You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

446 lines
15 KiB

---
title: OpenBSD
date: 2023-11-29T20:33:48+0100
2 months ago
lastmod: 2024-09-28T23:48:06+0000
tags:
10 months ago
- openbsd
- python
- cloudlog
- zsh-shell
- git
- rust
- neovim
- apache2
- mod_md
- certbot
#showDate: false
showReadingTime: false
showWordCount: false
showPagination: false
#showAuthor: false
showBreadcrumbs: true
feed_exclude: true
# site_exclude: true
---
These are random notes -- more or less about OpenBSD. Some may
not fit here well, but they could relate to OpenBSD or similar
operating systems in some way...
## Apache with wildcard certificates
I often got errors when I clicked a link on my main website for example
to the weather page. It was complaining about different
<abbr title="Server Name Indication">SNI</abbr> because both hosts used different
certificates and I wasn't sure how I could fix that easily. I thought wildcard
certs could fix that because I'd only have one cert for all the domains.
2 months ago
```console
$ doas pkg_add certbot
2 months ago
```
Run and follow instructions:
2 months ago
```console
$ doas certbot certonly --manual --preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual-public-ip-logging-ok -d '*.oe7drt.com' -d oe7drt.com
[...]
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/oe7drt.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/oe7drt.com/privkey.pem
This certificate expires on 2024-04-25.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual
certificates requires the use of an authentication hook script (--manual-auth-hook)
but one was not provided. To renew this certificate, repeat this same certbot
command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 months ago
```
Also adding my .net domain to the certs:
2 months ago
```console
$ doas certbot certonly --manual --manual-public-ip-logging-ok \
--preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory \
-d "*.oe7drt.com" -d "*.oe7drt.net" -d oe7drt.com -d oe7drt.net
2 months ago
```
Some changes to the apache2 configuration were made:
2 months ago
```apache
<MDomain oe7drt.com oe7drt.net>
MDMember *.oe7drt.com
MDMember *.oe7drt.net
MDCertificateFile /etc/letsencrypt/live/oe7drt.com/fullchain.pem
MDCertificateKeyFile /etc/letsencrypt/live/oe7drt.com/privkey.pem
</MDomain>
MDChallengeDns01 /etc/apache2/dns/dns-challenge.phar --
MDCertificateAgreement accepted
8 months ago
MDContactEmail {email_redacted}
MDCAChallenges dns-01
2 months ago
```
It seems Apache likes this:
2 months ago
![cropped output of apaches status website /md-status](./mod-status-certs.png)
This is **currently testing** because I have no idea if mod_md will update these certs
itself or if I should run certbot again when it's needed. In the meantime I monitor my
website with [UptimeKuma](https://github.com/louislam/uptime-kuma) which alerts me on
expiring certificates.
The binary (`dns-challenge.phar`) that actually does the DNS Challenge is taken from
[kategray/dns-challenge-cloudflare](https://github.com/kategray/dns-challenge-cloudflare).
An **easier way** to obtain wildcard certificates would be the use of **Cloudflares proxy**.
They would also create a second wildcard cert of another issuer in case the first one
would get compromised so they would actually replace your main cert with a backup cert
just with a whoooop.
Certbot commands have been taken from
[this article by nabbisen](https://dev.to/nabbisen/let-s-encrypt-wildcard-certificate-with-certbot-plo)
at dev.to.
{{< alert >}}
**Update on April 25 2024**
I've now seen that no certificate gets renewed automatically.
{{< /alert >}}
The actual certificate got renewed with the command from above (including
the .net domain). The output of that command clearly states:
2 months ago
```console
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of
--manual certificates requires the use of an authentication hook script
(--manual-auth-hook) but one was not provided. To renew this certificate,
repeat this same certbot command before the certificate's expiry date.
2 months ago
```
I will execute the same certbot command before the certificate's expiry date
the next time to enhance my experience :wink:
**Update**: Another interesting article can be found
[there on mzonline.com](https://mzonline.com/blog/2020-11/certbot-manual-mode-script-hooks)
## Get some filesystem information
2 months ago
```console
$ dumpfs /dev/rsd1a
magic 19540119 (FFS2) time Thu Nov 16 21:14:34 2023
[...] (snip; lots of output...)
2 months ago
```
This can be helpful if you want to know, which filesystem you actually
use on your OpenBSD box.
## Create a Win95 FAT32 USB stick
When you `fdisk -iy sd2` (for example) a USB stick, you usually create
one single OpenBSD partition at the 4<sup>th</sup> position. When you then
try to `newfs_msdos -F 32 -L Label sd2i` the layout is gone -- happened to
me several times until I got fed up and investigated.
I don't know why that happened, but I got my way to create USB sticks, that
actually work with other devices like my amateur radios that need those fancy
microSD cards.
