d.
do you have any dns name which require resolution (and so
active/functional interface first) in your /etc/pf.conf ?
if yes, don't do that. if you really need it, use a table in your
pf.conf, and populate it later.
Thanks.
--
Sebastien Marie
profile; echo ENV=$ENV; echo PATH=$PATH'
ENV=
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
# env -i ksh -c '. /root/.profile; echo ENV=$ENV; echo PATH=$PATH'
ENV=
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
Regards.
--
Sebastien Marie
if (b->scale > 0) {
> struct number *num_base;
> BIGNUM *mult, *stop;
> @@ -352,13 +373,12 @@ printnumber(FILE *f, const struct number
> bmachine_scale());
> split_number(fract_part, int_part->number, NULL);
> rem = BN_get_word(int_part->number);
> - p = get_digit(rem, digits, base);
> + get_digit(rem, digits, base, buf, sizeof(buf));
> int_part->scale = 0;
> normalize(int_part, fract_part->scale);
> bn_check(BN_sub(fract_part->number, fract_part->number,
> int_part->number));
> - printwrap(f, p);
> - free(p);
> + printwrap(f, buf);
> bn_check(BN_mul_word(mult, base));
> }
> free_number(num_base);
>
--
Sebastien Marie
ls received
0 voluntary context switches
3334 involuntary context switches
The exponentation took ~50 seconds (dc(1) doesn't print the number on
the stack by default).
--
Sebastien Marie
console (the getty) and logs as root (assuming
the shell of root is still ksh).
Else, you should boot bsd.rd to manually recover (temporary set SHELL to
ksh for example).
Good luck.
--
Sebastien Marie
itionnally, using 'pkg_add sbcl' is odd if you already have old sbcl
installed. 'pkg_add -u' (for update) is the normal way.
Regards.
--
Sebastien Marie
; stage will sometimes told you
to run a 'make clean'.
Regards.
--
Sebastien Marie
tecture
- GENERIC.MP kernel
a full release(8) build isn't necessary for that.
Regards.
--
Sebastien Marie
Anon Loli writes:
> On Sat, Jul 06, 2024 at 07:10:37AM +0200, Sebastien Marie wrote:
>
> I see, so this full rebuild (ignoring object files) is most useful when for
> example fetching an update to the CVS repository?
> Is that what you meant by old and new elements?
>
or-implicit-function-declaration -MD -MP -c
/usr/src/games/adventure/done.c
...
cc -o adventure main.o init.o done.o save.o subr.o vocab.o wizard.o io.o
data.o crc.o
$ doas make install
...
Regards.
--
Sebastien Marie
A RAMDISK_CD kernel is a reduced kernel with only what is necessary to
install openbsd. radeondrm and amdgpu are NOT part of it, and it is
expected.
--
Sebastien Marie
tree. Am
> I missing something obvious?
did you installed xbase74 set ?
it seems that /usr/X11R6/lib/libfontconfig.so.13.1 and
/usr/X11R6/lib/libfreetype.so.30.3 are missing on your system, or at
least pkg_add(1) couldn't find them.
are the files present ?
thanks.
--
Sebastien Marie
of copying the file: this way you have package update for the
script for free.
--
Sebastien Marie
L_TRIGGER), you need:
- kern.securelevel < 1 (on a running system, kern.securelevel = -1)
OR
- something related to the console (I suppose "having the tty of the current
process being the same than the console")
If you are connected to serial, but your console is on VGA, it might be related.
So you might need to set kern.securelevel to lower value ("sysctl
kern.securelevel=-1"
in /etc/rc.securelevel), or make your console on serial (with "set tty com0" on
bootloader).
Thanks.
--
Sebastien Marie
On Mon, Apr 10, 2023 at 06:21:03PM +0200, Martin Schröder wrote:
> Am Mo., 10. Apr. 2023 um 18:10 Uhr schrieb Sebastien Marie
> :
> > On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote:
> > > After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hou
statically linked in all programs).
Thanks.
--
Sebastien Marie
for each release: 7.1 and 7.2
are both major versions (with potential breaking changes between versions). Do
not assume that a binary targeting 7.2 will be able to run on 7.3. OpenBSD
isn't
like Linux.
