NetBSD Planet

November 29, 2022

UnitedBSD linux emulation questions

Hi All,

I wanted to check if a linux program runs "better" if only linux specific code is invoked as it seems in certain cases the linux binaries find netbsd ones and execute them which leads to uncertain results. For example when a linux gradle install calls 'uname' and gets 'NetBSD' which results in 'unsupported platform'. So I created a PATH including only linux emulation specific directories like:

export PATH=/usr/pkg/emul/linux/bin:/usr/pkg/emul/linux/sbin:/usr/pkg/emul/usr/bin:/usr/pkg/emul/linux/usr/sbin

But when starting the linux executable (Android Studio by the way), I get:

./ which: not found

Isn't 'which' part of the suse_base? Actually, all the suse_-13.1 packages are installed and 'find' does not find 'which' anywhere under /usr/pkg/emul/linux.

Another question is if it's possible to set up (similarly to PATH) that only linux libraries are searched for? I know that LD_LIBRARY_PATH can be set to list the linux lib dirs but that's checked last if I'm not mistaken.

The last question is just a kind of security one: is it possible to tell the system that only a certain process and its children are enabled to emulate linux? I mean e.g. like a terminal could be launched with the linux emulation enabled option and whatever gets started there inherits that option.

Best regards,

November 27, 2022

UnitedBSD Best Qemu setting for audio in emulated NetBSD current

I'm trying sound with the game xgalaga on Qemu-x86_64 running on FreeBSD 12.3
Options -device AC97 and -device es1370 show a actual device but seem to cause sort of a conflict resulting in unstable sound support with seconds delay. It even continues to play while the game is already closed.
Options -device sb16 doesn't show a virtual sound device and -device hda results in full freeze when the game starts.

Any ideas? I have a M.2 disk that is able to boot NetBSD current for real or via Qemu. It would be nice if both have sound support.

/r/NetBSD How low can you go? Minimum memory required to boot on i386

I got two 486 class notebooks, one with 4MB and the 2nd with 8MB memory. Out of curiosity i wanted to see if NetBSD would run on these devices. For testing i created a VM with NetBSD 9.3, downloaded the Kernel sources and compiled a Kernel from 'GENERIC_TINY' which states that it should run on machines with just 4MB of memory. Long story short: That does not work with 4MB of RAM. I even reduced the config file further to no avail (removed all network cards, some pseudo-devices, no SMP support etc).

The lowest amount of memory that allows a boot to the login prompt is 8MB.

The VM i use is QEMU on Ubuntu 20.04 LTS. No special options, just

qemu-system-i386 -m <4-8m> -enable-kvm HD.img

What am i missing?

submitted by /u/haffhase
[link] [comments]

November 23, 2022

/r/NetBSD NetBSD on Pine64 SOQuartz

I am having issues getting NetBSD on Pine64's SOQuartz module; ideally I would like UEFI on the SD card and NetBSD on the is what I have tried:

1) uefi ( on sd card, NetBSD Generic Arm 64-bit image ( on eMMC.

NetBSD boots up but part way through initializing, I get the error "sdmmc0: write protected" repeated many times.

2) NetBSD General Arm 64-bit on sd-card and uefi on eMMC.

UEFI runs and NetBSD boots and I get to a log in prompt but the keyboard does not work. I have yet to try a serial console next with setup

3) UEFI on sd-card, eMMC has been formatted and is blank, NetBSD installer ISO on a USB-drive

The system boots and I get to the NetBSD installation menu. When attempting to partition the eMMC, I receive the same "sdmmc0: write-protected"

submitted by /u/acj_stpaul
[link] [comments]
Pullup pkgsrc [pullup-pkgsrc #6705] Fwd: CVS commit: pkgsrc/databases/redis
UnitedBSD Anyone using Eclipse on NetBSD 9.3 (amd64)?

Hi All,

Installed eclipse from wip and just trying to start it but simply issuing eclipse does not have any effect. The file /usr/pkg/bin/eclipse is a script setting ECLIPSE_DIR to /usr/pkg/eclipse and starts eclipse there. If I do the same manually I get: No such file or directory

If I issue 'sh /usr/pkg/eclipse/eclipse' I get: Cannot execute ELF binary /usr/pkg/eclipse/eclipse

The file command reports: /usr/pkg/eclipse/eclipse: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/, for GNU/Linux 2.2.5, with debug_info, not stripped

Forgot to mention that the necessary linux emulation is enabled on the system, other linux stuff usually runs fine.

Best regards,

November 22, 2022

UnitedBSD NetBSD port-arm on Pine64 SOQuartz

Jared McNeill released a port of tianocore for the Quartz64 SBCs.

I am able to boot UEFI from a sd card on a SOQuartz but I do not know what to do next to get NetBSD itself running.


/r/NetBSD NetBSD port-arm Pine64 SOQuartz Module Question

I know Jared McNeill has spent a considerable amount of time getting UEFI with theQuartz64 SBCs. Many thanks to him.

Does anyone have a bit more complete instructions on getting NetBSD working on the SOQuartz module? I'm waiting on soquartz module to arrive and I wanted to read up on the steps to getting NetBSD working. I get that you write small UEFI image to an SD but it is unclear as what to do next.

Here is Jared M's repo:


I followed up on the NetBSD port-arm mailing list.I followed up on the NetBSD port-arm mailing list.

- Take one of the images from and write it to an SD card.

- Using an eMMC or USB drive, goto and download the Generic 64-bit one from under NetBSD-current.

submitted by /u/acj_stpaul
[link] [comments]
UnitedBSD NetBSD 9.3 and current fail in enabling MMC drive for installation

I am trying to install NetBSD 9.3 or current on Asus E210M laptop.
And they both fail in enabling the MMC drive, and then it doesn't show up as an installation target.

The errors in dmesg are:

sdhc0 at pci0 dev 28 function 0: vendor 8086 product 31cc (rev. 0x06)
sdhc0: interrupting at ioapic0 pin 39
sdhc0: SDHC 3.0, rev 16, SDMA, 200000 kHz, embedded slot, HS SDR50 DDR50 SDR104 HS200 1.8V, re-tuning mode 1 (128s timer), 2048 byte blocks
sdmmc0 at sdhc0 slot 0
sdmmc0: sdmmc_mem_enable failed with error 60
sdmmc0: autoconfiguration error: couldn't enable card: 60

I see that a few got this issue before as well. Does anyone know the resolution?

November 21, 2022

/r/NetBSD NetBSD doesn't recognize my emmc drive

I am trying to install NetBSD 9.3 stable on Asus E210M laptop. And it does not recognize the MMC drive.

The errors in dmesg are:

sdhc0 at pci0 dev 28 function 0: vendor 8086 product 31cc (rev. 0x06) sdhc0: interrupting at ioapic0 pin 39 sdhc0: SDHC 3.0, rev 16, SDMA, 200000 kHz, embedded slot, HS SDR50 DDR50 SDR104 HS200 1.8V, re-tuning mode 1 (128s timer), 2048 byte blocks sdmmc0 at sdhc0 slot 0 sdmmc0: sdmmc_mem_enable failed with error 60 sdmmc0: autoconfiguration error: couldn't enable card: 60

I see that a few got this issue before as well. Does anyone know the resolution?

submitted by /u/rohshall
[link] [comments]

November 20, 2022

/r/NetBSD PS2 running NetBSD?

