NetBSD Planet

What is below IP command to BSD replication?

ip -6 route add local 2a00:f10:500::/48 dev lo

This was my favourite addition to the release notes:

luna68k - make kernel messages green to match other ports and show off color support.

NetBSD is a professional operating system, but I also love a bit of whimsy. Same goes for OpenBSD’s songs and art for each release.

NetBSD have also long had an RSS feed available for their release announcements. I tend to read mailing lists for this sort of information, but I welcome anything to make these more accessible.

By Ruben Schade in Sydney, 2022-08-17.

The last link has some interesting applications to try.

• logcheck – egrep: trailing backslash (\).
• Meta-programming in Shell.  (via)
• MGR, a pre-X windowing system that I’ve never knowingly seen before.  (via)
• The odd return value of the original 4.2 BSD gethostbyname().
• NetBSD 9.3 released.
• FreeBSD 2022Q2 report.
• svnlite(1) removed from FreeBSD base.
• Ada development on FreeBSD 13.1.  (via)
• FreeBSD 13.0 EOL.
• Valuable News – 2022/08/08.
• /usr/games removed from the default $PATH.  (OpenBSD)
• What softwares do you recommend to a daily use BSD system?

For example I create a text file called "caffè". I can open it with Leafpad (GTK2) but FeatherPad (Qt5) tells me "The file does not exist". If I rename it to "caffe", it works.

Same with audio files in Strawberry.

This reminds me of https://www.unitedbsd.com/d/606-keyboard-dead-keys-dont-work-in-qt-applications

What am I missing this time?

(NetBSD current, LXQt)

I am using NetBSD 9.2 in a virtual machine. I wanted to use the sysupgrade utility to upgrade to 9.3. I followed the instructions here:

https://www.netbsd.org/docs/guide/en/chap-upgrading.html#using-sysupgrade

Everything went smoothly, no errors. On reboot, nothing seems to have changed, it still boots to a 9.2 system.

Is sysupgrade the preferred way to upgrade? What should I be on the lookout for when using sysupgrade?

This week’s BSD Now has a bunch of how-to-do-this links, as you might guess from the headline.

NetBSD 9.3 has made it into the wild.

Aside from many bug fixes, 9.3 includes backported improvements to suspend and resume support, various minor additions of new hardware to existing device drivers, compatibility with UDF file systems created on Windows 10, enhanced support for newer Intel Gigabit Ethernet chipsets, better support for new Intel and AMD Zen 3 chipsets, support for configuring connections to Wi-Fi networks using sysinst(8), support for wsfb-based X11 servers on the Commodore Amiga, and minor performance improvements for the Xen hypervisor.

A solid set of improvements for a point release.

The NetBSD Project is pleased to announce NetBSD 9.3, the third release from the NetBSD 9 stable branch.

It represents a selected subset of fixes deemed important for security or stability reasons since the release of NetBSD 9.2 in May 2021, as well some enhancements backported from the development branch. It is fully compatible with NetBSD 9.0. Users running 9.2 or an earlier release are strongly recommended to upgrade.

Aside from many bug fixes, 9.3 includes backported improvements to suspend and resume support, various minor additions of new hardware to existing device drivers, compatibility with UDF file systems created on Windows 10, enhanced support for newer Intel Gigabit Ethernet chipsets, better support for new Intel and AMD Zen 3 chipsets, support for configuring connections to Wi-Fi networks using sysinst(8), support for wsfb-based X11 servers on the Commodore Amiga, and minor performance improvements for the Xen hypervisor.

The general NetBSD community is very excited about NetBSD 10.0, but it was deemed necessary to make this bug fix release available while we wait for the resolution of some compatibility problems in NetBSD-current concerning FFS Access Control Lists preventing the netbsd-10 release.

Full release notes, including download links

Some useful tips hidden in there this week.

• How to use two gpus (intel and nvidia) attached to two monitors on FreeBSD.
• Freshly installed NetBSD booting on a 80386 DX40 with 8MB of RAM.  MB.
• OPNSense 22.7 released.  (via)
• Advocating for FreeBSD in 2022 and Beyond.
• Valuable News – 2022/08/01.
• Ten Things To Do After Installing FreeBSD.  The source link has a good comment about what’s wrong with sudo as currently used.  Also, I did not know about .hushlogin.
• Even more randomness.
• HardenedBSD July 2022 Status Report.
• depenguin.me, reminded of this FreeBSD-on-shared-host-install by this Hetzner news.
• A brief history of looking up host addresses in Unix.  Ugh, NIS.
• Run FreeBSD 13.1 for ARM64 in QEMU on Apple Silicon Mac with HVF Acceleration.  (via)
• Microsoft’s Xenix – Microsoft tries their hand at UNIX.

All of a sudden (read: without changing any parameters) my netbsd virtualmachine started acting oddly. The symptoms concern ssh tunneling.

From my laptop I launch:

$ ssh -L 7000:localhost:7000 [email protected] -N -v

Then, in another shell:

$ irssi -c localhost -p 7000

The ssh debug says:

debug1: Connection to port 7000 forwarding to localhost port 7000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 7000 for localhost port 7000, connect from 127.0.0.1 port 53954, nchannels 3

I tried also with localhost:80 to connect to the (remote) web server, with identical results.

The remote host runs NetBSD:

bash-4.2# uname -a
NetBSD host 5.1_STABLE NetBSD 5.1_STABLE (XEN3PAE_DOMU) #6: Fri Nov  4 16:56:31 MET 2011  [email protected]:/m/obj/m/src/sys/arch/i386/compile/XEN3PAE_DOMU i386

I am a bit lost. I tried running tcpdump on the remote host, and I spotted these 'bad chksum':

09:25:55.823849 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 67, bad cksum 0 (->3cb3)!) 127.0.0.1.54381 > 127.0.0.1.7000: P, cksum 0xfe37 (incorrect (-> 0xa801), 1622402406:1622402421(15) ack 1635127887 win 4096 <nop,nop,timestamp 5002727 5002603>

I tried restarting the ssh daemon to no avail. I haven't rebooted yet - perhaps somebody here can suggest other diagnostics. I think it might either be the virtual network card driver, or somebody rooted our ssh.

Ideas..?

No mini-theme this week.

• An assortment of timestamp formats found in our (Unix) logs.
• How efficient can cat(1) be?
• NetBSD can also run a Minecraft server.
• Related: rjc shows Minecraft running on OpenBSD too.
• Also: DragonFly too; I did it.
• Valuable News – 2022/07/18.
• Game of Trees 0.74 released.
• OpenBGPD 7.5 released.
• Using BSD make for your (small) project.  A mini-tutorial.  (via)
• NetBSD is using a fork of the tz database.  There’s a backstory.
• -current has moved to 7.2-beta.
• What is the most minimalistic BSD for desktop?

Anyone has tested amdgpu recently on NetBSD -CURRENT? This is the only hardware I need support to run 100% on my laptops (not tried trackpad, but I prefer mouse anyway).

Last try I uncomment the lines in kernel config fil and rebuild the kernel but Xserver failed to start. Any news on that?

Hi gang, I've been lucky enough to score myself a desktop PC that comes with an Intel i5-9400f cpu, ASRock Intel B365M-HDV MoBo and an MSI GT-710 Graphics Card.

I plan on booting NetBSD (Naturally) but I wondered about the graphics card and whether or not it'll be worth using it or not. I could be entirely missinformed but I heard that the Nouveau drivers only allow NVIDIA cards to run at their base clock speed which in many cases isn't very high. Some say that is is often better to use the MoBo's inbuild graphics instead.

I don't plan to do any graphics intensive stuff like gaming or video editing, however I do plan to buy myself a decent 1440p monitor at some stage and would like to have smooth playback of video streams etc. so I'm just seeing any advise from people who run NetBSD on a desktop system with NVIDIA cards.

Cheers

I wrote about how Clara and I run a Minecraft server on FreeBSD, and how it also works great on NetBSD. But this leads to an obvious corollary: does it run on OpenBSD?

