is there any way to suspend to disk a bhyve guest so the host can be restarted?

bhyvectl --suspend

rtprio: thank you!

i think you need a kernel rebuild for it to work. also i haven't used it

assuming a bhyve exploit jailbreaking PS5, is it possible then to run KDE atop Sony's gfx stack?

still, is there a pre-built kernel for PS4 running vanilla FreeBSD?

Well that was fun.

i thought PS5 runs Linux

How is Mac Sillicon support ?

meena: it runs freebsd 11

is there a mirror somewhere with older freebsd 11 packages ?

I need the latest available pkg for 11.4

(for cmake)

I've tried here ftp-archive.freebsd.org/pub/FreeBSD…ive/old-releases/amd64/11.4-RELEASE but there's nothing, although other versions like 9.1 do have the complete packages list

Title: Index of /pub/FreeBSD-Archive/old-releases/amd64/11.4-RELEASE/

for those with similar needs, they're all here: pkg.opnsense.org/FreeBSD:11:amd64/20.1/latest/All

Title: Index of /FreeBSD:11:amd64/20.1/latest/All

dare i ask why you want old packages?

there's never a good reason

but when there is, you better have those packages :)

last1: Worst case, can you just make packages from ports?

if you look at pkg.freebsd.org/FreeBSD:13:amd64 you can find different branches of the ports tree that got made into different package releases

Title: Index of /FreeBSD:13:amd64/

the release_N ones are a copy of the set of complete packages available for each minor version of a major version, and don't ever change from the point they're taken

this freebsd-update.conf i've got with has servername set to aws.update.freebsd.org

that doesn't seem to exist

there's no realistic way of keeping all old versions of old packages, because the current package mirrors already take up more than 18TB (if memory serves)

there a good option (for doing this from aws)?

doug: that must be specific to the ec2 generation, unless you set it

it came with the 13.1 AMI builder box (ami-0c2fe35b987a7882c)

so it's modifying this line? cgit.freebsd.org/src/tree/usr.sbin/…ebsd-update/freebsd-update.conf#n12

Title: freebsd-update.conf « freebsd-update « usr.sbin - src - FreeBSD source tree

i'd suggest reaching out to colin percival on twitter, he's responsible for the amazon stuff

might wait for the 13.2 builder

it does appear to have a cname

err

why did i think cname and type it in as the query type to drill?

of course it has a cname

debdrup: I agree, this was an oddball request, however, 18Tb is also quite small these days

They make single drives bigger than that

last1: it's not a question of buying a single drive for a single machine

I know

although, one could make an exercise in doing just that. Some dood made a calculation in running all of Twitter on a single server

Title: Production Twitter on One Machine? 100Gbps NICs and NVMe are fast - Tristan Hume

tldr; it's not possible

the article treats cputime as both free and infinite, which last i checked it isn't.

also, it's using a man who has absolutely no idea what he's doing, as a source.

you mean Tristan ?

no, i mean elon.

ah, that's a given, Elon's an idiot lol

A lucky idiot, I guess. Richest man in the world.

ability to make money isn't unfortunately related to proper intelligence

:')

Then we're screwed because money is what enables stuff getting done xD

the guy is promoted without end.. everyday another portrait of him in the media, the guy spends a lot of time on his own marketing..

so someone is supporting him, e.g. with tax benefits for his car company and other stuff

Why I cannot find this package in `pkg search/install`? man.freebsd.org/cgi/man.cgi?query=wacom&apropos=0

Title: wacom

Letiute: bpa.st/EHSDY

Title: View paste EHSDY

one of those maybe?

mason libwacom-1.5 != wacom

Title: FreshPorts -- x11-drivers/xf86-input-wacom: X.Org legacy Wacom tablet driver

the hints are in the see-also subsection, and it being in section 4x of the manual pages.

Hi. Is it a bad idea to use "latest" with -RELEASE ?

I don't care much about stability, I just want the latest packages

No. I do that.

It's not really a question of stability.

14-CURRENT uses latest as the default packages, it's more that for -RELEASE it was judged that people would benefit more from being on the quarterly branch because there's a smaller chance of something being broken since buildfixes and securityfixes are the two exceptions to not MFHing on quarterly.

debdrup, I would be using 14-CURRENT actually. but from what i heard, there is no easy binary way to update -CURRENT like freebsd-update

Otherwise I would even use the bleeding edge freebsd system

There are snapshots, FWIW

parv: that's not really the same as binary upgrades through freebsd-update, though.

