Thursday, February 25, 2010
NetBSD hackathon results
Hackathon 13 Results
Update! I'm editing the text of this post because it makes me sound a lot more important than I was. :)
I managed to participate a little bit in the hackathon, replied to a few PR's trying to get some feedback/closure, so I'm pleased.
Thanks to HUGE efforts by hardcore developers, GNATs shows a really great result!
GNATS Bug Database Summary
State Count (before) Count (after)
open 4418 4322
analyzed 155 155
feedback 200 225
suspended 61 60
dead 6 11
closed 35081 35180
TOTAL 39921
Update! I'm editing the text of this post because it makes me sound a lot more important than I was. :)
I managed to participate a little bit in the hackathon, replied to a few PR's trying to get some feedback/closure, so I'm pleased.
Thanks to HUGE efforts by hardcore developers, GNATs shows a really great result!
GNATS Bug Database Summary
State Count (before) Count (after)
open 4418 4322
analyzed 155 155
feedback 200 225
suspended 61 60
dead 6 11
closed 35081 35180
TOTAL 39921
Labels: NetBSD
Friday, February 19, 2010
NetBSD hackathon now!
Quick!! Point your irc client at freenode (freenode irc servers) and join #netbsd-code for a weekend of interesting stuff.
IRC Link
IRC Link
Labels: NetBSD
Wednesday, February 3, 2010
One more NetBSD security advisory
Tuesday, February 2, 2010
NetBSD - hackathon + two security advisories
The 13th Hackathon February 19-22 2010,
come and join us on IRC channel #netbsd-code at FreeNode (irc.freenode.net).
OpenSSL TLS renegotiation man in the middle vulnerability <-- everyone
File system module autoloading Denial of Service attack <-- current-only
come and join us on IRC channel #netbsd-code at FreeNode (irc.freenode.net).
OpenSSL TLS renegotiation man in the middle vulnerability <-- everyone
File system module autoloading Denial of Service attack <-- current-only
Labels: NetBSD
Wednesday, January 27, 2010
NetBSD network tuning thread
The recent thread Why is my gigabit ethernet so slow? shows application of old recommendations found here. (NetBSD 2-era; also includes tips for freebsd, linux, and windows!)
This thread also shows NMBCLUSTERS cropping up again as the first part of solving a performance problem. I wonder why it isn't dynamicially tunable. It looks like freebsd can pass it on the boot options, at least.
This thread also shows NMBCLUSTERS cropping up again as the first part of solving a performance problem. I wonder why it isn't dynamicially tunable. It looks like freebsd can pass it on the boot options, at least.
Labels: NetBSD
Friday, January 22, 2010
NetBSD - still fun
the register says that 75% of linux coders get paid to work on linux. This reminds me of a study I wanted to see a few years ago of how much of linux was corporate sponsored development and, truly, not very much fun anymore.
Now, I only know of one NetBSD developer who definitely got paid to work, and I helped pay for it by donating! So remember when you're using NetBSD that it truly happened (and continues to do so) by miracles, charity, and general insanity which I find more appealing than cubicles. I'm in one of those all day anyway. :)
Now, I only know of one NetBSD developer who definitely got paid to work, and I helped pay for it by donating! So remember when you're using NetBSD that it truly happened (and continues to do so) by miracles, charity, and general insanity which I find more appealing than cubicles. I'm in one of those all day anyway. :)
Labels: NetBSD
Monday, January 18, 2010
NetBSD postfix to gmail relay
Over the weekend I decided to configure my NetBSD system to stop sending emails to the local mbox (where I never read them) and start sending emails correctly to the internet. I also wanted to do so using my gmail account. Most of my info came from here but it's a little verbose for my tastes. Basically I had to do the following:
build and install pkgsrc/mail/postfix
install (I used a binary) pkgsrc/security/cyrus-sasl
install (I used a binary) pkgsrc/security/cy2-plain-2.1.23
cp /usr/pkg/share/examples/rc.d/postfix /etc/rc.d/
modify /usr/pkg/etc/postfix/main.cf
add /usr/pkg/etc/postfix/tls_policy
add /usr/pkg/etc/postfix/sasl_passwd
/usr/pkg/sbin/postmap /usr/pkg/etc/postfix/tls_policy
/usr/pkg/sbin/postmap /usr/pkg/etc/postfix/sasl_passwd
/etc/rc.d/postfix start
Now test with mailx someone@something.com and watch the maillog. I do get a warning about not liking the thawt cert, so I may figure out how to import it, but other tutorials all talked about needing your own CA and other insanity. I would hope the MUST in tls_policy insured that I was using SSL. I'll tcpdump and see sometime, but for now this seems to be all that's needed.
(Can we get SASL in base? I know LDAP, kerberos, and NFSv4 would appreciate it)
UPDATE!
To fix the ssl cert warning, add the following package:
mozilla-rootcerts
then
cd /etc/openssl/certs
mozilla-rootcerts extract
mozilla-rootcerts rehash
And add the following to your main.cf:
smtp_tls_CApath = /etc/openssl/certs
- /etc/mk.conf
PKG_OPTIONS.postfix+= sasl
ACCEPTABLE_LICENSES+= postfix-license
relayhost = [smtp.gmail.com]:587
#use ssl/tls
smtp_use_tls = yes
smtp_tls_policy_maps = hash:/usr/pkg/etc/postfix/tls_policy
#Now add a username and password
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/pkg/etc/postfix/sasl_passwd
smtp_sasl_security_options=
smtp.gmail.com MUST
[smtp.gmail.com]:587 username@gmail.com:password
Now test with mailx someone@something.com and watch the maillog. I do get a warning about not liking the thawt cert, so I may figure out how to import it, but other tutorials all talked about needing your own CA and other insanity. I would hope the MUST in tls_policy insured that I was using SSL. I'll tcpdump and see sometime, but for now this seems to be all that's needed.
