Re: signify: signature verification failed
On Fri, Oct 02, 2015 at 08:41:31AM +0200, Stefan Sperling wrote: > On Fri, Oct 02, 2015 at 08:27:55AM +0200, Peter J. Philipp wrote: > > I downloaded the jumbo patches from > > ftp://ftp.eu.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz which includes > > the latest opensmtpd patch, only it doesn't check out against signify. > > > > # signify -Vep /etc/signify/openbsd-57-base.pub -x 017_smtpd.patch.sig \ > > > -m - | (cd /usr/src && patch -p0) > > signify: signature verification failed > > Hmm... I can't seem to find a patch in there anywhere. > > > > Anyone else seeing the same problem? > > > > -peter > > Apparently, there was a mishap during signing. Use the fixed version at > http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig That's the same link in the original announcement. I'm getting the same thing using the patch.sig downloaded 3:13am EST. -- signify: signature verification failed Hmm... I can't seem to find a patch in there anywhere.
typo in 007_pfctl.patch.sig
In: http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig signify -Vep /etc/signify/openbsd-56-base.pub -x 007.pfctl.patch.sig \ -m - | (cd /usr/src && patch -p0) should be: signify -Vep /etc/signify/openbsd-56-base.pub -x 007_pfctl.patch.sig \ -m - | (cd /usr/src && patch -p0) (s/007.pfctl/007_pfctl)
Re: Best way forward w.r.t. apache/nginx/httpd?
On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: > On 2014-12-29, T. Ribbrock wrote: > > Given the current state of development in OpenBSD, I'm now wondering > > what the best way forward is for me: > > > > a) Install apache-httpd-openbsd from ports and keep my configuration > >basically as is > >Advantage: Less work to get everything running - I've done OpenBSD > >re-installs like that several times over the past years > >Disadvantage: I guess that the new httpd will get a lot more > >developer attention, so this does not seem the ideal option longterm, > >but I could always migrate to httpd later, e.g. when upgrading to 5.7 > >or (more likely) 5.8 > > apache-httpd-openbsd is a dead-end, it's not actively developed, ssl > support is poor, third-party documentation relating to use of webapps > with Apache has long since moved to Apache 2. It's mainly there to > provide a quick migration path for existing OpenBSD users and to > ease the pain in ports. > > > b) Migrate to nginx > >This seems to be the least interesting option - not only do I have to > >migrate now, but once more in the future, as nginx is also on the way > >out (so, the same "developer attention" caveat applies as with > >apache) > > This might be a reasonable choice, especially if the CMS you're looking > at already documents how to use it with nginx. > > > c) Migrate to httpd > >From what I've gathered so far from this list, this would basically > >require me to switch to -current, as the 5.6 version is too fresh and > >too many changes have happened since - or am I being pessimistic > >here? I've never run -current before, hence, I'm a bit hesitant... > > Personally I don't think httpd is quite ready for use with a typical > PHP-based CMS yet (including -current). Two big issues for this type > of use: "clean urls" functionality in most CMS needs rewrite support > which httpd doesn't have. httpd's fastcgi support passes every url > matching a location block to the handler meaning there's no mitigation > for the issue described in > http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP > (which also affects naive nginx configurations). > Yep. Lack of a "mod_rewrite" functionality in httpd is the only thing at this point keeping me from using it in production. MVC frameworks usually rely on some sort of rewrite to force URLs to a signle "front controller" file. I went with the OP's option a) and installed the apache 1 port just to get through the 5.6 upgrade. I'll likely switch to nginx long term unless httpd gets a rewrite functionality. Big thanks for the apache-httpd-openbsd option to make these migrations easier to phase in over time on busy sites. -Clint
Re: httpd: multiple addresses for one server
On Sat, Jan 03, 2015 at 12:39:06PM -0500, Geoff Steckel wrote: > On 01/03/2015 08:42 AM, Reyk Floeter wrote: > >On Thu, Jan 01, 2015 at 11:54:46PM -0500, Geoff Steckel wrote: > >>Is there any way todo the equivalent of: > >> > >>server "an.example.com" > >> listen on 192.168.2.99 > >> listen on 2001.fefe.1.1::99 > >> > >>?? > >>It appears that the code in parse.y explicitly forbids this > >>and the data structures for a server don't *seem* > >>to have more than one slot for an address. > >> > >>Is there another way to achieve this effect? > >> From one comment in the checkins, it looks like > >> > >>server "an.example.com" > >> listen on 192.168.2.99 > >>. > >>server "an.example.com" > >> listen on 2001.fefe.1.1::99 > >> > >>would work. > >> > >>Duplicating the entire server description is > >>difficult to maintain. > >> > >>Is someone planning to work in this area soon? > >> > >>thanks > >>Geoff Steckel > >> > >I used "include" directives to avoid duplications (see previous reply) > >but the following diff allows to add aliases and multiple listen > >statements. > > > >Reyk > > > >[...diff omitted...] > 1000 thanks for an almost instantaneous and complete extension!! > This makes httpd a complete replacement for apache in my host. > > Geoff Steckel Just last night I dupilcated many virtual hosts and wished there was an easy way to alias domain.foo to www.domain.foo. Thanks for the diff!