Thanks.
--
Sebastien Marie
/usr/X11R6/lib/libXfixes.so.6.1
loading: libX11.so.18.0 required by /usr/X11R6/lib/libXfixes.so.6.1
--
Sebastien Marie
ey stupidly making assumptions
> based upon the documentation?
diff are accepted.
--
Sebastien Marie
On Wed, May 04, 2022 at 08:03:14AM -0600, Theo de Raadt wrote:
> Sebastien Marie wrote:
>
> > semarie@ spoke about integrating some elements inside the installer when he
> > was
> > about "clean _other things_". It isn't about "stepping back".
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Thanks.
--
Sebastien Marie
eraadt@ (>70% of the commits).
And I don't want to add more work on his side for that.
--
Sebastien Marie
nish really fast because
> it won't understand that old libs are still needed.
yes, it is a know drawback: if you compile locally a binary, sysclean will not
know that you still need some libraries...
I have few binaries in my $HOME for example, and I considere that sysclean
helps
to me rebuild them (because it breaks them when I remove old libc.so). Maybe
one
day I will create a (local) package for properly track them.
--
Sebastien Marie
On Sat, Apr 02, 2022 at 07:11:42AM +0200, Sebastien Marie wrote:
> On Fri, Apr 01, 2022 at 12:16:58PM -0600, Ashlen wrote:
> >
> > XMonad is recompiling and replacing itself with another XMonad process
> > because the current process is called "xmonad" but the com
after updating xmonad package (and potentially before removing unused
libraries).
how do you recompile it ? your mail mentions ~/.config/xmonad/build. it is a
binary ? a script ? do you made it or it is a 'part' of xmonad ?
Thanks.
--
Sebastien Marie
ld run vi
you could also use another system to build a static binary, and copy
it on bsd.rd (via download or via usb drive).
you could also put your hard disk in another machine to mount and
repair it.
--
Sebastien Marie
hoose the files he/she want to delete from
the two following lists:
# find / -type f | wc -l
109221
# sysclean | wc -l
28
(OpenBSD aarch64 upgraded from Nov 1 to Nov 28 snapshot).
Thanks.
--
Sebastien Marie
rent.html. Very few files will broke your system
if present.
In the other side, removing files that are used will broke your system
(for example, if you compile a program yourself, it will use system
libraries like libc, libm...).
Thanks.
--
Sebastien Marie
sclean -a` output might be dangerous. it
will list all files, even the one still used by packages. it could
result in not working packages.
`sysclean` (without option) is safer.
please note that the stage 'configure /etc/sysclean.ignore' is
important to exclude from the output configuration files (in /etc) you
manually created.
as a remainder, sysclean will only *LIST* files (it is pledged
read-only), and doesn't remove anything itself.
thanks.
--
Sebastien Marie
ou are using is restricted and can't be showed, please at
least show a ktrace output of the program run. At this point I am
still unsure that it is execve(2) which is causing pledge violation.
--
Sebastien Marie
d also run a simple command-line to "cleanup"
resolv.conf:
# sed -i -e '/ # resolvd: /d' /etc/resolv.conf
(and if you put it in /etc/rc.local, your host with resolvd will
recreate it at boot, and your host without resolvd will keep it
clean).
Thanks.
--
Sebastien Marie
rypto.so.48.0
>
> The first three have X509_STORE_get_by_subject (says nm(1)),
> but the newest one does not. So I believe X509_STORE_get_by_subject
> was recently dropped.
X509_STORE_get_by_subject was not dropped. It changed from function to
macro. There is no more symbol in object file for it, but it is still
usable in C source file.
Thanks.
--
Sebastien Marie
ial -current) to 7.0 isn't supported.
If you want to put your source tree back to 7.0, you could use:
$ cd /usr/src && cvs update -A -r OPENBSD_7_0
-A : Reset any sticky tags/date/kopts (not sure if 100% necessary or not, but
doesn't hurt)
-r : Update using tag for 7.0 (the tag will become sticky)
Thanks.