(Can we get SASL in base? I know LDAP, kerberos, and NFSv4 would appreciate it)
UPDATE!
To fix the ssl cert warning, add the following package:
mozilla-rootcerts
then
cd /etc/openssl/certs
mozilla-rootcerts extract
mozilla-rootcerts rehash
And add the following to your main.cf:
smtp_tls_CApath = /etc/openssl/certs
Labels: NetBSD
Friday, January 15, 2010
NetBSD on wikipedia
Call for improvement of NetBSD on wikipedia. If you have some free time feel free to improve the NetBSD articles on wikipedia. I've added the NetBSD template and some stubs that could use some example usage screenshots (netpgp for sure).
Improve everything linked here!
Improve everything linked here!
Labels: NetBSD
Thursday, December 31, 2009
NetBSD, MAC, etc
recently, Elad Efrat has been sending in a lot of patches to move closer to full integration with veriexec, secmodel, and apparently MAC as a whole.
I expect to see a lot of increased interest in kauth, secmodel, veriexec, and friends as some of these integrations efforts continue to work their way through the entire system. -current should be interesting for a while, at least. :)
I expect to see a lot of increased interest in kauth, secmodel, veriexec, and friends as some of these integrations efforts continue to work their way through the entire system. -current should be interesting for a while, at least. :)
Labels: NetBSD
Wednesday, December 9, 2009
Xen 4 and NetBSD
Some NetBSD patches have been approved upstream by Xen. This is a good thing for Xen 4 on NetBSD. :)
Xen 4.0 on NetBSD
Xen 4.0 on NetBSD
Labels: NetBSD
Tuesday, December 8, 2009
NetBSD terminfo and curses improved
Roy Marples has recently completed his work to make the NetBSD curses implementation more useful and compatible. So if you're a fan of NetBSD's games, vi, etc, check it out.
Labels: NetBSD
Friday, December 4, 2009
BSDCan 2010 announced - represent NetBSD
FYI- BSDCan 2010
If you're going to be in Canada, go to BSDCan. I went to NYCBSDCon and had a pretty good time meeting all kinds of people I see on mailing lists, irc, etc. (Hello, Christos, jlam, and Brian S.), listening to talks about various things, and having something to do when I go somewhere and travel.
Also if you're doing something interesting, give a talk! NetBSD does tons of amazing work that no one knows about. :)
If you're going to be in Canada, go to BSDCan. I went to NYCBSDCon and had a pretty good time meeting all kinds of people I see on mailing lists, irc, etc. (Hello, Christos, jlam, and Brian S.), listening to talks about various things, and having something to do when I go somewhere and travel.
Also if you're doing something interesting, give a talk! NetBSD does tons of amazing work that no one knows about. :)
Labels: NetBSD
Saturday, November 14, 2009
NetBSD defaulting to more security, then the normal amount, then back again!
HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386
Later on in the thread, however, it's revoked because of performance concerns.
UPDATE! Re-enabled!
Later on in the thread, however, it's revoked because of performance concerns.
UPDATE! Re-enabled!
Labels: NetBSD
Monday, November 9, 2009
NetBSD over git- call for collaboration
my git testing shows that the git server needs to be fast!
If anyone would like to retry what I did, please read the above-mentioned email and look at the commands after you checkout netbsd's src from git:
git clone http://ftp.netbsd.org/pub/NetBSD/misc/repositories/git/src
The NetBSD src tree is roughly four-times larger than the linux kernel and dragonflybsd, so it's definitely one of the larger projects to take on git. Let us know your findings.
If anyone would like to retry what I did, please read the above-mentioned email and look at the commands after you checkout netbsd's src from git:
git clone http://ftp.netbsd.org/pub/NetBSD/misc/repositories/git/src
The NetBSD src tree is roughly four-times larger than the linux kernel and dragonflybsd, so it's definitely one of the larger projects to take on git. Let us know your findings.
Labels: NetBSD
Saturday, October 17, 2009
NetBSD gets usb device access from userland
USB device support in userland: kernel usb device driver support in rump
This already works for usb storage devices, so let's try to get some sound cards, network devices, and input devices moved into userspace.
This already works for usb storage devices, so let's try to get some sound cards, network devices, and input devices moved into userspace.
Labels: NetBSD
Friday, August 28, 2009
NetBSD developer David Maxwell to defend the BSD license
Saturday, July 18, 2009
pkgsrc addition - collectd
Today I committed collectd to pkgsrc-wip. This is significant because it's the first thing I've ever committed to pkgsrc-wip AND because collectd is a cool piece of software. (although it's still rapidly evolving)
Basically, it's tool that can monitor stuff and record it to rrd or csv files. It can do this with an agent, over snmp, with a custom plugin, with a perl plugin, etc etc etc. The reason I like it is that it doesn't include a gui, require a database, or any of that other stuff. It's also why I like drraw.
The package itself is pretty immature. As you can image with such a flexible tool, there are a ton of optional plugins that should all be available through the pkgsrc options framework. They are not and I have just included a few things I thought were essentials. I left out ping, though, because liboping won't compile on NetBSD (or slightly older linux missing a few headers). The compile on NetBSD part is getting fixed by adding some socketopts, but liboping really needs some portability improvements before I can url2pkg it easily. FreeBSD has a port with some patches, so maybe it will just work.