Fortunately, rjc wrote an entire process. They even go through the process of setting up an rc.d file to start and stop. Awesome :).

By Ruben Schade in Sydney, 2022-07-20.

Last Monday I wrote this about our FreeBSD Minecraft server:

Clara and I run Minecraft on our home FreeBSD server in a jail, which keeps Java and other dependencies contained in one isolated place. Theoretically you can run the server anywhere that supports Java, including Linux and possibly even NetBSD, though I haven’t tested the latter.

Well, I decided I couldn’t leave it at that! The good news is, yes, you can run a Minecraft server on my other favourite OS too. This post explores how I went about it, though I’m sure there are other ways.

Getting Java installed

Once you’ve installed NetBSD, configured networking, and enabled pkgin, you need to get an OpenJDK to run Minecraft.

Minecraft 1.17 onwards requires OpenJDK 17, but OpenJDK 16 is the latest in the most recent snapshot as of July 2022. You can search to confirm if this is still the case:

# pkgin search openjdk

If it’s still 16, you can pull current packages by opening your repo file:

# vi /usr/pkg/etc/pkgin/repositories.conf

And changing the repo URI, in my case from 9.0 to 9.0_current:

https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/$arch/9.0_current/All

Thank you so much to the [email protected] for working on this. He does so much great work for the NetBSD community, I feel like I owe him at least a coffee or a beer next time I’m able to go to Japan. 🙇

Now we can install, along with a few other useful tools:

# pkgin install -v openjdk17 fetch tmux

Running Minecraft

From here, running Minecraft is basically the same as any Java-enabled server. I put all my files in one place:

# mkdir -p /opt/minecraft
# chown $YOUR_LOCAL_USER /opt/minecraft

Then log in as my local user and start:

$ cd /opt/minecraft
$ fetch $SERVER_URL_FROM_ABOVE.jar

Now we can start!

$ openjdk17-java -jar minecraft.jar

You’ll notice Java will throw a system not supported exception, which those of us on NetBSD know all too well. From my testing, you can safely ignore it:

[ServerMain/WARN]: Failed retrieving info for group hardware
java.lang .UnsupportedOperationException: Operating system
	not supported: NetBSD
	at oshi.SystemInfo.createHardware(SystemInfo.java:163)

And don’t forget to accept the EULA after you run the server the first time:

$ sed -i '' 's/eula=false/eula=true/' ./eula.txt

Creating a launch script

I like to symlink the latest version of the server to minecraft.jar:

$ ln -s /opt/minecraft/minecraft_server.1.19.jar minecraft.jar

Then reference it in launch.sh with tmux to persist the server after disconnecting. I like to give Minecraft more memory too:

#!/bin/sh
tmux new -s minecraft \
	openjdk17-java -Xmx4096M -Xms4096m -jar minecraft.jar

Now we’re good to go!

$ chmod +x start.sh
$ ./start.sh

Follow-up

My next step would be creating a proper chroot environment for Java and Minecraft, similar to what I do with FreeBSD jails. I’ve had a proper NetBSD chroot exploration post in the works for years; I’ll tidy up and post it soon.

In the meantime, you can also install all the same extensions and third-party servers I referenced in my FreeBSD Minecraft post last week.

I’m chuffed this works! 🧡

By Ruben Schade in Sydney, 2022-07-17.

I have Realtek chip based USB wireless dongle, that frequently times out, resulting in a loss of wifi.

$ doas usbdevs -vv

Controller /dev/usb1:
addr 0: high speed, self powered, config 1, xHCI root hub(0x0000), NetBSD(0x0000), rev 1.00(0x0100)
  Hub(0x09), Hub(0x00), proto 1
 port 1 addr 2: high speed, self powered, config 1, USB2742(0x2742), Microchip Tech(0x0424), rev 92.00(0x9200)
   Hub(0x09), Hub(0x00), proto 2
  port 1 addr 5: low speed, power 100 mA, config 1, USB Optical Mouse(0xc077), Logitech(0x046d), rev 72.00(0x7200)
  port 2 powered
 port 2 addr 4: high speed, self powered, config 1, 802.11n NIC(0x818b), Realtek(0x0bda), rev 2.00(0x0200), serial 00e04c000001
 port 3 disabled
 port 4 disabled
 port 5 addr 3: high speed, power 500 mA, config 1, Integrated_Webcam_HD(0x568b), CKFGH10N064100005952(0x0bda), rev 63.18(0x6318), serial 200901010001
   0xef(0xef), 0x02(0x02), proto 1

And my ifconfig:

$ doas ifconfig urtwn0
urtwn0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ssid TMOBILE-9232 nwkey 65536:"",0x67df089b51b5bd04418c12874672341a,"",""
	powersave off
	bssid c4:e5:32:d3:92:34 chan 4
	address: 8c:88:3b:38:07:d3
	media: IEEE802.11 autoselect (OFDM54 mode 11g)
	status: active
	inet6 fe80::2ca1:13a5:c07f:6354%urtwn0/64 flags 0 scopeid 0x2
	inet6 2607:fb90:8e93:7492:3a18:eb98:6431:c0b1/64 flags 0x40<AUTOCONF>
	inet6 2607:fb90:8e93:7492:1921:615:9009:9113/128 flags 0
	inet 192.168.12.105/24 broadcast 192.168.12.255 flags 0

I don't have an informative dmesg:

$ doas dmesg

[ 29176.118832] {drm:netbsd:intel_pipe_update_start+0x3b2} *ERROR* Potential atomic update failure on pipe A: -35
[ 29880.717014] urtwn0: device timeout
[ 29885.237001] urtwn0: device timeout
[ 29886.136999] urtwn0: device timeout
[ 29891.236989] urtwn0: device timeout
[ 29891.256986] urtwn0: device timeout
[ 29896.236978] urtwn0: device timeout
[ 29896.506972] urtwn0: device timeout
[ 29901.236961] urtwn0: device timeout
[ 29901.566960] urtwn0: device timeout

Any workaround for this bug?

Started with overflow from last week.

• Toolchains adventures – Q2 2022.
• Your next C compiler is a D compiler: Introducing DMD’s ImportC.
• Comparative BSD cheatsheet?
• From 0 to Bhyve on FreeBSD 13.1.
• /bin/true used to be an empty file.  (via)
• How we run a Minecraft server.
• Self-hosting a static site with OpenBSD, httpd, and relayd.
• Looking for a USB WiFi adapter that is compatible with FreeBSD, OpenBSD, and NetBSD.
• rpki-client 7.9 released.
• Porting OpenBSD pledge() to Linux. (via)
• How Unix didn’t used to support ‘#!’, a brief history.
• Valuable News – 2022/07/11.
• Desktop Environments Resource Usage Comparison.  It’s been a long time since E17.
• helloSystem version 14-experimental is tagged.

I was able to emulate a usb-mtp device in How to emulate usb-mtp device with virt-manager? but when I try to access the folder share/device with gphoto2 in debug mode it hangs and I get:

gp_port_set_error [gphoto2-port.c:1190](0): Could not query kernel driver of device

I don't know if this has to do with libvirt sandboxing or permissions issue on the shared directory. I get the same behavior and error when the shared directory and files within are owned by me or libvirt-qemu. The command line I'm using is (usb id changes each boot so command line changes to fit):

sudo env LANG=C gphoto2 --camera "QEMU Virtual MTP" --port usb:003,002 --list-files --debug --debug-logfile=mtplog2

Here is the full log output: https://pastebin.com/hA94Zm4N

GVFS and glib2 (provides gio) is uninstalled. I gathered that GVFS could interfere with mtp if it's in use at the same time and I uninstalled glib2 for good measure as I'm not sure if gio interferes too. sudo fstat didn't show either one, but I don't know what to look for since the usb-mtp device is ugen0 which is part of a hub which is then /dev/usb3 and all don't show up in fstat.

