how to set PATH in xterm

[David Burau]

Hi,

I'm shure it's just a very small problem, but i can't figure out, what to do.
Im runnig OpenBSD 4.0 and i don't know how to set the PATH in xterm. I want to 
set it to $HOME/bin. The Shell is ksh. In the console it works, but not in 
xterm.

Thank you!

David Burau

Re: how to set PATH in xterm

[Srebrenko Sehic]

On 7/2/07, David Burau <[EMAIL PROTECTED]> wrote:

Hi,

I'm shure it's just a very small problem, but i can't figure out, what to do.
Im runnig OpenBSD 4.0 and i don't know how to set the PATH in xterm. I want to
set it to $HOME/bin. The Shell is ksh. In the console it works, but not in
xterm.


Just start xterm with -ls. It will read you .profile and set the PATH correctly.

Re: how to set PATH in xterm

[David Burau]

> Just start xterm with -ls. It will read you .profile and set the PATH
> correctly.


This works. Thank you!

David Burau

openvpn on openbsd 4.1

[sonjaya]

Dear all

i have installed  openvpn from ports  dan i try follow manual like this :
# pwd
/etc/openvpn/easy-rsa/2.0
# ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on
/etc/openvpn/easy-rsa/2.0/keys
# ./clean-all
# ./build-ca
 Please edit the vars script to reflect your configuration,
 then source it with "source ./vars".
 Next, to start with a fresh PKI configuration and to delete any
 previous certificates and keys, run "./clean-all".
 Finally, you can run this tool (pkitool) to build certificates/keys.
#
where is wrong ?


beloow my config
# cat vars
export EASY_RSA="`pwd`"
export KEY_CONFIG="$EASY_RSA/openssl.cnf"
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="CA"
export KEY_PROVINCE="USA"
export KEY_CITY="california"
export KEY_ORG="IT"
export KEY_EMAIL="[EMAIL PROTECTED]"
#
# cat clean-all
#!/bin/sh
export KEY_DIR="$EASY_RSA/keys"
if [ "$KEY_DIR" ]; then
   rm -rf "$KEY_DIR"
   mkdir "$KEY_DIR" && \
   chmod go-rwx "$KEY_DIR" && \
   touch "$KEY_DIR/index.txt" && \
   echo 01 >"$KEY_DIR/serial"
else
   echo 'Please source the vars script first (i.e. "source ./vars")'
   echo 'Make sure you have edited it to reflect your configuration.'
fi
#
# cat build-ca
#!/bin/sh
#
# Build a root certificate
#
export EASY_RSA="${EASY_RSA:-.}"
"$EASY_RSA/pkitool" --interact --initca $*
#




--
sonjaya
http://sicute.blogspot.com

Re: can not install binaries with pkg_add

[Alden Pierre]

Darren Spruell wrote:

On 7/1/07, Alden Pierre <[EMAIL PROTECTED]> wrote:

Darren Spruell wrote:
> On 7/1/07, Alden Pierre <[EMAIL PROTECTED]> wrote:
>> Hello All,
>>
>>I'm having a hard time trying to install packages on my machine.
>> 1.  PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/
>>
>> 2.  pkg_add -i screen gives me the following:
>>  sh: cannot create /var/tmp/pkgout.V6ybCkITOgB: File
>> exists
>>No packages available in the PKG_PATH
>>Can't resolve screen
>
> You probably didn't export PKG_PATH into your environment:
>
> $ env - ksh
> $ env
> _=/usr/bin/env
> PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
> $ PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/
> $ env
> _=/usr/bin/env
> PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
> $ sudo pkg_add -i screen
> Password:
> No packages available in the PKG_PATH
> Can't resolve screen
> $ export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/
> $ sudo pkg_add -i screen
> Ambiguous: choose package for screen
> 0: 
> 1: screen-4.0.3p0
> 2: screen-4.0.3p0-shm
> 3: screen-4.0.3p0-static
> Your choice:
>
> DS
>

I have it in my environment.  echo $PKG_PATH comes back with the
correct results.


Did it actually get to your environment via 'export'? If you didn't
place it in the environment with export you will still get a value
from the current shell with 'echo $PKG_PATH'. Test with 'env | grep
PKG_PATH'

Your original posting didn't indicate that it was exported.

DS

Here is all of my exported variables from my .profile. env | grep 
PKG_PATH comes back with the ftp site I have set

in my .profile.


PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/
MAIL=/var/mail/$USER
FCEDIT=mg
EDITOR=mg
TERM=vt220

PS1='\D{%d/%m/%y %r} ${PWD}/ --> '

export EDITOR FCEDIT MAIL PATH TERM PKG_PATH

Regards,
Alden

Re: openvpn on openbsd 4.1

[Mike Erdely]

On Mon, Jul 02, 2007 at 07:19:23PM +0700, sonjaya wrote:
> i have installed  openvpn from ports  dan i try follow manual like this :
> # pwd
> /etc/openvpn/easy-rsa/2.0
> # ./vars
> NOTE: If you run ./clean-all, I will be doing a rm -rf on
> /etc/openvpn/easy-rsa/2.0/keys
> # ./clean-all
> # ./build-ca
>  Please edit the vars script to reflect your configuration,
>  then source it with "source ./vars".
>  Next, to start with a fresh PKI configuration and to delete any
>  previous certificates and keys, run "./clean-all".
>  Finally, you can run this tool (pkitool) to build certificates/keys.
> #
> where is wrong ?