--
Sebastien Marie
t; local names the machines around the office (beside resolution).
you could use the following:
# route nameserver 127.0.0.1
it will tell resolvd(8) to use this particular nameserver.
Thanks.
--
Sebastien Marie
...]
here, chrome (pid 537) has descriptor 25 opened to a file on /tmp
inode=48 (unlinked), the file size is 279793 bytes.
--
Sebastien Marie
nf without it being overwritten.
resolvd doesn't override resolv.conf. it only prepends nameserver
lines obtained from dhcpleased (via dhcpv4) or slaacd (via stateless
ipv6).
could you share your expected resolv.conf and the "overrided" one ?
thanks.
--
Sebastien Marie
be more
risky than pushing a newer version just because 'it is newer'.
We are not hostile to make changes, but at least please told us what
should be changed/adjusted and why it is important for your
use-case. And if it doesn't hurt us too, changes will be done: patches
are accepted.
Thanks.
--
Sebastien Marie
recording and another for playing. A program which is
opening ONE device for playing AND recording couldn't work with this
trick (like firefox for example).
Thanks.
--
Sebastien Marie
ernet" or "with_internet").
anchor "outgoing" out on internet received-on with_internet {
pass out label "outgoing"
match out set queue netq
match out received-on guess set queue guessq
}
I hope it helps, even if my network speeds isn't comparable to your :)
Thanks.
--
Sebastien Marie
ould be able
to process them correctly.
Thanks.
--
Sebastien Marie
nsure I will be able to provide a patch for all
architectures. Please comment if the direction is right or not.
Thanks.
--
Sebastien Marie
ust remove them:
# pkg_delete .libs-firefox-57 .libs-firefox-58 .libs-firefox-59
Thanks.
--
Sebastien Marie
601 childpid, status&0xFF);
602 }
213 is octal number (139, 0x8b) of exit code of child process.
As the status is &0xFF, I am not 100% sure, but usually an exit code
of 139 means that the process terminated due to receipt of signal 11,
and generated a coredump.
Do you have a dump.core file ? Can you extract the backtrace ?
Thanks.
--
Sebastien Marie
On Fri, Aug 28, 2020 at 09:27:10AM -0400, Daniel Jakots wrote:
> On Fri, 28 Aug 2020 08:32:59 +0200, Sebastien Marie
> wrote:
>
> > On Thu, Aug 27, 2020 at 03:27:58PM -0400, Daniel Jakots wrote:
> > > Hi,
> > >
> > > I'm chasing a weird
e under PF_LOCK() or not (I am not familiar
enough with pf(4) code to find the code which do the check).
Thanks.
--
Sebastien Marie
en 1-5 added (80x25, vt100 emulation)
The modesetting failed, but X11 could still work with mesa. It needs
machdep.allowaperture=2 (sysctl) to be set.
You should just add "machdep.allowaperture=2" line in /etc/sysctl.conf and
reboot (this sysctl setting requires to be set at boot-time).
Thanks.
--
Sebastien Marie
act
the man page is installed without binary.
Alternatively, by looking at the man page itself, you could guess things about
the tool:
NAME
tpmtool - GnuTLS TPM tool
[...]
Thanks.
--
Sebastien Marie
hd daemon will use user's uid to open the authorized_keys
file.
I assume the file permission of '/var/home/user/.ssh/authorized_keys' doesn't
allow 'user' to open it ?
Please note it could be a problem with permission of the file, or with one
directory in the path.
Thanks.
--
Sebastien Marie
Hi,
A fix has been commited.
Thanks for investigated the problem and provided a test case. It was very
useful to properly found the state corruption.
--
Sebastien Marie
On Wed, Jun 03, 2020 at 07:22:52PM +0200, Fabian Keil wrote:
> TJ wrote:
>
> > I'm migrating my system
mit reverted, and try to
see if your webcam works.
the commit seems relatively self contained (do not introduce too much changes),
and posterious commits seems to not rely on it, so I assume just reverting it
should works.
this way it would be know that it is this commit which introduces a regression,
and someone might figure why.
thanks.
--
Sebastien Marie
lopers which follow this list. So they
might already know.
