NetBSD Planet

July 21, 2017

• Super User Trying to install NetBSD 7.1 on QEMU/KVM

  I am using OpenSUSE Leap 42.2 on a Dell Inspiron 1545.  An error occurs when I try to load NetBSD into QEMU/KVM: "module 'cd9660' pushed by bootloader already exists" I installed Lubuntu 16.04 LTS previously.

July 17, 2017

• Stack Overflow Unable to compile lxml using pip and NetBSD

  I'm running NetBSD 7.1 and I'm trying to install Python's lxml package, using pip.

  However I get this compilation error:

  # pip install lxml
  Collecting lxml
    Using cached lxml-3.8.0.tar.gz
  Installing collected packages: lxml
    Running setup.py install for lxml ... error
      Complete output from command /usr/pkg/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-Xb5RT3/lxml/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-N6HUOc-record/install-record.txt --single-version-externally-managed --compile:
      Building lxml version 3.8.0.
      Building without Cython.
      Using build configuration of libxslt 1.1.29
      Building against libxml2/libxslt in one of the following directories:
        /usr/pkg/lib
        /usr/lib
      running install
      running build
      running build_py
      creating build
      creating build/lib.netbsd-7.1-amd64-2.7
      creating build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/sax.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/_elementpath.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/builder.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/ElementInclude.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/__init__.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/usedoctest.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/cssselect.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/pyclasslookup.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/doctestcompare.py -> build/lib.netbsd-7.1-amd64-2.7/lxml
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/__init__.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/diff.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/ElementSoup.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/html5parser.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/builder.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/__init__.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/usedoctest.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/_setmixin.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/clean.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/soupparser.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/_html5builder.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/_diffcommand.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/formfill.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      copying src/lxml/html/defs.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/html
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron
      copying src/lxml/isoschematron/__init__.py -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron
      copying src/lxml/lxml.etree.h -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/lxml.etree_api.h -> build/lib.netbsd-7.1-amd64-2.7/lxml
      copying src/lxml/includes/etreepublic.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/xinclude.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/xmlerror.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/htmlparser.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/config.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/xmlschema.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/uri.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/xslt.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/tree.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/xmlparser.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/dtdvalid.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/xpath.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/relaxng.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/c14n.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/schematron.pxd -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/etree_defs.h -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      copying src/lxml/includes/lxml-version.h -> build/lib.netbsd-7.1-amd64-2.7/lxml/includes
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/rng
      copying src/lxml/isoschematron/resources/rng/iso-schematron.rng -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/rng
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl
      copying src/lxml/isoschematron/resources/xsl/RNG2Schtrn.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl
      copying src/lxml/isoschematron/resources/xsl/XSD2Schtrn.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl
      creating build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_dsdl_include.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_abstract_expand.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_skeleton_for_xslt1.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_message.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_svrl_for_xslt1.xsl -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      copying src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt -> build/lib.netbsd-7.1-amd64-2.7/lxml/isoschematron/resources/xsl/iso-schematron-xslt1
      running build_ext
      building 'lxml.etree' extension
      creating build/temp.netbsd-7.1-amd64-2.7
      creating build/temp.netbsd-7.1-amd64-2.7/src
      creating build/temp.netbsd-7.1-amd64-2.7/src/lxml
      gcc -fno-strict-aliasing -O2 -pthread -I/usr/include -I/usr/pkg/include -DNDEBUG -O2 -pthread -I/usr/include -I/usr/pkg/include -fPIC -I/usr/pkg/include -I/usr/pkg/include/libxml2 -I/usr/include -Isrc/lxml/includes -I/usr/pkg/include/python2.7 -c src/lxml/lxml.etree.c -o build/temp.netbsd-7.1-amd64-2.7/src/lxml/lxml.etree.o -w
      In file included from /usr/pkg/include/libxml2/limits.h:168:0,
                       from /usr/pkg/include/libxml2/syslimits.h:7,
                       from /usr/pkg/include/libxml2/limits.h:34,
                       from /usr/pkg/include/python2.7/Python.h:19,
                       from src/lxml/lxml.etree.c:84:
      /usr/pkg/gcc5/lib/gcc/x86_64--netbsd/5.4.0/include-fixed/limits.h:168:61: fatal error: limits.h: No such file or directory
      compilation terminated.
      Compile failed: command 'gcc' failed with exit status 1
      creating tmp
      cc -I/usr/pkg/include -I/usr/pkg/include/libxml2 -I/usr/include -I/usr/include/libxml2 -c /tmp/xmlXPathInit_nXifU.c -o tmp/xmlXPathInit_nXifU.o
      unable to execute 'cc': No such file or directory
      *********************************************************************************
      Could not find function xmlCheckVersion in library libxml2. Is libxml2 installed?
      *********************************************************************************
      error: command 'gcc' failed with exit status 1
  
      ----------------------------------------
  Command "/usr/pkg/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-Xb5RT3/lxml/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-N6HUOc-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-Xb5RT3/lxml/
  

  I'm on a clean NetBSD 7.1 minimal installation, but have added the following using pkgsrc:

  # pkg_info
  xmlcatmgr-2.2nb1    XML and SGML catalog manager
  libxml2-2.9.4nb3    XML parser library from the GNOME project
  libgpg-error-1.27   Definitions of common error values for all GnuPG components
  libgcrypt-1.7.6     GNU cryptographic library
  libxslt-1.1.29nb2   XSLT parser library from the GNOME project
  mozilla-rootcerts-1.0.20170121nb5 Root CA certificates from the Mozilla Project
  libffi-3.2.1nb2     Foreign function interface
  python27-2.7.13nb1  Interpreted, interactive, object-oriented programming language
  py27-expat-2.7.13   Python interface to expat
  py27-appdirs-1.4.0  Module for determining appropriate, platform-specific dirs
  py27-pyparsing-2.1.10 Pyparsing module for Python
  py27-six-1.10.0     Python 2 and 3 compatibility utilities
  py27-packaging-16.8 Core utilities for Python packages
  py27-setuptools-34.3.2 New Python packaging system
  py27-pip-9.0.1      Installs Python packages as an easy_install replacement
  libxml-1.8.17nb4    XML parser (version 1), mainly used by the GNOME project
  py27-libxml2-2.9.4nb2 Python wrapper for libxml2
  py27-libxslt-1.1.29 Python wrapper for libxslt
  gccmakedep-1.0.3    Create dependencies in Makefiles using gcc
  gcc5-5.4.0nb2       The GNU Compiler Collection (GCC) - 5 Release Series
  boost-headers-1.63.0 Free, peer-reviewed portable C++ source libraries (build-time headers)
  compat_headers-0.2  Compatibility headers
  

July 15, 2017

• DragonFly BSD Digest In Other BSDs for 2017/07/15

  Backlog: cleared.

  • Elvish: friendly and expressive shell for Linux, macOS and BSDs.  Linked just because they bothered to mention BSD.  (via)
  • acme.sh: getting free SSL certificates – installation configuration on FreeBSD.
  • Writing a NetBSD kernel module.  (via)
  • ZFS Is the Best Filesystem (For Now…)  (via)
  • Building an IPsec Gateway With OpenBSD.  (via)
  • AF3e Status, 17 July 2017.  That’s Absolute FreeBSD 3rd Edition.
  • Looking for a benchmark comparation between PF (OpenBSD) vs NPF (NetBSD)
  • Announcing the pkgsrc-2017Q2 release (2017-07-10).  (via)
  • pkgsrcCon 2017 report and also slides/video.  (via)
  • Recommend BSD to Thinkpad users?  Can’t find an actual thread, though.
  • Porting NetBSD to Allwinner H3 SoCs.  (via)
  • OPNsense 17.7 RC1.
  • OpenBSD and the Modern Laptop.

July 12, 2017

• Stack Overflow How to build netbsd based mobile os

  I'm searching for way to start my own project I wanna build a mobile os based on netbsd I will use netbsd ARM kernel to make my own SoC Os could you give a resources and tools to get started

July 09, 2017

• OS News Porting NetBSD to Allwinner H3 SoCs
  A new SUNXI evbarm kernel has appeared recently in NetBSD -current with support for boards based on the Allwinner H3 system on a chip (SoC). The H3 SoC is a quad-core Cortex-A7 SoC designed primarily for set-top boxes, but has managed to find its way into many single-board computers (SBC). This is one of the first evbarm ports built from the ground up with device tree support, which helps us to use a single kernel config to support many different boards.
• NetBSD Blog Porting NetBSD to Allwinner H3 SoCs

  A new SUNXI evbarm kernel has appeared recently in NetBSD -current with support for boards based on the Allwinner H3 system on a chip (SoC). The H3 SoC is a quad-core Cortex-A7 SoC designed primarily for set-top boxes, but has managed to find its way into many single-board computers (SBC). This is one of the first evbarm ports built from the ground up with device tree support, which helps us to use a single kernel config to support many different boards.

  To get these boards up and running, first we need to deal with low-level startup code. For the SUNXI kernel this currently lives in sys/arch/evbarm/sunxi/. The purpose of this code is fairly simple; initialize the boot CPU and initialize the MMU so we can jump to the kernel. The initial MMU configuration needs to cover a few things -- early on we need to be able to access the kernel, UART debug console, and the device tree blob (DTB) passed in from U-Boot. We wrap the kernel in a U-Boot header that claims to be a Linux kernel; this is no accident! This tells U-Boot to use the Linux boot protocol when loading the kernel, which ensures that the DTB (loaded by U-Boot) is processed and passed to us in r2.

  Once the CPU and MMU are ready, we jump to the generic ARM FDT implementation of initarm in sys/arch/evbarm/fdt/fdt_machdep.c. The first thing this code does is validate and relocate the DTB data. After it has been relocated, we compare the compatible property of the root node in the device tree with the list of ARM platforms compiled into the kernel. The Allwinner sunxi platform code lives in sys/arch/arm/sunxi/sunxi_platform.c. The sunxi platform code provides SoC-specific versions of code needed early at boot. We need to know how to initialize the debug console, spin up application CPUs, reset the board, etc.

  Instead of writing H3-specific code for spinning up application CPUs, I took advantage of U-Boot's Power State Coordination Interface implementation. A psci(4) driver was added and the allwinner,sun8i-h3 platform code was modified to use this code to start up all processors.

  With a bit of luck, we're now booting and enumerating devices. Apart from a few devices, almost nothing works yet as we are missing a driver for the CCU. The CCU in the Allwinner H3 SoC controls PLLs and most of the clock generation, division, muxing, and gating. Since there are many similarities between Allwinner SoCs, I opted to write generic CCU code and then SoC-specific frontends. The resulting code lives in sys/arch/arm/sunxi/; generic code as sunxi_ccu.c and H3-specific code in sun8i_h3_ccu.c.

  Now we have a CCU driver, we can attach a com(4) and have a valid console device.

  After this, it's a matter of writing drivers and/or adapting existing code to attach to fdtbus based on the bindings used in the DTB. For cases where we had a compatible driver in the old Allwinner port, I opted to make a copy of the code and FDT-ize it. A few reasons for this -- 1) the old drivers have CCU-specific code with per-SoC ifdefs scattered throughout, 2) I didn't want to break existing kernels, and 3) long term goal is to move the SoCs supported by the old code over to the new code (this process has already started with the Allwinner A31 port).

  So what do we get out of this? This is a step towards being able to ship a GENERIC evbarm kernel. I developed the H3 port on two boards, the NanoPi NEO and Orange Pi Plus 2E, but since then users on port-arm@ have been reporting success on many other H3 boards, all from a single kernel config. In addition, I've added support for other Allwinner SoCs (sun8i-a83t, sun6i-a31) to the kernel and have tested booting the same kernel across all 3 SoCs.

  Orange Pi Plus 2E boot log is below.

  U-Boot SPL 2017.05 (Jul 01 2017 - 17:11:09)
  DRAM: 2048 MiB
  Trying to boot from MMC1
  
  
  U-Boot 2017.05 (Jul 01 2017 - 17:11:09 -0300) Allwinner Technology
  
  CPU:   Allwinner H3 (SUN8I 1680)
  Model: Xunlong Orange Pi Plus 2E
  I2C:   ready
  DRAM:  2 GiB
  MMC:   SUNXI SD/MMC: 0, SUNXI SD/MMC: 1
  In:    serial
  Out:   serial
  Err:   serial
  Net:   phy interface7
  eth0: [email protected]
  starting USB...
  USB0:   USB EHCI 1.00
  USB1:   USB OHCI 1.0
  USB2:   USB EHCI 1.00
  USB3:   USB OHCI 1.0
  USB4:   USB EHCI 1.00
  USB5:   USB OHCI 1.0
  scanning bus 0 for devices... 2 USB Device(s) found
  scanning bus 2 for devices... 1 USB Device(s) found
  scanning bus 4 for devices... 1 USB Device(s) found
         scanning usb for storage devices... 0 Storage Device(s) found
  Hit any key to stop autoboot:  0
  reading netbsd.ub
  6600212 bytes read in 334 ms (18.8 MiB/s)
  reading sun8i-h3-orangepi-plus2e.dtb
  16775 bytes read in 49 ms (334 KiB/s)
  ## Booting kernel from Legacy Image at 42000000 ...
     Image Name:   NetBSD/sunxi 8.99.1
     Image Type:   ARM Linux Kernel Image (uncompressed)
     Data Size:    6600148 Bytes = 6.3 MiB
     Load Address: 40008000
     Entry Point:  40008000
     Verifying Checksum ... OK
  ## Flattened Device Tree blob at 43000000
     Booting using the fdt blob at 0x43000000
     Loading Kernel Image ... OK
     Loading Device Tree to 49ff8000, end 49fff186 ... OK
  
  Starting kernel ...
  
  [ Kernel symbol table missing! ]
  Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
      2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
      The NetBSD Foundation, Inc.  All rights reserved.
  Copyright (c) 1982, 1986, 1989, 1991, 1993
      The Regents of the University of California.  All rights reserved.
  
  NetBSD 8.99.1 (SUNXI) #304: Sat Jul  8 11:01:22 ADT 2017
          [email protected]:[email protected]XI
  total memory = 2048 MB
  avail memory = 2020 MB
  sysctl_createv: sysctl_create(machine_arch) returned 17
  armfdt0 (root)
  fdt0 at armfdt0: Xunlong Orange Pi Plus 2E
  fdt1 at fdt0
  fdt2 at fdt0
  cpus0 at fdt0
  cpu0 at cpus0: Cortex-A7 r0p5 (Cortex V7A core)
  cpu0: DC enabled IC enabled WB disabled EABT branch prediction enabled
  cpu0: 32KB/32B 2-way L1 VIPT Instruction cache
  cpu0: 32KB/64B 4-way write-back-locking-C L1 PIPT Data cache
  cpu0: 512KB/64B 8-way write-through L2 PIPT Unified cache
  vfp0 at cpu0: NEON MPE (VFP 3.0+), rounding, NaN propagation, denormals
  cpu1 at cpus0
  cpu2 at cpus0
  cpu3 at cpus0
  gic0 at fdt1: GIC
  armgic0 at gic0: Generic Interrupt Controller, 160 sources (150 valid)
  armgic0: 16 Priorities, 128 SPIs, 7 PPIs, 15 SGIs
  fclock0 at fdt2: 24000000 Hz fixed clock
  ffclock0 at fdt2: x1 /1 fixed-factor clock
  fclock1 at fdt2: 32768 Hz fixed clock
  sunxigates0 at fdt2
  sunxiresets0 at fdt1
  gtmr0 at fdt0: Generic Timer
  armgtmr0 at gtmr0: ARMv7 Generic 64-bit Timer (24000 kHz)
  armgtmr0: interrupting on irq 27
  sunxigpio0 at fdt1: PIO
  gpio0 at sunxigpio0: 94 pins
  sunxigpio1 at fdt1: PIO
  gpio1 at sunxigpio1: 12 pins
  sun8ih3ccu0 at fdt1: H3 CCU
  fregulator0 at fdt0: vcc3v3
  fregulator1 at fdt0: gmac-3v3
  fregulator2 at fdt0: vcc3v0
  fregulator3 at fdt0: vcc5v0
  sunxiusbphy0 at fdt1: USB PHY
  [email protected] at fdt1 not configured
  [email protected] at fdt1 not configured
  [email protected] at fdt2 not configured
  sunxiemac0 at fdt1: EMAC
  sunxiemac0: interrupting on GIC irq 114
  rgephy0 at sunxiemac0 phy 0: RTL8169S/8110S/8211 1000BASE-T media interface, rev. 5
  rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
  rgephy1 at sunxiemac0 phy 1: RTL8169S/8110S/8211 1000BASE-T media interface, rev. 5
  rgephy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
  psci0 at fdt0: PSCI 0.1
  gpioleds0 at fdt0: orangepi:green:pwr orangepi:red:status
  gpiokeys0 at fdt0: sw4
  sunximmc0 at fdt1: SD/MMC controller
  sunximmc0: interrupting on GIC irq 92
  sunximmc1 at fdt1: SD/MMC controller
  sunximmc1: interrupting on GIC irq 93
  sunximmc2 at fdt1: SD/MMC controller
  sunximmc2: interrupting on GIC irq 94
  ehci0 at fdt1: EHCI
  ehci0: interrupting on GIC irq 106
  ehci0: 1 companion controller, 1 port
  usb0 at ehci0: USB revision 2.0
  ohci0 at fdt1: OHCI
  ohci0: interrupting on GIC irq 107
  ohci0: OHCI version 1.0
  usb1 at ohci0: USB revision 1.0
  ehci1 at fdt1: EHCI
  ehci1: interrupting on GIC irq 108
  ehci1: 1 companion controller, 1 port
  usb2 at ehci1: USB revision 2.0
  ohci1 at fdt1: OHCI
  ohci1: interrupting on GIC irq 109
  ohci1: OHCI version 1.0
  usb3 at ohci1: USB revision 1.0
  ehci2 at fdt1: EHCI
  ehci2: interrupting on GIC irq 110
  ehci2: 1 companion controller, 1 port
  usb4 at ehci2: USB revision 2.0
  ohci2 at fdt1: OHCI
  ohci2: interrupting on GIC irq 111
  ohci2: OHCI version 1.0
  usb5 at ohci2: USB revision 1.0
  [email protected] at fdt1 not configured
  [email protected] at fdt1 not configured
  [email protected] at fdt1 not configured
  com0 at fdt1: ns16550a, working fifo
  com0: console
  com0: interrupting on GIC irq 32
  sunxirtc0 at fdt1: RTC
  [email protected] at fdt1 not configured
  cpu3: Cortex-A7 r0p5 (Cortex V7A core)
  cpu3: DC enabled IC enabled WB disabled EABT branch prediction enabled
  cpu3: 32KB/32B 2-way L1 VIPT Instruction cache
  cpu3: 32KB/64B 4-way write-back-locking-C L1 PIPT Data cache
  cpu3: 512KB/64B 8-way write-through L2 PIPT Unified cache
  vfp3 at cpu3: NEON MPE (VFP 3.0+), rounding, NaN propagation, denormals
  cpu1: Cortex-A7 r0p5 (Cortex V7A core)
  cpu1: DC enabled IC enabled WB disabled EABT branch prediction enabled
  cpu1: 32KB/32B 2-way L1 VIPT Instruction cache
  cpu1: 32KB/64B 4-way write-back-locking-C L1 PIPT Data cache
  cpu1: 512KB/64B 8-way write-through L2 PIPT Unified cache
  vfp1 at cpu1: NEON MPE (VFP 3.0+), rounding, NaN propagation, denormals
  cpu2: Cortex-A7 r0p5 (Cortex V7A core)
  cpu2: DC enabled IC enabled WB disabled EABT branch prediction enabled
  cpu2: 32KB/32B 2-way L1 VIPT Instruction cache
  cpu2: 32KB/64B 4-way write-back-locking-C L1 PIPT Data cache
  cpu2: 512KB/64B 8-way write-through L2 PIPT Unified cache
  vfp2 at cpu2: NEON MPE (VFP 3.0+), rounding, NaN propagation, denormals
  sdmmc0 at sunximmc0
  sdmmc1 at sunximmc1
  sdmmc2 at sunximmc2
  uhub0 at usb0: Generic (0000) EHCI root hub (0000), class 9/0, rev 2.00/1.00, addr 1
  uhub1 at usb2: Generic (0000) EHCI root hub (0000), class 9/0, rev 2.00/1.00, addr 1
  uhub2 at usb3: Generic (0000) OHCI root hub (0000), class 9/0, rev 1.00/1.00, addr 1
  uhub3 at usb1: Generic (0000) OHCI root hub (0000), class 9/0, rev 1.00/1.00, addr 1
  uhub4 at usb4: Generic (0000) EHCI root hub (0000), class 9/0, rev 2.00/1.00, addr 1
  uhub5 at usb5: Generic (0000) OHCI root hub (0000), class 9/0, rev 1.00/1.00, addr 1
  ld2 at sdmmc2: <0x15:0x0100:AWPD3R:0x00:0xec19649f:0x000>
  sdmmc0: SD card status: 4-bit, C10, U1, V10
  ld0 at sdmmc0: <0x27:0x5048:2&DRP:0x07:0x01c828bc:0x109>
  ld2: 14910 MB, 7573 cyl, 64 head, 63 sec, 512 bytes/sect x 30535680 sectors
  ld0: 15288 MB, 7765 cyl, 64 head, 63 sec, 512 bytes/sect x 31309824 sectors
  (manufacturer 0x24c, product 0xf179, standard function interface code 0x7)at sdmmc1 function 1 not configured
  ld2: mbr partition exceeds disk size
  ld0: 4-bit width, High-Speed/SDR25, 50.000 MHz
  ld2: 8-bit width, 52.000 MHz
  urtwn0 at uhub0 port 1
  urtwn0: Realtek (0xbda) 802.11n NIC (0x8179), rev 2.00/0.00, addr 2
  urtwn0: MAC/BB RTL8188EU, RF 6052 1T1R, address e8:de:27:16:0c:81
  urtwn0: 1 rx pipe, 2 tx pipes
  urtwn0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
  urtwn0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
  boot device: ld0
  root on ld0a dumps on ld0b
  root file system type: ffs
  kern.module.path=/stand/evbarm/8.99.1/modules
  WARNING: clock lost 6398 days
  WARNING: using filesystem time
  WARNING: CHECK AND RESET THE DATE!
  Sat Jul  8 11:05:42 ADT 2017
  Starting root file system check:
  /dev/rld0a: file system is clean; not checking
  Not resizing /: already correct size
  swapctl: adding /dev/ld0b as swap device at priority 0
  Starting file system checks:
  /dev/rld0e: 22 files, 32340 free (8085 clusters)
  random_seed: /var/db/entropy-file: Not present
  Setting tty flags.
  Setting sysctl variables:
  ddb.onpanic: 1 -> 1
  Starting network.
  Hostname: sunxi
  IPv6 mode: host
  Configuring network interfaces:.
  Adding interface aliases:.
  Waiting for DAD to complete for statically configured addresses...
  Starting dhcpcd.
  Starting mdnsd.
  Building databases: dev, utmp, utmpx.
  Starting syslogd.
  Mounting all file systems...
  Clearing temporary files.
  Updating fontconfig cache: done.
  Creating a.out runtime link editor directory cache.
  Checking quotas: done.
  Setting securelevel: kern.securelevel: 0 -> 1
  Starting virecover.
  Checking for core dump...
  savecore: no core dump
  Starting devpubd.
  Starting local daemons:.
  Updating motd.
  Starting ntpd.
  Jul  8 11:05:58 sunxi ntpd[595]: ntp_rlimit: Cannot set RLIMIT_STACK: Invalid argument
  Starting sshd.
  Starting inetd.
  Starting cron.
  Sat Jul  8 11:06:02 ADT 2017
  
