NetBSD Planet

November 30, 2020

Pullup pkgsrc [pullup-pkgsrc #6374] There is $50 Costco Gift reward sent to you!

November 29, 2020

Pullup 9 [pullup-9 #1138] Bug fix for ZFS panic

November 28, 2020

Pullup 9 [pullup-9 #1137] evbarm: fix installer

November 27, 2020

Pullup 9 [pullup-9 #1136] i915 fix
UnitedBSD NetBSD block devices

I've found no newcomer-friendly documentation about NetBSD's block devices and I'm trying to write one. I've collected information from the various man pages involved but some points remain unclear to me:

November 26, 2020

UnitedBSD NetBSD and OpenBSD's pkg_add vs FreeBSD's pkg

Why do NetBSD and OpenBSD have separate commands for adding/deleting packages instead of arguments(?) to the same command, like FreeBSD? Is there any added functionality by such splitting?
If I understand correctly, NetBSD's pkgin does do this but is not the default tool.

I'm yet going through NetBSD's documentation prior to installing it so sorry in advance if anything I've said is wrong.

November 25, 2020

OS News Before the BSD kernel starts

In this article, I will walk through the early kernel initialization process, defining the meaning of this term. System initialization is a broad topic that ranges from the platform’s hardware design all the way up to typical functions of an operating system such as handling I/O operations. It is not possible to cover the entire topic adequately within the scope of an article. In this first part I will describe the well-known AMD64: 64-bit platform. I am going to highlight a very interesting part of the initialization process the early initialization of the kernel. Later, I will compare it with ARM64. In both cases I will discuss the topic in the context of NetBSD, the operating system known for its portability.

Some light reading.

November 24, 2020

Pullup pkgsrc [pullup-pkgsrc #6373] Fwd: CVS commit: pkgsrc/graphics/ImageMagick

November 22, 2020

Unix Stack Exchange NetBSD sh -c "echo OK" doesn't give any output? [closed]

I'm testing the portability of some stuff I'm writing to BSD. It's working on Linux, FreeBSD, OpenBSD. It isn't working on NetBSD.

The following is on a fresh VM installation I've made just for the purpose of testing this. I've traced the issue to

NetBSD$ uname -a
NetBSD NetBSD.local 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC amd64
NetBSD$ cat /etc/shells                                                                                 
#       $NetBSD: shells,v 1.3 1996/12/29 03:23:07 mrg Exp $
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.

NetBSD$ for s in /bin/sh /bin/csh /bin/ksh /usr/pkg/bin/zsh /usr/pkg/bin/bash ; do echo $s; $s -c "echo OK" ; done
NetBSD$ su -
NetBSD# for s in /bin/sh /bin/csh /bin/ksh /usr/pkg/bin/zsh /usr/pkg/bin/bash ; do echo $s; $s -c "echo OK" ; done

Why doesn't sh -c "echo OK" and ksh -c "echo OK" work when I'm a non-root user, and why do they work when I'm root?

Other shells (csh, zsh, bash) work correctly, as shown above.

November 21, 2020

Pullup 8 [pullup-8 #1625] Stop gethostbyname() / getaddrinfo() from complaining about DNAME
DragonFly BSD Digest In Other BSDs for 202/11/21

Right outta RSS.

November 20, 2020

Pullup pkgsrc [pullup-pkgsrc #6372] neomutt security fix

November 19, 2020

Pullup 9 [pullup-9 #1135] [[email protected]: CVS commit: src]
Pullup 9 [pullup-9 #1134] Fwd: CVS commit: src/libexec/httpd
Pullup 8 [pullup-8 #1624] Fwd: CVS commit: src/libexec/httpd

November 18, 2020

Pullup pkgsrc [pullup-pkgsrc #6371] [[email protected]: CVS commit: pkgsrc/www/firefox78-l10n]
Pullup pkgsrc [pullup-pkgsrc #6370] [[email protected]: CVS commit: pkgsrc/www/firefox78]

November 17, 2020

UnitedBSD headless netbsd installation

I want to install NetBSD on PINE64 RockPro64. I flashed arm aarch64 netbsd image on my flash drive, plugged it into my RockPro64, also plugged monitor via HDMI-VGA adapter and keyboard via usb port. I powered my board on and... Nothing happend. Not even boot agent showed up on the monitor.

I'm assuming there is a problem with the HDMI-VGA adapter. So I have two options: make NetBSD work with the adapter or do a headless installation.

Unfortunately, I have never used NetBSD before, so I don't know how to do it. I have some experience with Linux, however.

November 16, 2020

Pullup 8 [pullup-8 #1623] wm(4): Fix for 82574 and later on big-endian machines

November 15, 2020

UnitedBSD `wsfont`: Changing the default NetBSD console font.

The default built-in font, Boldface, which is loaded at boot-time on a framebuffer (whether genfb or DRM) console is too small as it is 8x16. The other font built into the kernel is Boldface 16x32, and this, if you load it, will give you a console approximating a 80x25 screen--ie. this font is too large. Try it:

$ sudo wsconsctl -f $(tty) -dw font="Boldface 16x32"

The other fonts in /usr/share/wscons/fonts/ are all also small (8x16, 8x10, 8x8), as their extensions indicate.

The solution that is usually advocated to get a reasonable-size font is to a) edit the kernel config, b) add one of the fonts in /usr/src/sys/dev/wsfont/ using directives like options FONT_SPLEEN16x32, and c) then recompile the kernel. But, this is a pain. Simpler to write a program to suck in the fonts and load them into the kernel as needed. This is what the code below does.

Compile, and then run it as follows:

$ ./wsfont list
Compiled in fonts:
Fontname               Int. Name        1ch Nch Enc   Wid Hei Str bO BO   Size
DejaVu_Sans_Mono_12x22 DejaVu Sans Mono   0 256 iso    12  22  12 LR LR  67584
Droid_Sans_Mono_12x22  Droid Sans Mono    0 256 iso    12  22  12 LR LR  67584
Droid_Sans_Mono_19x36  Droid Sans Mono    0 256 iso    19  36  19 LR LR 175104
Droid_Sans_Mono_9x18   Droid Sans Mono    0 256 iso     9  18   9 LR LR  41472
Go_Mono_12x23          Go Mono            0 256 iso    12  23  12 LR LR  70656
bold16x32              Boldface 16x32     1 254 ibm    16  32   2 LR LR  16256
bold8x16               Boldface           1 254 ibm     8  16   1 LR LR   4064
gallant12x22           Gallant            0 256 iso    12  22   2 LR LR  11264
Glass_TTY_VT220_10x19  Glass TTY VT220    0 256 iso    10  19  10 LR LR  48640
Glass_TTY_VT220_10x25  Glass TTY VT220    0 256 iso    10  25  10 LR LR  64000
lucida16x29            Lucida            32  95 iso    16  29   2 LR LR   5510
omron12x20             omron12x20        32  95 iso    12  20   2 LR LR   3800
qvss8x15               QVSS              32 224 iso     8  15   1 RL LR   3360
sony12x24              sony12x24         32 224 iso    12  24   2 LR LR  10752
sony8x16               sony8x16          32 224 iso     8  16   1 LR LR   3584
spleen12x24            Spleen 12x24      32 224 iso    12  24   2 LR LR  10752
spleen16x32            Spleen 16x32      32 224 iso    16  32   2 LR LR  14336
spleen32x64            Spleen 32x64      32 224 iso    32  64   4 LR LR  57344
spleen5x8              Spleen 5x8        32  96 iso     5   8   1 LR LR    768
spleen8x16             Spleen 8x16       32 224 iso     8  16   1 LR LR   3584
vt220iso8x16           vt220iso8x16      32 224 iso     8  16   1 LR LR   3584
vt220iso8x8            vt220iso8x8       32 224 iso     8   8   1 LR LR   1792
vt220l8x10             vt220l             0 256 ibm     8  10   1 LR LR   2560
vt220l8x16             vt220l             0 256 ibm     8  16   1 LR LR   4096
vt220l8x8              vt220l             0 256 ibm     8   8   1 LR LR   2048
$ sudo ./wsfont set DejaVu_Sans_Mono_12x22
# Font should change on current console.

