welp looks like I get to shelve freebsd a nfs server and go back to linux. Shame wanted to show off bectl as well, but can't get nfsv4 freebsd server to talk correctly to a nfsv4 linux client while passing uid's back and forth

manfromafar: Interesting. I use it here and it seems to not have any issues.

NFS 4.2

are you doing sys or krb

manfromafar: sys

manfromafar: Are you running nfsuserd on the FreeBSD side?

yup nfsuserd is setup I even forced the domain to match on linux in idmapd.conf

hoping that would fix it

but no luck freebsd appears to just map it out to nobody even though it passes the id's to the client correctly.

manfromafar: I've got to bail for dinner soon, but I'd be curious knowing what misbehaviour you're seeing out of it.

hrm

ls -l shows the proper uid but the user with that uid can't access the share or anybody for that matter

I'm not doing anything special here, and UIDs are honored.

oh, hm, hm

When fine tuning jails, do we 'sysctl security.jail.allow_raw_sockets = 1" in the host or the guest to allow for the ability to ping

manfromafar: is it catching the wrong line in exports, and being forced read-only because of it?

manfromafar: And do you have your V4 root set in exports?

yup went with only have a v4 line to adding a v3 line as well same behaviour

hrm hrm

linux will mount the share

then give input/output error when trying to access it

I might try with a freebsd client to see if anything changes

it's also a v4 only server

manfromafar: sending a HUP to mountd might be useful. I think I've seen that issue with new shares

oh I've restarted mountd contantly

manfromafar: Yeah, same here. V4 only, and in this case there are only Linux clients.

every change I restart nfs/mountd just to be sure

manfromafar: Maybe worth grabbing a packet capture to make sure it's sending what you expect, in terms of UID.

the annoying thing is that linux to linux works out of the box

I've seen this happen, but it goes away when I force the server to think about what it's done. :P

Linux has exportfs which takes some guesswork out of it.

Anyway, I'll be back. This works here. (I should note, FreeBSD 13.1 on the server side, Debian Bullseye on most of the client sides.)

So you're not trying to do something that's doomed to failure anyway.

bbiab

That sysctl is deprecated, so I'd use a jail.conf parameter instead.

Er, that was for RoyalYork.

are there tools to help resolve deps when trying to build statically? i have a base image for work that needs curl but like nothing else (it doesnt have a pkg manager for "security reaons" (more hype than anything it seems))

On a host where curl is installed, "pkg info -d curl | grep -v :" will list packages it depends on to run. You then have to apply that recursively.

right thanks i guess i was mostly asking about the recursive part since that can turn a bit hairy

Not that jump out to me. I'd use perl to expand that list, because that's what I know. Not sure offhand whether awk can do it.

Or you could install /usr/ports and use "make -C /usr/ports/ftp/curl run-depends-list".

V_PauAmma_V, thanks for the tidbit about putting it in jail.conf. So then it's obviously on the host side (thumbs up)

any ever use makes?

sorry anyone ever use makefs?

makefs?

oh, good, that's not what i thought it was

i've used it briefly in the past, but mostly just as part of the build system outside of that brief usage

how to set up edit.rc so ctrl+backspace actually erases the previous word?

what is edit.rc

I just installed FreeBSD in a VM (wanted to try it out before committing to putting it on any bare metal), and for the most part I've grokked the basic desktop setup, except for one thing: How the heck do I set up an X display manager?

I've been trying to Google it for a while, but Google pretty consistently has been giving me terrible results for years and I haven't gone search engine shopping since Altavista died. In this case, Google is assuming I already know the basics of configuring a display manager (I do not, at least not within FreeBSD) and is only showing me results comparing display managers to each other.

origintopleft: what is the problem youre having exactly?

i just did (pseudo code) "sudo pkg install xorg i3 nvidia" and made and xinit file, loaded the graphics driver and launched X

cedb: I ended up remembering that post-install, pkg tried to tell me something about my display manager of choice, so I searched for how to get that message to come back instead (`pkg info -D ${DISPLAY_MANAGER}`)

cedb: the solution was to modify /etc/gettytab and /etc/ttys

people are gonna need more info than "google sucks" to help, such as graphics card/driver, hypervisor used

cedb: the original problem was "I wanted a display manager to present a graphical login screen, with pictures and things, and I wasn't sure how to configure that"

configuring X is the same as on linux, the only difference is that its usually mostly done for you automagically there whereas on freebsd you have to write one, maybe two files

i mean all i had to do was a 'Section "Device"\n\t"Driver "nvidia"\n\tIdentifier "Device0"\nEndSection entry in /etc/X11/xorg.conf

