Install process: couple of comments

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Install process: couple of comments

Limaunion
Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
boot method. In previous years I used an internal FTP server to perform
the upgrade, but for some reason this is not supported any more since a
couple of releases. I mounted and published the ISO image using a
raspberrypi and NGINX (HTTP method). During the install process I hit
the following error 'unable to get a verified list of distribution
sets'(*). I couldn't find much help from google but after some time I
figured out that the install was looking for a file named index.txt,
that is not included in the ISO.
Maybe some of this information can be included to the install guide for
those of us doing a local HTTP upgrade, and also it would be great to
have the index.txt file included in the ISO.
For the record, the kernel relinking (Relinking to create unique
kernel...) took about 14 minutes in my ALIX board and it takes about 2.5
minutes the library reordering during the boot process.
Just my .02 cents.
J.

(*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0"


OpenBSD 6.2 (GENERIC) #163: Tue Oct  3 19:51:20 MDT 2017
     [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD"
586-class) 499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem  = 267931648 (255MB)
avail mem = 248758272 (237MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe0000/0xa800
cpu0 at mainbus0: (uniprocessor)
mtrr: K6-family MTRR support (2 registers)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10,
address 00:0d:b9:12:d5:4c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12,
address 00:0d:b9:12:d5:4d
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
ath0 at pci0 dev 12 function 0 "Atheros AR5212" rev 0x01: irq 9
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6 eeprom 4.8, FCC2A*, address
00:0b:6b:85:20:5f
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3,
32-bit 3579545Hz timer, watchdog, gpio, i2c
gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
maxtmp0 at iic0 addr 0x4c: lm86
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <CF CARD 1GB>
wd0: 1-sector PIO, LBA, 967MB, 1981728 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15,
version 1.0, legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev
2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev
1.00/1.00 addr 1
nvram: invalid checksum
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (c0ea1143b236330f.a) swap on wd0b dump on wd0b
clock: unknown CMOS layout

Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

Limaunion
On 10/16/2017 06:55 PM, Limaunion wrote:

> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
> boot method. In previous years I used an internal FTP server to perform
> the upgrade, but for some reason this is not supported any more since a
> couple of releases. I mounted and published the ISO image using a
> raspberrypi and NGINX (HTTP method). During the install process I hit
> the following error 'unable to get a verified list of distribution
> sets'(*). I couldn't find much help from google but after some time I
> figured out that the install was looking for a file named index.txt,
> that is not included in the ISO.
> Maybe some of this information can be included to the install guide for
> those of us doing a local HTTP upgrade, and also it would be great to
> have the index.txt file included in the ISO.
> For the record, the kernel relinking (Relinking to create unique
> kernel...) took about 14 minutes in my ALIX board and it takes about 2.5
> minutes the library reordering during the boot process.
> Just my .02 cents.
> J.
>
> (*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0"
>

I know about this, but its not crystal clear (at least for me):

https://www.openbsd.org/faq/faq4.html
  Note: If you intend to provide the sets over HTTP(s), place siteXX.tgz
in your source directory and include it in your index.txt. It will then
be an option at install time.

Best regards.

Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

Nick Holland
On 10/16/17 18:38, Limaunion wrote:

> On 10/16/2017 06:55 PM, Limaunion wrote:
>> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
>> boot method. In previous years I used an internal FTP server to perform
>> the upgrade, but for some reason this is not supported any more since a
>> couple of releases. I mounted and published the ISO image using a
>> raspberrypi and NGINX (HTTP method). During the install process I hit
>> the following error 'unable to get a verified list of distribution
>> sets'(*). I couldn't find much help from google but after some time I
>> figured out that the install was looking for a file named index.txt,
>> that is not included in the ISO.
>> Maybe some of this information can be included to the install guide for
>> those of us doing a local HTTP upgrade, and also it would be great to
>> have the index.txt file included in the ISO.
>> For the record, the kernel relinking (Relinking to create unique
>> kernel...) took about 14 minutes in my ALIX board and it takes about 2.5
>> minutes the library reordering during the boot process.
>> Just my .02 cents.
>> J.
>>
>> (*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0"
>>
>
> I know about this, but its not crystal clear (at least for me):
>
> https://www.openbsd.org/faq/faq4.html
>   Note: If you intend to provide the sets over HTTP(s), place siteXX.tgz
> in your source directory and include it in your index.txt. It will then
> be an option at install time.
>
> Best regards.

