i wonder who is at fault here, i have another android phone so i put connectbot there so i can at least ssh from it as there is no native freebsd phone, but this time, public key from it, errors out in my authorized_keys

not at freebsd question even

ketas: did you check the logs?

permissions correct in .ssh ?

no permissions were changed during edit

well log tells me it's malformed key somehow

there you go

do you have stray linebreak or something there

no

did you generate it in connectbot?

yes, i assume it's broken there

somehow

but wtf

perhaps you mis'pasted it

well no, didn't do it either, did 3 times with more keys

error: buffer_get_ret: trying to get more bytes 5

13 than in buffer 507; error: buffer_get_string_ret: buffer_get failed; error: buffer_get_bignum2_ret: invalid bignum; error: key_from_blob: can't read rsa key; error: key_read: key_from_blob

like

what!

what the hell man. let's see this key

see eh?

rtprio: ketas.si.pri.ee/connectbot-broken-pubkey.txt

rtprio: and i might as well share priv too: ketas.si.pri.ee/connectbot-broken-privkey.txt

now that i deleted it

didn't work anyway

have fun

i think i'll sleep

i don't need private key

ketas: i'd try a 2k key, or better still, not a rsa key

i tried curved one too

funnily errors again

meh

what's the CI/CD everyone uses that runs great on fbsd?

i believe that FreeBSD for it's CI/CD uses Jenkins

ah k. that what everyone else runs too?

in the fbsd world i mean

no idea

can jenkins build jail containers to deploy?

you can do nearly anything with jenkins

nice

ty

the freebsd project itself generates all kinds of artifacts with its CI

e.g., artifact.ci.freebsd.org/snapshot/ma…3bd93fefa998fff69a1e136/amd64/amd64

Title: Index of /snapshot/main/005cca8361a4932d03bd93fefa998fff69a1e136/amd64/amd64/

the various distribution sets that you'd normally get from using teh release(7) scripts

damn, jenkins is coded in java :/

yeah, that is the downside

i wouldn't mind a good jenkins alternative written in golang

fuck yah

why is it being in Java relevant/bad? it's the best CI that works on most OSes and its plugin system has options for almost everything...

just used to java stuff being pretty bloated but maybe that's improved

Java has improved quite a bit (and some things, like its various garbage collectors, are top notch). don't get me wrong, it has its warts (what doesn't?)

but especially for CI you're not gonna find an alternative to Jenkins that is free, self-hosted, supports FreeBSD (although it isn't official build), works with almost anything

RhodiumToad: yuripv: The Handbook appears to be a bit out of date. acpi.ko is not more, replaced by what appear to be machine-specfic ones. I have run 'make DEBUG=1' and installed the modules, set the log levels from the Handboot, but I don't see additional information on boot.

is jenkins the only CI in ports? none of the others i know the name of show up

michaeldexter: I think you specifically need options ACPI_DEBUG

(in the kernel conf file, not for make)

RhodiumToad: Done and trying it now. The Handbook gives loader entries that are no longer valid. I set the level to ACPI_LV_ALL and... it's quite the firehose of output. Over a minute into boot and it has not stopped.

bliminse any idea how gitlab stacks up against jenkins?

RhodiumToad: nsxfeval-0386 EvaluateObject : Null handle with relative pathname [_PRW] nsxfeval-0386...

why isn't options ACPI_DEBUG in the CURRENT Conf?

meena: That could be reasonable if not too noisy by default.

michaeldexter: i thought it doesn't do anything by default

michaeldexter: is it stuck there, or looping, or...?

under FreeBSD 13.2 fresh installationUncommenting "#PrintLastLog yes" results error; /etc/ssh/sshd_config line 99: Unsupported option PrintLastLog

under FreeBSD 13.2 fresh installation, uncommenting "#PrintLastLog yes" results error; /etc/ssh/sshd_config line 99: Unsupported option PrintLastLog. Any clue?

Apparently option name has changed/been removed?

Hmm.. Still exists in the default conf file, though?