Try running ". ./vars" so that the vars get read into your environment.

-ME

Re: openvpn on openbsd 4.1

[sonjaya]

the all script is working when i try  input manual env , all in vars .


On 7/2/07, Mike Erdely <[EMAIL PROTECTED]> wrote:

On Mon, Jul 02, 2007 at 07:19:23PM +0700, sonjaya wrote:
> i have installed  openvpn from ports  dan i try follow manual like this :
> # pwd
> /etc/openvpn/easy-rsa/2.0
> # ./vars
> NOTE: If you run ./clean-all, I will be doing a rm -rf on
> /etc/openvpn/easy-rsa/2.0/keys
> # ./clean-all
> # ./build-ca
>  Please edit the vars script to reflect your configuration,
>  then source it with "source ./vars".
>  Next, to start with a fresh PKI configuration and to delete any
>  previous certificates and keys, run "./clean-all".
>  Finally, you can run this tool (pkitool) to build certificates/keys.
> #
> where is wrong ?

Try running ". ./vars" so that the vars get read into your environment.

-ME




--
sonjaya
http://sicute.blogspot.com

Re: openvpn on openbsd 4.1

[Cezary Morga]

> Dear all
>
> i have installed  openvpn from ports  dan i try follow manual like this :
> # pwd
> /etc/openvpn/easy-rsa/2.0
> # ./vars

type
source ./vars
or
. ./vars

(note the dot and the space)

Regards,
-- 
Cezary Morga 
GG# 169903 ICQ# 328-700-565
Jabber therek(at)jabber.autocom.pl; therek(at)jabber.therek.net
[=- http://www.therek.net/ -=][=- http://freebsd.therek.net/ -=]

Re: openvpn on openbsd 4.1

[Dominik Zalewski]

On Monday 02 July 2007 03:19:23 pm sonjaya wrote:
> Dear all
>
> i have installed  openvpn from ports  dan i try follow manual like this :
> # pwd
> /etc/openvpn/easy-rsa/2.0
> # ./vars
> NOTE: If you run ./clean-all, I will be doing a rm -rf on
> /etc/openvpn/easy-rsa/2.0/keys
> # ./clean-all
> # ./build-ca
>   Please edit the vars script to reflect your configuration,
>   then source it with "source ./vars".
>   Next, to start with a fresh PKI configuration and to delete any
>   previous certificates and keys, run "./clean-all".
>   Finally, you can run this tool (pkitool) to build certificates/keys.
> #
> where is wrong ?

Did you run:

source /etc/openvpn/easy-rsa/vars 

?

>
>
> beloow my config
> # cat vars
> export EASY_RSA="`pwd`"
> export KEY_CONFIG="$EASY_RSA/openssl.cnf"
> export KEY_DIR="$EASY_RSA/keys"
> echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
> export KEY_SIZE=1024
> export CA_EXPIRE=3650
> export KEY_EXPIRE=3650
> export KEY_COUNTRY="CA"
> export KEY_PROVINCE="USA"
> export KEY_CITY="california"
> export KEY_ORG="IT"
> export KEY_EMAIL="[EMAIL PROTECTED]"
> #
> # cat clean-all
> #!/bin/sh
> export KEY_DIR="$EASY_RSA/keys"
> if [ "$KEY_DIR" ]; then
> rm -rf "$KEY_DIR"
> mkdir "$KEY_DIR" && \
> chmod go-rwx "$KEY_DIR" && \
> touch "$KEY_DIR/index.txt" && \
> echo 01 >"$KEY_DIR/serial"
> else
> echo 'Please source the vars script first (i.e. "source ./vars")'
> echo 'Make sure you have edited it to reflect your configuration.'
> fi
> #
> # cat build-ca
> #!/bin/sh
> #
> # Build a root certificate
> #
> export EASY_RSA="${EASY_RSA:-.}"
> "$EASY_RSA/pkitool" --interact --initca $*
> #



-- 
Dominik Zalewski | System Administrator
OpenCraft
t- +2 02 336 0003
w- http://www.open-craft.com

Re: openvpn on openbsd 4.1

[sonjaya]

yes i have ready run it , but i see in my env not show , so i put all
manual in vars.

On 7/2/07, Cezary Morga <[EMAIL PROTECTED]> wrote:

> Dear all
>
> i have installed  openvpn from ports  dan i try follow manual like this :
> # pwd
> /etc/openvpn/easy-rsa/2.0
> # ./vars

type
source ./vars
or
. ./vars

(note the dot and the space)

Regards,
--
Cezary Morga 
GG# 169903 ICQ# 328-700-565
Jabber therek(at)jabber.autocom.pl; therek(at)jabber.therek.net
[=- http://www.therek.net/ -=][=- http://freebsd.therek.net/ -=]




--
sonjaya
http://sicute.blogspot.com

Re: can not install binaries with pkg_add

[Edd Barrett]

Hi there,

This file:

/var/tmp/pkgout.V6ybCkITOgB

Looks like a temp file used by pkg_add, perhaps pkg_add died and didnt
get time to clean up?

Try moving it to your home directory or somewhere, then retry. That
way if you do need this file, you can put it back!


