03:53:29 https://issue.freebsdfoundation.org/publication/?i=794483 03:53:30 Title: FreeBSD Journal DE May/June 2023 10:04:15 Q. Is there a shorthand to `su` to another user, but using a non-default shell? I basically wants effects of `-m` (w.r.t. env vars), but using /bin/sh instead of the default /usr/sbin/nologin. 10:04:37 Err. The effects of `-l`. 10:04:54 Ideally `-l`. But `-m` works. 10:08:27 I just realized I mangled two questions into one. 10:08:37 1) Using an alternative shell as another user. 10:08:46 2) Wiping env vars, login shell-esque. 10:24:14 I know there's `doas` in ports, but I'm looking for something in the core system. If possible. 10:26:33 su user; exec /whatever/shell; . /shell/rc 10:27:05 parv: `su user` won't work when the account has /usr/sbin/nologin. 10:27:17 I guess I can with `-m`. 10:28:16 But that still leaves all the old envvars. 10:28:27 (tl;dr I need to do some tasks as `www`) 10:28:51 I could temporarily `chsh` it, but I'm asking about a different solution, something more elegant. 10:30:04 There is allowance for a specific login class via "-c" option 10:32:39 Just noticed "-l" & "-m" options are mutually exclusive 10:51:41 They are, yes. 10:51:49 (-lm & -ml was the first thing I tried) 10:53:28 I still get "This account is not currently available." if I just try -c. `-m -c` does not clear env vars. 11:05:53 DarkUranium: you could take a look at what rc.subr does 11:06:03 (short answer: It commits crimes.) 11:06:29 lmao 11:07:48 here's a snippet: limits -C $_login_class $_limits nice -n $_nice setfib -F $_fib env $_env chroot -u $_user -g $_group -G $_groups $_chroot command... 11:07:53 and that's a sanitized version 11:08:28 i think env wipes the ENV, but I'm not a 100% on that 11:09:00 i think I copied the wrong line 11:12:14 oh, right, env -i PATH=$PATH HOME=/home/user su -m -c /bin/sh -c blah should give you a clean environment 11:12:35 note that we execute env -i to clear the environment, and su -m to leave it unmodified 11:12:45 DarkUranium: that criminal enough to work for you? 11:15:38 prob want to set TERM too 11:18:44 llua: i haven't scrolled back far enough to figure out what they're trying to do. I just provided an example 11:19:58 * meena goes actually looking at rc.subr and immediately takes a fork to her eyes 11:20:00 wtf. 11:37:03 llua: and USER+GROUP 11:41:21 * DarkUranium gave up and just installed `doas` 11:44:06 DarkUranium: probably a wise choice given the amount of hacks you'd have to layer on top of each other to make this work. 11:44:41 I feel like FreeBSD *should* have something of this sort in the core. 11:44:47 Akin to GNU's `su -s` 11:45:02 (not a fan of GNU normally, but that's one of the first things I ever missed!) 11:46:02 DarkUranium: patches welcome… I'm busy with planning to rip out all of /etc/rc.* and burn it down in a cleansing ritual 11:46:18 lmao 11:46:34 (alternatively, `doas` in core would also work, but y'know) 11:46:34 maybe replace it with something less sh-it. but first, I just want to burn it all down. 11:46:41 Understandable. 11:46:50 Well, rc.d isn't too bad. But a lot of the rest is. 11:46:58 have you read /etc/rc.subr? 11:47:03 I wish I hadn't. 11:47:12 What I mean is, the service stuff in /etc/rc.d isn't too bad. 11:47:13 i say that every time i do 11:47:15 Ha. 11:47:26 Obviously, you should just switch to systemd (/s) 11:47:31 yeah, that's not too bad, but some services do waaaaaaaaay too much 11:47:31 (lots and lots of /s) 11:47:36 Fair. 11:47:53 DarkUranium: systemd isn't too bad. I just don't like the design, the implementation, the documentation and the community management. 11:48:19 the idea is okay, but the idea is nothing new, and probably something we desperately need. 11:49:15 Solaris has had it for 10? 15? years? When was Solaris 10 released? 11:49:36 Windows (NT) has had it since probably … ever. 11:53:25 and AIX. Not that this is any form of recommendation 11:55:45 jgh: yeah, i've used AIX for about 2 weeks, and that was more than enough. 11:55:55 OTOH, that might have had to do with the environment i was in… 12:10:40 Mmm aix 14:09:10 mmmm aix 14:09:42 AIX and pains 14:10:03 i'd say it's the gold standard for what it does. but its only a server, not a desktop. 14:10:11 boring. stable. unchanging. 14:14:21 really wish more of my customers made the low end systems all freebsd, with critical big produciton on aix. it'd be a remarkable world 14:14:36 they can keep linux on the desktop, where it only affects one user at a time 14:14:54 since that's been the goal of all the linux distros. dumb linux down until it's only suitable as a desktop 14:15:50 i'm surprised between gnome and systemd they didn't just say "run everything as root, we only want single user anyway" 14:28:30 Has anyone managed to get Passbolt to run successfully on FreeBSD? 