Re: Enabling VerifyHostKeyDNS option in /etc/ssh/ssh_config

Jean-Yves Migeon jeanyves.mig...@free.fr wrote: Le 27/09/2013 13:57, Greg Troxel a écrit : Jean-Yves Migeon jeanyves.mig...@free.fr writes: +# Some NetBSD's hosts provide SSHFP records - try checking them +Host *.netbsd.org + VerifyHostKeyDNS ask Not really objecting, but: Why

src- and pkgsrc changes tweets

Hello, Just in case you're into that sort of thing, I've set up two twitter accounts that will tweet commit messages from the src-changes and pgksrc-changes mailing lists. They are: https://twitter.com/nbsdsrc https://twitter.com/pkgsrcchanges Not sure yet how useful this is. If you have

getlogin, su, and passwd

Hello, Consider the following scenario: $ whoami jschauma $ su - jdoe Password: $ whoami jdoe $ passwd Changing password for jschauma. Old Password: That is, passwd(1) will act on the current login name as returned by getlogin(2), regardless of whatever the current (effective or real) UID may

trusted certs in AWS image

Hello, After spinning up an AWS NetBSD 6.1.5 instance (ami-bc2c94d4), I find that does not have a trusted CA bundle. My other NetBSD system comes with /etc/openssl/certs/ca-certificates.crt, but the AMI seems to be lacking this file. Is this an oversight in the image? -Jan

Re: trusted certs in AWS image

Jeff Rizzo wrote: > Whereever you got that file from, it wasn't the base NetBSD image - we've > never shipped with certs to my knowledge. Ok, that explains it. :-) I understand not shipping a bundle, but I also think that many users will be frustrated by this as they try to

chown and setuid bits

Hello, The manual page for chown(1) notes: The ownership of a file may only be altered by a super-user for obvious security reasons. Unless invoked by the super-user, chown clears the set-user-id and set-group-id bits on a file to prevent accidental or mischievous creation

NetBSD 8.0 EC2 AMIs

Hello, https://wiki.netbsd.org/amazon_ec2/amis/ currently lists NetBSD 7.0 as the latest version for which there are AWS EC2 AMIs available. Is that correct, or are there any official NetBSD 8.0 images available? -Jan

Re: bozohttpd : how to enable TLS

Mayuresh wrote: > The man page of bozohttpd in the base (NetBSD 8.0) says TLS 1.1 and 1.2 is > supported. > > But I couldn't find much documentation about how to enable it. Adding the "-Z" flag with its required arguments automatically enables TLS support: -Z certificate_path privatekey_path

EC2 AMIs

Hello, Looking at https://wiki.netbsd.org/amazon_ec2/amis/, it looks like the latest release of NetBSD available for AWS EC2 is NetBSD 7.0. It'd be really useful if we could integrate the build of AWS marketplace AMIs into the release process to ensure the availabiity of up to date releases.

Re: AWS EC2 AMIs

Jan Schaumann wrote: > I've made the image public, so you can give it a try. I've also created a NetBSD-current AMI: ami-0018b2d98332ba7e3 That's 9.99.78 from https://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/latest/images/NetBSD-9.99.78-amd64-live.img.gz This image should work on at least

AWS EC2 AMIs

Hello, https://wiki.netbsd.org/amazon_ec2/amis/ shows the latest AMIs as being NetBSD 7.0; the latest stable release is NetBSD 9.1. Would it be possible to get official NetBSD AMIs of NetBSD 9.0 uploaded? I would really like that to be part of the release process, ideally. -Jan

Re: AWS EC2 AMIs

Christos Zoulas wrote: > Yes, but who maintains these and where are the instructions to build them? I found https://wiki.netbsd.org/amazon_ec2/bsdec2_image_upload/ and am currently looking to make time to give that a try. -Jan

Re: AWS EC2 AMIs

Jan Schaumann wrote: > I found > https://wiki.netbsd.org/amazon_ec2/bsdec2_image_upload/ > and am currently looking to make time to give that a > try. That appears to work! I pulled down the evbarm 9.1 image from http://ftp.netbsd.org/pub/NetBSD/NetBSD-9.1/evbarm-aarch64/binary

/bin/sh fd 12

Hello, I was looking at open file descriptors of /bin/sh under procfs: $ ls -li /proc/$$/fd/ total 0 5 crw--w 1 jschauma tty5, 1 Sep 14 02:47 0 5 crw--w 1 jschauma tty5, 1 Sep 14 02:47 1 1090579 crw-rw-rw- 1 root wheel 1, 0 Sep 14 02:19 12 5

Re: /bin/sh fd 12

Robert Elz wrote: > When you redirect standard output of a built-in command, the > existing standard output needs to be moved somewhere else (saved) > before the new one can be opened (dup'd in this case). 13 is > the next available fd I see, thanks. It looks like the selection of fd 12

