Your message?

Notice: To avoid posts by spam, a message body without the word '#FuguIta' is rejected.
Please include the word in your message text.






Call for Testers - Major Changes in Distribution Images (amd64, LiveUSB)

kaw (2021-12-26 (Sun) 00:49:48)

The FuguIta LiveUSB distribution image for the amd64 platform uses a disk partitioning method called "Hybrid MBR" to support both legacy BIOS and UEFI boot mechanisms.

This is a convenient method as it allows a single device to boot both legacy BIOS and UEFI, but it is a non-standard method and furthermore, the partition table is difficult to change later.

Therefore, I am planning to change the partitioning of the LiveUSB distribution image for amd64 platforms from Hybrid MBR to a regular MBR with a UEFI bootloader built in.

We currently have a test image uploaded to mirrors.

I would appreciate it if you could let me know if you can boot FuguIta LiveUSB using this image.

Based on the results, I would like to decide whether to change the format of the distribution image or not.

Reference: FuguIta's UEFI/GPT support


日本語デスクトップ環境構築の記事

kaw (2021-12-21 (Tue) 00:54:01)

エンジニアの情報共有サイト Qiita に記事を投稿しました。

OpenBSDライブシステム「河豚板」の日本語デスクトップ環境を構築する
https://qiita.com/ykaw/items/ca008a34d73d5f1f6dd8

日本語デスクトップ環境に的を絞って説明していますので、網羅的な説明を行っている「河豚板ガイド」よりは見通しのよいものとなっていると思います。
また、FirefoxやLibreOfficeなどの日本語設定については、現行バージョン用の具体的な説明を行っていますので、この部分も有用かと思います。


How to use new network configuration tool

kaw (2021-11-19 (Fri) 21:15:04)

#FuguIta's new network configuration tool, mentioned in the previous article, is currently being tested, but here is how to use it.

gennetconfs generates configuration files for your network. The configuration done when FuguIta is started is also done by this gennetconfs, so please follow the instructions below.

Usage: gennetconfs [-b] [-q] [config_name]
  -b: Suppress the display of banners
  -q: Suppress description of configuration items

If a config_name is specified, configuration files will be created in the directory /etc/netconfs/config_name . If it is not specified, it will be created in the current working directory. When you run gennetconfs, you will be prompted to enter various configuration values. If the prompt is

[foo] -> 

the default value is foo, and entering only ENTER will cause foo to be entered as the configuration value.

1. Entering the Host Name
Enter the host name with domain (FQDN: Fully Qualified Domain Name). You can omit the domain part if you do not need it, for example, when using it in a closed network.

Hostname with domain part (FQDN):
only host name without domain part is also OK.
-> fugu-demo.localnet


2. which IP protocol version to enable
The default is "64" (enable both IPv6 and IPv4, but give priority to IPv6 for name resolution).

IP protocol version(s) to be enabled: 4, 6, 46, 64 or "none"
  4: enable only IPv4
  6: enable only IPv6
  46: give priority to IPv4 name resolution
  64: give priority to IPv6 name resolution
  none: operate as standalone
[64] ->

If "none" is specified, the device will operate as a standalone device that does not use the network, and the configuration by gennetconfs will be completed.

3. Specifying the network interface
Next, a list of network devices will be displayed, and you need to specify only one device that you want to configure.

Network Interfaces: Choose one

  NIC	 type	   Name
-------- ----- ------------
    bge1 ether Broadcom BCM57766
    ure0 ether Realtek USB 10/100/1000 LAN
    run0 wifi  Ralink 802.11 n WLAN
[bge1] ->

The device that appears at the top of the list will be the default. If you specify a Wi-Fi device, you will be prompted to enter the SSID and encryption key.

[bge1] -> run0

Wi-Fi settings:
  SSID -> OUR-WIFI-NETWORK
  WPA Key -> OUR-WIFI-SECRET

If you press only ENTER with the WPA key, you will be prompted to enter WEP.

  WPA Key -> 
  WEP Key -> OUR-WEP-SECRET

If you press only ENTER with the WEP key, it means that you specify the connection without encryption.

4. IPv6 Settings
If you have enabled IPv6, the following configuration input will appear. Set the address to "auto" or manually, as described in the description. In most cases, "auto" will work. If "/prefixlen" is omitted, it is assumed that "/64" is specified.