I've read it's a port, and now (my goblin brain) makes this post to ask for anecdotes, pictures any other tidbit that's related to the PS2 port ^u^

submitted by /u/SmthSweet
[link] [comments]

November 12, 2022

Ruben Schade News for week 45, 2022

Some things I’ve read this week:

Poster for Urusei Yatsura's 2022 release

By Ruben Schade in Sydney, 2022-11-13.

Pullup pkgsrc [pullup-pkgsrc #6704] Fwd: CVS commit: pkgsrc/www/gitea

November 11, 2022

Ruben Schade Querying TXT records with drill(1)

In today’s installment of things you already know, unless you don’t, this is how you look up a TXT domain record with drill(1) on FreeBSD:

$ drill $DOMAIN txt

You’d think that I’d get that order right one of these days.

On NetBSD, macOS, and Linux, the same applies for dig(1).

By Ruben Schade in Sydney, 2022-11-11.

November 10, 2022

NetBSD General on DaemonForums PKGIN does not start without full path
Hi folks,

this my first attempt ever to install NetBSD, following the main guide it suggests to install "pkgin", so I did, but now I can't call it directly and I have to use the full path ("/usr/pkg/bin/pkgin").

Clearly I made a "pebacak" somewhere... But what is it? :confused:


EDIT: NOW WORKS... :eek:

EDIT 2: NOW WORKS but all the other packages require full path instead :eek: :eek: :eek:

November 09, 2022

Pullup pkgsrc [pullup-pkgsrc #6703] evolution

November 05, 2022

Stack Overflow NetBSD: Cannot execute ELF binary written and built for FreeBSD (without using libraries)

I am building a collection of system utilities in C but with the restriction that I cannot use any system libraries, just direct system calls. This program was originally designed for FreeBSD, but I assumed that it would be simple to port between the BSDs.

It compiled fine (as soon as I added the getargs macro for x86_64), but then when I ran it I got this error.

# ./binaries/echo hello world
-sh: Cannot execute ELF binary ./binaries/echo

I decided to check what happened with gdb and I got this

(gdb) r hello world
Starting program: /root/small-utils/binaries/echo
exec: Cannot execute ELF binary /root/small-utils/binaries/echo
/usr/src/external/gpl3/gdb/lib/libgdb/../../dist/gdb/target.c:2170: internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid` failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Quit this debugging session? (y or n) y

This is a bug, please report it. For instructions, see:

/usr/src/external/gpl3/gdb/lib/libgdb/../../dist/gdb/target.c:2170: internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid` failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Create a core file of GDB? (y or n) y
[1]   Abort trap (core dumped) gdb ./binaries/echo

The code can be found on GitHub at For now it is just echo.

November 04, 2022

Pullup 9 [pullup-9 #1550] Backout uhidev.c change in ticket #1428
Pullup pkgsrc [pullup-pkgsrc #6702] pullup-request: pkgsrc/security/sudo
Pullup pkgsrc [pullup-pkgsrc #6701] pullup-request: pkgsrc/lang/php74

October 27, 2022

Pullup 9 [pullup-9 #1549] Please pullup read(1) fix for /bin/sh (PR bin/56972 fix)
Pullup 8 [pullup-8 #1779] Please pullup read(1) fix for /bin/sh (PR bin/56972 fix)
Pullup 9 [pullup-9 #1548] Fwd: CVS commit: src/sys/netinet6
Pullup 8 [pullup-8 #1778] Fwd: CVS commit: src/sys/netinet6

October 26, 2022

Pullup 8 [pullup-8 #1777] Updata tzdata to 2022e in NetBSD-8

October 24, 2022

Pullup 9 [pullup-9 #1547] Fix error detection in progress(1)

October 23, 2022

DragonFly BSD Digest In Other BSDs for 2022/10/22

It’s Long Article Title week!


October 20, 2022

Pullup 9 [pullup-9 #1546] Updata tzdata to 2022e in NetBSD-9

October 18, 2022

DragonFly BSD Digest SEMIBUG: NetBSD and Security, tonight

SEMIBUG is hosting a presentation by David Maxwell on security and NetBSD, tonight.  It’s hosted online so if you can read this, you can attend.

October 15, 2022

NetBSD Blog NetBSD Arm on Oracle Cloud

Support for running NetBSD on Oracle Cloud Arm-Based Compute Instances has been added to NetBSD -current.

A build of NetBSD/evbarm64 after 2022-10-15 will generate a bootable image (arm64.img.gz) that can be converted to a Custom Image that can run on Oracle Cloud.

To get started, the image needs to be converted to QCOW2 format:

   $ gunzip arm64.img.gz
   $ qemu-img convert -f raw -O qcow2 arm64.img netbsd.qcow2

Next, upload the image to an Oracle Cloud storage bucket.

Once the QCOW2 file has been uploaded, switch to Compute / Custom Images and click Import image. Set an image name, make sure the Operating system field is set to Linux, and select the bucket and object name for your uploaded image. Make sure to select QCOW2 as the Image type. Set the mode to Paravirtualized mode.

After the image is imported, click Edit details and clear all checkboxes except for VM.Standard.A1.Flex. You could also try BM.Standard.A1.160 (bare metal instance) but this is untested. Once the compatible shapes have been updated, click Save changes.

Now click Edit image capabilities, and under the Firmware heading, uncheck BIOS and click Save changes.

Finally, to create an instance, click the Create instance button. Make sure to either provide SSH keys, or download the generated private key in the Add SSH keys section. Click the Create button to start the instance.

The Instance details page will assign you a public IP address. Once the instance has started, you can ssh to it with the SSH key used during image creation as user opc.

   $ ssh -i ssh-key-2022-10-15.key [email protected]
   Last login: Sat Oct 15 18:50:51 2022 from y.y.y.y
   NetBSD 9.99.101 (GENERIC64) #9: Sat Oct 15 15:35:49 ADT 2022

   Welcome to NetBSD!

   This is a development snapshot of NetBSD for testing -- user beware!

   Bug reports:
   Donations to the NetBSD Foundation:

           The ssh host keys on this machine have been generated with
           not enough entropy configured, so may be predictable.

           To fix, follow the "Adding entropy" section in the entropy(7)
           man page and after this machine has enough entropy, re-generate
           the ssh host keys by running:

                   sh /etc/rc.d/sshd keyregen
   instance-20221015-1520$ sysctl machdep.dmi
   machdep.dmi.system-vendor = QEMU
   machdep.dmi.system-product = KVM Virtual Machine
   machdep.dmi.system-version = virt-4.2
   machdep.dmi.chassis-vendor = QEMU
   machdep.dmi.chassis-type = QEMU
   machdep.dmi.chassis-version = virt-4.2
   machdep.dmi.chassis-asset-tag =
   machdep.dmi.processor-vendor = QEMU
   machdep.dmi.processor-version = virt-4.2
   machdep.dmi.processor-frequency = 2000 MHz
DragonFly BSD Digest In Other BSDs for 2022/10/15

Accidentally OpenBSD-heavy this week.

