00:07:33 I'm not well versed with FreeBSD binary packages, but I'm not easily finding this info: I develop Golang applications mostly and build deb/rpm packages for them on macOS to privately distribute them to my fleet. I wish to support FreeBSD in some of my fleet. How would I most easily create a binary package (.txz?) for FreeBSD to privately distribute the software? (i.e. not via ports) 00:12:33 Cyrus: create a port and use the existing pkg building system to build your package 00:13:11 So it sounds like it's a requirement I do the initial building of it on a FreeBSD machine itself. 00:14:02 yes, i don't think you get many options to cross build freebsd binaries 00:14:42 Damn, I was afraid of that. Alright, thanks! 00:14:45 Cyrus: yeah, create the port, then use: https://www.freebsd.org/cgi/man.cgi?pkg-create(8) 00:14:46 Title: pkg-create(8) 00:15:57 An application, we'll call it Mumble (because that's its name) locked /dev/mixer. I closed the application out and it is no longer running, but /dev/mixer is still not capable of being opened by subsequent invokations. How could I potentially investigate? 00:17:25 i'd start with fstat 00:26:27 didn't think of that, only ran 'fuser' 00:51:55 <_xor> What's the best way to retain older versions of packages in case a downgrade is necessary? I know you can grab them from /var/cache/pkg, assuming it hasn't been cleaned since. 00:53:09 <_xor> Poudriere has an option to retain older versions, which I haven't looked at yet beyond setting it to >1. Does it keep the packages in the .real* dirs? 00:56:01 poudriere has a keep packages option iirc 00:56:12 not sure where it keeps them 00:56:27 my guess: it just precludes deleting them 00:56:39 with no other tracking 01:03:42 is it possible to disable PAM? any pitfalls in that? 01:05:11 How do I fix this error, Ports Collection support for your FreeBSD version has ended, and no ports are 01:05:11 guaranteed to build on this system. Please upgrade to a supported release. i'm running 13.0 01:06:36 13.0 isn't a supported release. I believe 13.1 is, or you can begin tracking stable. 01:06:48 (the latter, I don't recommend.) 01:08:06 can i upgrade to 13.1 ? 01:09:33 sn00p https://docs.freebsd.org/en/books/handbook/cutting-edge/ 01:09:34 Title: Chapter 24. Updating and Upgrading FreeBSD | FreeBSD Documentation Portal 01:10:18 upgrade then portsnap fetch 01:11:38 https://www.freebsd.org/releases/13.1R/installation/ 01:11:39 Title: FreeBSD 13.1-RELEASE Installation Instructions | The FreeBSD Project 01:11:41 i read this one 01:14:10 yeah that will work 13.1 is supported 01:20:59 how do we run sshd as a non-root user pls? UsePAM doc in man sshd_config implies it's possible but I CANT FIND DOC ON IT 01:29:47 polyex: As in, run as root then drop privileges? 01:30:00 Or run entirely as a non-root user? 01:32:34 polyex: that's interesting, and you have piqued my interest.... I found the line in question in sshd_config manpage 01:32:47 "If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user." 01:33:48 I suppose you could always run /usr/sbin/sshd directly either interactively or through your own scripts? But I'm trying to think of the implications to the functionality of sshd though 01:39:25 rorf 02:00:55 <_xor> koobs: Yeah, I was looking at different ways to approach it. The packages aren't deleted, but I was wondering if poudriere has to explicitly ignore those when invoking pkg-repo. 02:01:05 <_xor> oh, wrong channel lol 02:01:36 <_xor> Oh nevermind, misread my client. Thought I as in #freebsd-irc. 02:01:38 i'm doing this, freebsd-update upgrade -r 13.1-RELEASE and its at the point where it has a : and does nothing until I hit return is this what i'm supposed to do? 02:02:44 <_xor> kevans: What would you reckon is the best way to implement poll in /etc/rc/jail? 02:04:34 <_xor> kevans: Last I checked it was a stub, which makes sense. I needed to block until a jail terminates, but couldn't find an easy way to do it with jail(8) or service(8). So currently I launch the jail and then have a shell script that polls it every X seconds until it exits. 02:07:09 <_xor> kevans: I worked up a couple of other alternatives where 1) Create a FIFO and read it (blocking), then from exec.poststop write to it so that it unblocks on jail exit. B) Invoke `service nginx poll` after the jail starts (nginx is just an example, couldn't determine a pid 1 or equivalent to poll within the jail when using rc). 