I don't know what your plans are for a machine, but i usually setup my user, and install a bunch of packages before declaring voila

I usually do that after install from network yes

the way you provision cloud servers isn't usually with a CD Installation procedure

Meena, I see. Unless the providers already have FBSD ready images, right?

you just splat an already installed disk image onto it. and then a piece of software runs (usually cloud-init) and configures the network, grows the disk / fs, and Sets up everything else you told it to do (install packes, create users, configure NTP, etc)

but, yeah, if you don't wanna buy from the marketplace, and yandex doesn't provide images for freebsd, you can usually do an install, then Customize your vm, and then take a snapshot of that vm and setup future vms from that snapshot

some cloud providers integrate this so well, that it's completely transparent afterwards

Is there any reference for that procedure?

tomorrow, now sleep

Ty

I'm still thinking of jumping from 14-CURRENT to 14-STABLE, once `stable/14` gets branched from `main`, and it technically it shouldn't be a problem since the ABI and KBI will be the same or compatible... but I also like helping out by finding bugs from the `main` branch. But the best way to find bugs is to use something regularly like as a daily driver.

Morning :) What are the plans for OpenSSL 1.1.1 - which is eol in september 2023 - in FreeBSD 12.4 (supported until dec 2023) and FreeBSD 13.X (which is supported until ??)? Is there an official statement from FreeBSD?

have you checked the mailing lists?

I did check freebsd-announce - on which i'd expect such a statement.

3.0.9 only made it into current last month

Title: OpenSSL 3.0 in the base system update

I know. I did get that. And it's not about current. It's about EoL-Software in a supported RELENG-Release and how Sec-Adv's would be handled in the case they occur (and they will..).

i suggest you ask Ed Maste or security@

you ask here as if irc idlers are actually directing the project

i just wanted to ask here before bugging them directly via mail :-)

i tought thats what channels like these are for too

haha, nope.

there is one channel #freebsd-dev perhaps ?

danel1: there are, roughly, six operating system / distributions that will have a supported OS release out, but have an unsupported OpenSSL. they'll probably share patches

because none of them can afford to pay OpenSSL for long term support, and even if they could, they probably couldn't release it

i suppose it's a bit hasty to talk about MFC while there's still some ports fallout

Yeah that were my thinkings too. But tbh fixing the issues / vulnerabilities will result - pretty sure - in the same end result es the patch from OpenSSL. And when releasing that to public, even though they might have done it themselves, would absolutely destroy the sales argument of the OpenSSL Project. And then there is still the "time argument".. What if critical issues can't get fixed timely.

yeah, i reckon we might see an MFC after the release of 14

maybe yeah, but surely not for FreeBSD 13.2 and who knows if for 13.3

I dunno how much sales OpenSSL makes…

but, yeah, given the cadence at which RELEASEs… release, i reckon around 13.3 we might have big discussions about whether to MFC or attempt our own patches

I totally goofed and upgraded to mariadb106 from mariadb103 before exporting my databases. Now the database on one machine is crashed and I need to go back to mariadb10.3.38 to repair it. Anyone know if there are pkgs around on some mirror somewhere for older pkgs?

yep meena, thinking the same..

Oclair: if you don't run pkg clean they might be on your machines

where do they reside?

In /var/cache/pkg if I'm not entirely mistaken

meena: thanks, unfortunately I built them from ports it appears....

yea is there an archive for pkgs?

If you built from ports, which not just restore those and build again? :)

normally that would work, but attempting to rebuild via portmaster gave an error with postfix which was compiled with mariadb103 so to bypass break I had to install the mariadb106 pkgs

first off: even if you built from ports, you installed the package. if you haven't run pkg clean, the package is still in cache. or in Cache in your ports tree

secondly: if you're building ports, please consider doing that in a dedicated environment with poudriere

yes I know you are right

(aaaaand thirdly, i have no idea how anything with MySQL / MariaDB works. i refuse to even learn how sensible databases like PostgreSQL work, and exclusively use SQLite.)

So, if you don't have the packages any more, (and if there aren't any online archives…) you'll need to rebuild MariaDB 103, and for that, you "just" need to go back in time in the ports tree

HPS@ is dead :(

poudriere posts -c -p md103 -U git.freebsd.org/ports.git -B <some hash>

Title: ports - FreeBSD ports tree

luna_:(

meena thanks for pointing me in the right direction

Oclair: good opportunity to put sql dumps into backups :)

rtprio I do have sql dumps just no way to export them to a different format without the older version from my understanding

mariadb 106 should read maria103's dump. that's the whole point of sql.

lets see if I am fortunate

if you backup /var/mysql (or whatever) those are not dumps, but binary files, in potentially an incomplete state and generally should not be trusted

er /var/db/mysql... i generally gave up on mysql and went with postgres back when mysql didn't support transactions

omg I do have the mysql perodical working on my servers

and they are recent

daily

and it will import

so then I should be able to import the databases omg

wonderful no mucking around

rtprio meena thank you both soo much!