... but then are not the same

debdrup, Yes

I want an easy to update and working base system with freebsd-update. so I rather use the latest -RELEASE and bleeding edge ports / pkg, so -RELEASE + "latest" makes the most sense

It seems pretty nice

Most of the developers who run -CURRENT do so by taking full advantage of meta-mode, which makes it quicker to do successive builds, because it only builds what's changed since the last build (and it's more effective than ccache).

debdrup it was useful but some how the pen was detected/working already but my point was to make sure the a) smoothness b) features / detection of pen buttons in xournalpp app was not like the one I used to have in linux. I mean the settings were not effective for both pen buttons, writing was nor smooth. something wrong. ref wacom one.

Still, it does take a fair bit of time to build things.

Can I do GELI encryption wihtout a key? just by passphrase?

src/tools/build/beinstall.sh can also help, because it makes it so you can always go back to a working boot environment, if the one you're installing into doesn't boot properly.

Letiute: yes

It's a bad idea.

debdrup: If it's a sufficiently complex passphrase, why not?

If I loose the key, I loose the disk. I can't remember the key but I can remeber passphrase

mason: a passphrase by its very nature can't be sufficiently complex to compete with the entropy of a key derivation file.

GELI, on a modern CPU, goes through a few tens of thousands of iterations.

(It's impossible to give the precise value, because the key derivation function will iterate depending on how fast teh CPU can derive keys)

mason so I ` geli attach -k /root/da2.key /dev/da2` shoudl become ` geli attach /dev/da2`?

It's the same reason why ssh keyfiles with passphrases are better than ssh passphrases.

debdrup agreed but I can't afford to loose the key file

Back up the key then.

then I have to encrypt that backup too

making it a neverending chain of bakcups

There's such a thing as physical security, too.

yes..

so if I do want without key, so I ` geli attach -k /root/da2.key /dev/da2` shoudl become `geli attach /dev/da2`?

Letiute: yes

ok

debdrup: Isn't the actual encryption key what matters, which is distinct from the user key, anyway?

s/encryption/Master/

can I make a drive look like haivng 2 partitions making GELI assume those are two different disks?

Effectively giving us what you get with an SSH keyfile and passphrase to unlock it?

I've not had enough coffee to trust myself just yet, today.

Letiute: Yeah, you can encrypt partitions.

Want to even.

ok.

mason: the master keys are part of the metadata, and need the keyfile which needs the passphrase in a normal setup.

The keyfile is there to ensure sufficient entropy.

mason I want the freebsd OS to mount/ or decrypt the .eli (GELI encrypted) partitions at boot time. What is the best way to do that? I think I have to hardcode the password somewhere in the OS?

events.ccc.de/congress/2005/fahrpla…r_Complete_Hard_Disk_Encryption.pdf ah, here's the presentation i was looking for the last time

media.ccc.de/v/22C3-1139-en-complete_harddisk_encryption_with_freebsd this is the presentation, and events.ccc.de/congress/2005/fahrpla…s_Complete_Hard_Disk_Encryption.pdf are the slides

Title: media.ccc.de - COMPLETE Hard Disk Encryption with FreeBSD

Letiute: Automatically? It's a bit tricky in FreeBSD. If you're physically present, the bootloader can unlock everything once you feed it a passphrase.

mason I can do that. I can type passphrase but do I have to type for all the drives? or just once (if I keep it same for all drives ) ?

Letiute: If they share a user key, it'll try that key for all available providers.

So you just type it in once.

I haven't seen Clevis/Tang implemented for FreeBSD, FWIW, but there are some interesting options: github.com/clinta/geliUnlocker forums.freebsd.org/threads/outerbas…le-geli-encrypted-root-on-zfs.80078

Title: GitHub - clinta/geliUnlocker: A simple rc.d script to unlock GELI disks in freebsd based on keys and passphrases accessed from other systems via ssh.

I haven't tried either yet, just started reading about them. But it's not relevant if you're there to unlock in person, or via IPMI or similar.

clemens3: I guess there's a feel-good feeling from all the attention. I can't see another reason for it. Other billionaires fade into obscurity, and what seems much more preferable. If I was a billionaire that's what I'd do.

mason so there is no easy way to auto unlock all drives at boot? I wonder what people do? everytiem manuallyd o it?

mason found something, see the "doing it by hand..." heading jonatanhal.github.io/2014/10/22/Enc…pted-ZFS-on-FreeBSD-using-GELI.html

Title: Setting up encrypted ZFS on FreeBSD using GELI

Letiute: I did a brief guide that shows the steps as well: wiki.freebsd.org/MasonLoringBliss/ZFSandGELIbyHAND

Title: MasonLoringBliss/ZFSandGELIbyHAND - FreeBSD Wiki

Letiute: That'll unlock everything at boot. man geli and look at the -b option

Same passphrase for both in that example, and you'll unlock them both only entering the passphrase once.

mason ok. this is also ok? jonatanhal.github.io/2014/10/22/Enc…pted-ZFS-on-FreeBSD-using-GELI.html

Title: Setting up encrypted ZFS on FreeBSD using GELI

is there a way to do a make installworld to a directory without being root? perhaps where the file owners and permissions are instead written to an mtree file?

