00:27:05 gn, I'm in a kind in a pinch here 00:27:51 I suspect disk may be approaching eol and corrupted some files... 00:28:01 for example, /bin/mv 00:28:58 I'm trying to freebsd-update, but it relies in /bin/mv itself 00:29:46 try adding /rescue to the start of the PATH 00:29:59 (it contains some basic utilities) 00:30:03 https://cgit.freebsd.org/src/tree/bin 00:30:04 Title: bin - src - FreeBSD source tree 00:30:14 yuripv good idea 00:33:03 well, /rescue/ is surely full 00:33:50 yuripv do have to check one by one or is there some faster way to know which of them needs to be restored? 00:34:45 well, /rescue contains a lot of utilities packed into one huge binary, so i don't think copying it over to /bin is a good idea :) 00:35:37 i just thought you could use what's there for your freebsd-update run 00:38:08 yes but I'll need /bin/mv back at some point and I'm not sure upgrade'll do it 00:38:20 I can try though 00:41:30 it seems to be working... yuripv thank you very much 01:31:24 rwp: I'm wondering whether freebsd-update is messing the flags up. but I can't easily check because there don't seem to be any updates for the image I installed 03:05:33 hi 03:05:48 hello 03:10:41 how do i find the version of the base system? "uname -U"? 03:11:50 uname -U returns the userland version. uname -K returns the kernel version. these should be the same unless you're in the middle of an update, or you failed to complete an update properly 03:11:52 dacha: freebsd-version -kru 03:12:14 seems like it is "-U", uname gets it from "snprintf(buf, sizeof(buf), "%d", __FreeBSD_version);" which comes from /usr/include/osreldate.h so it's a compile-time hardcoded setting 03:12:17 thank you 03:12:29 or you are using an i386 chroot from an earlier release 03:12:41 yes, or something similar 03:12:58 uname -U is literally the version that uname was compiled on, as you said 03:14:11 sometimes, one has to resort to using awk to grab __FreeBSD_version from sys/param.h 03:15:41 (I have tools that use that when setting up system images, since the image might be for an incompatible architecture so running the binaries isn't possible) 03:16:02 interesting 03:18:35 gah. I hate seeing things like this: 03:19:15 /* ... if no flags are set, return the empty string */ and then later, if (length == 0) return NULL; 03:22:26 dammit, am I going to have to report another libarchive bug 03:33:27 ugh, 360 open issues 04:44:37 RhodiumToad: libarchive does something pretty horrible too where it gives up creating an archive after the first unreadable file. previous tar versions keep going instead and exit with an error after having added all of the files it can to the archive. 04:47:54 eh, not sure that's a bad thing 04:51:23 what if you use tar to create backups of some directory and there just happens to be *one* zero permissions file in there. what if you have a cron job doing that unattended. it's OK that it exits with an error status at the end but I don't want it to just give up midway and not backup the other files... 05:00:58 hm 05:02:43 anyway, libarchive already has code to support "delayed error exits" but it's broken. I have a patch to fix it but it's in one of the 360 open issues lol. 05:04:41 I wish FreeBSD's pax command supported the pax file format. 05:04:48 I know FreeBSD's tar command supports it. 05:06:05 doesn't it? 05:07:09 ah 05:08:28 so that was added in issue 6, and probably nobody updated /bin/pax for it 05:10:55 I've done some POSIX-related patches for FreeBSD before but I am not smart enough to do archiver things. :B 05:11:10 I wonder if there's a way to attach the code or backend that tar(1) is using to pax(1) 05:11:19 the libarchive code 05:15:01 but yeah, pax format is cool, it doesn't have a tiny 4GB (4GiB? something) file size limit like ustar does 05:16:18 whenever i try to back up a file system with the ustar format i run into that issue pretty often 05:16:34 so I switched to just doing ZFS backups and rsync backups instead of .tar ones, when possible. 