I'm searching for way to start my own project I wanna build a mobile os based on netbsd I will use netbsd ARM kernel to make my own SoC Os could you give a resources and tools to get started

I’m a decade late to Minecraft, but it’s now my favourite game ever. It’s the procedurally-generated, open-world block game that captures that sense of joy and enthusiasm I had with LEGO as a kid, and I get to play it with Clara.

I’ve been asked about how we run it every time I post on social media, so I’m finally addressing what I’ve learned here. There’s nothing especially exotic about our setup, but maybe you might find something useful.

But first, do you need a server?

Once you buy and launch Java Minecraft, you already have a local server available to use. If you start a world as Singleplayer on one machine, you can connect to it from another by typing the machine’s IP address in Multiplayer.

This is a great way to start, because no further configuration is required. You can also export the world onto a dedicated server if you want, and go back to it if you want to travel.

Running Minecraft on a separate server

Running a Minecraft server is useful because it remains active when you’re offline, can potentially perform better, and it’s easier to automatically backup. It takes a bit of sysadmin knowledge, but I think it’s well worth it.

Clara and I run Minecraft on our home FreeBSD server in a jail, which keeps Java and other dependencies contained in one isolated place. Theoretically you can run the server anywhere that supports Java, including Linux and possibly even NetBSD, though I haven’t tested the latter.

Once you’ve installed an OpenJDK or equivalent to run Java software, you download the official Minecraft server. I have a script to run it in a screen session so it persists after logging off. I also give it more RAM than the official guide suggests.

#!/bin/sh
screen java -X8192M -Xms8192M \
	-jar minecraft_server.1.19.jar nogui

Once that’s running, you can connect to your server’s IP address from your desktop Minecraft client.

Backing up

Because we run FreeBSD for the server, we use OpenZFS snapshots to regularly backup our world. Klara Inc has a great introduction on how they work. Thus far we haven’t had to, but if an update breaks things we can also use a rollback. We also send our world to a server sitting at my dad’s place for a remote copy.

Back. Up. Your. World. Make a tarball, rsyncing elsewhere, or even do a manual copy every week; anything is valuable.

Upgrading from the standard Minecraft server

Thesedays we run PaperMC instead. It’s a high-performance fork with frequent updates and plugin support. Most importantly for me, you can also take your world back to vanilla Minecraft if you want.

It’s a drop-in replacement, so you can download it and run using the same script as I had above, substituting the jar file for vanilla Minecraft with the paper version.

Note that once you start using third-party tools like this, official Minecraft updates might take a few more days to come through. Make note of the version on the download page, so you don’t get a mismatch between the official client and what your server is running.

Extras

The Minecraft universe has thousands of plugins and extensions, though I tend to prefer to keep things simple.

Until recently we ran the Multiverse 2 plugins, which let us import and build portals between multiple worlds on the same server. We have a peaceful primary world, and a world with mobs we go to when we need training or drops. As of 1.19 people are recommending a migration to MyWorlds. I haven’t done that yet, it’s probably worth a post itself. Worlds you import still reside in separate folders, so you can always pull them back out and run vanilla if you want.

Plugins and mods in servers are installed by downloading their jar file into the plugin folder of your Spigot, PaperMC, or similar install. More extensions are beginning to depend on the BKCommonLib library as well, so I’d have that installed.

Another very popular mod is WorldEdit, that lets you do things like generate structures and change biomes. We’ve used it to import buildings from other worlds into our primary one using schematics.

Client-side improvements

Installing Optifine (or a similar tool) is the best thing you can do on the client side to make Minecraft perform and look better. Once you have that, our favourite shaders are still the Complementary Shaders by EminGTR, and not just because we’re Takodachi.

There are plenty of third-party launchers as well, though I haven’t ever used them.

Supporting developers

This is the final step people usually overlook. If you like using those third-party tools, plugins, and shaders, support their work with a donation. Each one of their landing pages has a support button of some description. Even $5 would be $5 more than what almost anyone gives them.

It can be a thankless job maintaining such tooling, especially when a Minecraft update drops and comment fields are full of angry, entitled people insisting they “hurry up”. Money doesn’t just help them financially, it’s a clear signal that people value them and their work. Which we do, or we wouldn’t use their stuff!

By Ruben Schade in Sydney, 2022-07-11.

Today I learned you can install the most recent stable version of Perl in Perlbrew, and switch to it from one line:

$ perlbrew install --switch stable

Perl is still my favourite programming language, and Perlbrew is still my preferred method to install it (with pkgsrc coming a close second, depending on the environment). And not just because Perlbrew, like other Perl tools, uses the TLD for a country I wish to visit one day!

As an aside, if you’re in Sydney, Alchemy in Surry Hills has the best Polish food in Australia. The owner is also lovely.

By Ruben Schade in Sydney, 2022-07-10.

My continuous journey into toolchains, in the second quarter of 2022

This is the fifth post in my toolchains adventures series. Please check the previous posts in the toolchains category for more context about this journey.

In Pkgsrc land, I updated mold to the 1.2, 1.2.1, and 1.3 versions, and pax-utils to the 1.3.4 one. I also added a z3 option to our llvm and clang packages to allow building them against the Z3 theorem prover. When both lang/llvm and lang/clang are built with the z3 option enabled, the Z3 constraint solver is activated for the Clang static analyzer. This option is not enabled by default. I wrote a blog post showing how to use Z3 as an external solver and to do refutation to filter out false positives.

While I mention static analysis, I’ve been extremely impressed with the progress of the GCC’s static analysis framework. It was introduced in GCC 10, and a major rewrite occurred in GCC 11. It now generates significantly less false positives, and found some valid memory leaks on error paths in libansilove 1.30, which the Clang static analyzer didn’t catch.

Regarding the NetBSD base system, I started evaluating what it would take to upstream our local binutils patches. The version we have in NetBSD’s src repository is binutils 2.34 (released in February 2020), and diffing our tree with the release tarball results in a 4310 lines diff, touching 163 files with 1404 insertions and 186 deletions.

For each of these changes, we need to dig into version control history to find why they were needed in the first place, verify if they are still needed, and if so potentially rework them to meet upstream coding standards. This requires an understanding of the problem domain to be able to explain the rationale behind the changes while submitting patches and writing relevant commit messages.

While some of those patches are NetBSD specific, we still need to ensure we are not breaking other operating systems. Ultimately, vanilla binutils should be able to produce working binaries on NetBSD without requiring any local patches. Once this goal is reached, we need to ensure it keeps building, investigate test suite failures, and setup buildbots for continuous builds on key architectures.

On the LLVM side, I managed to do a couple of commits as well to add libclang_rt.profile{{.*}}.a tests for both OpenBSD and NetBSD in the Clang driver test suite.

Lastly, I also wrote a couple of blog posts about various topics:

• Assembly instructions distribution
• Differences between base and ports LLVM in OpenBSD
• Clang Static Analyzer and the Z3 constraint solver

That’s all for now, happy Summer 2022 everyone!

LLVM commits:

On a headless Ubuntu 22.04 machine, I'd like to start a headless installation of NetBSD 9.2 in VirtualBox.

I have a prepared virtual machine with a set of blank disk images attached, as well as with the bootable NetBSD installation CD attached to the CDROM drive.

My idea was to perform the installation over the serial port, using minicom, but I'm unable to get the installation to switch over to use the serial console.

I'm starting the machine with

VBoxManage startvm netbsd --type=headless

Then I try to get it to switch over the console to the serial port:

VBoxManage controlvm netbsd keyboardputfile boot.conf

... where boot.conf is a file containing a line of text saying consdev com0, which is what you would type on the NetBSD boot prompt to switch to the serial console.