Letiute: They're doing a couple interesting things there. They're doing their stuff in terms of ZSH, also. I'd want to read it in depth before commenting on it.

ok

its crappy shell code, per usual

llua which one?

your link, it mangles the password when reading and dumping it to a file.

I see.

llua any better idea?

How to send all snapshot data to an external server over ssh? ref docs.freebsd.org/en/books/handbook/zfs

Title: Chapter 21. The Z File System (ZFS) | FreeBSD Documentation Portal

I mean the other machien is not 'zfs recevign'. Just want to send file. So zfs send pool/fs@snap | gzip > backupfile.gz    but how to send it without storing it on local machine?

i should write my own powerd with a crude bang-bang control logic

Letiute, that is a contradiction in terms

do you mean to send the send without it being logged in the zfs, but just stored as if it was like a tape

AmyMalik well, I have another linxu box. I was asumign something like this `zfs send pool@<all snaps> |  gzip the files and send to ssh via <ssh user@ip:/location/to/save/snaps>`

not quite like that

AmyMalik so how do I send snaps to a remove machien without saving that data on local machine?

and where will the snap data will be saved on remote machine?

the way I'd be likely to do that is by executing `zfs send -Rw pool@lastsnapshot| zstd -T0 -3 -cf | ssh user@remote:location::1 cat \> /media/zfstapes/hostname.pool.lastsnapshot.zfsend.zst` - but bear in mind that you would not have resume functionality and you'd do better to be using zfs recv on the other end instead

to zfs send, -R means send a replication tape, -w means do so without decompressing the data off the disk (this is probably a bad idea, so don't actually pass that); to zstd, -T0 means choose the maximal thread count, -3 means compression level 3, -c means compress, -f meansforce it to stdout even though that is not okay

the backslash is to do the redirection on the remote machine

if the data on disk is already compressed mostly you can use the -w flag, and skip the zstd, step and finaggle the filename on the remote end to not include .zst

I see.

some of these applications parse single-letter options differently - -T0 might mean use max threads to zstd, but another program with a -T option might think -0 is another (illegal) option

" would not have resume functionality and you'd do better to be using zfs recv on the other end instead" was intersting. Can you tell more on that

and may not expect the argument to be directly concatenated on there

`zfs recv` is capable of generating a resume token when a transfer stops unintentionally

why not do a | gzip and rysync to remot host?

because rsync is for files, and you are trying to store a stream

also piping through gzip or zstd is redundant if your data is already compressed

 ok but gzip would be a file in this case

????

yeah, you will ot achieve what you want with that

s/ot/not/

you will only achieve misery ,frustration and heartache

with gzip?

gzip is also slower than zstd

for a given level of compression

ok, but why misery/frustration in it?

rsync is *not* the tool for the job

you are trying to store a stream into a file, and only do said storage remotely

ok

you don't want to create a local file

SO DON'T CREATE A LOCAL FILE

rsync is not the toolf or the job but piping data to a file is not good?

rsync WORKS ON LOCAL FILES

you're fired.

I understand your point :)

just wanted to dig more

ok so to 'recive', the other system should be running freebsd or linux?

any operating system runing a sufficiently new version of the ZFS bits

freebsd, linux, any of it will do

ok, and where would that 'recived' snap be stored in that system?

in a dataset on that system's zfs pool

possibly with the canmount options all overridden to "noauto"

actually, probably thus, because otherwise you'd overrun the remote system's storage

that remote system is a) linux b) a pooled drive on local system.. for a) it does not have zfs. so I make one?

if you want to be edgy you could mount the remote server's filesystem over NFS and create a local file that's actually on the remote NFS share with your pipeline

if you want to store the result of `zfs send` as a file, not datasets, you would need to give up the capability to have any kind of resumption functionality.

this should be fine if the two machines are both on reliable power and on a fast local network

they are

its LAN;yes

then the lack of resumption will only be a problem if your cat chews the ethernet cord or fibre line

or your 10 year old steals the line for their computer

cats are tamed here

cats*

AmyMalik ok :)

I'm way too escalated for this convo

ok so how to send data in a)?

also, I wondered, if I have 5 snaps, (I know snap 5 is build on difference and on top of 4,   4 on top of 3, 3on 2, 2 on 1), so if I send 5th snap, I can't restore it without having 1,2,3,4 snaps as well?

or theres a command to send all snaps?