05:19:12 pax is a separate program and not a client of libarchive, converting the libarchive code to work with it is probably not easy 05:19:41 * xtile nods. 05:19:44 True. 05:20:56 that actually sounds like a useful project though. 05:22:02 for some reason I thought libarchive provided a pax(1) implementation, but on second glance at contrib/libarchive I think I was actually thinking about cpio 05:22:46 Yeah, I know both tar and cpio use libarchive on FreeBSD. (meaning cpio(1) also supports pax format!) 05:23:28 getting that libarchive error issue fixed would also be good. 05:26:19 (the bug I was looking at is trivial by comparison: it was just the fact that the entry_get_fflags_text returns NULL for "no flags", whereas entry_set_fflags_text looks like it would segfault if passed a NULL string) 05:28:56 Aha... 07:32:07 otis: I've not solved my problem with Hetzner VSwitch and VLAN, ping doesn't work yet: I've dropped FIB 1 and here there is output with arp -rn: 07:32:07 http://paste.scsys.co.uk/9088 07:32:07 Have you more hint? 07:32:08 Title: magnet_web paste from Someone at 217.168.150.38... 07:36:32 it might be interesting to tcpdump to find out what those incoming packets on the vlan are? 07:37:48 RhodiumToad: thank you, I'll do and report 07:39:59 I would use tcpdump on em0 with 'vlan 4000' as the expression, including the -e flag 07:41:26 RhodiumToad: thank you 07:45:10 there's another host on this vlan somewhere? if so, you could try pinging from that, and seeing whether you get arps or icmp or both 07:46:07 Even though I limited my sshd port on my server only to my home IP, by PF on FreeBSD, (and I checked with different IPs to see if the port is open/available to connect - it was not), I still have logs like: sshd[40074]: error: PAM: Authentication error for root from static.152.126.12.49. Any idea? 07:57:55 I assume that's not your IP? 08:02:10 anyone know how to get tar to display file flags? 08:11:27 RhodiumToad: No, it's not. That's why I'm wondering how come it can reach to my sshd.. 08:11:48 I'd guess an error in your pf configuration then 08:13:34 RhodiumToad: The line is: pass in on $ext_if proto tcp from my.ip.ad.dr to any port 22 flags S/SA keep state and it seems it does the job, the port is not open to anything else than my IP 08:13:43 *double wondering 08:14:17 there's no line anywhere else that could pass the traffic? 08:17:41 RhodiumToad: Well.. Don't think so? Here's my pf.conf file: https://bsd.to/Mb7U/raw 08:17:42 Title: Mb7U 08:18:57 is anything in the whitelist? 08:19:13 Checked for that IP, it isn't there. 08:19:30 The IP from the "sshd[40074]: error: PAM: Authentication error".. line. 08:19:33 is anything there? 08:19:42 Yes 08:19:56 IPs of Cloudflare and my dedicated server provider's DNS. 08:21:59 any of them with prefix ranges? 08:23:09 what freebsd version? 08:36:34 hm. it shouldn't be possible for sshd to report "static.152.126.12.49." as the remote host, unless there's more to the message than that 08:36:40 howdy, I have an issue with a pfSense instance spun on a VPS https://termbin.com/feaf 08:37:48 in ifconfig output, after that `/sbin/ifconfig ovpns1 192.168.30.1 192.168.30.2 mtu 1500 netmask 255.255.255.0 up` I see ovpns1 is there but not configured 08:38:09 the previous messages suggest that tun1 is already in use 08:39:05 I guessed that, not sure what "In use" means here though 08:39:53 from https://man.freebsd.org/cgi/man.cgi?ifconfig I see that syntax is the `create` one with address and dest_address 08:39:54 Title: ifconfig 08:40:36 if I try to run the command again now that I see an unconfigured ovpns1 in ifconfig output, I get `ifconfig: ioctl (SIOCAIFADDR): File exists` that seems appropriate 08:40:41 does fstat /dev/tun* /dev/tap* return anything? 08:41:23 nope, just the headers 08:42:13 I'm not sure then. 08:42:48 maybe unconfigure the interface and try again 08:43:36 eh, I wish I was able to 08:43:47 ? 08:43:55 but I am looking for the actual issue now that you pointed it out, got a couple promising results 08:44:28 I mean I am not familiar with freebsd, more importantly with pfSense, I have little idea what is it doing 08:44:34 ah right 08:44:40 unconfigure the interface you meant removing ovpns1 ? 