I know NetBSD's serial console is set up to use 9600 8N1, which is what I have minicom configured to use, and I have set up the serial port on the virtual machine like so:

UART 1:                      I/O base: 0x03f8, IRQ: 4, attached to pipe (server) '/tmp/netbsd.pipe', 16550A

I start minicom using

minicom -D 'unix#/tmp/netbsd.pipe'

I successfully use the serial console on another virtual machine in an identical way, and I can see the status in minicom switch from "Offline" to "Online" as soon as the NetBSD machine turns on, but there is no output in minicom.

Can anyone see what the issue is and how I would go about fixing it? I know the alternative would be to PXE boot the machine, but I was hoping to be able to avoid doing that (as I don't netboot anything else at the moment).

macOS has its "osascript" with "display notification", Linux has its "notify-send". Both are the most native way to generate DE notifications. What is the most native way to generate desktop notification in BSD unixes?

Notes on using the Z3 constraint solver with the Clang Static Analyzer

As far as static analyzers are concerned, one of the most important point to consider is filtering out false positives as much as possible, in order for the reports to be actionable.

This is an area on which Coverity did an excellent job, and likely a major reason why they got so popular within the open source community, despite being a closed-source product.

LLVM has the LLVM_ENABLE_Z3_SOLVER build option, which allows building LLVM against the Z3 constraint solver.

It is documented as follow:

LLVM_ENABLE_Z3_SOLVER:BOOL
    If enabled, the Z3 constraint solver is activated for the Clang static analyzer.
    A recent version of the z3 library needs to be available on the system.

The option is enabled in the Debian 11 package (clang-tools-11), but not in Fedora 36 or Ubuntu 22.04 ones. I added a build option (not enabled by default) to the llvm and clang packages in Pkgsrc, and successfully built Z3 enabled packages on NetBSD.

For Pkgsrc users, add the following in mk.conf, and build lang/clang:

PKG_OPTIONS.llvm=	z3
PKG_OPTIONS.clang=	z3

There are two ways of using Z3 with the Clang Static Analyzer, and to demonstrate them, let’s reuse the small demo snippet from the SMT-Based Refutation of Spurious Bug Reports in the Clang Static Analyzer paper.

unsigned int func(unsigned int a) {
	unsigned int *z = 0;

	if ((a & 1) && ((a & 1) ^1))
		return *z; // unreachable

	return 0;
}

For each method, we can use Clang directly on a given translation unit or use scan-build.

The first way is using Z3 as an external constraint solver:

$ clang --analyze -Xanalyzer -analyzer-constraints=z3 main.c

$ scan-build -constraints z3 clang -c main.c
scan-build: Using '/usr/lib/llvm-11/bin/clang' for static analysis
scan-build: Analysis run complete.
scan-build: Removing directory '/tmp/scan-build-2022-06-21-171854-18215-1' because it contains no reports.
scan-build: No bugs found.

This is a lot slower than the default, and the commit which documented the feature mentions a ~15x slowdown over the built-in constraint solver.

The second way is using the default range based solver but having Z3 do refutation to filter out false positives, which is a lot faster:

$ clang --analyze -Xanalyzer -analyzer-config -Xanalyzer crosscheck-with-z3=true main.c

$ scan-build -analyzer-config crosscheck-with-z3=true clang -c main.c
scan-build: Using '/usr/lib/llvm-11/bin/clang' for static analysis
scan-build: Analysis run complete.
scan-build: Removing directory '/tmp/scan-build-2022-06-21-171924-18226-1' because it contains no reports.
scan-build: No bugs found.

Again, no bugs found. How boring.

We can verify what happens if we run the analyzer without involving Z3 at all:

$ clang --analyze main.c
main.c:5:9: warning: Dereference of null pointer (loaded from variable 'z') [core.NullDereference]
        return *z; // unreachable
               ^~
1 warning generated.

We get a false positive, because the default constraint solver cannot reason about bitwise operations (among other things), and report an unreachable NULL pointer dereference.

I have a RHEL 8.6 machine, and I'm setting up a samba file server using port 1445 so I can start the server as a non-root user. The server is working locally, as I can run smbclient -p 1445 //localhost/share to connect to it. I am also running a QEMU NetBSD 8.2 VM, and I'm attempting to connect to the samba share using the following:

mount_smbfs -I <machine IP> //[email protected]<machine IP>:1445 mount_dir/

However, I get a "connection refused" error when I try to access it.

If I remove smb ports = 1445 from the configuration file and start the Samba daemon as root, I can connect to it from NetBSD, but I'd like to be able to host a working Samba server as non-root.

I thought perhaps if I mapped port 139 on NetBSD to 1445 on RHEL with QEMU, that would solve things (using the -net user,hostfwd=tcp::1445-:139 to QEMU), but I haven't had any luck there.

I do notice that if I do an nmap localhost when starting the Samba server as non-root, port 1445 doesn't show up as being open.

What might be going on here?

The NetBSD Foundation has finalized the list of projects for this year’s Google Summer of Code. The contributors and projects are the following:

• Brian Schnepp - Raspberry Pi GPU Driver
• Arjun Bemarkar - inetd enhancements
• Piyush Sachdeva - Emulating missing linux syscalls
• Vihas Makwana - Introduce a new Wi-Fi driver
• Vivek Kumar Sah - Automating donor acknowledgement and information storage

The community bonding period has already started (from May 20) and it will last until June 12. During this time, the contributors are expected to coordinate with their mentors and community.

This will be immediately followed by the coding period from June 13 to September 4. After which, the contributors are expected to submit their final work, evaluate their mentors, and get evaluated by their mentors as well. Results will be announced on September 20.

For more information about the Google Summer of Code 2022 kindly refer to the official GSoC website.

We would like to express our gratitude to Google for organizing the yearly GSoC, and to The NetBSD Foundation mentors and administrators for their efforts and hardwork!

Let us welcome all the contributors to our growing NetBSD community!

All,

Recently, I've been trying to get the Solaris 8 versions of xterm and xauth working on NetBSD from an ssh client with X11 forwarding, but both binaries seem to generate segmentation violations immediately. I ran a ktrace on both programs to try to figure out what happened, and the last few lines of output for both programs look like this:

...
   571      1 xclock   compat_20_getfsstat(0xedefa018, 0xefffede4) Err#2 ENOENT
   571      1 xclock   compat_50_getrusage(0xedefa000, 0x1000) = 0
   571      1 xclock   #115 (obsolete vtrace)(0, 0x1000, 0x7, 0x80000102, 0xffffffff, 0) = -303063040
   571      1 xclock   compat_50_getrusage(0xedee4000, 0x1000) = 0
   571      1 xclock   break(0x25850)              = 0
   571      1 xclock   break(0x27850)              = 0
   571      1 xclock   break(0x27850)              = 0
   571      1 xclock   break(0x29850)              = 0
   571      1 xclock   break(0x29850)              = 0
   571      1 xclock   break(0x2b850)              = 0
   571      1 xclock   compat_43_otruncate(0x5, 0xeffff3a0) = 0
   571      1 xclock   shmdt(0x2, 0x2, 0)          = 3
   571      1 xclock   modctl(0x3, 0x6, 0x1, 0xeffff39c, 0x4) = 0
   571      1 xclock   modctl(0x3, 0xffff, 0x8, 0xeffff398, 0x4) = 0
   571      1 xclock   break(0x2b850)              = 0
   571      1 xclock   break(0x2d850)              = 0
   571      1 xclock   open("/emul/svr4/etc/netconfig", 0, 0x1b6) = 4
   571      1 xclock   #217 (unimplemented)(0x4, 0xefffebb0) = 0
   571      1 xclock   ioctl(0x4, _IO('T',0x1,0), 0xefffeb3c) Err#-4
   571      1 xclock   read(0x4, 0x2b9a4, 0x400)   = 1024
       "#pragma ident\t"@(#)netconfig\t1.16\t99/10/25 SMI"\n#\n# The "Network Configuration" File.\n#\n# Each entry is of the form:\n#\n#       <network_id> <semantics> <fl"
   571      1 xclock   SIGSEGV SIG_DFL

I noticed that the ioctl call is failing; could this be a reason for failure here?

