OpenBSD Journal

ps(1) gains support for tree-like display of processes

2 év 11 hónap óta

Following a discussion on tech@, Job Snijders (job@), committed to ps(1) support for displaying the parent/child hierarchy of processes as an ASCII art tree:

CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2022/09/01 15:15:54 Modified files: bin/ps : extern.h print.c ps.1 ps.c ps.h Log message: Add forest (-f) mode In -f mode group & display parent/child process relationships using ASCII art. Borrows heavily from Brian Somers' work on FreeBSD ps(1). With input from deraadt@ and tb@ OK benno@ claudio@

Read more…

rcctl(8) gains a "configtest" action

2 év 11 hónap óta

Antoine Jacoutot (ajacoutot@) has added a "configtest" action to rcctl(8):

CVSROOT: /cvs Module name: src Changes by: ajacoutot@cvs.openbsd.org 2022/09/01 01:25:32 Modified files: etc/rc.d : rc.subr share/man/man8 : rc.d.8 usr.sbin/rcctl : rcctl.sh Log message: Add a new action: "configtest", to check configuration syntax of the daemon. A few adjustments will be done in the next days (like disabling this action if there's no specific rc_configtest function defined). e.g. /etc/rc.d/sshd configtest rcctl configtest sshd idea from naddy@

This is a feature that sysadmin types have been wanting for quite a while. A consistent way to sanity check your config before loading in anger is certain to make OpenBSD users' lives better.

Portable OpenSSH commits now SSH-signed

2 év 11 hónap óta

Damien Miller (djm@) notes that all (new) commits to the portable OpenSSH repository are now signed using git's SSH signature support.

Further details are on the OpenSSH development mailing list:

[…] We are in the process of converting the portable OpenSSH repository to require signed commits, tags and pushes, using git's recent ssh signature support. So far it's gone very smoothly, and we hope to have it enforced for all commits soon. We maintain our own git repository for portable OpenSSH, that is automatically mirrored to github. We use "pre-receive" and "update" hooks to check for signed pushes and tags/commits respectively, using an in-repository allowed_signers file. […]

This is a most welcome process integrity improvement that hopefully will make the world trust our favorite SSH software even more.

Several /sbin daemons are now dynamically-linked

2 év 11 hónap óta

In a pair of commits, Theo de Raadt (deraadt@) changed many daemons in /sbin to be dynamically linked. First this, which had some of us a little mystified:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/08/29 05:51:05 Modified files: etc : rc Log message: mount /usr earlier, to satisfy dynamically-linked daemons in /sbin better (there will be more soon)

Read more…

RAID 1C boot support added

3 év óta

Stefan Sperling (stsp@) has committed support for RAID 1C [mirroring and encryption] boot to -current on the amd64 platform:

CVSROOT: /cvs Module name: src Changes by: stsp@cvs.openbsd.org 2022/08/12 14:17:46 Modified files: share/man/man4 : softraid.4 sys/arch/amd64/stand/efi32: efidev.c sys/arch/amd64/stand/efi64: efidev.c sys/arch/amd64/stand/efiboot: efidev.c sys/arch/amd64/stand/libsa: biosdev.c softraid_amd64.c sys/lib/libsa : softraid.c Log message: add support for booting from RAID 1C softraid(4) volumes on amd64 Only boot-loader changes are needed. Both installboot(8) and the kernel already do what is required to make this work. ok kn@ Tested: biosboot on vmm: kn, stsp biosboot and efiboot on server hardware: stsp

Support on the arm64 platform can be expected soon.

Great work, Stefan (and Klemens, and everyone else involved)!

sftp-server(8) gains support for home-directory request

3 év óta

Damien Miller (djm@) has committed home-directory request to sftp-server(8): CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2022/08/11 23:20:28 Modified files: usr.bin/ssh : sftp-server.c PROTOCOL Log message: sftp-server: support home-directory request Add support to the sftp-server for the home-directory extension defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing expand-path@openssh.com, but uses a more official protocol name, and so is a bit more likely to be implemented by non-OpenSSH clients. From Mike Frysinger, ok dtucker@

/usr/games removed from the default $PATH

3 év óta

In -current, /usr/games has been removed from the default $PATH. Theo Buehler (tb@) committed the change:

CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2022/08/10 01:40:37 Modified files: etc/skel : dot.cshrc dot.profile Log message: Remove games from the default $PATH in /etc/skel The games are a playground for developers. Their code is very old and full of bugs. ok deraadt kn

So when you next sit down on a fresh snapshot install and want to do a quick rot13 or do a round of tetris, you may need to specify the full path.