  NetBSD/evbarm (sunxi) (console)
  
  login:
  

July 08, 2017

• NetBSD Blog pkgsrcCon 2017 report

  This years pkgsrcCon returned to London once again. It was last held in London back in 2014. The 2014 con was the first pkgsrcCon I attended, I had been working on Darwin/PowerPC fixes for some months and presented on the progress I'd made with a 12" G4 PowerBook. I took away a G4 Mac Mini that day to help spare the PowerBook for use and dedicate a machine for build and testing. The offer of PowerPC hardware donations was repeated at this years con, thanks to jperkin@ who showed up with a backpack full of Mac Minis (more on that later).

  Since 2014 we have held cons in Berlin (2015) & Krakow (2016). In Krakow we had talks about a wide range of projects over 2 days, from Haiku Ports to Common Lisp to midipix (building native PE binaries for Windows) and back to the BSDs. I was very pleased to continue the theme of a diverse program this year.

  Aside from pkgsrc and NetBSD, we had talks about FreeBSD, OpenBSD, Slackware Linux, and Plan 9.
  Things began with a pub gathering on the Friday for the pre-con social, we hung out and chatted till almost midnight on a wide range of topics, such as supporting a system using NFS on MS-DOS, the origins of pdksh, corporate IT, culture and many other topics.

  On parting I was asked about the starting time on Saturday as there was some conflicting information. I learnt that the registration email had stated a later start than I had scheduled for & advertised on the website, by 30 minutes.
  Lesson learnt: register for your own event!
  Not a problem, I still needed to setup a webpage for the live video stream, I could do both when I got back. With some trimming here and there I had a new schedule, I posted that to the pkgsrcCon website and moved to trying to setup a basic web page which contained a snippet of javascript to play a live video stream from Scale Engine.
  2+ hours later, it was pointed out that the XSS protection headers on pkgsrc.org breaks the functionality. Thanks to jmcneill@ for debugging and providing a working page.

  Saturday started off with Giovanni Bechis speaking about pledge in OpenBSD and adding support to various packages in their ports tree, alnsn@ then spoke about installing packages from a repo hosted on the Tor network.

  After a quick coffee break we were back to hear Charles Forsyth speak about how Plan 9 and Inferno dealt with portability, building software and the problem which are avoided by the environment there. This was followed by a very energetic rant by David Spencer from the Slackbuilds project on packaging 3rd party software. Slackbuilds is a packaging system for Slackware Linux, which was inspired by FreeBSD ports.

  For the first slot after lunch, agc@ gave a talk on the early history of pkgsrc followed by Thomas Merkel on using vagrant to test pkgsrc changes with ease, locally, using vagrant. khorben@ covered his work on adding security to pkgsrc and bsiegert@ covered the benefits of performing our bulk builds in the cloud and the challenges we currently face.
  My talk was about some topics and ideas which had inspired me or caught my attention, and how it could maybe apply to my work.The title of the talk was taken from the name of Andrew Weatherall's Saint Etienne remix, possibly referring to two different styles of track (dub & vocal) merged into one or something else. I meant it in terms of applicability of thoughts and ideas. After me, agc@ gave a second talk on the evolution of the Netflix Open Connect appliance which runs FreeBSD and Vsevolod Stakhov wrapped up the day with a talk about the technical implementation details of the successor to pkg_tools in FreeBSD, called pkg, and how it could be of benefit for pkgsrc.

  Netflix confirms it: BSD is not dying #pkgsrcCon

  — Benny Siegert (@bentsukun) July 1, 2017

  For day 2 we gathered for a hack day at the London Hack Space.
  I had burn't some some CD of the most recent macppc builds of NetBSD 8.0_BETA and -current to install and upgrade Mac Minis. I setup the donated G4 minis for everyone in a dual-boot configuration and moved on to taking apart my MacBook Air to inspect the wifi adapter as I wanted to replace it with something which works on FreeBSD. It was not clear from the ifixit teardown photos of cards size, it seemed like a normal mini-PCIe card but it turned out to be far smaller. Thomas had also had the same card in his and we are not alone. Thomas has started putting together a driver for the Broadcom card, the project is still in its early days and lacks support for encrypted networks but hopefully it will appear on review.freebsd.org in the future.
  weidi@ worked on fixing SunOS bugs in various packages and later in the night we setup a NetBSD/macppc bulk build environment together on his Mac Mini.
  Thomas setup an OpenGrock instance to index the source code of all the software available for packaging in pkgsrc. This helps make the evaluation of changes easier and the scope of impact a little quicker without having to run through a potentially lengthy bulk build with a change in mind to realise the impact.
  bsiegert@ cleared his ticket and email backlog for pkgsrc and alnsn@ got NetBSD/evbmips64-eb booting on his EdgeRouter Lite.

  #pkgsrcCon hackathon work by @docscream: https://t.co/3GY3TRtdNV code search over everything (still indexing)

  — Wiedi (@wied0r) July 2, 2017

  On Monday we reconvened at the Hack Space again and worked some more. I started putting together the talks page with the details from Saturday and the the slides which I had received, in preperation for the videos which would come later in the week. By 3pm pkgsrcCon was over. I was pretty exhausted but really pleased to have had a few days of techie fun.

  Many thanks to The NetBSD Foundation for purchasing a camera to use for streaming the event and a speedy response all round by the board. The Open Source Specialist Group at BCS, The Chartered Institute for IT and the London Hack Space for hosting us. Scale Engine for providing streaming facility. weidi@ for hosting the recorded videos.
  Allan Jude for pointers, Jared McNeill for debugging, NYCBUG and Patrick McEvoy for tips on streaming, the attendees and speakers. This year we had speakers from USA, Italy, Germany and London E2.
  Looking forward to pkgsrcCon 2018!

  The videos and slides are available here and the Internet Archive.

• DragonFly BSD Digest In Other BSDs for 2017/07/08

  This one wrote itself almost in one night from articles I had stored up.

  • Latest blog post – UEFI multi-boot setup with Linux and most of the BSDs!  (via)
  • State of graphics support across BSDs
  • Daemons and friendly Ninjas.  (via)
  • FreeBSD 11.1-RC1 out.
  • Kernel relinking status from Theo de Raadt.
  • On the Insecurity of TIOCSTI.
  • BSDCan 2017 – Trip report double-p.
  • d2k17 hackathon report: Martin Pieuchot on moving the network stack out of the big lock.
  • d2k17 Hackathon Report: Alexander Bluhm on Network Stack Improvements and more.
  • “Absolute FreeBSD 3rd Edition” update.
  • openbsd changes of note 624
  • “My life long dream of working with cvs and ed has come true”  (via)
  • Assembling the history of Unix.  Really, BSD prehistory. (via)
  • FreeBSD deprecates all r-cmds (rcp, rlogin, etc.)  (via)
  • OPNSense 17.1.9 out.
  • Request for testing: https://beta.undeadly.org/.

   

   

July 05, 2017

• Roy Marples IP address sharing

  So dhcpcd has supported a shared IP address for a long time. It did this by removing the address from the non preferrred interface and then adding it to the preferred interface.
  Easy!

  But this came with some issues:

  • There is a window where the IP address doesn't exist, and the kernel may wipe out the subnet route at that point also.
  • DHCP renews didn't come through to the right interface.
  • Some kernels didn't like the address moving interfaces.

  Still, to the best of my knowledge, no other product has this feature and for the most part, it did work well allowing almost seamless switching of wired -> wireless and back again with both using the same IP address. But that wasn't good enough - I was challenged to do better!

  So I took up the bat and cooked up this changeset to change the behaviour to this:

  • Each applicable interface will have the shared ip address.
  • Whenever the address is added, the most preferred address will be ARP announced.

  And lo - IT WORKS!!! The changeover when plugging/removing the wired interface is 100% seamless for me. ssh, ping, etc get zero interuption. Of course, YMMV ;)
  But there are some costs:

  • Thanks to ARP, only the primary interface will receive DHCP unicast messages for other interfaces.
    As such we need to re-direct them to the correct interface by examining xid and chaddr.
    This means we have to relax the BPF filters to allow more through.
  • Kernels supporting RFC5227 will double ARP announce the address.
  • NetBSD-8 kernels needed some love to get it to work and there's still an issue with it not working when an address is deleted from the interface.

  Only the last bullet is really important, which is mainly why the changeset hasn't hit the master branch yet. But that should be fixed soon. The other points can be fixed as and when.

July 03, 2017

• NetBSD Blog LLVM asan and ubsan on NetBSD
  Over the last 30 days I was focusing on getting the environment to enable LLVM sanitizers and the Clang compiler on NetBSD. Meanwhile I pushed forward generic parts that were needing enhancements around pkgsrc and LLVM in general to ease the future LLDB work.

  dogfood

  When I have realized that in order to work on the LLVM sanitizers I need to use Clang as the compiler. A part of the compiler-rt (lowlevel LLVM compiler runtime library) has code specifically incompatible with GCC. It was mainly related to intrinsic instructions for atomic functions. I tried to research how much work is needed to port it to GCC. It happened to be non-trivial and I filed a bug on the LLVM bugzilla.

  These circumstances made me to switch to Clang as the pkgsrc toolchain. I was using it to test the compilation of small bulks of packages and record build and compiler problems. To save time, I used ccache as my cache for builds.

  My options in mk.conf(5):

  PKGSRC_COMPILER=        ccache clang
  CCACHE_BASE=            /usr/local
  CCACHE_DIR=             /public/ccache_tmp
  CCACHE_LOGFILE=         /tmp/ccache.txt
  PKG_CC=                 clang
  PKG_CXX=                clang++
  CLANGBASE=              /usr/local
  HAVE_LLVM=              yes
  

  It's worth noting that ccache with pkgsrc won't check $HOME/.ccache for configuration, it must be placed in $CCACHE_DIR/ccache.conf.

  The documented problems can be summarized as:

  • Broken ccache in pkgsrc for C++11 packages.
    The pkgsrc framework started supporting C++ languages in the USE_LANGUAGES definition. Packages with newly added USE_LANGUAGES values (such as c++11) were not compiled with ccache because ccache.mk was not yet aware of such values. This broke support of these packages to set these values to be built with ccache. I've corrected it and introduced a new option CCACHE_LOGFILE to more easily track execution of ccache and detect errors.
  • Broken ccache in pkgsrc for a custom toolchain.
    ccache tries finding a real-compiler looking for it in $PATH. When I have built clang within pkgsrc to work on it (installed into /usr/pkg), and I had my main toolchain in /usr/local it was picking the one from /usr/pkg for new builds and it resulted in cache-misses for new builds. I have installed a fix for it to pass ccache specific PATH to always find the appropriate compiler.
  • Header <execinfo.h> cannot be included on Clang 5.0.0svn.
    For some reason compilers tend to install their own headers that overshadow the system headers. This resulted in build failures in programs including plain <execinfo.h> header (for the backtrace(3) function). This system header used to include <stddef.h> that included our <sys/cdefs.h>... with shadowed <stddef.h> by Clang 5.0.0svn (from $PREFIX/lib/clang/5.0.0/include/stddef.h). Christos Zoulas fixed it by making <execinfo.h> standalone and independent from standard libc headers.
  • __float128 and GNU libstdc++.
    Our basesystem GNU libstdc++ enables __float128 on i386, amd64 and i64 ports. As of now the LLVM equivalent library contains partial support for this type. This results in a problem that affects 3rd party programs in the setup of Clang + libstdc++ detect __float128 support and break because the compiler does not define appropriate global define __FLOAT128__. This issue is still open for discussion on how to solve it for NetBSD.
  • gforth optimization problems.
    Upstream gforth developers ported this FORTH compiler to Clang, and triggered an optimization issue with attempting to needlessly solve a complex internal problem. This results with compilation times of several minutes on a modern CPUs instead of getting the results immediately. The problem has been already reported on the LLVM bugzilla and I have filed a report that it is still valid.
  • bochs can be built with clang.
    A while ago, bochs was buildable only by the GCC compilers and the Clang toolchain was blacklisted. I have verified that this is no longer the case and unmasked the package for compilers other than GCC.

  LLVM and Clang testsuites

  I have prepared Clang and LLVM testsuites to execute on NetBSD. Correctness of both projects is crucial for LLDB and the LLVM sanitizers to work because their issues resound problems inside programs that depend on them. Originally I have corrected the tests with local patches to build with GCC, and switched later to Clang. I have restructured the packages in pkgsrc-wip in order to execute the test-suite. I have fixed 20 test failures in LLVM implementing AllocateRWX and ReleaseRWX for the NetBSD flavor of PaX MPROTECT. There are still over 200 failures to solve!

  It's worth noting that the googletest library (used in a modified version in LLVM and in a regular one in Clang) finally accepted the NetBSD patches.

  LLVM asan and ubsan

  I expect to get four LLVM sanitizers working in order to move on to LLDB: asan (address sanitizer), ubsan (undefined behavior sanitizer), tsan (thread sanitizer), msan (memory sanitizer). The other ones like dfsan (data-flow sanitizer) or lsan (leak sanitizer) are currently to be skipped. In general, sanitizers are part of the LLDB functionality that I want to get aboard on NetBSD, as there are plugins to integrate them within the debugger. In the current state I require them to debug bugs inside LLDB/NetBSD.

  The original work on sanitizers in GCC (with libsanitizer) has been done by Christos Zoulas. GCC libsanitizer is a close sibling of compiler-rt/lib from the LLVM project. I picked up his work and integrated it into compiler-rt and developed the rest (code differences, fixing bugs, Clang/LLVM specific parts in llvm/ and clang/) and I managed to get asan and ubsan to work.

  Users should pickup pkgsrc-wip in revision 3e7c52b97b4d6cb8ea69a081409ac818c812c34a and install wip/{llvm,clang,compiler-rt}-netbsd. Clang will be ready for usage:

  /usr/pkg/bin/clang -fsanitize=undefined test.c
  

  and

  /usr/pkg/bin/clang -fsanitize=address test.c
  

  Additional compiler commands that may improve the experience:

  -g -O0 -fno-omit-frame-pointer -pie -fPIE
  

  These sanitizers are not production ready and are active under development.

  Plan for the next milestone

  Roadmap for the next month:

  • Finish and send upstream LLVM asan and ubsan support.
  • Correct more problems triggered by LLVM and Clang test-suites.
  • Resume msan and tsan porting.

  This work was sponsored by The NetBSD Foundation.

  The NetBSD Foundation is a non-profit organization and welcomes any donations to help us continue funding projects and services to the open-source community. Please consider visiting the following URL, and chip in what you can:

  http://netbsd.org/donations/#how-to-donate

July 01, 2017

• NetBSD Blog pkgsrcCon 2016 report
  pkgsrcCon is the annual technical conference for people working on pkgsrc, a framework for building over 17,000 open source software packages. pkgsrc is the native package manager on NetBSD, SmartOS and Minix, and is portable across many different operating systems including Linux and Mac OS X.