I also ran ktrace on the NetBSD versions of xclock and xterm to see if there were any similarities, and the most similar samples of output I could find were the following:

...
   604      1 xclock   __stat50("/etc/nsswitch.conf", 0xefffeed8) = 0
   604      1 xclock   open("/etc/nsswitch.conf", 0x400000, 0x1b6) = 3
   604      1 xclock   __fstat50(0x3, 0xefffeb70)  = 0
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 621
       "#\t$NetBSD: nsswitch.conf,v 1.6 2009/10/25 00:17:06 tsarna Exp $\n#\n# nsswitch.conf(5) -\n#\tname service switch configuration file\n#\n\n\n# These are the default"
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 0
...
   604      1 xclock   open("/etc/hosts", 0x400000, 0x1b6) = 3
   604      1 xclock   __fstat50(0x3, 0xefffcc38)  = 0
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 831
       "#\t$NetBSD: hosts,v 1.9 2013/11/24 07:20:01 dholland Exp $\n#\n# Host name database.\n#\n# This file contains addresses and aliases for local hosts whose names\n# n"
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 0
       ""
   604      1 xclock   close(0x3)                  = 0

Because of this, I suspect the reason might lie in some of the Solaris 8 files that I copied over to the NetBSD virtual machine (e.g. /etc/netconfig), but I'm unsure. Could these files be the reason why none of the Solaris 8 X11 binaries function correctly on NetBSD?

I’ve got this rock64, which is an aarch64 board comparable to a Raspberry Pi 3 B+ with 4 gigs of ram. For years I’ve wanted to put a distribution on here that doesn’t have a premade image available, mainly because out of all the options on that page I don’t actually like any of them. Well, except NetBSD, but NetBSD doesn’t have GPU drivers for it. Problem is, everything I do want to use provides rootfs tarballs and tells you to figure it out. To do that I’ve got to get a Linux kernel, track down the device trees so it knows what hardware it has, and then wrangle u-boot into actually booting the whole thing. I figured that would be the hard part; little did I know the depths that Single Board Computer Hell would reach.

Unlike x86, ARM is far, far from a standardised platform. The end result of this is that unless you can find tailor-made images specific for your particular ARM board, you’re gonna have to do a lot of manual labour to install an operating system that should work.

Edit: This question has also been posted on SuperUser.

All,

Recently, I've been trying to get the Solaris 8 versions of xterm and xauth working on NetBSD from an ssh client with X11 forwarding, but both binaries seem to generate segmentation violations immediately. I ran a ktrace on both programs to try to figure out what happened, and the last few lines of output for both programs look like this:

...
   571      1 xclock   compat_20_getfsstat(0xedefa018, 0xefffede4) Err#2 ENOENT
   571      1 xclock   compat_50_getrusage(0xedefa000, 0x1000) = 0
   571      1 xclock   #115 (obsolete vtrace)(0, 0x1000, 0x7, 0x80000102, 0xffffffff, 0) = -303063040
   571      1 xclock   compat_50_getrusage(0xedee4000, 0x1000) = 0
   571      1 xclock   break(0x25850)              = 0
   571      1 xclock   break(0x27850)              = 0
   571      1 xclock   break(0x27850)              = 0
   571      1 xclock   break(0x29850)              = 0
   571      1 xclock   break(0x29850)              = 0
   571      1 xclock   break(0x2b850)              = 0
   571      1 xclock   compat_43_otruncate(0x5, 0xeffff3a0) = 0
   571      1 xclock   shmdt(0x2, 0x2, 0)          = 3
   571      1 xclock   modctl(0x3, 0x6, 0x1, 0xeffff39c, 0x4) = 0
   571      1 xclock   modctl(0x3, 0xffff, 0x8, 0xeffff398, 0x4) = 0
   571      1 xclock   break(0x2b850)              = 0
   571      1 xclock   break(0x2d850)              = 0
   571      1 xclock   open("/emul/svr4/etc/netconfig", 0, 0x1b6) = 4
   571      1 xclock   #217 (unimplemented)(0x4, 0xefffebb0) = 0
   571      1 xclock   ioctl(0x4, _IO('T',0x1,0), 0xefffeb3c) Err#-4
   571      1 xclock   read(0x4, 0x2b9a4, 0x400)   = 1024
       "#pragma ident\t"@(#)netconfig\t1.16\t99/10/25 SMI"\n#\n# The "Network Configuration" File.\n#\n# Each entry is of the form:\n#\n#       <network_id> <semantics> <fl"
   571      1 xclock   SIGSEGV SIG_DFL

I noticed that the ioctl call is failing; could this be a reason for failure here?

I also ran ktrace on the NetBSD versions of xclock and xterm to see if there were any similarities, and the most similar samples of output I could find were the following:

...
   604      1 xclock   __stat50("/etc/nsswitch.conf", 0xefffeed8) = 0
   604      1 xclock   open("/etc/nsswitch.conf", 0x400000, 0x1b6) = 3
   604      1 xclock   __fstat50(0x3, 0xefffeb70)  = 0
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 621
       "#\t$NetBSD: nsswitch.conf,v 1.6 2009/10/25 00:17:06 tsarna Exp $\n#\n# nsswitch.conf(5) -\n#\tname service switch configuration file\n#\n\n\n# These are the default"
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 0
...
   604      1 xclock   open("/etc/hosts", 0x400000, 0x1b6) = 3
   604      1 xclock   __fstat50(0x3, 0xefffcc38)  = 0
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 831
       "#\t$NetBSD: hosts,v 1.9 2013/11/24 07:20:01 dholland Exp $\n#\n# Host name database.\n#\n# This file contains addresses and aliases for local hosts whose names\n# n"
   604      1 xclock   read(0x3, 0xed61d000, 0x4000) = 0
       ""
   604      1 xclock   close(0x3)                  = 0

Because of this, I suspect the reason might lie in some of the Solaris 8 files that I copied over to the NetBSD virtual machine (e.g. /etc/netconfig), but I'm unsure. Could these files be the reason why none of the Solaris 8 X11 binaries function correctly on NetBSD?

I recently discovered that it’s surprisingly easy to customize the NetBSD boot loader banner, simply by adding some directives in the boot.cfg configuration file.

Here is the relevant part of the boot.cfg(5) manual page:

     banner   The text from banner lines is displayed instead of the standard
              welcome text by the boot loader.  Up to 12 lines can be defined.
              No special character sequences are recognised, so to specify a
              blank line, a banner line with no value should be given.

Back in 2014, I published some NetBSD ASCII logos to be used as motd or as /etc/issue, but they are higher than 12 lines so using them would either require raising the allowed lines limit (likely not a good idea), or resizing them. I then remembered I had requested some Amiga style logos for Linux and *BSD, which were released by h7 in Break’s second artpack in 2013.

So we can simply append this in /boot.cfg:

banner=         _______ ______       ___      _________  ____       __________
banner=__ _____/      //    _/___ __/   \_____\__     /_/  _//______\___     /\_______
banner=--/   _ \     //    _/    \\      _/    |/_   /\______    /    |/    /  \- -- -
banner=_/     \      \     \     //      \     |_/    /    |/    \    /     \  /
banner=\______/      /\_____\_____\______/\____      //    : ____/____      /\/
banner= \     \_____/  \     \     \     \ \  \_____/ \______/\  \   \_____/  \
banner=h7\_____\    \  /\___________\_____\/\__\    \  \     \ \______\    \dS!
banner=------ - \____\/ - --( n e t b s d )-- - \____\/ \_____\/ - --- \____\/ -------

And enjoy some stylish Amiga ASCII art after the next reboot:

         _______ ______       ___      _________  ____       __________
__ _____/      //    _/___ __/   \_____\__     /_/  _//______\___     /\_______
--/   _ \     //    _/    \\      _/    |/_   /\______    /    |/    /  \- -- -
_/     \      \     \     //      \     |_/    /    |/    \    /     \  /
\______/      /\_____\_____\______/\____      //    : ____/____      /\/
 \     \_____/  \     \     \     \ \  \_____/ \______/\  \   \_____/  \
h7\_____\    \  /\___________\_____\/\__\    \  \     \ \______\    \dS!
------ - \____\/ - --( n e t b s d )-- - \____\/ \_____\/ - --- \____\/ -------

     1. Boot normally
     2. Boot single user
     3. Drop to boot prompt

Choose an option; RETURN for default; SPACE to stop countdown.
Option 1 will be chosen in 2 seconds.