Title: openssh: restore PrintLastLog option · freebsd/freebsd-src@43c6b7a · GitHub

I don't think that made it into 13

Well, it does. FreeBSD 13.2-RELEASE amd64 default installation; it's there.

But anywaays, not a big deal.

The sshd_config reports version: # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

tercaL, Does 13.2 "crypto/openssh/config.h" source file have "/* #undef DISABLE_LASTLOG */" on line 116?

parv: Sorry, don't have that file - no base-src installed.

what meena meant to say was: i don't think that *fix* made it into 13

Ohh, I'm very sorry..

Got it!

i reckon it'll be dealt with, as soon as we get an answer here lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040242.html

Title: PrintLastLog fails on systems without lastlog but with utmpx

*non-native english speaker - blushes

at your jobs, what's the name of the department programmers are in? there's hr, accounting, marketing, but what's the name of the 1 for coders?

Software Engineer (I, II); Electronics Engingeer; Computer Support Specialist

... there is no department, only a "tech group" of people involving in various aspects of Operations

... it's a mall shop

ha ha ha

s/mall/s&/

Anyone know of an ansible role for FreeBSD that can set and manipulate a network interface's name?

For example, I've been doing things like: ifconfig_ixl0_name="ext0" and ifconfig_ixl1_name="int0" just to make things clearer and to have consistent naming in pf.conf.

polyex: Englinnering, Platform, Infrastructure, <Name of Main Product>

Various takes on that.

Engineering*

you ever see a company name it "software"? i've been seeing that a bit

My first job was with a company where the whole unit was software development in one form or another

(besides HR)

spork_css: docs.ansible.com/ansible/latest/col…community/general/sysrc_module.html

Title: community.general.sysrc module – Manage FreeBSD using sysrc — Ansible Documentation

how come make(1) uses c99 instead of cc (clang)?

and is that just for me or everyone?

make uses cc for me on FreeBSD 13.1

i'm on CURRENT...what could i have done to make this happen? lol

even when i include ".POSIX:" in the makefile it uses cc rather than c99 (this is a bug, I should consider reporting this)

maybe you set CC=c99 trev?

make doesn't know/care about cc

i am setting .POSIX too, but without it it still uses c99

yuripv: it does, there are built-in rules for make

you can have a makefile containing only "hello:" and nothing else and it'll turn hello.c to a binary hello, it uses built-in rules to do this

xtile: nevermind, removing .POSIX does work

ah OK

whew

weird that .POSIX: doesn't get it to use c99 for me

i wonder if .POSIX makes -std=c99 pointless when using gmake/bmake

cause c99 hates all -W and -std flags

I just use FreeBSD's make.

i'm trying to make a portable makefile though :\

xtile: "builtin"?

yes, make, at least since 7th edition Unix, and to today in FreeBSD, has built-in rules. try 'make -dg1' to see them.

for example, i cut out its default rule for .c files dpaste.com/6JMQ9Y3ND.txt

how is that "builtin" when it's clearly coming from system mk files?

it's hard to use portable make for any large project

to the user (me) it is builtin

eh, i don't think it's that hard to make a portable makefile, i've done it before for larger C projects

define large

dunno how to :B

but yeah trev if you use the built-in/default rules it's not so hard to make a portable makefile pubs.opengroup.org/onlinepubs/9699919799/utilities/make.html they're mandated by standards, if it helps at all

Title: make

xtile: thanks, i know this page..just got stuck on CFLAGS. didn't know c99 (wasn't present on my linux machine) doesn't accept a lot of flags

I would just stick to gcc or clang (cc if everything reall is portable)

is it truly portable if i can't just do `make` on freebsd? c99 gets autochosen when i have .POSIX

it's not really dire for me, i'm just messing around with a silly project

In 2023, you can safely use c17 as your densely C Standard

interesting meena, why would you want to use the new c standard?