Delete the first bytes on the stick:
2 months ago
```console
$ doas dd if=/dev/zero bs=1m count=1 of=/dev/rsd2c
2 months ago
```
Create the needed partition:
2 months ago
```console
$ echo -n 'edit 0\n0c\n\n2048\n*\nq\n' | doas fdisk -e sd2
2 months ago
```
A short explanation (`\n` is basically a newline; the <kbd>Enter</kbd> key):
- `edit 0\n`: edit the first entry (`fdisk -iy sd2` would edit the 4th entry)
- `0c\n`: selects **Win95 FAT32L** as file system format
- `\n`: only hit enter and use the default _[n]_
- `2048\n`: Start of the partition
- `*\n`: Special size value -- means the remainder of the disk (like `-1` on many other tools)
- `q\n`: write MBR and quits the program
This results in a partition table like this:
2 months ago
```console
$ fdisk sd2
Disk: sd2 geometry: 966/255/63 [15523840 Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
-------------------------------------------------------------------------------
0: 0C 0 32 33 - 966 80 10 [ 2048: 15521792 ] Win95 FAT32L
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
2 months ago
```
whereas a `fdisk -iy sd2` creates a table like this:
2 months ago
```console
$ fdisk sd2
Disk: sd2 geometry: 966/255/63 [15523840 Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
-------------------------------------------------------------------------------
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
*3: A6 0 1 2 - 966 80 10 [ 64: 15523776 ] OpenBSD
2 months ago
```
Don't forget to create the file system:
2 months ago
```console
$ doas newfs_msdos -F 32 -L 8GB_Stick sd2i
2 months ago
```
10 months ago
## Mounting disk images
2 months ago
```console
10 months ago
$ doas vnconfig /dev/vnd0c /path/to/imagefile.img
$ doas mount_msdos /dev/vnd0i ~/mnt/disk
2 months ago
```
10 months ago
## Packages / Ports
### ...because of libraries
Updating dependencies before installing (switch `-U`) does help sometimes...
> Can't install [package] because of libraries
2 months ago
```console
$ doas pkg_add -uiU
2 months ago
```
Should fix that.
## Python
### ModuleNotFoundError
Install python modules with pip.
2 months ago
```console
$ python3 -m pip install --user --upgrade ${example_module}
2 months ago
```
## Rust
### starship prompt
This is usually blocked via the rust-battery crate, as there is still no progress
made on issue [#19](https://github.com/svartalf/rust-battery/issues/19), which probably
leads to no progress on issue [#2267](https://github.com/starship/starship/issues/2276).
Though, there is a [comment](https://github.com/starship/starship/issues/2276#issuecomment-782818302)
that disables the optional features (battery).
So the final installation of Starship looks like:
2 months ago
```console
$ cargo install starship --locked --no-default-features
2 months ago
```
The compilation took about 9½ minutes.
## Git
## Cloudlog (server)
Cloudlog is a webapplication written in PHP that allows ham radio amateurs
to log contacts online. I host my own instance on my server and I finally
looked into why I never got satellites shown in <kbd>SAT Timers</kbd>.
I use php-fpm and it is running as the user `www`. It is kind of jailed and it
cannot read `/etc/ssl/cert.pem` -- so the https connections cannot be verified
and it failes at downloading the satellites infos from other websites.
I solved this by copying `/etc/ssl` to `/var/www/etc/ssl` via rsync, keeping file
permissions intact. I may setup a cronjob for this maybe.
2 months ago
```console
$ cd /var/www
$ doas rsync -avhzrp /etc/ssl/ etc/ssl
sending incremental file list
created directory etc/ssl
./
cert.pem
ikeca.cnf
openssl.cnf
x509v3.cnf
private/
sent 155.82K bytes received 133 bytes 311.90K bytes/sec
total size is 344.08K speedup is 2.21
$ doas rcctl restart php80_fpm
php80_fpm(ok)
php80_fpm(ok)
2 months ago
```
## Cloudlog (client)
Use of the online logging tool Cloudlog on my OpenBSD machine.
First off, connect the TX-500 with the computer (CAT cable) and
start `rigctld`:
2 months ago
```console
$ rigctld -m 2014 -r /dev/cuaU0 -s 9600 -v
2 months ago
```
I use `2014` which is actually a Kenwood TS-2000 -- but on OpenBSD hamlib is currently
at version 4.4 and the TX-500 is only available on
[version ≥4.5](https://github.com/Hamlib/Hamlib/blob/master/NEWS#L199).
For newer hamlib versions (≥4.5) use the rig 2050 like:
2 months ago
```console
$ rigctld -m 2050 -r /dev/cuaU0 -s 9600 -v
2 months ago
```
In combination with Digirig I would probably use something like this,
because otherwise Digirig would instantly key the transceiver:
2 months ago
```console
$ rigctld -m 2014 -r /dev/cuaU0 -s 9600 --set-conf=rts_state=OFF -v
2 months ago
```
Well, I tested this on my desk at home but never used my Laptop for
doing digital modes with my TX-500 though -- but I want this to be noted
here just in case I should need it someday.