October 14, 2022

Ruben Schade The wonderful tee(1) command

In today’s installment of things you already know, unless you don’t, I’m visiting the stupendously useful tee(1) command. I use it daily, yet I see plenty of scripts that brute force alternatives to it. It’s one of the most common superfluous uses of cat(1) I see.

tee(1) duplicates standard output, letting you preview output and write it to a file. Why would you want to do this? Say you want to capture the output of a fancy script by redirecting it to a file:

$ ./ > output.log

What did that script do? We wouldn’t know, unless we viewed the log file. To show us the output and write to a file, we can pipe the script output to tee(1), which will print the output and write to a target file:

$ ./ | tee output.log
==> this is the output of a fancy script

If we inspect the file:

$ cat output.log
==> this is the output of a fancy script

Nice! You can also append to an existing file with -a, the same way you’d redirect with >> in a script:

$ ./ >> output.log
$ ./ | tee -a output.log
==> this is the output of a fancy script

And checking it again having run those two lines:

$ cat reuschling.log
==> this is the output of a fancy script
==> this is the output of a fancy script
==> this is the output of a fancy script

Even the name of this tool is cool. If you picture a letter T and follow the vertical stroke upwards, it branches into two… clever! Or if you stitched the top of a tee-shirt shut, then started filling the bottom with whipped cream, eventually it’ll come out of the arms.

By Ruben Schade in Sydney, 2022-10-15.

October 12, 2022

Pullup 8 [pullup-8 #1776] ichsmb(4) update
Pullup 8 [pullup-8 #1775] x86 cpuctl update

October 06, 2022

NetBSD Installation and Upgrading on DaemonForums NetBSD: installing to a specific existing partition
I've been testing some of the BSDs in qemu and then on real hardware. I have certain specific requirements including these next two.

One: the BSD must be installed to an existing partition, without disturbing any of the other partitions.

Two: the BSD must not touch the existing boot loader.

So far, OpenBSD can be made to do this. Yay!

NetBSD is another matter. After consulting documentation, and after many tries, I am beginning to suspect that NetBSD can only be installed by letting it trash everything else on the disk and then putting in its own boot-loader. I did, at one point, find an older page describing how to do it, but it did not correspond to the current installer.

Can NetBSD correctly be installed to a specified partition without touching the rest of the SSD/HD? If so, how?

p.s. Yes I set the partition to a9 ahead of time. ;)

October 04, 2022

The NetBSD Foundation Two New Security Advisoriers: NetBSD-SA2022-003, NetBSD-SA2022-004

October 02, 2022

The NetBSD Foundation New Security Advisory: NetBSD-SA2022-002

October 01, 2022

DragonFly BSD Digest In Other BSDs for 2022/10/01


September 24, 2022

NetBSD Blog The Geeks way of checking what the outside wheather is like


When I bought my house in 2004 I went shopping for a outside thermometer - and ended up with a full weather-station instead (a WS2300). When I unpacked it I found a serial cable inside...

Long story short - I was still in the process of recabling the house (running ethernet to every room) and added a serial cable from the machine room to the WS2300, and then did some pkgsrc work and got misc/open2300 and misc/open2300-mysql. I used those to log the data from the weather-station to a mysql database, and later moved that (via misc/open2300-pgsql) to a postgres database.

Now sometime this year the machine running that database had to be replaced (should have done that earlier, it was power hungry and wasteful). The replacement was an aarch64 SoC (a Pine64 Quartz64 model A) - and it had no real com ports (of course) any more. I had experimented with USB serial adapters and the WS2300 before, but for unclear reasons this time I had no luck and couldn't get it to work. Since some of the outdoor sensors of the old weather-station had started failing, I decided to replace it.

New Weather-Station, new Sensors

I picked a WS3500 because it comes with a nice remote sensor arrangement:

I attached it to a satellite dish mount about 1.2m above my garage and ran a two wire cable through the mount to supply it with 3V and get rid of any batteries. It does not have a connector for that, but the battery compartment had enough space for a 330µF elco and soldering that and the cable directly to the battery contacts was easy.

The sensors report to the weather-station via a proprietary protocol in the 868 MHz band.

New Weather-Station, new Reporting

The weather-station can connect to a wifi network but does not offer any services itself. The app used to configure the station offers several predefined weather collection services.

I found the idea a bit strange to have my local weather data logged to some server somewhere else in the cloud and then get it back via my browser, but for others this is a good thing. I found this article that describes exactly the remote-only, no machines required on-site setup. I used that article as inspiration for the data collection (but that part turned out to be quite trivial, see below) and copied a lot of the presentation site from it (also more details below).

So in my setup I created web servers on two dedicated ports of my tiny machine running the postgres server. One is used by the weather-station for reporting the data, the other is used to query the database.

The configuration of the weather-station for a custom server was easy:

I tested the ecowitt protocol first. It uses a post to a fixed URL and the form data has nearly identical data as we get with the solution I ended up with - only a few names (of form fields) are slightly different.

The blacked items "StationID" and "StationKey" appear verbatim in the reported data, you can set them to whatever you want - the scripts below do not check them.

The weather underground protocol does a simple http GET and provides all data as query parameters (I had to add the trailing question mark in the configuration). This makes it very easy to extract the data in a script on the server side.

But lets get there step by step. NetBSD comes with a http/https server in base, originally called "bozohttpd". It is very lightweight, but it can run various types of scripts - I picked the plain old simple CGI and /bin/sh as language, using a bit of awk to convert units.

First I added two users, so I could separate file access rights. This is how they look like in vipw:

weatherupdate:*************:1004:1004::0:0:Weather Update Service:/weather/home:/sbin/nologin
weatherquery:*************:1005:1004::0:0:Weather Query Service:/weather/query:/sbin/nologin
and two httpd instances for them /etc/inetd entry to collect the incoming data:

88		stream	tcp	nowait:600	weatherupdate	/usr/libexec/httpd	httpd -q -c /weather/cgi /weather/files
89		stream	tcp	nowait:600	weatherquery	/usr/libexec/httpd	httpd -q -c /weather/cgi -M .js "text/javascript" - - /weather/files

The document root (/weather/files) would not be used for the instance on port 88, but httpd needs one. Note that these lines use the quiet flag ("-q") which is only available in netbsd-current. You can replace it with "-s" for older versions.

The home directories of both users are mostly empty, besides a .pgpass file that contains the password for this user connection to the postgres server. They look like this:

where "weatherhistory" is the datebase and "open2300" is the name of the postgres user for the update script and the password is x-ed out. The other file looks very similar:

At the postgres level the user "weatherquery" needs to have SELECT privilege on the table "weather", and "open2300" needs to have INSERT privilege. The table schema (output of "pg_dump -s") looks like this:

-- Name: weather; Type: TABLE; Schema: public; Owner: weathermaster

    "timestamp" timestamp without time zone DEFAULT '1970-01-01 00:00:00'::timestamp without time zone NOT NULL,
    temp_in double precision DEFAULT '0'::double precision NOT NULL,
    temp_out double precision DEFAULT '0'::double precision NOT NULL,
    dewpoint double precision DEFAULT '0'::double precision NOT NULL,
    rel_hum_in integer DEFAULT 0 NOT NULL,
    rel_hum_out integer DEFAULT 0 NOT NULL,
    windspeed double precision DEFAULT '0'::double precision NOT NULL,
    wind_angle double precision DEFAULT '0'::double precision NOT NULL,
    wind_chill double precision DEFAULT '0'::double precision NOT NULL,
    rain_1h double precision DEFAULT '0'::double precision NOT NULL,
    rain_24h double precision DEFAULT '0'::double precision NOT NULL,
    rain_total double precision DEFAULT '0'::double precision NOT NULL,
    rel_pressure double precision DEFAULT '0'::double precision NOT NULL,
    wind_gust double precision DEFAULT 0 NOT NULL,
    light double precision DEFAULT 0 NOT NULL,
    uvi double precision DEFAULT 0 NOT NULL