As an aside-
My vision of a perfect monitoring system is very flexible. I prefer to have a wiki for my intranet, and creating the whole monitoring system inside of it; with graphs included on app docs for their required servers, and also on useful pages in templates of my design showing key stats.. I could go on for hours. :) (notifications every which way..)
There are also some things I don't like about collectd. Mainly that it prefers agent-based operation and doesn't include a full UCD MIB for the snmp monitor. It would be ideal if they both collected the same data in the same way so you could migrate from snmp to agent without any issues. They're also evolving the threshold notifications framework, which is pretty important to have settled. The config file syntax is single-host centric. And I'm sure I could think of a few other things. :)
Basically, it's tool that can monitor stuff and record it to rrd or csv files. It can do this with an agent, over snmp, with a custom plugin, with a perl plugin, etc etc etc. The reason I like it is that it doesn't include a gui, require a database, or any of that other stuff. It's also why I like drraw.
The package itself is pretty immature. As you can image with such a flexible tool, there are a ton of optional plugins that should all be available through the pkgsrc options framework. They are not and I have just included a few things I thought were essentials. I left out ping, though, because liboping won't compile on NetBSD (or slightly older linux missing a few headers). The compile on NetBSD part is getting fixed by adding some socketopts, but liboping really needs some portability improvements before I can url2pkg it easily. FreeBSD has a port with some patches, so maybe it will just work.
As an aside-
My vision of a perfect monitoring system is very flexible. I prefer to have a wiki for my intranet, and creating the whole monitoring system inside of it; with graphs included on app docs for their required servers, and also on useful pages in templates of my design showing key stats.. I could go on for hours. :) (notifications every which way..)
There are also some things I don't like about collectd. Mainly that it prefers agent-based operation and doesn't include a full UCD MIB for the snmp monitor. It would be ideal if they both collected the same data in the same way so you could migrate from snmp to agent without any issues. They're also evolving the threshold notifications framework, which is pretty important to have settled. The config file syntax is single-host centric. And I'm sure I could think of a few other things. :)
Monday, July 13, 2009
NetBSD with wpa_supplicant and dhcpcd
So a long time ago, I started an email thread called wpa_supplicant before dhcpcd wherein I shared a problem I had with dhcpcd being a part of /etc/rc.d/network since wpa_supplicant (required to get link on a protected interface) started after /etc/rc.d/network. It led to a lot of interesting talk as you can see on the thread, but not a lot of answers. :) Anyway, the following works just fine:
which tells dhcpcd to background immediately and wait forever for a lease. Otherwise, it would exit when it didn't find link (status: no carrier) because wpa_supplicant hadn't started up and authenticated the link yet!
I would still prefer to see something like /etc/rc.d/network2 which re-parses rc.conf for late flags per-interface, but this works for now especially since dhcpcd is the only thing that runs per-interface instead of through a control interface. These flags are also handy because if I say I want dhcp on an interface, I mean that I want it regardless of when I choose to plug in a network cable.
dhcpcd_flags="-b -t 0"
which tells dhcpcd to background immediately and wait forever for a lease. Otherwise, it would exit when it didn't find link (status: no carrier) because wpa_supplicant hadn't started up and authenticated the link yet!
I would still prefer to see something like /etc/rc.d/network2 which re-parses rc.conf for late flags per-interface, but this works for now especially since dhcpcd is the only thing that runs per-interface instead of through a control interface. These flags are also handy because if I say I want dhcp on an interface, I mean that I want it regardless of when I choose to plug in a network cable.
Labels: NetBSD
Tuesday, June 23, 2009
new NetBSD security advisories AND crazy meta-blogging
Read the following for security issues:
June, 2009 security advisories
Then if you're reading this on http://netbsd.gw.com/ you might have noticed that Nhat Minh LĂȘ has been posting about parsing my blog's atom feed in reply to an email I sent trying to do the same thing. Crazy meta fun. :)
June, 2009 security advisories
Then if you're reading this on http://netbsd.gw.com/ you might have noticed that Nhat Minh LĂȘ has been posting about parsing my blog's atom feed in reply to an email I sent trying to do the same thing. Crazy meta fun. :)
Labels: NetBSD
Tuesday, May 26, 2009
NetBSD quotas - quickstart
- "userquota" should be set in the options of /etc/fstab for the filesystem where you want you want quotas enabled.
- Make sure your quota-enabled filesystem is mounted
- Run /etc/rc.d/quota start to generate an automatic "quotacheck -a" command
- "edquota -f FILESYSTEM USER" will open up vi and have you fill out the quota file
- "quotaon -a" to turn quotas on for every filesystem with the userquota option
- Finally, try running repquota -a to see a report of all the quotas and test it out! Here's my attempting to exceed my quota of 100K
/dev/sd0a /usr/local ffs rw,userquota 1 1
Quotas for user qtest:
/usr/local: blocks in use: 0, limits (soft = 20, hard = 10)
inodes in use: 0, limits (soft = 100, hard = 150)
Error: bar: Disc quota exceeded; bar: WARNING: FILE TRUNCATED.
Caveats
I found a few issues with quotas-
- The userquota options and the log options are mutually exclusive, so WAPBL and quotas don't work together. (I think there is a plan to fix this)
- After really using quotas, I was unable to umount my fs but fstat didn't show anything using it
quota(1) - check your own quota
repquota(8) - check everyone's quota
quotaon(8) - enable quotas
edquota(8) - edit the quota file
quotacheck(8) - see if a user is exceeding his quota
Labels: NetBSD
Sunday, May 24, 2009
NetBSD device drivers - easier than you might think
Okay, so this is basically a post about procrastination as I avoid working on my first pseudo device. One thing that struck me was how accessible this part of the internal working of NetBSD were. I mean, seriously, if I can get a working device then anyone can.