IPv6 - address and routing:
  Enter "auto" or "IPv6_address[/prefixlen] [default_gateway]"
  "auto" is an automatic setting by SLAAC.
  The "/prefixlen" part can be an integer between 0 and 128.
  If there is no default gateway, set the second field to "none" or leave it blank.
[auto] ->


5. IPv4 Settings
If you have enabled IPv4, you will be prompted to enter the following settings: "auto" for DHCP, as described in the description; otherwise, set the address manually. If you omit "/mask", a netmask that seems appropriate will be assumed.

IPv4 - address and routing:
  Enter "auto" or "IPv4_address[/mask] [default_gateway]"
  "auto" is an automatic setting by DHCP.
  The "/mask" part can be specified in either format, such as "/255.255.255.0" or "/24".
  If there is no default gateway, set the second field to "none" or leave it blank.
[auto] -> 192.168.1.147/24 192.168.1.254


6. DNS Server Settings
If you have configured IPv4 or IPv6 addresses manually, you will be prompted to enter DNS server settings. If you want to communicate directly by specifying IP addresses, you do not need to use DNS servers, so enter only ENTER.

DNS servers: up to 3 IP addresses, separated by spaces
-> 192.168.1.253

Finally, configuration files reflecting the configuration values you have entered will be written to the directory "/etc/netconfs/config_name".

writing configured values:
  /etc/netconfs/default/myname
  /etc/netconfs/default/mygate
  /etc/netconfs/default/hosts
  /etc/netconfs/default/hostname.bge1
  /etc/netconfs/default/resolv.conf


gennetconfs only generates the configuration files, it does not activate the configuration values.
To activate the configuration values, use the chnetconf command. This chnetconf is also executed internally when FuguIta is started.

Usage: chnetconf [-d config_name| -r| -f config_name] | [config_name].
   -d: don't perform /etc/netstart, link/copy files only
   -r: reset all network interfaces
   -f: force reconfiguration even if current conf doesn't exist

chnetconf actually does the following.

  • clear the files in /etc that hold the current configuration
  • deactivate all network interfaces
  • After linking/copying the configuration files with the specified config_name under /etc/netconfs/config_name, run /etc/netstart to activate the network configuration

Using chnetconf, you can switch between multiple configurations generated by gennetconfs on the fly.


New network configuration tool for #FuguIta

kaw (2021-11-16 (Tue) 13:24:17)

OpenBSD 7.0 has changed how IP addresses and DNS autoconfiguration works.

In response to this, FuguIta is pre-publishing a test version with changes to the network configuration part of the boot (= gennetconfs utility).

  • In the normal case, except for the hostname, the configuration items can be used with the default settings by simply entering the ENTER key.
  • The protocol version to be used is "64" (both IPv6 and IPv4 can be used. IPv6 has priority in name resolution) is now the default.
  • IPv6 and IPv4 can now be configured separately.

If you want to try the LiveUSB version, you can either remaster it from LiveDVD or use the fiupdate tool to update from the current version.

For more information about the changes in the tool, please refer to the CVS development repository, a copy of which is available on GitHub.


#FuguIta 7.0 ISO files

arfian (2021-11-11 (Thu) 08:01:15)

I think it is a better idea when release a collection of new ISO we also provide the SHA256 or better SHA512 for better integrity and clarity.
Thanks...


I have found [ command.

m3th (2021-11-07 (Sun) 05:41:01)

#FuguIta-7.0-amd64-202111011.img.gz

$ ls -l /bin/[
-r-xr-xr-x  2 root  bin  123320 Oct 17 13:25 /bin/[

$ /bin/[
[: missing ]
  • Curious! I have found same file other *BSD. Sorry for my post. #FuguIta -- m3th 2021-11-07 (Sun) 12:30:46
  • /bin/[ is equivalent to /bin/test.
    Let's see their inode numbers and link counts.
    $ ls -li /bin/[ /bin/test
    16207 -r-xr-xr-x  2 root  bin  123320 Oct 17 22:25 /bin/[
    16207 -r-xr-xr-x  2 root  bin  123320 Oct 17 22:25 /bin/test
    And note that ksh has same built-in commands.