ALTER TABLE OWNER TO weathermaster;

-- Name: weather weather_pkey; Type: CONSTRAINT; Schema: public; Owner: weathermaster
    ADD CONSTRAINT weather_pkey PRIMARY KEY ("timestamp");

-- Name: TABLE weather; Type: ACL; Schema: public; Owner: weathermaster

As noted above, I carried this database over (with minor modifications) from previous instances of the whole setup - so it may not be optimal or elegant. One thing that needs special attention is the "timestamp" column - it carries date/time in UTC and has no timezone associated. This looked like a natural choice, but has some unexpected consequences. When querying data in JSON format, "timestamp" will not get the JavaScript marker for "UTC", a "Z" suffix. So in the JavaScript code in the web pages you will find quite a few places that cover up for this.

Now when the weather station sends data to the configured server, inetd(8) runs httpd(8) and that invokes a shell script /weather/cgi/update.cgi as the "weatherupdate" user. This script uses awk(1) to do a few unit conversions and output a SQL command to insert the data into the "weather" table. This SQL command is then piped to psql(1) with the connection string passed on the command line. The corresponding password is found in ~/.pgpass of the "weatherupdate" user.

The script looks like this:

#! /bin/sh

TZ=UTC; export TZ

awk -v $( echo "$QUERY_STRING" | sed 's/\&/ -v /g' ) 'BEGIN {


printf("INSERT INTO weather VALUES ('"'"'%s'"'"', %f, %f, %f, %d, %d, %f, %d, %f, %f, %f, %f, %f, %f, %f, %f);\n",
	strftime("%F %T"),
	rain, dailyrain, totalrain,
	solarradiation, UV);

}' | psql "hostaddr=''dbname='weatherhistory'user='open2300'" > /dev/null 2>&1

Note that it explicitly sets the timezone to UTC. The input data comes (as defined by CGI) via the QUERY_STRING environment variable, as a set of "field=value" items, separated by &. They are converted to sets of "-v" args for the awk invocation via a simple sed script.

With this in place, the weather-station adds a record every five minutes to the database, and it was fun to check it via SQL, but for reasons not quite clear to me most of the rest of the family did not like that kind of access very much.

psql (14.5)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

weatherhistory=> select min(temp_out), max(temp_out) from weather;
  min  | max  
 -18.1 | 80.9
(1 row)

I initially thought the 80.9°C were measured while I was soldering the power cable, but apparently they were fallout from the sometimes failing sensors of the old station. The database has 2840 rows with temp_out > 40°C and all of them are 80.something. I should replace them with an average of the neighbor records.

Presenting the data

So I needed an internal web site. Which needs access to the data. The above setup already paved the way for that, via the second port I set up. I wanted to show all the current data in one page, and variable history data on another - which meant two CGI scripts to query the data. The /weather/cgi/latest.cgi script just fetches the last record logged and creates a JSON from it, and also uses pom(6) and the sunwait(1) program from pkgsrc to supply some site and date specific data:

#! /bin/sh


GEOPOS="51.505554N 0.075278W"	# geographic position of this weather station
UPDATE=300			# seconds between updates

# This script uses psql(1) from pkgsrc/databases/postgresql14-client,
# pom(6) from the NetBSD games set and pkgsrc/misc/sunwait.

# collect global site data: sunrise and friends
eval $( sunwait report ${GEOPOS} | awk -F": " '
	/Sun directly north/	{
		printf("zenith=\"%s\"\n", $2);
	/Daylight:/		{
		split($2,v," to ");
		printf("sunrise=\"%s\"\nsunset=\"%s\"\n", v[1], v[2]);
	/with Civil twilight:/	{
		split($2,v," to ");
		printf("dawn=\"%s\"\ndusk=\"%s\"\n", v[1], v[2]);
	/It is: Day/ {
	/It is: Night/ {
' )

# moon phase
eval $( pom | awk '-F('	'
	/The Moon is Full/	{ printf("moontrend=\"-\"\nmoon=100\n"); }
	/The Moon is New/	{ printf("moontrend=\"+\"\nmoon=0\n"); }
	/First Quarter/		{ printf("moontrend=\"+\"\nmoon=50\n"); }
	/Last Quarter/		{ printf("moontrend=\"-\"\nmoon=50\n"); }
	/Waxing/		{
		sub(/^.*\(/, "", a);
		sub(/%.*$/, "", a);
		printf("moontrend=\"+\"\nmoon=%d\n", a+0);
	/Waning/		{
		sub(/^.*\(/, "", a);
		sub(/%.*$/, "", a);
		printf("moontrend=\"-\"\nmoon=%d\n", a+0);
' )

# start the json output
printf "\n\n{ \"site\": { \"updates\": ${UPDATE},
	\"dawn\": \"${dawn}\", \"sunrise\": \"${sunrise}\",
	\"zenith\": \"${zenith}\", \"day\": ${day},
	\"sunset\": \"${sunset}\", \"dusk\": \"${dusk}\",
	\"moon\": { \"trend\": \"${moontrend}\", \"percent\": ${moon} }\n}, \"weather\":\n"

# fill database results
printf "WITH t AS ( SELECT * FROM weather ORDER BY timestamp DESC LIMIT 1 ) SELECT row_to_json(t) FROM t;\n" |
	psql --tuples-only --no-align "hostaddr=''dbname='weatherhistory'user='weatherquery'"

# terminate json
printf "\n}\n"

As you can see, if you would restrict output to plain data from the database, the script would be only four or five lines long. But I like the additional spicing.

The /weather/cgi/history.cgi script fetches rows between two timestamps passed to it (in JSON timestamp format) and answers with a JSON containing an array of all the data in the requested time window:

#! /bin/sh

COND=$( echo "${QUERY_STRING}" | tr '&' '\n'| sed -e 's/%22/\"/g' -e 's/%3A/:/g' | awk '
	/from=/	{ v=$0; sub(/^[^"]*\"/, "", v); sub(/\".*$/, "", v); arg_from=v; }
	/to=/	{ v=$0; sub(/^[^"]*\"/, "", v); sub(/\".*$/, "", v); arg_to=v; }
	END	{
		if (arg_from && arg_to) {
			printf("timestamp >= '"'"'%s'"'"' AND timestamp <= '"'"'%s'"'"'\n",
			    arg_from, arg_to);
' )

if [ -z "${COND}" ]; then
	# printf "could not parse: ${QUERY_STRING}\n" >> /tmp/sql.log
	exit 0;

# start output
printf "\n\n"

# printf "${COND}\n" >> /tmp/sql.log

# fill database results
printf "WITH t AS ( SELECT * FROM weather WHERE ${COND} ORDER by timestamp ASC ) SELECT json_agg(t) FROM t;\n" |
	psql --tuples-only --no-align "hostaddr=''dbname='weatherhistory'user='weatherquery'" # 2&>> /tmp/sql.err

Fetching this data now is easy in JavaScript.