14:33:44 (or, alternatively, know of good self-hosted password managers) 14:35:35 DarkUranium: pwsafe. 14:36:02 Seems to be Windows-only? 14:37:15 https://github.com/nsd20463/pwsafe 14:37:16 Title: GitHub - nsd20463/pwsafe: commandline tool compatible with Counterpane's Passwordsafe 14:37:25 single binary. single file. only clipboard integration. 14:37:41 no hosting, no servers, no browsers, no web servers, no networking, no frills. 14:38:10 DarkUranium, I use keepassxc. 14:38:33 it's a pkg too! nice. pwsafe-0.2.2.b.196 14:38:33 Demosthenex: well, I need something that works on my phone + desktop + laptop. hence, hosted. 14:38:44 syncthing + pwsaf.e 14:39:07 i can't endorse any network enabled password manager. it's just a disaster waiting to happen 14:41:41 first post freebsd-update ... the console is hung after "32-bit compatibility ldconfig path: /usr/lib32" ... no errors I can see ... do I just power cycle again and hope for the best? 14:41:58 *first reboot 14:42:06 markmcb: from what to what? 14:42:14 13.2-p0 to p1 14:42:30 try again, and if that doesn't work, bectl back a version 14:43:02 ok, will do, thanks 14:45:49 Demosthenex: I use Seafile, but that's kind of a problem for Android. 14:46:21 i hadn't seen that one before 14:46:29 i was using nextcloud... but i'm about to ditch it 14:46:52 Demosthenex: it booted after the 2nd power cycle, thanks 14:47:16 i think that i can replace it with radicale, syncthing, and keep ejabberd 14:47:23 +1 for Syncthing 14:47:34 markmcb: i was hesitant regarding syncthing 14:47:43 but after i reviewed it a bit more, it seems ok 14:48:06 my nextcloud instance on devuan is STUCK at v23, and v26 is current. they provide no upgrade path at all 14:48:30 i'd need to upgrade 23 to 24, 24 to 25, 25 to 26. and that requires a php upgrade which i can't do because that devuan is out of support, completely 14:48:49 i've been running syncthing for years with 20TiB+ data, it's been solid for me 14:48:49 it's not worth the hassle to do a manual compile/install 14:49:11 markmcb: i was suspicious of the server, port forwarding, whether it was also diseased with webdav, etc. 14:49:20 i think my only lingering reservation is that it uses go 14:51:59 one thing i've noticed is it seems slower to notice file changes on freebsd vs. linux. i don't know all the file watching details, so not sure why. everything else seems the same. 14:54:20 markmcb: may need to check what technique it's using to watch for changes. inotify, etc. its different on linux vs freebsd 14:57:38 yeah, kqueue i believe is the freebsd mechanism. it's not bad, but i've noticed if i change a few big files at the same time, it can be several minutes before ST on freebsd notices and begins to act. not sure if that's a watching issue, or something else going on. it all still works fine though. so it's a minor gap. 14:58:35 i think for mobile sync ST shouldn't react instantly 14:59:47 anyway, nextcloud has been such high maintenance and flips over versions so fast, and my users really only used the web interface to exchange files on occasion, i think i can do better to separate ejabberd to standalone, syncthing for files if needed, and radicale for caldav/carddav sync 15:00:26 worst part is the addon apps for nextcloud seem to break every version upgrade, so it's really high maint 15:04:00 guess i shouldn't expect much from php :P 15:09:28 not sure who handles the website, but the RSS links on the security feed have an extra "/" after the domain, e.g., https://www.freebsd.org//security/advisories/FreeBSD-SA-23:05.openssh.asc 15:09:57 it made the cli browser "links" get stuck in a redirect loop 15:54:49 I submitted a bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272132 15:54:52 Title: 272132 – Extra Slash in RSS Feed Item Links 15:55:05 Does that make me an official FreeBSD'er? lol 16:15:26 markmcb: that shouldnt matter 16:15:46 it does because it triggers a redirect on the server 16:17:28 i.e., open that double slash link and you'll see it redirect to the correct single slash URL 16:18:30 if you open it in links, you'll get: Error loading https://www.freebsd.org//security/advisories/FreeBSD-SA-23:05.openssh.asc: Cyclic redirect 16:20:00 That's a feature not a bug 16:20:38 kqueue as a file change notification mechanism only works well on small trees 16:21:02 the lack of a mechanism that works on large trees is a source of constant annoyance, to me at least 16:21:24 can anyone explain how to fix this error? https://ibb.co/xGWw4fW 16:21:26 Title: vmplayer-X16-PWp-AUx-P hosted at ImgBB — ImgBB 16:22:06 what's the error? 16:22:32 usb ethernet card link state toggles between up and down very quickly 16:22:45 I mean, it's reporting that the ethernet dongle is reporting that the link state is changing 16:23:13 is the cable properly connected? is the device on the other end good? 16:23:16 is it just a warning message? 