Hello

one of my freebsd 13.1 servers had it's zpool filled to 96% CAP to the point it couldn't write files to anymore

i sshed into it and destroyed a zfs dataset recurvisly that had a obcene number of snapshots causing most of the pool usage

now I can no longer SSH into the host

it's been several hours after running the zfs destroy command that the server has been in this state. I tried logging into the serial console instead of ssh and while it accepted my username and password, even printing a lastlogin date and location, it freezes after printing lastlog

over the serial console

cedb: Okay, you're still not quite understanding what I'm trying to say. That's understandable; I think I've developed a neurological condition recently that's causing me to lose my grasp of sensible English sentences.

cedb: it works now, so let me send you a screenshot instead

cedb: i.imgur.com/Ca9SyVz.png

should I leave the freebsd 13.1 host to continue trying to destroy the datasets overnight? Or at what point should I give up on that. What else should I try?

sfox, Seems the host is busy deleting old snapshots.

I know ly is a poor example of an X display manager, given that it's TUI based, but that was the idea I meant.

parv, how long should it take to delete only ~400G of zfs datasets on completely 100% intel solid state storage?

sfox, How old, many, big are|were the snapshots?

oh lmao, tui X, hmm okay yeah thats pretty edgy case you got there m8

there's 2 500GB ssds on the server setup in a zfs 2-way mirror

sfox, If there had been lots of snapshots may take a while. Leave it for a day

cedb: The question would likely have been the same if I had chosen sddm, or gdm

origintopleft: oh no sorry thats the display manager thing

cedb: or if you prefer a more cursed option, "if I ported winlogon to BSD somehow"

there's the operating system and the rest of the the zpool is filled with iocage snapshots

origintopleft: now now no need to be crass

cedb: I don't understand how I'm being crass.

id ask why the "graphical" login hassle and not just startx but sure

oh i just meant like mentionning windows :)

I've been streaming the iocage dataset to a hot-standby server in case something were to ever happen to the primary iocage server, and it looks like I forget to implement something to clean out the old snapshots on the standby serever

oh :V

I did say it was a cursed option

cedb: as for why "graphical" login, mostly a preferred creature comfort more than anything else

parv, ok so it's normal for it to take a day to do that. Do you think I've damaged the zpool in any way? when i ran a zpool list it said it had over 90% fragmentation

and if it is damaged any way to recover it without having to reinstall the os

i mean i guess all ports welcome, but if you stop maintaining and theres a mailing list that asks people to recruit theres probably gonna be a bit of head scratching

sfox: im not a zfs pro but cant you just add a device, even with snapshots if you reached this level of cap might be time to upgrade no

sfox, A year or 2 old (2-4) snapshots in 30-100MiB in sizes for ~40 TiB dataset took noticeably long (did not time; perhaps 15-20 minute) on a 13.1-RELEASE host

cedb I don't actually need more space i just forgot to implementent garbage collection in the backup script

that's why it's filled

right

for my own education isnt a big point of zfs/btrfs to have "subvolumes" (recently switched from linux sorry bad terminlogy) to enforce quotas and so forth so this doenst happen

yeah

but i'm not sure quotas work for zfs recv

interesting

sfox, Earlier you wrote "destroyed a zfs dataset recurvisly" -- does that mean you had started destruction of the dataset itself along with snapshots?

if they do i'll have to learn from my mistake and setup quotas so this can't happen again

parv yes

since this is a hot-staby server and all it normally does is sit there zfs-recving snapshots of the iocage dataset from the primary server and zfs list -t snapshot was taking too long i just zfs destroy -r zroot/iocage

I figured i'd just re-create the data from the primary server when the filesystem isn't full anymore

sfox, So that dataset is expendable. Could have done: zfs list -H -o name -tsnap -r <dataset> | xargs -n 1 zfs destroy &

doing that wouldn't have frozen the entire OS for a day?

i do wonder why it could possible be taking that long. isn't only 500G of solid state storage

It would take at least just as long as: zfs destroy -r <dataset> as that still would need to delete the snapshots

one could traverse the entire disk in that time

i'm glad i have a backup server and i'm not having to deal with any downtime because of this

whats even preventing you from logging in, is it that the fs is full or the command is hoarding it?