Alternatively, you could dig into the code and see if you can fix a bug or two.

Even more randomness

3 év óta

Damien Miller (djm@) committed a change randomising the rekeying interval in arc4random(3) (and friends):

CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2022/07/30 23:10:36 Modified files: lib/libc/crypt : arc4random.c Log message: Randomise the rekey interval a little. Previously, the chacha20 instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Feedback deraadt@ visa@, ok tb@ visa@

-current has moved to 7.2-beta

3 év 1 hónap óta

With the following commit(s), Theo de Raadt (deraadt@) moved -current to version 7.2-beta:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/07/20 09:12:39 Modified files: sys/conf : newvers.sh sys/sys : param.h etc/root : root.mail usr.bin/signify: signify.1 sys/arch/macppc/stand/tbxidata: bsd.tbxi Log message: move to 7.2-beta. this gets done very early, to avoid finding out version number issues close to release

Snapshots are (already) available for several platforms.

(Regular readers will know what comes next…)
This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

Game of Trees 0.74 released

3 év 1 hónap óta
For those who have been paying attention to the Game of Trees development list, there has been a lot going on with got(1). Apologies here at undeadly for having missed some release announcements!

Having written as much, got 0.74 was released on July 14th, 2022!

Release notes may be found here: https://gameoftrees.org/releases/CHANGES

The -portable release also got some attention, and those release notes may be found here: http://gameoftrees.org/releases/portable/CHANGELOG

Read more…

rpki-client 7.9 released

3 év 1 hónap óta
A fairly critical component of routing security infrastructure, rpki-client, has a new release out, version 7.9.

The announcement leads in,

rpki-client 7.9 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon.

rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of BGP announcements. The program queries the global RPKI repository system and validates untrusted network inputs. The program outputs validated ROA payloads and BGPsec Router keys in configuration formats suitable for OpenBGPD and BIRD, and supports emitting CSV and JSON for consumption by other routing stacks.

Read the whole thing here and grab the new release at your favorite OpenBSD mirror.

In -current, dhclient(8) now just logs warnings and executes ifconfig(8)

3 év 1 hónap óta

Theo de Raadt (deraadt@) committed the change:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/07/02 11:21:32 Modified files: sbin/dhclient : dhclient.c Log message: dhclient(8) has been undergoing replacement with "ifconfig xxx inet auto" for a couple of years, backed by dhcpleased(8), which provides much better dns handling. The next step is to make the dhclient simply execve ifconfig in that way, and provide syslog warnings about deprecated options along the way. This way, we can find the last few dhclient users, and what they are missing. ok florian krw

(Almost) 0 Dependency Websites with OpenBSD & AsciiDoc

3 év 2 hónap óta
Courtney Allen has published a blog post about how to run a website and blog almost exclusively on things that are in the OpenBSD base system already, only adding AsciiDoc to the mix.

The lead in reads, I have fallen in love with a recent combination of software to make good looking websites, and having an easy to manage web server. I’m a minimalist in many ways. Really, I find that it makes my life easier.

You can read the whole thing here: 0 Dependency Websites with OpenBSD & AsciiDoc.

Analyzing locks in OpenBSD’s Kernel with Domain-Specific Knowledge

3 év 2 hónap óta

Christian Ludwig "wrote a tool to statically analyze spl(9) kernel locking in OpenBSD. It even found some bugs."

His write up is here: https://medium.com/@chrissicool/analyze-openbsds-kernel-with-domain-specific-knowledge-ca665d92eebb

His code for the Lock Balancing Checker referenced in the write up is available under an ISC license and can be obtained here: https://github.com/chrissicool/lbc

Ellenőrizve
47 perc 10 másodperc ago
OpenBSD Journal
The OpenBSD Community.
Feliratkozás a következőre: OpenBSD Journal hírcsatorna