00:08:14 gustik: the last entry is not %B (birth) but %c (status change—i.e. e.g. `chmod +x somefile`) 00:50:29 meena: these packages conflickt because the php binary is /usr/local/bin/php 08:46:34 hjf_: fun! in the python packages, that's a link (which you can install as python3) 11:19:46 hjf_: 8.1 is currently the default version, which means that pkgs depending on php will by default depend on php-8.1. The way out of this is to build your own pkgs where you set DEFAULT_VERSIONS= php=8.0 11:31:07 yes i was able to do this, i set php to 8.0 and built from source. it was taking forever, then i noticed it was actually building cmake. so i just installed cmake from pkg and everything went much faster 11:31:54 that said, how can I update the port? I'd like to make it use a newer upstream version. 11:32:13 i understand the port declares some upstream source file and then applies patches to it, right? 12:01:09 Hi, is it possible to create a port for a software that you have created? If so, how difficult is it and where is the best place to have a look 12:04:04 uskerine: https://docs.freebsd.org/en/books/porters-handbook/ 12:04:05 Title: FreeBSD Porter's Handbook | FreeBSD Documentation Portal 14:52:07 You can amend the VALID_CATEGORIES environment variable to add a custom category to put your own ports in. 14:54:09 https://www.amoradi.org/2019/11/12/maintaining-port-modifications-in-freebsd.html 14:54:10 Title: Maintaining port modifications in FreeBSD 15:45:00 uskerine: also, I've used ports-mgmt/portshaker to merge ports trees. Might be handy, depending on how you have poudriere set up. 16:50:37 Hey guys. I've just updates some jails from 13.0 to 13.1. So far everything went smoothly. However, in all of these jails, a simple 'curl https://google.com' fails due to certificate validation: SSL certificate problem: unable to get local issuer certificate 16:50:38 Title: Google 16:50:57 doing the same from the host itself works flawlessly 16:51:11 security/ca_root_nss 3.87 is installed in the jail (also on the host, but that shouldn't matter) 16:51:13 any ideas? 16:52:23 tct: time problems? nah, jails get their time from the host 16:53:15 meena, indeed. the host is running ntpd and the reported time seems correct. 16:53:29 so that does not appear to be the issue 16:53:48 maybe compare /usr/share/certs/trusted on both jail and host 16:54:50 specifically GTS_Root_R* 16:55:10 treefrob, both contain the same number of certs. However, the host seems to have files from November 14 while the jail reports May 12 16:56:20 all 444 root:wheel 16:56:27 rtprio, yep 16:56:28 the dates would depend on when the files were installed 16:57:14 where to go from here? :s 16:58:17 -rw-r--r-- 1 root wheel 729524 Dec 28 19:44 /usr/local/share/certs/ca-root-nss.crt 16:58:21 and that's ok? 16:59:08 rtprio: -rw-r--r-- 1 root wheel 729524 Jan 11 01:00 /usr/local/share/certs/ca-root-nss.crt 16:59:17 someone had ssl issues the other day, but for letsencrypt 17:01:06 so not really sure where to go from here 17:02:07 what version of curl? 17:02:21 7.87.0 17:13:24 sorry man, not sure; you can probably pass --cacert /usr/local/share/certs/ca-root-nss.crt to curl 17:13:49 yeah, that doesn't really solve the problem. The various jails run various services such as PHP based applications which use curl internally. 17:15:38 what does curl-config --ca show? 17:16:04 an empty line. both on the host (where stuff works) and in the jail (where it doesn't) 17:16:47 I've already performed the desperate full-reboot of the host 17:17:40 that shows /usr/local/share/certs/ca-root-nss.crt for me; 17:17:51 can you rebuild the port? 17:18:13 sure, I built it via poudriere with default options. both the host and the jail are running the same package tho. 17:18:48 as in the same binary pkg. 17:23:49 rtprio, passing --cacert /usr/local/share/certs/ca-root-nss.crt to curl makes things work as expected tho 17:24:03 so this doesn't seem to be a binary issue necessarily 17:26:24 rtprio, https://www.freshports.org/ftp/curl/ 17:26:25 Title: FreshPorts -- ftp/curl: Command line tool and library for transferring data with URLs 17:26:35 last commit in history states: - Disable CA_BUNDLE option by default 17:26:56 but surely this should work out anyway, eh? 17:27:38 plus again, all my other freebsd hosts (including the host running the jail itself) run the exact same packages from the same repository and there everything works. 17:27:40 that would explain why --ca isn't set on yours? 17:28:47 so how come that my hosts don't experience this problem running the exact same 13.1-RELEASE-p5 and same binary packages? 17:29:10 ok, compare /etc/ssl/certs on both hosts? 17:29:56 rtprio, the host has 129 files in there whereas the jail only has 11 17:30:11 these are all symlinks - do I need to rebuild a cert database or something? 17:30:31 it's looking like it 17:31:03 i'm not sure how those get made 17:32:09 I'm trying to figure that out right now (too) 17:32:26 I was hoping that a pkg install --force ca_root_nss would do this but apparently not. 17:32:49 rtprio, certctl rehash did it! 17:33:48 rtprio, thanks a lot for your help - much appreciated! :) 17:38:30 anyone here got a FreeBSD in podman? what does sysctl security.jail.jailed report? 