Lastly, here is the PNG version converted with Ansilove, in full Topaz glory:

All,

I'm trying to set up SSH X11 forwarding from a NetBSD 8.2 VM (running via QEMU) to a Ubuntu 20.04 host. When I attempt to ssh -X into the machine, the $DISPLAY variable is not set and I get an error message: "X11 forwarding request failed on channel 0". The following are pertinent environment details:

• xauth is installed on the NetBSD 8.2 VM and it works properly
• I have the line ForwardX11 yes in the /etc/ssh/ssh_config file on both NetBSD as well as the Ubuntu host
• I have the line XAuthLocation /usr/X711/bin/xauth in the ssh_config file on NetBSD.

If I run ssh -v, then the relevant X11 output I get is the following:

Authenticated to localhost ([127.0.0.1]:10022).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
X11 forwarding request failed on channel 0

what could be possible reasons for this?

All,

In continuing my efforts of trying to get Solaris 8 programs to function on NetBSD, I'm now attempting to get vncserver from (Tight VNC) to work (I'd link the github page, but the source of the vncserver perl script is slightly different than the one I'm using - though I feel uneasy about dumping all of this code here, I'll paste the source below the question). I've noticed that the system("xauth ...") line is hanging, and I discovered that it's using the xauth binary from Solaris 8. This binary hangs even when running it directly (e.g. ./xauth), so do I need to obtain a NetBSD version of xauth and change those lines for vncserver to work?

source code for the vncserver perl script from Solaris 8 (relevant line is 151)

#!/emul/svr4/usr/bin/perl
#
#  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
#
#  This is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This software is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this software; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
#  USA.
#

#
# vncserver - wrapper script to start an X VNC server.
#

#
# First make sure we're operating in a sane environment.
#

&SanityCheck();

#
# Global variables.  You may want to configure some of these for your site.
#

$geometry = "1024x768";
$depth = 8;
$desktopName = "X";
$vncClasses = "/opt/sfw/vnc/classes";
$vncUserDir = "$ENV{HOME}/.vnc";
$xauthorityFile = "$ENV{HOME}/.Xauthority";

$defaultXStartup
    = ("#!/bin/sh\n\n".
       "xrdb \$HOME/.Xresources\n".
       "xsetroot -solid grey\n".
       "xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
       "twm &\n");

chop($host = `uname -n`);


# Check command line options

&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
          "-help",0,"-h",0,"--help",0);

&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});

&Kill() if ($opt{'-kill'});

# Uncomment this line if you want default geometry, depth and pixelformat
# to match the current X display:
# &GetXDisplayDefaults();

if ($opt{'-geometry'}) {
    $geometry = $opt{'-geometry'};
}
if ($opt{'-depth'}) {
    $depth = $opt{'-depth'};
    $pixelformat = "";
}
if ($opt{'-pixelformat'}) {
    $pixelformat = $opt{'-pixelformat'};
}

&CheckGeometryAndDepth();

if ($opt{'-name'}) {
    $desktopName = $opt{'-name'};
}


# Create the user's vnc directory if necessary.

if (!(-e $vncUserDir)) {
    if (!mkdir($vncUserDir,0755)) {
    die "$prog: Could not create $vncUserDir.\n";
    }
}
    
# Make sure the user has a password.

($z,$z,$mode) = stat("$vncUserDir/passwd");
if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
    warn "\nYou will require a password to access your desktops.\n\n";
    system("vncpasswd $vncUserDir/passwd"); 
    if (($? >> 8) != 0) {
    exit 1;
    }
}

print "Found pass\n";

# Find display number.

if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
    print "If check one\n";
    $displayNumber = $1;
    shift(@ARGV);
    if (!&CheckDisplayNumber($displayNumber)) {
    die "A VNC server is already running as :$displayNumber\n";
    }
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/)) {
    print "If check two\n";
    &Usage();
} else {
    print "If check three\n";
    $displayNumber = &GetDisplayNumber();
}

print "Got display number\n";

$vncPort = 5900 + $displayNumber;

$desktopLog = "$vncUserDir/$host:$displayNumber.log";
unlink($desktopLog);

print "Unlinked $desktopLog\n";

# Make an X server cookie - use as the seed the sum of the current time, our
# PID and part of the encrypted form of the password.  Ideally we'd use
# /dev/urandom, but that's only available on Linux.

print "Making cookie...\n";

srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
print "random number generator seeded...\n";

$cookie = "";
$i = 0;
for (1..16) {
    print "another loop iteration...$i\n";
    $cookie .= sprintf("%02x", int(rand(256)));
    $i++;
}
print "hi\n";
 
$command = "xauth -f $xauthorityFile add $host:$displayNumber . $cookie";
print $command;

system("xauth -f $xauthorityFile add $host:$displayNumber . $cookie");
print "added cookie to authority file\n";
system("xauth -f $xauthorityFile add $host/unix:$displayNumber . $cookie"); 

print "Added cookie to host/unix in authority file\n";

print "X server cookie generated\n";

# Now start the X VNC Server

$cmd = "Xvnc :$displayNumber";
$cmd .= " -desktop " . &quotedString($desktopName);
$cmd .= " -httpd $vncClasses";
$cmd .= " -auth $xauthorityFile";
$cmd .= " -geometry $geometry" if ($geometry);
$cmd .= " -depth $depth" if ($depth);
$cmd .= " -pixelformat $pixelformat" if ($pixelformat);
$cmd .= " -rfbwait 120000";
$cmd .= " -rfbauth $vncUserDir/passwd";
$cmd .= " -rfbport $vncPort";

print "Vncserver started\n";

# Add font path and color database stuff here, e.g.:
#
# $cmd .= " -fp /usr/lib/X11/fonts/misc/,/usr/lib/X11/fonts/75dpi/";
# $cmd .= " -co /usr/lib/X11/rgb";
#

foreach $arg (@ARGV) {
    $cmd .= " " . &quotedString($arg);
}
$cmd .= " >> " . &quotedString($desktopLog) . " 2>&1";

# Run $cmd and record the process ID.

$pidFile = "$vncUserDir/$host:$displayNumber.pid";
print "running $cmd...\n";
system("$cmd & echo \$! >$pidFile");

# Give Xvnc a chance to start up

sleep(3); 

warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n";

# Create the user's xstartup script if necessary.

if (!(-e "$vncUserDir/xstartup")) {
    warn "Creating default startup script $vncUserDir/xstartup\n";
    open(XSTARTUP, ">$vncUserDir/xstartup");
    print XSTARTUP $defaultXStartup;
    close(XSTARTUP);
    chmod 0755, "$vncUserDir/xstartup";
}

# Run the X startup script.

warn "Starting applications specified in $vncUserDir/xstartup\n";
warn "Log file is $desktopLog\n\n";

# If the unix domain socket exists then use that (DISPLAY=:n) otherwise use
# TCP (DISPLAY=host:n)

if (-e "/tmp/.X11-unix/X$displayNumber") {
    $ENV{DISPLAY}= ":$displayNumber";
} else {
    $ENV{DISPLAY}= "$host:$displayNumber";
}
$ENV{VNCDESKTOP}= $desktopName;

system("$vncUserDir/xstartup >> " . &quotedString($desktopLog) . " 2>&1 &");

exit;