08:44:45 no 08:46:26 RhodiumToad: FreeBSD 13.2 + there're CIDR ranges as well, yes. But the reported IP is not in there. 08:47:11 tercaL: was "static.152.126.12.49." the actual end of the message or was there more? 08:48:28 RhodiumToad: Randomly getting only a single line (but the same IP/Host) in auth.log file: May 11 08:11:00 sshd[58811]: error: PAM: Authentication error for root from static.152.126.12.49.clients.your-server.de 08:48:38 Nothing else related to it. 08:48:43 tercaL: what IP were you assuming that referred to? 08:48:50 ah ok, I see the few results I found had a mismatch between daemon reported status in interface due to wrong PID stored in file 08:48:57 tercaL: (because the actual IP there is 49.12.126.152) 08:49:03 tercaL: hello, fellow Hertzner 08:49:48 RhodiumToad: Aahh, my bad.. So it's reverse, forgot about it.. 08:50:03 anddam: Hello. 08:50:12 RhodiumToad: the only unconfigure reference I found is `ifconfig -tunnel` 08:50:15 with UseDNS on in the config, which I think is the default, sshd will log a verified hostname rather than an IP 08:50:21 RhodiumToad: Thanks a lot! *blushes 08:51:03 I assume the actual IP is indeed in some whitelist, explaining the result? 08:51:26 exactly. 08:51:29 That's it. 09:53:35 ‎ 09:59:31 10:21:56 Heuy guys, I got a small problem on an HP 10-bay server. The machine has two internal SATA drives which are setup as a ZFS mirror for the OS and 10x SAS drives in the bays. The server boots fine from the internal SSD mirror when I remove the drives. However, when I leave them in it is unable to import the zroot pool. So I took the drives out, rebooted, all wennt fine. Then I inserted the disks (hotplug) and then 'zpool import' shows the disks but it seems like they 10:21:56 have a left-over zroot on them from an earlier experiment. 10:22:38 I do know that previously I wanted to have the zroot on those 10x bay disks but I abanonend that idea. presumably there is some 'zroot' pool identifier leftover. How would I go about cleaning this up or resolving it in general? 10:23:21 dd some trash on the first few sectors or these drives? 10:24:38 gah, be careful :-) 10:24:55 what do the partition tables of those drives look like? 10:25:31 and is there supposed to be any data on them? 10:25:34 RhodiumToad, each of those 10 drives has only one partition of type 'freebsd-zfs' with index 1 and a corresponding glabel 10:25:55 RhodiumToad, nah, I can trash the drives and start over - but if I don't have to I'll gladly learn about that :p 10:26:54 what does zpool currently say? 10:27:46 RhodiumToad, https://bsd.to/Se1A 10:27:47 Title: dpaste/Se1A (Plain Text) 10:27:59 RhodiumToad, first one before I inserted the disks, 2nd one after inserting the disks :D 10:28:19 RhodiumToad, this one is better: https://bsd.to/Se1A/raw 10:28:20 Title: Se1A 10:30:35 ugh 10:30:38 exactly. 10:31:36 I think what's happened here is that when you did the "earlier experiment" you were adding daN to a pool directly rather than via a GPT partition (i.e. gpt/blah or daNpN) 10:31:47 exactly! 10:31:58 and the result is that there are two sets of metadata blocks on each disk, at different offsets 10:32:09 jup 10:32:53 if the "storage" pool is empty, then by far the easiest fix would be to wipe the lot and start over 10:33:24 indeed 10:33:29 how far in do I have to wipe the disks? 10:33:50 well, there's another option, let me check it first 10:34:28 it's possible that careful use of zpool labelclear might be your friend, let me just check its code 10:35:22 much appreciated :) 10:36:10 dammit, where does the zfs source code live these days 10:36:28 ah right 10:42:36 ugh. that won't work 10:43:09 to be precise, labelclear of the faulty labels stands a good chance of clobbering something relevant on the functioning pool 10:43:35 that is reasonable - I mean this is a pretty gnarly scenario 10:43:40 I'll just start building the pool from scratch. 