  The last year's pkgsrcCon 2016 event took place in Kraków, Poland.

  Slides are available on the event site.

  Video recordings are stored at https://archive.org/details/pkgsrcCon-2016.

  We would like to thank the organizers, sponsors and promotion from the Jagiellonian University, The NetBSD Foundation, Programista Magazyn, OS World, and Subcarpathian BSD User Group.

June 25, 2017

• DragonFly BSD Digest In Other BSDs for 2017/06/25

  Back to overflow, which sort of makes my life easier.

  • BCHS: BSD, C, httpd, SQLite.  Linked before, so comments on source links are where to look if you are already familiar with BHCS.
  • Possible stack vulnerabilities in BSD-land.
  • How to disable cores in OpenBSD?
  • Nextcloud via httpd on OpenBSD.  (via)
  • MP-safe Networking in NetBSD.  PDF, from BSDCan.  (via)
  • BSDCan 2017 Recap from iXSystems.
  • Unix in Europe: between innovation, diffusion and heritage.  October 19th, Paris, France.  (via)
  • The Stack Clash, via many places.
  • pkgsrcCon 2017, in one week.
  • PCIe adapters supporting long distance 10GB fiber?  Note that this is for BSD-based, server-based routers.  Follow the thread for lots of hardware talk.
  • OpenBSD now has Trapsleds to make life harder for ROPers.

June 23, 2017

• Roy Marples Learing ASP.NET Core

  I rarely talk about work here. But in this case I will because although it's unrelated entirely to my Open Source projects it's actually very enjoyable for a change because we have the change to use some cutting edge tech. Like any large and old product there are crusty bits - some of ours are so crusty they are implemented in Visual Basic 6. So Management have give us the green light to replace a large chunk of that and now that we're part of a bigger business (the joy's of being bought by a large company) we have a mandate to use relevant tech. So I'm learning all about ASP.NET Core and Entity Framework Core. We'll be creating MicroServices talking to an API Gateway, each in a Docker Container. We'll mandate that each project has to have no compile warnings and uses StyleCopy Analyzers. Also we must have unit tests across the board. Each checkin will trigger a static analysis by Sonar Qube. This will be a full Continuous Integration Pipeline.

  This is a massive change from the way we've worked before and it excites me! The bad news is that I am spending some of my hobby time on this because it's fun! But I should be getting back onto dhcpcd / NetBSD related stuff soon once the initial prototypes are in place and the new tech feeling wears off.

June 22, 2017

• Server Fault How to log ssh client connection/command?

  I would like to know how i could log SSH command lines a user is using on a server. For exemple, if the user Alex on my server is doing the following set of commands :

  $ cd /tmp
  $ touch myfile
  $ ssh [email protected]
  $ ssh [email protected]
  $ vim anotherfile
  $ ssh [email protected]
  

  I would like to log the ssh commands used on the server in a file which looks like :

  [2014-07-25 10:10:10] Alex : ssh [email protected]
  [2014-07-25 10:18:20] Alex : ssh [email protected]
  [2014-07-25 11:15:10] Alex : ssh [email protected]
  

  I don't care what he did during his ssh session, i just want to know WHEN and TO WHERE he made a connection to another server.

  The user is not using bash and i would like to avoid manipulating .bash_history anyway as the user can modify it.

  Any clue on this ?

  Thank you :)

  edit : to be more specific :

  a user connects to a server A and then connects from the server A to server B. I want to track down to which server he connects through ssh from server A.

June 20, 2017

• NetBSD Blog In Memoriam Nicolas Joly
  Nicolas Joly passed away on 2017-06-07.

  Born in 1969, he developed a passion for computer science in his youth but chose to study biology. He then attended a bioinformatics training at the Pasteur Institute in 1997 at the end of which he got hired in the scientific IT department. He has continuously worked there since. Not only was he skilled in biology but also in system administration, databases, and programming.

  He was introduced to NetBSD in 1999 and quickly became a dedicated user and hacker. He became a NetBSD developer in 2007 for working on Linux/i386 (32 bits) emulation on NetBSD/amd64 (64 bits).

  Nicolas leaves a wife and three children.

  Memorial note submitted by Marc Baudoin.

June 17, 2017

• DragonFly BSD Digest In Other BSDs for 2017/06/17

  All found-this-week links, now.

  • KARL – kernel address randomized link.  (via)
  • g4u (Ghost for Unix) 2.6, a venerable imaging tool, released.
  • Native Command Queuing – merging and testing. (NetBSD)
  • New TrueNAS x10, a BSD-based storage product.
  • secmodel sandbox : An application sandbox for NetBSD (draft). (via)
  • FreeBSD 11.1-BETA is out.
  • FreeNAS 11.0 is out.  (via)
  • Running OpenBSD on Azure.
  • Newbie from Linux – have a Lenovo Ideapad – best BSD?
  • d2k17 Hackathon Report: Florian Obser on slaacd(8).
  • d2k17 Hackathon Report: Antoine Jacoutot on rc.d, syspatch, and more.
  • The NetBSD repo and moving to Git.  (via)
  • Oil changes, safety recalls, and software patches.

   

June 14, 2017

• Amitai Schlair Taavi Lua Schleier

  Our child arrived a week ago, at 6 pounds 6 ounces on 6/6. On Friday, we introduced him to his grandparents via Skype, showing them his name on an iPad. It looked like this:

  

  We’ve been home for a few days. Yesterday Taavi looked — and looked! — like this:

  

  I don’t know what Taavi looked like while listening to me play the piano last night. If indeed he was listening, he heard bits and pieces of Medtner’s “Dance Tale”, Op. 48 No. 1, and then the Brahms Intermezzo, Op. 117 No. 1 I had hummed to him in the cocoon.

  My sister and both grandmae have held him. Grandpae and Bekki’s brothers will soon. Everyone is happy and healthy. About the name:

  Taavi

  Finnish/Estonian variant of Hebrew David, “beloved”.

  • We like the sound
  • We like the meaning
  • We like the Hebrew connection
  • We like how Germans and Israelis and Americans will be able to pronounce it
  • After a couple days with him, we both independently decided he’s Taavi (and not the other names we were thinking about)
  • Amitai likes being able to vaguely associate the name with Medtner (of Livonian descent, Germans who settled in the Baltics, of which Estonia is one)
  • Sounds phonetically related to “Amitai” and “Bekki”
  • The first “a” is in memory of our friend Andrew

  Lua

  Portuguese, “moon”.

  • Born under a big moon (waxing gibbous), and he went home on the full moon
  • We like the sound
  • We like mixing languages for our citizen of the world
  • We like the reminder to look beyond our world
  • We like the association with our love and memory of another very special animal, Lunar
  • We like the association with our Haskell, by virtue of both being programming languages
  • The Lua programming language is included in NetBSD, an open-source project which led Amitai to friends, Columbia, employment, and ultimately Bekki
  • Amitai has even written a little Lua

  Taavi Lua Schleier

  • We like the sounds together
  • The names and initials aren’t obviously embarrassing
  • It’s unique enough
  • It means enough
  • It reflects our heritages enough
  • It will sound like a grownup when he’s a grownup

  More nice properties observed after the fact

  • Taavi:
    • Abba: תביא (ta-VEE, emphasis on second syllable) means “bring” (imperative), which is what the doctors needed to do
    • Abba: תו (tav, “musical note”)
    • Abba: “Tavi” is a Hebrew name these days apparently
  • Lua:
    • Bekki: “Mondschleier” (”Mond” is German for “moon”) is the halo around the moon
  • Whole name:
    • Nathan: TLS means “secure” (Transport Layer Security, encryption for data in motion)

  If you think of another reason this is a nice name, please pass it along.

  For my Lean/Agile/XP/systems/org-thinker readers

  Taavi embodies the famous Peter Senge adage “People don’t resist change. They resist being changed.” But he’s getting used to it.

  For Taavi to understand someday

  

  More photos

  photos.theschleiers.com/taavi

June 11, 2017

• NetBSD Installation and Upgrading on DaemonForums Update via CVS
  Regarding to: http://www.netbsd.org/docs/updating.html
  
  How can I tell NetBSD to only download x86 regarding files?
  Is there a way to upgrade/install updates, which is more comparable to MS Windows updates?
  
  
  Ty

June 10, 2017

• DragonFly BSD Digest In Other BSDs for 2017/06/10

  I think I’ve finally caught up on my BSD link backlog.

  • d2k17 Hackathon Report: Ken Westerback on XS_NO_CCB removal and dhclient link detection.
  • d2k17 Hackathon Report: Stefan Sperling on USB audio, WiFi Progress.
  • NCIS: FreeBSD.
  • UbuntuBSD is now DEAD!
  • FreeBSD Core Team member: “[installer] might be the only part of OpenBSD that is friendly”
  • Become FreeBSD User: Find Useful Tools.
  • OPNsense 17.1.8 released.
  • openbsd changes of note 623.
  • FreeNAS newbie needing help linking to Active Directory.
  • PKGSRC at The University of Wisconsin – Milwaukee.  (via)
  • Measuring the weight of an electron.  (via)
  • BSDCan 2017 Auction Swag.
  • pkgsrcCon 2017 in London.  (via)
  • NetBSD 8.0 release process underway.
  • Reading OpenBSD source code daily.  (via)
  • Free getopt.  It’s BSD history, though nobody explicitly says it.  (via)

June 08, 2017

• Hubert Feyrer g4u 2.6 released
  After a five-year period for beta-testing and updating, I have finally released g4u 2.6. With its origins in 1999, I'd like to say: Happy 18th Birthday, g4u!

  About g4u: g4u ("ghosting for unix") is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy/CD offers two functions. The first is to upload the compressed image of a local harddisk to a FTP server, the other is to restore that image via FTP, uncompress it and write it back to disk. Network configuration is fetched via DHCP. As the harddisk is processed as an image, any filesystem and operating system can be deployed using g4u. Easy cloning of local disks as well as partitions is also supported.

  The past: When I started g4u, I had the task to install a number of lab machines with a dual-boot of Windows NT and NetBSD. The hype was about Microsoft's "Zero Administration Kit" (ZAK) then, but that did barely work for the Windows part - file transfers were slow, depended on the clients' hardware a lot (requiring fiddling with MS DOS network driver disks), and on the ZAK server the files for installing happened do disappear for no good reason every now and then. Not working well, and leaving out NetBSD (and everything elase), I created g4u. This gave me the (relative) pain of getting things working once, but with the option to easily add network drivers as they appeared in NetBSD (and oh they did!), plus allowed me to install any operating system.

  The present: We've used g4u successfully in our labs then, booting from CDROM. I also got many donations from public and private instituations plus comanies from many sectors, indicating that g4u does make a difference.

  In the mean time, the world has changed, and CDROMs aren't used that much any more. Network boot and USB sticks are today's devices of choice, cloning of a full disk without knowing its structure has both advantages but also disadvantages, and g4u's user interface is still command-line based with not much space for automation. For storage, FTP servers are nice and fast, but alternatives like SSH/SFTP, NFS, iSCSI and SMB for remote storage plus local storage (back to fun with filesystems, anyone? avoiding this was why g4u was created in the first place!) should be considered these days. Further aspects include integrity (checksums), confidentiality (encryption). This leaves a number of open points to address either by future releases, or by other products.

  The future: At this point, my time budget for g4u is very limited. I welcome people to contribute to g4u - g4u is Open Source for a reason. Feel free to get back to me for any changes that you want to contribute!

  The changes: Major changes in g4u 2.6 include:

  • Make this build with NetBSD-current sources as of 2017-04-17 (shortly before netbsd-8 release branch), binaries were cross-compiled from Mac OS X 10.10
  • Many new drivers, bugfixes and improvements from NetBSD-current (see beta1 and beta2 announcements)
  • Go back to keeping the disk image inside the kernel as ramdisk, do not load it as separate module. Less error prone, and allows to boot the g4u (NetBSD) kernel from a single file e.g. via PXE (Testing and documentation updates welcome!)
  • Actually DO provide the g4u (NetBSD) kernel with the embedded g4u disk image from now on, as separate file, g4u-kernel.gz
  • In addition to MD5, add SHA512 checksums

  The software: Please see the g4u homepage's download section on how to get and use g4u.

  Enjoy!

• Hubert Feyrer Native Command Queuing - merging and testing
  Jaromir Dolecek has worked on NCQ and is looking for testers in context of merging the development branch into NetBSD-current.

  What is NCQ? According to Wikipedia, ``Native Command Queuing (NCQ) is an extension of the Serial ATA protocol allowing hard disk drives to internally optimize the order in which received read and write commands are executed. This can reduce the amount of unnecessary drive head movement, resulting in increased performance (and slightly decreased wear of the drive) for workloads where multiple simultaneous read/write requests are outstanding, most often occurring in server-type applications.''

  Jaromir writes to tech-kern: ``I plan to merge the branch to HEAD very soon, likely over the weekend. Eventual further fixes will be done on HEAD already, including mvsata(4) restabilization, and potential switch of siisata(4) to support NCQ.

  The plan is to get this pulled up to netbsd-8 branch soon also, so that it will be part of 8.0.

  Status:

  • ahci(4) fully working with NCQ (confirmed with qemu, and real hw)
  • piixide(4) continues working (no NCQ support of course) (confirmed in qemu)
  • siisata(4) continues working (without NCQ still) (confirmed with real hw)
  • mvsata(4) not yet confirmed working after changes, mainly due the DMA not really working on Marvell 88SX6042 which I have available - I have same issue as kern/52126
  • other ide/sata drivers received mechanical changes, should continue working as before''

  Testing and feedback of success or suggestions for improvemenbt are always welcome - please send your report!

June 07, 2017

• Stack Overflow NetBSD build failing due to .DS_Store file Macintosh

  I am trying to build the NetBSD kernel using

  $ ./build.sh -O ../obj.amd64 -U -u -m amd64 -j4 tools release iso-image
  

  It fails with the output

  =======  1 extra files in DESTDIR  =========
  Files in DESTDIR but missing from flist.
  File is obsolete or flist is out of date ?
  ------------------------------------------
  ./.DS_Store
  =========  end of 1 extra files  ===========
  *** [checkflist] Error code 1
  
  nbmake[2]: stopped in /Volumes/NetBSDImage/src/distrib/sets
  1 error
  

  Even when I do an rm .DS_Store in /Volumes/NetBSDImage/src/distrib/sets, it fails with the same message. Earlier, when I compiled the kernel without the iso-image option, it build successfully, but now, even that fails. Some help?

June 06, 2017

• NetBSD.org NetBSD 8.0 release process started

June 05, 2017

• NetBSD General on DaemonForums X11R7 on NetBsd
  I installed NetBsd on a older computer, and it is working basicly.
  This is my first time with NetBsd,
  However, I am having trouble getting the spanish keyboard to work
  after I 'startx'.
  From the console, when I first boot, the keyboard is fine, and the keys
  work as expected, it is after I start the xsever that it become a problem.
  I did read some manuals and info,..generated a
  

  Code:

  ---

  # X -config ~/xorg.conf.new

  ---

  As instructed here:
  http://www.netbsd.org/docs/guide/en/chap-x.html
  
  But I can not find any X11 in /etc as mentioned:
  

  Quote:

  If the above test was successful, move the file into place (as either /etc/X11/xorg.conf or /etc/X11/XF86Config) and you are ready to go. The following sections may be of interest or use, but are not required reading.

  So I am wondering, not only what to put in the .conf file, the example they show is
  for a german keyboard, and reveseing some keys,...I do not want to do that.
  Just want it to know it is a spanish keyboard, no reversed keys, etc.
  So, what to put in the file, and where to place the . conf file.
  Thank you

June 02, 2017

• NetBSD General on DaemonForums Looking for Thinkpad Recommendations
  I am thinking about upgrading to a Thinkpad X230 for use with NetBSD. It looks like it should be fairly well supported but was hoping someone could confirm or deny if suspend and hibernate work? Im currently on a X201 that is getting long in the tooth and it won't wake from suspend well on NetBSD. (As documented by others here https://wiki.netbsd.org/laptops/ ) I'd like to stay with the X series but if anyone could recommend a Thinkpad newer than the X201 that wasn't too chunky id love the recommendation.

June 01, 2017

• NetBSD Installation and Upgrading on DaemonForums Boot problems
  So I Installed netBSD on an old pentium 1 laptop I had laying around with 32MB ram. The problem is when it goes to boot it hangs on boot: and then I don't know what to type. If I do boot hd0a:netbsd the text turns green but eventually it hangs after attempting to load. I used to use a boot command that seemed to work but now I don't remember what it is.
  
  I also installed FreeBSD on another pc onto the HDD since the installer would not work on this old pc. But when I put it back in it also hangs on boot:
  
  Something must be up with how this old pc uses mbr with hdd? I am not sure. I am using CF to IDE converter if that makes a different. I am also fairly new with BSD but have had more linux experience.
• NetBSD.org New Developer in May 2017

May 27, 2017

• Amitai Schlair qmail + submission + rewrite headers

  Previously

  This is the eighth in a series of “Nifty and Minimally Invasive qmail Tricks”, following

  1. qmail + SMTP AUTH + SSL + TLS - patches
  2. qmail + badrcptto - patches
  3. qmail + NetBSD nightly maintenance
  4. qmail + IMAP-before-SMTP
  5. qmail + spam filtering
  6. qmail + SMTP AUTH + TLS redux
  7. qmail + outbound DKIM

  The mess822-QMAILQUEUE patch

  This is not the QMAILQUEUE patch by Bruce Guenter that’s included in netqmail. When you want qmail-smtpd(8), for instance, to be able to modify or reject incoming messages by inserting a wrapper around qmail-queue(8), the QMAILQUEUE patch makes that easier.

  The mess822-QMAILQUEUE patch is the exact same idea (and code), but for mess822.

  If QMAILQUEUE is set in the environment, ofmipd(8) (and new-inject(1)) run that program in place of qmail-queue, allowing you to modify submitted messages in arbitrary ways, above and beyond mess822’s own rewriting features.

  Your wrapper needs to adhere to the qmail-queue(8) interface, and should probably conclude its work by running the real qmail-queue binary, which — since you’re applying this patch — can stay right where it is.

  With the QMAILQUEUE patch, rather than write your own wrapper, I’d suggest using Bruce Guenter’s qmail-qfilter and writing your own filters. With this mess822-QMAILQUEUE patch, I suggest the same.

  (I hope to take advantage of this patch — already included in the ofmipd SMTP AUTH patch I’m using — to tag my occasional messages to DJB’s mailing lists with Charles Cazabon’s pymsgauth, so they get posted without my manually interacting with qsecretary.)

  To set QMAILQUEUE in ofmipd’s environment:

  1. Find your ofmipd(8) invocation.
  2. If it doesn’t already call env(1) to clear the environment, add that.
  3. Look for where env is called, and pass QMAILQUEUE=/path/to/your-wrapper-program-here to it.
  4. Restart your ofmipd service.

  If you’re using qmail-run from pkgsrc, that’s as easy as:

  1. echo "qmailofmipd_postenv='QMAILQUEUE=/path/to/your-wrapper-program-here'" >> /etc/rc.conf
  2. /etc/rc.d/qmailofmipd restart

  Here again is the mess822-QMAILQUEUE patch.