After you've checked out the fonts available on NetBSD (9.1 shown above), you can write all the fonts into /usr/share/wscons/fonts/ and then load your choice at boot-time via /etc/wsconf.conf:

$ sudo ./wsfont dump /usr/share/wscons/fonts/
$ ls -ltr /usr/share/wscons/fonts/*.fnt
-rw-r--r--  1 root  wheel   67684 Nov 15 10:28 DejaVu_Sans_Mono_12x22.fnt
-rw-r--r--  1 root  wheel   67684 Nov 15 10:28 Droid_Sans_Mono_12x22.fnt
-rw-r--r--  1 root  wheel  175204 Nov 15 10:28 Droid_Sans_Mono_19x36.fnt
-rw-r--r--  1 root  wheel   41572 Nov 15 10:28 Droid_Sans_Mono_9x18.fnt
-rw-r--r--  1 root  wheel   70756 Nov 15 10:28 Go_Mono_12x23.fnt
-rw-r--r--  1 root  wheel   16356 Nov 15 10:28 bold16x32.fnt
-rw-r--r--  1 root  wheel    4164 Nov 15 10:28 bold8x16.fnt
-rw-r--r--  1 root  wheel   11364 Nov 15 10:28 gallant12x22.fnt
-rw-r--r--  1 root  wheel   48740 Nov 15 10:28 Glass_TTY_VT220_10x19.fnt
-rw-r--r--  1 root  wheel   64100 Nov 15 10:28 Glass_TTY_VT220_10x25.fnt
-rw-r--r--  1 root  wheel    5610 Nov 15 10:28 lucida16x29.fnt
-rw-r--r--  1 root  wheel    3900 Nov 15 10:28 omron12x20.fnt
-rw-r--r--  1 root  wheel    3460 Nov 15 10:28 qvss8x15.fnt
-rw-r--r--  1 root  wheel   10852 Nov 15 10:28 sony12x24.fnt
-rw-r--r--  1 root  wheel    3684 Nov 15 10:28 sony8x16.fnt
-rw-r--r--  1 root  wheel   10852 Nov 15 10:28 spleen12x24.fnt
-rw-r--r--  1 root  wheel   14436 Nov 15 10:28 spleen16x32.fnt
-rw-r--r--  1 root  wheel   57444 Nov 15 10:28 spleen32x64.fnt
-rw-r--r--  1 root  wheel     868 Nov 15 10:28 spleen5x8.fnt
-rw-r--r--  1 root  wheel    3684 Nov 15 10:28 spleen8x16.fnt
-rw-r--r--  1 root  wheel    3684 Nov 15 10:28 vt220iso8x16.fnt
-rw-r--r--  1 root  wheel    1892 Nov 15 10:28 vt220iso8x8.fnt
-rw-r--r--  1 root  wheel    2660 Nov 15 10:28 vt220l8x10.fnt
-rw-r--r--  1 root  wheel    4196 Nov 15 10:28 vt220l8x16.fnt
-rw-r--r--  1 root  wheel    2148 Nov 15 10:28 vt220l8x8.fnt

Edit your /etc/wsconf.conf and add lines like these (read the wscons.conf(5), wsfontload(8) and wsconsctl(8) man-pages for details):

font    dejavu  12      22      iso     /usr/share/wscons/fonts/DejaVu_Sans_Mono_12x22.fnt

setvar  ttyE0   font            dejavu
setvar  ttyE1   font            dejavu
setvar  ttyE2   font            dejavu
setvar  ttyE3   font            dejavu

You'll easily find the locations where you should add those lines. Check out the QVSS font, where somebody's clearly been having fun.

Makefile (imp: all blanks at the beginning are actually tabs):
CC ?= gcc
CFLAGS ?= -Wall -Wextra -g -pipe

INC = -I/usr/src/sys

EXE = wsfont
SRC = wsfont.c
HDR = wsfont.h

${EXE}: ${SRC} ${HDR}
	${CC} ${CFLAGS} ${INC} -o ${EXE} ${SRC} ${LDFLAGS}

	awk -f mkhdr.awk /usr/src/sys/dev/wsfont/*.h > ${HDR}

	rm -f ${EXE} ${HDR}
#!/usr/bin/awk -f

	N = 0

	gsub(/^.+\//, "", FNAME)
	sub(/\.h$/, "", FNAME)
	if (FNAME ~ /vt220koi8x10/)
		nextfile	# we get a macro--skip this

	PAT = "(static[[:blank:]]+)?struct[[:blank:]]+wsdisplay_font[[:blank:]]+[^[:blank:]]+[[:blank:]]*=[[:blank:]]*{"
	if ($0 ~ PAT) {
		printf("#include <dev/wsfont/%s.h>\n", FNAME)
		PFX = "(static[[:blank:]]+)?struct[[:blank:]]+wsdisplay_font[[:blank:]]+"
		SUF = "[[:blank:]]*=[[:blank:]]*{"
		FONT = $0
		sub(PFX, "", FONT)
		sub(SUF, "", FONT)
		if (length FONT > 0)
			FONTS[N++] = FONT
	printf("\nstatic struct wsfont {\n")
	printf("\tchar* fname;\n")
	printf("\tstruct wsdisplay_font* wsdfont;\n")
	printf("} wsfonts[] = {\n")
	for (i = 0; i < N; i++)
		printf("\t{ \"%s\", \t&%s },\n", FONTS[i], FONTS[i])
	printf("\t{ NULL, NULL }\n};\n");
#include <dev/wscons/wsconsio.h>
#include <sys/ioctl.h>
#include <endian.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "wsfont.h"

static int do_help(void);
static int do_list(void);
static int do_set(int argc, char* argv[]);
static int do_dump(int argc, char* argv[]);
static int wr_font(struct wsdisplay_font* wsf, char* path);
static void pr_font(struct wsdisplay_font* wsf);
static int set_font(char* fname, struct wsdisplay_font* wsf, char* cdev);
static char* bord2s(int b_order);
static char* enc2s(int encoding);

static char* prog;

main(int argc, char* argv[])
	char* cmd;
	int rc = EXIT_FAILURE;

	prog = argv[0];
	if (argc == 1) {
		rc = do_help();

	cmd = argv[1];
	if (strcmp(cmd, "help") == 0)
		rc = do_help();
	else if (strcmp(cmd, "list") == 0)
		rc = do_list();
	else if (strcmp(cmd, "dump") == 0)
		rc = do_dump(argc, argv);
	else if (strcmp(cmd, "set") == 0)
		rc = do_set(argc, argv);
		warnx("%s: unknown command.\nTry: help\n", cmd);
	return rc;

static int
	"Available commands:\n"
	"  list:            List compiled-in fonts\n"
	"  dump DIR:        Dump fonts into \"DIR\" (which must exist)\n"
	"                   eg.: wsfont dump /usr/share/wscons/fonts\n"
	"  set FONT [DEV]:  Load & set \"FONT\" on console \"DEV\" (or current)\n"
	"                   eg.: wsfont set Go_Mono_12x23 /dev/ttyE0\n"
	"                   eg.: wsfont set Go_Mono_12x23\n"
	"  help:            This list\n");

static int
	int i, rc = EXIT_FAILURE;

	for (i = 0; wsfonts[i].fname != NULL; i++) {
		if (i == 0) {	/* print heading */
			printf("Compiled in fonts:\n");
			printf("%-22s %-16s ", "Fontname", "Int. Name");
			printf("%3s %3s %-5s ", "1ch", "Nch", "Enc");
			printf("%3s %3s %3s ", "Wid", "Hei", "Str");
			printf("%-2s %-2s %6s\n", "bO", "BO", "Size");
		printf("%-22s", wsfonts[i].fname);
	if (i == 0)
		warnx("error: no fonts compiled in!");
	return rc;

static void
pr_font(struct wsdisplay_font* wsf)
	printf(" %-16s %3d %3d", wsf->name, wsf->firstchar, wsf->numchars);
	printf(" ");
	printf("%-5s", enc2s(wsf->encoding));
	printf(" %3d %3d %3d", wsf->fontwidth, wsf->fontheight, wsf->stride);
	printf(" %-2s", bord2s(wsf->bitorder));
	printf(" %-2s", bord2s(wsf->byteorder));
	printf(" %6u\n", wsf->fontheight * wsf->stride * wsf->numchars);

static char*
enc2s(int encoding)
	switch (encoding) {
	case WSDISPLAY_FONTENC_ISO: return "iso";
	case WSDISPLAY_FONTENC_IBM: return "ibm";
	case WSDISPLAY_FONTENC_PCVT: return "pcvt";
	case WSDISPLAY_FONTENC_ISO7: return "iso7";
	case WSDISPLAY_FONTENC_ISO2: return "iso2";
	case WSDISPLAY_FONTENC_KOI8_R: return "koi8r";
	default: return "?";