Thanks.
--
Sebastien Marie
r bios init. For
me, I had problem with this method too: when my sata disk is plugged in sata
connector it is showed with 512 bytes/sector, whereas with USB/SATA connector it
showed with 4096 bytes/sector and so disklabel is incoherent.
I hope it helps.
--
Sebastien Marie
machine, and next doing a upgrade will
run the right command, so it is the more simple approch.
Thanks.
--
Sebastien Marie
to
coexist. This way you could use cupsd (using ugen) with a GENERIC kernel.
see https://marc.info/?l=openbsd-tech&m=151618565000531&w=2 for details
Thanks.
--
Sebastien Marie
ing an explicit rule with allow-opts should do the trick.
depending your need (block or allow):
block return proto igmp to 224/4 allow-opts
or
pass proto igmp to 224/4 allow-opts
Please note it is untested.
Thanks.
--
Sebastien Marie
ing here?
you could also playing with SQL.
$ doas pkg_add sqlports
$ sqlite3 /usr/local/share/sqlports
sqlite> select fullpkgpath from distfiles where value like 'linux-4.20%';
sysutils/dtb
--
Sebastien Marie
adds the second swap with priority 0 (as configured in fstab(5))
- rc(8) via rc.local changes the boot disk swap with priority 1
- system will run with two swaps:
- second swap, priority 0, so used first
- boot disk swap, priority 1, used if second swap is full or by kernel for
dumping kernel core
I hope it helps.
--
Sebastien Marie
ded file or sent/received on the network should
be considered compromised.
Just don't do that.
Thanks.
--
Sebastien Marie
211: nwid GUEST chan 6 bssid dc:08:56:15:be:14 -44dBm wpakey
wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
inet 192.168.1.107 netmask 0xff00 broadcast 192.168.1.255
Is it expected ? I did I miss something with Michael MIC failure ?
Thanks.
--
Sebastien Marie
se you want to look at exported MALLOC_OPTIONS environment
variable.
Thanks.
--
Sebastien Marie
ap \
>authname 'redacted' authkey 'redacted' up
>mtu 1492
>llprio 0
>dest 0.0.0.1
>!/sbin/route add default -ifp pppoe0 0.0.0.1
so, could you check the configuration file of hostname.vlan2 is really
applied on the running system ?
else, could you send the whole output of ifconfig ? (but feel free to
remove pppoe0 authentification information).
thanks.
--
Sebastien Marie
ames/adventure/io.c
> cc -o setup /usr/src/games/adventure/setup.c
> ./setup /usr/src/games/adventure/glorkz > data.c
> Abort trap (core dumped)
please check your dmesg. I am expecting some pledge failure regarding
recent vm.malloc_conf sysctl.
rebuild a new kernel, *reboot*, and next launch your make build.
thanks.
--
Sebastien Marie
3 &&
239 !strcmp(&kshname[strlen(kshname) - 3], "/sh"))) {
240 Flag(FSH) = 1;
241 version_param = "SH_VERSION";
242 }
243
--
Sebastien Marie
ddress show up in /etc/resolv.conf?
No.
rad(8) has support for sending rdns information, but currently nothing
in base has support to get resolv.conf configured with such information.
thanks.
--
Sebastien Marie
ort response is: no.
The long one is that currently `tls no-verify' applies only for
smarthost configuration (`relay' with `host url', when tls is implied).
smtpd(8) should complains if you try the syntax you mentioned with:
tls no-verify may not be specified without host on a dispatcher
Thanks
--
Sebastien Marie
e, rust FFI is a bit a shame: it is a *copy* of C headers, written
and maintained in Rust language. It is good for crosscompilation (as
Rust know how to build stuff without any C headers), but it is awful to
maintain and keep up-to-date.
--
Sebastien Marie
lesystem (it is updated weekly).
so pkg_locate bsd.rd searchs if a file "bsd.rd" exists in some port
(installed or not); whereas locate bsd.rd searchs if a file "bsd.rd"
exists in current filesystem.
--
Sebastien Marie
xorg.db
>
> Not having /bsd and /bsd.rd seems really strange.