--
Best Regards

Edd

---
http://students.dec.bournemouth.ac.uk/ebarrett

Re: can not install binaries with pkg_add

[Cristiano Deana]

2007/7/2, Alden Pierre <[EMAIL PROTECTED]>:



>> > You probably didn't export PKG_PATH into your environment:



Here is all of my exported variables from my .profile. env | grep
PKG_PATH comes back with the ftp site I have set
 in my .profile.


PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/



export EDITOR FCEDIT MAIL PATH TERM PKG_PATH


is that root's .profile?
how do you login as root? using su? or su -?

if that's your normal user profile you can use 'sudo pkg_add -i
screen' if it's root's profile use sudo -i

--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/

Re: ftp-proxy binat design -- Was: Re: binat questions

[Karl O. Pinc]

On 07/01/2007 12:53:59 PM, Camiel Dobbelaar wrote:



On Sun, 1 Jul 2007, Karl O. Pinc wrote:



> The basic idea is to modify ftp-proxy so it adds binat
> rules to it's anchors.



You cannot use port in binat rules, so that would not work.



I think this problem can only be fixed in pf itself, by not
prioritizing
binat and just use the order in which all NAT rules are configured.


Changing binat so that you _can_ use port in a binat rule
would do it too.  It'd be kind of silly, turning binat into a
nat with a higher pf priority, but would allow this issue
to be addressed in ftp-proxy.   Less sensible than eliminating
the binat>nat pf priority, but more backwardly compatible.

Karl <[EMAIL PROTECTED]>
Free Software:  "You don't pay back, you pay forward."
 -- Robert A. Heinlein

ThinCan thinclient - Anyone had a play?

[Edd Barrett]

Hey,

Has anyone had a play around with a "thincan" thin client with
OpenBSD? Looks like a bit of fun: http://www.artecgroup.com/thincan/

Not much is answered on thier web site, but as far as i can see it is
a thinclient (geode x86 CPU) which boots an small image (via CF or
"etherboot" protocol) containing an X server. I guess from here you
use XDMCP? The device is about the same dimensions as a soekris box,
and has only USB/ethernet and power sockets.

I suppose there are 2 levels of OpenBSD support here:
Image support - Will it boot OpenBSD?
Client support - Can it login to a remote OpenBSD X server
(independant of the image that was booted).

Nowhere near as good as Sun's Sunray clients, but a whole lot more BSD
friendly by all means.

--
Best Regards

Edd

---
http://students.dec.bournemouth.ac.uk/ebarrett

Re: openvpn on openbsd 4.1

[Stuart Henderson]

On 2007/07/02 19:54, sonjaya wrote:
> yes i have ready run it

Yes, that's the problem, you should have sourced it (in your
shell's environment) not run it (in a new one).

>  Please edit the vars script to reflect your configuration,
>  then source it with "source ./vars".

Unfortunately the OpenVPN docs use C-shell syntax here,
probably because some shell popular with Linux users allows
it.

For a SUS-compliant shell you want the ". ./vars" that's
been pointed out already.

Re: Soekris net5501 IPsec performance?

[Chris Cappuccio]

Christian Weisgerber [EMAIL PROTECTED] wrote:
> So...
> Has anybody checked how much traffic you can push through a net5501
> serving as an IPsec gateway?
>  

There are plenty of examples of people running the openssl benchmark routine.

> Has anybody tried a vpn1411 in a net5501 yet?
> 

It already has an onboard accelerator for AES.

Re: can not install binaries with pkg_add

[Alden Pierre]

Edd Barrett wrote:

Hi there,

This file:

/var/tmp/pkgout.V6ybCkITOgB

Looks like a temp file used by pkg_add, perhaps pkg_add died and didnt
get time to clean up?

Try moving it to your home directory or somewhere, then retry. That
way if you do need this file, you can put it back!




Interestingly enough when I attempt to do 'ls -la /var/tmp/' the only 
file that's there is a vi.recovery directory.  The beauty of this is 
when ever I try to retype 'pkg_add -i screen', the file is always 
something different.


Regards,
Alden

Re: can not install binaries with pkg_add

[Mike Erdely]

On Mon, Jul 02, 2007 at 10:53:44AM -0400, Alden Pierre wrote:
> Interestingly enough when I attempt to do 'ls -la /var/tmp/' the only 
> file that's there is a vi.recovery directory.  The beauty of this is 
> when ever I try to retype 'pkg_add -i screen', the file is always 
> something different.

Do you have write access to /var/tmp?

-ME

Re: can not install binaries with pkg_add

[Edd Barrett]

On 02/07/07, Alden Pierre <[EMAIL PROTECTED]> wrote:

Edd Barrett wrote:
Interestingly enough when I attempt to do 'ls -la /var/tmp/' the only
file that's there is a vi.recovery directory.  The beauty of this is
when ever I try to retype 'pkg_add -i screen', the file is always
something different.


It should be if it's a temp file.

I have no further suggestions though. Sorry.

--
Best Regards

Edd

---
http://students.dec.bournemouth.ac.uk/ebarrett

Re: can not install binaries with pkg_add

[Alden Pierre]

Cristiano Deana wrote:

2007/7/2, Alden Pierre <[EMAIL PROTECTED]>:



>> > You probably didn't export PKG_PATH into your environment:



Here is all of my exported variables from my .profile. env | grep
PKG_PATH comes back with the ftp site I have set
 in my .profile.


PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin 


PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/



export EDITOR FCEDIT MAIL PATH TERM PKG_PATH


is that root's .profile?
how do you login as root? using su? or su -?

This is root's .profile.  I login via su -l.

if that's your normal user profile you can use 'sudo pkg_add -i
screen' if it's root's profile use sudo -i

I get a different error,  when I run the same command with sudo.  The 
error is below.


OOPS: setsockopt
OOPS: child died
No packages available in the PKG_PATH
Can't resolve screen

Regards,
Alden

Re: how to set PATH in xterm

[Joachim Schipper]

On Mon, Jul 02, 2007 at 10:27:20AM +0200, David Burau wrote:
> > Just start xterm with -ls. It will read you .profile and set the PATH
> > correctly.
> 
> This works. Thank you!

For a more permanent solution, place the following in ~/.Xdefaults:

XTerm.loginShell: true

Of course, this is a far more generic technique, many X programs use
resources. (And many do not.) (Nearly) every command-line option of
xterm can be configured there.

Joachim

-- 
TFMotD: pchb (4) - PCI-Host Bridge

acpi suspend?

[Vim Visual]

Hi,

I kindly ask in advance not to be stoned after I have asked the
question I am about to ask.

I am a good boy, I buy the CDs, the T-shirts, learn every day a bit
more of OpenBSD and read a couple of man pages before going to sleep

Ok? Now the question...

   "How are the chances that "suspend" is implemented in ACPI for 4.2??"

(cowardly hides)

I am trapped in a laptop without APM and I miss (I am a converted
heretic linux user) the possibility of suspending a lot.

Should I go for -current and give it a try?

I _know_ that there has been a LOT of progress recently in ACPI and I
worship Marco and the others for that. Mine is a naive, innocent
question...

Thanks

Just in case of, here you are my dmesg

OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.10GHz ("GenuineIntel"
686-class) 1.11 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real mem  = 1063809024 (1038876K)
avail mem = 963268608 (940692K)
using 4278 buffers containing 53313536 bytes (52064K) of memory
User Kernel Config
UKC> enable acpi
386 acpi0 enabled
UKC> quit
Continuing...
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 09/01/04, BIOS32 rev. 0 @
0xfd720, SMBIOS rev. 2.3 @ 0xe8100 (43 entries)
bios0: FUJITSU SIEMENS 00
pcibios0 at bios0: rev 2.1 @ 0xfd720/0x8e0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf40/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xd200! 0xdc000/0x4000!
acpi0 at mainbus0: rev 0
acpi0: tables DSDT FACP SSDT BOOT
acpitimer at acpi0 not configured
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB_)
acpibtn at acpi0 not configured
acpibtn at acpi0 not configured
acpiac at acpi0 not configured
acpibat at acpi0 not configured
acpibat at acpi0 not configured
acpicpu at acpi0 not configured
cpu0 at mainbus0
cpu0: Enhanced SpeedStep 1100 MHz (940 mV): speeds: 1100, 1000, 900,
800, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82852GM Hub-PCI" rev 0x02
"Intel 82852GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
"Intel 82852GM Configuration" rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02: aperture
at 0xd800, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82852GM AGP" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x03: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x03: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x03: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb0 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x83
pci1 at ppb0 bus 1
cbb0 at pci1 dev 10 function 0 "Ricoh 5C476 CardBus" rev 0xab: irq 11
cbb1 at pci1 dev 10 function 1 "Ricoh 5C476 CardBus" rev 0xab: irq 11
"Ricoh 5C552 Firewire" rev 0x03 at pci1 dev 10 function 2 not configured
vendor "Ricoh", unknown product 0x0576 (class system subclass
miscellaneous, rev 0x01) at pci1 dev 10 function 3 not configured
"Ricoh 5C592 Memory Stick" rev 0x00 at pci1 dev 10 function 4 not configured
rl0 at pci1 dev 12 function 0 "Realtek 8139" rev 0x10: irq 11, address
00:0b:5d:8c:e2:0d
rlphy0 at rl0 phy 0: RTL internal PHY
iwi0 at pci1 dev 13 function 0 "Intel PRO/Wireless 2200BG" rev 0x05:
irq 11, address 00:0e:35:83:08:f2
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x03
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 ignored (disabled)
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x03: irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x03: irq
11, ICH4 AC97
ac97: codec id 0x414c4770 (Avance Logic ALC203 rev 0)
ac97: codec features headphone, 20 bit DAC, 18 bit ADC, No 3D Stereo
audio0 at auich0
"Intel 82801D

Re: acpi suspend?

[Artur Grabowski]

"Vim Visual" <[EMAIL PROTECTED]> writes:

> "How are the chances that "suspend" is implemented in ACPI for 4.2??"

1%

I had a prototype almost working at one point, messed it up without
saving the working version, then never had time or energy to go back
to it and noone else has picked it up.

//art

Re: how to set PATH in xterm

[Edd Barrett]

Hello,

On 02/07/07, David Burau <[EMAIL PROTECTED]> wrote:

Hi,

I'm shure it's just a very small problem, but i can't figure out, what to do.
Im runnig OpenBSD 4.0 and i don't know how to set the PATH in xterm. I want to
set it to $HOME/bin. The Shell is ksh. In the console it works, but not in
xterm.


This is one of the first things I set up on a new system. Theres a
section on it in the FAQ. The solution detailed there also works for
rxvt, which is the VTE I use.