10:43:57 how far in do I have to dd each disk? 10:44:09 to wipe everything, what I'd do is gpart delete / gpart destroy on each, 10:44:25 that is what I did AFTER my initial "experiment" 10:44:29 that is what got me here :p 10:44:36 then dd zeros over at least the first 10 megabytes, 10:44:46 aye 10:44:51 maybe more like 64 if you want to play safe 10:45:02 I do like to play safely 10:45:30 gpart destroy should suffice tho, right? no need to gpart delete first? 10:45:33 in particular, anything less than 4 megabytes is likely not safe, zfs seems to like to leave big chunks of padding at the start of the disk 10:46:04 I guess destroy -F would do it 10:46:26 (without -F it wants the partition table to be empty first) 10:46:55 GPT puts a partition table at the end as well as the start, so you have to do the destroy as well as wiping the start of the disk 10:47:57 gotcha - thanks! 10:47:58 on it now 10:50:42 * RhodiumToad wonders why the installer creates a freebsd-boot partition on an EFI install 11:00:10 hmm, I never noticed that 11:00:25 just wanted to say that that is maybe just the ESP but nope. there's clearly an EFI and a freebsd-boot on my systems too 11:05:00 time to figure out how to turn on the location LED on a HP server 11:06:17 * RhodiumToad almost always manually partitions stuff, but installed a VM image with zfs recently for kicks 11:06:24 sesutil is not doing it because apparently this enclosure doesn't have a SES device 11:06:29 (or I am lacking some freebsd support) 11:08:02 ses device is supposed to be built into the generic kernel 11:08:28 hmm, I have almost no HP server experience 11:08:37 the controller seems to use the ciss driver 11:08:44 ah. 11:09:16 is there a way to turn on the location LED for a particular disk with/via/through ciss on FreeBSD? 11:11:16 I don't know 11:17:06 RhodiumToad, the server now boots successfully with the storage pool. thanks for helping out! 11:18:06 you recreated the pool after re-partitioning the disks? 11:18:18 jup. and overwriting the first 200 MB on each disk 11:18:39 zpool create did complain about an already existing pool afterwards tho. but -f took care of that 11:18:57 ... huh 11:19:43 yep 11:20:01 my assumption was that zfs keeps pool info in multiple places - not just the first few megabytes 11:34:39 jbo: you should use zpool labelclear to get rid of the labels (yes, there are multiple ones, you can see them using zdb -lll vdev) 11:35:18 that's not likely to be a good idea if there are overlapping zpools 11:35:50 i.e. the result of doing two creations at different offsets from the start of the device 11:36:07 as happens if you use daN the first time and daNp1 the second, etc. 13:12:57 btw is pfsense in topic here? 13:13:55 I felt asking since I was having issue with the tun interface, so seemed pertinent to the actual underlying system 13:14:44 RhodiumToad: what did you actually mean with "unconfigure the interface"? 13:15:07 I mean 1) which interface was that and 2) how do I unconfigure an interface? 13:16:03 either removing the ip address from it and marking it down, or destroying and recreating it 13:18:21 oh that's what I figured, but you said the iface was not ovpns1 13:22:33 that's the name it's been given? 13:32:52 are you guys using any utility to manage your bhyve VMs? 13:33:03 can anybody recommend vm-bhyve or similar? 13:34:22 I have heard positively connotated mentions of vm-bhyve, does that count? 13:39:06 seems like klarasystems would also "recommend" that 13:39:19 I've been using sysutils/cbsd for years - want to try some other options tho 13:53:26 is it possible with rsync to strip the first directory level/path from the destination ? 13:54:07 aka: rsync -avR host::export/files.12.5.2023/dir1 /bkp/ 13:54:20 right now it also creates files.12.5.2023 under /bkp/ 13:56:41 just the first? 13:57:01 last1: when using rsync the trailing slash matters! 13:57:03 sed/awk/cut ... run it into a variable and run rsync against that ? 