We have a request URL defined as a const, like this:

const queryURL = '';

and then add (if needed) the paramaters for the query, like in this example function that gets passed a from-date and a to-date:

function showData(fromD, toD)
        var url = new URL(queryURL);
        url.searchParams.append("from", '"'+fromD.toJSON()+'"');
        url.searchParams.append("to", '"'+toD.toJSON()+'"');
        fetch(url).then(function(response) {
                return response.json();
        }).then(function(data) {
        }).catch(function(error) {

When the answer from the server arrives, it is decoded as JSON and returned as input data to the next function that makes some graphs from the data array. Finally a few buttons are updated (in this example the time window is put into a start and a end date control.

Inspired by the post mentioned above I used canvas gauges for the display of the latest data and dygraphs for the display of historic data.

Here is an example of how the latest display looks:

And here is how the history display looks:

I have put an archive of the cgi scripts and web pages here, and also for the curious who just want to peek at the full glory of my web design skills the start page (showing the latest weather data) and the history page.

Besides those files, you will need

Then you should be ready to go - easy, isn't it? And no heavy weight dependencies or pkgs needed.

What about other weather stations?

There are quite a few similar weather stations out there now that seem to run "related" firmware and have similar capabilities. Most likely the update script (and details in the presentation pages) will need adjustements for other types.

If you start with a different device, just log all the data it sends and adjust the cgi scripts/database/JavaScript accordingly. For protocol analyzis there are several easy means:

Here is what a debug.cgi script could look like:

#! /bin/sh
env > /tmp/debug.env
printf "\n\nOK\n"
cat > /tmp/debug.input &

This allows you to see the form input in /tmp/debug.input and the CGI environment in /tmp/debug.env.

DragonFly BSD Digest In Other BSDs for 2022/09/24

Check the first link; it’s time-dependent.

September 23, 2022

Frederic Cambus Toolchains adventures - Q3 2022
My continuous journey into toolchains, in the third quarter of 2022

This is the sixth post in my toolchains adventures series. Please check the previous posts in the toolchains category for more context about this journey.

In Pkgsrc land, I updated binutils to the 2.39 version, mold to the 1.3.1, 1.4.0, 1.4.1, and 1.4.2 versions, patchelf to the 0.15.0 one, and finally pax-utils to the 1.3.5 one.

Regarding OpenBSD, we imported llvm-profdata into the base system in early July, so I took the opportunity to propose importing llvm-cov as well. This was accepted and is now committed, which will allow producing reports from coverage data without having to install the devel/llvm port.

I also submitted a binutils port, with the stated goal to have up to date versions of the GNU binary utilities. As such it excludes as (for which we have the devel/gas port) and ld. This is intended to replace the aging versions we have in the base system (from binutils 2.17, released in 2006). All installed utilities have the ‘g’ prefix prepended to the binary name. After importing it, I noticed packages didn’t build on OpenBSD/arm64 and OpenBSD/armv7, so I got the chance to send patches upstream to add OpenBSD ARM and AArch64 Little Endian BFD support. While there, I also added the required entry for AArch64 GAS support in upstream binutils.

In September, I got the opportunity to attend the GNU Tools Cauldron 2022 conference which was held on September 16-18th 2022 in Prague, Czech Republic. Three days of talks and discussions about the GNU toolchain, in a friendly and relaxed atmosphere. There were a lot of interesting talks and people, and being able to discuss such topics in person was a nice change.

That’s all for now… Stay tuned!

binutils commits:

2022-09-02 d0a122d Add OpenBSD ARM Little Endian BFD support
2022-08-31 6472b23 Add OpenBSD AArch64 GAS support
2022-08-22 ba86e75 Add OpenBSD AArch64 Little Endian BFD support

LLVM commits:

2022-08-01 892e6e2 [clang] Update Clang version from 15 to 16 in scan-build.1

September 22, 2022

Ruben Schade Cartron asks what FreeBSD machines I use

In response to my Windows 11 game post where I mentioned dual-booting into FreeBSD most of the time, the imitable @Cartron asked what machines I use. It’s been a while since I’ve done a post like this.

These are my FreeBSD machines at the time of writing:

And the ones I have on the horizon:

I also have a few physical and virtual machines running NetBSD, but that’s for another post.

Details about these machines are also on my Omake outline under Gear.

By Ruben Schade in Sydney, 2022-09-23.

September 20, 2022

NetBSD Blog EuroBSDCon 2022

No videos are available yet to provide much-needed context to presentations, but we'll keep you posted.

Day -2 - Arrival in Vienna

After being thoroughly delayed by Deutsche Bahn, I hopped off an InterCity Express train to check out the hotel room for people speaking at EuroBSDCon, which was An Experience in itself. There was a mural of a shirtless man with a sword covered in snakes next to my bed, what else do you need in life? Lots of coffee, obviously.

Begin the march to the conference to listen to Marshall Kirk McKusick lecture on schedulers.

Day -1 - NetBSD Developer Summit

Around 16 NetBSD developers gathered in a room for the first time in two years. I was a little bit distracted and late due to Marshall Kirk McKusick's very detailed lecture on filesystems melting my brain somewhat, but we had the opportunity to present various informal presentations, after we'd finished showing off suspend/resume support on our ThinkPad laptops.

Benny Siegert opened with a presentation on the state of the Go programming language on NetBSD (and whether it is "in trouble"), covering various problems with instability being detected inside the Go test suite. Go is particularly interesting (and maybe error-prone) because it mostly bypasses NetBSD libc, which is unusual for software running on NetBSD, instead preferring to implement its own wrappers around the kernel's system calls.

A few problems had been narrowed down to being (likely) AMD CPU bugs, others weren't reproducible in production (outside of the test suite) at all, and others may have been fixed in NetBSD 9.1 - the NetBSD machines running tests for Go do need to be updated. If you're from AMD, please get in touch.

We've got a very impressive test suite for NetBSD itself, but outside tests are always useful for identifying problems that we can't catch... that said, they do require a lot of work to maintain, and a lack of patience is understandable. We'd love any help we can get with this.

I pointed out that we get occasional failures bootstrapping Go in pkgsrc, and better debug output would be nice -- Benny was able to arrange this within the day, and we should get nice detailed bootstrapping logs for Go now.

Pierre Pronchery ([email protected]) discussed cross-BSD collaboration on synchronizing our device driver code bases, including his recent NetBSD Foundation-supported work on the emuxki(4) sound card driver, where other BSDs have taken the same code base but improvements had not yet been universal. We all agreed that collaboration and keeping drivers in sync is important. We talked about the on-going project to synchronize NetBSD Wi-Fi drivers with FreeBSD.

Martin Kjellstrand then gave us a very nice demonstration of his NetBSD docker images, and how easy it is to spin up NetBSD on-demand to run a command (this also has wide potential for being useful for testing). In turn, I rambled a bit about my own experiments of dynamically creating NetBSD images. This would lead to a later discussion about whether we need to prioritize improving the resize_ffs(8) command's support for new filesystems.

The theme of creating NetBSD images "for the cloud" continued, with Benny Siegert presenting again about NetBSD on Google Compute Engine.

Stephen Borrill then stepped up to give us an incredibly detailed history of the British computer company Acorn Computers, complete with his personal experiences servicing Acorn machines in the early 90s. We discussed the history of the ARM CPU, and NetBSD/acorn32.