NetBSD Documentation: Writing a pseudo device tells you everything you need to get started (well, mostly :) ) And studying other drivers shows that they mostly all look the same, use the same few conventions, and can offer a lot of hints on getting something functional fast.
A device-writing section in NetBSD Internals would be a very welcome addition and would give some nice background to the networking pseudo device chapter.
I guess it's time to get some reading in about config_attach_pseudo and friends but if you have an idea for adding a little this-or-that to NetBSD, I'll bet you can get a functional pseudo device in one day or less.
p.s.
Should I be doing this whole thing with rump?
NetBSD Documentation: Writing a pseudo device tells you everything you need to get started (well, mostly :) ) And studying other drivers shows that they mostly all look the same, use the same few conventions, and can offer a lot of hints on getting something functional fast.
A device-writing section in NetBSD Internals would be a very welcome addition and would give some nice background to the networking pseudo device chapter.
I guess it's time to get some reading in about config_attach_pseudo and friends but if you have an idea for adding a little this-or-that to NetBSD, I'll bet you can get a functional pseudo device in one day or less.
p.s.
Should I be doing this whole thing with rump?
Labels: c programming, NetBSD
Saturday, May 16, 2009
NetBSD CVS Digest comeback
Saturday, May 9, 2009
NetBSD seed_tmpfs - a tool for easier-embedded systems
Update! This whole article has proven mostly worthless thanks the following two entries in fstab:
/dev/wd0b /var/log2 mfs rw,-s10m 0 0
/var/log2 /var/log union rw - -
That creates a 10M /var/log2 and then union mounts it onto /var/log, which will auto-magically seed the filesystem as it is used.
Thanks, tech-embed
Install into /sbin/mount_seed_tmpfs
So I like to run my soekris read-mostly and one of the biggest weaknesses of the methods I describe in there is seeding your memory file systems with the correct files so daemons requiring those files will function properly. Basically, if /var/log/messages doesn't exist, syslog isn't going to create it for you!
So, I've written the following script which will populate a tmpfs with all the data currently on the disk before mounting it. I basically works by first mounting the tmpfs to a hidden location, copying everything from the seeddir, and then doing a null mount on-top of the destdir.
So the command:
mount -t seed_tmpfs -o -s10M /var/log /var/log
will create a (hidden to df) mount of a 10M tmpfs, copy everything from /var/log to it, and then null mount that on-top of it.
Using it in /etc/fstab is a two step process (mostly for safety)
/var/log /var/log2 seed_tmpfs noauto,rw,-s10M - -
And then in /etc/rc.conf:
critital_local_filesystems="/ /var/log2"
This is a workaround for a little bug where mount -a will always try to remount the filesystem, and putting the parent and target into critical_local_filesystems will explicitly mount them.
The other bug is that umount can't trigger to umount both systems that I know of so a manual umount requires two commands.
/dev/wd0b /var/log2 mfs rw,-s10m 0 0
/var/log2 /var/log union rw - -
That creates a 10M /var/log2 and then union mounts it onto /var/log, which will auto-magically seed the filesystem as it is used.
Thanks, tech-embed
Install into /sbin/mount_seed_tmpfs
So I like to run my soekris read-mostly and one of the biggest weaknesses of the methods I describe in there is seeding your memory file systems with the correct files so daemons requiring those files will function properly. Basically, if /var/log/messages doesn't exist, syslog isn't going to create it for you!
So, I've written the following script which will populate a tmpfs with all the data currently on the disk before mounting it. I basically works by first mounting the tmpfs to a hidden location, copying everything from the seeddir, and then doing a null mount on-top of the destdir.
So the command:
mount -t seed_tmpfs -o -s10M /var/log /var/log
will create a (hidden to df) mount of a 10M tmpfs, copy everything from /var/log to it, and then null mount that on-top of it.
Using it in /etc/fstab is a two step process (mostly for safety)
/var/log /var/log2 seed_tmpfs noauto,rw,-s10M - -
And then in /etc/rc.conf:
critital_local_filesystems="/ /var/log2"
This is a workaround for a little bug where mount -a will always try to remount the filesystem, and putting the parent and target into critical_local_filesystems will explicitly mount them.
The other bug is that umount can't trigger to umount both systems that I know of so a manual umount requires two commands.
Labels: NetBSD
Sunday, May 3, 2009
netbooting NetBSD - flexibility options
So after re-installing NetBSD on my soekris I got to thinking about jumpstart for netbsd and about the whole pxe boot in general. After doing a little reading of the pretty excellent pxeboot man page (I mean, NetBSD really does have some great documentation) I wanted to give some of the more flexible options a try.
I didn't have to look much further than the bottom of the pxeboot man page, but I thought I would give a summary post about the booting process, and about how you can completely avoid using NFS for netboot if you want to. (let's hope the automated installer has a no-nfs option!)
The gist of what happens is is that NetBSD overloads the "filename" option in dhcpd.conf, depending on the request.
1) The first request, from the pxe bios is:
option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" - pxeboot file
fun starts here - by default netbsd will look in next-server/root-path (dhcpd.conf config) for 'netbsd' and boot it, but you have more options at your disposal:
2) pxeboot then does a new request as:
option vendor-class-identifier, 0, 17) = "NetBSD:i386:libsa" looking for "boot.cfg"
3) pxeboot will then do request for 'netbsd' or whatever you tell it to do in boot.cfg!