static char*
bord2s(int b_order)
	switch (b_order) {
	default: return "?";

static int
do_dump(int argc, char* argv[])
	int i, rc = EXIT_FAILURE;
	char* dir, *p;

	if (argc != 3) {
		warnx("Usage: %s dump DIR", prog);
		return rc;
	dir = argv[2];
	if (*dir == '\0') {
		warnx("error: empty directory name");
		return rc;

	p = dir + strlen(dir);
	while (--p >= dir && *p == '/')
		*p = '\0';
	for (i = 0; wsfonts[i].fname != NULL; i++) {
		char path[PATH_MAX];
		snprintf(path, sizeof path, "%s/%s.fnt", dir, wsfonts[i].fname);
		rc = wr_font(wsfonts[i].wsdfont, path);
		if (rc != EXIT_SUCCESS)

	return rc;

static int
wr_font(struct wsdisplay_font* wsf, char* path)
	char buf[4 + 64];
	int fd, n, rc = EXIT_FAILURE;

	if ((fd = open(path, O_WRONLY | O_CREAT, 0644)) == -1) {
		warn("%s: open failed", path);
		return rc;
	memset(buf, 0, sizeof buf);
	memcpy(buf, "WSFT", 4);
	strcpy(buf + 4, wsf->name);
	n = sizeof buf;
	if (write(fd, buf, n) != n) {
		warn("%s: write failed", path);
		goto out;
	n = htole32(wsf->firstchar); write(fd, &n, 4);
	n = htole32(wsf->numchars); write(fd, &n, 4);
	n = htole32(wsf->encoding); write(fd, &n, 4);
	n = htole32(wsf->fontwidth); write(fd, &n, 4);
	n = htole32(wsf->fontheight); write(fd, &n, 4);
	n = htole32(wsf->stride); write(fd, &n, 4);
	n = htole32(wsf->bitorder); write(fd, &n, 4);
	n = htole32(wsf->byteorder); write(fd, &n, 4);
	n =  wsf->numchars * wsf->fontheight * wsf->stride;
	if (write(fd, wsf->data, n) != n) {
		warn("%s: write failed", path);
	} else
	return rc;

static int
do_set(int argc, char* argv[])
	char* cdev, *fname;
	int i, rc = EXIT_FAILURE;

	if (argc < 3) {
		warnx("Usage: %s set fontname console_device", prog);
		return rc;

	fname = argv[2];
	if (argc == 4)
		cdev = argv[3];
	else {		/* set font on current tty */
		cdev = ttyname(STDIN_FILENO);
		if (cdev == NULL) {
			warn("ttyname failed");
			return rc;
	for (i = 0; wsfonts[i].fname != NULL; i++) {
		if (strcmp(wsfonts[i].fname, fname) == 0) {
			rc = set_font(fname, wsfonts[i].wsdfont, cdev);

	return rc;

static int
set_font(char* fname, struct wsdisplay_font* wsf, char* cdev)
	int fd, rc = EXIT_FAILURE;
	char* cmd = NULL;

	if ((fd = open("/dev/wsfont", O_RDWR)) < 0) {
		warn("/dev/wsfont: open failed");
		return rc;
	wsf->name = fname;	/* VT220 has multiple fonts with same name */
	if (ioctl(fd, WSDISPLAYIO_LDFONT, wsf) < 0) {
		if (errno == EEXIST)
			warnx("%s: font already loaded", wsf->name);
		else {
			warn("ioctl WSDISPLAYIO_LDFONT failed");
			return rc;
	if (asprintf(&cmd, "/sbin/wsconsctl -f \"%s\" -dw font=\"%s\"",
	    cdev, wsf->name) == -1) {
		warn("asprintf failed");
		return rc;
	if (system(cmd) != 0)
		warn("warning: %s: cmd failed", cmd);

	return rc;


November 14, 2020

Pullup 8 [pullup-8 #1622] Fwd: CVS commit: src/sys/coda

November 13, 2020

Pullup 8 [pullup-8 #1621] Re: CVS commit: src/sys

November 09, 2020

UnitedBSD Which email client do you use?

I've been using Thunderbird so far as the best compromise between features (in particular calendar and address book), ease-of-use and "system-friendliness" (i.e. not eating up all the system's resources). I've also tried Evolution, but though it rates high on features, its ease-of-use and system-friendliness scores are very low.

I've tried to use Thunderbird 78.2.2 on NetBSD but it doesn't work, so I'm looking for an alternative, hence my question.

November 08, 2020

Unix Stack Exchange How to install a torrent client on a NetBSD server with only SSH access [closed]

I have a remote server running NetBSD 6, to which I have access only via SSH. I have very limited Unix/Linux experience but I guess there are some command line torrent cliens available for Unixes like the ones in the BSD family. Could someone help install a torrent client only using SSH access onto a NetBSD 6 server?

Thank you!

October 31, 2020

DragonFly BSD Digest In Other BSDs for 2020/10/31

Spooky Halloween BSD News!  Well, not really.

October 30, 2020

Ruben Schade NetBSD 9.1, FreeBSD 12.2-R, OpenBSD 6.8

The BSD Daemon

Holiday presents have come early this year! We saw updates for the three biggest BSDs this month, all with something interesting to try. Emphasis added on what my weekend will be spent checking out:

NetBSD 9.1:

The NetBSD Project is pleased to announce NetBSD 9.1, the firstfeature and stability update for the netbsd-9 release branch.

Over the last months many changes have been made to the NetBSD 9 stablebranch. As a stable branch the release engineering team and the NetBSDdevelopers are conservative with changes to this branch and many usersrely on the binaries from our regular auto-builds for production use.

The new release features (among various other changes) many bug fixes,a few performance enhancements, stability improvements for ZFS and LFSand support for USB security keys in a mode easily usable in Firefoxand other applications.


The FreeBSD Release Engineering Team is pleased to announce theavailability of FreeBSD 12.2-RELEASE. This is the third release of thestable/12 branch.

Some of the highlights:

  • Updates to the wireless networking stack and various drivers havebeen introduced to provide better 802.11n and 802.11ac support.

  • The ice(4) driver has been added, supporting Intel(R) 100Gb ethernetcards.

  • The jail(8) utility has been updated to allow running Linux(R) in ajailed environment.

  • OpenSSL has been updated to version 1.1.1h.

  • OpenSSH has been updated to version 7.9p1.

  • The clang, llvm, lld, lldb, compiler-rt utilities and libc++ havebeen updated to version 10.0.1.

I don’t run OpenBSD anywhere, but I keep being given good reasons to finally try it again. OpenBSD 6.8, via the OpenBSD Journal:

On its 25th birthday, the OpenBSD project has released OpenBSD 6.8, the 49th release.

The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page.

By Ruben Schade in Sydney.

October 29, 2020

DragonFly BSD Digest BSD Now 374: OpenBSD’s 25th anniversary

This week’s BSD Now is all about releases – OpenBSD, NetBSD, BastilleBSD…

October 24, 2020

Ruben Schade Firefox 82.0 resolves macOS stuttering scrolling

My new MacBook Pro coincided with the release of Firefox 81.x, which lead me to think there was something wrong with the discrete GPU on this refurbished machine. Each time I loaded a site and scrolled, regardless of how heavy the page was, it would occasionally stop then lurch in an attempt to catch up. I joked with colleagues that it was a *nix VESA desktop emulation mode.

Safari and Vivaldi didn’t have the same issue, which thankfully ruled out a hardware.

Firefox icon

I’m pleased to report now that the issue is gone as of Firefox 82. Either that, or an extension I use also updated in the interim. Either way, I’m unreasonably happy.

I used to use Phoenix/Firebird/Firefox back in the day to push against IE. Now the few of us still using it are at it again, only we use it to push against Chrome hegemony. Please use it; it’s a great browser and especially quick since the Quantum update. We need its user agent in server logs to show the world there’s still value in cross-browser testing and development. We’re already starting to see Chrome-only sites again, presumably written by people who either weren’t alive or don’t remember the lessons of the first browser wars.

Special thanks to these fine contributors for maintaining the Homebrew Cask for Firefox, the FreeBSD Gecko team, and ryoon for pkgsrc. A lot of work goes into people like me being able to install Firefox on our various platforms with a single command.

This post originally appeared on Rubenerd.

DragonFly BSD Digest In Other BSDs for 2020/10/24

It’s apparently release week?

