== CA Certificates ==

	Ca certificates need to be installed
	`pkgin install ca-certificates`
	then
	`vim /usr/pkg/etc/ca-certificates-dir.conf`
	make sure to edit the -dir.conf file and not the actuall config file

	then just run
	`update-ca-certificaes`
	
== chroots ==
	A chroot from a VM must fixt the resolv.conf to point
	to a correct nameserver (DNS) otherwise net wont work right.
	
	To make a chroot for netbsd, we simply copy
	/etc /lib /libexec /bin /sbin /usr/bin /usr/sbin
	into the new root and we are basically done.
	
	To simulate a 'bind' mount, we can use `mount -t null src/ dest/` to
	overlay src over dest
	NetBSD has the option to mount_procfs and other directly, which is nice
	
	So to bind the dev directory, we use
	`mount -t null /dev chroot/dev`
	We do this for the procfs as well as others
	{{{sh
	mount -t null /dev/pts chroot/dev/pts
	mount -t null /proc chroot/proc
	mount -t null /var/run chroot/var/run
	}}}
	
	We can also to `sh MAKEDEV all` in the /dev directory to populate
	the devices instead of using a null mount
	
	To unmount them, we simply do the reverse of the above for all
	directories:
	`umount -t null chroot/dev`
	
	Due to some systems heavy reliance on systemd, we cannot effectively
	use those systems to simulate  a linux guest chroot. We have to use
	those that dont have them, making those linux distros ironically a lot
	less portable.
	
	To get all programs running in chroot, we should look for
	the chroot command or some sort /rootpath in the `ps aux` output
	
== NetBSD equivalents of linux tools ==

	_lsblk_ - is not present, we can however use
		`sysctl hw.disknames` to check the detected disks
		and then check their partitioning with `disklabel` or
		`dkctl  listwedges` for GPT partitions.
		Putting this combination of commands into a script is rather
		simple and is left as an exercise to the reader
	
	_sensors_ - this is also not present
		but we can check the same stats with `envstat`
		
	_sudo_ - this is possible to install, but one should
		prefer `doas` from the OpenBSD system due to
		better security. It is also way easier to configure
	
	
== QEMU AVR and mprotect ==
	During initalization of the qemu avr emulator, it tries to
	perform an mprotect with PROT_EXEC on a RW mapping.
	The mapping is a simple static buffer, which is naturally mapped
	as RW into the program and due to PaX mprotect restrictions
	it will fail.
	This has to be explicitly disabled for qemu avr to work properly
	inside the kernel configuration file. The option is
	`option PAX_MPROTECT=1`
	It must be set to 0 or commeted out. It is not recommended to do
	this, but if programs are giving you this message, it can be
	disabled. The best option would be however, to fix the programs
	due to the security risk turning this option causes.
	
	== Fix usign paxctl ==
	
		We can use `paxctl -m binary` to disable mprotect pax
		extensions on a specific binary. So in this case
		`paxctl -m /path/to/qemu`
		
		Or during compilation of the package
		`NOT_PAX_MPROTECT_SAFE+= qemu`
	
== NetBSD kernel code style guide ==
	A style guide is located in: /usr/share/misc/style
	
	== compiling ==
		./build.sh for the toolchain
		then cd /usr/src/sys/modules/nvmm; make
		check BUILDING for building the toolchain
		
	
== pkgsrc ==
	To checkout a specific version of a package, for example pkgsrc-2022Q3:
		`cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co -r pkgsrc-2022Q3 pkgsrc//`
		
		The full repo path must be specified, apprently.
		
		
== Arduino boards and serial programming ==
	To program an arduino with avrdude, we have to use the /dev/dtyU0 devices
	dmesg doesnt tell us much, just that its available at ucom0. So maybe, for ucom0
	its /dev/dtyU0 for ucom1 its /dev/dtyU0, etc. There is little to no documentation
	on this, so i am writing this here for future reference.
	`avrdude -P /dev/dtyU0 -p m328p -c arduino -U `