>
hum ? for me, it is the opposite.
pkg_check looks at {src,xorg}.db and PKG_DB for the list of expected
files. But these files aren't in these lists, so it reports them as "not
found" in the list of expected files.
For /bsd{,.rd} it is normal: the files don't come with usual sets but
are copied "as it".
--
Sebastien Marie
will also provide fake
SHA256.sig and/or fake public key on the ISO. So there is no gain to
provide such material as people will think "it is safe" whereas it is
not.
Thanks.
--
Sebastien Marie
sion of the
package you have, in case your mirror is lagging a bit and still provide
an "old" version (with old ABI, if it is the problem as it seems).
Thanks.
--
Sebastien Marie
u)
was from Jan 20:
$ grep pftop /var/log/messages
Dec 30 10:10:58 alf pkg_add: Added pftop-0.7p16->0.7p16
Jan 20 11:20:49 alf pkg_add: Added pftop-0.7p16->0.7p16
Feb 15 06:40:54 alf pkg_delete: Removed pftop-0.7p16
Feb 15 06:41:03 alf pkg_add: Added pftop-0.7p16
Thanks.
--
Sebastien Marie
Please note I don't use heavily: it is only for testing purpose for now.
Depending the tryton modules you need, py-cached_property could be
missing from ports. But I have packaged it and it lives in mystuff/ for
now, but I could propose it to import.
--
Sebastien Marie
uickly check with binary diffing for changes and snapshots have
uncommited changes.
It is why I asked for dmesg and previous working snap.
--
Sebastien Marie
, and having the date of your previous
version too.
thanks.
--
Sebastien Marie
but as
torsocks explicitly targets Tor proxy, I think it don't bother.
> Otherwise torsocks could wrap the pledge() function to weaken the pledge.
> It's easy to do but far less appealing.
In fact, I started in this direction... so if you want a working diff to
add "getpw" in pledge(2) promise, it is available.
but removing getpw calls if far better.
Thanks.
--
Sebastien Marie
rt, a way could be to have an HTTP proxy listener which forward its
traffic to SOCKS upstream server. Polipo is a program of this kind (see
socksParentProxy="localhost:9050" and socksProxyType=socks5 parameters
on polipo config file).
--
Sebastien Marie
On Sun, Nov 19, 2017 at 10:19:05PM -0800, Paul B. Henson wrote:
> On Mon, Nov 20, 2017 at 06:50:30AM +0100, Sebastien Marie wrote:
>
> > For me, there is currently no way to ask config(8) to alter the right
> > file in /usr/share/relink/kernel to "ship" the mo
n in all
future generated KARL kernels.
So currently, you have to choose between:
- modifying /bsd with config(8) and don't benefice of KARL
- have KARL and using a default kernel
- makes your changes in /usr/src/sys, build and install a new no-GENERIC
kernel (and do it at each upgrade)
Thanks.
--
Sebastien Marie
void a pledged root program to
open and put in memory the content of /etc/spwd.db when password access
was not strictly required.
Maybe it could be revisited.
--
Sebastien Marie
t; This is why I asked if the pledge is too tight on cpio.
I agree that it could be disappointing. but cpio is pledged, so it
couldn't open /etc/spwd.db, because we considered this operation as
a privilegied operation.
in order to backup this file, you need another tool. someone already
mentioned dump(8) as example.
thanks.
--
Sebastien Marie
On Sun, Jun 11, 2017 at 06:48:07PM +0200, Sebastien Marie wrote:
>
> Please at least post a dmesg
sorry, I just saw you posted it in your first message.
--
Sebastien Marie
snapshots would always work for everyone all the time.
> >
>
> I won't answer to that. See above.
>
Hi Lars,
I think you miss the point of using snapshots: helping the project and
permit progress for everybody.
Please at least post a dmesg: developers will at least know on which
hardware there is a problem. A detailed bug report would be welcome too.
Thanks.
--
Sebastien Marie
t
to have a block log just before would permit you to check if pf is
blocking some other thing "by default" using tcpdump -i pflog0 -n.