The neat thing about #2 and #3 is that you can say "tftp:boot.cfg" OR "nfs:boot.cfg" and decide how you want to serve that file.
So if you want to say boot the netbsd kernel over tftp and turn off a troublesome piece of hardware, you can make your boot.cfg look like this:
menu=tftp boot userconf mode:boot netbsd -c
Or point to different kernels:
menu=tftp boot installer:boot netbsd-INSTALL
And then you just override the values in dhcpd.conf:
} else if filename = "netbsd" {
filename "tftp:netbsd-SOMETHINGELSE";
So I'm definitely interested to see how the above-mentioned summer of code project decides to use these options, if he decides to use MULTIBOOT to pass an arbitrary list of options into the boot sequence (my-ctrl-file=tftp:macaddress.xml) or who knows what.
Abandon CDROM booting! :)
(my dhcpd.conf is mostly from the pxeboot man page and I'm testing by connecting my eee to my powerbook with a normal patch cable because modern interfaces will automagically act like crossovers)
I didn't have to look much further than the bottom of the pxeboot man page, but I thought I would give a summary post about the booting process, and about how you can completely avoid using NFS for netboot if you want to. (let's hope the automated installer has a no-nfs option!)
The gist of what happens is is that NetBSD overloads the "filename" option in dhcpd.conf, depending on the request.
1) The first request, from the pxe bios is:
option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000" - pxeboot file
fun starts here - by default netbsd will look in next-server/root-path (dhcpd.conf config) for 'netbsd' and boot it, but you have more options at your disposal:
2) pxeboot then does a new request as:
option vendor-class-identifier, 0, 17) = "NetBSD:i386:libsa" looking for "boot.cfg"
3) pxeboot will then do request for 'netbsd' or whatever you tell it to do in boot.cfg!
The neat thing about #2 and #3 is that you can say "tftp:boot.cfg" OR "nfs:boot.cfg" and decide how you want to serve that file.
So if you want to say boot the netbsd kernel over tftp and turn off a troublesome piece of hardware, you can make your boot.cfg look like this:
menu=tftp boot userconf mode:boot netbsd -c
Or point to different kernels:
menu=tftp boot installer:boot netbsd-INSTALL
And then you just override the values in dhcpd.conf:
} else if filename = "netbsd" {
filename "tftp:netbsd-SOMETHINGELSE";
So I'm definitely interested to see how the above-mentioned summer of code project decides to use these options, if he decides to use MULTIBOOT to pass an arbitrary list of options into the boot sequence (my-ctrl-file=tftp:macaddress.xml) or who knows what.
Abandon CDROM booting! :)
(my dhcpd.conf is mostly from the pxeboot man page and I'm testing by connecting my eee to my powerbook with a normal patch cable because modern interfaces will automagically act like crossovers)
host eeepc {
hardware ethernet 00:1E:4D:5E:90:75 ;
# filename "/private/tftpboot/pxeboot_ia32.bin";
next-server 192.168.2.201;
option routers 192.168.2.201;
option domain-name-servers 4.2.2.1;
option root-path "/usr/local/soekris/";
fixed-address 192.168.2.203;
# This section allows dhcpd to respond with different answers
# for the different tftp requests for the bootloader and kernel.
if substring (option vendor-class-identifier, 0, 20)
= "PXEClient:Arch:00000" {
filename "pxeboot_ia32_vga.bin";
} elsif substring (option vendor-class-identifier, 0, 17)
= "NetBSD:i386:libsa" {
if filename = "boot.cfg" {
filename "tftp:boot.cfg";
} else if filename = "netbsd" {
filename "tftp:netbsd";
}
}
}
Labels: NetBSD
Saturday, May 2, 2009
Upgraded to NetBSD 5
I just upgraded my soekris from NetBSD 3.1 to NetBSD 5.0. I actually did a fresh install following my own docs at soekris.html and am still working on getting all of my packages installed now. So far the systems seems fine, although I'm having a little more trouble fitting it onto 512MB. :)
Speaking of packages, I'm still waiting on the install of apache to finish (pkg_add seems stuck in select() or something) and I wanted to get this site back up, so I just fired up /usr/libexec/httpd (bozohttpd), which is now included in NetBSD, so I didn't have to wait for pkg_add at all.
NetBSD fester 5.0 NetBSD 5.0 (GENERIC) #0: Sun Apr 26 18:50:08 UTC 2009
Speaking of packages, I'm still waiting on the install of apache to finish (pkg_add seems stuck in select() or something) and I wanted to get this site back up, so I just fired up /usr/libexec/httpd (bozohttpd), which is now included in NetBSD, so I didn't have to wait for pkg_add at all.
NetBSD fester 5.0 NetBSD 5.0 (GENERIC) #0: Sun Apr 26 18:50:08 UTC 2009
Labels: NetBSD
Monday, April 27, 2009
binary patching for NetBSD
patch_* tools are announced in an email describing the beginnings of a tool which is like what mt_diff was supposed to be.
I personally look forward to single-command upgrades to my netbsd systems. :)
I personally look forward to single-command upgrades to my netbsd systems. :)
Labels: NetBSD
Saturday, April 18, 2009
NetBSD should cannibalize wasabi systems
As noted in another blog, wasabi systems has gone away. It would seem that they donated WAPBL to NetBSD in a final act of charity before being forced to close their doors. Now that they're gone, I wonder if they have any other technologies they would be able to give to NetBSD or even sell to the netbsd foundation. Old hardware is probably too easy to sell for bill-paying, or else that would probably be nice too.