OTOH, forget about "zfs-destroy(1)"; "zpool-labelclear(8)" to clear ZFS metadata & use "gpart(8)" & "dd(1)" to clear the partition data

cedb, after running zfs destroy -r zroot/iocage the system become unresponsive

like it's partially hung or something

FreeBSD/amd64 (node4) (ttyu0)

login: root

Password:

Last login: Fri Mar 31 12:44:47 from viridi.lan

won't open a shell just hangs

sfox, How often were the snapshots created & when did that start?

every 15 minutes

for the last couple of months

O! 129_600_0!

any of you use multipath drives with ZFS? I've got a bit of surplus gear and have been playing with it. Active/Active is just nuts fast compared to Active/Passive when using bonnie++ ... I'm concerned though... is there a downside to Active/Active? I don't see any glaring warnings

laidback_01, what are you talking about?

I have a server with dual SAS controllers, and they both connect to 24 individual drives. makes it look like I have 48 drives, but it's twin paths to each drive via the backplane

laidback_01: Active/active should be pretty normal, more so than active/passive, so why not?

anyway, using gmultipath I'm getting excellen results with Active/Active vs Active/Passive. I like that, but was concerned about applications like Postgresql, etc.

laidback_01: How would applications know? Maybe I'm completely misunderstanding your setup.

it does mention this in the manpage: "closely following the original write request order if the layer above needs it for data consistency (not waiting for requisite write completion before sending dependent write)" And so I immediately thought of database ACID requirements.

they write that when talking about why you may want Active/Passive instead of Active/Active or Active/Read

but that's not a glarding "Don't do this warning" and my google searches keep bringing me to TrueNAS pages (this is an older FreeNAS certified box with that hardware in it); there's just not as much about it on google as I'd hoped for. What this makes me think: This is such proven tech, that problems rarely come up

at least that's what I hope. So I'm asking here in case that's not a valid hope

Weird, but I've never used multipathing on FreeBSDs. On other OSes, we always set active/active though.

okay, it's nice and fast, but it's just 24 4Tib spinners split into 3 groups of 8drive raidz3 vdevs. I was hoping for earth shattering performance, and it's pretty good, but then I ran the same bonnie++ test on a mirrored pair of crucial consumer SSDs... and got better results. not by much, but... bummer. main difference is 62T vs 400G so I'll stick with the array. lol

Hm… /usr/local/bin is already being used for a lot of stuff on FreeBSD. Is there another directory where I could keep my in-house scripts?

I mean standard directory.

On Linux, I use /usr/local/bin.

~/bin?

I'd like to have them available system-wide.

The local prefix, according to hier(7), is meant for things that're local to a given installation.

Yeah, just read about it.

I don't see why this means scripts can't be placed there.

Okay, fait point.

s/fait/fair/

I just thought it would be wise to "managed" software apart from "unmanaged" software.

There's a fair number of scripts in the base system that appear in the non-local usrbin, for example man(1).

(Yes, man(1) on the BSDs is just a script)

msiism: the distinction is between base system and third party

Yeah, for FreeBSD itself. But I'd actually like to distinguish a bit further.

Then I'm not sure I understand the distinction you're making.

On Linux, I put third-party software into /opt/, and my own stuff into /usr/local/bin.

hier(7) isn't perscriptive, it's only descriptive.

managed by pkg and not managed by pkg third-party stuff

Yeah, kind of that.

debdrup: I see.

I'm not sure it's up to FreeBSD to dictate how you do that :)

To me it's never made sense to distinguish between them, but you're welcome to.

Okay, I'll meditate over this for a bit.

I wouldn't necessarily follow what Linux does with /opt, because there's nuances to that in so far as it has to do with ZFS boot environments, if you're making use of those (or planning to, in the future).

/usr/local/mgd/ might be an option, since that inherits the properties of /usr/local/ with respect to ZFS boot environments.

Okay, interesting. I'm using ZFS already.

bectl is the tool for boot environments.

bectl(8) to be specific.

