoe0 down does not seem to work > as expected at all (but that's another issue). pppoe(4)'s normal mode is to

Re: Web Filtering with the Blowfish

Em 02-10-2015 16:45, Predrag Punosevac escreveu: > 1. strip as much as possible unwanted ads, banners, pop-ups, and > similar junk There are tons of info regarding this. You're on the right direction thinking of Squid, Dansguardian, etc. There is one recent addon from EFF called Privacy Badger

Re: inet6 autoconf will not remove invalid addresses on -current

On 02.10.2015 21:55, Stuart Henderson wrote: > On 2015/10/02 21:24, Daniel Gillen wrote: >> But does an ifconfig down really does not remove autoconfigured IPv6 >> addresses? > > Nope, they stay there. > >> I can't test it as ifconfig pppoe0 down does not seem to work >> as expected at all (but

Tame and log files

Looking at http://www.openbsd.org/papers/tame-fsec2015/ When I first heard of "tame", I thought there would be a problem with log files. I assume that is what the "Whitelist path feature" is being added to try to solve. I wonder if a new system primitive could solve the log file problem in a

Re: inet6 autoconf will not remove invalid addresses on -current

On 02.10.2015 15:21, Martin Pieuchot wrote: > On 02/10/15(Fri) 12:53, Stuart Henderson wrote: >> [...] >> I think it would probably make sense to remove an autoconfigured >> prefix/address if an interface goes down (and one could argue for this >> being the right thing to do for IPv4/DHCP as well

Re: Tame and log files

> Looking at http://www.openbsd.org/papers/tame-fsec2015/ > > When I first heard of "tame", I thought there would be a problem with > log files. I assume that is what the "Whitelist path feature" is being added > to try to solve. > > I wonder if a new system primitive could solve the log file

Re: mini itx from intel

frantisek holop, 02 Oct 2015 17:55: > thanks everyone for the dmesg. > i bought 2 of these with 8G of RAM > and intel SSD drives. and of course by "2 of these" i meant DN2820FYKH -f -- he has a train of thought. you have a tricycle...

Re: mini itx from intel

FYI- My 2820 won't boot reliably headless without an HDMI dummy plug attached (such as http://www.amazon.com/CompuLab-fit-Headless-Display-Emulator/dp/B00FLZXGJ6), even with the latest BIOS. These seem to be hit or miss in a headless configuration, and not everyone has the HDMI boot failure issue,

Re: signify: signature verification failed

On Fri, Oct 02, 2015 at 08:41:31AM +0200, Stefan Sperling wrote: > On Fri, Oct 02, 2015 at 08:27:55AM +0200, Peter J. Philipp wrote: > > I downloaded the jumbo patches from > > ftp://ftp.eu.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz which includes > > the latest opensmtpd patch, only it doesn't

Re: OpenBSD sendfile

On 2015-09-30, Bogdan Andu wrote: > If one needs this linux-like crap, sendfile,and cannot disable it, how is he > suppose to handle it? Run it on linux? I'm surprised Yaws needs it though, from what it says on their website it looks optional.

Re: OpenBGPd error /bsd: bgpd(): syscall 105

On 01.10.2015 20:00, Sebastien Marie wrote: On Thu, Oct 01, 2015 at 12:21:33PM -0400, Michael McConville wrote: Atanas Vladimirov wrote: > Snapshot from sep 30 bgpd didn't startup: > Oct 1 08:32:28 ns /bsd: bgpd(28055): syscall 105 > Oct 1 08:32:28 ns bgpd[29697]: handle_pollfd: poll fd:

Re: /bsd: em0: watchdog timeout -- resetting

On 10/2/2015 8:32 AM, Gregor Best wrote: Looks similar for my machine, em0 works for a short time and then timeouts. `ifconfig em0 up` seems to hang though. This is my em0: em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M AMT" rev 0x03: msi, address 00:21:86:a1:1f:2b Getting similar log

Install kernel panic with 2015-10-02 i386 snapshot

Hardware is a Netgate Hamakua network appliance (a rebranded Lanner, not sure of the model). It runs fine on 5.7. I booted the /bsd kernel too (same result) so I could get into ddb, results below. This also happened on the 9/7 snapshot. Might be related to this thread:

Re: OS X 10.11 'El Capitan' IKEv2

> On Aug 17, 2015, at 5:39 AM, Reyk Floeter wrote: > > On Sun, Aug 16, 2015 at 11:28:24PM +0300, Or Elimelech wrote: >> Hello misc, >> >> Has anyone connected successfully between the new OS X ikev2 impl. >> To an OpenBSD box? >> > > No, we don't have the beta. > > Reyk

Re: Install kernel panic with 2015-10-02 i386 snapshot

I think this is the i386 W^X issue, which Mike Larkin is still puttering at fixing. Please be patient. Each time he gives me a potential diff, I sneak it into snapshots. > Hardware is a Netgate Hamakua network appliance (a rebranded Lanner, not > sure of the model). It runs fine on 5.7. > > I

IKED and encapsulated peers

Hi, Based on man 5 iked.conf the following should setup technically 4 flows (reversing and setting active on the corresponding peer): /etc/iked.conf ikev2 esp from 192.168.232.128 to 192.168.232.129 psk "HelloWorld" ikev2 esp from 192.168.1.0/24 to 192.168.72.0/24 peer 192.168.232.129 psk

Re: mini itx from intel

FYI- My 2820 won't boot reliably headless without an HDMI dummy plug attached (such as http://www.amazon.com/CompuLab-fit-Headless-Display-Emulator/dp/B00FLZXGJ6), even with the latest BIOS. These seem to be hit or miss in a headless configuration, and not everyone has the HDMI boot failure