October 21, 2020

NetBSD Blog NetBSD 9.1 released

After a small delay*, the NetBSD Project is pleased to announce NetBSD 9.1, the first feature and stability maintenance release of the netbsd-9 stable branch.

The new release features (among various other changes) many bug fixes, a few performance enhancements, stability improvements for ZFS and LFS and support for USB security keys in a mode easily usable in Firefox and other applications.

For more details and instructions see the 9.1 announcement.

Get NetBSD 9.1 from our CDN (provided by fastly) or one of the ftp mirrors.

Complete source and binaries for NetBSD are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at

* for the delay: let us say there was a minor hickup and we took the opportunity to provide up to date timezone files for NetBSD users in Fiji.

October 20, 2020

The NetBSD Foundation NetBSD 9.1 released

October 19, 2020

NetBSD Blog Google Summer of Code 2020: [Final Report] Enhancing Syzkaller support for NetBSD
This report was written by Ayushu Sharma as part of Google Summer of Code 2020.

This post is a follow up of the first report and second report. Post summarizes the work done during the third and final coding period for the Google Summer of Code (GSoc’20) project - Enhance Syzkaller support for NetBSD


Sys2syz would give an extra edge to Syzkaller for NetBSD. It has a potential of efficiently automating the conversion of syscall definitions to syzkaller’s grammar. This can aid in increasing the number of syscalls covered by Syzkaller significantly with the minimum possibility of manual errors. Let’s delve into its internals.

A peek into Syz2syz Internals

This tool parses the source code of device drivers present in C to a format which is compatible with grammar customized for syzkaller. Here, we try to cull the details of the target device by compiling, and then collocate the details with our python code. For further details about proposed design for the tool, refer to previous post.

Python code follows 4 major steps:


This step involves fetching the possible ioctl commands for the target device driver and getting the files which have to be included in our dev_target.txt file. We have already seen all the commands for device drivers are defined in a specific way. These commands defined in the header files need to be grepped along with the major details, regex comes in as a rescue for this

	io = re.compile("#define\s+(.*)\s+_IO\((.*)\).*")
	iow = re.compile("#define\s+(.*)\s+_IOW\((.*),\s+(.*),\s+(.*)\).*")
	ior = re.compile("#define\s+(.*)\s+_IOR\((.*),\s+(.*),\s+(.*)\).*")
	iowr = re.compile("#define\s+(.*)\s+_IOWR\((.*),\s+(.*),\s+(.*)\).*")

Code scans through all the header files present in the target device folder and extracts all the commands along with their details using compiled regex expressions. Details include the direction of buffer(null, in, out, inout) based on the types of Ioctl calls(_IO, _IOR, _IOW, _IOWR) and the argument of the call. These are stored in a file named ioctl_commands.txt at location out/&lttarget_name&gt. Example output:

out, I2C_IOCTL_EXEC, i2c_ioctl_exec_t


Preprocessing is required for getting XML files, about which we would look in the next step. Bear plays a major role when it comes to preprocessing C files. It records the commands executed for building the target device driver. This step is performed when script is executed.

Extracted commands are modified with the help of parse_commands() function to include ‘-E’ and ‘-fdirectives’ flags and give it a new output location. Commands extracted by this function are then used by the compile_target function which filters out the unnecessary flags and generates preprocessed files in our output directory.

Generating XML files

Run C2xml on the preprocessed files to fetch XML files which stores source code in a tree-like structure, making it easier to collect all the information related to each and every element of structures, unions etc. For eg:

	&ltsymbol type="struct" id="_5970" file="am2315.i" start-line="13240" start-col="16" end-line="13244" end-col="11" bit-size="96" alignment="4" offset="0">
		&ltsymbol type="node" id="_5971" ident="ipending" file="am2315.i" start-line="13241" start-col="33" end-line="13241" end-col="41" bit-size="32" alignment="4" offset="0" base-type-builtin="unsigned int"/<
		&ltsymbol type="node" id="_5972" ident="ilevel" file="am2315.i" start-line="13242" start-col="33" end-line="13242" end-col="39" bit-size="32" alignment="4" offset="4" base-type-builtin="int"/>
		&ltsymbol type="node" id="_5973" ident="imasked" file="am2315.i" start-line="13243" start-col="33" end-line="13243" end-col="40" bit-size="32" alignment="4" offset="8" base-type-builtin="unsigned int"/>
	&ltsymbol type="pointer" id="_5976" file="am2315.i" start-line="13249" start-col="14" end-line="13249" end-col="25" bit-size="64" alignment="8" offset="0" base-type-builtin="void"/>
	&ltsymbol type="array" id="_5978" file="am2315.i" start-line="13250" start-col="33" end-line="13250" end-col="39" bit-size="288" alignment="4" offset="0" base-type-builtin="unsigned int" array-size="9"/>

We would further see how attributes like - idents, id, type, base-type-builtin etc conveniently helps us to analyze code and generate descriptions in a trouble-free manner .

Final part, which offers a txt file storing all the required descriptions as its output. Here, information from the xml files and ioctl_commands.txt are combined together to generate descriptions of ioctl commands and their arguments.

Xml files for the given target device are parsed to form trees,

for file in (os.listdir(
	tree = ET.parse(

We then traverse through these trees to search for the arguments of a particular ioctl command (particularly _IOR, _IOW, _IOWR commands) by the name of the argument. Once an element with the same value for ident attribute is found, attributes of the element are further examined to get its type. Possible types for these arguments are - struct, union, enum, function, array, pointer, macro and node. Using the type information we determine the way to define the element in accordance with syzkaller’s grammar syntax.

Building structs and unions involves defining their elements too, XML makes it easier. Program analyses each and every element which is a child of the root (struct/union) and generates its definitions. A dictionary helps in tracking the structs/unions which have been already built. Later, the dictionary is used to pretty print all the structs and union in the output file. Here is a code snippet which depicts the approach

            name = child.get("ident")
            if name not in self.structs_and_unions.keys():
                elements = {}
                for element in child:
                    elem_type = self.get_type(element)
                    elem_ident = element.get("ident")
                    if elem_type == None:
                        elem_type = element.get("type") 
                    elements[element.get("ident")] = elem_type

                element_str = ""
                for element in elements: 
                    element_str += element + "\t" + elements[element] + "\n"
                self.structs_and_unions[name] = " {\n" + element_str + "}\n"
            return str(name)

Task of creating descriptions for arrays is made simpler due to the attribute - `array-size`. When it comes to dealing with pointers, syzkaller needs the user to fill in the direction of the pointer. This has already been taken care of while analyzing the ioctl commands in The second argument with in/out/inout as its possible value depends on ‘fun’ macros - _IOR, _IOW, _IOWR respectively.

There is another category named as nodes which can be distinguished using the base-type-builtin and base-type attributes.


Once the setup script for sys2syz is executed, sys2syz can be used for a certain target_device file by executing the python wrapper script ( with :

python -t &ltabsolute_path_to_device_driver_source> -c compile_commands.json -v

This would generate a dev_&ltdevice_driver&gt.txt file in the out directory. An example description file autogenerated by sys2syz for i2c device driver.

#Autogenerated by sys2syz

resource fd_i2c[fd]

syz_open_dev$I2C(dev ptr[in, string["/dev/i2c"]], id intptr, flags flags[open_flags]) fd_i2c

ioctl$I2C_IOCTL_EXEC(fd fd_i2c, cmd const[I2C_IOCTL_EXEC], arg ptr[out, i2c_ioctl_exec])

i2c_ioctl_exec {
iie_op	flags[i2c_op_t_flags]
iie_addr	int16
iie_buflen	len[iie_buf, intptr]
iie_buf	buffer[out]
iie_cmdlen	len[iie_cmd, intptr]
iie_cmd	buffer[out]

Future Work

Though we have a basic working structure of this tool, yet a lot has to be worked upon for leveling it up to make the best of it. Perfect goals would be met when there would be least of manual labor needed. Sys2syz still looks forward to automating the detection of macros used by the flag types in syzkaller. List of to-dos also includes extending syzkaller’s support for generation of description of syscalls.

Some other yet-to-be-done tasks include-


We have surely reached closer to our goals but the project needs active involvement and incremental updates to scale it up to its full potential. Looking forward to much more learning and making more contribution to NetBSD community.

Atlast, a word of thanks to my mentors William Coldwell, Siddharth Muralee, Santhosh Raju and Kamil Rytarowski as well as the NetBSD organization for being extremely supportive. Also, I owe a big thanks to Google for giving me such a glaring opportunity to work on this project.