Re: /bin/sh fd 12

Robert Elz wrote: > And it was committed. Nice - thanks for fixing this so promptly! -Jan

Re: 2-year old change not pulled into 9.2

Matthias Petermann wrote: > In your case, the release branch "netbsd-9" was probably already created > when your patch was merged into current. This means that a transfer to the > release branch requires a pull-up request: Yep, I forgot that minor releases don't get changes unless requested via

2-year old change not pulled into 9.2

Hello, Back in 2019, I reported a bug in cp(1): https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=54564 This was promptly fixed in src/bin/cp/utils.c rev 1.47 on 2019-09-23, but it looks like this change is not included in cp(1) in NetBSD 9.2: $ ident `which cp` | grep utils.c /bin/cp:

sys/clock.h

Hello, It looks like in order to be able to use sys/clock.h, one needs to first include either inttypes.h or stdint.h _before_ sys/clock.h. I've long made it a habit of sorting includes alphabetically and according to /usr/share/misc/style, which requires 'sys' includes to come before others,

Re: unable to set time very far in the future

David Brownlee wrote: > > RVP wrote: > > > There is a check in the kernel. In sys/kern/kern_time.c: > > > > > > 190 /* > > > 191 * The time being set to an unreasonable value will cause > > > 192 * unreasonable system behaviour. > > > 193 */ >

Re: unable to set time very far in the future

RVP wrote: > On Sat, 15 Oct 2022, Jan Schaumann wrote: > > > - I just can't _set_ the clock to any value above > > 68719476736. Anybody know why? > > > > There is a check in the kernel. In sys/kern/kern_time.c: > > 190 /* > 191

Re: unable to set time very far in the future

RVP wrote: > There is a check in the kernel. In sys/kern/kern_time.c: > > 190 /* > 191 * The time being set to an unreasonable value will cause > 192 * unreasonable system behaviour. > 193 */ > 194 if (ts->tv_sec < 0 || ts->tv_sec >

tm(3) vs "double leap second"

Hey, In tm(3) and /usr/include/time.h, we note: int tm_sec Seconds [0, 61] int tm_sec;/* seconds after the minute [0-61] */ In other places (e.g., ctime(3)), we note: int tm_sec; /* seconds (0 - 60) */ I believe the notion of tm_sec allowing for 0-61 to account for a

Re: tm(3) vs "double leap second"

Robert Elz wrote: > I very much doubt that anyone is (any more) assuming that > tm_sec can ever be 61, or that it ever jumps from 57 to 0 > without going through (at least) 58 first. The patches you > proposed look fine to me (even if there were some code > assuming otherwise somewhere, those

unable to set time very far in the future

Hey, I just noticed that I'm unable to set my system clock to date beyond 4147-08-20T07:32:16: # date 414708200732.16; date +%s Sun Aug 20 07:32:16 UTC 4147 68719476736 # date 414708200732.17 date: settimeofday: Invalid argument With a tv_sec value of 68719476737 well below any max for the

Re: No dkim signature attached when using mutt

Mayuresh wrote: > So, in short, if I don't own the alias domain, I can't sign dkim? Correct - that is the point of DKIM. -Jan

Re: 'cd' if HOME is unset

Robert Elz wrote: > Why bother? I happily admit that it's a rare edge case. I simply find it surprising that 'cd' gives up if HOME is unset. Seems unintuitive to me. -Jan

Re: 'cd' if HOME is unset

Jan Schaumann wrote: > "A common extension when HOME is undefined is to get > the login directory from the user database for the > invoking user. This does not occur on System V > implementations." > > I'm surprised that /bin/sh does not use the user's &g

'cd' if HOME is unset

Hello, POSIX requires that the 'cd' command use the $HOME environment variable (if that is set) when no operand is given. It explicitly notes that behavior of 'cd' with no operand when $HOME is unset is implementation defined. It then notes: "A common extension when HOME is undefined is to get

socketpair(2) protocol

Hello, socketpair(2) says: "The type and protocol argument values are described in socket(2)." But as best as I can tell, socketpair(2) only ever accepts a protocol of 0, no other value. Per POSIX, "Specifying a protocol of 0 causes socketpair() to use an unspecified default protocol

Re: apache parked processes using CPU

Jan Schaumann wrote: > PID USERNAME PRI NICE SIZE RES STATE TIME WCPUCPU COMMAND > 21048 nobody420 316M 14M parked 5:28 7.32% 7.32% httpd > 17677 nobody420 318M 14M parked 5:25 6.69% 6.69% httpd > 16398 nobody410 319M 17M

Re: No dkim signature attached when using mutt

Mayuresh wrote: > On Mon, Oct 31, 2022 at 05:53:10PM +0530, Mayuresh wrote: > > However if I use mutt or neomutt the headers don't contain dkim. > > It seems that "set from" to my email alias which is from a different > domain is the problem. If I use local domain then dkim gets inserted. > >