    In FuguIta's scripts, i.e. /boottmp/rc, /boottmp/usbfadm and so on, [ command is used frequently.

    #FuguIta -- kaw 2021-11-07 (Sun) 18:59:08


Video/Audio transmission over VPN by FuguIta

kaw (2021-11-02 (Tue) 15:43:48)

The plan

I received a request to send video and audio from a studio to a venue using IP transmission equipment for an event.

And there were two limitations to this job as follows.

1. a pair of IP transmission devices work well when directly connected, however, due to a problem with the web UI, we cannot change some of the settings, such as the IP address, which means that transmission over the Internet is impossible as it is.

2. We can change the settings of the edge router in the studio, but we don't know about the router in the venue. In other words, we cannot confirm whether we can set up port forwarding so that the Internet can communicate with hosts in the venue's network.

L2-Tunnel.png

To solve this problem, we decided to build a VPN between the studio and the venue, and connect the IP encoder in the studio to the IP decoder in the venue using Layer 2. Once the VPN line is established, communication is possible from either direction. And the two ends of the VPN can be thought of as being pseudo-directly connected by LAN cables.

Of course, we use OpenBSD and FuguIta to solve this kind of problem.
To build a VPN, WireGuard, or wg(4), which appeared in OpenBSD 6.8, seemed to be useful.
Using WireGuard in practice, we found that it was very easy to build a VPN circuit.

#img(): File not found:

Settings for WireGuard at the studio site is as follows:

---- hostname.wg1 --------------------
wgkey PRIVKEY-OF-THIS-PEER
wgport 7501
wgpeer PUBKEY-OF-HIS-PEER wgaip 172.16.54.1/32 wgpka 0
inet 172.16.54.254 255.255.255.0
mtu 1380
up

The reason the wg number is 1 is to account for the possibility that other peers may connect in the future.
The reason why wgpka is 0 is because the Nat router on the other side is not forwarding the port, so keep alives will not occur.

Next, we look at the venue.

---- hostname.wg0 --------------------
wgkey PRIVKEY-OF-THIS-PEER
wgport 8501
wgpeer PUBKEY-OF-HIS-PEER wgendpoint 153.246.158.51 7501 wgaip 172.16.54.0/24 wgpka 5
mtu 1380
inet 172.16.54.1 255.255.255.0
Network.png

There was one more problem that we had to solve in using WireGuard.
That is, WireGuard is a Layer 3-only VPN.
This time, we want to connect the IP encoder and the IP decoder pseudo-directly, so we need to connect them on Layer 2.

Therefore, I now decided to use etherip(4) to flow Ethernet frames into WireGuard VPN.
This seemed to achieve our goal.

#img(): File not found:

Here is the configuration of the physical devices on the studio side.
bge0 is connected to LAN, and axe0 to the video encoder.

---- hostname.bge0 ------------------
inet 192.168.1.193 255.255.255.0 NONE
up
---- hostname.axe0 ------------------
up

And here is the endpoint of the etherip tunnel.

---- hostname.etherip1 --------------
tunnel 172.16.54.254 172.16.54.1
up

Then we build a bridge(4) between the L2 endpoint and the physical device.

---- hostname.bridge1 ---------------
add etherip1
add axe0
up

Finally, we configure sysctls.

---- sysctl.conf --------------------
net.inet.ip.forwarding=1
net.inet.etherip.allow=1

The configuration of the venue side is almost the same as the studio side. Overall, the configuration is symmetrical.

---- hostname.msk0 ------------------
inet 192.168.1.193 255.255.255.0 NONE
---- hostname.axe0 ------------------
up
---- hostname.etherip0 --------------
tunnel 172.16.54.1 172.16.54.254
up
---- hostname.bridge0 ---------------
add etherip0
add axe0
up
---- sysctl.conf --------------------
net.inet.ip.forwarding=0
net.inet.etherip.allow=1

The Result

With the combination of WireGuard+EtherIP, we were able to transmit video and audio in good condition.

We transmitted a stream of about 25 Mbps on a line with a bandwidth of over 100 Mbps.