October 17, 2020

DragonFly BSD Digest In Other BSDs for 2020/10/17

This list of links runs in the same order of the BSD RSS feeds in my reader.  What a coincidence!

Unix Stack Exchange Does *BSD have the ability to encrypt a system partition with full disk encryption?

Does FreeBSD, NetBSD, or OpenBSD have an encryption feature like Linux's dm-crypt? And will it work for a system partition?

October 13, 2020

The NetBSD Foundation New Security Advisory: NetBSD-SA2020-003

October 09, 2020

The NetBSD Foundation pkgsrc-2020Q3 released

October 07, 2020

NetBSD Blog The GNU GDB Debugger and NetBSD (Part 5)
The NetBSD developers maintain two copies of GDB:

The base-system version of GDB (GPLv3) still relies on local patching to work. I have set a goal to reduce the number of custom patches to bare minimum, ideally achieving the state of GDB working without any local modifications at all.

GDB changes

Last month, the NetBSD/amd64 support was merged into gdbserver. This month, the gdbserver target support was extended to NetBSD/i386 and NetBSD/aarch64. The gdbserver and gdb code was cleaned up, refactored and made capable of introducing even more NetBSD targets.

Meanwhile, the NetBSD/i386 build of GDB was fixed. The missing include of x86-bsd-nat.h as a common header was added to i386-bsd-nat.h. The i386 GDB code for BSD contained a runtime assert that verified whether the locally hardcoded struct sigcontext is compatible with the system headers. In reality, the system headers are no longer using this structure since 2003, after the switch to ucontext_t, and the validating code was no longer effective. After the switch to newer GCC, this was reported as a unused local variable by the compiler. I have decided to remove the check on NetBSD entirely. This was followed up by a small build fix.

The NetBSD team has noticed that the GDB's code contains a portability bug and prepared a local fix. The traditional behavior of the BSD kernel is that passing random values of sun_len (part of sockaddr_un) can cause failures. In order to prevent the problems, the sockaddr_un structure is now zeroed before use. I've reimplemented the fix and successfully upstreamed it.

In order to easily resolve the issue with environment hardening enforced by PaX MPROTECT, I've introduced a runtime warning whenever byte transfers betweeen the debugee and debugger occur with the EACCES errno code.

binutils changes

I've added support for NetBSD/aarch64 upstream, in GNU BFD and GNU GAS. NetBSD still carries local patches for the GNU binutils components, and GNU ld does not build out of the box on NetBSD/aarch64.


The NetBSD support in GNU binutils and GDB is improving promptly, and the most popular platforms of amd64, i386 and aarch64 are getting proper support out of the box, without downstream patches. The remaining patches for these CPUs include: streamlining kgdb support, adding native GDB support for aarch64, upstreaming local modifications from the GNU binutils components (especially BFD and ld) and introducing portability enhancements in the dependent projects like libiberty and gnulib. Then, the remaining work is to streamline support for the remaining CPUs (Alpha, VAX, MIPS, HPPA, IA64, SH3, PPC, etc.), to develop the missing generic features (such as listing open file descriptors for the specified process) and to fix failures in the regression test-suite.

October 01, 2020

The NetBSD Foundation New Developer in September 2020

September 30, 2020

OS News Wayland on NetBSD – trials and tribulations

Related to yesterday’s post about NetBSD switching to ctwm:

After I posted about the new default window manager in NetBSD I got a few questions, including “when is NetBSD switching from X11 to Wayland?”, Wayland being X11’s “new” rival. In this blog post, hopefully I can explain why we aren’t yet!

The short answer? Wayland is too Linux-specific to be easily ported or adapted to NetBSD, so don’t expect it any time soon.

September 29, 2020

Stack Overflow Trouble compiling ncurses-st-menu for BSD

I found a package on github ( and am having trouble compile it for BSD platforms like NetBSD or OpenBSD. The instructions say to do ./, ./configure, and then make. So I install the autoconf, autotools, libtool, gettext, and any other necessary packages and run ./ It works without spitting out any errors. But ./configure says it doesn't support "OS x86_64-unknown-netbsd9.0" if for example on NetBSD. Can someone else try to compile this program? Because if this was done by autotools, it certainly should support any of the four major BSD operating systems.

Unix Stack Exchange Is NetBSD 'primes' utility or equivalent available in any package on MacOS?

Is the NetBSD primes utility (or equivalent) available on MacOS in any package, other than via manual download-and-compile (e.g. curl)? I searched quite a lot and couldn't find any package (other than the NetBSD CVS source).

(NetBSD primes is not a prime-sieve to find large/as-yet-unknown primes, just a simple command-line utility which tells you which integers are prime (or composite) in a given (64b) range).

(Unlike Gnu factor which is available via package coreutils "Finding Prime Numbers - “factor” command not found on MacOS", "Is there a practical use for the GNU factor command?")

Note: this question does not belong on AskDifferent since there is no brew/macports package.

Unix Stack Exchange How to use 'pkg_add -uu' to upgrade all packages?

According to NetBSD's wiki I can use pkg_add -uu to upgrade packages. However, when I attempt to use pkg_add -uu it results in an error.

pkg_add -uu
pkg_add: missing package name(s)

pkg_add -uu *
pkg_add: no pkg found for `*`, sorry

pkg_add -uu all
pkg_add: no pkg found for `all`, sorry

I've tried to parse the pkg_add man page but I can't tell what the command it to update everything.

I can't use pkg_chk because its not installed, and I can't get the package system to install it:

pkg_chk -b
pkg_chk: command not found

pkg_add pkg_chk
pkg_add: no pkg found for `pkg_chk`, sorry

What is the secret command to get the OS to update everything?

September 28, 2020

OS News Default window manager switched to CTWM in NetBSD-current

For more than 20 years, NetBSD has shipped X11 with the “classic” default window manager of twm. However, it’s been showing its age for a long time now.

In 2015, ctwm was imported, but after that no progress was made. ctwm is a fork of twm with some extra features – the primary advantages are that it’s still incredibly lightweight, but highly configurable, and has support for virtual desktops, as well as a NetBSD-compatible license and ongoing development. Thanks to its configuration options, we can provide a default experience that’s much more usable to people experienced with other operating systems.

The ctwm website has more information for those interested.

Ruben Schade OpenSSH 8.4 released

OpenSSH 8.4 was released yesterday. It includes several signifigant changes for FIDO/U2F authentication, some of which are listed as potentially-incompatible, but are still great to see. Other things that caught my eye:

scp(1), sftp(1): allow the -A flag to explicitly enable agentforwarding in scp and sftp. The default remains to not forward anagent, even when ssh_config enables it.

sshd(8): allow sshd_config longer than 256k

And I’m always pleased to see NetBSD portability notes:

sshd(8): support NetBSD’s utmpx.ut_ss address field. bz#960

This exquisitely-maintained software powers so much of the Internet. It got me thinking that for all my talk about donations, I should put my money where my mouth is and donate to the OpenBSD Foundation. Even if you’ve never heard of OpenSSH, you’ve also benefited from it.

This post originally appeared on Rubenerd.

NetBSD Blog Wayland on NetBSD - trials and tribulations

After I posted about the new default window manager in NetBSD I got a few questions, including "when is NetBSD switching from X11 to Wayland?", Wayland being X11's "new" rival. In this blog post, hopefully I can explain why we aren't yet!

Last year (and early this year) I was responsible for porting the first working Wayland compositor to NetBSD - swc. I chose it because it looked small and hackable. You can try it out by installing the velox window manager from pkgsrc.

A Wayland compositor running on my NetBSD laptop, with a few applications like Luakit and Dungeon Crawl Stone Soup open.


In a Wayland system, the "compositor" (display server) is responsible for managing displays, input, and window management. Generally, this means a lot of OS-specific code is contained there.

Wayland does not define protocols for features X11 users expect, like screenshots, screen locking, or window management. Either you implement these inside the compositor (lots of work that has to be redone), or you define your own protocol extension.

The Wayland "reference implementation" is a small set of libraries that can be used to build a compositor or a client application. These libraries currently have hard dependencies on Linux kernel APIs like epoll. In pkgsrc we've patched the libraries to add kqueue(2) support, but the patches haven't been accepted upstream. Wayland is written with the assumption of Linux to the extent that every client application tends to #include <linux/input.h> because Wayland's designers didn't see the need to define a OS-neutral way to get mouse button IDs.