Regardless, it's sad to see them go. Who will be the next big NetBSD-based company (other than microsoft via the sidekick, I mean) to give things a spin? On that note, microsoft donating Danger's work would also be nice. ;)
Edited for typos..
Regardless, it's sad to see them go. Who will be the next big NetBSD-based company (other than microsoft via the sidekick, I mean) to give things a spin? On that note, microsoft donating Danger's work would also be nice. ;)
Edited for typos..
Labels: NetBSD
Tuesday, March 31, 2009
pkgsrc dashboard - a new project
So in IRC I brought up the idea of a web dashboard for managing a network of pkgsrc servers and liked it so much I started a google code project for it.
http://code.google.com/p/pkgsrc-dashboard/
If you're a pkgsrc/netbsd person and have some input, ideas, or want to join the project then let me know!
http://code.google.com/p/pkgsrc-dashboard/
If you're a pkgsrc/netbsd person and have some input, ideas, or want to join the project then let me know!
Friday, March 27, 2009
eeepc "headless" with NetBSD
Normally I would do a whole How-To on this topic, but it was so easy that it really only qualifies as a blog post. Everything pretty much just works on my eeepc 701 so there isn't a whole lot to document. The main accomplishment was just figuring out how to turn off the screen.
I'm mostly using the GENERIC kernel with the following line added:
My xorg.conf came from X -configure. I can't remember making any changes to it, but here are some snippets:
To turn off the LCD backlight and get a completely dark screen:
The only problem is that you must be in X for that to work. I would like to simply leave it on the console, but I couldn't figure out a way to turn off the LCD with screenblank(1) using wscons, and I feel like vesa might have some options, but I couldn't find them.
I'm mostly using the GENERIC kernel with the following line added:
i915drm* at vga? # Intel i915, i945 DRM driver
My xorg.conf came from X -configure. I can't remember making any changes to it, but here are some snippets:
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "wsmouse"
Option "Device" "/dev/wsmouse"
Option "ZAxisMapping" "4 5 6 7"
EndSection
Section "Device"
Identifier "Card0"
Driver "intel"
VendorName "Intel Corporation"
BoardName "Mobile 915GM/GMS/910GML Express Graphics Controller"
BusID "PCI:0:2:0"
EndSection
To turn off the LCD backlight and get a completely dark screen:
startx
xset +dpms
xset dpms force suspend
The only problem is that you must be in X for that to work. I would like to simply leave it on the console, but I couldn't figure out a way to turn off the LCD with screenblank(1) using wscons, and I feel like vesa might have some options, but I couldn't find them.
Labels: NetBSD
Tuesday, March 24, 2009
NetBSD livecd jibbed updated
Friday, March 20, 2009
NetBSD wishlist item - secmodelctl and kauth system call scope
Okay, so an email came through the mailing lists recently about systrace being removed and how to handle it. This got me thinking about kauth and secmodel. Two ideas came to mind:
1) Implement system calls as a kauth scope.
2) Create a tool called secmodelctl which allowed for manipulation on an overlay level of the security model.
The main use for systrace to come back, in my opinion, is for great projects like sysjail.
secmodelctl should be like pfctl where you can load a config file, manipulate rules, etc.
1) Implement system calls as a kauth scope.
2) Create a tool called secmodelctl which allowed for manipulation on an overlay level of the security model.
The main use for systrace to come back, in my opinion, is for great projects like sysjail.
secmodelctl should be like pfctl where you can load a config file, manipulate rules, etc.
<priv type="priveleged_port" action="add">
<prog>/usr/libexec/ftpd</prog>
<sha1>e34da0a32eda829b4496370cc24987322d2e852d</sha1>
<user>ftpd_user</user>
<port>21</port>
</priv>
Labels: NetBSD, project ideas
Saturday, March 14, 2009
NetBSD powerd wish-list item
We had an interesting discussion on EFNet/#netbsd this morning about some possible enhancements to acpi and some other facilities being improved/introduced in NetBSD 5. The main idea was this: given a set of criteria, could netbsd automatically turn off hardware components to save on power?
So, for a simple example, if I have a server with two cpu's and my system load is less than 1 for an extended period of time, why not step down my cpu speed and if my load continues to stay low, turn off one cpu?
What if I never use more than half of my ram? Or what if my network traffic could go from gig to 100M without any harm?
I've worked in some power and cooling-starved datacenters where we would never seriously consider trying to set all of this stuff up, while at the same time we had a lot of standby servers, or very idle systems. This tells me that power management is probably seen as risky, difficult, or both.
All of this stuff, of course, also applies to laptops which need extended battery performance, lid-closing sleeps, etc. It's one of the few places where laptop-driven technology could make a big impact in a datacenter.
Anyway, netbsd isn't really there yet to provide a lot of this, but it seems to have facilities which could be put together to almost solve the problem:
powerd
drvctl
envstat
cpuctl
And maybe something more like sar or a similar dtrace-type listener.
So, for a simple example, if I have a server with two cpu's and my system load is less than 1 for an extended period of time, why not step down my cpu speed and if my load continues to stay low, turn off one cpu?
What if I never use more than half of my ram? Or what if my network traffic could go from gig to 100M without any harm?
I've worked in some power and cooling-starved datacenters where we would never seriously consider trying to set all of this stuff up, while at the same time we had a lot of standby servers, or very idle systems. This tells me that power management is probably seen as risky, difficult, or both.