May 22, 2017

• Amitai Schlair qmail + outbound DKIM

  Previously

  This is the seventh in a series of “Nifty and Minimally Invasive qmail Tricks”, following

  1. qmail + SMTP AUTH + SSL + TLS - patches
  2. qmail + badrcptto - patches
  3. qmail + NetBSD nightly maintenance
  4. qmail + IMAP-before-SMTP
  5. qmail + spam filtering
  6. qmail + SMTP AUTH + TLS redux

  The QMAILREMOTE patch

  When you want to wrap qmail-remote(8) with another program — for instance, to DKIM-sign outgoing mail — the QMAILREMOTE patch lets you do so by setting an environment variable.

• NetBSD Installation and Upgrading on DaemonForums installation on dell inspiron 11-3162
  This post is related to the one "UEFI support " by myway_1 (http://daemonforums.org/showthread.php?t=10047).
  
  I am new to NetBSD, and I tried to install NetBSD on Dell inspiron 11-3162.
  (http://downloads.dell.com/manuals/al...uide_ja-jp.pdf)
  
  I was told that eMMC support is implemented only in HEAD revision, in other word, it is not supported as official.
  
  However I tried HEAD version anyway.
  (http://nycdn.netbsd.org/pub/NetBSD-d...cdrom/boot.iso. This URL no longer exists, but newer version is created in daily basis.)
  
  As the result, it didn't succeed.
  The installation stopped with the following message after I selected "my disk" to the installer instruction that is "Please enter a name for your NetBSD disk".
  
  

  Code:

  ---

  Status: Command failed
Command: disklabel -w -r -f /tmp/disktab ld0 'mydisk'
----------------------------
sdhc0: auto_cmd12 error
sdhc0: data crc error
ld0d: error writing fsbn 0 of 0 - 15 (ld0 bn 0; cn0 tn 0 sn 0), retrying
...
(the above 3 lines are repeated several times)
...
disklabel: disklabel write (sector 0) size 8192 failed: Connection timed out

  ---

  If possible, I want to know when eMMC support can be testable on X86 PC in HEAD version. I tried to find appropriate mailing lists to ask this but couldn't understand which one I should ask.
  
  Here is the dmesg:
  

  Code:

  ---

  NetBSD 7.99.71(GENERIC) #0: Sun May 7 02:05:56 UTC 2017
      [email protected]:/usr/src/sys/arc/amd64/compile/GENERIC
total memory = 3994 MB
avail memory = 3856 MB
WARNING: module error: module 'cd9660' pushed by boot loader already exists
cpu_rng: RDRAND
timecounter: Timecounters tick every 10.000 msec
Kernelized RAIDframe activated
running cgd selftest aes-xts-256 aes-xts-512 done
timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100
Dell Inc. Inspiron 11-3162 (1.0.9)
mainbus0 (root)
ACPI: RSDP 0x00000000000F05B0 000024 (v02 DELL)
ACPI: XSDT 0x000000007A671098 0000B4 (v01 DELL    WN09    01072009 AMI  00010013)
ACPI: FACP 0x000000007A67B948 00010C (v05 DELL    WN09    01072009 AMI  00010013)
ACPI BIOS Warning(bug): 32/64X length mismatch in FADT/Gpe0Block: 128/32 (20170303/tbfabt-642)
ACPI: DSDT 0x000000007A6711E0 00A764 (v02 DELL    WN09    01072009 INTL 20120913)
ACPI: FACS 0x000000007B54CE80 000040
ACPI: APIC 0x000000007A67BA58 000068 (v03 DELL    WN09    01072009 AMI  00010013)
ACPI: FPDT 0x000000007A67BAC0 000044 (v01 DELL    WN09    01072009 AMI  00010013)
ACPI: FIDT 0x000000007A67BB08 00009C (v01 DELL    WN09    01072009 AMI  00010013)
ACPI: MCFG 0x000000007A67BBA8 00003C (v01 DELL    WN09    01072009 MSFT 00000097)
ACPI: BOOT 0x000000007A67BBE8 000028 (v01 DELL    WN09    01072009 AMI  00010013)
ACPI: SLIC 0x000000007A67BC10 000176 (v01 DELL    WN09    01072009 AMI  00010013)
ACPI: HPET 0x000000007A67BD88 000038 (v01 DELL    WN09    01072009 AMI. 00000000)
ACPI: SSDT 0x000000007A67BDC0 000763 (v01 PmRef  CpuPm    00003000 INTL 20061109)
ACPI: SSDT 0x000000007A67C528 000290 (v01 PmRef  Cpu0Tst  00003000 INTL 20061109)
ACPI: SSDT 0x000000007A67C7B8 00017A (v01 PmRef  ApTst    00003000 INTL 20061109)
ACPI: UEFI 0x000000007A67C938 000042 (v01 DELL    WN09    00000000      00000000)
ACPI: MSDN 0x000000007A67C980 000055 (v03 DELL    WN09    01072009 AMI  00010013)
ACPI: LPIT 0x000000007A67C9D8 000104 (v01 DELL    WN09    00000005 MSFT 0100000D)
ACPI: TPM2 0x000000007A67CAE0 000034 (v03        Tmp2Tabl 00000001 AMI  00000000)
ACPI: CSRT 0x000000007A67CB18 00014C (v00 INTEL  LANFORDC 00000005 MSFT 0100000D)
ACPI: SSDT 0x000000007A67CC68 000544 (v01 CpuDpf  CpuDptf  00001000 INTL 20061109)
ACPI: SSDT 0x000000007A67D1B0 002230 (v01 DptfTb  DptfTab  00001000 INTL 20061109)
ACPI: 6 ACPI AML tables successfully acquired and loaded
ioapic0 at mainbus0 apid 1: pa 0xfec00000, version 0x20, 115 pins
cpu0 at mainbus0 apid 0
cpu0: Intel(R) Celeron(R) CPU  N3060  @ 1.60GHz,  id 0x406c4
cpu1 at mainbus0 apid 4
cpu0: Intel(R) Celeron(R) CPU  N3060  @ 1.60GHz,  id 0x406c4
acpi0 at mainbus0: Intel ACPICA 20170303
acpi0: X/RSDT: OemId <DELL    ,  WN09    ,01072009>, AsIId <AMI ,00010013>
acpi0: MCFG: segment 0,  bus 0-255, address 0x00000000e0000000
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFFFE81071D1010 0005F2 (v01 PmRef  Cpu0Ist  00003000 INTL 20061109)
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFFFE817EE77810 0003A5 (v01 PmRef  Cpu0Cst  00003001 INTL 20061109)
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFFFE817EEF2C10 00015F (v01 PmRef  ApIst    00003000 INTL 20061109)
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFFFE81071AE3F8 00008D (v01 PmRef  ApCst    00003000 INTL 20061109)
acpi0: SCI interrupting at int 9
timecounter: Timecounter "ACPI-Safe" frequency 3579545 Hz quality 900
hpet0 at acpi0: high precision event timer (mem 0xfed00000 - 0xfed00400)
timecounter: Timecounter "hpet0" frequency 14318180 Hz quality 2000
acpiec0 at acpi0 (EC,  PNP0C09-1)acpiec0: unable to evaluate _GPE: AE_NOT_FOUND
acpivga0 at acpi0 (GFX0): ACPI Display Adapter
acpiout0 at acpivga0 (DD01, 0x0100): ACPI Display Output Device
acpiout1 at acpivga0 (DD02, 0x0002): ACPI Display Output Device
acpiout2 at acpivga0 (DD03, 0x0200): ACPI Display Output Device
acpiout3 at acpivga0 (DD04, 0x0004): ACPI Display Output Device
acpiout4 at acpivga0 (DD05, 0x0005): ACPI Display Output Device
acpiout5 at acpivga0 (DD06, 0x0006): ACPI Display Output Device
acpiout6 at acpivga0 (DD07, 0x0007): ACPI Display Output Device
acpiout7 at acpivga0 (DD08, 0x0008): ACPI Display Output Device
acpiout8 at acpivga0 (DD1F, 0x0400): ACPI Display Output Device
acpiout8: brightness levels: [1-100]
acpiout9 at acpivga0 (ISP0, 0x22b8): ACPI Display Output Device
acpivga0: unknown output device acpiout0
acpivga0: unknown output device acpiout1
acpivga0: unknown output device acpiout2
acpivga0: unknown output device acpiout3
acpivga0: unknown output device acpiout4
acpivga0: unknown output device acpiout5
acpivga0: unknown output device acpiout6
acpivga0: unknown output device acpiout7
acpivga0: connected output devices:
acpivga0: 0x0400 (acpiout8): Unknown Output Device, head0
acpivga0: 0x22b8 (acpiout9): Unknown Output Device, head0, non vga
FWHD (INT0800) at acpi0 not configured
LDRC (PNP0C02) at acpi0 not configured
attimer1 at acpi0 (TIMR, PNP0100): io 0x40-0x43,0x50-0x53 irq 0
pckbc1 at acpi0 (PS2K, DLLK0725) (kbd port): io 0x60,0x64 irq 1
pckbc2 at acpi0 (PS2K, DLL0725) (aux port): irq 12
RMSC (PNP0C02) at acpi0 not configured
TPD1 (DLL0725) at acpi0 not configured
SPRC (PNP0C02) at acpi0 not configured
PDRC (PNP0C02) at acpi0 not configured
acpibat0 at acpi0 (BAT0, PNP0C0A-1): ACPI Battery
acpiacad0 at acpi0 (AC, ACPI0003): ACPI AC Adapter
acpilid0 at acpi0 (LID0, PNP0C0D): ACPI Lid Switch
acpibut0 at acpi0 (PWRB, PNP0C0C-170): ACPI Power Button
acpiwmi0 at acpi0 (AMWB, PNP0C14-0): ACPI WMI Interface
wmidell0 at acpiwmi0: Dell WMI mappings
RBTN (DELLABCE) at acpi0 not configured
acpibut1 at acpi0 (SLPB, PNP0C0E): ACPI Sleep Button
GPO3 (INT33FF) at acpi0 not configured
TPM (MSFT0101) at acpi0 not configured
DPTF (INT3400) at acpi0 not configured
STR3 (INT3403) at acpi0 not configured
STR1 (INT3403) at acpi0 not configured
STR6 (INT3403) at acpi0 not configured
acpitz0 at acpi0 (THM)
acpitz0: levels: critical 89.0 C, passive cooling
ACPI: Enabled 6 GPEs in block 00 to 3F
pckbd0 at pckbc1 (kbd slot)
pckbc1: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pms0 at pckbc1 (aux slot)
pms0: Synaptics touchpad version 8.2
pms0: Extended W mode, Palm detect, One button click pad, Multi-finger Report, Multi-finger
pckbc1: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pci0 at mainbus0 bus0: configration mode 1
pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
pchb0 at pci0 dev 0 function 0: vendor 8086 product 2280 (rev. 0x35)
vga0 at pci0 dev 2 function 0: vendor 8086 product 22b1 (rev. 0x35)
wsdislay0 at vga0 kbdmux 1: console (88x25, vt100 emulation), using wskbd0
wsmux1: connecting to wsdisplay0
drm at vga0 not configured
vendor 8086 product 22dc (miscellaneous DASP, revision 0x35) at pci0 dev 11 function 0 not configured
sdhc0 at pci0 dev 16 function 0: vendor 8086 product 2294 (rev. 0x35)
sdhc0: interrupting at ioapic0 pin 16
sdhc0: SDHC 3.0, rev 16, SDMA, 200000 kHz, embedded slot, HS SDR50 DDR50 SDR104 HS200 1.8V, re-tuning mode 1 (128s timer), 512 byte blocks
sdmmc0 at sdhc0 slot 0
xhci0 at pci0 dev 20 function 0: vendor 8086 product 22b5 (rev. 0x35)
xhci0: interrupting at msi0 vec 0
xhci0: xHCI version 1.0
usb0 at xhci0: USB revision 3.0
usb1 at xhci0: USB revision 2.0
vendor 8086 product 2298 (miscellaneous crypto, revision 0x35) at pci0 dev 26 function 0 not configured
hdaudio0 at pci0 dev 27 function 0: HD Audio Controller
hdaudio0 interrupting at msi1 vec 0
hdafg0 at hdaudio0: vendor 10ec product 0255
hdafg0: DAC00 2ch: Speaker [Built-In]
hdafg0: DAC01 2ch: HP Out [Jack]
hdafg0: ADC02 2ch: Mic In [Built-In]
hdafg0: 2ch/2ch 44100Hz 48000Hz 96000Hz 192000Hz PCM16 PCM20 PCM24 AC3
audio0 at hdafg0: full duplex, playback, capture, mmap, independent
hdafg0: Virtual format configured - Format SLINEAR, precision 16, channels 2, frequency 48000
spkr0 at audio0: PC Speaker (synthesized)
hdafg1 at hdaudio0: vendor 8086 product 2883
hdafg1: DP00 8ch: Digital Out [Jack]
hdafg1: 8ch/8ch 48000Hz PCM16*
ppb0 at pci0 dev 28 function 0: vendor 8086 product 22c8 (rev.0x35)
ppb0: PCI Express capability version 2 <Root Port of PCI-E Root Complex> x1 @ 2.5GT/s
pci1 at pb0 bus 1
pci1: i/o space, memory space enabled, rd/line, wr/inv ok
iwm0 at pci1 dev 0 function 0: vendor 8086 product 08b3 (rev. 0x83)
iwm0: Interrupting at msi2 vec0
pcib0 at pci0 dev 31 function 0: vendor 8086 product 229c (rev. 0x35)
ichsmb0 at pci0 dev 31 function 3: vendor 8086 product 2292 (rev. 0x35)
ichsmb0 interrupting at ioapic0 pin 18
iic0 at ichsmb0: 12C bus
isa0 at picb0
com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
pcppi0 at isa0 port 0x61
spkr1 at pcppi0: PC Speaker
midi0 at pcppi0: PC Speaker
sysbeep0 at pcppi0
attimer1: attached to pcppi0
acpicpu0 at cpu0: ACPI CPU
acpicpu0: C1: FFH, lat    1 us, pow  1000 mW
acpicpu0: C2: FFH, lat  500 us, pow    10 mW
acpicpu0: C3: FFH, lat 1000 us, pow    10 mW
acpicpu0: P0: FFH, lat  10 us, pow  2000 mW, 1601 MHz, turbo boost
acpicpu0: P1: FFH, lat  10 us, pow  2000 mW, 1600 MHz
acpicpu0: P2: FFH, lat  10 us, pow  1900 mW, 1520 MHz
acpicpu0: P3: FFH, lat  10 us, pow  1800 mW, 1440 MHz
acpicpu0: P4: FFH, lat  10 us, pow  1700 mW, 1360 MHz
acpicpu0: P5: FFH, lat  10 us, pow  1600 mW, 1280 MHz
acpicpu0: P6: FFH, lat  10 us, pow  1500 mW, 1200 MHz
acpicpu0: P7: FFH, lat  10 us, pow  1400 mW, 1120 MHz
acpicpu0: P8: FFH, lat  10 us, pow  1300 mW, 1040 MHz
acpicpu0: P9: FFH, lat  10 us, pow  1200 mW,  960 MHz
acpicpu0: P10: FFH, lat  10 us, pow  1100 mW,  880 MHz
acpicpu0: P11: FFH, lat  10 us, pow  1000 mW,  800 MHz
acpicpu0: P12: FFH, lat  10 us, pow  900 mW,  720 MHz
acpicpu0: T0: FFH, lat    1 us, pow  900 mW,  100 %
acpicpu0: T1: FFH, lat    1 us, pow  787 mW,  88 %
acpicpu0: T2: FFH, lat    1 us, pow  675 mW,  75 %
acpicpu0: T3: FFH, lat    1 us, pow  562 mW,  63 %
acpicpu0: T4: FFH, lat    1 us, pow  450 mW,  50 %
acpicpu0: T5: FFH, lat    1 us, pow  337 mW,  38 %
acpicpu0: T6: FFH, lat    1 us, pow  225 mW,  25 %
acpicpu0: T7: FFH, lat    1 us, pow  112 mW,  13 %
coretemp0 at cpu0: thermal sensor, 1 C resolution, Tjmax=90
acpicpu1 at cpu1: ACPI CPU
coretemp0 at cpu0: thermal sensor, 1 C resolution, Tjmax=90
timecounter: Timecounter "clockinterrupt" frequency 100 Hz quality 0
timecounter: Timecounter "TSC" frequency 100 Hz quality 3000
uhub at usb0: vendor 8086 (0x8086) xHCI Root Hub (0000), class 9/0, rev 1.00/1.00, adr 0
uhub0: 6 ports with 6 removable, self powered
uhub1 at usb1: vendor 8086 (0x8086) xHCI Root Hub (0000), class 9/0, rev 2.00/1.00, adr 0
uhub1: 7 ports with 7 removable, self powered
acpiacad0: AC adapter online
IPsec:  Initialized Security Associtation Processing.
sdhc0: timeout waiting for mask 0x3 value 0 (state=0x1fff0a06)
sdhc0: command or data phase inhibited
sdhc0: tuning did not complete, using fixed sampling clock
admmc0: can't execute MMC tuning
sdmmc0: mem init failed
ld0 at sdmmc0: <0x90:0x014a:HBG4e^E:0x00;0x50a1952:0x000>
ld0: 29824 MB, 7574 cyl, 128 head, 63 sec, 512 bytes/sect x 61079552 sectors
ld0: GPT GUID: 41eceadd-c2d7-4d58-98c0-f45017d6e439
dk0 at ld0: "EFI system partition", 1024000 blocks at 2040, type: msdos
dk1 at ld0: "Microsoft reserved partition", 262144 blocks at 1026048, type: <unknown>
dk2 at ld0: "Basic data partition", 58859520 blocks at 1288192, type: <unknown>
dk3 at ld0: "53f33d20-f61d-498a-ba9b-f8a26d49726c", 927744 blocks at 60147712, type <unknown>
ld0: 4-bit width, HS200, 200.000 MHz
axen0 0 at uhub0 port 1
axen0: ASIX Elec. Corp. (0xb95) AX88179 (0x1790), rev 3.00/1.00 addr 1
umass0 at uhub1 port2 configuration 1 interface 0
umass0: BUFFALO (0x411) BUFFALO Optical Drive (0x29f), rev 2.10/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, 1 lun par target
cd0 at scsibus0 target 0 lun 0: <BUFFALO, Optical Drive, BFT6> cdrom removable
axen0: AX88179
axen0: Ethernet address 34:3d:c4:9a:4f:5e
rgephy0 at axen0 phy 3: RTL8169S/8110S/8211 1000BASE-T media interface, rev. 5
rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT-FDX, auto
ubt0 at uhub1 port 3
ubt: vendor 8087 (0x8087) product 07dc (0x7dc), rev 2.00/1.00, addr 3
uvideo0 at uhub1 port 5 configuration 1 interface 0: 1234567890-AU18 (0xc45) Integrated_Webcam_HD (0x6a05), rev 2.00/61.11, addr 4
video0 at uvideo0: 1234567890-AU18 (0xc45) Integrated_Webcam_HD (0x6a05), rev 2.00/61.11, addr 4
pad0: outputs: 44100Hz, 16-bit, stereo
audio1 at pad0: half duplex, playback, capture
pad0: Virtual format configured - Format SLINEAR, precision 16, channels 2, frequency 44100
spkr2 at audio1: PC Speaker (synthesized)
WARNING: 13 errors while detecting hardwhare: check system log.
boot device: cd0
root on cd0a dumps on cd0b
root file system type: cd9660
kern.module.path=/stand/amd64/7.99.71/modules
iwm0: hw rev 0x160, fw var 17.352738.0, address f4:06:69:a5:c0:f8
iwm0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
iwm0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
iwm0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
acpibat0: normal capacity on 'charge state'

  ---

  P.S English is not my native language; please excuse typing, grammar or/and word selecting errors.