16:23:30 yes, i tested the usb ethernet adapter in windows and it works fine there 16:23:43 what type of device? 16:24:21 i tested it on an intel mini PC and also in vmware using a virutal machine 16:24:39 what type of device is the ethernet adapter? 16:24:44 USB 16:24:48 gigabit 16:25:57 usbconfig -d ugenX.Y dump_device_desc (use usbconfig on its own to see the ugen* ids by device) 16:28:03 cpet: not sure if you're joking or not, but i'm fairly certain a path starting with // is invalid as that is reserved for the authority component, i.e., /path//to/file is ok, but //path/to/file is not 16:29:03 what' 16:29:15 what's the command to force an adapter to get an IP address via DHCP? 16:33:45 dhclient ue0 worked 16:41:19 markmcb, As a practical matter I do not see any error with lynx (you mentioned lynx) with that URL. It gets the redirect, follows it, and then displays the contents. Works for me. 16:42:10 rwp: i used links, no lynx 16:43:23 links not lynx. Gotcha. I can reproduce the problem. This appears to me like a bug in links. 16:44:53 perhaps. it's still a malformed URL regardless 16:45:03 a redirect should not be required 16:45:11 can someone gets weigh in on this bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272129 ? 16:45:13 Title: 272129 – rc.d/kld should run before rc.d/sysctl 16:45:58 I definitely agree that if the source is fixed to not include the troublesome //security then the problem will be avoided. 16:46:29 the claims in https://reviews.freebsd.org/D25601 feel counter to everything I've read here, and in rc.conf(5) and loader.conf(5) 16:46:30 Title: ⚙ D25601 rc.d/kld: Set sysctls after loading modules. 16:47:53 rwp: just did a curl -I. the redirect looks correct, i.e., 301 with the correct path. so you're right, it's probably a links bug too 16:48:30 chris@daemon:~ % cd // 16:48:31 chris@daemon:/ % cd /// 16:48:31 chris@daemon:/ % cd //////// 16:48:31 chris@daemon:/ % 16:48:36 you sure about that ? 16:48:51 that's not a URL :) 16:49:24 cpet: not sure if you're joking or not, but i'm fairly certain a path starting with // is invalid as that is reserved for the authority component, i.e., /path//to/file is ok, but //path/to/file is not 16:49:33 now youre mentioning URL's 16:49:56 cpet, Also a caution that in file system namespace exactly two slashes at the front "//foo" is special because that designates the next thing to be a hostname in some network file system environments in a system dependent or system defined context. 16:51:07 But markmcb is talking about URLs and in the source HTML emitted whether it is pedantically allowed there or not having that cleaned up would avoid the problem with links entirely. 16:51:55 And then I think additionally links is not handling the redirect correct. I did not look at the code but it appears by behavior that it has a / on the end of the hostname and then appends the Location redirect header location to it. 16:52:51 bleh he said path path != URL 16:53:12 How come I understood that it was a URL all along then? (shrug) 16:54:47 cpet: path is a component of a URL 16:54:58 is it now ? 16:57:08 It is described that way. Yes. https://en.wikipedia.org/wiki/URL 16:57:09 Title: URL - Wikipedia 16:57:31 A path component, consisting of a sequence of path segments separated by a slash (/). A path is always defined for a URI, though the defined path may be empty (zero length). A segment may also be empty, resulting in two consecutive slashes (//) in the path component. A path component may resemble or map exactly to a file system path but does not always imply a relation to one. If an authority component is defined, then the path 16:57:32 component must either be empty or begin with a slash (/). If an authority component is undefined, then the path cannot begin with an empty segment—that is, with two slashes (//)—since the following characters would be interpreted as an authority component.[18] 16:57:41 I'm updating a FreeBSD 13.1 host to 13.2 - does not boot. I get "Mounting from zfs:zroot/ROOT/FOO failed with error 6" - it boots fine back into 13.1 using that old BE. It was suggested it might be an old ZFS label. Details at https://twitter.com/vmisev/status/1671532851462914048 16:57:41 Historically the reason why file system //something is special is Apollo Domain Aegis OS used it for their networked file system. And so POSIX wrote that as allowed into the standard spec. Though no living OS uses it that way now I suspect that some day some OS will start using it that way again. 