Nia Alarie (surprise) finished up with a very short unplanned demonstration of some of the projects she's been working on lately - using NetBSD as a professional digital audio workstation, improving the default graphical experience of NetBSD with dynamically generated menus, and (again) creating customized micro-images of NetBSD. We discussed support for MIDI devices (I'd later chat with some of the FreeBSD people about collaborating on JACK MIDI).

We then retired to Thomas Klausner ([email protected])'s favorite ramen restaurant and discussed, among other things, Studio Ghibli films, and trains. Trains would be a recurring theme.

Day 0 - start of talks

We began the day with two NetBSD presentations scheduled back-to-back. This mostly meant that I got to talk about some of NetBSD 10's upcoming features, and why it's taking so long to a small crowd of interested people who didn't have much prior experience with NetBSD, while in another room Taylor R. Campbell ([email protected]) discussed his very dedicated efforts to make suddenly disappearing devices more reliable and not crash the kernel (we're still waiting for a live demonstration).

Next, Pierre Pronchery ([email protected]) discussed the power of pkgsrc for creating consistent environments across platforms for software developers, serving as a nice portable, classic Unix alternative to technologies like Docker and Nix.

The final presentation of the day was [email protected] again, this time providing a live lecture (from Emacs!) about memory barriers in the kernel. We all learned to appreciate the nice abstractions technologies like mutexes provide to stop CPUs from re-ordering code on multi-processor machines in inexplicable ways.

Day 1 - final talks

The second day of EuroBSDCon presentations was mostly devoid of anything NetBSD-focused, so we had a nice opportunity for cross-pollination and to learn and collaborate with other BSD projects. I chatted a bit with an OpenBSD Ports developer about the challenge technologies like Rust pose to developing a cross-architecture packaging system, and with a FreeBSD person about the state of professional audio on our respective platforms. Michael Dexter finished the day of presentations with a very passionate speech about why we all need BSD in our lives, regardless of our preferred flavour.

More topics were discussed in the various break periods, including whether our newest update to the GPU drivers is stable enough to include in a release (verdict: works for me).

We then watched as various BSD t-shirts and boxes of chocolates were auctioned away to support a local refugee center. The organizing committee forgot to include the NetBSD Foundation on the list of sponsors, but we forgive them.

Other news from the Project

I've recently made sure the NetBSD 10 changelog is up to date with all the new goodness, so you should check that out.

September 19, 2022

Ruben Schade aria2 can download torrent files, then their files

In this installment of things you already know, unless you don’t, you can provide Tatsuhiro Tsujikawa’s aria2 with a URL to a torrent file, and it will also download the files from the torrent:

For example, I can download NetBSD 9.2 by giving it the torrent file, instead of having to download it first:

$ aria2

I now have an ISO, not just a torrent file. Cool!

By Ruben Schade in Sydney, 2022-09-20.

OS News An X11 apologist tries Wayland

All in all, I’m very impressed with the work the wayland community has done since I last did a serious look at the state of things. I’m still waiting for a stacking window manager that scratches the same itch for me that icewm does, but I’m following labwc with great interest. At this point though, I’ve established that I can live my life on wayland, and for the time being I am. Not everyone can yet though, and there’s still work to be done. Part of why I’m feeling the urge to transition to wayland is performance benefits, but the other part is so that I’ll be able to help solve the unsolved problems to make it viable for more people.

I don’t think X is ever going to die. Even if it fades away on Linux, there’s a lot of old video hardware that will probably only ever be well supported with real Xorg, on Linux and other OSes such as NetBSD. That stuff is already seeing support dropped in more recent versions of Xorg, and preservationists will need to do digging to find versions that still take advantage of everything the hardware has to offer. But, I understand now why the wayland folks have been talking so highly of it, and how drastically it simplifies the userland stack, and I’m no longer concerned that I’ll wake up to find my netbook has become unusable for modern software.

I’ve been on Wayland on both my laptop and workstation for a long time now, and there’s no way I’m ever going back with just how much better it performs than Only my main PC (used mostly for gaming) is still on (Linux Mint), but that’s out of a combination of NVIDIA hardware and my satisfaction with Mint. I agree with the author that won’t die, but the arrow of time is pointing in a very clear direction.

August 30, 2022

Super User FreeBSD kernel image with built-in application

I have experienced creating a FreeBSD kernel image but is there a way to include an application, for example an SQlite database in the image? What I want to achieve is to package the application in the image build as one.

August 17, 2022

Server Fault Linux IP command convert to BSD

What is below IP command to BSD replication?

ip -6 route add local 2a00:f10:500::/48 dev lo

August 06, 2022

OS News NetBSD 9.3 released

NetBSD 9.3 has made it into the wild.

Aside from many bug fixes, 9.3 includes backported improvements to suspend and resume support, various minor additions of new hardware to existing device drivers, compatibility with UDF file systems created on Windows 10, enhanced support for newer Intel Gigabit Ethernet chipsets, better support for new Intel and AMD Zen 3 chipsets, support for configuring connections to Wi-Fi networks using sysinst(8), support for wsfb-based X11 servers on the Commodore Amiga, and minor performance improvements for the Xen hypervisor.

A solid set of improvements for a point release.

NetBSD Blog NetBSD 9.3 released

The NetBSD Project is pleased to announce NetBSD 9.3, the third release from the NetBSD 9 stable branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.2 in May 2021, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0. Users running 9.2 or an earlier release are strongly recommended to upgrade.

Aside from many bug fixes, 9.3 includes backported improvements to suspend and resume support, various minor additions of new hardware to existing device drivers, compatibility with UDF file systems created on Windows 10, enhanced support for newer Intel Gigabit Ethernet chipsets, better support for new Intel and AMD Zen 3 chipsets, support for configuring connections to Wi-Fi networks using sysinst(8), support for wsfb-based X11 servers on the Commodore Amiga, and minor performance improvements for the Xen hypervisor.

The general NetBSD community is very excited about NetBSD 10.0, but it was deemed necessary to make this bug fix release available while we wait for the resolution of some compatibility problems in NetBSD-current concerning FFS Access Control Lists preventing the netbsd-10 release.

Full release notes, including download links

August 04, 2022

The NetBSD Foundation NetBSD 9.3 release

August 03, 2022

Server Fault ssh tunnel refusing connections with "channel 2: open failed"

All of a sudden (read: without changing any parameters) my netbsd virtualmachine started acting oddly. The symptoms concern ssh tunneling.

From my laptop I launch:

$ ssh -L 7000:localhost:7000 [email protected] -N -v

Then, in another shell:

$ irssi -c localhost -p 7000

The ssh debug says:

debug1: Connection to port 7000 forwarding to localhost port 7000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 7000 for localhost port 7000, connect from port 53954, nchannels 3

I tried also with localhost:80 to connect to the (remote) web server, with identical results.

The remote host runs NetBSD:

bash-4.2# uname -a
NetBSD host 5.1_STABLE NetBSD 5.1_STABLE (XEN3PAE_DOMU) #6: Fri Nov  4 16:56:31 MET 2011  [email protected]:/m/obj/m/src/sys/arch/i386/compile/XEN3PAE_DOMU i386

I am a bit lost. I tried running tcpdump on the remote host, and I spotted these 'bad chksum':

09:25:55.823849 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 67, bad cksum 0 (->3cb3)!) > P, cksum 0xfe37 (incorrect (-> 0xa801), 1622402406:1622402421(15) ack 1635127887 win 4096 <nop,nop,timestamp 5002727 5002603>

I tried restarting the ssh daemon to no avail. I haven't rebooted yet - perhaps somebody here can suggest other diagnostics. I think it might either be the virtual network card driver, or somebody rooted our ssh.