13:59:29 it's not a trailing slash matter 13:59:35 yes, just the first 13:59:52 I've read through the options but I don't think rsync can do any kind of path conversions 13:59:59 thought I'd ask here anyways 14:00:07 rsync -avR host::export/files.12.5.2023/dir1/ /bkp/dir1/ 14:01:31 that also brings over the files.12.5.2023 part 14:01:59 the only real solution I found so far was to change the export path in source host to serve directly from 12.5.2023 directory 14:02:18 and then I can simply do: rsync -avR host::export/dir1/ /bkp/dir1/ 14:02:28 but that means I have to change daily that rsyncd config :| 14:07:28 dunno if this will help ya but https://rsnapshot.org 14:07:29 Title: rsnapshot | rsnapshot 14:08:25 I think that's just an rsync wrapper 14:09:07 last1: lose the -R 14:10:19 -R specifically tells it to use all path components of the source in the destination name 14:18:47 RhodiumToad: yes it was, I figure my issue is due to the custom virtual networking Hetzener is providing 14:19:27 where each host in the same network is actually routing through a hetzner additional host https://docs.hetzner.com/cloud/networks/faq/#how-do-i-setup-my-own-router 14:19:30 Title: FAQ - Hetzner Docs 14:20:59 in the diagram I have host A and B, C is not configurable but the route for 10.0.0.0 has to use 10.0.0.1 as gw 14:37:58 sounds like a hetzner support issue to me 15:22:55 RhodiumToad, losing the -R also loses all other path levels 15:23:16 so if I'm transferring host::export/dir1/dir2/dir3 , it will effectively create just dir3 on the destination 15:23:39 I was looking for a way to just lose the dir1 but keep everything else 15:45:59 CmdLnKid: yep, I am reading IRC only once in a while but I came to the same conclusion 15:46:04 filing a ticket right now 17:41:07 when I do a zfs send | zfs receive between two machine, zfs print a line like :10:40:32 188K rz2_pool/homes@2023_04_21 17:42:00 does that really mean it's transferring 188K per second? I mean these two machine are connected via 10G 17:42:31 it's only transferring like 80G and it's been running for days. I don't even know how to begin troubleshooting this 17:50:51 are there performance/security considerations for encrypting partitions and creating a gmirror on top of multiple .eli devices as opposed to creating the mirror on unencrypted devices and applying geli on the mirror device itself? 18:04:59 additional question: is there by now a mechanism to limit which boot-flagged geli devices a passphrase prompt is shown for? i'm extensively using gpt labels and associated my keys to the gpt labels as well, so all the prompts for /dev/ada* before that are extremely pointless and take a lot of time… 18:06:23 i just stumbled onto the man page of check-password.4th, but i'm not sure if that isn't what's doing the prompts i'm already shown. 18:06:53 someone in here used any good 3d printer slicers w/ freebsd? 18:15:13 phryk, unsure in your case if this would help but there has been some TPM work done that i seen recently ... https://papers.freebsd.org/2019/bsdcan/stanek-improving_security_of_the_freebsd_boot_process/ 18:15:15 Title: Improving security of the FreeBSD boot process: TPM and Secure Boot in FreeBSD :: FreeBSD Presentations and Papers 18:15:38 phryk: you on EFI? 18:15:49 im sure there are more sources out there but essentially you could store your keys in the tpm and totally get rid of the password prompts 18:16:02 CmdLnKid: was that a reply to my last question or my secure boot question from a couple days ago?^^ 18:16:25 just general information on your last question 18:16:37 [if-it-helps] 18:16:55 CmdLnKid: oh no, i want the prompts to be there. but only ask once for the passphrase and not try to attach all the ada* devices which have no associated keyfile anyhow… 18:17:14 aaah ok 18:19:20 like, i have like a dozen geli devices that get attached, but it keeps asking for adaxpy for every single disk before it even tries going through the gpt labels that actually have the keyfile associated. it always takes like 5 minutes of just pressing enter, entering the passphrase once and doing the same for every single drive when booting. :F 18:19:48 it's a nightmare tbqh^^ 18:20:50 meena: yes. well maybe not yet, but i just did the efi setup for the zfs->ufs migration i'm doing. 