I don't think any standard of C is "safe" other than C89. :^) I still use standards as tools anyway

i always thought c89 or c99 is the way to go

Neither GCC nor Clang support C99, they just support most of it

still use them for c99 tho

I do enjoy c99...

why they dont support it?

i'm new to c

neither GCC nor Clang support some certain floating-point features required by the C99 standard

p4x639: C11 Was the first standard which finally formalised the memory model. so C programmers no longer have an excuse like, my software runs on the bare metal. nah, mate it runs in an abstract machine, like everything else since, like 1993

until then, the memory model, and it's effects (and undefined defects) were hidden by compilers. but since then it's out in the open

interesting

I just realised that "since, like 1993" is bullshit:

as soon as C as ported from the PDP-11 to the first other Hardware, it already had an abstract machine. In the minds of C's developers that abstract machine just never ceased to look like a PDP-11

(c17, BTW, is just a bug fix of C11. So we've kept a mostly ten year pace: C89, C99, C11, C23)

(and if you want to learn more about the terrible, terrible process of standardisation, and its human toll, i highly recommend reading thephd.dev )

Title: The Pasture | The musings, ideas, discussions, and sometimes silly words from a digital sheep magician

I'm always suspicious of anything they write

rtprio: got the answer?

pstef: why?

(i don't know of any other committee members writing about the actual process, so this is the only thing i know to link to)

c23 has some nice stuff that I'm looking forward to

strdup finally made it to ISO C

realloc of size zero is now UB

New free_sized and free_aligned_sized

#elifdef and #elifndef

#embed,

!

Yeah JeanHeyd wanted to put that into C++ but there was way too much of a political barrier

so he switched to C and got it through the back door

oh, nice

Amateur question for the group. I just upgraded from 13.1 to 13.2 and I have the following conflicts:

freebsd-version -u

read as: 13.1-RELEASE-p7

freebsd-version -k

13.2-RELEASE

I forced an upgrade of packages with pkg upgrade -f

but it doesn't seem to have done the trick

Have you tried running freebsd-update install again and rebooting again?

I ran freebsd-update install after the upgrading to 13.2, but not after upgrading the packages

I will try it now, but I thought that pkg upgrade automatically installs everything

As far as I know, pkg never affects the version of FreeBSD.

Im running the freebsd-update install again now - one moment please

How can I mount a ntfs partion? read-only would suffice.

Oh guess I found it. pkg install fusefs-ntfs

xtile, that did the trick

thanks

Glad it helped :D

question : I see freebsd.org/security/#sup where it claims stable/13 has expected EOL in 2026 however there never was a release. Why is that there at all if it does not exist?

Title: FreeBSD Security Information | The FreeBSD Project

I think you misunderstand what stable/* is

right .. but .. is there a way to be running that ?

of course, I am doing so right now

or do I need to checkout the whole source tree and then build it ?

there are weekly snapshots, but building the source is probably more common

I have a somewhat important machine running freebsd-version -ku --> 13.1-RELEASE-p6 and 13.1-RELEASE-p7

my worry is that moving to whatever the mystery 13/stable is would wreck my ZFS Zpools

if freebsd-update matters to you then you should not be thinking about switching to stable anyway

freebsd-update is only for released versions

that sort of sounds like a slap to the face. fine. okay. thank you

no, it's just pointing out the most important aspect of running stable

bah, too late

Hi, I need to install the openssl-devel library, but pkg search returns only this one: linux-c7-openssl-devel-1.0.2k_1 OpenSSL headers (Linux CentOS 7.9.2009)

I'm on 13.1-RELEASE

hm, I don't see any port for an openssl-devel

what exactly are you looking for?

Isn't the OpenSSL library on FreeBSD by default? (I may be wrong)

yes, openssl is in base

headers and all

Which header file are you looking for? try 'locate filename.h'

openssl-devel port is (was?) FIPS certified

security/openssl-devel|security/openssl30|2023-03-14|3.0 is not devel, prevent confusion with 3.1

Mm, I'm porting a Linux program that needs it, the program builds and run without any warning, but aparently it is exiting silently

Title: FreshPorts -- security/openssl-devel: TLSv1.3 capable SSL and crypto library

that port got renamed to openssl30

ah

(just a couple of weeks ago, so...)

mm, I see that the source has an ifdef LINUX...Let's try replacing that

martinrame: if it's exiting silently then start with dtruss to get an idea how far it gets

meena: thanks

dtruss is in dtrace-toolkit, and is like truss, but built on top of dtrace

meena: open("/usr/lib/libssl.so",O_RDONLY|O_CLOEXEC|O_VERIFY,014313473000) = 3 (0x3)

that's the base system's openssl

What does that 0x3 mean? was it loaded?

the 3 is the file descriptor, so it was successfully opened

at system call level, loading a .so looks like an open call, some mmaps, and a close

great, so, my issue is not related to openssl...long afternoon ahead

there's always a debugger

do older amd gpus work well with freebsd ?