I wonder why it isn't added to the system default Xdefaults?


--
Best Regards

Edd

---
http://students.dec.bournemouth.ac.uk/ebarrett

Re: following stable, extra file sets?

[Ulrich Kahl]

Am Sat, 30 Jun 2007 16:19:24 -0500 schrieb Aaron <[EMAIL PROTECTED]>:

> James Hartley wrote:
> > On 6/30/07, *Aaron* <[EMAIL PROTECTED] >
> > wrote:
> >
> > What i found strange is now it seems as if i have gained the
> > misc41 and
> > game41 file sets as a result of following stable.  Does this
> > sound correct?  
> >
> >
> > The following link from the FAQ describes what the roles of each
> > file set.  Perhaps this will provide some perspective.
> >
> > http://openbsd.org/faq/faq4.html#FilesNeeded
> >
> >
> >
> >
> That is where i made the decisions on what sets to include on my
> initial install...  Choosing sets is not the problem, as i indicated
> in the first post," i *chose* bsd, base41, etc41, comp41 and man41"
> file sets as they were the required sets. 
> 
> The question is, when updating src and following stable, is there any 
> way to _not_ have the game41 and misc41 installed when i do the make
> build.

Take a look at mk.conf(5) - SKIPDIR

I use something like "SKIPDIR=games usr.sbin/lpr/lpc ..." for my server.

Hope it helps

Ulrich

Re: following stable, extra file sets?

[Ted Unangst]

On 6/30/07, Aaron <[EMAIL PROTECTED]> wrote:

Ok this has answered the question, and thanks.This raises another
question for me.. If updating just the sets that you install, and I am
making an assumption here that people would want to update code when
needed, and be supported, why even give the choice on which sets to
install initially if the two extra sets will be installed anyway during
the supported method of updating?


not everyone does things the supported way.

Re: ThinCan thinclient - Anyone had a play?

[Greg Thomas]

On 7/2/07, Edd Barrett <[EMAIL PROTECTED]> wrote:

Hey,

Has anyone had a play around with a "thincan" thin client with
OpenBSD? Looks like a bit of fun: http://www.artecgroup.com/thincan/

Not much is answered on thier web site, but as far as i can see it is
a thinclient (geode x86 CPU) which boots an small image (via CF or
"etherboot" protocol) containing an X server. I guess from here you
use XDMCP? The device is about the same dimensions as a soekris box,
and has only USB/ethernet and power sockets.

I suppose there are 2 levels of OpenBSD support here:
Image support - Will it boot OpenBSD?
Client support - Can it login to a remote OpenBSD X server
(independant of the image that was booted).

Nowhere near as good as Sun's Sunray clients, but a whole lot more BSD
friendly by all means.



I don't know but I love their original form factor.  I'd like to get
my hands on one or two of the original cans.

Greg

--
http://ticketmastersucks.org/tracker.html

Dethink to survive - Mclusky

booting to ignore fstab

[David B.]

Hi, hate to bother.  I'm working in 3.8 and I've run across something new
and can't figure out.  For some reason, on this box a drive isn't
mounting, and the boot blows and asks for shell. so, I go to shell and
I've tried to edit the fstab file to remark out the mountpoint that's
gone bad.  First off, VI isn't there, so I've tried ,s/old/new/g using
ed, but then it says that it's a read only file, and when I try to
whoami, or to su, it doesn't see the programs. So, all I need to do is to
be able to edit fstab and remark out the bad mount point and I can take
it from there. thanks
Its free.

Re: can not install binaries with pkg_add

[Philip Guenther]

On 7/1/07, Alden Pierre <[EMAIL PROTECTED]> wrote:

   I'm having a hard time trying to install packages on my machine.
1.  PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/

2.  pkg_add -i screen gives me the following:
 sh: cannot create /var/tmp/pkgout.V6ybCkITOgB: File exists
   No packages available in the PKG_PATH
   Can't resolve screen


A semi-wild guess: your  $ENV file sets the 'noclobber' option (aka "set -C").

If so, the good news is that this is already fixed for 4.2, as seen in
the changelog on the website:
 o Make ksh(1) only process ENV when in interactive mode.

(The POSIX/SUS spec mandates the new behavior.)

For now, I recommend placing the following at the top of your $ENV file:
   case $- in
   *i*) ;;
   *)   return;;
   esac

(I.e., "if not in interactive mode, stop processing this file")


Philip Guenther

Re: SSH brute force attacks no longer being caught by PF rule

[Steve B]

On 6/28/07, Martin Schrvder <[EMAIL PROTECTED]> wrote:
>
> 2007/6/28, J.D. Bronson <[EMAIL PROTECTED]>:
> > so if it wont write to a file...I presume it blocks
> > whats listed in /etc/tables/scanners permanently and then only
> > blocks NEW offenders via kernel memory?
> > (can someone clarify my understanding of that?
>
> Do you really need a file? In my experience blocking the offenders for
> 1h is enough; they very rarely come back later.
>
> Best
>Martin
>
>

I'm the one who started this thread. If I can block them for an hour without
a table that would be even better.. I was using the file to store the IP's
as they were identified by the rule and had been planning to use the
expiretable package to start clearing the table via Cron. Currently I just
do it manually about once a week or so. I've read the man page for
pf.confbut did not see how I could block them for a set period of
time. Could
someone elaborate on how this is done?

