== CA Certificates == Ca certificates need to be installed `pkgin install ca-certificates` then `vim /usr/pkg/etc/ca-certificates-dir.conf` make sure to edit the -dir.conf file and not the actuall config file then just run `update-ca-certificaes` == chroots == A chroot from a VM must fixt the resolv.conf to point to a correct nameserver (DNS) otherwise net wont work right. To make a chroot for netbsd, we simply copy /etc /lib /libexec /bin /sbin /usr/bin /usr/sbin into the new root and we are basically done. To simulate a 'bind' mount, we can use `mount -t null src/ dest/` to overlay src over dest NetBSD has the option to mount_procfs and other directly, which is nice So to bind the dev directory, we use `mount -t null /dev chroot/dev` We do this for the procfs as well as others {{{sh mount -t null /dev/pts chroot/dev/pts mount -t null /proc chroot/proc mount -t null /var/run chroot/var/run }}} We can also to `sh MAKEDEV all` in the /dev directory to populate the devices instead of using a null mount To unmount them, we simply do the reverse of the above for all directories: `umount -t null chroot/dev` Due to some systems heavy reliance on systemd, we cannot effectively use those systems to simulate a linux guest chroot. We have to use those that dont have them, making those linux distros ironically a lot less portable. To get all programs running in chroot, we should look for the chroot command or some sort /rootpath in the `ps aux` output == NetBSD equivalents of linux tools == _lsblk_ - is not present, we can however use `sysctl hw.disknames` to check the detected disks and then check their partitioning with `disklabel` or `dkctl listwedges` for GPT partitions. Putting this combination of commands into a script is rather simple and is left as an exercise to the reader _sensors_ - this is also not present but we can check the same stats with `envstat` _sudo_ - this is possible to install, but one should prefer `doas` from the OpenBSD system due to better security. It is also way easier to configure == QEMU AVR and mprotect == During initalization of the qemu avr emulator, it tries to perform an mprotect with PROT_EXEC on a RW mapping. The mapping is a simple static buffer, which is naturally mapped as RW into the program and due to PaX mprotect restrictions it will fail. This has to be explicitly disabled for qemu avr to work properly inside the kernel configuration file. The option is `option PAX_MPROTECT=1` It must be set to 0 or commeted out. It is not recommended to do this, but if programs are giving you this message, it can be disabled. The best option would be however, to fix the programs due to the security risk turning this option causes. == Fix usign paxctl == We can use `paxctl -m binary` to disable mprotect pax extensions on a specific binary. So in this case `paxctl -m /path/to/qemu` Or during compilation of the package `NOT_PAX_MPROTECT_SAFE+= qemu` == NetBSD kernel code style guide == A style guide is located in: /usr/share/misc/style == compiling == ./build.sh for the toolchain then cd /usr/src/sys/modules/nvmm; make check BUILDING for building the toolchain == pkgsrc == To checkout a specific version of a package, for example pkgsrc-2022Q3: `cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co -r pkgsrc-2022Q3 pkgsrc//` The full repo path must be specified, apprently. == Arduino boards and serial programming == To program an arduino with avrdude, we have to use the /dev/dtyU0 devices dmesg doesnt tell us much, just that its available at ucom0. So maybe, for ucom0 its /dev/dtyU0 for ucom1 its /dev/dtyU0, etc. There is little to no documentation on this, so i am writing this here for future reference. `avrdude -P /dev/dtyU0 -p m328p -c arduino -U ` .