All of this stuff, of course, also applies to laptops which need extended battery performance, lid-closing sleeps, etc. It's one of the few places where laptop-driven technology could make a big impact in a datacenter.
Anyway, netbsd isn't really there yet to provide a lot of this, but it seems to have facilities which could be put together to almost solve the problem:
powerd
drvctl
envstat
cpuctl
And maybe something more like sar or a similar dtrace-type listener.
Labels: NetBSD, project ideas
Tuesday, March 10, 2009
mk-configure - NetBSD's make to replace autoconf
I wanted to give a little press to mk-configure by Aleksey Cheusov because I think it's an interesting project and because the auto tools are a regular source of heartache for developers and users. (you might know them as the standard ./configure && make && make install cycle)
Having a BSD-based alternative to these tools is nice for someone making BSD software and pushing the use of NetBSD's flavor of make is also cool because it's very powerful and could do a lot of things (like the above project shows) that are currently achieved with many different and difficult to understand/learn tools. Make is magic-enough. :)
Having a BSD-based alternative to these tools is nice for someone making BSD software and pushing the use of NetBSD's flavor of make is also cool because it's very powerful and could do a lot of things (like the above project shows) that are currently achieved with many different and difficult to understand/learn tools. Make is magic-enough. :)
Labels: NetBSD
Friday, February 27, 2009
Bluetooth SPD Rework - coming soon to NetBSD
tech-userlevel might not seem like the most exciting mailing list, but it usually has some good stuff.
It looks like Ian Hibbert has reworked bluetooth service discovery so it's easier for your headphone to tell your computer that they also have 256MB of storage. ;)
Message on tech-userlevel
It looks like Ian Hibbert has reworked bluetooth service discovery so it's easier for your headphone to tell your computer that they also have 256MB of storage. ;)
Message on tech-userlevel
Labels: NetBSD
Monday, February 23, 2009
desktop-gnome meta-pkg added to pkgsrc
I'm not sure why this wasn't announced yet, but it looks like the desktop-gnome meta-pkg was added. This is a big step for the Desktop NetBSD project.
It looks like this package is mostly the normal gnome metapkg plus some stuff. Try it out!
It looks like this package is mostly the normal gnome metapkg plus some stuff. Try it out!
Labels: NetBSD
Saturday, February 21, 2009
Mirroring NetBSD
Brian Seklecki just posted a new wiki page about how to run a netbsd source mirror. I have helped him with some of this stuff (although not very much), so I thought I would advertise the page here.
Labels: NetBSD
Wednesday, February 18, 2009
my dream computer
So I think a newer soekris (the 6000 or 7000 series) will probably meet my needs, but I'd like to spell out exactly what I would like to see in a new system for home:
Tiny form factor, fanless, and silent
686 class processor for Xen support,
Support for a CF card,
Support for upto three 2.5" SATA disks for easy RAID5,
IPMI and serial bios support,
Two network ports,
At least two external usb ports,
support for more than 2GB of RAM,
built-in crypto acceleration,
full netbsd support.
Tiny form factor, fanless, and silent
686 class processor for Xen support,
Support for a CF card,
Support for upto three 2.5" SATA disks for easy RAID5,
IPMI and serial bios support,
Two network ports,
At least two external usb ports,
support for more than 2GB of RAM,
built-in crypto acceleration,
full netbsd support.
Labels: NetBSD
Sunday, February 15, 2009
NetBSD installer web template
I have created a web template to look like the NetBSD installer. I did it so I could proof stuff on the web:
sample 1
new disk layout?
What do you think?
sample 1
new disk layout?
What do you think?
Labels: NetBSD
Friday, February 6, 2009
NetBSD Desktop
As you may now find here: Desktop Project some very capable NetBSD developers have taken it upon themselves to create a meta-pkg of useful desktop utilities and add it into the base install. This should allow one to install NetBSD and get more than twm and no web browser. :)
Obviously, this is fodder for extreme criticisms by anti-bloat advocates, various window manager aficionados , etc, but an improved installer and more modern options are certainly welcome changes. The new user experience is, after all, important to future growth.
Furthermore, I hope this helps bring to light the needs for better tools in general for a few key areas. (like keeping a netbsd system up-to-date) At least this weakness has found some traction. :)
Obviously, this is fodder for extreme criticisms by anti-bloat advocates, various window manager aficionados , etc, but an improved installer and more modern options are certainly welcome changes. The new user experience is, after all, important to future growth.
Furthermore, I hope this helps bring to light the needs for better tools in general for a few key areas. (like keeping a netbsd system up-to-date) At least this weakness has found some traction. :)
Labels: NetBSD
Saturday, January 31, 2009
Just a link for NetBSD
Sunday, January 18, 2009
mt_diff.sh 1.0
I have finished the initial write of mt_diff.sh, which will take two NetBSD destdir's and use the mtree files to create a package for updating from one to the other. It's slow as hell because it does tons of passes with awk through all of the mtree files, but I was just trying to get the concept right before anything else. I need to update mt_pkg.sh to get it reading the new patch format (I'm trying to preserve which set files came from so backing out is easier), but it should be pretty easy to update.