13.2 released?

hmm

must be important

if i have a second disk which i have a ufs partition on which is seperate to my main zfs disks, if i add it to fstab and do a mount -a it all works fine until i reboot and then i end up in single user mode. Do I need a specific module loaded in loader.conf for ada devices?

sfox: freebsd.org/releases/13.2R/schedule

Title: FreeBSD 13.2 Release Process | The FreeBSD Project

sfox: one day left to test RC6 and report release stopping bugs

bugs!

grrrrr

loose_chainsaw: why do you end up in single user mode? usually the boot process should tell you

I cant remember the exact message

Was wondering why it works if I do mount -a

but doesnt work on start up

i have a directory in my home directory which i want it to map a ufs partition to

would i be able to see the error in the logs

if so I can share it

interesting… bugs.freebsd.org/bugzilla/show_bug.cgi?id=270667

Title: 270667 – zfs: size 0 files in /usr/local/etc after pkg upgrade -f after base 2a58b312b62f

loose_chainsaw: I reckon the problem is the ordering

fstab might be happening before zfs

is there a way to prevent that

I have it as the last entry in the fstab

loose_chainsaw: you could try adding the "late" option and see if that fixes it

cheers

ill investigate that

meena, Thanks for the ZFS bug URL

Say is there some write up about ssh or rsync when 2 computers are connected directly via a patch cable?

s/about/& using/

do you expect any differences than when those 2 computers were connected via switch(es)?

What do you mean?

I am asking wrt if I would need to set any particular IP addresses or netmask.

... or fiddle with firewall|routing

ah. no, you don't need. but i'd set an ip from a subnet that is not colliding with the rest of the infrastructure, if any.

Ok, thank you.

if that cable is the only connection those boxes have, then it does not matter

you only need to make sure that the boxes are "network-wise visible" to each other.

Yeah that cable would be the only connection

you can set 192.168.255.1/24 on one, 192.168.255.2/24 on the other

for example.

Right, thanks

Situation is I want to set up a small 'puter as a router. All I have are laptops; do not have space for ~22-24 in monitor to connect that small 'puter to do the set up

Needless to say could not find ~16-19 in monitor locally (shipping is ~US$100)

huh, bugs.freebsd.org/bugzilla/show_bug.cgi?id=270668 ?

Title: 270668 – ssh logons via public key fail after target upgraded to FreeBSD-12.4-p2

is there a way to flush the ARP cache ?

gzar: arp -d -a ?

gzar: man.freebsd.org/arp(8) says it's -da

Title: arp(8)

thanks, sorry im kind of in a hurry and didnt get many search results that just mention this

Will HP Chromebook 11A G6 AMD A4-9120C run with FreeBSD?

hello good folks, I am trying to install/boot freebsd for the first time on my laptop (thinkpad t14s gen3/AMD 6850U), and the boot gets "stuck" at `acpi_acad0 <AC Adapter> on acpi0`; does that sound familiar with anybody -or should I just give up on installing it-? (I've tried 13.1, 13.2 and 14.0 memstick releases, updated bios to the latest version, tried `hw.pci.mcfg=0` as it was a solution for a "similar" problem being

discussed in the forum a while back)

Unifi v7 software broke after the quarterly (?) patches. Mongodb gets corrupted and I am not able to repair the database.

Not a biggie but the upgrade procedure failed a few weeks ago as well.

sedzcat: have a look if there's admesg for it here: dmesgd.nycbug.org/index.cgi

vortexx thanks but didn't find the laptop's dmesg there

sedzcat: that just means no one who uses that db has tried it. Your laptop probably works, just check if the wifi card is supported

oh that's dumb, you can't have only a V4 line in exports

vortexx The wifi card is Qualcomm Wireless-AC 802.11a/b/g/n/ac

yeah that's not precise enough, pciconf -l should give you a better indication if it's been picked up by a driver, it should start with an i

man that is weird and feels very buggy. pastestore.tk/raw/lezoxaquko you would assume if your building a v4 only server you'd want v4 only lines but apparently that doens't work

batuhan: there's no panic / back trace / etc on 14? it just gets stuck?

Nothing, just hangs at that stage

and since v4 doesn't take maproot you can't squash root. Very odd

meena: with the verbose boot, the last line before hanging is `AcpiOsExecute: task queue not started`

can you submit that as bug report?