I used to use a really old radeon

(and it worked fine for what I needed)

im asking cause the nvidia gpu driver is misbehaving and i dont expect it to be fixed anytime soon, so wanted to get something less old from amd so that i dont have to deal with nvidia nonsense

misbehaving in what way?

please can anybody help me with understanding this output: paste.debian.net/1279094 ? does this indicate this disk has onn EBR, but without any partitions inside?

Title: debian Pastezone

(this is what I get for "gpart show da1"

)

oo_miguel: try gpart show da1s3

gpart: No such geom: /dev/da1s3.

hm

not sure how gpart handles EBRs. let me take a quick gleg at the code

This partiions have been created via fstab from an linux distro I believe.

what does ls /dev/da1* show?

show /dev/da1 /dev/da1s1 /dev/da1s2 /dev/da1s3 /dev/da1s4

hm

And I meant created with fdisk (not fstab) of course :)

In the worst case I will put the disk in another machine running linux and check what fdisk reports..

looks like GEOM_PART_EBR is a kernel option

but it's on by default in amd64 GENERIC build

I am on arm

are you running GENERIC or your own kernel?

ah. arm or aarch64 ?

FreeBSD rpi4 13.2-RELEASE FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC arm64

arm64, ok

looking at the kernel conf, GEOM_PART_EBR is not enabled on arm64 by default, though MBR is

(same for arm (32bit), as it happens)

how/where do you see that inforamtion?

so I guess my options are 1) recompiling the kernel, which given I run it on the raspberry-pi will take ages. 2) cross compile the kernel from my regular machine (not sure If I need to do it from FreeBSD). 3) plug the disk in another machine and check there via fdisk for example

kernel compile is actually really fast.

hm, then maybe worth a try. will surely learn a lot from doing this

though maybe only if you already built the world, which is slow

iirc, there's a target to build just the kernel build tools without building the whole world, I'd have to look

Never built it yet

ah yes, make kernel-toolchain

not sure if that needs to build llvm, though. that's like 75% of the time of a world build

If a storage device (aka disk) does not have a partition table then "gpart show" will not show it, since it shows partition information.

Instead use "camcontrol devlist" to list the devices.

rwp: not relevant to this case.

I am behind on reading the scrollback but just had to volunteer that tidbit anyway.

rwp: here, it does have a partition table, just not one the kernel is prepared to deal with.

i.e. there's a top-level MBR which is recognized, but one of the partitions is an EBR, and EBR support is not compiled into this kernel

Doesn't the kernel handle EBR partitions as just a part of the MBR structure? I thought it did. But have not tested this in my recent memory. GPT FTW!

rwp: I don't know exactly what it would do if EBR were compiled in.

Hi, i have maybe stupid question, with compat/linux layer, can you use linux jail as build bot for compile linux userland ?

I'll push that onto my long queue of "try this sometime" to see.

there might be a way to get at the data without EBR if you need a one-off solution

oo_miguel: ^^

shann, Seems reasonable. Have not tried it. Might have problems if it can identify that it is running on a FreeBSD kernel in compat mode.

Better might be to use bhyve to create a full VM with the Linux kernel so that it is fully virtualized.

I need one-time solution

want to repartition the disk from scratch afterwards

oo_miguel: read-only be good enough, or do you need read-write?

I tried Linux jail before. It worked but systemd was not work.

read-only suffices

I was actually here for my own second-brain question. Have a ZFS array that think the motherboard is failing.

Was able to move the disks to another machine and import it there.