May 21, 2017

• Stack Overflow ASLR and posibility of non-page aligned stack

  To understand the ASLR and its impact on application address space I modified the NetBSD kern_pax.c code as below. My line of thought is to increase entropy by bringing in lower bytes into play. Original PAX code causes stack to be page aligned and jumps from page to page under different invocations. I just added that we move on to specific word aligned memory. Since in most applications the first few frames will be used less as compared to the ones on top, the performance should not be too much of an issue (it is just an assumption).

  #define PAX_ASLR_DELTA_STACK_LSB    PGSHIFT
  #define PAX_ASLR_DELTA(delta, lsb, len) \
  
      (((delta) & ((1UL << (len)) - 1)) << (lsb))
  

  I modified it as

  #define PAX_ASLR_DELTA_STACK_LSB     2
  

  Variable delta is output from arc4random() function. Variable len is number of bits we wants to randomize.

  The randomized value we get as above is added to address where stack was allocated initially by kernel.

  I wanted to take expert opinion on if doing this actually brings any benefit about randomization, also if the performance penalty is prohibitive.

  When I tried this applications did not crash so it seems to be okay.

• Hubert Feyrer Support for Controller Area Networks (CAN) in NetBSD
  Manuel Bouyer has worked on NetBSD CAN-support, and now he writes: ``I'd like to merge the bouyer-socketcan branch to HEAD in the next few days (hopefully early next week, or maybe sunday), unless someone objects to the idea of a socketcan implementation in NetBSD.

  CAN stands for Controller Area Network, a broadcast network used in automation and automotive fields. For example, the NMEA2000 standard developped for marine devices uses a CAN network as the link layer.

  This is an implementation of the linux socketcan API: https://www.kernel.org/doc/Documentation/networking/can.txt you can also see can(4) in the branch.

  This adds a new socket family (AF_CAN) and protocol (PF_CAN), as well as the canconfig(8) utility, used to set timing parameter of CAN hardware. The branch also includes a driver for the CAN controller found in the allwinner A20 SoC (I tested it with an Olimex lime2 board, connected with PIC18-based CAN devices).

  There is also the canloop(4) pseudo-device, which allows to use the socketcan API without CAN hardware.

  At this time the CANFD part of the linux socketcan API is not implemented. Error frames are not implemented either. But I could get the cansend and canreceive utilities from the canutils package to build and run with minimal changes. tcpdump(8) can also be used to record frames, which can be decoded with etherreal.

  A review of the code in src/sys/netcan/ is welcome, especially for possible locking issues.''

  What CAN devices would you address with NetBSD? Drop me mail!

May 05, 2017

• Hubert Feyrer Announcing NetBSD and the Google Summer of Code Projects 2017
  The NetBSD Project posts that we are very happy to announce that the selection process in this year's Summer of Code with its bargaining of slots and what student gets assigned to which project is over. As a result, the following students will take on their projects:

  • Leonardo Taccari will work add multi-packages support to pkgsrc.
  • Maya Rashish will work on the LFS cleanup.
  • Utkarsh Anand will make Anita support multiple virtual machine systems and more architectures within them to improve testing coverage.

  What follows now is a community bonding period until May 30th, followed by a coding period over the summer (it's Summer of Code, after all :-) until August 21st, evaluations, code submission and an announcement of the results on September 6th 2017.

  Good luck to all our students and their mentors - we look forward to your work results, and welcome you to The NetBSD Project!

May 03, 2017

• Hubert Feyrer Adventures in Time, part 1: Interfacing an Oven Controlled Crystal Oscillator to a Computer Running NetBSD
  I've stumbled across this article via the Dragonfly BSD Digest: Tobias 'tnn' Nygren wrote about his aventurs in time, with part one on Interfacing an Oven Controlled Crystal Oscillator to a Computer Running NetBSD.

  This first article in a blog series starts by describing regular and oven ontrolled crystal oscillators, then goes on in describing the hardware setup and how it is connected to a computer. In this case, a Banana Pi running NetBSD/evbarm is used which (of course) also has its own clock. Oscilloscope measurements show differences in quality of signals and why an adapter is needed to adjust the system's clock frequency (including changes to the NetBSD kernel).

  In the next post Tobias will describe how to calibrate the clock with NTP. Stay tuned and have an eye on his blog!

• Unix Stack Exchange php70-fpm doesn't include www.conf on NetBSD

  I'm having issues with php70-fpm not including any config files.

  I installed php70-fpm using pkgin in php70-fpm. It installs from here: ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/earmv6hf/7.1/All/

  After installation there is no www.conf file anywhere on the system. As a result I am getting errors when trying to start php-fpm:

  [12-Mar-2017 17:01:42] WARNING: Nothing matches the include pattern '/usr/pkg/etc/php-fpm.d/*.conf' from /usr/pkg/etc/php-fpm.conf at line 125.
  [12-Mar-2017 17:01:42] ERROR: No pool defined. at least one pool section must be specified in config file
  [12-Mar-2017 17:01:42] ERROR: failed to post process the configuration
  [12-Mar-2017 17:01:42] ERROR: FPM initialization failed
  

  I've searched for www.conf using `find / -name "www.conf" ... nothing found.

  Should these config files be installed by default or do I have to create them manually? Every other distro I've used includes the files by default.

  I've tried removing and reinstalling but that doesn't help.

  Any ideas?

  Edit

  Output of ls -l /usr/pkg/etc/php-fpm*

  rpi# ls -l /usr/pkg/etc/php-fpm*
  -rw-r--r--  1 root  wheel  4413 Mar 12 17:00 /usr/pkg/etc/php-fpm.conf
  
  /usr/pkg/etc/php-fpm.d:
  

May 02, 2017

• Unix Stack Exchange Dependency problems installing php70-fpm on NetBSD

  I'm having issues installing php70-fpm on NetBSD. The version I am using is:

  NetBSD rpi 7.99.64 NetBSD 7.99.64 (RPI.201703032010Z) evbarm
  

  I am installing like so:

  pkgin in php70-fpm
  

  But upon doing so I get the following error:

  /usr/lib/libssl.so.10, needed by php70-fpm-7.0.0 is not present in this system.
  /usr/lib/liblzma.so.1, needed by php70-fpm-7.0.0 is not present in this system.
  /usr/lib/libcrypto.so.8, needed by php70-fpm-7.0.0 is not present in this system.
  /usr/lib/libssl.so.10, needed by php-7.0.0 is not present in this system.
  /usr/lib/liblzma.so.1, needed by php-7.0.0 is not present in this system.
  /usr/lib/libcrypto.so.8, needed by php-7.0.0 is not present in this system.
  

  They are already installed, but the versions I have are newer. For example I have the following shared object files:

  /usr/lib/libssl.so
  /usr/lib/libssl.so.11
  /usr/lib/libssl.so.12
  

  Do I need to install libssl.so.10 or can I symlink 11 to 10? Any help would be much appreciated.

April 27, 2017

• Server Fault ssh tunnel refusing connections with "channel 2: open failed"

  All of a sudden (read: without changing any parameters) my netbsd virtualmachine started acting oddly. The symptoms concern ssh tunneling.

  From my laptop I launch:

  $ ssh -L 7000:localhost:7000 [email protected] -N -v
  

  Then, in another shell:

  $ irssi -c localhost -p 7000
  

  The ssh debug says:

  debug1: Connection to port 7000 forwarding to localhost port 7000 requested.
  debug1: channel 2: new [direct-tcpip]
  channel 2: open failed: connect failed: Connection refused
  debug1: channel 2: free: direct-tcpip: listening port 7000 for localhost port 7000, connect from 127.0.0.1 port 53954, nchannels 3
  

  I tried also with localhost:80 to connect to the (remote) web server, with identical results.

  The remote host runs NetBSD:

  bash-4.2# uname -a
  NetBSD host 5.1_STABLE NetBSD 5.1_STABLE (XEN3PAE_DOMU) #6: Fri Nov  4 16:56:31 MET 2011  [email protected]:/m/obj/m/src/sys/arch/i386/compile/XEN3PAE_DOMU i386
  

  I am a bit lost. I tried running tcpdump on the remote host, and I spotted these 'bad chksum':

  09:25:55.823849 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 67, bad cksum 0 (->3cb3)!) 127.0.0.1.54381 > 127.0.0.1.7000: P, cksum 0xfe37 (incorrect (-> 0xa801), 1622402406:1622402421(15) ack 1635127887 win 4096 <nop,nop,timestamp 5002727 5002603>
  

  I tried restarting the ssh daemon to no avail. I haven't rebooted yet - perhaps somebody here can suggest other diagnostics. I think it might either be the virtual network card driver, or somebody rooted our ssh.

  Ideas..?

April 21, 2017

• Unix Stack Exchange Cannot write to USB storage device in NetBSD

  I plug in my USB flash stick. System detects it. I mount it with mount /dev/sd0e /mnt I can see the files on it when I cd to mount. I can transfer files from /mnt to HDD, but not the other way around. I get messages like 'file non-existent' or 'cannot rename: Device Busy'.

  What am I doing wrong?

April 20, 2017

• Amitai Schlair Agile Alliance Technical Conference 2017: Cross-Platform Deployment

  At the second Agile Alliance Technical Conference, I facilitated a DevOps-themed workshop called “Cross-Platform Full-Stack Deployment with pkgsrc”.

  • Abstract
  • Slides

  I loved being at the first one last year, and it’s great to be back with a comfortably large number of people who feel — as I do — that Agile software development centers on doing it and helping others do it.

  ---

  Does your company deliver valuable software? Maybe I can help. Consulting, coaching, training.

April 19, 2017

• Unix Stack Exchange NetBSD - Unable to install pkgin

  I'm running NetBSD on the Raspberry Pi 1 Model B.

  uname -a
  NetBSD rpi 7.99.64 NetBSD 7.99.64 (RPI.201703032010Z) evbarm
  

  I'm trying to install pkgin but I'm receiving an error about version mismatch ...

  pkg_add -f pkgin
  pkg_add: Warning: package `pkgin-0.9.4nb4' was built for a platform:
  pkg_add: NetBSD/earmv6hf 7.99.42 (pkg) vs. NetBSD/earmv6hf 7.99.64 (this host)
  pkg_add: Warning: package `pkg_install-20160410nb1' was built for a platform:
  pkg_add: NetBSD/earmv6hf 7.99.58 (pkg) vs. NetBSD/earmv6hf 7.99.64 (this host)
  pkg_add: Can't create pkgdb entry: /var/db/pkg/pkg_install-20160410nb1: Permission denied
  pkg_add: Can't install dependency pkg_install>=20130901, continuing
  pkg_add: Warning: package `libarchive-3.3.1' was built for a platform:
  pkg_add: NetBSD/earmv6hf 7.99.59 (pkg) vs. NetBSD/earmv6hf 7.99.64 (this host)
  pkg_add: Can't create pkgdb entry: /var/db/pkg/libarchive-3.3.1: Permission denied
  pkg_add: Can't install dependency libarchive>=3.2.1nb2, continuing
  pkg_add: Can't create pkgdb entry: /var/db/pkg/pkgin-0.9.4nb4: Permission denied
  pkg_add: 1 package addition failed
  

  How can I install the correct version?

• Unix Stack Exchange NetBSD: unable to start KDE because of missing shared objects

  I'm relatively new to UNIX-like OS's, though I know some basic concepts. I managed to build X server and KDE workspace from pkgsrc for my NetBSD 7.0.2. X starts normally, but KDE won't, because it cannot find a shared object named libSM.so.7.

  libSM was pulled as dependency during installation of these packages, but there is no file with such a name. Google queries I find on the subject relate to libSM.so.6 which I have. What is this mysterious so.7 I can't grasp.

  Am I missing something obvious here?

April 13, 2017

• Stack Overflow NetBSD 'pkg_add' can't process packages: Forbidden

  I'm new to using NetBSD but I've set it up on a VM and am currently in the process of running through a few package installations. From what I understand this is done via setting the PKG_PATH variable and then using the pkg_add utility, however I'm getting a "Forbidden" error message when I try to install any package.

  $ PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/$(uname -s)/$(uname -m)/$(uname -r|cut -f '1 2' -d.)/All/"
  $ export PKG_PATH
  $ pkg_add tmux
  pkg_add: Can't process http://cdn.NetBSD.org:80/pub/pkgsrc/packages/NetBSD/amd64 /7.1/All//tmux*: Forbidden
  pkg_add: no pkg found for 'tmux', sorry.
  pkg_add: 1 package addition failed

  I've visited the URL and the package does exist, also it does this for any package I try to install. From what I can tell the networking on the machine is fine so I'm a bit stuck as to where to go from here. Any suggestions?

March 31, 2017

• Roy Marples dhcpcd-7 finally enters beta

  It's been a while in the making, but dhcpcd-7.0.0-beta1 is finally here! I have been using this a lot on all supported platforms bar Solaris and it's been very trouble free, so hopefully not many changes (if any? famous last words!) before a RC and final release.

  Summary of changes since dhcpcd-6.11.5:

  • source file locations reworked: dhcpcd source is in src dhcpcd hooks are in hooks compat is in compat
  • README split into README.md and BUILDING.md
  • internal routing is now protocol agnostic
  • avoid using __packed and use compile time asserts instead
  • addresses some alignment issues
  • disable some ARP code on kernels which support RFC5227
  • BSD IPv6 kernel settings are now updated to reflect dhcpcd config
  • custom logger has been removed, syslog handles everything as such, the --logfile option has been removed as well. If you need better/earlier logging, get a better syslogger!
  • distinfo and signed distinfo files are now available alongside release taraballs from this point onwards
  • default DBDIR has changed from /var/db to /var/db/dhcpcd
  • /etc/dhcpcd.duid moves to DBDIR/duid
  • /etc/dhcpcd.secret moves to DBDIR/secret
  • lease file names have dhcpcd removed from them as they are now inside a directory of the same name
  • fixed issues with reject routes not working on some platforms
  • improved nl80211 support on Linux for working out the SSID
  • no longer request NTP by default in dhcpcd.conf
  • fix detecting IPv6 DAD on OpenBSD
  • remove custom Solaris DLPI filtering in favour of BPF (note there seems to be a kernel issue where the DHCP fd receives ARP's as well, the only side effect is a noisy syslog)
  • BPF filtering vastly improved so dhcpcd only wake up on ARP or DHCP packets destined for it
  • support for MUD URL (draft-ietf-opsawg-mud-05)
  • if the kernel isn't doing DAD, don't insist on waiting for it to actually do it
  • fix a potential crash where the DHCP or ARP states could be freed before the packet processing loop naturally breaks
  • removed gateway and nogateway options (these can be controlled by the nooption directive which works for more than just gateways)
  • removed ipv6ra_own and ipv6ra_own_default options (these can be controled by the ipv6rs/noipv6rs directive)
  • fix a memory leak on systems where posix_spawnattr_init allocates memory by calling posix_spawnattr_destroy afterwards
  • fix a crash receiving SIGUSR1

  I've not done everything I've wanted to, but I feel that many issues have now been addressed and on the whole dhcpcd is in a very good state right now.

  Let me know of any issues you find!

March 28, 2017

• Amitai Schlair Automation for mail hosting

  Previously

  • Refactorings for web hosting
  • Automation for web hosting
  • qmail + SMTP AUTH + TLS redux

  Intro

  As a sysadmin (”Ops”), I’ve had root responsibilities on NetBSD, FreeBSD, OpenBSD, Mac OS X, Solaris, and weirder systems like IRIX, AIX, and Linux. As a developer (”Dev”), I’ve used a bunch of those, sometimes without root privileges. Across all these contexts, to do my job reliably and productively, I found it often helped to use a cross-platform Unix package manager.

  In the course of a couple decades of running mail servers, for pay and for myself, I’ve made a “DevOps” habit of observing and automating. This post is about how I recently synthesized old skills with new ones to make a big improvement in my mail-hosting automation.

  Are any of your contexts like mine? Read on. You may conclude that my approach and/or tools could help you in your work. If so, maybe you can come to my hands-on workshop in a few weeks. If not, maybe we can work together another way.

  Background

  I’ve been running NetBSD for 20 years: from 1.1 in high school to 7.1, released two weeks ago. NetBSD’s continued growth and relevance is one of the reasons I keep choosing to run it.

  I’ve been running qmail for almost as long: from 1.03 in my first job to 1.03 (plus a few third-party patches) today. qmail’s lack of continued growth and relevance makes it harder for me to keep choosing to run it. Yet I still do.

  A friend wondered, in response to a recent post about refactoring my mail-server configuration, why I continue to make this choice when Postfix is ubiquitous and easy to work with. My friend made a good point. Postfix is the default MTA shipped with many operating systems — including NetBSD — and on the few occasions I’ve needed to tweak Postfix from its default behavior, it’s been easy enough. If it’d existed when my first employer and I needed an alternative to Sendmail, I’m sure I’d be happily running Postfix today.

  But qmail 1.03 did exist by 1998. And by force of its compellingly different and better architecture, I found it both necessary and possible to understand SMTP, the nuances of running a production mail server on the open Internet, and the details that go into safely and reliably delivering a single message. qmail’s author, Dan Bernstein, also invented a new Maildir storage format whose desirable runtime behaviors delivered me a message about the significance of finding the right data structure — one of the few lessons I managed to learn in college-the-first-time. (A few years later, Bernstein’s djbdns would teach me very similar lessons about DNS.)

  Anywho, I responded to my friend with the offhand rationale that my choice to continue with qmail stems from

  A mélange of

  • Laziness (possibly the false kind)
  • Anti-monoculture activism (possibly of the bullshit retroactive justification kind), and
  • Enjoying the very occasional small effort it takes to keep things going to my liking (pretty sure this is genuine).

  As my weekly server update has grown more streamlined, the sharp edges of the qmail package have grown more salient. And a couple weeks ago, they scratched a friend trying to install it on a fresh NetBSD instance. So I wanted to take another stab at making things easier for my friend (and future-me, who I hope to be friends with).

  It went well. Now that I’ve composed NetBSD and qmail into their finest two-part harmony yet, I’d like to tell you a tale of software archaeology, a tale replete with flexibility, persuasion, persistence, and very occasional free time. And possibly just a smidge of Sunk Cost Fallacy.

  It’s not my shortest story. (Did I mention Sunk Cost Fallacy?) But if the problems I’ve tried to solve sound like problems you’re trying to solve, there’s likely something in it for you.

  1997: Build from source

  What’s wrong with installing software from source code by manually following its instructions? When you’re trying to learn how it works, not much at all. If you do this with qmail, you’ll learn how it

  • Makes use of several Unix users and groups for security partitioning,
  • Requires that those users and groups be created before it’ll compile,
  • Installs its programs and documentation to locations that need additional configuration to be useful to users, and
  • Expects its daemons to be managed in a way that almost certainly departs significantly from your OS’s usual (such as NetBSD’s rc.d subsystem).

