02:22:28 <_xor> Is there an easy way to figure out which commit a kernel was compiled from?
02:30:32 <mason> _xor: Hrm, I don't have something that's not installed by freebsd-update here, but what's strings /boot/kernel/kernel | tail give you?
02:51:59 <rwp> The theory goes that "freebsd-version -kru" should return the installed kernel, running kernel, userland versions.
02:53:12 <rwp> I don't know how that maps to git commit hashes or git tags though.  I would hope it would map to "git tag -l" and "git log release/13.1.0" though.
02:53:37 <_xor> Not necessairly, it's more complex than that. You also have patchlevels, etc.
02:53:44 <_xor> mason: Good thinking on strings.
02:54:06 <_xor> mason: I may have a lead here - "stable/13-5c55abaf0"
02:55:42 <_xor> Yaaaas, looks like I found it :)
03:02:40 <_xor> Oh I am such an idiot.
03:03:01 <_xor> I forgot that I built the image for this version using poudriere.
03:03:09 <_xor> Could just have checked the poudriere jail version.
03:05:21 <rwp> Every year that I get older I keep realizing how dumb I was last year.
03:06:16 <_xor> But since you're realizing it, aren't you getting smarter? :P
03:06:25 <_xor> Also, I just noticed that the two hashes don't match :/
03:07:05 <rwp> The dumbest thing we all did as a kid was wish we were an adult.  And now look at us!
03:07:11 <_xor> I was just telling my buddy something like that the other day. Over the past 20 years, when looking at something, the change in mentality went something like this...
03:08:31 <_xor> "What the heck? That's stupid, you should just do this..." -> "Hmm, that's strange, but there's probably a reason it's done like that..." -> "That doesn't seem like the best way, but I might be missing something...but then again, I've seen stupid stuff before."
03:09:16 * rwp laughs
03:10:01 <_xor> Your line reminds me of that classic joke: "Everyone laughed at me when I told them I wanted to be a stand-up comedian. Well guess what? They're not laughing now!"
03:12:04 <_xor> Hmm, I wonder how "exact" these versions have to match. I want to give blued a go, but I need to patch ng_hci.so first.
03:44:38 <mason> _xor: Back when CVS roamed the earth, the BSDs embedded RCS IDs and similar in strings at the top of files for just your purpose. Shame it's not still done.
06:37:20 <_xor> I wonder why it was removed.
08:59:21 <meena> i really wish we had tags for each release and each patch
13:04:16 <eoli3n> Hi
13:04:27 <eoli3n> i had a strange behaviour this morning
13:04:51 <eoli3n> i configured dma with a gmail account few month ago to get mails from my server
13:05:05 <eoli3n> as i didn't set up 2fa, google blocked my account
13:05:13 <eoli3n> i solved this and mails worked again
13:05:28 <eoli3n> but this morning, I receivre a mail from dma, which said that smtp authentication failed
13:05:36 <eoli3n> from root@myserver
13:05:41 <eoli3n> and not the gmail account
13:05:53 <eoli3n> can dma deliver mails live postfix without external account ?
13:06:00 <eoli3n> s/live/like
15:05:07 <lavaball> where can i read up on what kind of file/partition encryption you have? do you use bioctl like openbsd? can i select encryption stuff like with cryptsetup in linux? do you have pledge and veil like openbsd? Also what filesystems are supported? sorry for the dumb questions. i'm trying to set up a backup storage box, and i was already set on linux, but now i'm thinking maybe i should try this freebsd instead.
15:26:34 <steew> lavaball: https://docs.freebsd.org/en/books/handbook/disks/
15:26:36 <VimDiesel> Title: Chapter 18. Storage | FreeBSD Documentation Portal
15:26:56 <steew> no, we do not have pledge and unveil, but we have capsicum if you want to read on that
15:28:05 <steew> Read also sections 19,20,21 regarding file systems
15:52:21 * debdrup notes that pledge still lets execve() escape the sandbox.
15:52:50 <debdrup> And it seems to be an issue they WONTFIX, because it's by design?
15:53:34 <debdrup> GEOM and GBDE are the encryptions traditionally used in FreeBSD, although ZFS has native encryption there's some indications it is to be avoided at present.