There are a few ways of doing things right.
There is a near infinite number of doing things, if not wrong, at least
"oddly".

Mounting an ISO file as a file system and using that as the source of
your files for a web install qualifies as "at least, oddly", defeating
the purpose of both an ISO and a web install.  In fact, you may well be
over the "wrong" line on that.  I don't think you will see any special
documentation or file changes supporting that way of doing things.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

Stuart Henderson
In reply to this post by Limaunion
On 2017-10-16, Limaunion <[hidden email]> wrote:
> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
> boot method. In previous years I used an internal FTP server to perform
> the upgrade, but for some reason this is not supported any more since a
> couple of releases.

ftp support was removed from the installer, but you can place the same
files on an http/https server instead.

> I mounted and published the ISO image using a
> raspberrypi and NGINX (HTTP method). During the install process I hit
> the following error 'unable to get a verified list of distribution
> sets'(*). I couldn't find much help from google but after some time I
> figured out that the install was looking for a file named index.txt,
> that is not included in the ISO.

you want nearly all of the files from the release directory on a mirror,
you can skip install*.fs / install*.iso.

> Maybe some of this information can be included to the install guide for
> those of us doing a local HTTP upgrade, and also it would be great to
> have the index.txt file included in the ISO.

you won't have the SHA256.sig to verify the files against the signify
signature in the iso either.

> For the record, the kernel relinking (Relinking to create unique
> kernel...) took about 14 minutes in my ALIX board and it takes about 2.5
> minutes the library reordering during the boot process.

yes, it's terribly slow on machines with slow storage devices.
I tend to disable it on those (until I can justify replacing the
machine with something newer, which has other advantages too).


Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

Limaunion
On 10/17/2017 05:44 PM, Stuart Henderson wrote:

> On 2017-10-16, Limaunion <[hidden email]> wrote:
>> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
>> boot method. In previous years I used an internal FTP server to perform
>> the upgrade, but for some reason this is not supported any more since a
>> couple of releases.
>
> ftp support was removed from the installer, but you can place the same
> files on an http/https server instead.
>
>> I mounted and published the ISO image using a
>> raspberrypi and NGINX (HTTP method). During the install process I hit
>> the following error 'unable to get a verified list of distribution
>> sets'(*). I couldn't find much help from google but after some time I
>> figured out that the install was looking for a file named index.txt,
>> that is not included in the ISO.
>
> you want nearly all of the files from the release directory on a mirror,
> you can skip install*.fs / install*.iso.
>
>> Maybe some of this information can be included to the install guide for
>> those of us doing a local HTTP upgrade, and also it would be great to
>> have the index.txt file included in the ISO.
>
> you won't have the SHA256.sig to verify the files against the signify
> signature in the iso either.
>
>> For the record, the kernel relinking (Relinking to create unique
>> kernel...) took about 14 minutes in my ALIX board and it takes about 2.5
>> minutes the library reordering during the boot process.
>
> yes, it's terribly slow on machines with slow storage devices.
> I tend to disable it on those (until I can justify replacing the
> machine with something newer, which has other advantages too).
>
>
>

Hi! you mean that the library reordering can be disabled? care to share
how to do that? google didn't help...
Thanks for your comments.

Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

trondd-2
On Wed, October 18, 2017 6:15 pm, Limaunion wrote:

> On 10/17/2017 05:44 PM, Stuart Henderson wrote:
>> On 2017-10-16, Limaunion <[hidden email]> wrote:
>>> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
>>> boot method. In previous years I used an internal FTP server to perform
>>> the upgrade, but for some reason this is not supported any more since a
>>> couple of releases.
>>
>> ftp support was removed from the installer, but you can place the same
>> files on an http/https server instead.
>>
>>> I mounted and published the ISO image using a
>>> raspberrypi and NGINX (HTTP method). During the install process I hit
>>> the following error 'unable to get a verified list of distribution
>>> sets'(*). I couldn't find much help from google but after some time I
>>> figured out that the install was looking for a file named index.txt,
>>> that is not included in the ISO.
>>
>> you want nearly all of the files from the release directory on a mirror,
>> you can skip install*.fs / install*.iso.
>>
>>> Maybe some of this information can be included to the install guide for
>>> those of us doing a local HTTP upgrade, and also it would be great to
>>> have the index.txt file included in the ISO.
>>
>> you won't have the SHA256.sig to verify the files against the signify
>> signature in the iso either.
>>
>>> For the record, the kernel relinking (Relinking to create unique
>>> kernel...) took about 14 minutes in my ALIX board and it takes about
>>> 2.5
>>> minutes the library reordering during the boot process.
>>
>> yes, it's terribly slow on machines with slow storage devices.
>> I tend to disable it on those (until I can justify replacing the
>> machine with something newer, which has other advantages too).
>>
>>
>>
>
> Hi! you mean that the library reordering can be disabled? care to share
> how to do that? google didn't help...
> Thanks for your comments.
>

Why does everyone always go straight to google? (Yeah, I know, silly
question.)  And then give up?

Looking at the code might be a better start.  Line 163 is particularly
interesting...

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc?annotate=1.519

Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

Limaunion
On 10/18/2017 09:02 PM, trondd wrote:

> On Wed, October 18, 2017 6:15 pm, Limaunion wrote:
>> On 10/17/2017 05:44 PM, Stuart Henderson wrote:
>>> On 2017-10-16, Limaunion <[hidden email]> wrote:
>>>> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE
>>>> boot method. In previous years I used an internal FTP server to perform
>>>> the upgrade, but for some reason this is not supported any more since a
>>>> couple of releases.
>>>
>>> ftp support was removed from the installer, but you can place the same
>>> files on an http/https server instead.
>>>
>>>> I mounted and published the ISO image using a
>>>> raspberrypi and NGINX (HTTP method). During the install process I hit
>>>> the following error 'unable to get a verified list of distribution
>>>> sets'(*). I couldn't find much help from google but after some time I
>>>> figured out that the install was looking for a file named index.txt,
>>>> that is not included in the ISO.
>>>
>>> you want nearly all of the files from the release directory on a mirror,
>>> you can skip install*.fs / install*.iso.
>>>
>>>> Maybe some of this information can be included to the install guide for
>>>> those of us doing a local HTTP upgrade, and also it would be great to
>>>> have the index.txt file included in the ISO.
>>>
>>> you won't have the SHA256.sig to verify the files against the signify
>>> signature in the iso either.
>>>
>>>> For the record, the kernel relinking (Relinking to create unique
>>>> kernel...) took about 14 minutes in my ALIX board and it takes about
>>>> 2.5
>>>> minutes the library reordering during the boot process.
>>>
>>> yes, it's terribly slow on machines with slow storage devices.
>>> I tend to disable it on those (until I can justify replacing the
>>> machine with something newer, which has other advantages too).
>>>
>>>
>>>
>>
>> Hi! you mean that the library reordering can be disabled? care to share
>> how to do that? google didn't help...
>> Thanks for your comments.
>>
>
> Why does everyone always go straight to google? (Yeah, I know, silly
> question.)  And then give up?
>
> Looking at the code might be a better start.  Line 163 is particularly
> interesting...
>
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc?annotate=1.519
>
>

Got it, thanks!

Reply | Threaded
Open this post in threaded view
|

Re: Install process: couple of comments

Stuart Henderson
In reply to this post by trondd-2
On 2017-10-19, trondd <[hidden email]> wrote:
> Why does everyone always go straight to google? (Yeah, I know, silly
> question.)  And then give up?
>
> Looking at the code might be a better start.  Line 163 is particularly
> interesting...
>
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc?annotate=1.519

Or even the documentation, rc.conf(5):

     library_aslr  rc reorders some libraries for improved protection against
                   ROP.

Kernel reordering can't be disabled like this, but at least it runs at the
end of startup, in the background.