sysclean.
sysclean is a perl(1) script designed to help remove obsolete files between OpenBSD upgrades. Sysclean compares a reference root directory against the currently installed files, taking files from both the base system and packages into account. Sysclean does not remove any files on the system. It only reports obsolete filenames or packages using out-of-date libraries.
https://github.com/semarie/sysclean
#system #update
sysclean is a perl(1) script designed to help remove obsolete files between OpenBSD upgrades. Sysclean compares a reference root directory against the currently installed files, taking files from both the base system and packages into account. Sysclean does not remove any files on the system. It only reports obsolete filenames or packages using out-of-date libraries.
https://github.com/semarie/sysclean
#system #update
π4
Using KeePassXC with SSH-Agent on OpenBSD
Iβm using KeePassXC to manage my secrets. But when I log into my OpenBSD laptop, Iβm still asked to enter my SSH passphrase to fill-in ssh-agent(1). Somehow, itβs great ; maybe other system donβt even propose that feature out of the box. But what if KeePassXC could know about my passphrase(s) and interact with ssh-agent(1). Well, it can...
https://www.tumfatig.net/2022/using-keepassxc-with-ssh-agent-on-openbsd/
#keepassxc #ssh
Iβm using KeePassXC to manage my secrets. But when I log into my OpenBSD laptop, Iβm still asked to enter my SSH passphrase to fill-in ssh-agent(1). Somehow, itβs great ; maybe other system donβt even propose that feature out of the box. But what if KeePassXC could know about my passphrase(s) and interact with ssh-agent(1). Well, it can...
https://www.tumfatig.net/2022/using-keepassxc-with-ssh-agent-on-openbsd/
#keepassxc #ssh
π2
OpenBSD on the PinePhone
Installing OpenBSD on the Pinephone might seem straightforward, as the hardware is essentially just an arm-based SBC with a built in screen and modem. The Allwinner A64 SoC is supported by the OpenBSD kernel, so we can at least expect it to boot. However, no specific support for the Pinephone hardware is included in the most recent OpenBSD release, making it unlikely that we'll get much beyond output via the serial terminal. Furthermore, unlike many SBCs, the Pinephone doesn't have an on-board ethernet connection. This will make the installation slightly more complicated, as we can't install the base packages from a local network server. Nevertheless, if OpenBSD is ever going to run in a usable fashion on the Pinephone we need to start somewhere...
https://www.exoticsilicon.com/crystal/pinephone_openbsd
#system #install #pinephone
Installing OpenBSD on the Pinephone might seem straightforward, as the hardware is essentially just an arm-based SBC with a built in screen and modem. The Allwinner A64 SoC is supported by the OpenBSD kernel, so we can at least expect it to boot. However, no specific support for the Pinephone hardware is included in the most recent OpenBSD release, making it unlikely that we'll get much beyond output via the serial terminal. Furthermore, unlike many SBCs, the Pinephone doesn't have an on-board ethernet connection. This will make the installation slightly more complicated, as we can't install the base packages from a local network server. Nevertheless, if OpenBSD is ever going to run in a usable fashion on the Pinephone we need to start somewhere...
https://www.exoticsilicon.com/crystal/pinephone_openbsd
#system #install #pinephone
π4π±4π1π1
GoT all the things.
I was basically using cvs for a long time for OpenBSD and some Github for open source projects, until this thread on ports made me decide to just move all my repos to GoT, which I had the privilege to see an early version long time ago in a hackthon...
https://x61.sh/log/2022/01/20220127T190458-got.html
#got #git #feedback
I was basically using cvs for a long time for OpenBSD and some Github for open source projects, until this thread on ports made me decide to just move all my repos to GoT, which I had the privilege to see an early version long time ago in a hackthon...
https://x61.sh/log/2022/01/20220127T190458-got.html
#got #git #feedback
π₯7
Blockor.
Protect BSD Unix computer servers from brute-force attacks. It works on top of the OpenBSD Packet Filter(PF) firewall.
https://github.com/muktadiur/blockor
#security #firewall #pf
Protect BSD Unix computer servers from brute-force attacks. It works on top of the OpenBSD Packet Filter(PF) firewall.
https://github.com/muktadiur/blockor
#security #firewall #pf
π8π1
Mail Server Hosting on OpenBSD.
Mail server is an everyday requirement for everyone. Why trust and rely on 3rd party mail servers? There are many reasons to host your mail server today, in just one sitting! The following section mentions the significant benefits of hosting a mail server...
https://serhanekici.com/005-mailserver-openbsd.html
#opensmtpd #mail
Mail server is an everyday requirement for everyone. Why trust and rely on 3rd party mail servers? There are many reasons to host your mail server today, in just one sitting! The following section mentions the significant benefits of hosting a mail server...
https://serhanekici.com/005-mailserver-openbsd.html
#opensmtpd #mail
π7
Excision Mail.
Fullstack, security focused mailserver based on OpenSMTPD for OpenBSD.
https://excision.bsd.ac/
#opensmtpd #mail
Fullstack, security focused mailserver based on OpenSMTPD for OpenBSD.
https://excision.bsd.ac/
#opensmtpd #mail
Wireguard all the things.