log options in httpd.conf
Struggling with the behavior of the log options in httpd.conf on 5.6-stable. I'm trying to get different virtual domains to log to their own files but no matter what option I've tried after reading the man page I get odd results. Using the configuration below, ALL access gets logged to the default access.log, even the ones from the other servers listed. In the specific domain-access.log files I get only the errors and nothing in the domain-error.log files. Can anyone look at the config below and help me understand why it might be logging that way and how to fix it? Cheers, -Clint # # Macros # ext_addr="egress" include "/etc/nginx/mime.types" # A minimal default server server "default" { listen on $ext_addr port 80 directory { no index, index "index.html", index "index.php" } log style combined location "*.php" { fastcgi socket "/tmp/php-fpm.sock" } } server "www.domain1.com" { listen on $ext_addr port 80 directory { no index, index "index.html", index "index.php" } root "/domain1.com/htdocs" log style combined log { access "domain1.com-access.log", error "domain1.com-error.log" } location "*.php" { fastcgi socket "/tmp/php-fpm.sock" } } server "domain1.com" { listen on $ext_addr port 80 directory { no index, index "index.html", index "index.php" } root "/domain1.com/htdocs" log style combined log { access "domain1.com-access.log", error "domain1.com-error.log" } location "*.php" { fastcgi socket "/tmp/php-fpm.sock" } } server "www.domain2.com" { listen on $ext_addr port 80 directory { no index, index "index.html", index "index.php" } root "/domain2.com/htdocs" log style combined log { access "domain2.com-access.log", error "domain2.com-error.log" } location "*.php" { fastcgi socket "/tmp/php-fpm.sock" } }
error in patch 5.7 patch 10
In http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp-timer.patch.sig signify -Vep /etc/signify/openbsd-57-base.pub -x 010_tcp_persist.patch.sig \ -m - | (cd /usr/src && patch -p0) should be signify -Vep /etc/signify/openbsd-57-base.pub -x 010_tcp-timer.patch.sig \ -m - | (cd /usr/src && patch -p0) (or the file name is wrong) Cheers.
Re: Mirror openbsd.cs.toronto.edu is currently broke
On Sat, Nov 01, 2014 at 04:00:04PM +0100, Jan Stary wrote: > On Nov 01 09:07:15, n...@holland-consulting.net wrote: > > For the curious, and perhaps as an educational lesson, what happened: > > Late last night (error one: scripting when tired) I was editing the > > scripts that download from the upstream mirror to include updates to the > > new release. Totally routine. > > Just out of curiosity (I am not even affected): > is there such a script somewhere in the tree, > or do mirror maintainers write their own? Jan, details here: http://www.openbsd.org/anoncvs.shar # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # Makefile # README # anoncvssh.c less README So, you want to run an anoncvs server. A summary of the steps you'll need to do is: and so on...
Re: Mirror openbsd.cs.toronto.edu is currently broke
On Sat, Nov 01, 2014 at 02:24:11PM -0400, Nick Holland wrote: > On 11/01/14 13:53, Clint Sand wrote: > > On Sat, Nov 01, 2014 at 04:00:04PM +0100, Jan Stary wrote: > >> On Nov 01 09:07:15, n...@holland-consulting.net wrote: > >> > For the curious, and perhaps as an educational lesson, what happened: > >> > Late last night (error one: scripting when tired) I was editing the > >> > scripts that download from the upstream mirror to include updates to the > >> > new release. Totally routine. > >> > >> Just out of curiosity (I am not even affected): > >> is there such a script somewhere in the tree, > >> or do mirror maintainers write their own? > > > > Jan, details here: http://www.openbsd.org/anoncvs.shar > > Um. no. nothing to do with it. > this script is for CVS, which I explicitly said was NOT impacted. It is > also only ONE part of what it takes to run even a CVS mirror. > Got it. Thanks Nick. I totally missread. I had just looked at the anoncvs docs the other day and it was on my mind.
Re: 5.4 instead of 5.5 in faq1.html
On Sat, Nov 01, 2014 at 04:44:17PM -0400, Nick Holland wrote: > On 11/01/14 15:26, Eduardo Lopes wrote: > > In http://www.openbsd.org/faq/faq1.html#WhatsNew: > > > > "The complete list of changes made to OpenBSD 5.4 to create OpenBSD 5.6 > > can[...]" > > > > I think that 5.4 was left behind, wasn't it? > > > > yep, thanks > > Nick. I found a few similar things in reading today but wasn't sure to expect them all to be changed yet on day one. "Our policy requires mirrors to carry at least the last two releases in binary form (currently 5.4 and 5.5)", on http://www.openbsd.org/ftp.html for example.