Will do, thank you for your time

$ apropos echo

ooooh thats so dumb, freebsd really should steal the crossmnt option instead of forcing you to export every mountpoint under a export

manfromafar: Did you get things running?

manfromafar: Was it an issue with a nested mount not being explicitly exported?

yes/no, freebsd requires a v3 and v4 line to do the exports, but v4 can't crossmount even though the man page says it can

so freebsd is a non starter as I'm not micro managing the exports file when linux will just let me export the root

From exports(5): All ZFS file systems in the subtree below the NFSv4 tree root must be exported.

I've always made it explicit, so it's just not an issue I've encountered.

NFSv4 does not use the mount protocol and does permit clients to cross server mount point boundarie

manfromafar: how hard is it to generate that exports file?

1+N

aka not worth my time when another OS will do it for me

manfromafar: How about if ZFS does it export itself? I've never let ZFS control exports, but it's a thing.

the only reason I was looking at freebsd for this was some of the differences in how memory is handled in regards to mountpoint management

I know its a thing and its trash

that is unless your on slowlaris

This suggests that it should do what you're asking: All ZFS file systems in the subtree below the NFSv4 tree root must be exported. NFSv4 does not use the mount protocol and does permit clients to cross server mount point boundaries, although not all clients are capable of crossing the mount points.

I'm not sure how the client figures into it there honestly.

...if NFSv4 is presenting a unified space.

🤷 in theory the client should just see it as another directory in the tree

but that's just the 1000ft glance

and I know it works since if I add the explicit export it works

rtprio: editrc is freebsds readline, apparently if I want ctrl+backspace to delete the previous word, I have to use that instead of inputrc

honestly though, why can't terminals use ctrl to send something else. like ctrl+shift is what is ctrl now, and ctrl sends some other character

we've done a comparison in our hospital. VmWare as the client, TrueNAS Core (FreeBSD) vs TrueNAS Scale (Linux). we are using NFS v4. The array is a striped raidz2 - 12 12T drives per each vdev. Okay, we have one of those servers with two headnoded, but backplane common to both, so for ths test, we used only one headnode, and disabled the failover.

anyway, we were just using bonnie++ back then too, but it was from the VmWare clients - we have 4 VmWare headnodes. Oh, everything is on a 10Gbit network. the storage system has 4 10G nics in a bond that the mikrotik swiches support. I can't recall if this was LACP or what now. the VmWare headnodes each have their own NFS mount "Primarily VmWare1", "Primarily VmWare2" and so on

anyway, the point of this: we would fire up 5 clients on each node, run bonnie++ on everynode via an NTP timed cron, so they hit at the same time.

laidback_01: and what was the result?

Performance was notably different, I don't have the results at hand - I moved on from the job, but we put in the TrueNAS Core - this was a bit ago, 13.1 had just come out, and we upgraded to that several months later. I recall everyone lifting their eyebrows, we all thought the linux based NFS server was going to dominate. the Scale GUI is easier for the windows guys to understand, so they wanted that. but... function over form. Core (FreeBSD)

was faster, and seemed more stable or... less surge prone? something was different for sure. Now, for use not using ZFS was a non-starter, so no, we didn't compare to ext4 or btrs. just straight ZFS (used the same array for both setups),

OH GAWD. I just realized. Since freebsd nfs can't do crossmnts I couldn't even use it if I manually exported everything anyways. We use the .zfs folder to allow users to restore their own backups and with freebsd unable to handle dynamic mounts we could have to constantly do exports for every snapshot

💀

anyway, I didn't mean to write a treatise. if you have time - take a look at how TrueNAS core is handling NFSv4. I think they are doing what you expect. we for a while setup NFS exports per machine (1..5T each VM), but eventually got tired of creating those in the GUI. we then created exports by group or idea - All the Windows 2016 servers in this one, Client machiens in that one, etc. Then we went back to 4 total exports "primarily node 1"...

"primarily node 4" and that worked just fine. I have a feeling I'm not doing things the same as you or not using NFS in the same manner, so I probably never needed the auto exports feature.

would auto exports dynamically create/export an NFS mount as required?

freenas is a nice small nas setup but they mostly just expose the freebsd settings in the gui

does truenas have auto exports haven't heard about that

I assume yours is working as your not creating nested datasets only one parent datasets then just normal folders underneath

that is accurate. no nested datasets

that is the key difference we have tons of nesting to separate out things. The biggest is just home dirs. Each user gets a home dataset which needs to be exported

the hidden joy I receved from this was the windows admin built up one of those Dell C1700 4 node chassis systems. I can't recall how many drives or anything, and they put windows server on it, hyperv and used it for windows machines. they work well enough - a bit slow at tiems. but reboot. wow, reboot that system only at 1am, expect it to be back up by 3am. the VmWare stack, even in sequence HN1..HN4 could be all shutdown in about 15 minutes,

and up in about 20.