So far, all Wayland compositors but swc have a hard dependency on libinput, which only supports Linux's input API (also cloned in FreeBSD). In NetBSD we have an entirely different input API - wscons(4). wscons is actually fairly simple to write code for, someone just needs to go out there and do it. You can use my code in swc as a reference. :)

In general, Wayland is moving away from the modularity, portability, and standardization of the X server.

Is it ready for production?

No, but you can play with it.

Task list

I've decided to take a break from this, since it's a fairly huge undertaking and uphill battle. Right now, X11 combined with a compositor like picom or xcompmgr is the more mature option.

NetBSD Blog Default window manager switched to CTWM in NetBSD-current

For more than 20 years, NetBSD has shipped X11 with the "classic" default window manager of twm. However, it's been showing its age for a long time now.

In 2015, ctwm was imported, but after that no progress was made. ctwm is a fork of twm with some extra features - the primary advantages are that it's still incredibly lightweight, but highly configurable, and has support for virtual desktops, as well as a NetBSD-compatible license and ongoing development. Thanks to its configuration options, we can provide a default experience that's much more usable to people experienced with other operating systems.

Recently, I've been installing NetBSD with some people in real life and was inspired by their reactions to the default twm to improve the situation, so I played with ctwm, wrote a config, and used it myself for a week. It's now the default in NetBSD-current.

We gain some nice features like an auto-generated application menu (that will fill up as packages are installed to /usr/pkg), and a range of useful keyboard shortcuts including volume controls - the default config should be fully usable without a mouse. It should also work at a range of screen resolutions. We can add HiDPI support after some larger bitmap fonts are imported - another advantage of ctwm is that we can support very slow and very fast hardware with one config.

If you're curious about ctwm, check out the ctwm website. It's also included in previous NetBSD releases, though not as the default window manager and not with this config.

September 21, 2020

NetBSD Package System (pkgsrc) on DaemonForums samba problem
hi guys ,i need some favour,i install and config samba follow "",
it show " protocol negotiation failed: NT_STATUS_IO_TIMEOUT" when i run "smbclient -Usamba -L localhost" i dont konw what i miss?thanks

and this my step and config file
pkgin install samba
cp /usr/pkg/share/examples/rc.d/smbd /etc/rc.d/
cp /usr/pkg/share/examples/rc.d/nmbd /etc/rc.d/
cp /usr/pkg/share/examples/rc.d/samba /etc/rc.d/
and in /etc/rc.conf
follow is my /usr/pkg/etc/samba/smb.conf

# smbclient -L localhost
protocol negotiation failed: NT_STATUS_IO_TIMEOUT
# vim /usr/pkg/etc/samba/smb.conf
# cat  /usr/pkg/etc/samba/smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#======================= Global Settings =====================================

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
  workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
  server string = Samba Server

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
#  server role = standalone server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
  hosts allow = 192.168.31.

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
  log file = /var/log/log.%m

# Put a capping on the size of the log files (in Kb).
  max log size = 50

# Specifies the Kerberos or Active Directory realm the host is part of
;  realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;  passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#      this line.  The included file is read at that point.
;  include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;  interfaces =

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;  logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;  wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#      Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;  wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;  wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
  dns proxy = no

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g

#============================ Share Definitions ==============================
  comment = Home Directories
  browseable = no
  writable = yes

comment = Shared
path = /home/zero/work
browseable = yes
writable = yes
guest ok = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;  comment = Network Logon Service
;  path = /usr/local/samba/lib/netlogon
;  guest ok = yes
;  writable = no
;  share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
  comment = All Printers
  path = /usr/spool/samba
  browseable = no
# Set public = yes to allow user 'guest account' to print
  guest ok = no
  writable = yes
  printable = yes

# This one is useful for people to share files
;  comment = Temporary file space
;  path = /tmp
;  read only = no
;  public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;  comment = Public Stuff
;  path = /home/samba
;  public = yes
;  writable = no
;  printable = no
;  write list = @staff

# Other examples.
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;  comment = Fred's Printer
;  valid users = fred
;  path = /homes/fred
;  printer = freds_printer
;  public = no
;  writable = no
;  printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;  comment = Fred's Service
;  path = /usr/somewhere/private
;  valid users = fred
;  public = no
;  writable = yes
;  printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;  path = /usr/somewhere/else/public
;  public = yes
;  only guest = yes
;  writable = yes
;  printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;  comment = Mary's and Fred's stuff
;  path = /usr/somewhere/shared
;  valid users = mary fred
;  public = no
;  writable = yes
;  printable = no
;  create mask = 0765

September 19, 2020

NetBSD General on DaemonForums New Shared Lib on i386

NetBSD i386 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020

I have my own personal shared library, which complies and installs fine. When I compile programs that link against that library, the compile succeeds.

But when I attempt to run one of the programs I get:


/usr/local/lib/ text relocations
/usr/local/lib/ Cannot write-enable text segment: Permission denied
I even tried a reboot without luck.

I did many searches but all I found was issues compiling mplayer and to use, but nothing else. I read is no longer needed and man pages has nothing I can find.

Does anyone know what I can do to fix this issue ?

edit: no luck with "-Wl,-R/usr/local/lib" as noted in the elf FAQ


September 17, 2020

NetBSD General on DaemonForums Howto power off usb devices
Under FreeBSD, I can power off a usb device with usbconfig's "power_off" option. How can I do that under NetBSD?


# usbstats
Controller /dev/usb0:
      1069 control
        0 isochronous
 154806725 bulk
  8954336 interrupt
Controller /dev/usb1:
      375 control
        0 isochronous
  33390421 bulk
        2 interrupt

# usbdevs
addr 1: EHCI root hub, NetBSD
 addr 2: Rate Matching Hub, Intel
  addr 5: External USB 3.0, Toshiba
  addr 3: USB Optical Mouse, Primax Electronics
  addr 4: Kensington U+P Keyboard, NOVATEK
addr 1: EHCI root hub, NetBSD
 addr 2: Rate Matching Hub, Intel
  addr 3: USB2.0-CRW, Generic

I want to power off (and later on) External USB 3.0, Toshiba, which I believe is at usb0, addr 5.

September 15, 2020

Server Fault Non-standard IP address with dashes

I ran the who command on a shared NetBSD box, and this weird user IP came up:

<redacted> pts/33   May 13 02:13  (XXX.XXX.XXX.XXX)
<redacted> pts/35   May 12 20:59  (202-172-110-147-)
<redacted> pts/36   May  6 20:36  (XXX.XXX.XXX.XXX)

I've never seen an IP like that. Obviously, ping 202-172-110-147- will complain with "Cannot resolve ... (Unknown host)".

There was a similar question posted 7 years ago, which posited that it was a non-standard way of denoting IP ranges, but seeing there's a - at the end of the address, it doesn't seem like a similar thing.


I've tried reverse DNS with nslookup 202-172-110-147-, which errors with "** server can't find 202-172-110-147-: NXDOMAIN"

Doing w <user> returns:

9:49AM  up 89 days,  7:46, 1 user, load averages: 0.23, 0.18, 0.17
USER          TTY     FROM              [email protected]  IDLE WHAT
<redacted>    pts/35  202-172-110-147- Tue08PM  4:13

Edit 2: This is on NetBSD, not Linux like I mentioned at the beginning (I thought the box was Linux):

$ uname -rsv
NetBSD 8.1 NetBSD 8.1 (GENERIC) #0: Fri May 31 08:43:59 UTC 2019  [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC

Edit 3: Following @NStorm update, I ran w -n to display network addresses as numbers. I still see the same result

$ w -n <user>
 9:57AM  up 89 days,  7:54, 1 user, load averages: 0.12, 0.12, 0.14
USER          TTY     FROM              [email protected]  IDLE WHAT
<redacted>    pts/35  202-172-110-147- Tue08PM  4:22

September 14, 2020

Ruben Schade Feedback on my Mr Orange post

Good morning! My post about Mr Orange generated the most email feedback I’ve had since my encrypted-ZFS on NetBSD post, all of it negative. I can only assume someone shared it among Orange supporters.

I’d publish each message in full, but they’re all just a little too tragic. One of the more civil gentleman—though we’re coming from a low baseline here—attempted to debunk everything I said, but the substance of each quote was that:

It spoke to the internal machinations and mental gymnastics of someone desperate to absolve their leader of culpability. All the facts cited were wrong, and only served to reinforce my original thought that his supporters have absolutely no idea how the rest of the world perceives them. This kind of transparent projection and self-ownage isn’t unique to their flavour of politics, but it does attract a disproportionate amount of it.