It now reports a small number of chsum errors. But no known data errors.

Question: Should I "zpool clear" first to reset the counters before running a scrub?

rwp infact, just curious if can be possible :). In case i don't have systemd on my chroot.

oo_miguel: what I'm thinking is: use gnop to create a manual slice covering the ebr region, which should then cause the first partition in it to show up as if they were an mbr inside the gnop

oo_miguel: I can do a quick test to see if this is feasible, if you like

Oh I can try myself. Do not want to bother you to much

for safety, I'd use the -w100 option to gnop (100% write failure probability) to make it effectively read-only

that way you don't risk breaking anything

sounds good

there any way to get the bit rot detection & fixing benefits of zfs on shit like usb flash drives?

shann, The compile will be dealing with files on disk. If this were my own code I feel confident it would work perfectly for me.

oo_miguel: you may or may not need to turn on the kern.geom.part.allow_nesting option in sysctl

That might need to be manually configured in order to produce something which makes a reproducible build with a native Linux compile.

But the problem is for things like autoconf automatic configuration which might make different choices based upon what it detects.

Remember that a chroot is still running the same kernel as the host system.

And also systemd files might exist in a chroot but system is never running in a chroot even in a native Linux system, or native Linux system in a chroot.

bbiab. On my question I think I will "zpool clear" to reset counters and then start a scrub pass.

RhodiumToad: It stopped there, with that being the last text.

michaeldexter: hm. I'm wondering if this is a case where you need the debug.acpi.avoid option, but I do not comprehend ACPI well enough to know what to put there.

Is that a ="1" or with parameters? I am happy to try anything.

it has parameters

I hope to have it working by BSDCan :)

Looking at the manual page...

the option tells it to avoid trying to parse a subtree (or subtrees) of the ACPI data, but I don't know the syntax

possibly someone with more experience of ACPI or this particular machine could help better than I.

rwp, yes i know for chroot and system inhib in case of chroot env :). Infact bhyve is safe choice :P.

meena: I'm aware of the sysrc module, but I'm looking for something that abstracts interfaces, aliases and routes a bit more.

Basically this, but also allowing me to set interface names: github.com/vbotka/ansible-freebsd-network

Title: GitHub - vbotka/ansible-freebsd-network: Ansible role. FreeBSD. Configure network.

spork_css: time for a pull request

hrm. i can't figure out why after upgrading dbus isn't working. only dunst and firefox use it. i tried wrapping my wm launch in .xinitrc with dbus-launch first, no dice

i see a dbus daemon. i see a session in ~/.dbus/sessionids, and i see the socket in /tmp from the current session. but my shell env and other programs that should have started don't have the dbus env var

Demosthenex: did any libraries change?

meena: i just updated from 13.1-p5 to 13.1-p7, many things changed

most things work, only this dbus thing remains

i narrowed it down, firefox and dunst can't get dbus. i added dbus-launch before stumpwm in my xinitrc, last command in the file. xdm is calling that, everything starts.

but my shells don't show the DBUS_SESSION_BUS_ADDRESS

how are you calling dbus-launch exactly?

dbus-launch --exit-with-x11 sbcl --dynamic-space-size 512 --script ~/scripts/startstump.lisp

previously i called sbcl directly

dbus "just worked", i assume xdm was starting

or it autolaunched when used

that command only sets the environment for the sbcl program

hrm

what is sbcl exactly?

crap, you're right. so if my WM spawns a process, it had dbus env. it's xbindkey that's launching things

so maybe i need to source a dbus thing in xinitrc above

sbcl is the common lisp interpreter

that starts stumpwm

ah

nice catch

so, my xinitrc never had it before

maybe xdm was starting dbus?

shouldn't do

(mine doesn't)

is in sysrc

if it's enabled in sysrc then the dbus daemon is started on boot by the rc scripts

yes, and i see that one

but i thought each user got one too

the "session"

specifically by /usr/local/etc/rc.d/dbus

yes, there's a system service, run by the "messagebus" user,

dbus-daemon --system

I don't really know much about dbus

nor i

stupid linux desktop crap

I only have it because something is forcing a dependency on it

i only run it because firefox is helpless if you don't

ie: firefox --open url:... just pops up and says already running, and doesnt' open the link

it only accepts new windows through dbus.