18:03:04 The line "Many Linux® distributions use the SysV init system" on https://docs.freebsd.org/en/articles/linux-users/ is no longer accurate. Just sayin'. ;) 18:03:05 Title: FreeBSD Quickstart Guide for Linux® Users | FreeBSD Documentation Portal 18:04:27 Just had that pointed out to me by a systemd fanatic. :D 18:10:52 unixman_home: gosh, how many are left, actually? 18:11:16 Ha! :D 18:15:40 There's Debian, Devuan, and Slackware for big/established ones. Not sure who else - there are others that don't default to systemd but they tend to be running other things. OpenRC, runit, s6 18:16:29 yes, this article should be updated 18:17:38 Oh, I guess MX uses sysvinit. They seem to still be at the top of DistroWatch, although I don't understand the metric there. (Page loads?) 18:18:02 Alpine uses OpenRC, and probably can use s6 18:19:12 Very recent article talks about this: https://www.systranbox.com/why-mx-linux-uses-sysvinit-instead-of-systemd/ 18:19:13 Title: Why MX Linux Uses SysVinit Instead Of Systemd – Systran Box 18:20:06 For my part, I haven't tried MX. I don't see much point running a Linux that's not Debian, and Debian supports sysvinit, so no more digging needed. :P 18:20:50 voidlinux uses runit 18:32:17 mason: seems like bad editing there: Mx Linux uses the systemd init system as its default init system. 18:33:34 mason: i agree 18:33:49 meena: Ah, didn't know. Hrm. 18:33:56 meena: did you happen to look at that jail.conf and pf.conf I linked yesterday? 18:34:39 rtyler: gosh, no. if you didn't highlight me, i probably missed it 18:35:18 meena: should you have any ideas, I certainly would appreciate it https://gist.github.com/rtyler/359579ad03ccebcc76203d9bd9c480a3 18:35:19 Title: jail.conf · GitHub 18:35:21 (rtyler did highlight me, but not with the config) 18:46:34 meena: mx _includes_ systemd by default, but it is not enabled. SysVinit is the default. 18:48:53 dutch: then that article is wrong 18:49:15 see https://mxlinux.org/about-us/ under "Our Positions" 18:49:17 Title: About Us – MX Linux 18:50:22 rtyler: what do you use $id for? 18:50:43 that's just to make some of the naming around epairs in the pre/post start easier 18:52:40 rtyler: aye. this looks very similar to my config: https://alpha.pkgbase.live/howto/jails.html 18:52:41 Title: Howto: Setting up Jails 18:53:44 indeed, you may be surprised to learn where the inspiration came from ^_^ 18:55:38 * meena seems to consistently inspire people despite being one of the most boring and depressed people 18:56:04 just you wait, until the sun comes up again in March or so, I'll have fresh inspiration energy again 18:56:43 rtyler: so what's the exact symptoms? 18:58:09 gitea -> postgresql shows "host down" when pinging, and the gitea jail cannot make a connection 18:59:40 and other direction? both, IPv4 and IPv6? 19:01:16 meena: both directions yes, gitea can reach out to the public internet of course 19:02:31 rtyler: right, IPv6 would basically go via the Internet (almost, but probably not quite) 19:09:00 the default route for both is their respective bridge interface 19:10:19 oh, right, you're using more than one bridge. can you show me your rc.conf, and your routing table? 19:11:54 meena: from the host? 19:12:08 rtyler: yes 19:16:55 rtyler: and postgres is definatly listening on the tcp port? 19:46:11 rtprio: it definitely is :) 20:38:50 what's the Right Thing to use for specifying my system using a minimum of source files (ideally just one) that i can use to spin up a fresh ec2 instance with everything install and configured on it just like i want? with stock packages, menuconfig'd packages, stuff i'd otherwise install by hand (like with configure/make), all my user dotfiles, dynamically config'd stuff (like for zerotier), 20:38:51 sqlite/pg/maria databases set up and seeded, passwords/keys/auth stuff Done Correctly and just everything else Working Properly 20:38:55 something that i can expect to be around and usable for the next 20 years. i don't expect it's gonna be ansible/chef/puppet/saltstack 20:39:45 A big /etc/rc.local 20:58:39 hjf_: I did a poudriere testport run of zoneminder, and it builds with and depends on php-8.1 for me 21:01:18 hjf_: That said, it should also be updated from 1.36.12 to 1.36.32. There's almost a year between those two versions. 21:26:58 doug: do you expect ec2 to be around in 20 years? 21:27:41 doug: I use cloud-init for the basic bootstrap, and then config management, tho these days I'm looking into getting my jails under control from podman 21:41:42 meena: i recently used your cloud-init-devel for my 13.1 image for openstack. works just fine. 21:41:56 otis: yay!!!! 21:42:17 otis: I'm really happy my code works. 21:43:01 * meena is back on the computer and hacking on facter which seems to not work well enough on some FreeBSD installations… like… mine 21:49:16 keep up the good work. 21:52:10 otis: okay. thanks 💜 23:37:12 20 years, eh 23:50:04 * meena hopes some of her code will still work in 20 years