02:07:53 <_xor> kevans: Then it occured to me that `service jail poll myjail1 myjail2 ...` would be useful here. How that would be implemented is a different case, but having it there would be really nice. 02:10:53 <_xor> kevans: In case you're curious, the use-case for me is that the orchestration system I use across multiple hosts requires that when it launches a service on a host, it expects the process to block. If it exits, then it's considered a failure. I run most of my services inside of jails, hence why I need it to block. Would prefer it be event-based, but polling is fine for now. 02:20:28 _xor: I had never heard of poll until just now, let me take a look here 02:21:21 ah, ok, so this is supposed to be like a "service needs restarted" kind of indicator in a sense 02:24:10 hmm, rc.d/jail currently doesn't do anything, but I guess the intuitive action would be to poll jls -d for the named jail 03:32:58 wez ya wanna run sshd as a service, not from a user, so i guess that means start as root then drop privs 03:33:43 not sure what else sshd_config means by that line about running sshd as non-root user 03:47:20 <_xor> kevans: Yeah, I'm using jls with libxo and jq to query the jail status in a loop and exit once it's stopped. 03:47:45 <_xor> kevans: ...but I was more curious about whether there was an event-triggered method for doing that rather than having to poll. 03:48:21 <_xor> The FIFO method I mentioned earlier is that, but it's a bit hacky. 03:49:25 <_xor> I'm going to man the jail api and see if there's a function for it, but I'm not exactly expecting there to be so that wouldn't be much better than a polling loop. 03:51:11 I had a really half-baked idea of adding some kqueue functionality for jails 03:51:24 <_xor> I was also pondering a simple rc.d script to run within the jail where all it does is block, that's it. Then from the host an rc script can invoke wait_for_pids on the specific pid for that rc script running in the jail. 03:52:02 <_xor> kevans: Like what? I mean what use-cases are you thinking of for that? 03:52:46 you'd basically tap out kevents on jail state changes, so jail(8) could gain a poll/test mode where it just blocks on kq 03:52:58 <_xor> oooh that would be nice 03:53:12 <_xor> Have it on my desk by Monday! Stat! 03:53:16 <_xor> *rimshot* 03:53:20 hah 03:54:06 <_xor> Hmm, I guess since jails can run without a process, then there's no reliable process that can be monitored within the jail, right? Like, there's no pid 1 or whatnot. 03:54:15 right 03:55:44 * _xor really needs to get familiar with the jail(2) and jail(3). 03:57:28 <_xor> Does it make any sense to have a sysctl to indicate states? 04:00:07 * kevans hisses 04:07:25 reminds me 04:07:27 devmatch: panic: general protection fault: sysctl_devices() -> sysctl_root_handler_locked() in hw.bus.devices sysctl handler 04:07:33 so maybe not (yet) :D 04:33:57 <_xor> heh 04:34:15 so anyone run sshd as non-root or know how? (last time ill spam it) 04:34:31 <_xor> What's the issue? 04:35:53 <_xor> I'd imagine you could explore /etc/rc.d/sshd and see if there's a knob for it, or check /etc/ssh/sshd_config to see if it has settings to allow changing users and/or dropping privileges or whatnot. 04:39:06 ya looked in both 04:39:11 5 hours ago hehe 04:39:23 im in last call mode on this by now 06:37:54 if we only allow public key ssh in, any good reason user accounts should still have a pw? 06:43:54 i got "sshd error protocol major versions differ 2 vs 1" showing up in my logs not sure how to reproduce it. anyone dealt with it? 06:47:38 sshd_config man page says "2" is the default, i didnt change it, so that's what i got. any 1 stuff must be client side then 06:47:54 but i looked at the ssh_config (client side) and nothing about how to configure a protocol version 06:47:56 how i do? 06:50:30 man for ssh has "protocol-version" but no mention of how to use it 06:50:40 just under -Q for querying server capabilities 06:51:50 seems like protocol v 1 is disabled or just not enabled in fbsd land so where tf that error msg come from? 06:51:56 both 13.1 boxes lol 06:56:06 polyex: protocol version 1 is disabled by default with newer openssh versions and freebsd got that some time ago IIRC 06:57:46 any idea how i got that error msg to show up then? 07:01:21 polyex: did you do anything when it happened? 