July 13, 2022

Unix Stack Exchange How to use gphoto2 to access emulated mtp on QEMU NetBSD guest

I was able to emulate a usb-mtp device in How to emulate usb-mtp device with virt-manager? but when I try to access the folder share/device with gphoto2 in debug mode it hangs and I get:

gp_port_set_error [gphoto2-port.c:1190](0): Could not query kernel driver of device

I don't know if this has to do with libvirt sandboxing or permissions issue on the shared directory. I get the same behavior and error when the shared directory and files within are owned by me or libvirt-qemu. The command line I'm using is (usb id changes each boot so command line changes to fit):

sudo env LANG=C gphoto2 --camera "QEMU Virtual MTP" --port usb:003,002 --list-files --debug --debug-logfile=mtplog2

Here is the full log output:

GVFS and glib2 (provides gio) is uninstalled. I gathered that GVFS could interfere with mtp if it's in use at the same time and I uninstalled glib2 for good measure as I'm not sure if gio interferes too. sudo fstat didn't show either one, but I don't know what to look for since the usb-mtp device is ugen0 which is part of a hub which is then /dev/usb3 and all don't show up in fstat.

Stack Overflow How to build netbsd based mobile os [closed]

I'm searching for way to start my own project I wanna build a mobile os based on netbsd I will use netbsd ARM kernel to make my own SoC Os could you give a resources and tools to get started

June 30, 2022

Frederic Cambus Toolchains adventures - Q2 2022
My continuous journey into toolchains, in the second quarter of 2022

This is the fifth post in my toolchains adventures series. Please check the previous posts in the toolchains category for more context about this journey.

In Pkgsrc land, I updated mold to the 1.2, 1.2.1, and 1.3 versions, and pax-utils to the 1.3.4 one. I also added a z3 option to our llvm and clang packages to allow building them against the Z3 theorem prover. When both lang/llvm and lang/clang are built with the z3 option enabled, the Z3 constraint solver is activated for the Clang static analyzer. This option is not enabled by default. I wrote a blog post showing how to use Z3 as an external solver and to do refutation to filter out false positives.

While I mention static analysis, I’ve been extremely impressed with the progress of the GCC’s static analysis framework. It was introduced in GCC 10, and a major rewrite occurred in GCC 11. It now generates significantly less false positives, and found some valid memory leaks on error paths in libansilove 1.30, which the Clang static analyzer didn’t catch.

Regarding the NetBSD base system, I started evaluating what it would take to upstream our local binutils patches. The version we have in NetBSD’s src repository is binutils 2.34 (released in February 2020), and diffing our tree with the release tarball results in a 4310 lines diff, touching 163 files with 1404 insertions and 186 deletions.

For each of these changes, we need to dig into version control history to find why they were needed in the first place, verify if they are still needed, and if so potentially rework them to meet upstream coding standards. This requires an understanding of the problem domain to be able to explain the rationale behind the changes while submitting patches and writing relevant commit messages.

While some of those patches are NetBSD specific, we still need to ensure we are not breaking other operating systems. Ultimately, vanilla binutils should be able to produce working binaries on NetBSD without requiring any local patches. Once this goal is reached, we need to ensure it keeps building, investigate test suite failures, and setup buildbots for continuous builds on key architectures.

On the LLVM side, I managed to do a couple of commits as well to add libclang_rt.profile{{.*}}.a tests for both OpenBSD and NetBSD in the Clang driver test suite.

Lastly, I also wrote a couple of blog posts about various topics:

That’s all for now, happy Summer 2022 everyone!

LLVM commits:

2022-06-27 aa89bb3 [Driver][test] Add libclang_rt.profile{{.*}}.a tests for NetBSD
2022-06-26 2ff4fb6 [Driver][test] Add libclang_rt.profile{{.*}}.a tests for OpenBSD
2022-06-24 a129a37 [clang] Update Clang version from 14 to 15 in scan-build.1

June 27, 2022

Unix Stack Exchange Issues starting headless installation of NetBSD in VirtualBox

On a headless Ubuntu 22.04 machine, I'd like to start a headless installation of NetBSD 9.2 in VirtualBox.

I have a prepared virtual machine with a set of blank disk images attached, as well as with the bootable NetBSD installation CD attached to the CDROM drive.

My idea was to perform the installation over the serial port, using minicom, but I'm unable to get the installation to switch over to use the serial console.

I'm starting the machine with

VBoxManage startvm netbsd --type=headless

Then I try to get it to switch over the console to the serial port:

VBoxManage controlvm netbsd keyboardputfile boot.conf

... where boot.conf is a file containing a line of text saying consdev com0, which is what you would type on the NetBSD boot prompt to switch to the serial console.

I know NetBSD's serial console is set up to use 9600 8N1, which is what I have minicom configured to use, and I have set up the serial port on the virtual machine like so:

UART 1:                      I/O base: 0x03f8, IRQ: 4, attached to pipe (server) '/tmp/netbsd.pipe', 16550A

I start minicom using

minicom -D 'unix#/tmp/netbsd.pipe'

I successfully use the serial console on another virtual machine in an identical way, and I can see the status in minicom switch from "Offline" to "Online" as soon as the NetBSD machine turns on, but there is no output in minicom.

Can anyone see what the issue is and how I would go about fixing it? I know the alternative would be to PXE boot the machine, but I was hoping to be able to avoid doing that (as I don't netboot anything else at the moment).

June 24, 2022

Unix Stack Exchange What is the most native way to generate desktop notification in BSD unixes

macOS has its "osascript" with "display notification", Linux has its "notify-send". Both are the most native way to generate DE notifications. What is the most native way to generate desktop notification in BSD unixes?

June 21, 2022

Frederic Cambus Clang Static Analyzer and the Z3 constraint solver
Notes on using the Z3 constraint solver with the Clang Static Analyzer

As far as static analyzers are concerned, one of the most important point to consider is filtering out false positives as much as possible, in order for the reports to be actionable.

This is an area on which Coverity did an excellent job, and likely a major reason why they got so popular within the open source community, despite being a closed-source product.

LLVM has the LLVM_ENABLE_Z3_SOLVER build option, which allows building LLVM against the Z3 constraint solver.

It is documented as follow:

    If enabled, the Z3 constraint solver is activated for the Clang static analyzer.
    A recent version of the z3 library needs to be available on the system.

The option is enabled in the Debian 11 package (clang-tools-11), but not in Fedora 36 or Ubuntu 22.04 ones. I added a build option (not enabled by default) to the llvm and clang packages in Pkgsrc, and successfully built Z3 enabled packages on NetBSD.

For Pkgsrc users, add the following in mk.conf, and build lang/clang:

PKG_OPTIONS.llvm=	z3
PKG_OPTIONS.clang=	z3

There are two ways of using Z3 with the Clang Static Analyzer, and to demonstrate them, let’s reuse the small demo snippet from the SMT-Based Refutation of Spurious Bug Reports in the Clang Static Analyzer paper.

unsigned int func(unsigned int a) {
	unsigned int *z = 0;

	if ((a & 1) && ((a & 1) ^1))
		return *z; // unreachable

	return 0;

For each method, we can use Clang directly on a given translation unit or use scan-build.