  When you’re trying to learn how qmail works, these are all important things to know. When you’re trying to integrate it into your systems, your habits, and your automations, these are important things to be able to forget.

  There’s an abstraction layer for hiding such details: a package manager. NetBSD’s is spelled “pkgsrc” and pronounced “package source”.

  2002: Maybe build from pkgsrc

  After submitting a series of patch requests to pkgsrc, it was just about exactly 15 years ago that I was invited to commit directly to the repository. As a project, pkgsrc was mainly focused on automating dependencies, builds, installs, and uninstalls of third-party code from source code. As a developer and user, so was I.

  We had a package of qmail. It was pretty rough. It jumped through hoops to create those users and groups early enough in the build, it didn’t place qmail’s programs or documentation in users’ existing paths, it didn’t offer NetBSD-style rc.d scripts, and if memory serves, uninstalling it didn’t really uninstall anything. And while pkgsrc could be used to generate binary packages, the qmail package very sensibly refused to.

  My first commit to qmail (original) was from a future developer’s patch request. He provided an rc.d script that started and stopped qmail-send. Pretty cool.

  2004: Definitely build from pkgsrc

  Someday I hoped to produce a binary package that worked well. If I could start making our source package work well, I might get there someday.

  One of DJB’s conditions for redistributions of qmail was that all files must be addressable in their documented default locations under the /var/qmail hierarchy. One of pkgsrc’s conditions for uninstalling files was that they must be stored under the /usr/pkg hierarchy. And, of course, if the programs and manual pages were installed into /usr/pkg, they’d be instantly available to users. Inspired by an idea from Matthew R. Green on the qmail discussion list, I taught the package to create symlinks under /var/qmail before running qmail’s installer, which then followed the symlinks. For example, a symlink in /var/qmail/bin pointing to /usr/pkg/bin induced qmail programs to install into /usr/pkg/bin as pkgsrc users would expect, while also being accessible via /var/qmail/bin as qmail users would expect.

  Score! The symlink-before-install trick provided the basis for many contemporaneous improvements (original) and also obviated the need for path-related hacks (original) in a handful of packages depending on qmail. After a lot of careful work, our package suddenly provided a rather high-functioning qmail installation.

  It even followed a whole bunch of the recommendations codified by the qmail community elders in the Life with qmail configuration guide. There was one big recommendation, by virtue of its mere existence, that it could not follow: the qmail elders strongly recommended avoiding packages entirely, for reasons like those in the “1997: Build from source” section above. Nonetheless, I asked for their review and feedback, received it, and applied it. The gist: I removed my NetBSD-specific customizations from the qmail package (original) and re-added them as a new qmail-run package (original), along with other tweaks intended to help users distinguish standard stuff that the community could support from custom stuff they should ask me about directly. (I wrote about the experience as a college-the-second-time application essay. Wound up going somewhere else.)

  At this point, as I explained at a couple pkgsrcCons, for most “djbware” in pkgsrc, we could generate useful binary packages, but weren’t confident that we could meet DJB’s conditions for distributors.

  For qmail in particular, binary packages were less useful. A qmail binary package built on one machine could run on another if and only if the numeric IDs of qmail’s users and groups were the same on both systems, which is not only mathematically exceedingly unlikely to happen at random, but often difficult to arrange for in the wild. FreeBSD Ports, among others, worked around this by permanently allocating a non-configurable set of IDs. Their decision could never have made sense for pkgsrc, where besides NetBSD we run on all manner of operating systems we don’t control. To fix it, we’d really have to fix it. But applying patches that changed visible behavior of the installed software was clearly against the redistribution conditions.

  In late 2007, DJB placed qmail in the public domain. It became possible to apply the usual consideration for the costs and benefits of patching our package.

  I was busy with college-the-second-time, particularly so with validating my goal to be a composer. For my own needs, I continued using source packages.

  2011: Maybe install from a custom binary package

  Motivated by the desire to improve the quality of our binary packages, pkgsrc grew an idea of DESTDIR. Source packages that knew about DESTDIR no longer installed directly onto the running system, but rather into a temporary staging directory from which a binary package was generated and then installed. (This was not a new idea; OpenBSD Ports, among others, beat us to it.) Once all our packages had been adapted, we could remove the old way. Then even source-centric developers like myself would notice when our binary packages weren’t working right.

  I liked the sound of that and didn’t want to hold up progress, so I made what I thought were the smallest possible changes to minimally support DESTDIR (original).

  Turns out, when the DESTDIR rapture finally came (original) in late 2015, I had not arranged for the qmail binary package to initialize its message queue.

  The regression in our binary package occurred because my brain continued to assume it was not worth anyone’s time to try to use it, even though the meaning of the coming rapture was specifically that one day all package installs would be binary package installs.

  The missing queue went unnoticed because on the mail server where I would’ve quickly noticed it, it hadn’t been missing! It was still there from before the DESTDIR rapture, when I’d first installed from the old-style source package.

  (It also went unnoticed because very few people run qmail from pkgsrc. Even when lots of people ran qmail, pkgsrc’s package wasn’t great, pkgsrc itself was relatively unpopular, and running qmail from any sort of package was, as mentioned previously, strongly discouraged.)

  2017: Definitely install from the pre-built 2017Q1 binary package

  In late 2014, before everything went DESTDIR, I stopped managing packages from source directly on my server — it ate CPU, I/O, and disk space I preferred to allocate to serving — and started building binaries in a VM on my local development machine. Since I had chosen to generate binary packages, I had to configure qmail to build with numeric user and group IDs matching those already present on my server.

  A couple weeks ago, trying to help my friend, I turned up a patch by Paul Fox that taught an early version of qmail to look up its numeric IDs at runtime. Using my growing C skills, I ported it forward and added it to pkgsrc (original).

  With the patch, qmail’s compile process no longer needed any users or groups to exist. To also avoid needing them in the install process, I recorded the permissions qmail’s installer wanted to set, linked the installer with a fake chown() that does nothing, then applied pkgsrc’s mechanism for setting all the desired special permissions when installing a binary package. (I used the trick in Permanent CVS, temporary Git to work on a git branch, experiment freely, and keep only my best commits.)

  I thought I was just about done solving my friend’s problem. On a test system, I cleaned out all vestiges of qmail having ever been there, then built and installed it. That’s when I noticed there was no queue.

  Huh?

  Oh.

  I don’t remember slapping my forehead, which might not mean I didn’t.

  After over a year of breakage, I finally noticed my nearly six-year-old mistake. Eager to fix it and ship it, and not seeing an elegant solution, I settled for a less elegant one. queue-fix is a third-party tool that reuses qmail’s code to repair or create a queue. I added it as a dependency and scripted it to create the queue if missing.

  As far as I can tell, the result of naively installing our qmail binary package now matches file-for-file, permission-for-permission, what you’d get installing it from source by hand. Also, it works exactly as well as it always has for me in production. The triumphant pkgsrc commit message (original) concludes:

  A typical binary package should now:

  1. Install on any other system of matching OS and architecture,
  2. Not need matching numeric UIDs and GIDs to do so, and
  3. Be usable in production.

  You know, like any other binary package.

  The latest soon-to-be-released pkgsrc stable branch will include production-ready qmail binary packages for many popular platforms. Especially if you’re on NetBSD, but also on other platforms, pkg_add qmail-run will make you wonder what all this fuss was ever about.

  Exactly the point!

  Once 2017Q1 is out, the main reasons I can think of not to get your qmail from our published binary packages are:

  1. You don’t use pkgsrc or NetBSD (or qmail)
  2. You don’t see a binary qmail package for your OS and architecture
  3. You need a qmail with non-default PKG_OPTIONS

  With the default PKG_OPTIONS, you’ll get netqmail with Christopher K. Davis’s oversize DNS and Paul Jarc’s realrcptto patches.

  2017/04/04 Update: Here’s the 2017Q1 release announcement.

  2017/04/10 Update: Binary qmail packages aren’t showing up in the usual places. A dependency on checkpassword — which, not being under any license, is not under one of the licenses pkgsrc deems acceptable by default — is preventing bulk builds from publishing qmail binaries. On the off chance DJB intends to include checkpassword in the list of software he has placed in the public domain, I’ve emailed to request that he do so now. In the meanwhile, I’ve removed the checkpassword dependency (original) and requested the change be applied to the 2017Q1 branch. When it’s been applied, we should start seeing qmail binary packages. Likewise qmail-run and its dependency on ofmipd from mess822, which I made optional, off by default (original).

  2017/04/18 Update: Binary packages are here! Running qmail on NetBSD takes two minutes.

  Why did I make this effort?

  My mail server had been running fine before. As far as I can tell, it’s running exactly as fine now.

  My friend who likes qmail is having trouble convincing himself it’s still practical to run his own mail server at all.

  My friend who wonders why I stick with qmail, were he to read this, would surely be feeling a renewed sense of wonder right about now.

  I’m not. I’ve long been investing myself in NetBSD, pkgsrc, and qmail, and they continue to feel like good investments. Someday there may be a new effect I want to accomplish with qmail whose marginal cost I won’t enjoy paying. When that happens, I’ll reevaluate alternatives and the cost of switching to them.

  In the meanwhile, next time I install qmail, I’m happy to say there’s an excellent chance none of the experience and expertise that went into the writing of this post will be called for. Having shipped working code, I get to evict some longstanding want-to-dos and oh-yeah-that-weird-things from residence in my brain (and cruft from my weekly build config), and I get positive reinforcement that further improvements are also worth trying for. Both of these have the effect of increasing my overall area under the curve.

  The more I can simplify and automate, the fewer attention-slices I can require of myself, the more likely my desired outcomes persist when my circumstances change. That’s pretty important to me right about now.

  What I might do next

  qmail lets the names of its users and groups be configured at build time. pkgsrc could pretty easily support this, retaining the current names as defaults.

  Some of qmail’s attendant packages can optionally build with patches to add IPv6 support. Enabling IPv6 mail service would require at least an optional patch to qmail itself.

  Patches and/or wrapper programs exist to implement Sender Policy Framework, Sender Rewriting Scheme, and DomainKeys Identified Mail. It may be useful to optionally include them.

  Update: account names are configurable (original), SRS is optional (original), and qmail-remote can be wrapped easily (original).

  What you might do next

  What do you think? Could you benefit from applying some of these DevOps tools and practices? I’m teaching a hands-on workshop at the upcoming Agile Alliance Technical Conference where you can learn them. And/or teach me how I can benefit from letting go of qmail.

March 24, 2017

• NetBSD.org New Security Advisory: NetBSD-SA2017-003 (Weak privilege separation in XEN)

March 17, 2017

• Roy Marples Hello Phabricator

  After waving a fond farewell to Fossil I give a hearty hello to Phabricator!

  The Good

  Phabricator is written in PHP which means I don't have to install Yet Another Framework. I use quite a few things that depend on PHP on this site already, such as Grav and RoundCube. So of course, it allows me to self host. Or you can rent a Phabricator VPS @ Phacility.

  The sign up process (to my Phabricator instance, not somewhere else) is very straight-forward, allowing email/password with ReCaptha or use a OAuth2 provider such as Google. So this is very socially acceptable and should be secure from spambots.

  The core work is based around the ease of code auditing and review of patches. There is even a pastebin so users can upload config files and logs for analysis. Doing all this in a mailing list over the years results in things being here, there and everywhere .... and then expiring. Having it all centralised means nothing is lost. But more importantly, it's much easier to look at and work with, so this is a massive quality of life improvement.

  Tickets (or tasks in Phabricator) very user friendly, showing a collapsable history with full links to related objects such as commits, reviews, logs, etc. Infact the linking is extremely easy, one can reference some more of the popular objects by using a single letter follows by the id. Such as T1. Tickets can be related to one or more Projects and in turn Projects can display Tasks on a KanBan Board.

  Phabricator can host your code in your SCM of choice for you and defaults to not allowing destructive changesets by default which saves me from messing around with custom hooks. This allows the same feature as Fossil's immutable history on the server - you can do what you like to your own clone still.

  It's fast! No, it's not as fast as Fossil, but it's still more than fast enough especially when you consider the extra toys you get - syntax highlighting, desktop notifications (on supported browsers, which is most recent ones), user icons, in-depth tooltips. It's certainly faster than other solutions I've looked at recently and bar Fossil, probably the fastest.

  You get a chat room (does require a NodeJS server on the host for automatic updates though it seems) and a wiki. I still use IRC on FreeNode, but the advantage here is that this is web based and persistent so you don't loose anything if you get disconnected. Still, unsure how useful either be as I don't recall users editing any publically editable wiki pages I've had over the years - are my man pages really that good? Heh.

  The Bad

  Phabricator is written in PHP. Now I did say that was a good thing earlier, but it's a double edged sword. PHP does have a bad reputation for both security and language structure. I would argue that this is no different from how C is today. This is also bad, because my site ran on PHP-7.0 and that was soooo much faster than earlier versions it was silly. But Phabricator didn't support PHP-7 until PHP-7.1 in early Feb this year. Something to think about for long term support, but this equally applies to other languages, especially the Python-2 vs Python-3 issue as my box has two Python versions due mainly to certbot needing Python-2.7

  Phabricator requires MySQL (I installed MariaDB, the fork from MySql). I was very happy with PostgreSQL but my box does not have the resources to run both. Pretty much all other software I use allows the choice of DB, so this actually took me by surprise. And just like the PHP reaction others have, I was concerned by using MySQL, but as I'm not really into being a DBA I'm quite happy with MySQL so far.

  The linking is really bad for DHCP, because we always talk about T1 and T2 as timers. This is important, because my main product is of course dhcpcd. In Phabricator T1 and T2 are shorthand to link to Task 1 and Task 2. You can fix this by stopping Phabricator from linking via a matchig regex, but I quite like the ease of use and solved the problem via changing the AUTO_INCREMENT value in some tables from 1 to 101. This reduces the potential collision with other things, such as Z1 and allows the same workflow. Upstream rejected my change and even went as far as to remove me posting my fix if anyone else has the same issue claiming this would make support hard. As it turns out, something with my change isn't quite right - either Phabricator or MySQL resets the AUTO_INCREMENT value. I don't know which one, or what action I did or if it's a general Garbage Collection going on. This could be why they didn't like the change, but heh ho most of the important tables now have values in at 101 and higher so it shouldn't be a problem anymore.

  The Continuous Integration support is limiting, but it is there. Apparently you can at least call out to Jenkins or BuildBot.

  Because Phabricator is based on and developed in a DevOps fashion, there is practically no support for managed releases or milestones. This isn't a problem for me as such, but I would like a feature to track important things that went into a release better.

  The Ugly

  Phabricator is NOT ugly. It's quite visually appealing. However, it is quite possibly the most complex installation I've ever done as it uses many databases and as many configuration options as sysctl on a good BSD. This wasn't helped by running on NetBSD -current and a gcc built PHP with Phabricator just didn't work and I spent a long time working out why. My fix was to build everthing with clang which required a lot of personal effort from me at the time due to the recent UEFI booting support breaking the build and a the new clang-4 compiler not working with the NetBSD build knobs I was using. On the plus side, the Phabricator docmentation is good and about 95% of the issues I had were easily searchable on StackOverflow or the (mostly) friendly Phabricator community helped me out in their chat channel - which oddly enough is also a Phabricator application.

  Phabricator workflow with more than one dev, or the best way of submitting patches, is to use the Arcanist tool. They admit it's not great and things should be manageable directly through the SCM. We'll see how that progresses. In the meantime, posting patches to the Differential application is quite easy and allows easy patch review.

  I had to stop using Fossil because Fossil is more than just a SCM - it strives to be a complete one stop solution. Obviously that won't work for the desire to use Phabricator for all the good reasons, so I needed to pick a SCM to use. Luckily Phabricator quite a few - GIT, Mercurial and SVN.

  But what about the source code control?

  It's importance cannot be understated - the code is everything, the history of the code is everything. This has been known since the dawn of time. At this point though, the SCM just becomes a tool in the box, just like sed.

  Eh what?

  Every SCM solution out there has pretty much the same set of basic features you need - atomic checkins (ok, CVS lacks this), changesets, branching, tagging. That's all you pretty much need at a basic level - the rest of the features are predominently driven by workflow.

  Tools exist to export data from one to the other, and tools are being created to allow a more transparent bridge again making the choice of SCM even less important than it was before. The only real issue is the importance of meta data that has no place-holder in the other SCM you want to use. A good example of this would git the Author vs Commiter git attribute on the commit.

  Then, you need to understand that the SCM is only for developers. End users don't care a hoot about it - what they do care about is an easy to use system which handles the lifetime of their issue where dicussion, patches, logs, reviews and audits can happen. Hopefully they can even get a fixed build at the end. This is basically part of Application Lifecycle Management.

March 16, 2017

• OS News NetBSD 7.1 released
  NetBSD 7.1 has been released. Some highlights of the 7.1 release are: Support for Raspberry Pi Zero. Initial DRM/KMS support for NVIDIA graphics cards via nouveau (Disabled by default. Uncomment nouveau and nouveaufb in your kernel config to test). The addition of vioscsi, a driver for the Google Compute Engine disk. Linux compatibility improvements, allowing, e.g., the use of Adobe Flash Player 24. wm(4): C2000 KX and 2.5G support. Wake On Lan support. 82575 and newer SERDES based systems now work. ODROID-C1 Ethernet now works. Numerous bug fixes and stability improvements.

March 11, 2017

• Roy Marples Goodbye Fossil

  I've been using Fossil as my SCM for quite a few years now and it has served me well. It replaced my aging Trac (which I've now really retired in the recent server move ... it didn't move) + GIT setup. There is nothing inherently wrong with it and upstream are quite quick to resolve any issues. So lets start with a list of Fossil plus points, in no particular order:

  • BSD license.
  • One binary, easy installation, very low maintainence cost.
  • Integrated CGI web front end.
  • Integrated Wiki, Tickets - which are also distributed.
  • Sane command line UI.
  • Stores everything in a SQLite database.
  • Repository is not joined to the checkout, supports different checkout from the same cloned repository.
  • I have a Fossil commit bit - my change allows a near perfect Fossil GIT bridge.

  And naturally, after many years of use, there are some negative points:

  • The ticketing system is very basic and has no email support - you're expected to use each tickets RSS feed, but this is not clear.
  • It's not extendable.
  • It's possible for an admin in the upstream repo to wipe out parts or the whole of your cloned repo.
  • It's not social.

  That's actually a very small list of negative points. It shows that Fossil is a great product, with a great team behind it. Let's address these these negatives in more detail though.

  The ticketing system is is poor

  Yes, the tickets are distributed, but that's the only good point. The UI to progress the ticket needs a lot of work and is not intuitive to use. Tickets don't support markdown. It's not clear to the end user that the only feedback they get is a RSS feed. My initial attempt to fix this was about 3 years ago but was met with silence. I could try and improve this by creating a fossil branch just to add RSS icons to the ticket UI.

  Fossil is not extendable

  This isn't actually that bad, what it does have works well enough (aside from the ticketing). And to be fair, there is a 3rd party library to extend fossil but it doesn't seem to be used by anything I can find. However, based on recent experiences at my day job (where I don't use Fossil), code reviews are turning out to be quite critical and the tools we were using suck. Well, Fossil doesn't have any code review feature nor any easy way of hooking it into an automated build system for continuous integration So we're left reviewing changes via pastebin where links expire or diffs via email. Now diffs via email have been standard on many open source projects, and still are in many. Most of the time I can read them fine, but sometimes they are hard to review in an email. Sometimes I end up using a code review tool, loading the dhcpcd source code, copy and paste the diff into it, reviewing and then copying my review comments back into the email. This is hardly ideal and quite time consuming.

  Fossil history can be wiped out

  Fossil has an ability to delete anything from your cloned repo - it's called shunning. While this is an awesome feature for corporations (I work for one, I understand the problems and wish my day job had this feature), but equally I believe it's entirely un-suitable for open source use. This is my PC, it contains my contributions to a project which could wipe out my copy of said project and published contributions. History, gone. Now, it's entirely likely that this will never happen, I like to believe in the good in people, but the possibilty remains someone could push the button. OK, there's a bit more to it than that - the default fossil setting is to auto-sync the shun list. However, the code is disabled for auto-sync (ie sync on commit) but is enabled for the manual pull/push commands. While that removes the item from your checkout (if it's there), it won't actually remove it from the repository itself until the repository is rebuilt, which is sometimes forced on you when upgrading fossil. Yes, this is probably a knee-jerk reaction to a none-issue, but it still grates. This is also a reason why I love to self host and would never consider having GitHub or similar being the one sole place where I publish my work. I have always, and always will do, self host.

  Fossil is not social

  By it's very nature, you can't contribue to the club unless you're in the club - at least not using just Fossil. It's designed (from my perspective anyway) to be a distributed CVS/SVN + wiki + tickets. By this, I mean there is one master repository everyone clones from and pushes to. This makes it impossible to have my own branch outside of the main repo and publish it to others (equivalent of GIT Fork and Pull). It can also be argued that this is a good thing because it encourages people to work together and just like the prior point, this is a good feature for corporate setups. But equally sometimes someone needs to maintain a patchset unsuitable for upstream for valid reasons. This is rare, but it has happened. And I hate losing users for any reason. Could they have a branch they maintain in my repo? Quite possibly, but Fossil's security isn't that granular AFAIK and I would dislike someone messing around in the other branches. Maybe that's anti-social of me, but equally no-one has ever asked for commit access to my repos either.

  EDIT: Dr Richard Hipp pointed out privately that this is The Cathedral and the Bazaar. Fossil is the pre-eminent solution for The Cathedral, while others are more suited to the Bazaar.

  In summary

  Taking the above into account, I can no longer justify the use of Fossil in my Open Source projects. For other projects, Fossil is still an awesome tool if that's all you need.

• NetBSD.org NetBSD 7.1 released

March 01, 2017

• OS News Genode 17.02 uses Linux TCP/IP stack as file system
  The just released version 17.02 of the Genode OS framework comes with greatly enhanced virtual file-system capabilities, eases the creation of dynamic system compositions, and adds a new facility for processing user input. Furthermore, the components have become binary-compatible across kernel boundaries by default such that entire system scenarios can be moved from one kernel to another without recompiling the components. Genode's virtual file-system (VFS) infrastructure has a twisted history. Originally created as a necessity for enabling command-line-based GNU programs to run within Genode's custom Unix runtime, the VFS was later extracted as a separate library. This library eventually became an optional and later intrinsic part of Genode's C runtime. It also happened to become the basis of a file-system-server component. If this sounds a bit confusing, it probably is. But the resulting design takes the notion of virtual file systems to an new level. First, instead of providing a system-wide VFS like Unix does, in Genode each component can have its own VFS. Technically, it is a library that turns a number of Genode sessions into a file-system representation according the component's configuration. Via those sessions, the component is able to access services provided by other components such as file systems, terminals, or block devices. Furthermore, several built-in file systems are provided locally from within the component. Since the VFS is local to each component, the view of the component's world can be shaped by its parent in arbitrary ways. By default, each component runs in isolation. Whenever two components are meant to share a certain part of their VFS with one another, both mount a file-system session of the same server into their local VFS. This sharing is a deliberate decision by the component's common parent and thereby subjected to the parent's security policy. One particularly interesting file-system server is the so-called VFS server. It uses an arbitrarily configured VFS internally and exports its content as a file-system service, which can then be mounted in other components. This way, the VFS server can be used to emulate a "global" VFS, or to multiplex access to any file-system types supported by the VFS. Speaking of supported file-system types, this is where the VFS becomes literally infinitely flexible. The VFS features a plugin interface that incorporates file system types provided in the form of shared libraries. If the VFS configuration refers to a file system type not known by the VFS, a corresponding plugin is loaded. For example, there exists a plugin for generating random numbers based of the jitter of CPU execution time. The file system, when mounted, hosts only a single read-only file that produces random numbers. But VFS plugins can become much more creative. Via the rump-kernel VFS plugin, one can incorporate the file systems of the NetBSD kernel into any VFS-using component. Genode 17.02 furthermore comes with a Plan-9-inspired VFS plugin that makes the Linux TCP/IP stack available as a file system. The C runtime then translates BSD-socket API calls to file-system operations on the socket file system, which, in turn, are handled by the Linux TCP/IP stack. The fascinating part is that this all happens within a single component. Such a component is in fact quite similar to a unikernel. If two applications ought to share the same TCP/IP stack, the VFS server comes in handy. The Linux TCP/IP stack is then mounted once in the VFS server, which, in turn, provides file-system sessions to the applications. Each application then accesses the TCP/IP stack indirectly through those file-system sessions. In this scenario, the VFS server suddenly becomes a network multiplexer. The VFS is not the only topic of the current release. Another highlight is the introduction of a application binary interface that makes all components binary compatible across kernel boundaries by default. Combined with the new kernel-independent build directories, it has become possible to move complete system scenarios from kernels as different as L4, NOVA, seL4, or Linux in matter of seconds. Further improvements of Genode 17.02 are the addition of a generic input-event processor, new SD-card drivers, the update to the version 0.8 of the Muen separation kernel, and a new mechanism for managing dynamic subsystems. All the improvements are described in detail in the release documentation.

February 23, 2017

• Julio Merino Easy pkgsrc on macOS with pkg_comp 2.0

  This is a tutorial to guide you through the shiny new pkg_comp 2.0 on macOS using the macOS-specific self-installer.

  Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your macOS system up-to-date and secure.

  This tutorial is specifically targeted at macOS and relies on the macOS-specific self-installer package. For a more generic tutorial that uses the pkg_comp-cron package in pkgsrc, see Keeping NetBSD up-to-date with pkg_comp 2.0.

  Getting started

  Start by downloading and installing OSXFUSE 3 and then download the standalone macOS installer package for pkg_comp. To find the right file, navigate to the releases page on GitHub, pick the most recent release, and download the file with a name of the form pkg_comp-<version>-macos.pkg.

  Then double-click on the file you downloaded and follow the installation instructions. You will be asked for your administrator password because the installer has to place files under /usr/local/; note that pkg_comp requires root privileges anyway to run (because it uses chroot(8) internally), so you will have to grant permission at some point or another.

  The installer modifies the default PATH (by creating /etc/paths.d/pkg_comp) to include pkg_comp’s own installation directory and pkgsrc’s installation prefix. Restart your shell sessions to make this change effective, or update your own shell startup scripts accordingly if you don’t use the standard ones.

  Lastly, make sure to have Xcode installed in the standard /Applications/Xcode.app location and that all components required to build command-line apps are available. Tip: try running cc from the command line and seeing if it prints its usage message.

  Adjusting the configuration

  The macOS flavor of pkg_comp is configured with an installation prefix of /usr/local/, which means that the executable is located in /usr/local/sbin/pkg_comp and the configuration files are in /usr/local/etc/pkg_comp/. This is intentional to keep the pkg_comp installation separate from your pkgsrc installation so that it can run no matter what state your pkgsrc installation is in.

  The configuration files are as follows:

  • /usr/local/etc/pkg_comp/default.conf: This is pkg_comp’s own configuration file and the defaults configured by the installer should be good to go for macOS.

    In particular, packages are configured to go into /opt/pkg/ instead of the traditional /usr/pkg/. This is a necessity because the latter is not writable starting with OS X El Capitan thanks to System Integrity Protection (SIP).

  • /usr/local/etc/pkg_comp/sandbox.conf: This is the configuration file for sandboxctl, which is the support tool that pkg_comp uses to manage the compilation sandbox. The default settings configured by the installer should be good.

  • /usr/local/etc/pkg_comp/extra.mk.conf: This is pkgsrc’s own configuration file. In here, you should configure things like the licenses that are acceptable to you and the package-specific options you’d like to set. You should not configure the layout of the installed files (e.g. LOCALBASE) because that’s handled internally by pkg_comp as specified in default.conf.

  • /usr/local/etc/pkg_comp/list.txt: This determines the set of packages you want to build automatically (either via the auto command or your periodic cron job). The automated builds will fail unless you list at least one package.

    Make sure to list pkgin here to install a better binary package management tool. You’ll find this very handy to keep your installation up-to-date.

  Note that these configuration files use the /var/pkg_comp/ directory as the dumping ground for: the pkgsrc tree, the downloaded distribution files, and the built binary packages. We will see references to this location later on.

  The cron job

  The installer configures a cron job that runs as root to invoke pkg_comp daily. The goal of this cron job is to keep your local packages repository up-to-date so that you can do binary upgrades at any time. You can edit the cron job configuration interactively by running sudo crontab -e.

  This cron job won’t have an effect until you have populated the list.txt file as described above, so it’s safe to let it enabled until you have configured pkg_comp.

  If you want to disable the periodic builds, just remove the pkg_comp entry from the crontab.

  On slow machines, or if you are building a lot of packages, you may want to consider decreasing the build frequency from @daily to @weekly.

  Sample configuration

  Here is what the configuration looks like on my Mac Mini as dumped by the config subcommand. Use this output to get an idea of what to expect. I’ll be using the values shown here in the rest of the tutorial:

  $ pkg_comp config
  AUTO_PACKAGES = autoconf automake bash colordiff dash emacs24-nox11 emacs25-nox11 fuse-bindfs fuse-sshfs fuse-unionfs gdb git-base git-docs glib2 gmake gnuls libtool-base lua52 mercurial mozilla-rootcerts mysql56-server pdksh pkg_developer pkgconf pkgin ruby-jekyll ruby-jekyll-archives ruby-jekyll-paginate scmcvs smartmontools sqlite3 tmux vim
  CVS_ROOT = :ext:[email protected]:/cvsroot
  CVS_TAG is undefined
  DISTDIR = /var/pkg_comp/distfiles
  EXTRA_MKCONF = /usr/local/etc/pkg_comp/extra.mk.conf
  FETCH_VCS = git
  GIT_BRANCH = trunk
  GIT_URL = https://github.com/jsonn/pkgsrc.git
  LOCALBASE = /opt/pkg
  NJOBS = 4
  PACKAGES = /var/pkg_comp/packages
  PBULK_PACKAGES = /var/pkg_comp/pbulk-packages
  PKG_DBDIR = /opt/pkg/libdata/pkgdb
  PKGSRCDIR = /var/pkg_comp/pkgsrc
  SANDBOX_CONFFILE = /usr/local/etc/pkg_comp/sandbox.conf
  SYSCONFDIR = /opt/pkg/etc
  UPDATE_SOURCES = true
  VARBASE = /opt/pkg/var
  
  DARWIN_NATIVE_WITH_XCODE = true
  SANDBOX_ROOT = /var/pkg_comp/sandbox
  SANDBOX_TYPE = darwin-native
  

  Building your own packages by hand

  Now that you are fully installed and configured, you’ll build some stuff by hand to ensure the setup works before the cron job comes in.

  The simplest usage form, which involves full automation and assumes you have listed at least one package in list.txt, is something like this:

  $ sudo pkg_comp auto
  

  This trivially-looking command will:

  1. clone or update your copy of pkgsrc;
  2. create the sandbox;
  3. bootstrap pkgsrc and pbulk;
  4. use pbulk to build the given packages; and
  5. destroy the sandbox.

  After a successful invocation, you’ll be left with a collection of packages in the /var/pkg_comp/packages/ directory.

  If you’d like to restrict the set of packages to build during a manually-triggered build, provide those as arguments to auto. This will override the contents of AUTO_PACKAGES (which was derived from your list.txt file).

  But what if you wanted to invoke all stages separately, bypassing auto? The command above would be equivalent to:

  $ sudo pkg_comp fetch
  $ sudo pkg_comp sandbox-create
  $ sudo pkg_comp bootstrap
  $ sudo pkg_comp build <package names here>
  $ sudo pkg_comp sandbox-destroy
  

  Go ahead and play with these. You can also use the sandbox-shell command to interactively enter the sandbox. See pkg_comp(8) for more details.

  Lastly note that the root user will receive email messages if the periodic pkg_comp cron job fails, but only if it fails. That said, you can find the full logs for all builds, successful or not, under /var/pkg_comp/log/.

  Installing the resulting packages

  Now that you have built your first set of packages, you will want to install them. This is easy on macOS because you did not use pkgsrc itself to install pkg_comp.

  First, unpack the pkgsrc installation. You only have to do this once:

  $ cd /
  $ sudo tar xzvpf /var/pkg_comp/packages/bootstrap.tgz
  

  That’s it. You can now install any packages you like:

  $ PKG_PATH=file:///var/pkg_comp/packages/All sudo pkg_add pkgin <other package names>
  

  The command above assume you have restarted your shell to pick up the correct path to the pkgsrc installation. If the call to pkg_add fails because of a missing binary, try restarting your shell or explicitly running the binary as /opt/pkg/sbin/pkg_add.

  Keeping your system up-to-date

  Thanks to the cron job that builds your packages, your local repository under /var/pkg_comp/packages/ will always be up-to-date; you can use that to quickly upgrade your system with minimal downtime.

  Assuming you are going to use pkgtools/pkgin as recommended above (and why not?), configure your local repository:

  $ sudo /bin/sh -c "echo file:///var/pkg_comp/packages/All >>/opt/pkg/etc/pkgin/repositories.conf"
  

  And, from now on, all it takes to upgrade your system is:

  $ sudo pkgin update
  $ sudo pkgin upgrade
  

  Enjoy!

February 18, 2017

• Julio Merino Keeping NetBSD up-to-date with pkg_comp 2.0

  This is a tutorial to guide you through the shiny new pkg_comp 2.0 on NetBSD.

  Goals: to use pkg_comp 2.0 to build a binary repository of all the packages you are interested in; to keep the repository fresh on a daily basis; and to use that repository with pkgin to maintain your NetBSD system up-to-date and secure.

  This tutorial is specifically targeted at NetBSD but should work on other platforms with some small changes. Expect, at the very least, a macOS-specific tutorial as soon as I create a pkg_comp standalone installer for that platform.

  Getting started

  First install the sysutils/sysbuild-user package and trigger a full build of NetBSD so that you get usable release sets for pkg_comp. See sysbuild(1) and pkg_info sysbuild-user for details on how to do so. Alternatively, download release sets from the FTP site and later tell pkg_comp where they are.

  Then install the pkgtools/pkg_comp-cron package. The rest of this tutorial assumes you have done so.

  Adjusting the configuration

  To use pkg_comp for periodic builds, you’ll need to do some minimal edits to the default configuration files. The files can be found directly under /var/pkg_comp/, which is pkg_comp-cron’s “home”:

  • /var/pkg_comp/pkg_comp.conf: This is pkg_comp’s own configuration file and the defaults installed by pkg_comp-cron should be good to go.

    The contents here are divided in three major sections: declaration on how to download pkgsrc, definition of the file system layout on the host machine, and definition of the file system layout for the built packages.

    You may want to customize the target system paths, such as LOCALBASE or SYSCONFDIR, but you should not have to customize the host system paths.

  • /var/pkg_comp/sandbox.conf: This is the configuration file for sandboxctl. The default settings installed by pkg_comp-cron should suffice if you used the sysutils/sysbuild-user package as recommended; otherwise tweak the NETBSD_NATIVE_RELEASEDIR and NETBSD_SETS_RELEASEDIR variables to point to where the downloaded release sets are.

  • /var/pkg_comp/extra.mk.conf: This is pkgsrc’s own configuration file. In here, you should configure things like the licenses that are acceptable to you and the package-specific options you’d like to set. You should not configure the layout of the installed files (e.g. LOCALBASE) because that’s handled internally by pkg_comp as specified in pkg_comp.conf.

  • /var/pkg_comp/list.txt: This determines the set of packages you want to build in your periodic cron job. The builds will fail unless you list at least one package.

    WARNING: Make sure to include pkg_comp-cron and pkgin in this list so that your binary kit includes these essential package management tools. Otherwise you’ll have to deal with some minor annoyances after rebootstrapping your system.

  Lastly, review root’s crontab to ensure the job specification for pkg_comp is sane. On slow machines, or if you are building many packages, you will probably want to decrease the build frequency from @daily to @weekly.

  Sample configuration

  Here is what the configuration looks like on my NetBSD development machine as dumped by the config subcommand. Use this output to get an idea of what to expect. I’ll be using the values shown here in the rest of the tutorial:

  # pkg_comp -c /var/pkg_comp/pkg_comp.conf config
  AUTO_PACKAGES = autoconf automake bash colordiff dash emacs-nox11 git-base git-docs gmake gnuls lua52 mozilla-rootcerts pdksh pkg_comp-cron pkg_developer pkgin sqlite3 sudo sysbuild sysbuild-user sysupgrade tmux vim zsh
  CVS_ROOT = :ext:[email protected]:/cvsroot
  CVS_TAG is undefined
  DISTDIR = /var/pkg_comp/distfiles
  EXTRA_MKCONF = /var/pkg_comp/extra.mk.conf
  FETCH_VCS = cvs
  GIT_BRANCH = trunk
  GIT_URL = https://github.com/jsonn/pkgsrc.git
  LOCALBASE = /usr/pkg
  NJOBS = 2
  PACKAGES = /var/pkg_comp/packages
  PBULK_PACKAGES = /var/pkg_comp/pbulk-packages
  PKG_DBDIR = /usr/pkg/libdata/pkgdb
  PKGSRCDIR = /var/pkg_comp/pkgsrc
  SANDBOX_CONFFILE = /var/pkg_comp/sandbox.conf
  SYSCONFDIR = /etc
  UPDATE_SOURCES = true
  VARBASE = /var
  
  NETBSD_NATIVE_RELEASEDIR = /home/sysbuild/release/amd64
  NETBSD_RELEASE_RELEASEDIR = /home/sysbuild/release/amd64
  NETBSD_RELEASE_SETS is undefined
  SANDBOX_ROOT = /var/pkg_comp/sandbox
  SANDBOX_TYPE = netbsd-release
  

  Building your own packages by hand

  Now that you are fully installed and configured, you’ll build some stuff by hand to ensure the setup works before the cron job comes in.

  The simplest usage form, which involves full automation, is something like this:

  # pkg_comp -c /var/pkg_comp/pkg_comp.conf auto
  

  This trivially-looking command will:

  1. checkout or update your copy of pkgsrc;
  2. create the sandbox;
  3. bootstrap pkgsrc and pbulk;
  4. use pbulk to build the given packages; and
  5. destroy the sandbox.