--
Sebastien Marie
vsep for X
(starting X with -keepPriv)
- makes X server to crash
(playing with LibreOffice and CSV ?)
- look at /var/crash and profit
--
Sebastien Marie
/pkg.conf which is deprecated.
But I seems to me that /etc/installurl should be present in your system
too. The installer adds it on upgrade (but maybe only if you uses an
http mirror for sets - I didn't checked the exact conditions).
Thanks.
--
Sebastien Marie
hange their
> mind.
>
If you want to disable core dump for a program, you could (should ?)
configure your RLIMIT_CORE to 0.
$ ulimit -c 0
$ firefox
--
Sebastien Marie
be decoded (of type int, unless a width modifier has been
specified) and the second being a decoding directive string.
...
Thanks.
--
Sebastien Marie
alue (datasize-cur) with:
ksh$ ulimit -d # value in kbytes
786432
Or read the value configured in login.conf:
$ getcap -f /etc/login.conf -s datasize-cur default staff
default: 768M
staff: 1536M
For obtain your current login-class:
$ id -c
default
Thanks.
--
Sebastien Marie
(self) port 443 rdr-to 127.0.0.1 port
8443
see pf.conf(5) and https://www.openbsd.org/faq/pf/rdr.html
--
Sebastien Marie
org/faq/upgrade55.html#time_t
But generally, an old binary (from release X) is able to run on a new
kernel (from release X+1), but nothing more could be expected: old
things are cleaned, so an old binary could be able to run or not (it
just depends if relying on old API/ABI with kernel - syscalls, struct
size...).
--
Sebastien Marie
protection.
>
check your /etc/pf.conf if it contains a line like:
set skip on lo
(it is in default pf.conf file), and remove it.
pf(4) will not skip lo group, so lo0 will be filtered.
--
Sebastien Marie
nditional use of SOCK_DNS on the
socket(2) call, and as it is in library part (under src/usr.sbin/bind/lib/isc),
it would mean an invasive change in API.
--
Sebastien Marie
port. Enlighten me please?
>
pledge(2) isn't a magic bullet, but a mitigation. By using pledge with
"dns", you ensure the program could reach network only on limited way.
As dig has also "rpath", it means a bug in dig could makes the program
to be able to exflitrate file contents. With "dns", the exfiltration is
more complex (but not impossible I agree: pledge is only a mitigation).
Thanks.
--
Sebastien Marie
ing from
> the ftp-proxy
> pass out quick on $int_if inet proto tcp from $int_add to
> $ftp_internal_address
> Thank you
>
There is a typo in man page (I will send a diff if nobody commit it
before):
the user is _ftp_proxy (and not _ftp-proxy).
Please try with that.
--
Sebastien Marie
oxy" in the last rule
So it is related to the user.
>From ftp-proxy(8) man page:
ftp-proxy chroots to "/var/empty" and changes to user
"_ftp-proxy" to drop privileges.
> Does someone knows why ?
you should allow the "_ftp-proxy" user, and not the "proxy" user to make
it works as expecting.
thanks.
--
Sebastien Marie
but I didn't ask for making it a "supported" method. I know I use only a
trick.
--
Sebastien Marie
al
> reversion
> of src/lib/libcrypto/x509/x509_vfy.c r1.54). Thanks for the report.
>
I could confirm that x509_vfy.c r1.54 makes it works again.
--
Sebastien Marie
ernative way (and more secure in this context) is to use ssh(1). But
note it needs additionnal configuration. ssh(1) will allocate a new
pty(4) device for the user.
# tty
/dev/ttypa
# ssh user@localhost
Last login: ...
OpenBSD 6.0-current ...
...
$ tty
/dev/ttypb
Regards.
--
Sebastien Marie
on hotplugd(8) as I didn't
check deeply the code path in kernel.
As previously noted, sysutils/toad has specific code part for dealing
with cdrom insertion.
For sysutils/hotplug-diskmount, I dunno.
--
Sebastien Marie
://github.com/ajacoutot/toad/blob/master/toadd.c for source
code of the polling daemon.
--
Sebastien Marie
1 - 100 of 124 matches
Mail list logo