The first way is using Z3 as an external constraint solver:

$ clang --analyze -Xanalyzer -analyzer-constraints=z3 main.c

$ scan-build -constraints z3 clang -c main.c
scan-build: Using '/usr/lib/llvm-11/bin/clang' for static analysis
scan-build: Analysis run complete.
scan-build: Removing directory '/tmp/scan-build-2022-06-21-171854-18215-1' because it contains no reports.
scan-build: No bugs found.

This is a lot slower than the default, and the commit which documented the feature mentions a ~15x slowdown over the built-in constraint solver.

The second way is using the default range based solver but having Z3 do refutation to filter out false positives, which is a lot faster:

$ clang --analyze -Xanalyzer -analyzer-config -Xanalyzer crosscheck-with-z3=true main.c

$ scan-build -analyzer-config crosscheck-with-z3=true clang -c main.c
scan-build: Using '/usr/lib/llvm-11/bin/clang' for static analysis
scan-build: Analysis run complete.
scan-build: Removing directory '/tmp/scan-build-2022-06-21-171924-18226-1' because it contains no reports.
scan-build: No bugs found.

Again, no bugs found. How boring.

We can verify what happens if we run the analyzer without involving Z3 at all:

$ clang --analyze main.c
main.c:5:9: warning: Dereference of null pointer (loaded from variable 'z') [core.NullDereference]
        return *z; // unreachable
1 warning generated.

We get a false positive, because the default constraint solver cannot reason about bitwise operations (among other things), and report an unreachable NULL pointer dereference.

June 09, 2022

Super User How to use "mount_smbfs" on NetBSD to connect to a samba file server on a non-root Samba server

I have a RHEL 8.6 machine, and I'm setting up a samba file server using port 1445 so I can start the server as a non-root user. The server is working locally, as I can run smbclient -p 1445 //localhost/share to connect to it. I am also running a QEMU NetBSD 8.2 VM, and I'm attempting to connect to the samba share using the following:

mount_smbfs -I <machine IP> //[email protected]<machine IP>:1445 mount_dir/

However, I get a "connection refused" error when I try to access it.

If I remove smb ports = 1445 from the configuration file and start the Samba daemon as root, I can connect to it from NetBSD, but I'd like to be able to host a working Samba server as non-root.

I thought perhaps if I mapped port 139 on NetBSD to 1445 on RHEL with QEMU, that would solve things (using the -net user,hostfwd=tcp::1445-:139 to QEMU), but I haven't had any luck there.

I do notice that if I do an nmap localhost when starting the Samba server as non-root, port 1445 doesn't show up as being open.

What might be going on here?

May 22, 2022

NetBSD Blog Announcing Google Summer of Code 2022 projects

Google Summer of Code logo The NetBSD Foundation has finalized the list of projects for this year’s Google Summer of Code. The contributors and projects are the following:

The community bonding period has already started (from May 20) and it will last until June 12. During this time, the contributors are expected to coordinate with their mentors and community.

This will be immediately followed by the coding period from June 13 to September 4. After which, the contributors are expected to submit their final work, evaluate their mentors, and get evaluated by their mentors as well. Results will be announced on September 20.

For more information about the Google Summer of Code 2022 kindly refer to the official GSoC website.

We would like to express our gratitude to Google for organizing the yearly GSoC, and to The NetBSD Foundation mentors and administrators for their efforts and hardwork!

Let us welcome all the contributors to our growing NetBSD community!

May 19, 2022

Super User Solaris 8 X11 binaries generate segmentation violations on NetBSD


Recently, I've been trying to get the Solaris 8 versions of xterm and xauth working on NetBSD from an ssh client with X11 forwarding, but both binaries seem to generate segmentation violations immediately. I ran a ktrace on both programs to try to figure out what happened, and the last few lines of output for both programs look like this:

   571      1 xclock   compat_20_getfsstat(0xedefa018, 0xefffede4) Err#2 ENOENT
   571      1 xclock   compat_50_getrusage(0xedefa000, 0x1000) = 0
   571      1 xclock   #115 (obsolete vtrace)(0, 0x1000, 0x7, 0x80000102, 0xffffffff, 0) = -303063040
   571      1 xclock   compat_50_getrusage(0xedee4000, 0x1000) = 0
   571      1 xclock   break(0x25850)              = 0
   571      1 xclock   break(0x27850)              = 0
   571      1 xclock   break(0x27850)              = 0
   571      1 xclock   break(0x29850)              = 0
   571      1 xclock   break(0x29850)              = 0
   571      1 xclock   break(0x2b850)              = 0
   571      1 xclock   compat_43_otruncate(0x5, 0xeffff3a0) = 0
   571      1 xclock   shmdt(0x2, 0x2, 0)          = 3
   571      1 xclock   modctl(0x3, 0x6, 0x1, 0xeffff39c, 0x4) = 0
   571      1 xclock   modctl(0x3, 0xffff, 0x8, 0xeffff398, 0x4) = 0
   571      1 xclock   break(0x2b850)              = 0
   571      1 xclock   break(0x2d850)              = 0
   571      1 xclock   open("/emul/svr4/etc/netconfig", 0, 0x1b6) = 4
   571      1 xclock   #217 (unimplemented)(0x4, 0xefffebb0) = 0
   571      1 xclock   ioctl(0x4, _IO('T',0x1,0), 0xefffeb3c) Err#-4
   571      1 xclock   read(0x4, 0x2b9a4, 0x400)   = 1024
       "#pragma ident\t"@(#)netconfig\t1.16\t99/10/25 SMI"\n#\n# The "Network Configuration" File.\n#\n# Each entry is of the form:\n#\n#       <network_id> <semantics> <fl"
   571      1 xclock   SIGSEGV SIG_DFL

I noticed that the ioctl call is failing; could this be a reason for failure here?

I also ran ktrace on the NetBSD versions of xclock and xterm to see if there were any similarities, and the most similar samples of output I could find were the following:

   604      1 xclock   __stat50("/etc/nsswitch.conf", 0xefffeed8) = 0
   604      1 xclock   open("/etc/nsswitch.conf", 0x400000, 0x1b6) = 3
   604      1 xclock   __fstat50(0x3, 0xefffeb70)  = 0
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 621
       "#\t$NetBSD: nsswitch.conf,v 1.6 2009/10/25 00:17:06 tsarna Exp $\n#\n# nsswitch.conf(5) -\n#\tname service switch configuration file\n#\n\n\n# These are the default"
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 0
   604      1 xclock   open("/etc/hosts", 0x400000, 0x1b6) = 3
   604      1 xclock   __fstat50(0x3, 0xefffcc38)  = 0
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 831
       "#\t$NetBSD: hosts,v 1.9 2013/11/24 07:20:01 dholland Exp $\n#\n# Host name database.\n#\n# This file contains addresses and aliases for local hosts whose names\n# n"
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 0
   604      1 xclock   close(0x3)                  = 0

Because of this, I suspect the reason might lie in some of the Solaris 8 files that I copied over to the NetBSD virtual machine (e.g. /etc/netconfig), but I'm unsure. Could these files be the reason why none of the Solaris 8 X11 binaries function correctly on NetBSD?