I never bothered to use dbus-launch anywhere, and firefox runs for me

ah, but I never tried that

opening links in emacs and mutt via urxvt all fails with firefox errors

and dunst (notify thing), doesnt' connect

i never had this before

just checked, and firefox is working for me with no per-session dbus configuration

including doing firefox ... to open a new url while an instance is already running

hm, a dbus-launch was done from somewhere

exactly. dbus can autolaunch

so the environment var doesn't seem to be necessary?

again, i upgraded from 13.1-p5 to 13.1-p7 and suddenly no dbus. i see a system level dbus. my xinitrc had no changes, i manually added dbus stuff to try and fix

i hate "magic" things. makes sense to source it in the script or launch it

I'm testing this on a 13.2-stabke

*stable

hrm, well eval'ing the output of dbus-launchin xinit looks right

emacs to firefox works, alright.

i love having a tiling WM x11 workstation, if only apps weren't so linux centric :P

i was talking about this a few days ago - annoyingly cannot open links on a running instance of firefox

(without dbus)

hey, im having a bit of trouble getting things to run with steam. Get errors when libraries are tried to be preloaded, some applications requiring GLIBC_2_27 etc. Is there a good guide on how to set this up properly?

gzar, linux binary?

its aseprite, so i think so

check this bugs.freebsd.org/bugzilla/show_bug.cgi?id=268540

Title: 268540 – emulators/linux-c7 have too old GLIBC for some software: /lib64/libc.so.6: version `GLIBC_2.26' not found (required by lwjgl/3.3.1-build-7/liblwjgl.so)

Is there a favourite pre-existing tool for automatically reporting abuse from particular IPs? Like, a thing that finds the CIDR block and contact addresses for ssh/etc attempts, emails them sets firewall rules or routes that it removes after some period, etc?

blacklistd will handle the firewalling part, and iirc it invokes scripts to do the work, so you could use those to maintain additional logs/databases to process later for reporting purposes

well, it'll handle interfacing between the daemon and the firewall.

it doesn't rely on logs though, it requires the daemon to inform it of connection attempts, and then it keeps track of the rate vs the limit

right, but sshd already has a UseBlacklist option to report its failures to blacklistd

Hmm, I'll have a look at that. A few years ago I wrote an awk script to tail my log and run ipfw rules for IPs that matched a list of conditions. But it didn't handle notifications.

notification is a much harder problem than just blocking

Whoa, blacklistd is included now. I had no idea!

yeah, it's in the base system

eh, that sounds great, but not something i feel comfortable without a remote console

you can whitelist addresses or ranges in the blacklistd config

VVD: oh man i didn't know this was such a big deal

should i try making some sort of alternative /compat/ folder with say, devuan? or something like that?

gzar, there is howto - link in comments for install ubuntu 22.04

ah ok, i overlooked it

try it

thos instructions are in russian ._.

online translators

main part is the commands

yeah it makes sense, thanks for your help

RhodiumToad: depending on the firewall you're working with, you can also use rules in the firewall configuration to whitelist IP addresses.

yes, true

ideally one would do both

Doing it in the firewall config feels more correct to me, but I'm not sure I can explain why.

doing it in the firewall config allows you to be very specific about what actually gets whitelisted

Maybe it's that adding an exception to the access control list is something that gets done as the very first step when configuring a firewall, so that you can't accidentally lock yourself out.

pkg: sqlite error while executing VACUUM; in file pkgdb.c:2333: cannot VACUUM - SQL statements in progress

huh, never seen that before

happened while doing pkg delete -a in single-user mode

and it bailed out before deleting the pkg pkg

huh.

wonder what that's all about.

ah, it wasn't supposed to delete the pkg pkg

(that would have required -f)

but it still errored

I've seen that on the issue tracker

nope, github.com/freebsd/pkg/issues?q=is%3Aissue+is%3Aopen+vacuum

Title: Issues · freebsd/pkg · GitHub