###############################################################################
#
# CheckGeometryAndDepth simply makes sure that the geometry and depth values
# are sensible.
#

sub CheckGeometryAndDepth
{
    if ($geometry =~ /^(\d+)x(\d+)$/) {
    $width = $1; $height = $2;

    if (($width<1) || ($height<1)) {
        die "$prog: geometry $geometry is invalid\n";
    }

    while (($width % 4)!=0) {
        $width = $width + 1;
    }

    while (($height % 2)!=0) {
        $height = $height + 1;
    }

    $geometry = "${width}x$height";
    } else {
    die "$prog: geometry $geometry is invalid\n";
    }

    if (($depth < 8) || ($depth > 32)) {
    die "Depth must be between 8 and 32\n";
    }
}


#
# GetDisplayNumber gets the lowest available display number.  A display number
# n is taken if something is listening on the VNC server port (5900+n) or the
# X server port (6000+n).
#

sub GetDisplayNumber
{
    print "Getting display number...\n";
    foreach $n (1..99) {
        print "Checking display number $n....\n";
    if (&CheckDisplayNumber($n)) {
        return $n+0; # Bruce Mah's workaround for bug in perl 5.005_02
    }
    }
    
    die "$prog: no free display number on $host.\n";
}


#
# CheckDisplayNumber checks if the given display number is available.  A
# display number n is taken if something is listening on the VNC server port
# (5900+n) or the X server port (6000+n).
#

sub CheckDisplayNumber
{
    local ($n) = @_;

    socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n";
    eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))';
    if (!bind(S, pack('S n x12', $AF_INET, 6000 + $n))) {
    close(S);
    return 0;
    }
    close(S);

    socket(S, $AF_INET, $SOCK_STREAM, 0) || die "$prog: socket failed: $!\n";
    eval 'setsockopt(S, &SOL_SOCKET, &SO_REUSEADDR, pack("l", 1))';
    if (!bind(S, pack('S n x12', $AF_INET, 5900 + $n))) {
    close(S);
    return 0;
    }
    close(S);

    if (-e "/tmp/.X$n-lock") {
    warn "\nWarning: $host:$n is taken because of /tmp/.X$n-lock\n";
    warn "Remove this file if there is no X server $host:$n\n";
    return 0;
    }

    if (-e "/tmp/.X11-unix/X$n") {
    warn "\nWarning: $host:$n is taken because of /tmp/.X11-unix/X$n\n";
    warn "Remove this file if there is no X server $host:$n\n";
    return 0;
    }

    return 1;
}


#
# GetXDisplayDefaults uses xdpyinfo to find out the geometry, depth and pixel
# format of the current X display being used.  If successful, it sets the
# options as appropriate so that the X VNC server will use the same settings
# (minus an allowance for window manager decorations on the geometry).  Using
# the same depth and pixel format means that the VNC server won't have to
# translate pixels when the desktop is being viewed on this X display (for
# TrueColor displays anyway).
#

sub GetXDisplayDefaults
{
    local (@lines, @matchlines, $width, $height, $defaultVisualId, $i,
       $red, $green, $blue);

    $wmDecorationWidth = 4; # a guess at typical size for window manager
    $wmDecorationHeight = 24;   # decoration size

    return if (!defined($ENV{DISPLAY}));

    @lines = `xdpyinfo 2>/dev/null`;

    return if ($? != 0);

    @matchlines = grep(/dimensions/, @lines);
    if (@matchlines) {
    ($width, $height) = ($matchlines[0] =~ /(\d+)x(\d+) pixels/);

    $width -= $wmDecorationWidth;
    $height -= $wmDecorationHeight;

    $geometry = "${width}x$height";
    }

    @matchlines = grep(/default visual id/, @lines);
    if (@matchlines) {
    ($defaultVisualId) = ($matchlines[0] =~ /id:\s+(\S+)/);

    for ($i = 0; $i < @lines; $i++) {
        if ($lines[$i] =~ /^\s*visual id:\s+$defaultVisualId$/) {
        if (($lines[$i+1] !~ /TrueColor/) ||
            ($lines[$i+2] !~ /depth/) ||
            ($lines[$i+4] !~ /red, green, blue masks/))
        {
            return;
        }
        last;
        }
    }

    return if ($i >= @lines);

    ($depth) = ($lines[$i+2] =~ /depth:\s+(\d+)/);
    ($red,$green,$blue)
        = ($lines[$i+4]
           =~ /masks:\s+0x([0-9a-f]+), 0x([0-9a-f]+), 0x([0-9a-f]+)/);

    $red = hex($red);
    $green = hex($green);
    $blue = hex($blue);

    if ($red > $blue) {
        $red = int(log($red) / log(2)) - int(log($green) / log(2));
        $green = int(log($green) / log(2)) - int(log($blue) / log(2));
        $blue = int(log($blue) / log(2)) + 1;
        $pixelformat = "rgb$red$green$blue";
    } else {
        $blue = int(log($blue) / log(2)) - int(log($green) / log(2));
        $green = int(log($green) / log(2)) - int(log($red) / log(2));
        $red = int(log($red) / log(2)) + 1;
        $pixelformat = "bgr$blue$green$red";
    }
    }
}


#
# quotedString returns a string which yields the original string when parsed
# by a shell.
#

sub quotedString
{
    local ($in) = @_;

    $in =~ s/\'/\'\"\'\"\'/g;

    return "'$in'";
}


#
# removeSlashes turns slashes into underscores for use as a file name.
#

sub removeSlashes
{
    local ($in) = @_;

    $in =~ s|/|_|g;

    return "$in";
}


#
# Usage
#

sub Usage
{
    die("\nusage: $prog [:<number>] [-name <desktop-name>] [-depth <depth>]\n".
    "                 [-geometry <width>x<height>]\n".
    "                 [-pixelformat rgbNNN|bgrNNN]\n".
    "                 <Xvnc-options>...\n\n".
    "       $prog -kill <X-display>\n\n");
}


#
# Kill
#

sub Kill
{
    $opt{'-kill'} =~ s/(:\d+)\.\d+$/$1/; # e.g. turn :1.0 into :1

    if ($opt{'-kill'} =~ /^:\d+$/) {
    $pidFile = "$vncUserDir/$host$opt{'-kill'}.pid";
    } else {
    if ($opt{'-kill'} !~ /^$host:/) {
        die "\nCan't tell if $opt{'-kill'} is on $host\n".
        "Use -kill :<number> instead\n\n";
    }
    $pidFile = "$vncUserDir/$opt{'-kill'}.pid";
    }

    if (! -r $pidFile) {
    die "\nCan't find file $pidFile\n".
        "You'll have to kill the Xvnc process manually\n\n";
    }

    $SIG{'HUP'} = 'IGNORE';
    chop($pid = `cat $pidFile`);
    warn "Killing Xvnc process ID $pid\n";
    system("kill $pid");
    unlink $pidFile;
    exit;
}


#
# ParseOptions takes a list of possible options and a boolean indicating
# whether the option has a value following, and sets up an associative array
# %opt of the values of the options given on the command line. It removes all
# the arguments it uses from @ARGV and returns them in @optArgs.
#

sub ParseOptions
{
    local (@optval) = @_;
    local ($opt, @opts, %valFollows, @newargs);

    while (@optval) {
    $opt = shift(@optval);
    push(@opts,$opt);
    $valFollows{$opt} = shift(@optval);
    }

    @optArgs = ();
    %opt = ();

    arg: while (defined($arg = shift(@ARGV))) {
    foreach $opt (@opts) {
        if ($arg eq $opt) {
        push(@optArgs, $arg);
        if ($valFollows{$opt}) {
            if (@ARGV == 0) {
            &Usage();
            }
            $opt{$opt} = shift(@ARGV);
            push(@optArgs, $opt{$opt});
        } else {
            $opt{$opt} = 1;
        }
        next arg;
        }
    }
    push(@newargs,$arg);
    }

    @ARGV = @newargs;
}


#
# Routine to make sure we're operating in a sane environment.
#

sub SanityCheck
{
    local ($cmd);