15:54:21 <debdrup> Well, there's more closed items on https://docs.google.com/spreadsheets/d/1OfRSXibZ2nIE9DGK6swwBZXgXwdCPKgp4SbPZwTexCg/view now than there were before, so that's good.
15:54:23 <VimDiesel> Title: OpenZFS open encryption bugs (public RO) - Google Sheets
15:54:47 <debdrup> Sorry, I meant GELI, not GEOM.
15:55:17 <debdrup> GELI and GBDE are both options that're part of GEOM.
15:56:18 <debdrup> In addition to Capsicum, we also have jails and the MAC framework, both of which can be used to lock down a process, as well as whole-system auditing using OpenBSM.
15:57:01 <debdrup> Capsicum, jails, and MAC can all be used in conjunction (and you can also add securelevel on top of that, although that exists in the other BSDs too).
15:58:37 <debdrup> The filesystem filewall that can be implemented via MAC isn't super well-known, but it's incredibly powerful.
16:00:08 <debdrup> The MAC framework is  kinda interesting in and of itself, and if there's someone who needs something to do, I recommend reading https://docs.freebsd.org/en/books/arch-handbook/mac/
16:00:09 <VimDiesel> Title: Chapter 6. The TrustedBSD MAC Framework | FreeBSD Documentation Portal
16:02:15 <debdrup> The handbook also has a section: https://docs.freebsd.org/en/books/handbook/mac/
16:02:16 <VimDiesel> Title: Chapter 16. Mandatory Access Control | FreeBSD Documentation Portal
16:05:26 <debdrup> s/encryptions/data encryption methods/
16:58:35 <lavaball> steew, thanks a bunch.
17:24:35 <lavaball> this all looks very nice, with the zfs and the pf. would you recommend using freebsd as a encrypted file server thingy or is there a better solution?
17:41:22 <shiroyasha> lavaball: Not FreeBSD specific, but you can check out Ceph as well, if only for comparing options.
17:44:52 <lavaball> never hard of it. wasn't that the end boss of street fighter 4?
17:45:34 <lavaball> i don't see anything about bsd there. just linux platforms and that the kernel should be newer.
17:53:35 <lavaball> this ceph seems a big much for my use case. thanks though.
18:09:33 <nacelle> the pf isnt the pf you know from openbsd
18:10:13 <nacelle> (its similar and has the same root, but its hasnt been the same for a while)
18:18:18 <lavaball> similar enough. i'll figure it out. thanks though.
18:18:31 <lavaball> oh, do you have bind mounts?
18:41:46 <rtprio> lavaball: are those for overlaying filesystems?
18:47:08 <rwp> In the Linux kernel a "mount -o bind /home /mnt/home" will overlay the first onto the second, often used to make directories available inside a chroot and other purposes.
18:54:35 <lavaball> yeah. i looked around. openbsd really has nothing, but you guys have the null_fs option.
18:54:41 <lavaball> or nullfs. something with 0.
18:57:09 <lavaball> how is the kernel doing security wise? i just saw some guy on youtube talking about the three big BSDs and openbsd people were the only ones fixing the bugs consistently. no offense, obviously. or wait, no: asking for a friend.
18:59:26 <rtprio> yep, we try to put all the bugs in freebsd that we can
18:59:59 <rtprio> because it makes freebsd faster
19:00:34 <lavaball> i was hoping for something along the lines of: wasn't that the "all bsd equal" talk? we saw that. things have picked up since then".
19:54:41 <rtprio> i'm not sure what bugs you're talking about
20:13:22 <Demosthenex> anyone using puppet, and finding that manifests just die because if you're not online the package calls all fail trying to update?
23:01:54 <rtprio> Demosthenex: yes, the pkg provider get's touchy when offline
23:04:22 <meena> Demosthenex: you can maybe tell it not to update
23:05:15 <meena> but I don't remember if or how
23:15:42 <Demosthenex> meena: i was trying to find a way
23:15:54 <Demosthenex> hadn't seen any docs yet, i'll read the module tomorrow
23:36:51 <koobs> moin
23:38:31 <llua> Demosthenex: use a fact to determine if you can reach them or the "internet" and when you can't, don't declare those resources