I don't envy your posistion there. sounds like a college campus or something. too bad you have to do that kind of nesting. probably the only way to solve your issue.

technically it could all just be folders BUT I like having homedirs as datasets. It gives people access to their own backups instead of having to call us to restore something

oh, yeah. I do that with SMB mounts for my windows client in small buisnesess

I had a weird zfs issue. Maybe someone has some experience and wisdom they might share.

A routine scrub turned up "Permanent errors have been detected in the following files:" with a list of files from binary installed ports in /usr/local listed.

I would have re-installed those binary ports. But instead decided to run another zfs scrub. Did that.

And the errors all disappeared. No problems listed now. Making this odd.

Plus when I scanned the syslog I could not find any storage errors logged.

I think zfs glitched. But it was an odd glitch. First time in the past year for me. Should I be worried?

Oh and this was on a two disk mirror system. So self-healing from a good copy is possible.

rwp: Are you sure it's a mirror?

rwp: More than once I've forgotten to say "mirror" and notice that the pool I just created is twice the size I expected.

I'm surprised it's saying "permanent error" but I'd probably take this to the ZFS folks who can say more.

Is freebsd better than linux for web dev/high level stuff(aka I don't work directly with low level stuff like syscals)?

cristiioan: It works just fine for high level stuff (as does Linux.)

What about emacs support?

Are you asking if emacs works on FreeBSD?

emacs works fine, on a lot of OSes

If it supports all advanced features. Like native compilation

Title: Emacs graphical client - Software - Haiku Community

mmmmmmm

cristiioan: freebsd.org/status/report-2021-04-2021-06/emacs

Title: The FreeBSD Project

mason, "zpool history | head -n2": zpool create -o altroot=/mnt -O compress=lz4 -O atime=off -m none -f zroot mirror ada0p3 ada1p3

That was 2022-03-01 on this system. Been solid with no trouble for over a year. Making this an odd glitch.

I expected to see disk errors logged. But nothing that I could find. The next scrub then showed clear. Odd.

cristiioan, I would say that for web development there is no user visible difference between FreeBSD and GNU/Linux. For operating the OS though FreeBSD has many advantages.

As for upstream Emacs adding native compilation... I actually find that rollout to have been quite annoying! But I often complain about new emacs release behavior changes that annoy me.

My only other thing is if minecraft can't be played? Is screen sharing working as expected under wayland(should I have to deal with anything specific)?

Minetest works well on FreeBSD, though it's a different game, I enjoy it.

Also is it more stable? I just had to deal with yet another gnome crash(now I have a missing lock screen)

xtile: I wish to get away from gaming

aha

However I see that in today's binary ports update that chromium is now dropped? Gone from available ports? Anyone know what's up with that?

There is still ungoogled-chromium but it's really a different browser.

rwp: all electron ports are affected

oh, never mind then

I apply upgrades every day. In today's binary port upgrade it wanted to remove chromium. (Okay with me. I mostly use Firefox.) I allowed it. It's now gone.

why the heck would pkg upgrade remove packages you installed, just because they vanished from the repo?

I imagine there are library conflicts.

ah, that would make sense

Let me gather up and paste the trace of the rather large upgrade today.

Here is the trace of the quite large binary pkg upgrade today. bsd.to/oVPO/raw

Title: oVPO

I should also include that freebsd-version -kru says: 13.1-RELEASE-p6 13.1-RELEASE-p6 13.1-RELEASE-p7

will I be able to download release 13.2 tomorrow or do I have to wait until Tuesday?

rwp: is this latest or quarterly?

meena, quarterly. It's a boring stable system.

cristiioan: i reckon you might be able to get them tomorrow night for the Tier 1 platforms — but i don't actually know

I reached into the snapshots and ran "ldd /.zfs/snapshot/zfs-auto-snap_weekly-2023-04-02-00h14/usr/local/share/chromium/chrome" and all of the libraries resolve okay.

so, yeah, that's not it then

I ran the executable from the snapshot on the current system and it seems to run okay.

go ask ports people

You are right. I should ask the ports people.