Re: apache parked processes using CPU

Jan Schaumann wrote: > I see many connections are left in TIME_WAIT, so > perhaps the system load average goes up because apache > keeps each process parked while waiting for more work > on these connections And that doesn't make sense, because the connection in TIME_WAIT can't be u

apache parked processes using CPU

Hey, About two days ago, my apache-2.4.54 running on my NetBSD-9.3 amd64 VPS started leaving multiple processes in 'parked' state, utilizing a lot of CPU: PID USERNAME PRI NICE SIZE RES STATE TIME WCPUCPU COMMAND 21048 nobody420 316M 14M parked 5:28 7.32% 7.32%

Re: apache parked processes using CPU

Martin Husemann wrote: > On Sun, Nov 13, 2022 at 10:59:09AM -0500, Jan Schaumann wrote: > > Hey, > > > > About two days ago, my apache-2.4.54 running on my > > NetBSD-9.3 amd64 VPS started leaving multiple > > processes in 'parked' state, utilizing a lot of CPU:

OpenSSL 3.x

Hello, OpenSSL 1.1.1 will reach EOL on September 11th, 2023, less than 6 months from today: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/ Do we have plans to update OpenSSL in tree to 3.x before then? -Jan

Re: Meaning of file flags

Rocky Hotas wrote: > > > where short descriptions of flags are shown. However, I still can't > understand the meaning of `nodump' and `arch'. > Is there another reference/document/message about them? Does the attached diff

Re: Meaning of file flags

Greg Troxel wrote: > So perhaps we should describe it as > > archive bit set in underlying foreign filesystem > > and perhaps deny setting it in filesystems that don't implement an > archive bit. > > (Probably, the use of this bit is now historical Yes, that's what it seems like. I've

cctlds in wtf

Hey, It's not uncommon for me to want to easily look up what country a specific ccTLD is for (literally "wtf is md"). I was wondering if people objected to adding the whole catalog to acronyms.comp for wtf(1)? I.e, that'd be AC ccTLD for Ascension Island (United Kingdom) AD ccTLD for

Re: cctlds in wtf

"Jeremy C. Reed" wrote: > Also see > > /usr/share/misc/domains TIL :-) I still find 'wtf' more convenient, since the IANA DB data doesn't actually tell you what country a ccTLD is for, but duplicating the information seems suboptimal. -Jan

Re: Files I cannot delete/chown/chmod as root?

ya...@sdf.org wrote: > On NetBSD 9_3_Stable, amd64, long time user... > > I have ended up with some files that I am unable to delete as root. > # ls -las Try adding '-o' to see file flags. Looks to me like you might have 'schg' set on the file. ls -lo $file chflags noschg $file -Jan

Re: Files I cannot delete/chown/chmod as root?

ya...@sdf.org wrote: > I thought this would be trivial once I knew these flags existed, but my > system is not letting me change the flags on these files? > > # ls -laso > total 6 > 2 drwxrwxrwx 3 root wheel-512 May 18 09:39 ./ > 2 drwxrwxrwx 4 root wheel-512 May 18 09:50 ../

Re: Files I cannot delete/chown/chmod as root?

ya...@sdf.org wrote: > > I think the man page says flags can only be unset in single user mode. > > Yes and no... > This unset behavior IS mentioned in secmodel_securelevel(9) [thanks Jan] > But not that I can see in chflags(1) It is now:

attaching new nvme* (AWS EBS)

Hello, When using AWS EC2, I can attach a new EBS volume to an instance at runtime. EBS volumes use nvme(4), but I can't seem to get a NetBSD instance (9.x or 10.99.2) to discover the new disk without rebooting. # pcictl pci0 list 000:00:0: Intel 82441FX (PMC) PCI and Memory Controller (host

Re: attaching new nvme* (AWS EBS)

g...@duzan.org wrote: > > How do I get the new nvme to be discovered without > > rebooting? > >Just a guess, but perhaps "drvctl -r {device}" on the parent pci bus? No luck. -Jan

Re: shrinking a filesystem using resize_ffs(8)

Michael van Elst wrote: > jscha...@netmeister.org (Jan Schaumann) writes: > >$ sudo newfs -C 2 /dev/rvnd0a > > There is no '-C'. Maybe -O 2 ? Yes. :-) > But resize_ffs doesn't support shrinking FFS2 and should > complain when you try. > You tell resize_f

shrinking a filesystem using resize_ffs(8)

Hi, I'm trying to shrink a filesystem using resize_ffs(8), but I keep getting an error: resize_ffs: read failed: Invalid argument Here's the setup: I start out with a 1GB disk with two 512MB partitions: $ sudo disklabel vnd0 [...] #sizeoffset fstype [fsize bsize cpg/sgs] a: