I'm an intermediate *NIX user who has been using these OSes since 1994, but I'm not up to date.

I'm frustrated with Mint linux on my very old Dell laptop because when I open too many browser tabs it takes the whole system to such a crawl (suddenly, like a straw that breaks a camel's back) that I can't use the mouse and can't even Alt-Ctrl-F1 to get to a vtty to kill processes. I end up powerswitching the computer off.

I'm looking for an OS that keeps the essential system components running and responding even when a particular process starts grinding down into zombieland, so I could gracefully recover. I need to be able to do the following things:

• Use a wide variety of WiFi hardware (mostly USB but also built-in) on a wide variety of oddball laptop and desktop hardware.
• Read and write reliably to NTFS, hopefully with BitLocker encryption
• Read and write reliably to Ext4, hopefully including LUKS disks
• Hopefully, be able to mount and use VeraCrypt volumes
• Read and write exFAT and memory sticks in general
• Hopefully, be able to run Windows 10 in a virtual environment / Wine
• Security is important to me, but functionality comes first for this use

I'm open to any BSD, Unix or linux OS, or anything else really. I run OpenBSD on this laptop dual-boot, but it won't do all the spiffy things I need to do. This is an old Dell laptop. I'll also be running whatever new OS on an old HP laptop and a few custom-built very old desktops. I'm willing to try a few things, but want to get ideas.

This should be my "Windows replacement" OS, so as full-featured as a workstation as possible.

Are there any other linux OSes that manage system resources better so one app can't drag down the whole system?

NetBSD? FreeBSD?

Thank you! <3 <3

I'm a bit confused now about installing software, after having seen a discussion on the NetBSD IRC channel. It was mentioned these two methods should not be used at the same time, on the same system. I understand the binary packages are all bulk built together, in a single environment, and that substituting them with pkgsrc build packages could lead to problems. However, I do not understand how it would be problematic to build pkgsrc packages in an additive manner, in other words, using binary packages for all the dependencies, but using a pkgsrc compiled package at the top level (nothing depends on it). This would be for a system using binary and pkgsrc, synced to the same quarterly release.

What am I failing to understand here? There's a different OS I use, which seems to be superficially structured similar to NetBSD, in having an "integrated base system install" and methods for installing third-party binary packages and a pkgsrc-like build-from-source method of creating packages to install. However, it does not seem to share this "either/or" restriction with regards to packages.

I just install git today and try to learn it. Unfortunately, I can't use git to clone any repository.

fatal: unable to access 'https://github.com/BambooEngine/ibus-bamboo.git/': SSL certificate problem: unable to get local issuer certificate

I don't have any background knowledge about SSL or networking to solve this problem so I need somebody to guide me this situation.

Somewhat short this week, but there’s several releases.

• Automatic Let’s Encrypt certificates in Apache with mod_md.
• FreeBSD audio from a perspective of a happy user.  (via)
• FreeBSD Developer Workstation Setup.
• NetBSD, CTWM, and Spleen.
• MATE 1.26.0 upgrade ready.  (GhostBSD)
• pfSense Software is 15 Today!
• Valuable News – 2021/10/11.
• OPNsense Business Edition 21.10 released.
• OpenBSD 7.0 released.

I did a macOS software update recently and was greeted with a Relocated Items.nosync folder on my desktop.

Inside was a PDF explaining what it was:

During the last macOS upgrade or file migration, some of your files couldn’t be moved to their new locations. This folder contains these files.

These configuration files were modified or customised by you, by another user or by an app. The modifications may be incompatible with the recent macOS upgrade. The modified files are in the Configuration folder, organised in subfolders named after their original locations.

To restore any of the custom configurations, compare your modifications with the configuration changes made during the macOS upgrade and combine them when possible.

There was only one affected file: /private/etc/shells. I’d echo’d the path of the OpenBSD portable Kornshell from pkgsrc into it so I could use it as my daily driver, because I’m a gentleman.

The notice above had me believing they’d replaced my config, but instead they’d retained my original file and put their desired changes into the relocated folder. A quick diff, which sounds more like a band name, showed:

12d11
< /opt/pkg/bin/oksh

I think I’ll be fine keeping that.

By Ruben Schade in Sydney, 2021-10-16.

Back in the fall of 2020, I was approached about adding Spleen to the NetBSD's xsrc repository. Needless to say, I wasn't difficult to convince, and imported Spleen 1.8.2 as font-spleen-misc. With this being done, [email protected] added all the required glue to hook the fonts to the build, and then changed the default CTWM configuration to do automatic font scaling based on screen size, and make Spleen the default font.

CTWM had previously been promoted as the default window manager on NetBSD, and saw several tweaks and improvements to make it look more modern, notably with a nice orange themed menu.

Below is a screenshot of CTWM with Spleen 8x16, running on my HP t510 Thin Client plugged to a 1600x900 monitor, showing JED, Lynx, xcalc and xv.

One last thing to note, there are now live images available in -current for amd64, and NetBSD 10 will be the first release to officially provide them. While NetBSD/evbarm has had live images for a long time now, their availability on amd64 is a much welcome addition, as this allows to easily test NetBSD's default CTWM configuration :-)

The most recent version is currently NetBSD-9.99.90-amd64-live.img.gz and can be downloaded here.

Once again, thanks to Nia for doing all of this!

It is status report season!

• ChiBUG is meeting on the 12th, virtually, at 6:30 PM Central.  “The Writing Scholar’s Guide to *BSD” is the presentation.
• OpenBSD’s pledge and unveil from Python.
• Notes on updating OpenBSD machines to current, supported versions.
• pkgsrc: how to use pkg_comp(8) to automate package builds in a sandbox.  (via)
• What every IT person needs to know about OpenBSD.  Glosses over OpenBSD’s fork, but that’s probably OK.
• HelloDesktop being ported from helloSystem back to FreeBSD ports.  (via)
• The OpenBSD Webzine.  (via)
• Celeste on OpenBSD with Sound – Early Stage.
• Spelling Fixes — Some Advice.
• HardenedBSD September 2021 Status Report.
• GhostBSD 21.09.29 ISO Now Available.
• Toolchains adventures – Q3 2021.
• Valuable News – 2021/10/04.

pkg_comp is a utility to build pkgsrc packages in a fully automated and self-contained manner. It can be seen as a wrapper over cvs/git, the pbulk infrastructure provided by pkgsrc, and sandboxctl(8).
This turns out particularly useful for whenever official binaries are not available: packages in sync with latest pkgsrc-current changes, packages linked against a -current userland, packages for tier2 archs or archs added recently and only supported in current (pkg_comp used to be my go to on aarch64), packages with licenses preventing them to be freely redistributed as binary.
pkg_comp is also useful to set up a small repo to serve on the local network (a trivial task using ftpd(8) or bozohttpd(8)), if bandwidth and download speed are problem.
A third interesting use case is compiling packages with custom build options (and prevent them from being refreshed/replaced by a pkgin fug), as well as applying local patches.

preliminary tasks

1. Get the sysrc and xsrc source sets matching your system version and unpack them to /usr, for packages needing to be linked against them.
   See Chapter 32. Obtaining the sources.

2. Fetch the release binary sets matching your system version. You can use sysupgrade fetch, it will store them automatically at /var/cache/sysupgrade.

3. Set up the release dir which sandboxctl shall use to create the sandbox. As of today, sandboxctl doesn't seem to allow specifying the archive extention, hence .tgz is expected. In NetBSD-9, I got around this by using the following xz2gz script, which will convert the archives to gzip and move them to /release/binary/sets

 
#!/bin/sh
tgzdir='/release/binary/sets'
xzdir='/var/cache/sysupgrade'

if [ ! -d $tgzdir ]; then
  mkdir -p $tgzdir
fi

for set in ${xzdir}/*.xz
  do
	xz -d $set
	gzip ${xzdir}/*.tar
  done

for set in ${xzdir}/*.tar.gz
  do
	mv $set $(basename $set .tar.gz).tgz
  done

for set in ${xzdir}/*.tgz
  do
	mv $set $tgzdir
  done

configure pkg_comp

Configuration files for pkg_comp and its sandbox are stored by default at /usr/pkg/etc/pkg_comp

1. sandbox.conf

# The `netbsd-release' sandbox type sets up a NetBSD sandbox on a NetBSD
# host using release sets.  Sandboxes created in this manner are "clean" in
# the sense that they reproduce a freshly installed system and are
# completely decoupled from the host system
SANDBOX_TYPE=netbsd-release

# sandbox path
SANDBOX_ROOT=/var/tmp/sandbox

# Parameters for a netbsd-release sandbox
NETBSD_RELEASE_RELEASEDIR=/release
NETBSD_RELEASE_SETS="base comp etc games man misc modules rescue tests text xbase xcomp xetc xfont xserver"

# User-provided routines required for building packages that use X libraries
# or need to build against system and/or X sources
pkg_comp_post_mount_hook() {
    #
    # Required to be able to build any packages that uses X and its libraries 
    #
    if [ -d /usr/X11R7 ]; then
        mkdir -p ${SANDBOX_ROOT}/usr/X11R7
        sandbox_bindfs -o ro /usr/X11R7 ${SANDBOX_ROOT}/usr/X11R7
    fi
    #
    # Optional, but needed for any packages which need access to system or X sources
    #
    if [ -d /usr/src ]; then
        mkdir -p ${SANDBOX_ROOT}/usr/src
        sandbox_bindfs -o ro /usr/src ${SANDBOX_ROOT}/usr/src
    fi
    if [ -d /usr/xsrc ]; then
        mkdir -p ${SANDBOX_ROOT}/usr/xsrc
        sandbox_bindfs -o ro /usr/xsrc ${SANDBOX_ROOT}/usr/xsrc
    fi
    exit 0
}

2. local.conf , our local pkg_comp configuration

# update your pkgsrc tree whenever invoking a pkg_comp build. 
# not strictly necessary on quartery branches  
UPDATE_SOURCES=true

# Additional configuration files to support this setup.
EXTRA_MKCONF="/usr/pkg/etc/pkg_comp/extra.mk.conf"
SANDBOX_CONFFILE="/usr/pkg/etc/pkg_comp/sandbox.conf"

# Remote VCS configuration.
FETCH_VCS=cvs
CVS_ROOT=:ext:[email protected]:/cvsroot
CVS_TAG=pkgsrc
#GIT_URL=https://github.com/NetBSD/pkgsrc.git
#GIT_BRANCH=trunk

# Host file layout  
# These directories point to trees managed outside of the
# sandbox and are exposed within the sandbox via null mounts.
PKGSRCDIR="/usr/pkgsrc"
DISTDIR="/usr/pkgsrc/distfiles"
PACKAGES="${PKGSRCDIR}/packages"
PBULK_LOG="${PACKAGES}/log"
PBULK_PACKAGES="${PACKAGES}/pbulk"

# Target file layout
LOCALBASE=/usr/pkg
PKG_DBDIR=/var/db/pkg
SYSCONFDIR=/usr/pkg/etc
VARBASE=/var

# Enable interactive pkgsrc development via sandbox-shell.
PKG_DEVELOPER=yes

# List of packages to build during automatic execution.
AUTO_PACKAGES="$(grep -v '^#' '/usr/pkg/etc/pkg_comp/pbulk.list')"

3. extra.mk.conf, additional pkgsrc settings to be used with pkg_comp.

# extra

# sanity checks for shared libs
PKG_DEVELOPER=yes

# compatibility pkgdbdir
PKG_DBDIR=/var/db/pkg

# build on tmpfs
WRKOBJDIR=/var/tmp/pkg

# cflags
#CPUFLAGS+=-O2 -pipe -fomit-frame-pointer -mfpmath=sse -msse2 -march=native
#CFLAGS+=-Wfatal-errors       
          

# ccache
#PKGSRC_COMPILER=ccache gcc           

#CCACHE_DIR=/var/tmp/ccache           

# make jobs
MAKE_JOBS=$(/sbin/sysctl -n hw.ncpuonline)

# PKG_ALTERNATIVES
PYTHON_VERSION_DEFAULT=39            

LUA_VERSION_DEFAULT=54               

PHP_VERSION_DEFAULT=80               

RUBY_VERSION_DEFAULT=30

# avoid linking against outdated libs
PREFER_PKGSRC?=MesaLib Xft2 Xrandr Xrender expat fontconfig freetype2 glu openssl pixman xcursor

# user patches 
LOCALPATCHES=/usr/pkg/etc/pkg_comp/patches

# other
SKIP_LICENSE_CHECK=yes
#NO_CHECKSUM=yes
#ALLOW_VULNERABLE_PACKAGES=yes

# PKG_OPTIONS
PKG_OPTIONS.seamonkey=dbus webrtc
PKG_OPTIONS.packagename=option1 option2 -disabledoption3

4. pbulk.list, list of packages to build.

# specify a list of packages to build, one per line
# with a category prefix, as they are found in the
# pkgsrc tree.
wm/ctwm
editors/texmaker
print/zathura
converters/pandoc
graphics/sxiv
...

start a pkg_comp build

$ pkg_comp -c local auto

That's pretty much all you need. The local configuration file, specified without the .conf extension, is expected to be found in the standard /usr/pkg/etc/pkg_comp directory.
The auto command will tell pkg_comp to:

1. optionally checkout or update a pkgsrc tree (if UPDATE_SOURCE=true);
2. create the sandbox (using sandboxctl);
3. bootstrap pkgsrc and pbulk;
4. use pbulk to build the given packages;
5. destroy the sandbox.

And is equivalent to:

$ pkg_comp -c local fetch
$ pkg_comp -c local sandbox-create
$ pkg_comp -c local bootstrap
$ pkg_comp -c local build <pbulk.list>
$ pkg_comp -c local sandbox-destroy

The stages can be invoked separately (e.g. you may just create/destroy the sandbox and build the packages in the middle).
The sandbox-shell command will chroot you into the sandbox, this is useful if anything goes wrong with the build.
The -o UPDATE_SOURCE=false can be passed interactively (as any other setting) to skip updating the pkgsrc tree.
If you'd like to restrict the set of packages to build during a manually-triggered build, provide those as additional arguments to auto (i.e. 'auto pkgin'). This will override the contents of AUTOPACKAGES (which was in turn derived from your pbulk.list file).
Nevertheless, you may you may also tell pkgcomp to just build individual packages or a series of packages:

$ pkg_comp -c local build package1 package2 package3 ...

installing packages

Any successfully built package will be stored in the directory set in PACKAGES, usually /usr/pkgsrc/packages/All. The pkg_summary files are also going to be updated, hence the directory can be used without further changes by pkgin to install or upgrade the packages on your host.

Now, all you need to do to use them via
pkg_add(8) is:

$ PKG_PATH=file:///usr/pkgsrc/packages/All; export PKG_PATH
$ pkg_add pkgname

Or add the repository to repositories.conf in order to use it with pkgin.

Why yes I am trying to clear out my backlog of Solène links.

• pkgsrc-2021Q3 branched.
• SOLVED: FreeBSD nfsv4 client/server protocol prob err=10026.
• Porting GNOME to NetBSD by Dan Cirnat.  (via)
• EuroBSDCon 2021 videos are available.
• Initial impressions of Airyx – FreeBSD with a macOS style desktop.  (via)
• Register multiples wifi networks on OpenBSD.
• Faster packages updates with OpenBSD.
• Workaround for an OpenBSD boot error on APU boards.
• RISC-V: The New Architecture on the Block.

I've been keeping myself busy since I posted the "Diving into toolchains" article at the beginning of June, so here is an update detailing what I've been up to during the past couple of months.

At the end of June, I went through the FSF copyright assignment process for both Binutils and GDB, which now allows me to contribute larger changes to these codebases. I thus updated the NetBSD system call table in GDB, and added support to readelf for reading OpenBSD ELF core notes.

In Pkgsrc land, I packaged and imported mold, a new linker that is optimized for modern multi-core machines, and updated our binutils package to the latest version.

At the end of August, I attended the OpenBSD k2k21 hackathon, and one of the goals I had was to get source-based code coverage working in LLVM. The first part of this was to find how to allow the compiler driver to link against the libclang_rt.profile library when passing the -fprofile-instr-generate and -fcoverage-mapping options to Clang. Once I figured the magic incantation, I committed my change to src and sent it upstream where it got committed and backported to the LLVM 13 branch. With this part sorted, the next step was to build and ship the library in the base system. I added build infrastructure for the library in base, and linked it to the build. It is now enabled on architectures where Clang is built.

To illustrate what we can do with the source-based code coverage, let's take the following C program:

#include <stdio.h>

int
main()
{
	printf(" >o_/   >o_/   >o_/ \n");
	return 0;

	printf("*PAN!* *PAN!* *PAN!*\n");
}

Let's build and instrument it to emit profile data:

clang -fprofile-instr-generate -fcoverage-mapping ducks.c -o ducks

And we can now run it to collect and process profile data:

LLVM_PROFILE_FILE="ducks.profraw" ./ducks
llvm-profdata merge -sparse ducks.profraw -o ducks.profdata
llvm-cov show ./ducks -instr-profile=ducks.profdata

We can see that no ducks were harmed during this experiment:

Coverage reports can also be created by llvm-cov:

llvm-cov report ./ducks -instr-profile=ducks.profdata

Filename                      Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/home/f/ducks/ducks.c               2                 1    50.00%           1                 0   100.00%           6                 1    83.33%
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                               2                 1    50.00%           1                 0   100.00%           6                 1    83.33%

Using the LLVM_PROFILE_FILE environment variable, it is possible to do several runs with different options and/or input files and get a new .profraw file each time. All those files can then be merged using llvm-profdata, which is pretty useful for doing coverage reports from unit tests.

On top of the OpenBSD related changes I've been contributing upstream to LLVM, I've been continuing my experiments with the build system. I've also been reading documentation about various parts of the toolchain, sending diffs when encountering mistakes or things which could be improved.

binutils and GDB commits:

• 2021-09-11 - 98ca73a - Add support to readelf for reading OpenBSD ELF core notes
• 2021-07-14 - 77db472 - Update the NetBSD system call table to match NetBSD-current

Pkgsrc toolchains related commits:

• 2021-09-27 - 65675ea - Update to mold 0.9.6
• 2021-09-11 - 871f328 - Update to binutils 2.37
• 2021-09-11 - 53d0f2e - Update to mold 0.9.5
• 2021-07-29 - 1b5d585 - Import mold 0.9.3

LLVM commits:

• 2021-09-30 - 97a0ba4 - [clang] Update Clang version from 13 to 14 in scan-build.1
• 2021-09-30 - 01641f6 - [clang] Fix sentence in the usage section of ThinLTO docs
• 2021-09-29 - 7a7caf9 - [clang] Fix library name (libsupc++) in the admonition note
• 2021-09-28 - 5b125a4 - [CMake] Add detection for the mold linker in AddLLVM.cmake
• 2021-09-24 - 626e2a6 - [compiler-rt] Use portable "#!/usr/bin/env bash" shebang for tests
• 2021-09-24 - 4ed0531 - [docs] Document the –print-passes flag in opt
• 2021-09-23 - 7f5ca8c - [clang] Use portable "#!/usr/bin/env bash" shebang for tools and utils
• 2021-09-17 - b588f5d - [clang][scan-build] Use cc/c++ instead of gcc/g++ on OpenBSD
• 2021-09-07 - 4787ef3 - [compiler-rt] Document that builtins is known to work on OpenBSD
• 2021-09-03 - 466451c - [clang] Allow the OpenBSD driver to link the libclang_rt.profile library
• 2021-07-27 - 1862ffe - [clang] Fix a typo in the manual page: s/contraint/constraint
• 2021-07-23 - bc96aa9 - [clang] Fix typos in Options.td and regen ClangCommandLineReference.rst

I was curious to see lua(4) in action, so I decided to perform some quick test.

printing a "hello, world!" script

First of all, load the relevant kernel modules:

$ modload lua
$ modload luasystm

To have them loaded automatically at boot:

printf '%s\n%s\n' 'lua' 'luasystm' >> /etc/modules.conf

If everything's right the kernel buffer will show:

[     6.176500] lua0: Lua 5.3.5  Copyright (C) 1994-2018 Lua.org, PUC-Rio

And modstat will return:

NAME                    CLASS    SOURCE   FLAG  REFS    SIZE REQUIRES 
lua                     misc     filesys  -        1       - -
luasystm                misc     filesys  -        0       - lua

Let's enhance the verbosity of the lua(4) module:

$ sysctl -w kern.lua.verbose=1
kern.lua.verbose: 0 -> 1

Without further ado, we can now proceed to test the built-in kernel parser, using luactl(8):

1. create a state to load our scripts

   $ luactl create s1 testing
   s1 created
   $ luactl
   Name             Creator  Description
   s1               user     testing
   

2. load luasystm bindings on state s1 (required for print())

   $ luactl require s1 systm
   systm required by s1
   

3. Write a sample 'hello world' script:

   $ cat << eof > hello.lua
   -- hello world!
   systm.print("hello world!\n")
   eof
   $ luactl load s1 ./hello.lua
   ./hello.lua loaded into s1
   $ dmesg | tail -1
   [  2769.687618] hello world!
   

   Notice that the absolute path is required for luactl to read the script
   
   

   more testing

   1) parsing simple functions

   -- sum func
   function add(x, y)
     return x + y
   end
   systm.print("the sum of 16 and 32 is:\n")
   systm.print (add(16, 32))
   
   systm.print ("\n")
   
   -- factorial func
   function fact (n)
     if n == 0 then
       return 1
     else
       return n * fact(n-1)
     end
   end
   systm.print("the factorial of 7 is:\n")
   systm.print (fact(7))
   

   
   

   $ luactl load s1 ./sample.lua
   ./sample.lua loaded into s1
    $ dmesg | grep -A 5 sample
   [  4283.160428] lua0: loading ./sample.lua into state s1
   [  4283.170432] the sum of 16 and 32 is:
   [  4283.170432] 48
   [  4283.170432] the factorial of 7 is:
   [  4283.180433] 5040
   

   2) displaying OS info

   -- print system info
   function uname()
     tbl = {"copyright", "cpu_model", "machine", "machine_arch", "osrelease", "os
   type", "kernel_ident", "version"}
     for i = 1, #tbl do
       systm.print(systm[tbl[i]] .. "\n")
     end
   end
   
   uname()
   

   Which produces:

   [  5519.710421] lua0: loading ./sys.lua into state s1
   [  5519.720425] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
   [  5519.730424]     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
   [  5519.730424]     2018, 2019, 2020 The NetBSD Foundation, Inc.  All rights reserved.
   [  5519.740424] Copyright (c) 1982, 1986, 1989, 1991, 1993
   [  5519.750425]     The Regents of the University of California.  All rights reserved.
   
   [  5519.760427] raspberrypi,3-model-b
   [  5519.760427] evbarm
   [  5519.760427] aarch64
   [  5519.760427] 9.2_STABLE
   [  5519.770428] NetBSD
   [  5519.770428] GENERIC64
   [  5519.770428] NetBSD 9.2_STABLE (GENERIC64) #0: Fri Aug 20 19:33:44 UTC 2021
   [  5519.780428] [email protected]:/usr/src/sys/arch/evbarm/compile/GENERIC64
   

   3) display hostname

   function hostname()
     local f = io.popen ("/bin/hostname")
     local host = f:read("*a") or ""
     f:close()
     host =string.gsub(host, "\n$", "")
     systm.print (host)
   end
   systm.print("Welcome to:\n")
   hostname()
   

   This is not going to work:

   $ luactl load s1 ./host.lua
   luactl: LUALOAD: Invalid argument
   

Hello.

I need to reinstall FreeBSD,but since I've lost one disk,because it's damaged,I need to find a place on another disk. I've thought about resizing the netbsd installation by 50% and on the other 50% I will install FreeBSD. So,do you have a good tutorial where I can learn how to resize (shrink) the space occupied by NetBSD ? I imagine that it's not so easy. Please don't give me the man pages. They aren't useful at all for me,because they show what u can do,not how to do. I prefer to find a tutorial that explains step by step how to shrink the whole disk space where I have installed netbsd for 50%. And I will be very happy if you know a tool that can shrink the space like gparted 😃

I forgot to link to BSD Now 421: ZFS eats CPU on Thursday!

• Valuable News – 2021/09/20.
• Ghost in the Shell – Part 7 – ZSH Setup.
• GhostBSD build tool development visualization, 2014-2021.
• Migrating from Apache/WordPress to relayd/httpd/Hugo.
• Technology Roadmap.  (FreeBSD)  I support this idea of publishing plans.
• Improving GDB register model compatibility in LLDB.
• Cruelty Squad brings Executive Mindset to OpenBSD.
• OPNsense 21.7.3 released.
• php_mail() on FreeBSD and WordPress.  (via)
• Automatically lock screen on OpenBSD using xidle and xlock.
• OpenBSD on the Vortex86DX CPU.
• “DNSSEC Mastery, 2nd Edition” Cover Reveal.  BSD front and center.

This is the OpenBSD counterpart of my article about running NetBSD on the Vortex86DX CPU, and its purpose is mostly to archive a dmesg entry and various benchmarks for this machine. I should note that with only 256MB of RAM, the machine is too constrained to do kernel and libraries relinking in a timely manner, due to swapping.

For more information and background about the hardware, please refer to my other article.

Here is the result of a quick md5 -t benchmark:

MD5 time trial.  Processing 10000 10000-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 2.398437 seconds
Speed  = 41693819.766790 bytes/second

Here is the result of the sha1 -t benchmark:

SHA1 time trial.  Processing 10000 10000-byte blocks...
Digest = 74a57b897cc581defa5b3a359fa762a1b83a60e8
Time   = 5.648437 seconds
Speed  = 17704012.632167 bytes/second

For the record, LibreSSL speed benchmark results are available here.

System message buffer (dmesg output):

OpenBSD 7.0 (GENERIC) #203: Wed Sep 22 19:24:38 MDT 2021
    [email protected]:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 267927552 (255MB)
avail mem = 246661120 (235MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 10/29/10, BIOS32 rev. 0 @ 0xf0010
pcibios0 at bios0: rev 3.0 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3a80/224 (12 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x17f3 product 0x6031
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xe9400/0x200!
cpu0 at mainbus0: (uniprocessor)
cpu0: Vortex86 SoC  (586-class) 1.01 GHz, 05-02-02
cpu0: FPU,TSC,CX8
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "RDC R6021 Host" rev 0x02
vga1 at pci0 dev 3 function 0 "XGI Technology Volari Z7" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "RDC R6031 ISA" rev 0x02
vte0 at pci0 dev 8 function 0 "RDC R6040 Ethernet" rev 0x00: irq 10, address 00:1b:eb:22:16:5c
rdcphy0 at vte0 phy 1: R6040 10/100 PHY, rev. 1
ohci0 at pci0 dev 10 function 0 "RDC R6060 USB" rev 0x12: irq 11, version 1.0, legacy support
ehci0 at pci0 dev 10 function 1 "RDC R6061 USB2" rev 0x03: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "RDC EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 11 function 0 "RDC R6060 USB" rev 0x12: irq 11, version 1.0, legacy support
ehci1 at pci0 dev 11 function 1 "RDC R6061 USB2" rev 0x03: irq 11
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "RDC EHCI root hub" rev 2.00/1.00 addr 1
pciide0 at pci0 dev 12 function 0 "RDC R1011 IDE" rev 0x01: DMA (unsupported), channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "RDC OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "RDC OHCI root hub" rev 1.00/1.00 addr 1
dt: 445 probes
umass0 at uhub1 port 2 configuration 1 interface 0 "SanDisk Cruzer Switch" rev 2.00/1.27 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0: <SanDisk, Cruzer Switch, 1.27> removable serial.07815572120302108502
sd0: 7633MB, 512 bytes/sector, 15633408 sectors
uhidev0 at uhub2 port 1 configuration 1 interface 0 "Lenovo ThinkPad Compact USB Keyboard with TrackPoint" rev 2.00/3.30 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub2 port 1 configuration 1 interface 1 "Lenovo ThinkPad Compact USB Keyboard with TrackPoint" rev 2.00/3.30 addr 2
uhidev1: iclass 3/1, 22 report ids
ums0 at uhidev1 reportid 1: 5 buttons, Z and W dir
wsmouse0 at ums0 mux 0
ucc0 at uhidev1 reportid 16: 573 usages, 18 keys, array
wskbd2 at ucc0 mux 1
wskbd2: connecting to wsdisplay0
uhid0 at uhidev1 reportid 17: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 19: input=8, output=8, feature=8
uhid2 at uhidev1 reportid 21: input=2, output=0, feature=0
uhid3 at uhidev1 reportid 22: input=2, output=0, feature=0
uaudio0 at uhub2 port 2 configuration 1 interface 1 "ABC C-Media USB Audio Device" rev 1.10/1.00 addr 3
uaudio0: class v1, full-speed, sync, channels: 2 play, 1 rec, 8 ctls
audio0 at uaudio0
uhidev2 at uhub2 port 2 configuration 1 interface 3 "ABC C-Media USB Audio Device" rev 1.10/1.00 addr 3
uhidev2: iclass 3/0
ucc1 at uhidev2: 11 usages, 3 keys, enum
wskbd3 at ucc1 mux 1
wskbd3: connecting to wsdisplay0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (779fe8066eed6ce5.a) swap on sd0b dump on sd0b

There are no sensors available on this machine.

PCI device data:

# pcidump
Domain /dev/pci0:
 0:0:0: RDC R6021 Host
 0:3:0: XGI Technology Volari Z7
 0:7:0: RDC R6031 ISA
 0:8:0: RDC R6040 Ethernet
 0:10:0: RDC R6060 USB
 0:10:1: RDC R6061 USB2
 0:11:0: RDC R6060 USB
 0:11:1: RDC R6061 USB2
 0:12:0: RDC R1011 IDE

This week’s BSD Now thankfully skips the pun that might go with the episode number, and talks about various OpenBSD and NetBSD articles.

I've just installed virt-manager with pkgin on NetBSD 9.2 just because I want to emulate the virtual machines with qemu + nvmm on NetBSD 9.2. The installation of virt-manager went ok. But,when I ran it,an error came up :

netbsd-marietto# virt-manager

Traceback (most recent call last):

File "/usr/pkg/share/virt-manager/virt-manager.py", line 386, in <module>

main()

File "/usr/pkg/share/virt-manager/virt-manager.py", line 247, in main

from virtManager import cli

File "/usr/pkg/share/virt-manager/virtManager/cli.py", line 29, in <module>

import libvirt

ImportError: No module named libvirt

Googling a little bit maybe I've found the solution here :

https://www.unitedbsd.com/d/285-linux-user-and-netbsd-enthusiast-hoping-to-migrate-some-day

where "kim" said :

Looking at pkgsrc/sysutils/libvirt/PLIST it doesn't look like the package provides any Python bindings -- which is what the "ImportError: No module named libvirt" error message is about. You could try py-libvirt from pkgsrc-wip and see how that works out.

I tried to start the compilation like this :

netbsd-marietto# cd /home/mario/Desktop/pkgsrc-wip/py-libvirt
netbsd-marietto# make

but I've got this error :

make: "/home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile" line 15: Could not find ../../wip/libvirt/buildlink3.mk
make: "/home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile" line 16: Could not find ../../lang/python/distutils.mk
make: "/home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile" line 17: Could not find ../../mk/bsd.pkg.mk
make: Fatal errors encountered -- cannot continue

If u want to see the content of the Makefile,it is :

gedit /home/mario/Desktop/pkgsrc-wip/py-libvirt/Makefile

#$NetBSD: Makefile,v 1.32 2018/11/30 09:59:40 adam Exp $

PKGNAME= ${PYPKGPREFIX}-${DISTNAME:S/-python//}
DISTNAME= libvirt-python-5.8.0
CATEGORIES= sysutils python
MASTER_SITES= https://libvirt.org/sources/python/

MAINTAINER= [email protected]
HOMEPAGE= https://libvirt.org/sources/python/
COMMENT= libvirt python library
LICENSE= gnu-lgpl-v2

USE_TOOLS+= pkg-config

.include "../../wip/libvirt/buildlink3.mk"
.include "../../lang/python/distutils.mk"
.include "../../mk/bsd.pkg.mk"

Can someone help me to fix the error ? very thanks.

I have a confession. As opposed to a professioion? WHOA, is that how that works? Don’t answer that.

I’ve mentioned many times how excited I was for OpenZFS in FreeBSD 13, due in no small part to its inline encryption capabilities. I’d used the closed-source equivalent on the last Solaris, and had made some proof of concepts on the -CURRENT branch, but I hadn’t used it for any real world data. I also didn’t feel as compelled to rush out and replace my GELI encrypted volumes as I first thought. It still works, and will for the foreseeable future.

A shiny new set of drives for my home server finally gave me the kick up the proverbial posterior to give it a shot with some prod data that definitely isn’t a Plex server for anime. This was my story. DUN DUN.

The existing GELI approach

We’ve always been able to encrypt ZFS on FreeBSD, albeit with an intermediate layer performing the encryption before our data hits the disk. GELI was the most recent and accepted tool to achieve this, akin to cgd on NetBSD, or LUKS on Linux. It’s proven, well tested, and secure, like my hat. Wait, what?

Here’s an example of a typical encrypted ZFS volume using GELI. We create a new GPT layout, label it (you’ll be glad you did), create a key, create a new virtual GELI encrypted block device, then build our ZFS pool on top. Note in the final step we reference the virtual encrypted device:

# _LABEL="12TB-IronWolf-SERIALNO"
# _KEY="/root/example.key"
	
# gpart -s create gpt /dev/ada5
# gpart add -t freebsd-zfs -l "$_LABEL" /dev/ada5
	
# openssl rand -hex 32 | tee "$_KEY"
# geli init -P -K "$_KEY" "/dev/gpt/$_LABEL"
# geli attach -pk "$_KEY" "/dev/gpt/$_LABEL"
	
# zpool create pool "/dev/gpt/${_LABEL}.eli"
# zfs create pool/tank

This uses a plain disk, but you could just as easily build this on top of an iSCSI mount, or a HAST volume. When you restart, you perform the geli attach then zpool import as normal.

The key here is you’re encrypting the entire partition beneath ZFS. GELI is device and file-system agnostic, and ZFS is unaware (AFAIK) that it’s operating within a virtual encrypted device. This may still be preferable in some circumstances, as we’ll get to in a moment.

OpenZFS inline encryption

By contrast, is a phrase with two words. OpenZFS’s native encryption operates at the dataset level, negating the need for a GELI device that has to be mounted separately. What’s even cooler is that all of ZFS’s data integrity, deduping, compression, exports, and other features can operate on these encrypted datasets, even if they’re not imported/mounted. Cray!

You can prepare your drive with gpart(8) and create a key as per above. After that, we create a zpool(8), which has the encryption feature available by default on FreeBSD 13:

# zpool create pool "/dev/gpt/$_LABEL"
	
# zpool get [email protected] pool
==> pool [email protected] active local

Then create a new encrypted volume. You can also verify the operation and check the encryption scheme used with zfs-get(8):

# zfs create -o encryption=on -o keyformat=hex \
	-o keylocation=file:///root/example.key pool/tank 
   
# zfs get encryption,keylocation,keyformat pool/tank
==> NAME       PROPERTY     VALUE                     SOURCE
==> pool/tank  encryption   aes-256-gcm               -
==> pool/tank  keylocation  file:///root/example.key  local
==> pool/tank  keyformat    hex

Wait, hold on, that’s it? Yes! How cool is that!?

Gotchas

I had initially assumed that using keys would result in the zfs datasets automounting when the zpool is imported, which is not the case. Even if their key is available, you must import them first before the zfs dataset is mounted and ready to use (it looks like an rc.d service was written and reviewed to facilitate doing this on boot, which I’ll need to investigate).

The easiest way to do this is with the lowercase L option in zpool(8) import, which retrieves all the keys it can before mounting your encrypted datasets:

# zpool import pool -l

Or you can load all available keys with zfs(8) load-key:

# zpool import pool
# zfs load-key -a

Refer to the linked man pages for more details. Even if you don’t need more details, and just want to marvel at what well-documented software looks like. The GNU people could learn a lesson or two (or three).

Considerations

As I eluded to above, there are a couple of caveats. GELI encrypts whatever data is handed to it, whereas OpenZFS necessarily stores metadata about the datasets in order to use them. This includes dataset and snapshot names. Bear (bare?) that in mind when you’re naming and structuring your datasets.

This is speculation on my part, but I’d also think there’d be a chance for plausible deniability in a device that’s been completely encrypted with GELI, just as any device that uses whole drive encryption. By contrast, OpenZFS dataset metadata makes it obvious that they contain encrypted data, and the scheme with which the data was encrypted. I could be wrong here though.

Overall, is an item of clothing. OpenZFS encryption makes the system administrator’s life easier, and those caveats don’t concern me for how I store my data. I’ll be using it for everything going forward.

Allan Jude and Kyle Kneisl’s FreeBSD Journal article from last year is a great resource if you’d like to learn more about the implementation of OpenZFS’s encryption system. I also found Jim Salter’s article useful in Ars Technica for learning about key management; once you block all the irrelevant autoplaying videos. #ModernWeb

DISCLAIMER: Cryptography is critical to get right, or it’s not worth doing. Always read and follow the official documentation over someone’s blog, even if the blog has a cute anime mascot and is written by someone with the best of intentions and an awesome hat.

By Ruben Schade in Sydney, 2021-09-11.

All of a sudden (read: without changing any parameters) my netbsd virtualmachine started acting oddly. The symptoms concern ssh tunneling.

From my laptop I launch:

$ ssh -L 7000:localhost:7000 [email protected] -N -v

Then, in another shell:

$ irssi -c localhost -p 7000

The ssh debug says:

debug1: Connection to port 7000 forwarding to localhost port 7000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 7000 for localhost port 7000, connect from 127.0.0.1 port 53954, nchannels 3

I tried also with localhost:80 to connect to the (remote) web server, with identical results.

The remote host runs NetBSD:

bash-4.2# uname -a
NetBSD host 5.1_STABLE NetBSD 5.1_STABLE (XEN3PAE_DOMU) #6: Fri Nov  4 16:56:31 MET 2011  [email protected]:/m/obj/m/src/sys/arch/i386/compile/XEN3PAE_DOMU i386

I am a bit lost. I tried running tcpdump on the remote host, and I spotted these 'bad chksum':

09:25:55.823849 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 67, bad cksum 0 (->3cb3)!) 127.0.0.1.54381 > 127.0.0.1.7000: P, cksum 0xfe37 (incorrect (-> 0xa801), 1622402406:1622402421(15) ack 1635127887 win 4096 <nop,nop,timestamp 5002727 5002603>

I tried restarting the ssh daemon to no avail. I haven't rebooted yet - perhaps somebody here can suggest other diagnostics. I think it might either be the virtual network card driver, or somebody rooted our ssh.

Ideas..?

I wrote a post back in May saying I wasn’t sure that UNIX won, as so many media outlets were claiming. I said I was on the fence, but that I saw Linux continue to depart from UNIX’s legacy in meaningful ways. It’s since been picked up and circulated on the usual news aggregator sites and social media, most of which have generated relevant, tactful comments that swayed my opinion and… nah, got you!

Nobody that I could see challenged the post’s premise that UNIX didn’t win (which for certain Linux and BSD folks was seen as a bad thing for the ongoing project of cross-platform compatibility and good system design, or fabulous by others who claimed it freed their systems from perceived UNIX baggage).

Great, end of the post then, time for a beer! Wait, what do you mean it’s Tuesday morning?

By Ruben Schade in Sydney, 2021-09-07.

After initial work on the wifi renewal branch went quite fast and smooth, things have slowed down a bit in the last few months.

Most of the slow down was due to me not being available for this type of work for unexpectedly long times - a problem that should be fixed now.

However, there were other obstacles and unexpected issues on the way:

• bpf taps are handled differently in the new stack and some slightly obscure site conditions of this had been overlooked in the initial conversion. To make everything work, changes to our bpf framework were needed (and have landed in -current some time ago now).
• Many wifi drivers seem to be in a, let's say, slightly fragile state. When testing the random collection of wifi hardware that I acquired during this project in -current, many drivers did not work at first try and often I was able to provoke kernel panics quickly. This is not a happy base to start converting drivers from.
• After the great success of usbnet(9) for USB ethernet drivers, core and I agreed to do the same for wifi - the result is called usbwifi(9) and makes conversion of usb drivers a lot easier than other wifi drivers. See the conversion instructions for more details. usbwifi(9) is both quite similar but also quite different to usbnet(9), mostly for two reasons: it interfaces to a totally different stack, and many usb wlan chipsets are more complex than ethernet chipsets (e.g. have support for multiple send queues with different priorities). Developing usbwifi did cost quit some time (initially unplanned), but is expected to amortize over the next few drivers and quickly end up as a net win.
• I have been hitting a bug in the urtwn(4) driver used for inial usbwifi(9) development and still not found it (as of today). It seems to hit randomly and not be caused by the usbwifi(9) conversion - a fact that I found out only recently. So for now I will put this driver aside (after spending *way* too much time on it) and instead work on other usb drivers, returning to the bug every now and then and see if I can spot it. Maybe I can borrow a USB analyzer and get more insight that way.

The current state of driver conversion and what drivers are still open are listed in the wifi driver conversion matrix.

Next steps ahead are:

• make another pass over documentation and improve things / fixup for recent changes (done before this blog post got published)
• sync the branch with HEAD and keep tracking it more closely
• convert run(4) to usbwifi
• revisit rtwn(4) and decide if/how it should be merged with urtwn(4)
• revisit iwm(4) and make it work fully
• convert all other drivers, starting with the ones I have hardware for

Currently it is not clear if this branch can be merged to HEAD before branching for netbsd-10. We will not delay the netbsd-10 branch for this.

Netatalk3 is a file server for exporting storage to Macs. Samba has long been considered its replacement, but to this day Netatalk still handles file labels and other Mac-specific metadata more reliably and with greater performance. One day I’ll properly try replicating this in Samba.

I installed it in a new FreeBSD jail:

# pkg install net/netatalk3

Then configured it largely the same as I did on FreeBSD in 2014, and on NetBSD last year. Only this time, all the Macs in the house refused to talk to it.

I tail’d /var/log/daemon.log in the jail and was inundated with afpd(8) spam:

netatalk[34758]: Restarting 'afpd' (restarts: 7)
afpd[42393]: dsi_tcp_init(*): getaddrinfo: Name does not resolve
afpd[42393]: No suitable network config for TCP socket
afpd[42393]: no suitable network address found, use "afp listen" or "afp interfaces"
afpd[42393]: main: no servers configured

I followed the error’s advice and added the IP address of the jail to the [Global] section of my /usr/local/etc/afp.conf file:

afp listen = <IP Address>

It worked, and I was able to log in, as shown in the logs:

afpd[88524]: Netatalk AFP/TCP listening on <IP Address>:548

I don’t recall ever having to add a specific interface or IP address to an afp.conf file before on a FreeBSD or NetBSD host. My hunch is it has something to do with the jail environment, and dsi_tcp_init not being able to autodetect or initialise the jail’s virtual network interface. Please correct me if you have more details!

By Ruben Schade in Sydney, 2021-08-08.

This is what I’d call a thinking out loud about personal circumstances post, rather than anything prescriptive or useful for discerning computators general. You’ve been warned!

Clara and I are running low on drive space on our OpenZFS file server, once again. We have a running joke that driveageddon seems to rear its fragmented head every August. Maybe it’s a self-fulfilling prophecy, though it’s files doing all the filling on these implausibly-fast spinning platters of metal.

(Has someone made a discus anime?)

Our FreeBSD server is the centre of our world. It uses a combination of NetBSD and Debian VMs running in Xen (to be replaced with bhyve at some point) and FreeBSD jails to serve and delegate anything we can offload from our personal and work machines. I have other boxes for tinkering and testing, but this one runs the latest -RELEASE with as unexotic a configuration as I can make it. Vim is saying unexotic isn’t a word. It’s probably right.

My attitude for at least the last six years (possibly longer) has been to buy a pair of the largest drives I can afford, and to cycle out the oldest pair. 2019 was the year I finally said goodbye to a pair of HGST 3 TB units that had performed flawlessly for almost a decade. They’re now in anti-static bags in a safe-deposit box, acting as a cold backup for our most critical family photos and documents.

There’s a thought there that I haven’t had to replace a hard drive due to outright failure in a long time, but I’d dare not mention that here lest I invoke the wrath of Murphys Law. Good thing I didn’t.

But here’s the thing. This time I’m not faced with the same space or chipset constraints, so I could add more drives instead of swapping. Last year I replaced our workhorse HPE Microserver with a refurbished Supermicro workstation board with 8× SATA and 2× NVMe (albeit one on a PCI-E daughterboard) and an old Antec 300 case with 8 LFF drive bays. I even considered getting an additional RAID controller, provided I could use it in JBOD mode for ZFS. That was an unconscionable number of abbreviations and acronyms, and I’m not even a network engineer.

You could argue the timing is great. Chia has driven up the cost of drives, meaning this year I won’t be getting as much of a capacity jump as I have in previous years. Granted going from 4 to 10 would be nice, but it’s still only 6 TB of effective extra space for many hundreds of dollars; not to mention that I insist on using ZFS mirrors for redundancy and ease of replacements/upgrades. Adding drives instead will give me all the extra capacity.

It all makes sense, but my main concerns are still noise and heat. Clara and I live in a one-bedroom apartment now, which is much nicer than sleeping in a studio while the computer in the other end of the room loudly seeks and scrubs its ZFS pools on a recurring basis. But we work from home now, and I have experience with specific WD drives in my bedroom growing up that I don’t want to inadvertently repeat. I’d likely tolerate it, but it’s not fair to Clara having something clicking and buzzing away within earshot all day.

We’ve lucked out thus far with our current HGST, WDs, and Seagates. The read/write heads on the SSDs are also so silent as to be practically non-existent (cough)! But I’ve read reviews of current larger drives of people complaining about noise; the WD Golds and Toshibas seem to frequently cause people ire.

This post was as open-ended as the bag of kettle chips I regret eating. Maybe I need to do some Acoustic Research.

By Ruben Schade in Sydney, 2021-08-03.

Anders Magnusson, writing on the Port-vax NetBSD mailing list:

Some time ago I ended up in an architectural discussion (risc vs cisc etc…) and started to think about vax. Even though the vax is considered the “ultimate cisc” I wondered if its cleanliness and nice instruction set still could be implemented efficient enough. Well, the only way to know would be to try to implement it I had an 15-year-old demo board with a small low-end FPGA (Xilinx XC3S400), so I just had to learn Verilog and try to implement something. And it just passed EVKAA.EXE:

Along with the development of a VAX implementation in an FPGA, discussions arose about possible 64-bit extensions:

For userspace; the vax architecture itself leave the door open for expanding the word size. The instructions are all defined to use only the part of a register it needs, so adding a bunch of ‘Q’ instructions are a no-brainer. Argument reference will work as before. The JMP/JSR/RET/… might need a Q counterpart, since it suddenly store/require 8 bytes instead of 4. Kernel; the hardware structures (SCB, PCB, …) must all be expanded. Memory management changed (but the existing leave much to wish for anyway). All this is probably a quite simple update to the architecture.

It’s nice to see people still putting work and effort into what is nearly a half-century old, and otherwise obsolete, instruction set.

This post was written by Piyush Sachdeva:

What really happens when you double click an icon on your desktop?

Support for chdir(2) in posix_spawn(3)

Processes are the bread and butter of your operating system. The moment you double click an icon, that particular program gets loaded in your Random Access Memory (RAM) and your operating system starts to run it. At this moment the program becomes a process. Though you can only see the execution of your process, the operating system (the Kernel) is always running a lot of processes in the background to facilitate you.

From the moment you hit that power button, everything that happens on the screen is the result of some or the other process. In this post we are going to talk about one such interface which helps in creation of your programs.

The fork() & exec() shenanigans

The moment a computer system comes alive, it launches a bunch of processes. For the purpose of this blog let’s call them, ‘the master processes’. These processes run in perpetuity, provided the computer is switched on. One such process is init/systemd/launchd (depending on your OS). This ‘init’ master process owns all the other processes in the computer, either directly or indirectly.

Operating systems are elegant, majestic software that work seamlessly under the hood. They do so much without even breaking a sweat (unless it’s Windows). Let's consider a scenario where you have decided to take a trip down memory lane and burst open those old photos. The ‘init master process’ just can’t terminate itself and let you look at your photos. What if you unknowingly open a malicious file, which corrupts all your data? So init doesn’t just exit, rather it employs fork() and exec() to start a new process. The fork() function is used to create child processes which are an exact copy of their parents. Whichever process calls fork, gets duplicated. The newly created process becomes the child of the original running process and the original running process is called the parent. Just how parents look after their kids, the parent process makes sure that the child process doesn't do any mischief. So now you have two exactly similar processes running in your computer.

One might think that the newly created child process doesn’t really help us. But actually, it does. Now exec() comes into the picture. What exec() does is, it replaces any process which calls it. So what if we replace the child process, the one we just thought to be useless, with our photos? That's exactly what we are going to do indeed. This will result in replacement of the fork() created child process with your photos. Therefore, the master init process is still running and you can also enjoy your photos with no threat to your data.

Now you could ask me, `But what about the title, some ‘posix_spawn()’ thing?´ Don’t worry, that’s next.

posix_spawn()

posix_spawn() is an alternative to the fork() + exec() routine. It implements fork() and exec(), but not directly (as that would make it slow, and we all need everything to be lightning fast). What actually happens is that posix_spawn() only implements the functionality of the fork() + exec() routines, but in one single call. However, because fork() + exec() is a combination of two different calls, there is a lot of room for customization. Whatever software you are running on your computer, calls these routines on its own and does the necessary. Meanwhile a lot is cooking in the background. Between the call to fork() and exec() there is plenty of leeway for tweaking different aspects of the exec-ing process. But posix_spawn doesn’t bear this flexibility and therefore has a lot of limitations. It does take a lot of parameters to give the caller some flexibility, but it is not enough.

Now the question before us is, “If fork() + exec() is so much more powerful, then why have, or use the posix_spawn() routine?” The answer to that is, that fork() and exec() are UNIX system routines. They are not present in operating systems that are not a derivative of UNIX. Eg- Windows implements a family of spawn functions.
There is another issue with fork() (not exec() ), which in reality is one of the biggest reasons behind the growth of posix_spawn(). The outline of the issue is that, creating child processes in multi-threaded programs is a whole another ball game altogether.

Concurrency is one of those disciplines in operating systems where the order in which the cards are going to unravel is not always how you expect them to. Multi-threading in a program is a way to do different and independent tasks of a program simultaneously, to save time. No matter how jazzy or intelligent the above statement looks, multi-threaded programs require an eagle’s eye as they can often have a lot of holes. Though the “tasks” are different and independent, they often share a few common attributes. When these different tasks due to concurrency start running in parallel, a data race begins to access those shared attributes. To not wreak havoc, there are mechanisms through which, when modifying/accessing these common attributes (Critical Section) we can provide a sort of mutual exclusion (locks/conditional variables) - only letting one of the processes modify the shared attribute at a time. Here when things are already so intricate due to multithreading, and to top it off, we start creating child processes. Complications are bound to arise. When one of the threads from the multi-threaded program calls fork() to create a child process, fork() does clone everything (variables, their states, functions, etc) but it fails to clone other threads (though this is not required at all times).

The child process now knows only about that one thread which called fork(). But all the other attributes of the child that were inherited from the parent (locks, mutexes) are set from the parent’s address space (considering multiple threads). So there is no way for the child process to know which attributes conform to which parts of the parent. Also, those mechanisms that we used to provide mutual exclusion, like locks and conditional variables, need to be reset. This reset step is essential in letting the parent access it’s attributes. Failing this reset can cause deadlocks. To put it simply, you can see how difficult things have become all of a sudden. The posix_spawn() call is free from these limitations of fork() encountered in multi-threaded programs. However, as mentioned by me earlier, there needs to be enough rope to meet all the requirements before posix_spawn() does the implicit exec().

About my Project

Hi, I am Piyush Sachdeva and I am going to start a project which will focus on relaxing one limitation of posix_spawn - changing the current directory of the child process, before the said call to exec() is made. This is not going to restrict it to the parent’s current working directory. Just passing the new directory as one of the parameters will do the trick. Resolving all the impediments would definitely be marvelous. Alas! That is not possible. Every attempt to resolve even a single hindrance can create plenty of new challenges.

As already mentioned by me, posix_spawn() is a POSIX standard. Hence the effect of my project will probably be reflected in the next POSIX release. I came across this project through Google Summer of Code 2021. It was being offered by The NetBSD Foundation Inc. However, as the slots for Google Summer of Code were numbered, my project didn’t make the selection. Nevertheless, the Core Team at The NetBSD Foundation offered me to work on the project and even extended a handsome stipend. I will forever be grateful to The NetBSD Foundation for this opportunity.

Notes

• init, systemd & launchd are system daemon processes. init is the historical process present since System III UNIX. systemd was the replacement for the authentic init which was written for the Linux kernel. launchd is the MacOS alternative of init/systemd.
• This is taken from Operating Systems: The Three Easy Pieces book by Andrea C. Arpaci-Dusseau and Remzi H. Arpaci-Dusseau.
• UNIX is the original AT&T UNIX operating system developed at the Bell Labs research center, headed by Ken Thompson and Dennis Ritchie.

References

1. Operating Systems: Three Easy Pieces by Andrea C. Arpaci-Dusseau and Remzi H. Arpaci-Dusseau.
2. Advanced Programming in the UNIX Environment by W. Richard Stevens and Stephen A. Rago.
3. UNIX and Linux System Administration Handbook by Evi Nemeth, Garth Synder, Trent R. Hein, Ben Whaley and Dan Mackin.

I've been wanting to learn more about compilers and toolchains in general for a while now. In June 2016, I asked about recommended readings on lexers and parsers on Twitter. However, I have to confess that I didn't go forward with reading the Dragon Book.

Instead, I got involved as a developer in the OpenBSD and NetBSD projects, and witnessing the evolution of toolchains within those systems played a big role in maintaining my interest and fascination in the topic. In retrospect, it now becomes apparent that the work I did on porting and packaging software for those systems really helped to put in perspective how the different parts of the toolchains interact together to produce binaries.

Approximately one year ago, I asked again on Twitter whether I knew anyone having worked on compilers and toolchains professionally to get real world advice on how to gain expertise in the field. I got several interesting answers and started to collect and read more resources on the topic. Some of the links I collected ended up on toolchains.net, a collection of toolchain resources which I put online in February.

But the answer that resonate the most with me was Howard's advice to learn by doing. Because I seem to be the kind of person who need to see some concrete results in order to keep motivated, that's exactly what I decided to do.

I started by doing some cleanups in the binutils package in NetBSD's pkgsrc, which resulted in a series of commits:

• 2020-12-20 - ca38479 - Remove now unneeded OpenBSD specific checks in gold
• 2020-12-15 - 7263eee - Add missing TEST_DEPENDS on devel/dejagnu
• 2020-12-14 - b1637da - Don't use hard-coded -ldl in the gold test suite.
• 2020-12-13 - 146def2 - Remove apparently unneeded patch for libiberty
• 2020-12-12 - 6b347a9 - Remove CFLAGS.OpenBSD+= -Wno-bounded directive
• 2020-12-11 - f53b2d8 - Remove now unneeded patch dropping hidden symbols warning
• 2020-12-10 - b037380 - Enable building gold on Linux
• 2020-12-03 - 75d00bc - Remove now unneeded workaround for binutils 2.24
• 2020-12-03 - adfee30 - Drop all Bitrig related patches

Meanwhile, I also got the opportunity to update our package and apply security fixes:

• 2021-02-11 - 761e000 - Update to binutils 2.36.1
• 2021-01-27 - ba983e5 - Update to binutils 2.36
• 2021-01-07 - 7aef5c0 - Add upstream fixes for CVE-2020-35448
• 2020-12-06 - 99fdf39 - Update to binutils 2.35.1

I eventually took maintainership of binutils in Pkgsrc.

Building it repeatedly with different compilers exposed different warnings, and I've also run builds through Clang's static analyzer.

All of this resulted in the opportunity to contribute to binutils itself:

• 2021-04-14 - 5f47741 - Remove unneeded tests for definitions of NT_NETBSDCORE values
• 2021-04-12 - 0fa29e2 - Remove now unneeded #ifdef check for NT_NETBSD_PAX
• 2021-03-12 - be3b926 - Add values for NetBSD .note.netbsd.ident notes (PaX)
• 2021-01-26 - e37709f - Fix a double free in objcopy's memory freeing code

Most recently, I also wrote a couple of blog posts on the topic:

• The state of toolchains in NetBSD
• Speedbuilding LLVM/Clang in 5 minutes
• Speedbuilding LLVM/Clang in 2 minutes on ARM
• The state of toolchains in OpenBSD
• Playing with DJGPP and GCC 10 on DOS

And the journey continues. I'm following a different path from traditional compiler courses starting with lexers and parsers, and doing the opposite curriculum somehow, starting from binaries instead. I will be focusing on the final stages of the pipeline for now: compiling assembly to machine code and producing binaries.

My next steps are to read the full ELF specification, followed by the Linkers and Loader book, and then refresh my ASM skills. My favorite course at university was the computer architecture one and especially its MIPS assembly part, so I'm looking to revisit the subject but with ARM64 assembly this time.

I’ve been a NetBSD developer for three years and it’s been my primary operating system for a long time too – on everything: routers, laptops, Raspberry Pis, PowerPC mac minis, Vortex86 embedded boards, and servers.

I’ve recently been using FreeBSD a lot at work. We have a lot of servers and embedded boards running it, and I was given the option of installing anything I wanted on my workstation. I chose FreeBSD to maintain a separation of BSDs between my work and home life

I thought I’d write a little bit about some differences that stand out to me. Since everyone that knows me well knows that typical use cases like web hosting aren’t really my jam, and I’m more of an embedded, audio, and graphics person, maybe I can offer a more uncommon perspective.

It’s always nice to read perspectives like this.

I'm not exactly sure how I first heard about the Vortex86 CPUs, I think it was either when seeing the demonstration video on KolibriOS project site showcasing the system running on a DMP EBOX machine, or when skimming NetBSD's identcpu.c code. Or did the discovery of the machine prompted me to check if the CPU would be correctly probed by the NetBSD's kernel?

For those interested, Wikipedia has an article retracing the history of the Vortex86 from its birth at Rise to our days.

Several DMP EBOX machines are available for sale at various specialized vendors, but new devices cost several hundreds of dollars which is prohibitive for such low spec systems. However, I was recently able to acquire a boxed older model on a local auction site for about $25: the EBOX 3300A-H, with a 1GHz CPU and 256MB of RAM, no less.

As I already mentioned, those machines are quite slow but they still do have a few things going for them:

• They are totally fanless, and the metal case finish is quite nice
• They are very low-power x86 embedded devices, and still being produced

I used a power meter to do measurements, and an idle system consumes 5.3W. Power consumption peaked at 6.4W when running the OpenSSL speed benchmark.

There is space for a 2.5" hard drive in the enclosure, but I don't have any IDE drives anymore so I opted to use old CompactFlash cards I had laying around. As a side note, it's actually exquisite to use those cards like glorified floppies :-)

For this post, I used a 1GB CompactFlash card and selected a minimal installation in sysinst.

The installed system takes 212M:

Filesystem         Size       Used      Avail %Cap Mounted on
/dev/wd0a          919M       212M       661M  24% /
kernfs             1.0K       1.0K         0B 100% /kern
ptyfs              1.0K       1.0K         0B 100% /dev/pts
procfs             4.0K       4.0K         0B 100% /proc
tmpfs               64M         0B        64M   0% /var/shm

On a freshly booted system, 15 processes are running and 26M of RAM are used:

load averages:  0.01,  0.00,  0.00;               up 0+00:48:26        14:48:28
16 processes: 15 sleeping, 1 on CPU
CPU states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Memory: 26M Act, 6460K Exec, 12M File, 195M Free
Swap: 

  PID USERNAME PRI NICE   SIZE   RES STATE      TIME   WCPU    CPU COMMAND
    0 root      96    0     0K   26M usbevt     0:01  0.00%  0.00% [system]
  795 root      43    0  6160K 1628K CPU        0:00  0.00%  0.00% top
  555 root      85    0    12M 3472K wait       0:00  0.00%  0.00% login
  630 postfix   85    0    13M 3220K kqueue     0:00  0.00%  0.00% qmgr
  599 postfix   85    0    12M 3172K kqueue     0:00  0.00%  0.00% pickup
  575 root      85    0    13M 2304K kqueue     0:00  0.00%  0.00% master
  196 root      85    0  9780K 1960K kqueue     0:00  0.00%  0.00% syslogd
  583 root      85    0  6788K 1824K wait       0:00  0.00%  0.00% sh
  710 root      85    0  6276K 1448K nanoslp    0:00  0.00%  0.00% cron
  733 root      85    0  6108K 1396K ttyraw     0:00  0.00%  0.00% getty
  730 root      85    0  5720K 1392K ttyraw     0:00  0.00%  0.00% getty
  633 root      85    0  6104K 1388K ttyraw     0:00  0.00%  0.00% getty
  211 root      85    0  7316K 1360K kqueue     0:00  0.00%  0.00% dhcpcd
    1 root      85    0  6600K 1340K wait       0:00  0.00%  0.00% init
  689 root      85    0  5700K 1184K kqueue     0:00  0.00%  0.00% inetd
  402 root      84    0  5920K 1140K kqueue     0:00  0.00%  0.00% powerd

Here is the result of running cat /proc/cpuinfo on this device:

processor	: 0
vendor_id	: Vortex86 SoC
cpu family	: 5
model		: 2
model name	: Vortex86DX
stepping	: 2
cpu MHz		: 1000.05
apicid		: 0
initial apicid	: 0
fdiv_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 1
wp		: yes
flags		: fpu tsc cx8 
clflush size	: 0

For the record, OpenSSL speed benchmark results are available here.

System message buffer (dmesg output):

[     1.000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[     1.000000]     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[     1.000000]     2018, 2019, 2020 The NetBSD Foundation, Inc.  All rights reserved.
[     1.000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[     1.000000]     The Regents of the University of California.  All rights reserved.

[     1.000000] NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021
[     1.000000] 	[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
[     1.000000] total memory = 255 MB
[     1.000000] avail memory = 231 MB
[     1.000000] rnd: seeded with 66 bits
[     1.000000] timecounter: Timecounters tick every 10.000 msec
[     1.000000] Kernelized RAIDframe activated
[     1.000000] running cgd selftest aes-xts-256 aes-xts-512 done
[     1.000000] timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100
[     1.000003] Generic PC
[     1.000003] mainbus0 (root)
[     1.000003] Firmware Error (ACPI): A valid RSDP was not found (20190405/tbxfroot-261)
[     1.000003] autoconfiguration error: acpi_probe: failed to initialize tables
[     1.000003] ACPI Error: Could not remove SCI handler (20190405/evmisc-312)
[     1.000003] cpu0 at mainbus0
[     1.000003] cpu0: Vortex86DX, id 0x522
[     1.000003] cpu0: package 0, core 0, smt 0
[     1.000003] pci0 at mainbus0 bus 0: configuration mode 1
[     1.000003] pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
[     1.000003] pchb0 at pci0 dev 0 function 0: vendor 17f3 product 6021 (rev. 0x02)
[     1.000003] vga0 at pci0 dev 3 function 0: vendor 18ca product 0020 (rev. 0x00)
[     1.000003] wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation)
[     1.000003] wsmux1: connecting to wsdisplay0
[     1.000003] drm at vga0 not configured
[     1.000003] rdcpcib0 at pci0 dev 7 function 0: vendor 17f3 product 6031 (rev. 0x02)
[     1.000003] rdcpcib0: watchdog timer configured.
[     1.000003] vte0 at pci0 dev 8 function 0: vendor 17f3 product 6040 (rev. 0x00)
[     1.000003] vte0: Ethernet address 00:1b:eb:22:16:5c
[     1.000003] vte0: interrupting at irq 10
[     1.000003] rdcphy0 at vte0 phy 1: R6040 10/100 media interface, rev. 1
[     1.000003] rdcphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
[     1.000003] ohci0 at pci0 dev 10 function 0: vendor 17f3 product 6060 (rev. 0x12)
[     1.000003] ohci0: interrupting at irq 11
[     1.000003] ohci0: OHCI version 1.0, legacy support
[     1.000003] usb0 at ohci0: USB revision 1.0
[     1.000003] ehci0 at pci0 dev 10 function 1: vendor 17f3 product 6061 (rev. 0x03)
[     1.000003] ehci0: interrupting at irq 11
[     1.000003] ehci0: BIOS has given up ownership
[     1.000003] ehci0: EHCI version 1.0
[     1.000003] ehci0: 1 companion controller, 2 ports: ohci0
[     1.000003] usb1 at ehci0: USB revision 2.0
[     1.000003] ohci1 at pci0 dev 11 function 0: vendor 17f3 product 6060 (rev. 0x12)
[     1.000003] ohci1: interrupting at irq 11
[     1.000003] ohci1: OHCI version 1.0, legacy support
[     1.000003] usb2 at ohci1: USB revision 1.0
[     1.000003] ehci1 at pci0 dev 11 function 1: vendor 17f3 product 6061 (rev. 0x03)
[     1.000003] ehci1: interrupting at irq 11
[     1.000003] ehci1: BIOS has given up ownership
[     1.000003] ehci1: EHCI version 1.0
[     1.000003] ehci1: 1 companion controller, 2 ports: ohci1
[     1.000003] usb3 at ehci1: USB revision 2.0
[     1.000003] rdcide0 at pci0 dev 12 function 0: RDC R1011 IDE controller (rev. 0x01)
[     1.000003] rdcide0: bus-master DMA support present
[     1.000003] rdcide0: primary channel configured to compatibility mode
[     1.000003] rdcide0: primary channel interrupting at irq 14
[     1.000003] atabus0 at rdcide0 channel 0
[     1.000003] rdcide0: secondary channel configured to compatibility mode
[     1.000003] rdcide0: secondary channel interrupting at irq 15
[     1.000003] atabus1 at rdcide0 channel 1
[     1.000003] isa0 at rdcpcib0
[     1.000003] pckbc0 at isa0 port 0x60-0x64
[     1.000003] attimer0 at isa0 port 0x40-0x43
[     1.000003] pcppi0 at isa0 port 0x61
[     1.000003] midi0 at pcppi0: PC speaker
[     1.000003] sysbeep0 at pcppi0
[     1.000003] isapnp0 at isa0 port 0x279
[     1.000003] attimer0: attached to pcppi0
[     1.000003] isapnp0: no ISA Plug 'n Play devices found
[     1.000003] timecounter: Timecounter "clockinterrupt" frequency 100 Hz quality 0
[     1.064509] uhub0 at usb1: NetBSD (0000) EHCI root hub (0000), class 9/0, rev 2.00/1.00, addr 1
[     1.064509] uhub0: 2 ports with 2 removable, self powered
[     1.064509] uhub1 at usb2: NetBSD (0000) OHCI root hub (0000), class 9/0, rev 1.00/1.00, addr 1
[     1.064509] uhub1: 2 ports with 2 removable, self powered
[     1.064509] uhub2 at usb3: NetBSD (0000) EHCI root hub (0000), class 9/0, rev 2.00/1.00, addr 1
[     1.064509] uhub2: 2 ports with 2 removable, self powered
[     1.064509] uhub3 at usb0: NetBSD (0000) OHCI root hub (0000), class 9/0, rev 1.00/1.00, addr 1
[     1.064509] uhub3: 2 ports with 2 removable, self powered
[     1.064509] IPsec: Initialized Security Association Processing.
[     3.914550] uaudio0 at uhub3 port 2 configuration 1 interface 0
[     3.914550] uaudio0: vendor 0d8c (0xd8c) C-Media USB Audio Device (0x08), rev 1.10/1.00, addr 2
[     3.934546] uaudio0: audio rev 1.00
[     3.934546] audio0 at uaudio0: playback, capture, full duplex, independent
[     3.934546] audio0: slinear_le:16 2ch 48000Hz, blk 11520 bytes (60ms) for playback
[     3.934546] audio0: slinear_le:16 1ch 48000Hz, blk 6000 bytes (62.5ms) for recording
[     3.934546] uhidev0 at uhub3 port 2 configuration 1 interface 3
[     3.934546] uhidev0: vendor 0d8c (0xd8c) C-Media USB Audio Device (0x08), rev 1.10/1.00, addr 2, iclass 3/0
[     3.944550] uhid0 at uhidev0: input=4, output=4, feature=0
[     4.054550] wd0 at atabus1 drive 0
[     4.054550] wd0: <Hitachi XX.V.3.5.0.0>
[     4.054550] wd0: drive supports 1-sector PIO transfers, LBA addressing
[     4.054550] wd0: 977 MB, 1987 cyl, 16 head, 63 sec, 512 bytes/sect x 2002896 sectors
[     4.064551] wd0: 32-bit data port
[     4.064551] wd0: drive supports PIO mode 4
[     4.064551] wd0(rdcide0:1:0): using PIO mode 4
[     4.084559] WARNING: 1 error while detecting hardware; check system log.
[     4.084559] boot device: wd0
[     4.084559] root on wd0a dumps on wd0b
[     4.094550] root file system type: ffs
[     4.094550] kern.module.path=/stand/i386/9.2/modules
[    20.764808] wsdisplay0: screen 1 added (80x25, vt100 emulation)
[    20.784809] wsdisplay0: screen 2 added (80x25, vt100 emulation)
[    20.794810] wsdisplay0: screen 3 added (80x25, vt100 emulation)
[    20.804812] wsdisplay0: screen 4 added (80x25, vt100 emulation)

Hi everyone,

Due to the unfortunate situation regarding changes in administration on freenode.net, and the resulting chaos, we have decided to move the public NetBSD IRC chat channels from freenode to irc.libera.chat.

This includes:

• #NetBSD - general discussion
• #netbsd-code - development discussion
• #pkgsrc - pkgsrc (primarily development) discussion

You can find information on connecting to Libera at https://libera.chat/

For the last few weeks, I’ve been doing lots of testing of NetBSD‘s build.sh cross-build system on lots of different platforms. Linux is readily available on AWS, as is FreeBSD. You will find NetBSD and OpenBSD in some AWS locations. It’s more difficult to get the BSDs onto AWS because the standard upload tools detect the filesystems and if they are not on the list, the image is not allowed. The BSD FFS and variants are not on the list.

Fortunately there are other tools and other ways to build images. It’s a little protracted. You need to first build a VM, convert it to VMDK, upload it to S3, create a snapshot and then convert it to an AMI.

This set of scripts (by Antoine Jacoutot) does the hard work for you and works for OpenBSD 6.5 up to 6.8. Last night, I created my own fork here which also works for 6.9. Essentially the difference is that the OpenBSD install kernel is compressed and the script now decompresses it and recompresses it where needed.

So as a result on AWS eu-west-2 (London), there are are AMIs for OpenBSD 6.5 through to 6.9. Just search for OpenBSD when you want to launch an image.

There are NetBSD images out there but I’m hoping to get around to producing some too.

I am trying to assemble a simple Hello World program with the GNU assembler (as) on a Raspberry Pi 3 B+ running NetBSD 9.1
What flags do I need to add to as or ld to make them assemble the code correctly for the architecture I am using?

$ as -o hllwrld.o hllwrld.s
$ ld -o hllwrld hllwrld.o
$ ./hllwrld
-sh: Cannot execute ELF binary ./hllwrld

$ uname -a
NetBSD rpi 9.1 NetBSD 9.1 (RPI) #0: Sun Oct 18 19:24:30 UTC 2020  [email protected]:/usr/src/sys/arch/evbarm/compile/RPI evbarm

Is this aarch64 or arm64?

I know there are man pages but I am just learning assembly so I have no idea what configurations/flags/arguments I even need to be looking for.

Thanks for any help.

The NetBSD Project is pleased to announce NetBSD 9.2, the second update of the NetBSD 9 release branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.1 in October 2020, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0.

I’m not even remotely well-versed enough in NetBSD to make heads or tails of the changelog, but it seems like there’s quite a few notable ones in there.

The NetBSD Project is pleased to announce NetBSD 9.2 "Nakatomi Socrates", the second update of the NetBSD 9 release branch.

As well as the usual bug, stability, and security fixes, this release includes: support for exporting ZFS filesystems over NFS, various updates to the bozotic HTTP daemon, improvements to ARM 32-bit and Linux compatibility, fread() performance improvements, support for the TP-Link TL-WN821N V6 wireless adapter, support for the Allwinner H5 cryptographic accelerator, Pinebook Pro display brightness fixes, new defaults for kern.maxfiles, and accessibility improvements for the default window manager configuration.

Release notes and download links for NetBSD 9.2

aiomixer is an application that I've been maintaining outside of NetBSD for a few years. It was available as a package, and was a "graphical" (curses, terminal-based) mixer for NetBSD's audio API, inspired by programs like alsamixer. For some time I've thought that it should be integrated into the NetBSD base system - it's small and simple, very useful, and many developers and users had it installed (some told me that they would install it on all of their machines that needed audio output). For my particular use case, as well as my NetBSD laptop, I have some small NetBSD machines around the house plugged into speakers that I play music from. Sometimes I like to SSH into them to adjust the playback volume, and it's often easier to do visually than with mixerctl(1).

However, there was one problem: when I first wrote aiomixer 2 years ago, I was intimidated by the curses API, so opted to use the Curses Development Kit instead. This turned out to be a mistake, as not only was CDK inflexible for an application like aiomixer, it introduced a hard dependency on ncurses.

X/Open Curses and ncurses

Many people think ncurses is the canonical way to develop terminal-based applications for Unix, but it's actually an implementation of the X/Open Curses specification. There's a few other Curses implementations:

• NetBSD libcurses
• Solaris libcurses
• PDCurses, used on Windows

NetBSD curses is descended from the original BSD curses, but contains many useful extensions from ncurses as well. We use it all over the base system, and for most packages in pkgsrc. It's also been ported to other operating systems, including Linux. As far as I'm aware, NetBSD is one of the last operating systems left that doesn't primarily depend on ncurses.

There's one crucial incompatibility, however: ncurses exposes its internal data structures, NetBSD libcurses keeps them opaque. Since CDK development is very tied to ncurses development (they have the same maintainer), CDK peeks into those structures, and can't be used with NetBSD libcurses. There are also a few places where ncurses breaks with X/Open Curses, like this case I recently fixed in irssi.

Rewriting aiomixer

I was able to rewrite aiomixer in a few days using only my free time and NetBSD libcurses. It's now been imported to the base system. It was a good lesson in why Curses isn't actually that intimidating - while there are many functions, they're mostly variations on the same thing. Using Curses directly resulted in a much lighter and more usable application, and provided a much better fit for the types of widgets I needed.

Many people also provided testing, and I learned a lot about how different terminal attributes should be used in the process. NetBSD is probably one of the few communities where you'll get easy and direct feedback on how to not only make your software work well in a variety of terminal emulators, but also old school hardware terminals. During development, I was also able to find a strange bug in the curses library's window resizing function.

The API support was also improved, and the new version of aiomixer should work better with a wider variety of sound hardware drivers.

Other happenings

Since I'm done plugging my own work, I thought I might talk a bit about some other recent changes to CURRENT.

• Most ports of NetBSD now build with GCC 10, thanks to work by mrg. The new version of GCC introduced many new compiler warnings. By default, since NetBSD is compiled with a fixed toolchain version, we use -Werror. Many minor warnings and actual-bugs were uncovered and fixed with the new compiler.
• On the ARM front, support for the Allwiner V3S system-on-a-chip was introduced thanks to work by Rui-Xiang Guo. This is an older model Allwinner core, primarily used on small embedded devices. It's of likely interest to hardware hackers because it comes in an easily soldered package. A development board is available, the Lichee Pi Zero. Also in the Allwinner world, support for the H3 SoC (including the NanoPi R1) was added to the sun8icrypto(4) driver by bad.
• Support for RISC-V is progressing, including an UEFI bootloader for 64-bit systems, and an in-kernel disassembler. Some NetBSD developers have recently obtained Beagle-V development boards.
• On the SPARC64 front, support for sun4v is progressing thanks to work by palle. The sun4v architecture includes most newer SPARC servers that are based on the Logical Domains architecture - virtualization is implemented at the hardware/firmware level, and operating systems get an abstracted view of the underlying hardware. With other operating systems are discussing removing support for SPARC64, there's an interest among NetBSD developers in adding and maintaining support for this very interesting hardware from Oracle, Fujitsu, and Sun in an open source operating system, not just Oracle Solaris.
• A kernel-wide audit and rework of the auto-configuration APIs was completed by thorpej.
• Various new additions and fixes have been made to the networking stack's PPP over Ethernet support by yamaguchi.
• A new API was introduced by macallan that allows adding a -l option to the wsfontload(8) command, allowing easy viewing of the tty fonts currently loaded into the kernel.
• ... OK, I'm not done plugging my own work: I recently wrote new documentation on using NetBSD for virtualization, Power Management, and rewrote the NetBSD Guide's sections on Networking in Practice and Audio. I also recently added support for the Neo 2 keyboard layout to NetBSD's console system - Neo 2 is a Dvorak-like optimized layout for German and other languages based on multiple layers for alphabetical characters, navigation, and symbols.

I'm attempting to make a script which tracks how many times you execute a specific process. I want to detect when the process starts and then log it.

The psuedo-code would be something like this:

while (true) if (process started) then log(process)

Is there an easy way to do this (preferably in shell but C is also fine) on either Linux or NetBSD?