Steve

Re: booting to ignore fstab

[Woodchuck]

On Mon, 2 Jul 2007, David B. wrote:

> Hi, hate to bother.  I'm working in 3.8 and I've run across something new
> and can't figure out.  For some reason, on this box a drive isn't
> mounting, and the boot blows and asks for shell. so, I go to shell and
> I've tried to edit the fstab file to remark out the mountpoint that's
> gone bad.  First off, VI isn't there, so I've tried ,s/old/new/g using
> ed, but then it says that it's a read only file, and when I try to
> whoami, or to su, it doesn't see the programs. So, all I need to do is to
> be able to edit fstab and remark out the bad mount point and I can take
> it from there. thanks
> Its free.

Remount / with write access.  I believe that would be:

# mount -u -w /

No need for "su", you're already root.

Dave
-- 
 Resistance is futile.  You've already been assimilated.

Re: SSH brute force attacks no longer being caught by PF rule

[Peter N. M. Hansteen]

"Steve B" <[EMAIL PROTECTED]> writes:

> I'm the one who started this thread. If I can block them for an hour without
> a table that would be even better.

Sure, you could have a frequently running cron job which does a 

pfctl -t bruteforce -T expire 3600

(OpenBSD 4.1 onwards) or use expiretable. At the very bottom of
http://home.nuug.no/~peter/pf/en/bruteforce.html I have examples of both.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Trunk(4), vlan problems

[Fredrik Carlsson]

Hi,

I'm trying to set up an OpenBSD router against two switches (failover 
solution), the switches have a cable between them.


em0 - connects to switch01 port 1 (switch01 addr: 10.10.1.18)
em1 - connects to switch02 port 1 (switch02 addr: 10.10.1.19)
switch 1 and 2 has a management vlan tagged on port 1

Now if i create vlan1 and use em0 as vlandev i can ping both switch01 
and switch02, but if i create a failover trunk with em0 and em1 and use 
trunk0 as vlandev is don't work


trunk0: flags=8802 mtu 1500
   lladdr 00:0e:0c:db:3f:48
   trunk: trunkproto failover
   trunkport em1
   trunkport em0 master
   groups: trunk
   media: Ethernet autoselect
   status: active
vlan1: flags=8843 mtu 1500
   lladdr 00:0e:0c:db:3f:48
   description: VLAN 1, Management
   vlan: 1 priority: 0 parent interface: trunk0
   groups: vlan
   inet 10.10.1.17 netmask 0xfff0 broadcast 10.10.1.31
   inet6 fe80::20e:cff:fedb:3f48%vlan1 prefixlen 64 scopeid 0xe

If i ping the openbsd machine from the switch and listen on the trunk0 
interface i see this:

23:21:18.907451 802.1Q vid 1 pri 0 arp who-has 10.10.1.17 tell 10.10.1.18

but if i listen to vlan1 that is connected to trunk0 i don't see any 
traffic.


What am I doing wrong?

Best regards
Fredrik Carlsson

apm panic

[bdz]

if i enable the APMDEBUG option the kernel goes into ddb while booting. 
the problem comes sys/arch/i386/i386/[EMAIL PROTECTED]:

DPRINTF(("%s: %x\n", ba->bios_dev, ba->bios_apmp->apm_detail));

ba->bios_dev is "pcibios"

there is a test wether ba->bios_dev is "apm". that means that my bios is 
not apm capable?


unfortunately acpi is not working for me very well (see my post at 
06/29/07) and i really miss my battery capacity.


thank you
bdz

Re: booting to ignore fstab

[Ingo Schwarze]

Woodchuck wrote on Mon, Jul 02, 2007 at 03:31:04PM -0400:
> On Mon, 2 Jul 2007, David B. wrote:

>> Hi, hate to bother.  I'm working in 3.8

Hm, this is unrelated, but anyway:
Release 3.8 is past its end of life and no more supported.
You should upgrade to release 4.1 soon - you *do* want to
have bugs and security holes fixed.

>> and I've run across something new and can't figure out.
>> For some reason, on this box a drive isn't mounting, and
>> the boot blows and asks for shell. so, I go to shell and
>> I've tried to edit the fstab file to remark out the
>> mountpoint that's gone bad.

Did you try to run fsck(8) manually?  Perhaps that's all
you need to do to fix the file system, and perhaps you do
not even need to change your fstab?  Of course, without
any error message, it's hard to guess what's up...

>> First off, VI isn't there,

This sounds like /usr has its own partition on your box -
which is really fine as far as it goes.  But remeber that
in single user mode, no file system except / is mounted
automatically.

>> so I've tried ,s/old/new/g using ed, but then it says that
>> it's a read only file, and when I try to whoami, or to su,
>> it doesn't see the programs. So, all I need to do is to
>> be able to edit fstab and remark out the bad mount point
>> and I can take it from there. thanks

> Remount / with write access.  I believe that would be:
> # mount -u -w /
> No need for "su", you're already root.

Good advice.  To expand a bit:
When entering single user mode on i386,
the first commands i type often look roughly like this:

 # kbd de   # or whatever keyboard happens to be connected
 # export TERM=vt220   # or whatever terminal happens...
 # mount -uw /
 # mount /var   # if that's seperate and available
 # mount /tmp   # if that's seperate and available
 # mount /usr   # unless it's /usr that's busted   ;-(
 # vi /etc/fstab   # or whatever work needs to be done

Re: Soekris net5501 IPsec performance?