However, we found that the video and audio transmissions were very sensitive to fluctuations in the time axis.
In addition to the VPN line, we had an SSH connection for maintenance purposes, but when a certain amount of data was transmitted over this SSH line, the VPN packets would wait, causing the video to freeze for a short time.
In order to solve this problem, we will need to use pf(4) to control packet priority.
This will be an issue for next time.

Video encoder+VPN endpointVPN endpoint+Video decoder
pix-encoder.jpgpix-decoder.jpg
The venue
pix-venue.jpg

Lastly, I would like to discuss the benefits of using FuguIta.
At each stage of designing, building, and deploying a VPN, we had multiple network configurations and needed to quickly switch between them or migrate the configurations between devices. FuguIta's usbfadm and gennetconfs/chnetconf tools made it possible for us to do these tasks quickly.


English version of FuguIta Guide

kaw (2021-11-02 (Tue) 11:41:34)

English translation of #FuguIta Guide is now available.
This was made possible by the generous effort of Alfredo Vogel.

I would like to express my gratitude to him for his great contribution.


FuguIta 7.0

vanitarium (2021-10-27 (Wed) 20:54:43)

#FuguIta I had a kernel panic because it did not find the wifi firmware: it returned that firmware folder was empty. Maybe it is the wrong URL? #FuguIta
Correct URL is firmware.openbsd.org/


FuguIta 7.0

kaw (2021-10-19 (Tue) 23:30:02)

#FuguIta-7.0-{i386,amd64} are currently under testing. They are available in the test directory of the download mirror.

We look forward to your trial reports.


Translate and host user guide help

Vanitarium (2021-09-13 (Mon) 18:46:22)

#FuguIta I am offering you to translate and edit the Japanese version into English and host it on my server. I can set it up as a wiki or a website. If you are happy with that let me know so I can let you proofread it and ok it.


login prompt

m3th (2021-08-10 (Tue) 03:32:55)

Without typing anything, can I see the login prompt like OpenBSD?
This is my request. Without my help, mum can use Fuguita.

#FuguIta


The file layouts of FuguIta

kaw (2021-05-25 (Tue) 12:41:15)

Now, I will try to describe the file layout structure of #FuguIta.

The first figure shows the file layout in boot mode 0 (Click the figure to enlarge).
As examples, the paths /bin/ed, /usr/bin/vi, and pkg_added /usr/local/bin/emacs are shown.

fi-filesys-mode0.png

The root file system is rd(4). This rd(ram disk) device is attached to the kernel and has been already mounted from the system boot time. Under the root, there is an unfamiliar directory called "boottmp". This is where you will find the commands needed at the very beginning of the system boot, and utilities specific to FuguIta.

The FuguIta device itself, a DVD or USB flash drive, which holds the boot loader, OS kernel, and file system images. It is mounted read-only on /sysmedia.

The filesystem image in /sysmedia is mapped to /dev/vnd4 and mounted on /fuguita. This is the OpenBSD file tree. This is pretty much as it should be, except for a few modifications to fit to the live system. Also, this is read-only. So no files can be created, modified, or deleted under it.

/ram is a memory file system called TMPFS (temporary file system), which is both readable and writable. Files that need to be modified, such as /etc/*.conf, your own data under /home/YOU, and the pkg_added program, are located on this. In addition, files that are rarely modified are replaced by symbolic links towards equivalent files in /fuguita. This will reduce the memory usage of TMPFS.

#img(): File not found:


fi-filesys-mode1.png

Next is boot mode 1. This is the same as mode 0, but /usr is symbolically linked to /fuguita/usr. This makes the boot faster and uses less memory than mode 0 by not copying/linking /usr to /ram. However, /usr/local is not writable, so pkg_add is not possible.

#img(): File not found:


fi-filesys-mode2.png

Finally, there is boot mode 2. This is much simpler than modes 0 and 1. Only / and /ram are mounted, and all external devices are unmounted. Of course, all files can be modified.

#img(): File not found:


Note that usbfadm sync will only save the data that exists in /ram TMPFS at boot mode 0, 1, or 2.


How to change encrypt password

m3th (2021-05-21 (Fri) 04:40:05)

Can I change password ?
Should I use newdrive command again?
I might lose data, if I mistake.

#FuguIta



Former articles are at FuguIta/BBS/10.


Return to Top


Front page   New Page list Search Recent changes   Help   RSS of recent changes