18:21:48 if i could tell geli to either only attach devices with an associated key or only attach devices in /dev/gpt/ that would both work for me. 18:24:31 linux crypto thing with all its limitations is a lot more flexible on that regard 18:29:42 mhh, apparently there a multiple loader(8)s? how do i find out and/or set which one is used? 19:09:18 mhh, i get to attach my geli devices, but then i get "mountroot: unable to remount devfs under /dev (error 2)" and "mountroot: unable to unlink /dev/dev (error 2)" – anybody got an idea what that actually means? 20:40:54 /dev didn't exist, so it couldn't mount. new setup is now booting. still have to do some adjustments with stuff that's mounted into jails, but i got the music jail all set up and that's the important thing. :P 21:55:56 Music in jail, what a luxury 21:58:17 * rwp muses that it must be jailhouse rock music... 21:59:06 that reminds me that Sumerians invented jail. or rather, they were the first ones to document the invention of jail, after inventing writing 22:14:06 ugh. activated that geom_eli_passphrase_prompt option in loader.conf and now it refuses to recognize my keyboard ¬_¬ 22:22:23 ffs can't even get into the uefi menu anymore. what the fuck does that option *do*?! 22:24:00 thought it was maybe the terminal->usb adaptor or the usb switch i have, but plugging in another keyboard directly via usb gives me the same result… machine is basically bricked. 22:27:10 okay, i just broke the keyboard in half. 22:45:44 broke it in half like this? https://www.youtube.com/watch?v=XScUYxLFt-U 22:45:45 Title: why is this weird keyboard so good? - YouTube 22:55:08 okay, so that passphrase option apparently blocks the system from initializing usb hids. and when i got that unfucked of course it doesn't even work and just throws away the collected passphrase because the dumb pos tries attaching devices it doesn't have keyfiles for first. genius. 23:04:52 phryk: this sounds like a bug 23:05:00 or two bugs 23:08:38 meena: i don't think so, just the result of lackluster engineering. uefi was set to skip usb initialization, wasn't ever a problem because loader or whatever would happily do the initialization… if it wasn't blocked. 23:09:22 as for the passphrase being thrown away if it doesn't work once, that's normal geli behavior. 23:10:45 geli is just a bit shit from a user perspective… :| 23:11:49 i'd try and contribute something, but i just looked at the code and it's not only pretty opaque to me, but also looks ugly as sin to me as someone who never did a lot with C. 23:12:24 he he he 23:12:40 all C code is like that 23:13:41 you can put some lipstick on the pig, but the next version of the mirror will just smear it into a grimace 23:14:31 like, there's a function definition (code style looking wonky af i will admit is subjective) and afterwards there's a SYSINIT(…) call in the root scope of the code? like, i wasn't even aware that's possible (maybe it's a preprocessor macro or something?) but it for sure doesn't look like clean code.^^ 23:14:57 link? 23:15:21 err, g_eli.c line 121, possible from 10 years ago? 23:15:28 i just looked into my /usr/src/sys 23:16:44 https://cgit.freebsd.org/src/tree/sys/geom/eli/g_eli.c?h=stable/13#n124 23:16:45 Title: g_eli.c « eli « geom « sys - src - FreeBSD source tree 23:17:22 was hoping i'd stumble onto some undocumented loader hint or something… 23:18:13 anyhow, i wanted to actually be done with this and start my actual work… 7.5 hours ago ¬_¬ 23:20:40 I would open a bug. usability bugs are still bugs 23:31:42 not quite sure, but i think i already opened one about the geli+gpt stuff like a decade ago. 23:52:03 and the old setups zpool doesn't get imported even though the geli devices are all attached and i got zfs_enable="YES" in my rc.conf… i hate computers. T_T 23:58:43 Hi! anyone has a tutorial link to migrate a virtualbox (.vdi) and get it running on vm-bhyve ?