[Christian Weisgerber]

Chris Cappuccio <[EMAIL PROTECTED]> wrote:

> > Has anybody checked how much traffic you can push through a net5501
> > serving as an IPsec gateway?
> 
> There are plenty of examples of people running the openssl benchmark routine.

Benchmarking OpenSSL is not an application I'm interested in, in
this context.

> > Has anybody tried a vpn1411 in a net5501 yet?
> 
> It already has an onboard accelerator for AES.

It also notably lacks an onboard accelerator for any HMAC, so our
IPsec won't even consider using the AES support.  (How difficult
it would be to change this, and more importantly if changing this
would make any sense, I don't know.)

As reported ad nauseum, the vpn1411 doesn't work reliably in earlier
Soekrises.  Whether this still applies to the net5501 is a valid
question.

-- 
Christian "naddy" Weisgerber  [EMAIL PROTECTED]

Re: Troubleshooting NFS/SFU

[David Higgs]

On 5/15/07, John Nietzsche <[EMAIL PROTECTED]> wrote:

Dear folks,

i am trying to get my windows boxes access nfs directly by means of SFU, too!
I would like to have a global mount, say drive g: to mount from my
home directories.

Is it possible? How have you been doing in order to get a global drive mapping?

Thanks in advance.


I followed Microsoft's instructions for SFU and found that it worked
quite well if all I cared about was read-only access.  I didn't have
any further success even after installing a bunch of SFU hotfixes
(http://www.duh.org/interix/hotfixes.php).

My troubleshooting seemed to indicate that the write requests were
being denied somewhere inside the kernel, for reasons unknown.  I
didn't have the time or interest to pursue it any further, so I went
back to samba and let the thread die.

--david

Bad performance on ThinkPad T41 (-current checked out on July 1)

[Martin Toft]

I have run -current on my ThinkPad T41 laptop for nearly a year, and
until now it has worked really well.  Recently I bought a new disk for
the machine and in connection with this I reinstalled OpenBSD using the
most recent snapshot and then updated the system to -current.  Unlike
before, I now experience really bad performance.  I have tried to
document this with a series of small tests.  The tests are run both on
OpenBSD 4.1-current (GENERIC), checked out and built on July 1, and on
KNOPPIX (V5.0.1CD-2006-09-25-DA), booted from CD.

If you have any suggestions for tuning the performance of my system,
please let me know.  Also, if the bad performance is due to some
mistakes that I've made, please throw some bricks at me.

You can browse the dmesgs and tests here: http://obsd.dk/bertha-tests
Direct link to OpenBSD dmesg:
http://obsd.dk/bertha-tests/dmesg.openbsd.txt
Direct link to KNOPPIX dmesg:
http://obsd.dk/bertha-tests/dmesg.knoppix.txt

Situation: The laptop is called bertha.  I have a normal PC called kaffe
that I use as remote end for the network benchmarks.  The two machines
are connected through a 100 Mbps switch.

Highlights:
1. When scp'ing the KNOPPIX .iso from kaffe to bertha:/dev/null running
   OpenBSD, the transfer rate is only 4.4 MB/s.  When running KNOPPIX,
   it's 9.9 MB/s.
2. Running OpenBSD, the disk's read rate is only 8.5-8.7 MB/s.  When
   running KNOPPIX, it's 45-46 MB/s.
3. The numbers from "openssl speed" when running KNOPPIX are 5-12 times
   higher than the numbers from running OpenBSD.
4. When doing a netcat TCP transfer at full speed (approx 11.6 MB/s)
   from kaffe:/dev/zero to bertha:/dev/null running OpenBSD, the CPU is
   only 18% idle. When running KNOPPIX, it's 77% idle.

Martin

kerberos - incorrect net address

[Douglas Maus]

Could someone help me understand IP addresses, DNS, and
Kerberos on OpenBSD?

I was getting "incorrect net address" when trying to kinit,
and I found that switching 2 lines in /etc/hosts
putting first
 10.0.1.201 auth.my.realm auth
before
 ::1 auth.my.realm auth
fixed this, but I don't understand this and I suspect this means
I'm doing something else wrong.


Starting from a fresh install of OpenBSD4.1/i386
for my server alone on a test network.
The server name was set to 'auth', domain name 'my.realm',
and IP set to 10.0.1.202

Trying to get this server to act as a kdc.

I needed the server to also run DNS on this test network.
I added a forward and reverse zone to
 /var/named/etc/named.conf
  zone "my.realm" {
   type master;
   file "master/my.realm";
   forwarders { };
  }
  zone "1.0.10.in-addr.arpa" {
   type master;
   file "master/10-0-1.zone";
   forwarders { };
  }

 /var/named/master/my.realm contains
  my.realm.  IN  SOA  auth.my.realm.  root.my.realm. (...)
  @  IN  NS   auth.my.realm.
  localhost  IN  A127.0.0.1
  auth   IN  A10.0.1.202

 /var/named/master/10-0-1.zone contains
  @  IN  SOA  auth.my.realm.  root.my.realm. (...)
 NS   auth.my.realm.
  202PTR  auth.my.realm.