07:01:51 prolly 07:02:06 ive been fiddling with sshd config today but never touched protocol 07:23:36 https://www.bsdnow.tv/471 07:23:37 Title: BSD Now 471: De-Penguinization 07:37:58 Penguins are the best 07:52:27 sorry if I'm missing something obvious as I'm pretty much a newbie, but in a clean 13.0 system I'm having this error as of this morning when trying to run wget: 07:52:29 ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/bin/wget not found 07:53:18 to my eyes, it looks as if the binary for wget in 13.0 had been "upgraded" to one that was built against the 13.1 libraries 07:53:41 yesterday this didn't happen 07:57:39 13.0 has been past EOL. 13.1 is one of the currently supported version. Packages are built only for the supported releases. 18:07:02 polyex: "The OpenSSH SSH daemon supports SSH protocol 2 only."; see also 'ssh -Q protocol-version' (only '2' on FreeBSD) 19:04:53 uname -a: FreeBSD srv001 12.3-RELEASE-p6 FreeBSD 12.3-RELEASE-p6 GENERIC amd64 and freebsd-update fetch install: No updates needed to update system to 12.3-RELEASE-p7 19:05:14 like one says p7 but reality is p6 patch level 19:06:07 what does freebsd-version -uk report? 19:07:25 12.3-RELEASE-p6 19:07:25 12.3-RELEASE-p7 19:10:34 dang that's an old release 19:12:12 well it is maintained 19:28:56 Every time I go to upgrade a specific port, I do a google and wonder why there's 1. So much different info out there and 2. Why the process is so inscrutable :) 19:29:16 Like this version of the handbook talks about making a diff file https://docs.freebsd.org/en/books/porters-handbook/upgrading/ 19:29:17 Title: Chapter 11. Upgrading a Port | FreeBSD Documentation Portal 19:30:19 Some old posts talk about portupgrade which isn't even in the 13.0 port tree 20:16:31 SpaceBass_laptop: That's the _Porter's Handbook_: For those that are actually maintaing the port system, not a user updating to the most recent port. Most users should use pkg unless they need a non-standard option. 20:23:36 Using pkg: https://docs.freebsd.org/en/books/handbook/ports/#pkgng-intro : 'pkg upgrade' should be all most users need to update packages. 20:23:38 Title: Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal 20:24:08 Too late to convert this entire system to pkgs - everything was built with ports because I needed some options that weren't compiled in some pkg versions 20:24:57 SpaceBass_laptop: You can still use packages and just build the ports you need non-default options in. 20:26:17 So should I just go back into /usr/port/path/to/port and make reinstall? 20:26:35 Or use Poudriere to build all the ports you need and then use those packages. This is usually what's recommended. Especially for multi-system labs/DC's. 20:26:47 SpaceBass_laptop: Sure. 20:27:08 I've tried poudriere and, while I think of my self as a reasonably smart person, it breaks my brain 20:27:49 SpaceBass_laptop: There is a bit of a learning curve, but once it clicks, it's fairly straight forward to use. 20:28:13 It's really only getting it started that takes a bit to learn. Once everything is in place, it's mostly only a few commands to do everything. 20:37:51 I'll try it again once I get this one port update 20:38:47 I've found synth works very well for the mixed custom/vanilla (leveraging pre-built where possible) setup. (In comparison to poudriere, which felt like using a sledgehammer to tap in a finish nail.) 20:39:59 Although the first thing to double-check is that you still need the custom options; I've found some ports that I needed to config previously now have the options I want by default; worth looking. 20:42:16 And so long as you're 11+ (if I recall) even if they're built from ports, they are still installed via the pkg framework; 'pkg info' should list them, for example. 20:45:16 Yes. The ports system uses the package it creates to do the actual install. So, using "pkg" commands for any information will work for any port installs as well. 20:51:02 The big one is samba which doesn't have a package with bind 9.16 backend support - you can only do it through ports 20:57:37 poudriere-devel can do the prebuilt thing that synth does too (-b quarterly or -b latest) 21:13:01 * saltd changed to Friday, 9. Sep 2012 21:13:46 tao: thanks! 21:18:57 carbonfiber: np 22:11:03 polyex, "grep ssh /etc/passwd" hints sshd will drop privilege. 22:12:41 Oh wait, someone mentioned that before. 22:13:37 V_PauAmma_V yes, in wrong window 22:26:04 saltd, context for that? 22:28:05 answer unfound