See "-I" or "-i" option of "zfs-send(8)"

ok

ok read.

I can send all snaps with -i

but if I have 5 snaps, (I know snap 5 is build on difference and on top of 4, 4 on top of 3, 3on 2, 2 on 1), so if I send 5th snap, I can't restore it without having 1,2,3,4 snaps as well?

parv AmyMalik ^

I'm not going to be your eyes and ears into this thing

You have ta learn to read long, sometimes dry tomes, like those your computer will produce when commanded: `man 8 zfs-send`

Letiute, Right. In that case use "-R" option to send the whole thing, not just a snapshot

... sorry, I meant not send a *incremental* snapshot

parv so if I do not use -R, and send snapshot #5 only, then I can never restore anything because #5 on recievier's side won't have the prebuilding blocks (1,2,3,4) to make any use of #5? correct?  docs.freebsd.org/en/books/handbook/zfs/#zfs-send-incrementalfor this.

Title: Chapter 21. The Z File System (ZFS) | FreeBSD Documentation Portal

Letiute, Yes

parv what if I delete #2 from my system. Then I send with -R.  this time ALL will be send, but #3 will break/ be of no use if #2 is missing? If so, this means I cannot ever delete snaps? OR #3 will auto adjust?

Letiute, If you send only the snapshot without -[RiI] option, then that would be a self contained dataset.

"self contained dataset."  --> means the #5 part only.  --> means of no use independandly

Letiute, Self contained as in you can restore the snapshot as the the dataset (without any other snapshots)

well what data will a #5 snap only restore if it don't know what was in #1,2,3,4?

#5 was made "on top of !,2,3,4"

parv so if I do not use -R, and send snapshot #5 only, then I can never restore anything because #5 on recievier's side won't have the prebuilding blocks (1,2,3,4) to make any use of #5? correct? docs.freebsd.org/en/books/handbook/zfs/#zfs-send-incrementalfor this.

Title: Chapter 21. The Z File System (ZFS) | FreeBSD Documentation Portal

parv what if I delete #2 from my system. Then I send with -R. this time ALL will be send, but #3 will break/ be of no use if #2 is missing? If so, this means I cannot ever delete snaps? OR #3 will auto adjust?

Letiute, If you have a snapshots of "data/set@[1-5]", then send "data/set@5" to a file. Then that dataset can restore "data/set" when "@5" snapshot was created

ok

so it will have the complete usable data at tiem of #5?

Yes, without @[1-4] snapshots

so this means,  if I create snap of #4, it will have 10GB (lets say),  if I create snap at #5 (now 2 GB added. and snapshot will be of 12GB) totalling 22 GB ?

Letiute, If a @2 snapshot is deleted, then yes @3 snapshot will adjust. Doing that on the receiving side (a ZFS dataste) that may cause issues; test

ok you last comment was understood

about adjusting

parv what about this: if I create snap of #4, it will have 10GB (lets say), if I create snap at #5 (now 2 GB added. and snapshot will be of 12GB) totalling 22 GB ?

Letiute, Please stop repeating in so short time periods

ok :)

Re: dataset size, 22 GB, etc, I do not undertand what you are asking. Could you rephrase?

parv e.g I create 5 snapshots. I send #freebsd first. then send #5 another day.  at point of 4, disk was 10g, at point of 5, disk was 12 g. did the reciever got 22g or 12g?

parv e.g I create 5 snapshots. I send #4 first. then send #5 another day.  at point of 4, disk was 10g, at point of 5, disk was 12 g. did the reciever got 22g or 12g?

Letiute, Receiver would have 12 "g" additionally, the difference since @4 snapshot.

so total reciver got is 22g?  (10g at #4 adn 12g at @5)?

Letiute, Sorry, receiver would have 2 "g" additionally

total 12g?

Yes

if I delete $4 at recieve's end, #5 is unusable?

I think in one liner (unless -i / -R) is used, a snaps data is send of its data + all old snaps/whatever is needed to to make it usable). So if I send #4, it WILL send 10g.  and on some other day if I just send #5, it will send 12G again. totalling 22g.  while the size on origin disk is 12G

I have not much experience in that case; sometimes does cause me to recreate the dataset on the receiving side

ok thank! appreciated