I do feel a responsibility to reach these people. Each Orange supporter has their reasons, and they have the same family, job security and other worries we all do. Perhaps even moreso, which is why they’re so motivated to accept any convenient excuse for why the man they support continues to brazenly abuse them. But when you’re coming from a place of bad faith to start, I have no motivation to engage with you.

And that’s the problem. We could have a reasonable discussion if we were coming from a place of honesty. When the Dear Leader regularly lies, and people like Scott Adams say it’s a political tactic, we have no basis upon which to even start. Facts are sacrosanct, just as so many far-right people ironically state on their Twitter profiles. He didn’t have the biggest turnout at his inauguration. He didn’t get Mexico to pay for his wall. America isn’t doing the best at dealing with COVID. Wind turbines don’t cause cancer. He didn’t get Kim Jong Un to do anything. We can debate the finer points of his other policies, but if people can’t even admit to these, they’re being just as dishonest as him.

(I also see this playing out to a lesser extent with Scott Morrison in Australia, who has made no secret of his admiration for the American knob-in-chief).

Thanks for taking the time to respond everyone, but your tactics to win over another supporter in your “culture war” have backfired. And unlike so many of you who still cling to him because he’s “owning lefties”, I take no pleasure whatsoever in pointing that out. The sooner they realise they’re transparently doing the work of our common enemies better than anyone else, the sooner we can begin to rebuild what we’ve all lost. Because being an outspoken friend of America has been hard these last few years.

This post originally appeared on Rubenerd.

September 13, 2020

Ruben Schade Forgetting to set UTF normalisation on a ZFS pool

Clara and I were getting some bizarre behavior while accessing a new FreeBSD pool over Netatalk and Samba. A subset of files with CJK names were showing up in the macOS Finder as expected, but would error out with file not found if you tried to open them.

We store a lot of files in Japanese and Korean, especially music and holiday photo directories with place names, so I’ve always been careful about using UTF-8 globally. I confirmed I had this in my /etc/login.conf:


(NOTE: I’ve read this isn’t advisable because it can break ports that weren’t designed for UTF-8. I’ve never had that issue, but it’s something to keep in mind. I’d also be worried if software in 2020 still had that limitation, but that’s a topic for another post).

Then I confirmed the ZFS pool was set up for UTF-8:

# zfs get utf8only pool==> NAME  PROPERTY  VALUE  SOURCE==> zten  utf8only  on     -

So what was going on?

# zfs get normalization pool==> NAME  PROPERTY       VALUE  SOURCE==> zten  normalization  none   -


Normalisation is a field of information science that fills entire textbooks, but in a nutshell ZFS uses it to reconcile filenames. This is especially important in UTF-8 where characters from disparate languages may appear superficially the same, such as Chinese-derived kanji in Japanese. How the filename is represented internally, and presented to the operator, can vary in unexpected ways.

Unfortunately, normalisation can’t be set after the filesystem is created. So this weekend I dropped one of the drives from my mirror, created a new pool with normalisation to transfer data back to, then resilvered the mirror back to full redundancy:

# zpool -O normalization=formD [...]

Now previously-inaccessible files can be opened.

This post originally appeared on Rubenerd.

September 08, 2020

Benny Siegert pkgsrc Developer Monotony
Somehow, my contributions to NetBSD and pkgsrc have become monotonous. Because I am busy with work, family and real life, the amount of time I can spend on open source is fairly limited, and I have two commitments that I try to fulfill: Member of pkgsrc-releng: I process most of the pull-ups to the stable quarterly branch. Maintainer of Go and its infrastructure. Unfortunately, these things are always kinda the same.

September 07, 2020

Frederic Cambus Playing with Kore JSON API

Kore 4.0.0 has been released a few days ago, and features a brand new JSON API allowing to easily parse and serialize JSON objects.

During the last couple of years, I have been using Kore for various projects, including exposing hardware sensor values over the network via very simple APIs. In this article, I would like to present a generalization of this concept and show how easy it is to expose system information with Kore.

This small API example allows to identify hosts over the network and has been tested on Linux, OpenBSD, NetBSD, and macOS (thanks Joris!).

After creating a new project:

kodev create identify

Populate src/identify.c with the following code snippet:

#include <sys/utsname.h>

#include <kore/kore.h>
#include <kore/http.h>

#if defined(__linux__)
#include <kore/seccomp.h>


int		page(struct http_request *);

page(struct http_request *req)
	char *answer;

	struct utsname u;

	struct kore_buf buf;
	struct kore_json_item *json;

	if (uname(&u) == -1) {
		http_response(req, HTTP_STATUS_INTERNAL_ERROR, NULL, 0);
		return (KORE_RESULT_OK);

	kore_buf_init(&buf, 1024);
	json = kore_json_create_object(NULL, NULL);

	kore_json_create_string(json, "system", u.sysname);
	kore_json_create_string(json, "hostname", u.nodename);
	kore_json_create_string(json, "release", u.release);
	kore_json_create_string(json, "version", u.version);
	kore_json_create_string(json, "machine", u.machine);

	kore_json_item_tobuf(json, &buf);

	answer = kore_buf_stringify(&buf, NULL);
	http_response(req, 200, answer, strlen(answer));


	return (KORE_RESULT_OK);

And finally launch the project:

kodev run

The kodev tool will build and run the project, and we can now query the API to identify hosts:

  "system": "OpenBSD",
  "hostname": "",
  "release": "6.8",
  "version": "GENERIC.MP#56",
  "machine": "amd64"

September 02, 2020

NetBSD General on DaemonForums restart network
I ran the command

# ifconfig mue0 down
to take the computer offline, but how do I now bring it back up?
When I try

# ifconfig mue0 up
I get

exec_matches: No buffer space available

What is the NetBSD equivalent of the FreeBSD command

# /etc/rc.d/netif restart
or OpenBSD equivalent

# /etc/netstart
I want to be able to restart all network services

August 31, 2020

Frederic Cambus Modernizing the OpenBSD console

At the beginning were text mode consoles. Traditionally, *BSD and Linux on i386 and amd64 used text mode consoles which by default provided 25 rows of 80 columns, the "80x25 mode". This mode uses a 8x16 font stored in the VGA BIOS (which can be slightly different across vendors).

OpenBSD uses the wscons(4) console framework, inherited from NetBSD.

CRT monitors allowed to set the resolution you wanted, so on bigger monitors a 80x25 console in textmode was fairly large but not blurry.

Framebuffer consoles allowed taking advantage of larger monitor sizes, to fit more columns and row. With the switch to LCD monitors, also in part driven by the decreasing costs of laptops, the fixed size panels became a problem as the text mode resolution needed to be stretched, leading to distortion and blurriness.

One thing some people might not realize, is the huge discrepancy between text mode and framebuffer consoles regarding the amount of data you have to write to cover the whole screen. In text mode, we only need to write 2 bytes per character: 1 byte for the ASCII code, and 1 byte for attributes. So in 80x25 text mode, we only need to write 80 * 25 * 2 bytes of data, which is 4000 bytes, and the VGA card itself takes care of plotting characters to the screen. In framebuffer however, to fill a 4K UHD-1 (3840x2160) screen in 32bpp mode we need to send 3840 * 2160 * 4 bytes of data, which is 33177600 bytes (approximately 33 MB).

On framebuffer consoles, OpenBSD uses the rasops(9) subsystem (raster operations), imported from NetBSD in 2001.

While they had been used for a while on platforms without VGA cards, framebuffer consoles were only enabled on i386 and amd64 in 2013 for inteldrm(4) and radeondrm(4).

In recent years, rasops(9) itself and framebuffer drivers have seen some improvements:

General improvements:

Performance related improvements:

Console fonts improvements:

There is an article about Spleen in the OpenBSD Journal with more information, notably on the font selection mechanism relative to screen resolution.

And work slowly continues to make framebuffer consoles more usable.

It is interesting to note that while NetBSD has been adding a lot of features to rasops(9) over the years, OpenBSD has taken a more conservative approach. There is however one major feature that NetBSD currently has which would be beneficial: the capability for loading fonts of different metrics and subsequently resizing screens.

Looking forward, performance of various operations could likely still be improved, possibly by leveraging the new OpenBSD dynamic tracing mechanism to analyze bottlenecks.

Another open question is UTF-8 support, Miod Vallat started work in this direction back in 2013 but there are still a few things missing. I have plans to implement sparse font files support in the future, at least so one can take advantage of box drawing and possibly block elements characters.