Anyway, if you get a chance to check it out, you can find the current rev here:
mt_diff.sh
And of course, you can ready about the mt_pkg.sh idea and script here:
http://mspo.com/blog/2009/01/mtpkgsh-posted.html
Anyway, if you get a chance to check it out, you can find the current rev here:
mt_diff.sh
And of course, you can ready about the mt_pkg.sh idea and script here:
http://mspo.com/blog/2009/01/mtpkgsh-posted.html
Labels: NetBSD, project ideas
Saturday, January 3, 2009
mt_pkg.sh posted
Today I posted my idea for using mtree as a simple pkg database for the netbsd base install. I haven't gotten any replies yet, so I'm not sure if anyone likes the idea, or if the subject doesn't work for them, but let me know what you think:
Message to tech-userlevel
I also have the script located here:
mt_pkg.sh
Message to tech-userlevel
I also have the script located here:
mt_pkg.sh
Labels: NetBSD, project ideas
Wednesday, December 17, 2008
Installed NetBSD 5.99.x on my eeepc
I just installed NetBSD-current (5.99 right now) on my eee and it was pretty much exactly the same as it always has been. The installer seems the same except that it updates rc.conf with rc_configured=YES, so you can actually get into multi user mode on the first boot. I also wanted to use the in-tree x.org, so I checked out xsrc (cvs checkout xsrc) and then did a build.sh -X ../xsrc to get it to build. I then installed with tar -C / -xzvf x[..].tgz. It went smoothly and twm started without even trying to get a working xorg.conf (which I should have saved from my 4.99 instsall. oh well)
Anyway, this should be about the same as 5.0 except now GENERIC will work with ath and lii. I also don't have to restart my network to get wireless working since wpa_supplicant and dhcpcd seem to interact a little nicer.
It got me thinking a little bit about a project for automated installs of netbsd. I think it should be pretty easy to script the entire process of newfs and tar/pax, so maybe I'll look into it a little more.
Anyway, this should be about the same as 5.0 except now GENERIC will work with ath and lii. I also don't have to restart my network to get wireless working since wpa_supplicant and dhcpcd seem to interact a little nicer.
It got me thinking a little bit about a project for automated installs of netbsd. I think it should be pretty easy to script the entire process of newfs and tar/pax, so maybe I'll look into it a little more.
Labels: eeepc, NetBSD, project ideas
Saturday, December 13, 2008
pie-in-the-sky build.sh enhancements
To expand a little bit on the thread of my mtree-pkg idea I'd like to document more things that have been rattling around in my head for a while-
build.sh to pkgsrc crossover framework. I would like to have a list of pkgsrc packages and a mk.conf variable pointing to where pkgsrc lived. When I do a build.sh makepkgs=YES, build.sh would build NetBSD and create a meta-pkg with my list in it, reach over to $PKGSRCHOME/, build these packages with my build.sh tools (cross-build enabled!), and pop that onto my install media. The installed could then see that I have pkgs/* to install and ask if I wanted to put them in.
build.sh/crunchgen custom userland list. This is another list of programs where I want to build a custom crunchgen bundle with build.sh so that I could create a file with only the programs I wanted, execute build.sh mkcrunch=YES kernel=FOO, and end up with a FOO kernel containing the crunched FOO list of programs I specified.
For reference, I've shared similar suggestions in the past:
adding 'make syspkg' to pkgsrc
pkgsrc to replace build.sh
build.sh to pkgsrc crossover framework. I would like to have a list of pkgsrc packages and a mk.conf variable pointing to where pkgsrc lived. When I do a build.sh makepkgs=YES, build.sh would build NetBSD and create a meta-pkg with my list in it, reach over to $PKGSRCHOME/, build these packages with my build.sh tools (cross-build enabled!), and pop that onto my install media. The installed could then see that I have pkgs/* to install and ask if I wanted to put them in.
build.sh/crunchgen custom userland list. This is another list of programs where I want to build a custom crunchgen bundle with build.sh so that I could create a file with only the programs I wanted, execute build.sh mkcrunch=YES kernel=FOO, and end up with a FOO kernel containing the crunched FOO list of programs I specified.
For reference, I've shared similar suggestions in the past:
adding 'make syspkg' to pkgsrc
pkgsrc to replace build.sh
Labels: NetBSD, project ideas
Thursday, December 11, 2008
pkg_add with mtree project idea
Another project idea I had was to take better advantage of the /etc/mtree/set.* files on NetBSD. These files compose a database of installed files on any given NetBSD system. As far as I can tell, however, they aren't used for anything else. They will be scanned by /etc/security if you copy them to $something.secure (cat set.* >> files_to_scan.secure). The file "secure" is also a part of the security scan.
So the basis of the idea is this- if NetBSD needs to do a security update, it usually only needs to replace a few files and change the minor.minor version number. Instead of having to reinstall all of your sets, or all of net.tgz, you should be able to pkg_add -s security_update_20081208.tgz which will simply update the affected files, make backups, change the set.mtree's, and increase the version number after validation. This could also trigger notes about updating configs, checking for dependencies, etc.
As a side-effect, pkg_add could also install FULL base.tgz or any other set as a system package and that idea could be resurrected because, as we all know, it's the right way to go. I'm also a proponent of keeping system packages in a separate database from pkgsrc packages, which is why I like the mtree idea so much- it's a different format!
So the basis of the idea is this- if NetBSD needs to do a security update, it usually only needs to replace a few files and change the minor.minor version number. Instead of having to reinstall all of your sets, or all of net.tgz, you should be able to pkg_add -s security_update_20081208.tgz which will simply update the affected files, make backups, change the set.mtree's, and increase the version number after validation. This could also trigger notes about updating configs, checking for dependencies, etc.
As a side-effect, pkg_add could also install FULL base.tgz or any other set as a system package and that idea could be resurrected because, as we all know, it's the right way to go. I'm also a proponent of keeping system packages in a separate database from pkgsrc packages, which is why I like the mtree idea so much- it's a different format!
Labels: NetBSD, project ideas