    #
    # Get the program name
    #

    ($prog) = ($0 =~ m|([^/]+)$|);

    #
    # Check we have all the commands we'll need on the path.
    #

 cmd:
    foreach $cmd ("uname","xauth","Xvnc","vncpasswd") {
    for (split(/:/,$ENV{PATH})) {
        if (-x "$_/$cmd") {
        next cmd;
        }
    }
    die "$prog: couldn't find \"$cmd\" on your PATH.\n";
    }

    #
    # Check the HOME environment variable is set
    #

    if (!defined($ENV{HOME})) {
    die "$prog: The HOME environment variable is not set.\n";
    }

    #
    # Find socket constants. 'use Socket' is a perl5-ism, so we wrap it in an
    # eval, and if it fails we try 'require "sys/socket.ph"'.  If this fails,
    # we just guess at the values.  If you find perl moaning here, just
    # hard-code the values of AF_INET and SOCK_STREAM.  You can find these out
    # for your platform by looking in /usr/include/sys/socket.h and related
    # files.
    #

    chop($os = `uname`);
    chop($osrev = `uname -r`);

    eval 'use Socket';
    if ([email protected]) {
    eval 'require "sys/socket.ph"';
    if ([email protected]) {
        if (($os eq "SunOS") && ($osrev !~ /^4/)) {
        $AF_INET = 2;
        $SOCK_STREAM = 2;
        } else {
        $AF_INET = 2;
        $SOCK_STREAM = 1;
        }
    } else {
        $AF_INET = &AF_INET;
        $SOCK_STREAM = &SOCK_STREAM;
    }
    } else {
    $AF_INET = &AF_INET;
    $SOCK_STREAM = &SOCK_STREAM;
    }
}

I have a gcc 2.95.1 binary installed on a Solaris 8 VM. For an experiment, I'm trying to get it working in a NetBSD environment. However, I can't run the compilation phase on any program that involves #include directives, as the binary doesn't seem to be looking for libraries even without the -I flag specified. The example that I'm trying to test out now is a simple Hello World:

#include <stdio.h>
#include <stdlib.h>
int main() {
    printf("Hello World!\n");
    exit(0);
}

Running gcc -I some_random_directory -v -o hello_world.o -c hello_world.c on the Solaris 8 machine produced this:

Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/specs
gcc version 2.95.1 19990816 (release)
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/cpp -lang-c -v -I some_random_directory -D__GNUC__=2 -D__GNUC_MINOR__=95 -Dsparc -Dsun -Dunix -D__svr4__ -D__SVR4 -D__sparc__ -D__sun__ -D__unix__ -D__svr4__ -D__SVR4 -D__sparc -D__sun -D__unix -Asystem(unix) -Asystem(svr4) -D__GCC_NEW_VARARGS__ -Acpu(sparc) -Amachine(sparc) hello_world.c /var/tmp/ccA6aEZ8.i
GNU CPP version 2.95.1 19990816 (release) (sparc)
#include "..." search starts here:
#include <...> search starts here:
 some_random_directory
 /usr/local/include
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/../../../../sparc-sun-solaris2.8/include
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/include
 /usr/include
End of search list.
The following default directories have been omitted from the search path:
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/../../../../include/g++-3
End of omitted list.
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/cc1 /var/tmp/ccA6aEZ8.i -quiet -dumpbase hello_world.c -version -o /var/tmp/ccUTCLhe.s
GNU C version 2.95.1 19990816 (release) (sparc-sun-solaris2.8) compiled by GNU C version 2.95.1 19990816 (release).

Running the same compilation command using the Solaris 8 gcc on NetBSD produced this:

Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/specs
gcc version 2.95.1 19990816 (release)
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/cpp -lang-c -v -I some_random_directory -D__GNUC__=2 -D__GNUC_MINOR__=95 -Dsparc -Dsun -Dunix -D__svr4__ -D__SVR4 -D__sparc__ -D__sun__ -D__unix__ -D__svr4__ -D__SVR4 -D__sparc -D__sun -D__unix -Asystem(unix) -Asystem(svr4) -D__GCC_NEW_VARARGS__ -Acpu(sparc) -Amachine(sparc) hello_world.c /var/tmp/ccFedUPd.i
GNU CPP version 2.95.1 19990816 (release) (sparc)
#include "..." search starts here:
#include <...> search starts here:
 .
 .
 .
 .
 .
End of search list.
The following default directories have been omitted from the search path:
 /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/2.95.1/../../../../include/g++-3
End of omitted list.
hello_world.c:1: stdio.h: No such file or directory
hello_world.c:2: stdlib.h: No such file or directory

At first, I thought gcc was just ignoring the -I flag, but the other search locations aren't showing up in the second output either. What might be going on here?

In this post, we’ll look at implementing a simple character device driver as a kernel module in NetBSD. Once it is loaded, userspace processes will be able to write an arbitrary byte string to the device, and on every successive read expect a cryptographically-secure pseudorandom permutation of the original byte string.

IF you’ve always wanted to learn how to write a NetBSD driver, here’s a great starting point.

My continuous journey into toolchains, in the first quarter of 2022

This is the fourth post in my toolchains adventures series. Please check the previous posts in the toolchains category for more context about this journey.

In Pkgsrc land, I packaged and imported pax-utils, and updated mold to the 1.0.1, 1.0.2, 1.0.3, 1.1, and 1.1.1 versions. Since version 1.0.2, mold can now link NetBSD object files thanks to work done by [email protected]

I also committed upstream fix for CVE-2021-45078 in binutils to fix an out-of-bounds write, and imported our NetBSD/aarch64 support patches for ld from the NetBSD’s src repository. This fixes the build on NetBSD/aarch64. I then updated the package to the 2.38 version which was released in February.

I don’t have much to report on the LLVM side, I only made two documentation related commits this quarter. However, I have a few things I plan to look at, so I should hopefully have more to report next time.

Besides that, I’ve been mostly busy reading different material, and adding a lot of new resources to toolchains.net.

That’s all for now, happy Spring 2022 everyone!

LLVM commits:

do we need to develop ... innovate?

/dev/entropy

a accounting, - non-blocking, high availability-cryptographic unix-type character device that has its own interactive interface to allow programmatic assertions, to allow the definition of pools of entropy of various designated sources, which were previously added to aid the remixing of entropy pool - with specialized software and specific hardware peripherals, dongles, even the conversions of cryptographic functions to hardware

/dev/entropy is capable of persisting keep-state information of elements that are defined in the cryptographic subsystem, such as the details of designated entropy pools, its mode of operation for mixture from sources, it's access information. All information that is needed to keep coherency of a system - secured process of re-entry interpretation.

/dev/entropy will be a non-blocking character device, 2. that allow and assure high availability and early readiness of encapsulated information, to prevent boot time regression of a system, to prevent dangling of boot time processes - with a specific interface that may allow programmed interaction to assert to running configurations of the cryptographic subsystem. Why: The Dutch intelligence community has some formal recommendation towards information transformation for the post-quantum era. Asymmetric encryption would at least benefit to harden a datastore.

Why: because /dev/random looks less elegant now on Debian, with irregular symbolic bursts, nothing qualitative can be said about the pool of entropy. That is not having hypersonic products of entropy from high- and low-quality sources, in a rehashing scheme, exposing bias already to several bits that may lead to more exposure of any cascade of cryptographic functions ahead.

/dev/entropy would help benefit all new methods and algorithms, from cryptographic facilities aiding ambiguity such as having spatial decorrelation, spatial complexity - which by means of graphing has the worst differentiated nodes dissolved in reversal, adding temporal complexity to streams, What we need is that perhaps comes from core isolated lightweight processes to produce asynchronous tokens, to build pathways that with one way hashing functions.

TBC... there will be a tactical augmented console interface and authentication in multiple factors such as holding a zero (mirrored) in from of a image source and the gesture of 'TENET' with both hands. There will also be a tactical projection device that uses lasers to guide the one-time projection.