The good thing about wireguard besides its security is that it keeps things very simple plus OpenBSD simplicity makes the whole environment easy to setup even with crossing platform, such us iOS, Android, Windows, Linux and so on. For this setup you need only "libqrencode" and "wireguard-tools" to create qr codes to import the vpn configuration on your devices, so for this we do...
https://x61.sh/log/2022/01/20220104T122904-wireguard.html
#network #vpn #wireguard
The good thing about wireguard besides its security is that it keeps things very simple plus OpenBSD simplicity makes the whole environment easy to setup even with crossing platform, such us iOS, Android, Windows, Linux and so on. For this setup you need only "libqrencode" and "wireguard-tools" to create qr codes to import the vpn configuration on your devices, so for this we do...
https://x61.sh/log/2022/01/20220104T122904-wireguard.html
#network #vpn #wireguard
π7
Feedback from and for subscribers. π€
> I'd like to share that for almost 3 years I've been running Telegram channels with CVS commit messages: https://t.iss.one/OpenBSD_CVS (along with
@OpenBSD_src, @OpenBSD_ports, @OpenBSD_xenocara and @OpenBSD_www).
> Commit messages are received directly from source-changes@ and ports-changes@, parsed and immediately sent to the Telegram API.
#feedback #community #cvs
> I'd like to share that for almost 3 years I've been running Telegram channels with CVS commit messages: https://t.iss.one/OpenBSD_CVS (along with
@OpenBSD_src, @OpenBSD_ports, @OpenBSD_xenocara and @OpenBSD_www).
> Commit messages are received directly from source-changes@ and ports-changes@, parsed and immediately sent to the Telegram API.
#feedback #community #cvs
π7β€1π1
The complete idiot's guide to OpenBSD on the Pinebook Pro.
Today I will show you how I installed the latest snapshot of OpenBSD on my Pinebook Pro with plenty of detail so that you can do it, too. I will include instructions for setting up full disk encryption, and conclude with a summary of my experience running OpenBSD on this device...
https://tomscii.sig7.se/2022/02/Guide-to-OpenBSD-on-the-PinebookPro
#install #system #hardware
Today I will show you how I installed the latest snapshot of OpenBSD on my Pinebook Pro with plenty of detail so that you can do it, too. I will include instructions for setting up full disk encryption, and conclude with a summary of my experience running OpenBSD on this device...
https://tomscii.sig7.se/2022/02/Guide-to-OpenBSD-on-the-PinebookPro
#install #system #hardware
π7
A reckless guide to OpenBSD.
Welcome to a new weekly series of articles for intermediate to advanced level users of OpenBSD, focusing on aspects of using and customising the system that are not broadly covered or encouraged by the project's own official documentation, (hence the term βreckless guideβ)...
https://www.exoticsilicon.com/jay/reckless_guide_to_openbsd
#system
Welcome to a new weekly series of articles for intermediate to advanced level users of OpenBSD, focusing on aspects of using and customising the system that are not broadly covered or encouraged by the project's own official documentation, (hence the term βreckless guideβ)...
https://www.exoticsilicon.com/jay/reckless_guide_to_openbsd
#system
π16
Debugging an ioctl Problem on OpenBSD.
I was trying to use a V4L2 Ruby module on my OpenBSD laptop but ran into a problem where sending the V4L2 ioctls from this module would fail, while other V4L2 programs on OpenBSD worked fine...
https://jcs.org/2022/02/16/ioctl
#ruby #debug #ioctl
I was trying to use a V4L2 Ruby module on my OpenBSD laptop but ran into a problem where sending the V4L2 ioctls from this module would fail, while other V4L2 programs on OpenBSD worked fine...
https://jcs.org/2022/02/16/ioctl
#ruby #debug #ioctl
π1
-current has moved to 7.1-beta
With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.1-beta:
https://www.undeadly.org/cgi?action=article;sid=20220221061125
#release
With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.1-beta:
https://www.undeadly.org/cgi?action=article;sid=20220221061125
#release
π5
Native IPv6 with OpenBSD and Aussie Broadband
We are coming on two decades since IPv6 became a recognised standard and generally available but it is still not being widely adopted by people and organisations that have easy access to IPv4 address space. Even if you have a native IPv4 address, it will typically be in the form of some CG-NAT or other NAT on your customer premises equipment (CPE)...
https://www.tubsta.com/2022/03/native-ipv6-with-openbsd-and-aussie-broadband/
#network #ipv6
We are coming on two decades since IPv6 became a recognised standard and generally available but it is still not being widely adopted by people and organisations that have easy access to IPv4 address space. Even if you have a native IPv4 address, it will typically be in the form of some CG-NAT or other NAT on your customer premises equipment (CPE)...
https://www.tubsta.com/2022/03/native-ipv6-with-openbsd-and-aussie-broadband/
#network #ipv6
π3
OpenBSD/arm64 on Apple M1 systems.
It has taken a while, but I'm pleased to announce that OpenBSD/arm64 works well enough on Apple M1 systems for some wider testing...
https://www.undeadly.org/cgi?action=article;sid=20220320115932
#hardware #install #system
It has taken a while, but I'm pleased to announce that OpenBSD/arm64 works well enough on Apple M1 systems for some wider testing...
https://www.undeadly.org/cgi?action=article;sid=20220320115932
#hardware #install #system
π17π2
obsdfreqd - userland CPU frequency scheduling for OpenBSD.
https://tildegit.org/solene/obsdfreqd
#cpu #freq
https://tildegit.org/solene/obsdfreqd
#cpu #freq
π₯1
Heap Overflow in OpenBSD's slaacd via Router Advertisement
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
#security #network #slaacd
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
#security #network #slaacd
π3π1