Also another curisoity. How is the status of risc-v support?

This shows a good reason for zfs as I just upgrade without any fear because I have zfs-auto-snaps running. Making upgrades very safe.

I'll ask the ports people after lunch when I can stay engaged if someone responds. I can't see what triggered it.

It _might_ be accidental in 13.1R because of "Sunset 12.3-RELEASE from ports tree" tagged "12.3-eol". Maybe. Don't know.

Title: ports - FreeBSD ports tree

What do `-m` and `-M` do when mounting devices? Seems like you use that to set permissions. However, mount(1) doesn't seem to contain any info on that.

msiism, I think you first need to realize that mount is just a wrapper for mount_<filesystem type>.

Oh…

Ideed, I needed to realize that first.

mount(8) has no -m or -M switch but the type you're mounting may support such a switch.

Okay, I've found the appropriate man page already. Says it all…

meena, whatsoever is a single word.

cristiioan, I have never played minecraft, but I think it might be difficult to play it on FreeBSD (at least without emulation), I think our client port is very much out of date: freshports.org/games/minecraft-client

Title: FreshPorts -- games/minecraft-client: Client for the block building game

and updating it requires some work that is not moving at all: reviews.freebsd.org/D31119

Title: ⚙ D31119 games/lwjgl3: Lightweight Java Game Library 3

Only ever ran the server port on FreeBSD.

Though, the port-updates never kept stride with the upstream updates, so I mostly just copied over the .jar file and restarted it.

minecraft server port has just been updated: cgit.freebsd.org/ports/commit/?id=f…c6decf4dc07fa3ee7428da067d83b2fa409

Title: ports - FreeBSD ports tree

I've put up a Git repo containing my little mount(1) wrapper: git.sr.ht/~msi/qmnt. As I'm still new to FreeBSD, feel very free to comment, especially on the "Setting things up" section in the README.

man 1 mount

No manual entry for mount

Interesting.

I have a feeling I know why that is…

(base system utils use manual index 8)

Let me have a little round of s/1/8/ …

aside from nagging developers to add multiple SOCKS proxy settings to their apps, could freebsd provide any way to prevent SSRF across an app's components? c.f. WebAssembly/wasi-sockets #33

Title: Require sockets to have a named "context" · Issue #33 · WebAssembly/wasi-sockets · GitHub

33 – TIOCSTAT doesn't appear to work bugs.freebsd.org/bugzilla/show_bug.cgi?id=33

nah, grep is in 1,and so is ps

mount usually needs root

administrative utilities are under 8

The embarrassing thing for me is, it's just the same on Linux. ;)

Soni: I don't see how. that's very high level

meena: why can't we have setsockopt(SO_TAG) and filter it in the local firewall?

SO_TAG is ideally a string that gets passed by the app to the firewall

so e.g. it could be tagged "redis" or "postgres" or "git" (this one is dangerous, it is user-controlled) or so on

and then the firewall could filter on it

Soni: most of SSRF happens via https, no?

(yes, shelling out to `git` instead of using `libgit2` also helps to mitigate it - you can then firewall based on the `git` process, which works as a form of tagging - but turning your app into a bunch of shelled out components seems like a pretty crummy way to do this kind of firewalling)

meena: yes, git over https, git over ssh, git over git protocol, whatever happens to work

git protocol is deprecated

most of SSRF happens via user-controlled connections, so simply splitting them into "user" (user input, API-based) and "core" (config-based) would be enough

but even that still requires some way of tagging which connections are which, and letting the OS know about the tagging

meena: git protocol is not deprecated. git protocol over the network is deprecated. git over https, git over ssh, etc are just git protocol over a more appropriate transport.

Don't most developers use git (commands) over ssh? (Though I know those who work behind restrictive corporate firewalls have to work around it.)

The most typical use for git via https (or http or git://) is read-only clones only, right?

or use https for fetch, ssh for push (as committers guide suggests)

rwp: yes, but it's complicated (case in point: restrictive corporate firewalls)

but that's irrelevant for the SSRF issue

Ah, I see, you started with WebAssembly/wasi-sockets #33 as the problem. Gotcha.