  After a successful invocation, you’ll be left with a collection of packages in the directory you set in PACKAGES, which in the default pkg_comp-cron installation is /var/pkg_comp/packages/.

  If you’d like to restrict the set of packages to build during a manually-triggered build, provide those as arguments to auto. This will override the contents of AUTO_PACKAGES (which was derived from your list.txt file).

  But what if you wanted to invoke all stages separately, bypassing auto? The command above would be equivalent to:

  # pkg_comp -c /var/pkg_comp/pkg_comp.conf fetch
  # pkg_comp -c /var/pkg_comp/pkg_comp.conf sandbox-create
  # pkg_comp -c /var/pkg_comp/pkg_comp.conf bootstrap
  # pkg_comp -c /var/pkg_comp/pkg_comp.conf build <package names here>
  # pkg_comp -c /var/pkg_comp/pkg_comp.conf sandbox-destroy
  

  Go ahead and play with these. You can also use the sandbox-shell command to interactively enter the sandbox. See pkg_comp(8) for more details.

  Lastly note that the root user will receive email messages if the periodic pkg_comp cron job fails, but only if it fails. That said, you can find the full logs for all builds, successful or not, under /var/pkg_comp/log/.

  Installing the resulting packages

  Now that you have built your first set of packages, you will want to install them. On NetBSD, the default pkg_comp-cron configuration produces a set of packages for /usr/pkg so you have to wipe your existing packages first to avoid build mismatches.

  WARNING: Yes, you really have to wipe your packages. pkg_comp currently does not recognize the package tools that ship with the NetBSD base system (i.e. it bootstraps pkgsrc unconditionally, including bmake), which means that the newly-built packages won’t be compatible with the ones you already have. Avoid any trouble by starting afresh.

  To clean your system, do something like this:

  # ... ensure your login shell lives in /bin! ...
  # pkg_delete -r -R "*"
  # mv /usr/pkg/etc /root/etc.old  # Backup any modified files.
  # rm -rf /usr/pkg /var/db/pkg*
  

  Now, rebootstrap pkgsrc and reinstall any packages you previously had:

  # cd /
  # tar xzvpf /var/pkg_comp/packages/bootstrap.tgz
  # echo "pkg_admin=/usr/pkg/sbin/pkg_admin" >>/etc/pkgpath.conf
  # echo "pkg_info=/usr/pkg/sbin/pkg_info" >>/etc/pkgpath.conf
  # export PATH=/usr/pkg/bin:/usr/pkg/sbin:${PATH}
  # export PKG_PATH=file:///var/pkg_comp/packages/All
  # pkg_add pkgin pkg_comp-cron <other package names>
  

  Finally, reconfigure any packages where you had have previously made custom edits. Use the backup in /root/etc.old to properly update the corresponding files in /etc. I doubt you made a ton of edits so this should be easy.

  IMPORTANT: Note that the last command in this example includes pkgin and pkg_comp-cron. You should install these first to ensure you can continue with the next steps in this tutorial.

  Keeping your system up-to-date

  If you paid attention when you installed the pkg_comp-cron package, you should have noticed that this configured a cron job to run pkg_comp daily. This means that your packages repository under /var/pkg_comp/packages/ will always be up-to-date so you can use that to quickly upgrade your system with minimal downtime.

  Assuming you are going to use pkgtools/pkgin (and why not?), configure your local repository:

  # echo 'file:///var/pkg_comp/packages/All' >>/etc/pkgin/repositories.conf
  

  And, from now on, all it takes to upgrade your system is:

  # pkgin update
  # pkgin upgrade
  

  Enjoy!

February 17, 2017

• Julio Merino Introducing pkg_comp 2.0 (and sandboxctl 1.0)

  After many (many) years in the making, pkg_comp 2.0 and its companion sandboxctl 1.0 are finally here!

  Read below for more details on this launch. I will publish detailed step-by-step tutorials on setting up periodic package rebuilds in separate posts.

  What are these tools?

  pkg_comp is an automation tool to build pkgsrc binary packages inside a chroot-based sandbox. The main goal is to fully automate the process and to produce clean and reproducible packages. A secondary goal is to support building binary packages for a different system than the one doing the builds: e.g. building packages for NetBSD/i386 6.0 from a NetBSD/amd64 7.0 host.

  The highlights of pkg_comp 2.0, compared to the 1.x series, are: multi-platform support, including NetBSD, FreeBSD, Linux, and macOS; use of pbulk for efficient builds; management of the pkgsrc tree itself via CVS or Git; and a more robust and modern codebase.

  sandboxctl is an automation tool to create and manage chroot-based sandboxes on a variety of operating systems. sandboxctl is the backing tool behind pk_comp. sandboxctl hides the details of creating a functional chroot sandbox on all supported operating systems; in some cases, like building a NetBSD sandbox using release sets, things are easy; but in others, like on macOS, they are horrifyingly difficult and brittle.

  Storytelling time

  pkg_comp’s history is a long one. pkg_comp 1.0 first appeared in pkgsrc on September 6th, 2002 as the pkgtools/pkg_comp package in pkgsrc. As of this writing, the 1.x series are at version 1.38 and have received contributions from a bunch of pkgsrc developers and external users; even more, the tool was featured in the BSD Hacks book back in 2004.

  This is a long time for a shell script to survive in its rudimentary original form: pkg_comp 1.x is now a teenager at its 14 years of age and is possibly one of my longest-living pieces of software still in use.

  Motivation for the 2.x rewrite

  For many of these years, I have been wanting to rewrite pkg_comp to support other operating systems. This all started when I first got a Mac in 2005, at which time pkgsrc already supported Darwin but there was no easy mechanism to manage package updates. What would happen—and still happens to this day!—is that, once in a while, I’d realize that my packages were out of date (read: insecure) so I’d wipe the whole pkgsrc installation and start from scratch. Very inconvenient; I had to automate that properly.

  Thus the main motivation behind the rewrite was primarily to support macOS because this was, and still is, my primary development platform. The secondary motivation came after writing sysbuild in 2012, which trivially configured daily builds of the NetBSD base system from cron; I wanted the exact same thing for my packages.

  One, two… no, three rewrites

  The first rewrite attempt was sometime in 2006, soon after I learned Haskell in school. Why Haskell? Just because that was the new hotness in my mind and it seemed like a robust language to drive a pretty tricky automation process. That rewrite did not go very far, and that’s possibly for the better: relying on Haskell would have decreased the portability of the tool, made it hard to install it, and guaranteed to alienate contributors.

  The second rewrite attempt started sometime in 2010, about a year after I joined Google as an SRE. This was after I became quite familiar with Python at work, wanting to use the language to rewrite this tool. That experiment didn’t go very far though, but I can’t remember why… probably because I was busy enough at work and creating Kyua.

  The third and final rewrite attempt started in 2013 while I had a summer intern and I had a little existential crisis. The year before I had written sysbuild and shtk, so I figured recreating pkg_comp using the foundations laid out by these tools would be easy. And it was… to some extent.

  Getting the barebones of a functional tool took only a few weeks, but that code was far from being stable, portable, and publishable. Life and work happened, so this fell through the cracks… until late last year, when I decided it was time to close this chapter so I could move on to some other project ideas. To create the focus and free time required to complete this project, I had to shift my schedule to start the day at 5am instead of 7am—and, many weeks later, the code is finally here and I’m still keeping up with this schedule.

  Granted: this third rewrite is not a fancy one, but it wasn’t meant to be. pkg_comp 2.0 is still written in shell, just as 1.x was, but this is a good thing because bootstrapping on all supported platforms is easy. I have to confess that I also considered Go recently after playing with it last year but I quickly let go of that thought: at some point I had to ship the 2.0 release, and 10 years since the inception of this rewrite was about time.

  The launch of 2.0

  On February 12th, 2017, the authoritative sources of pkg_comp 1.x were moved from pkgtools/pkg_comp to pkgtools/pkg_comp1 to make room for the import of 2.0. Yes, the 1.x series only existed in pkgsrc and the 2.x series exist as a standalone project on GitHub.

  And here we are. Today, February 17th, 2017, pkg_comp 2.0 saw the light!

  Why sandboxctl as a separate tool?

  sandboxctl is the supporting tool behind pkg_comp, taking care of all the logic involved in creating chroot-based sandboxes on a variety of operating systems. Some are easy, like building a NetBSD sandbox using release sets, and others are horrifyingly difficult like macOS.

  In pkg_comp 1.x, this logic used to be bundled right into the pkg_comp code, which made it pretty much impossible to generalize for portability. With pkg_comp 2.x, I decided to split this out into a separate tool to keep responsibilities isolated. Yes, the integration between the two tools is a bit tricky, but allows for better testability and understandability. Lastly, having sandboxctl as a standalone tool, instead of just a separate code module, gives you the option of using it for your own sandboxing needs.

  I know, I know; the world has moved onto containerization and virtual machines, leaving chroot-based sandboxes as a very rudimentary thing… but that’s all we’ve got in NetBSD, and pkg_comp targets primarily NetBSD. Note, though, that because pkg_comp is separate from sandboxctl, there is nothing preventing adding different sandboxing backends to pkg_comp.

  Installation

  Installation is still a bit convoluted unless you are on one of the tier 1 NetBSD platforms or you already have pkgsrc up and running. For macOS in particular, I plan on creating and shipping a installer image that includes all of pkg_comp dependencies—but I did not want to block the first launch on this.

  For now though, you need to download and install the latest source releases of shtk, sandboxctl, and pkg_comp—in this order; pass the --with-atf=no flag to the configure scripts to cut down the required dependencies. On macOS, you will also need OSXFUSE and the bindfs file system.

  If you are already using pkgsrc, you can install the pkgtools/pkg_comp package to get the basic tool and its dependencies in place, or you can install the wrapper pkgtools/pkg_comp-cron package to create a pre-configured environment with a daily cron job to run your builds. See the package’s MESSAGE (with pkg_info pkg_comp-cron) for more details.

  Documentation

  Both pkg_comp and sandboxctl are fully documented in manual pages. See pkg_comp(8), sandboxctl(8), pkg_comp.conf(5) and sandbox.conf(5) for plenty of additional details.

  As mentioned at the beginning of the post, I plan on publishing one or more tutorials explaining how to bootstrap your pkgsrc installation using pkg_comp on, at least, NetBSD and macOS. Stay tuned.

  And, if you need support or find anything wrong, please let me know by filing bugs in the corresponding GitHub projects: jmmv/pkg_comp and jmmv/sandboxctl.

• NetBSD.org New Security Advisory: NetBSD-SA2017-002 (Several vulnerabilities in ARP)

February 09, 2017

• BSD Talk bsdtalk266 - The nodes take over
  We became tired of waiting. File Info: 7Min, 3MB. Ogg Link: https://archive.org/download/bsdtalk266/bsdtalk266.ogg

January 22, 2017

• Emile Heitor CPU temperature collectd report on NetBSD

  pkgsrc’s collectd does not support the thermal plugin, so in order to publish thermal information I had to use the exec plugin:

  1 2 3 4 5 6

  LoadPlugin exec # more plugins <Plugin exec> Exec "nobody:nogroup" "/home/imil/bin/temp.sh" </Plugin>

  And write this simple script that reads CPUs temperature from NetBSD’s envstat command:

  1 2 3 4 5 6 7 8 9 10 11 12 13 14

  $ cat bin/temp.sh #!/bin/sh hostname=$(hostname) interval=10 while : do envstat|awk '/cpu[0-9]/ {printf "%s %s\n",$1,$3}'|while read c t do echo "PUTVAL ${hostname}/temperature/temperature-zone${c#cpu} interval=${interval} N:${t%%.*}" done sleep ${interval} done

  I then send those values to an influxdb server:

  1 2 3 4 5 6

  LoadPlugin network # ... <Plugin network> Server "192.168.1.5" "25826" </Plugin>

  And display them using grafana:

  
  

  HTH!

December 09, 2016

• Super User NetBSD and TP-Link TL-WN727N (Atheros AR9271 or Ralink RT5370)

  Where can I find and install an AR9271 driver for the latest NetBSD? The target machine does not have Internet access and I need to setup the WiFi dongle first.

  I only found this: https://www.daemon-systems.org/man/athn.4.html

  UPDATE: wpa_supplicant was already written, but I didn't see my device.

  When I plug in the dongle it's shown as:

  ugen0 at uhub4 port 8 
  ugen0: Mediatek 802.11 n WLAN, rev 2.01/00, addr 2 
  

  ifconfig shows only re0 and lo0 interfaces.

  UPDATE: I saw on some Linux forums that the dongle uses an Atheros chip, but I checked in Windows and see Ralink. The ral driver is also integrated in NetBSD, but the situation doesn't change - I see no ra~ device in dmesg.boot.

December 08, 2016

• Super User NetBSD/FreeBSD and TP-Link TL-WN727N: Second encounter

  First part at NetBSD and TP-Link TL-WN727N (Atheros AR9271 or Ralink RT5370)

  So, I've installed NetBSD 7 and device shown again as ugen(ugein, lol).

  ugen0 at uhub4 port 8 
  ugen0: Mediatek 802.11 n WLAN, rev 2.01/00, addr 2
  

  Then I'm installed FreeBSD 10.2 and ugen again.

  usbconfig gives me ugen4.3: <product 0x7601 vendor 0x148f> at usbus4, cfg=0 md=HOST spd=HIGH(480Mbps) pwr=ON (90ma)

  So, what's next? Buying new dongle is a last thing, which I'll make.

  UPD: NDIS driver not works.

October 10, 2016

• OS News FreeBSD 11.0-RELEASE released
  The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.0-RELEASE. This is the first release of the stable/11 branch. Some of the highlights: OpenSSH DSA key generation has been disabled by default. It is important to update OpenSSH keys prior to upgrading. Additionally, Protocol 1 support has been removed. OpenSSH has been updated to 7.2p2. Wireless support for 802.11n has been added. By default, the ifconfig(8) utility will set the default regulatory domain to FCC on wireless interfaces. As a result, newly created wireless interfaces with default settings will have less chance to violate country-specific regulations. The svnlite(1) utility has been updated to version 1.9.4. The libblacklist(3) library and applications have been ported from the NetBSD Project. Support for the AArch64 (arm64) architecture has been added. Native graphics support has been added to the bhyve(8) hypervisor. Broader wireless network driver support has been added. The release notes provide the in-depth look at the new release, and you can get it from the download page.

September 14, 2016

• Julio Merino #! /usr/bin/env considered harmful

  Many programming guides recommend to begin scripts with the #! /usr/bin/env shebang in order to to automatically locate the necessary interpreter. For example, for a Python script you would use #! /usr/bin/env python, and then the saying goes, the script would “just work” on any machine with Python installed.

  The reason for this recommendation is that /usr/bin/env python will search the PATH for a program called python and execute the first one found… and that usually works fine on one’s own machine.

  Unfortunately, this advice is plagued with problems and assuming it will work is wishful thinking. Let me elaborate. I’ll use Python below for illustration purposes but the following applies equally to any other interpreted language.

  Problems

  i) The first problem is that using #! /usr/bin/env lets you find an interpreter but not necessarily the correct interpreter. In our example above, we told the system to look for an interpreter called python… but we did not say anything about the compatible versions. Did you want Python 2.x or 3.x? Or maybe “exactly 2.7”? Or “at least 3.2”? You can’t tell right? So the the computer can’t tell either; regardless, the script will probably run with whichever version happens to be called python–which could be any thanks to the alternatives system. The danger is that, if the version is mismatched, the script will fail and the failure can manifest itself at a much later stage (e.g. a syntax error in an infrequent code path) under obscure circumstances.

  ii) The second problem, assuming you ignore the version problem above because your script is compatible with all possible versions (hah), is that you may pick up an interpreter that does not have all prerequisite dependencies installed. Say your script decides to import a bunch of third-party modules: where are those modules located? Typically, the modules exist in a centralized repository that is specific to the interpreter installation (e.g. a .../lib/python2.7/site-packages/ directory that lives alongside the interpreter binary). So maybe your program found a Python 2.7 under /usr/local/bin/ but in reality you needed it to find the one in /usr/bin/ because that’s where all your Python modules are. If that happens, you’ll receive an obscure error that doesn’t properly describe the exact cause of the problem you got.

  iii) The third problem, assuming your script is portable to all versions (hah again) and that you don’t need any modules (really?), is that you are assuming that the interpreter is available via a specific name. Unfortunately, the name of the interpreter can vary. For example: pkgsrc installs all python binaries with explicitly-versioned names (e.g. python2.7 and python3.0) to avoid ambiguity, and no python symlink is created by default… which means your script won’t run at all even when Python is seemingly installed.

  iv) The fourth problem is that you cannot pass flags to the interpreter. The shebang line is intended to contain the name of the interpreter plus a single argument to it. Using /usr/bin/env as the interpreter name consumes the first slot and the name of the interpreter consumes the second, so there is no room to pass additional flags to the program. What happens with the rest of the arguments is platform-dependent: they may be all passed as a single string to env or they may be tokenized as individual arguments. This is not a huge deal though: one argument for flags is too restricted anyway and you can usually set up the interpreter later from within the script.

  v) The fifth and worst problem is that your script is at the mercy of the user’s environment configuration. If the user has a “misconfigured” PATH, your script will mysteriously fail at run time in ways that you cannot expect and in ways that may be very difficult to troubleshoot later on. I quote “misconfigured” because the problem here is very subtle. For example: I do have a shell configuration that I carry across many different machines and various operating systems; such configuration has complex logic to determine a sane PATH regardless of the system I’m in… but this, in turn, means that the PATH can end up containing more than one version of the same program. This is fine for interactive shell use, but it’s not OK for any program to assume that my PATH will match their expectations.

  vi) The sixth and last problem is that a script prefixed with #! /usr/bin/env is not suitable to being installed. This is justified by all the other points illustrated above: once a program is installed on the system, it must behave deterministically no matter how it is invoked. More importantly, when you install a program, you do so under a set of assumptions gathered by a configure-like script or prespecified by a package manager. To ensure things work, the installed script must see the exact same environment that was specified at installation time. In particular, the script must point at the correct interpreter version and at the interpreter that has access to all package dependencies.

  So what to do?

  All this considered, you may still use #! /usr/bin/env for the convenience of your own throwaway scripts (those that don’t leave your machine) and also for documentation purposes and as a placeholder for a better default.

  For anything else, here are some possible alternatives to using this harmful shebang:

  • Patch up the scripts during the “build” of your software to point to the specific chosen interpreter based on a setting the user provided at configure time or one that you detected automatically. Yes, this means you need make or similar for a simple script, but these are the realities of the environment they’ll run under…

  • Rely on the packaging system do the patching, which is pretty much what pkgsrc does automatically (and I suppose pretty much any other packaging system out there).

  Just don’t assume that the magic #! /usr/bin/env foo is sufficient or even correct for the final installed program.

  Bonus chatter: There is a myth that the original shebang prefix was #! / so that the kernel could look for it as a 32-bit magic cookie at the beginning of an executable file. I actually believed this myth for a long time… until today, as a couple of readers pointed me at The #! magic, details about the shebang/hash-bang mechanism on various Unix flavours with interesting background that contradicts this.