16:57:42 Title: Vladimir Mišev on Twitter: "@DLangille pls see: https://t.co/OTo1FJknGt" / Twitter 16:57:43 ok cool 16:58:03 markmcb: looks like it's just links incorrectly handling redirects? the header looks fine and it works with any other browser 16:58:52 twitter is a sin of all sins 16:58:55 or something 16:59:05 Two problems: 1) URL format problem 2) links redirect handling problem 16:59:24 im sure the PR is enough and itll get fixed when it gets fixed 16:59:27 moving along 17:01:11 I admit to being quite annoyed with the terseness of "failed with error 6" which I have seen myself before too. 17:02:45 It looks like the system is a GPT system. The GPT labels appear to be null, listed as "(null)" there, so no idea what was used to create the pool. 17:02:59 in what context? 17:03:24 Context: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271989 17:03:26 Title: 271989 – zfs root mount error 6 after upgrade from 11.1-release to 13.2-release 17:04:24 Oh, it's nvd0p3 and nvd1p3 using the disk slices. Gotcha. Those are probably stable but can move. Using GPT labels is a recommended best-practice to avoid that but either should work okay. 17:05:20 Going directly from 11 to 13 skipping 12 makes me too nervous for words though. If it were me I would upgrade from 11 to 12 verify things are happen, zpool upgrade at that point, verify still happy, then upgrade from 12 to 13. 17:06:10 dvl, Is there a reason to skip 12? That would seem to be the more well traveled path. 17:08:16 that wouldn't have helped 17:09:02 rwp: I am not skipping 12. The PR is not mine. 17:09:20 rwp: It was suggested it MIGHT apply to my situation. 17:09:43 I have booted with zfs debug on. Reading my screen shots from that now. 17:11:05 rwp: FYI, those are not my disks either. ;) 17:21:41 I am getting guid mismatch on boot. 17:24:16 https://twitter.com/DLangille/status/1671569674419437596 17:24:19 Title: Dan Langille @dvl⊙bn on Twitter: "@vmisev This does not seem reasonable. guid mismatch https://t.co/2SQtkGh8iG" / Twitter 17:25:15 can you show the messages around the very first attach 17:29:02 RhodiumToad: I may have missed them, but I have more screen shots to share 17:31:13 RhodiumToad: first one I got: https://twitter.com/DLangille/status/1671571405672939537 17:31:16 Title: Dan Langille @dvl⊙bn on Twitter: "@vmisev I'll now post all the screen shots I have, in order. 1.07.16 PM https://t.co/GXYlgukAoQ" / Twitter 17:35:05 running out of battery here This is going on hold until later. I will read what you say later. Thanks. 18:43:31 i see the release notes for major releases. is there something similar for p1, p2, etc.? or just the errata on the release notes? 18:51:41 Security notes are for patch releases 18:57:38 got it. so there's no consolidated view of everything that changed with 13.2-RELEASE-p1 on the site, it's just the collection of advisories? 19:13:09 Isn't that what a patch release is ? 19:16:47 I don't know. This is my first patch with FreeBSD. The system gave a list of everything changing when I did the update. I'm just wondering if there's a web link to something similar, i.e., "p1" resource. As far as I can tell, there is not. 19:20:10 the problem i reported earlier appears to be in opnsense, not freebsd 19:20:15 https://github.com/opnsense/core/issues/6628 19:20:18 Title: USB Ethernet Link toggles between up and down repeatedly · Issue #6628 · opnsense/core · GitHub 19:20:18 6628 – Tyan Tomcat III locks SMP-GENERIC kernel, 3.0-980426-SNAP https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=6628 19:22:00 with packages like samba413 / samba416 etc, can I tell pkg to just install the latest, and also upgrade to newer ones? 19:22:21 like just, samba-latest 19:22:33 when the version number is part of the package name like that, it means that the packages are not compatible 19:23:20 i.e. you can't substitute samba416 if some other program depends on samba413 (whether you can install both at once depends on the package) 19:23:27 hm right 19:25:18 whereas foo-1.2 and foo-2.2 are expected to be compatible and will automatically be upgraded to the latest 19:50:59 hrm, anyone know a log analyzer that isn't some enormous webstack? maybe like visidata for syslog? 19:52:48 cat grep sed color codes and beer 20:03:15 cpet: i agree with you, i view at cli all day. but others have to view them sometimes too, and i don't want to setup something huge like greylog or ELK 20:04:08 Automate pf does a very good job at keeping those out 20:28:05 RhodiumToad, upgrading across major versions sounds rather dangerous to me 21:34:56 meena: ? 23:05:10 RhodiumToad: it was about "whereas foo-1.2 and foo-2.2 are expected to be compatible and will automatically be upgraded to the latest" 23:05:31 either way, I think I'm giving up on flua as shell script replacement tonight 23:34:57 huh 23:49:38 just an observation, the user groups page is a graveyard of bad links. the first three i clicked on were dead. 23:53:02 RhodiumToad: i'm way out of practice with lua, and some things are kinda surprising… like, there's no string split function