For Kerberos, then, I tried to follow the directions at
www.h5l.se/manual/HEAD/info/heimdal.html

I created an /etc/kerberosV/krb5.conf file
 [appdefaults]
  kinit = {
   afslog = no
  }
 [libdefaults]
  default_realm = MY.REALM
 [realms]
  MY.REALM = {
   kdc = auth.my.realm
  }
 [domain_realm]
  .my.realm = MY.REALM

I made the database directory: # mkdir /var/heimdal

I initialized the realm and added a principal
 # kadmin l
 kadmin> init MY.REALM
 Realm max ticket life [unlimited]:
 ...
 kadmin>add admin
 ...

I started the kdc: # /usr/libexec/kdc &

but when I tried
 # kinit admin
  or
 # kinit admin --no-address
I got "incorrect net address"

When I checked /var/heimdal/kdc.log, the errors seemed to suggest that
::1 was the IP from which the ticket request came from, and it didn't like that.

So I changed /etc/hosts
from
 ::1 localhost.my.realm localhost
 127.0.0.1 localhost.my.realm localhost
 ::1 auth.my.realm auth
 10.0.1.202 auth.my.realm auth
to
 10.0.1.201 auth.my.realm auth
 ::1 auth.my.realm auth

and now I can successfully
 # kinit admin

But I don't understand -
It seemed that kinit was trying ::1, an IPv6 address, first.
Why this one?
Does my problem lie in my DNS configuration?
Do I need an IPv6 reverse zone file?

Any help understanding this interaction would be very appreciated.

Thanks so much.

Re: Bad performance on ThinkPad T41 (-current checked out on July 1)

[Jonathan Gray]

On Tue, Jul 03, 2007 at 03:31:49AM +0200, Martin Toft wrote:
> I have run -current on my ThinkPad T41 laptop for nearly a year, and
> until now it has worked really well.  Recently I bought a new disk for
> the machine and in connection with this I reinstalled OpenBSD using the
> most recent snapshot and then updated the system to -current.  Unlike
> before, I now experience really bad performance.  I have tried to
> document this with a series of small tests.  The tests are run both on
> OpenBSD 4.1-current (GENERIC), checked out and built on July 1, and on
> KNOPPIX (V5.0.1CD-2006-09-25-DA), booted from CD.
> 
> If you have any suggestions for tuning the performance of my system,
> please let me know.  Also, if the bad performance is due to some
> mistakes that I've made, please throw some bricks at me.
> 
> You can browse the dmesgs and tests here: http://obsd.dk/bertha-tests
> Direct link to OpenBSD dmesg:
> http://obsd.dk/bertha-tests/dmesg.openbsd.txt
> Direct link to KNOPPIX dmesg:
> http://obsd.dk/bertha-tests/dmesg.knoppix.txt
> 
> Situation: The laptop is called bertha.  I have a normal PC called kaffe
> that I use as remote end for the network benchmarks.  The two machines
> are connected through a 100 Mbps switch.
> 
> Highlights:
> 1. When scp'ing the KNOPPIX .iso from kaffe to bertha:/dev/null running
>OpenBSD, the transfer rate is only 4.4 MB/s.  When running KNOPPIX,
>it's 9.9 MB/s.
> 2. Running OpenBSD, the disk's read rate is only 8.5-8.7 MB/s.  When
>running KNOPPIX, it's 45-46 MB/s.
> 3. The numbers from "openssl speed" when running KNOPPIX are 5-12 times
>higher than the numbers from running OpenBSD.
> 4. When doing a netcat TCP transfer at full speed (approx 11.6 MB/s)
>from kaffe:/dev/zero to bertha:/dev/null running OpenBSD, the CPU is
>only 18% idle. When running KNOPPIX, it's 77% idle.
> 
> Martin

Include the output of 'atactl wd0' perhaps you have something like
caching turned off.  Also you can't hope for similiar results if
you use different programs on both systems.

Re: i386 performance degradation since recent snapshots

[Landry Breuil]

2007/6/28, Brian Candler <[EMAIL PROTECTED]>:
>
> > i'm encountering a real performance problem since a recent update :
> > - previous snapshots dated around 22 may was working perfectly,
> launching my
> > session (xfce) took around 10-15sec. Launching firefox took around 5secs
> > - updated last week on 20 of june, launching my session takes around 1
> > minute and a half, launching ffx takes >20sec
>
> Just a thought:
>
> - what does 'hostname' show?


it immediately shows my correct hostname with fqnd

- do you have an entry in /etc/hosts which maps this name to your correct
>   IP address?


Yes, and also resolving localhost

I've seen long delays in X startup if the system hostname can't be resolved
> to an IP address (which can be very annoying in dynamic IP environments,
> or
> where DHCP changes the hostname). But this experience is with non-OpenBSD
> boxes; I only use command line on OpenBSD.
>
> Also:
>
> - is your DNS working properly? (e.g. "nslookup www.openbsd.org" gives you
>   a positive answer in a reasonably short period of time, and
>   "nslookup xyz" gives you an NXDOMAIN answer also in a reasonably short
>   period of time)


Immediate answer.. in fact, my network configuration didn't change, so it
can't be this...

Maybe related to http://marc.info/?l=openbsd-misc&m=11837716454&w=2,
i'll try to perform disk i/o tests.. but i'm really stuck with this issue.
Performance is really bad. I'll try too with acpi disabled.

Thanks for any hint,

Landry