Lastly, a major pain point has been the lack of larger fonts in RAMDISK kernels, making installations and upgrades very difficult and error-prone on large DPI monitors as the text is basically unreadable. There is no technical blocker to make this happen, which ironically makes it the most difficult kind of issue to tackle.

August 29, 2020

Nikita Gillmann GSoC 2020 Final Report - Report part 2

This report was prepared by Nikita Gillmann as a part of Google Summer of Code 2020

This is my second and final report for the Google Summer of Code project I am working on for NetBSD.

My code can be found at in the gsoc2020 branch, at the time of writing some of it is still missing. The test facilities and logs can be found in A diff can be found at github which will later be split into several patches before it is sent to QA for merging.

The initial and defined goal of this project was to make system(3) and popen(3) use posix_spawn(3) internally, which had been completed in June. For the second part I was given the task to replace fork+exec calls in our standard shell (sh) in one scenario. Similar to the previous goal we determine through implementation if the initial motivation, to get performance improvements, is correct otherwise we collect metrics for why posix_spawn() in this case should be avoided. This second part meant in practice that I had to add and change code in the kernel, add a new public libc function, and understand shell internals.

Summary of part 1

Prior work: In GSoC 2012 Charles Zhang added the posix_spawn syscall which according to its SF repository at the time (maybe even now, I have not looked very much into comparing all other systems and libcs + kernels) is an in-kernel implementation of posix_spawn which provides performance benefits compared to FreeBSD and other systems which had a userspace implementation (in 2012).

After 1 week of reading POSIX and writing code, 2 weeks of coding and another 1.5 weeks of bugfixes I have successfully implemented posix_spawn in usage in system(3) and popen(3) internally.

The biggest challenge for me was to understand POSIX, to read the standard. I am used to reading more formal books, but I can’t remember working with the posix standard directly before.


system(3) was changed to use posixspawnattr (where we used sigaction before) and posix_spawn (which replaced execve + vfork calls).

popen(3) and popenve(3)

Since the popen and popenve implementation in NetBSD’s libc use a couple of shared helper functions, I was able to change both functions while keeping the majority of the changes focused on (some of ) the helper functions (pdes_child).

pdes_child, an internal function in popen.c, now takes one more argument (const char *cmd) for the command to pass to posix_spawn which is called in pdes_child.

On a high level what happens in pdes_child() and popen is that we first lock the pidlist_mutex. Then we create a file file action list for all concurrent popen() / popenve() instances and the side of the pipe not necessary, and the move to stdin/stdout. We unlock the pidlist_mutex. Finally we return the list and destroy.

In the new version of this helper function which now handles the majority of what popen/popenve did, we have to initialize a file_actions object which by default contains no file actions for posix_spawn() to perform. Since we have to have error handling and a common return value for the functions calling pdes_child() and deconstruction, we make use of goto in some parts of this function.

The close() and dup2() actions now get replaced by corresponding file_actions syscalls, they are used to specify a series of actions to be performed by a posix_spawn operation.

After this series of actions, we call _readlockenv(), and call posix_spawn with the file_action object and the other arguments to be executed. If it succeeds, we return the pid of the child to popen, otherwise we return -1, in both cases we destroy the file_action object before we proceed.

In popen and popenve our code has been reduced to just the ‘pid == -1’ branch, everything else happens in pdes_child() now.

After readlockenv we call pdes_child and pass it the command to execute in the posix_spawn’d child process; if pdes_child returns -1 we run the old error handling code. Likewise for popenve.

The outcome of the first part is, that thanks to how we implement posix_spawn in NetBSD we reduced the syscalls being made for popen and system. A full test with proper timing should indicate this, my reading was based on comparing old and new logs with ktrace and kdump.

sh, posix_spawn actions, libc and kernel - Part 2


The main goal of part 2 of this project was to change sh(1) to determine which simple cases of (v)fork + exec I could replace, and to replace them with posix_spawn where it makes sense.

fork needs to create a new address space by cloning the address space, or in the case of vfork update at least some reference counts. posix_spawn can avoid most of this as it creates the new address space from scratch.


The current posix_spawn as defined in POSIX has no good way to do tcsetpgrp, and we found that fish just avoids posix_spawn for foreground processes.


Since, roughly speaking, modern BSDs handle “#!” execution in the kernel (probably since before the 1990s, systems which didn’t handle this started to disappear most likely in the mid to late 90s), our main concern so far was in the evalcmd function the default cmd switch case (‘NORMALCMD’).

After adjusting the function to use posix_spawn, I hit an issue in the execution of the curses application htop where htop would run but input would not be accepted properly (keysequences pressed are visible). In pre-posix_spawn sh, every subprocess that sh (v)forked runs forkchild() to set up the subprocess’s environment. With posix_spawn, we need to arrange posix_spawn actions to do the same thing.

The intermediate resolution was to switch FORK_FG processes to fork+exec again. For foreground processes with job control we’re in an interactive shell, so the performance benefit is small enough in this case to be negligible. It’s really only for shell scripts that it matters.

Next I implemented a posix_spawn file_action, with the prototype

int posix_spawn_file_actions_addtcsetpgrp(posix_spawn_file_actions_t *fa, int fildes)

The kernel part of this was implemented inline in sys/kern/kern_exec.c, in the function handle_posix_spawn_file_actions() for the new case ‘FAE_TCSETPGRP’.

The new version of the code is still in testing and debugging phase and at the time of writing not included in my repository (it will be published after Google Summer of Code when I’m done moving).

Future steps

posix_spawnp kernel implementation

According to a conversation with [email protected], the posix_spawnp() implementation we have is just itterating over $PATH calling posix_spawn until it succeeds. For some changes we might want a kernel implementation of posix_spawnp(), as the path search is supposed to happen in the kernel so the file actions are only ever run once:

some of the file actions may be "execute once only",
they can't be repeated (eg: handling "set -C; cat foo >file" - file
can only be created once, that has to happen before the exec (as the fd
needs to be made stdout), and then the exec part of posix_spawn is
attempted - if that fails, when it can't find "cat" in $HOME/bin (or
whatever is first in $PATH) and we move along to the next entry (maybe /bin
doesn't really matter) then the repeated file action fails, as file now
exists, and "set -C" demands that we cannot open an already existing file
(noclobber mode).   It would be nice for this if there were "clean up on
failure" actions, but that is likely to be very difficult to get right,
and each would need to be attached to a file action, so only those which
had been performed would result in cleanup attempts.

Replacing all of fork+exec in sh

Ideally we could replace all of (v)fork + exec with posix_spawn. According to my mentors there is pmap synchronisation as an impact of constructing the vm space from scratch with (v)fork. Less IPIs (inter-processor interrupts) matter for small processes too.


Future directions could involve a posix_spawn action for an arbitrary ioctl.


My thanks go to fellow NetBSD developers for answering questions, most recently [email protected] for sharing invaluable sh knowledge, Riastradh and Jörg as the mentors I’ve interacted with most of the time and for their often in-depth explanations as well as allowing me to ask questions I sometimes felt were too obvious. My friends, for sticking up with my “weird” working schedule. Lastly would like to thank the Google Summer of Code program for continuing through the ongoing pandemic and giving students the chance to work on projects full-time.

August 26, 2020

Julio Merino pkgdb belongs in libdata, not var
Right after discussing where rc.d should live, it’s time to tackle a different but related pet peeve of mine: the location of the installed packages database. For this, I’m going to focus on the system I know best, pkgsrc, which keeps its database under /var/db/pkg/ by default. I think this location is wrong and the database should move to /usr/pkg/libdata/pkgdb/. From a cursory look, it seems that FreeBSD’s and OpenBSD’s ports databases, as well as dpkg’s and rpm’s, are also affected by this “problem”—but I do not know enough about their internals to say with certainty.

August 24, 2020

Julio Merino rc.d belongs in libexec, not etc
Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration. This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.

August 14, 2020

NetBSD Package System (pkgsrc) on DaemonForums Samba : sh: /usr/bin/lex: not found
Hi everybody

I'm trying to install samba, like that :

[email protected] /usr/pkgsrc/net/samba # make install clean
But I've got this message :

sh: /usr/bin/lex: not found
ERROR: This package has set PKG_FAIL_REASON:
ERROR: samba-3.6.25nb23 requires a working dlopen().
*** Error code 1

Does anyone can help me ?
I found nothing.

Thank You
Guillaume ( NetBsd 9 amd64 Zsh )