Title: Require sockets to have a named "context" · Issue #33 · WebAssembly/wasi-sockets · GitHub

33 – TIOCSTAT doesn't appear to work bugs.freebsd.org/bugzilla/show_bug.cgi?id=33

interesting how linux describes v4 handing mounts apt-browse.org/browse/ubuntu/trusty…/doc/nfs-common/README.Debian.nfsv4

Title: /usr/share/doc/nfs-common/README.Debian.nfsv4

just mount the volumes and they;ll work

"BoringSSL is a slimmed down TLS implementation maintained by Google. Getting TLS right is very, very hard. Envoy has chosen to align with BoringSSL so as to obtain access to the world class experts that Google employs to work on this code base. In short: if BoringSSL is good enough for Google’s production systems it is good enough for Envoy and the project will not offer first class support for

any other TLS implementation."

Oh good lord. So in turn, that means the port won't build due to ssl=base.

Essentially boils down to, "We're not going to use anything else since Google is always righter." (though on the flip side, I can kind of understand it due to the previous code issues with OpenSSL)

when libressl

we've built on OpenSSL for decades and given back exactly squat and when it all blew up, we decided to create our own instead of contributing

the little that I read about Boring, there is a certification element. I remember literature about places that need to pass a government compliance and Boring has to satisfy those requirements.

so, FIPS?

I kind of stumbled into searching it because there was a "suspicious" IF conditional in a Go library call. Something similar to "if boring_enabled, then call boring and skip the rest of this routine".

> we've built on OpenSSL for decades and given back exactly squat and when it all blew up, we decided to create our own instead of contributing

not just openssl, that's true about most bigtech corporation

in california the locals are slashing google bus tires because the public transit is so bad

gotta love homless camps with skyscraper and tech campus skylines

For jail administration, do most people use ezjail-admin or do they administer it manually?

bastille for me

Im just jumping into jails for the first time, seems that something like bastille is the way to go

lots of fiddling around otherwise

ezjail is a bit older, and while it works, it was/is mean for FreeBSD10 and under really.

there's IOCage as well. that's a reasonalbe system. I don't know which is lighter or more FreeBSD-like, but I think it's just a personal preference after a point

Im trying to find a sample of Jail Mastery to see what Lucas's views are

RoyalYork: Base system tools here. They work well.

mason, im trying to find a reference that assists with getting network access to my jail

failing that, I'll have to go with a tool

RoyalYork: The handbook is a good bet.

The FreeBSD handbook?

I found it didn't cover getting network access to jail

RoyalYork: docs.freebsd.org/en/books/handbook/jails

Title: Chapter 16. Jails | FreeBSD Documentation Portal

Chapter 16, i've been up and down it

having an issue mounting a lacie usbc storage device. when I run mount it says invalid argument: commands I've tried pasted here paste.rs/JZm.md

Title: paste.rs - Rocket Powered Pastebin - Markdown

RoyalYork: That shows networking.

not sure what i am doing wrong here

RoyalYork: I have a wiki page showing jails with vnet and epair, if you want an alternative: wiki.freebsd.org/MasonLoringBliss/JailsEpair

Title: MasonLoringBliss/JailsEpair - FreeBSD Wiki

I'll have a look at the wiki (thank you), but chapter 16 only talks about network interfaces with ezjail

RoyalYork: I'm looking at it right now and I see it showing an example with networking in jail.conf.

RoyalYork: Search for this text: Jails are often started at boot time and the FreeBSD rc mechanism provides an easy way

I saw that earlier

Title: dpaste/k3aE (Plain Text)

my jail.conf file looks very similar

Im not able to reach the internet from my jail

maybe thats a feature and not a bug?

Hm, unsure what the rest of your networking looks like.

in the host?

bsd.to/zhF8 - this is my rc.conf

Title: dpaste/zhF8 (Plain Text)

And no firewall / pf running

RoyalYork: I don't know if 10.10.10.10 is valid for your network. Maybe do a quick packet capture and see if it's trying to get packets off your box, if the networking is valid.

If you can get to the network from the host, then the jail should be able to do so too.

Ok, you gave me somthing to look at. I'll start with the IP

I am able to ping between the host and jail, but I'll keep digging

RoyalYork: One thing that's critically important to understand is that if a jail tool shields you from understanding what's gone wrong, it's doing you a dis-service.

mason, agreed. im of the same mindset