On another terminal start [`cloudlogbashcat.sh`](https://github.com/g0wfv/CloudlogBashCat):
2 months ago
```console
$ cloudlogbashcat.sh
2 months ago
```
Now, if you open the website of your Cloudlog installation (and if you have
setup your rigs) and select the radio that uses cloudlogbashcat.
![cloudlog radio selection dialog](radio-settings-cloudlog.png "You can select your pre-defined radio in the Live QSO tab")
## Z-Shell
### Where is this alias defined?
I defined an alias `ls` but I forgot where it was.
2 months ago
```console
$ PS4='+%x:%I>' zsh -i -x -c '' |& grep ls
2 months ago
```
There will be a lot of screen output probably.
### Renaming multiple directories
2 months ago
```console
$ count=1; zmv -n '*' '$f[1,4]/$((count++))-$f[12,-1]'
mv -- 2023-08-05-problems-with-apt-keys-on-my-hotspots 2023/51-problems-with-apt-keys-on-my-hotspots
mv -- 2023-08-26-dmrhost-on-a-raspberrypi4-with-openbsd-or-freebsd 2023/52-dmrhost-on-a-raspberrypi4-with-openbsd-or-freebsd
mv -- 2023-09-16-openbsd-current-built-from-source 2023/53-openbsd-current-built-from-source
2 months ago
```
Moves subdirectories into other folder structure with a counting variable.
2 months ago
```console
$ count=16; zmv -Q '*(/)' '$((count++))-$f[12,-1]'
mv -- 2021-08-08-win10-grub2-and-uefi 16-win10-grub2-and-uefi
mv -- 2021-08-12-running-n1mm-logger-on-linux 17-running-n1mm-logger-on-linux
mv -- 2021-10-03-winlink-and-vara-on-linux 18-winlink-and-vara-on-linux
mv -- 2021-10-03-wordlist-generation 19-wordlist-generation
mv -- 2021-10-26-processes-accessing-mountpoints 20-processes-accessing-mountpoints
2 months ago
```
That was the second part, counting from where we stopped from the previous directory.
There was a draft post left in `2022` which I deleted, now I had to renumber the folders
from `28-*` to `34-` to a number lower by 1.
2 months ago
```console
$ for i in {29..34}; do zmv -n -W $i'*' $((--i))'*'; done
mv -- 29-using-nfs-on-a-raspberry-pi 28-using-nfs-on-a-raspberry-pi
mv -- 30-vpn-tunnel-into-hamnet-on-fedora-36 29-vpn-tunnel-into-hamnet-on-fedora-36
mv -- 31-winlink-on-linux-fix-invalid-handle-on-logfiles 30-winlink-on-linux-fix-invalid-handle-on-logfiles
mv -- 32-hamnet-on-the-pfsense 31-hamnet-on-the-pfsense
mv -- 33-changing-network-metrics-on-linux 32-changing-network-metrics-on-linux
mv -- 34-change-git-submodule-url 33-change-git-submodule-url
2 months ago
```
So, there is still one post left that is actually a draft post and I'd like to
remove the leading number from that directory.
2 months ago
```console
$ zmv -n -W '59-*' '*'
mv -- 59-pat-winlink-on-openbsd pat-winlink-on-openbsd
2 months ago
```
10 months ago
## Neovim
### Update plugins that use `make`
GNU make and BSD make are not compatible, and it is kind of annoying if people
think everybody has installed the same tools to compile software on their boxes.
In this example I often get some errors when I try to update plugins from withing
AstroNvim, a plugin-packaged neovim confgiuration framework.
- Open Neovim and initiate the update procedure (<kbd>space</kbd>, <kbd>p</kbd>, <kbd>a</kbd>)
- Remember what folder the errors occur
- Visit those folders and update the file `Makefile` (usually)
- in `Makefile` replace `make` with `gmake`
(you need that installed, `pkg_add gmake`)
- run the update procedure again
If that does not work, it is mostly a submodule. You can try to update and compile by hand.
Switch to the folder, update `make` with `gmake` and finally run `gmake` in that folder.
That will produce a compiled output (a library) and the updated procedure will pick that up
at the next run and the submodule will usually be ignored unless the main repo has new commits
2 months ago
in its tree. You may then stash the local changes and re-run the update procedure again.
10 months ago
## Concatenate sound files (.wav)
2 months ago
```console
$ sox *.wav one-big-soundfile.wav
2 months ago
```
`cat *.wav > bigfile.wav` works too, but different. That would put all
audio files into separate streams at the output file whereas `sox`
appends one file after another in the big output file.
## Manual page sections
2 months ago
| Section | Description |
| :------ | :------------------------ |
| 1 | General Commands |
| 2 | System Calls |
| 3 | Library Functions |
| 3p | Perl Library |
| 4 | Device Drivers |
| 5 | File Formats |
| 6 | Games |
| 7 | Miscallaneous Information |
2 months ago
| 8 | System Manager's Manual |
| 9 | Kernel Developer's Manual |