👍

wheee

yes, what happened to HPS@ ? was he sick or something

Meena so....do you have any cool reference for vm image building?

tmic: klarasystems.com/articles/deploying-freebsd-on-oracle-cloud

Title: Deploying FreeBSD on Oracle Cloud | Klara Inc

you can ignore the patches, and just go right for the building part. and i reckon you just stick with amd64

The use of cloud-init is something that's imternal at the OS, no configuration needed right?

*internal

hi

angry_vincent: Traffic accident

does the stable/13 RC6 precede the 13.2 release? i've been tracking a bug with amdgpu (drm-510-kmod) and i saw someone from the list saying RC6 fixed it for them

vkarlsen: :(

rodri: there is no such thing as "stable/13 RC6", if it's releng/13.2, then yes, RC6 precedes the release

ok, thanks. yeah, i'm not familiar with the nomenclatures, i've been following -release all these years

rodri: between rc5 and rc6 there was a fix for bugs.freebsd.org/bugzilla/show_bug.cgi?id=270489

Title: 270489 – Laptop doesn't wake from suspend anymore with 13.2-RC5

not sure if that could fix the amdgpu though :)

doesn't seem like it. i upgraded from 13.1 to 13.2 earlier this week and hell, that problem is being a complete pita to debug

i opened #272564 in bugzilla, and for a moment updating the kmods, following advice from the folks at #freebsd-bugs seemed to have solved it, but then the system crashed again

#272594*

hi all

Hey guys... if someone can help with a little PF question.. got 2 rules:

pass in on ix0 proto tcp from any to XXX.XXX.XX.XX port 2222 flags S/SA keep state (source-track rule, max-src-conn 2, overload <limit_maxconn> flush global, src.track 1)

pass in on ix0 proto tcp from any to XXX.XXX.XX.XX port 2222 flags S/SA keep state (source-track rule, max-src-conn-rate 8/1 overload <limit_connrate> flush global, src.track 1)

but only the bottom one does overload to table

any way of making this work for both rules?

its a duplicate rule. the last one applies

the first one also does not have max-src-conn-rate

rofl my btop(1) bandwidth looks like a atari game where you have to protect the city that appears at the bottom of the screen. for the life of me i cannot remember the name

want to say its asteroids but feel like im wrog

Title: Dropbox Capture

CmdLnKid the first rule should only care about the maximum connections and nothing else, thats the whole point.

The idea is to be able to separate IPs that do more than "X" allowed connection in table #1 and the IPs that don't do > allowed connections, but instead - the connection rate.

In table #2

For example I want to allow a max of 100 connections from IP, and a max rate of 20 connections per second, and be able to know what IP overreached which limit - hence the different rules & tables.

Any ideas besides "the rules are identical" ?

shoot! sorry dude missed the fact that it was seperate tables

def not identical

yeah.. question is .. why doesn't it work (and is there a way to make it work) :)

going to try and get some time to replicate this tonight but no gurantee's. just to replicate the conditions will take a while but ill take a stab at it.

see if i can do a 1:1 scenario

in the meantime can you enable logging on those rules ? and inspect pflog0 with some wireshark caps and see if what you expect is what you are actually getting ?

personally i create one ruleset with 'log' enabled and one without on every rule so i can see what might be interfering

'quick' rules and non-quick rules can have a significant impact

is there a way to turn a zfs zroot daily snapshot into a boot env?

is there a way to unmount /usr and /var to restore the environment from a daily snapshot?

Are /usr and /var separate filesystems?

Or just sudirectories of / ?

its a default zpool setup with daily snapshots, I updated mariadb103 and need to go back to those last snapshots as if it is a boot env

I am trying to build NomadBSD image on FreeBSD but if i run ./build all command then i got error: Please install textproc/markdown. But already installed from ports tree.

tyler82: this is the test it does pkg info --exists textproc/markdown

what does pkg tell you? when you do it manually?

meena: Things are getting complicated...again. i was installing the two required packages. x-11fonts/mkfontscale and textproc/markdown. when i was rebooting after sddm login my password was given and the kde logo popping up. then black screen. i can see only the mouse cursor.

i can not enter into tty

alt+ctrl+f1 or f2 combo does not work.

is this freebsd it nomad?

meena: no it is freebsd itself. i was just installing those two packages as required prerequisites un order to build NomadBSD.

and what else did pkg install?

meena: i cant check it...

as i am unable to boot now

tyler82: when you asked it to install, was there just one line, or a big Long list you happily approved?

meena: big long list....

i was happily approved...

this is starting to sound to me like something i would build in a jail

ok. and then? just uninstall that package?

tyler82: can you get ssh access to the machine if you can't see anything displayed anymore?

x11-fonts/mkfontscale?

meena: good idea. give me a sec i will try...

tyler82: that package, and then run pkg autoremove (perhaps a few times… if necessary)

meena: wow. i am in!!!

tyler82: good.

so whats next?

tyler82: pkg delete x11-fonts/mkfontscale

tyler82: and then `pkg autoremove`

ok

the operation will free 3GB....sounds good to me

noice. i can boot in now. however 3GB delete plus 2GB autoremove caused no desktop environment. i donno what has been wiped. xorg only or the whole kde5...and sddm. i guess kde5...

lolsob

tyler82: so mkfontscale was conflicting with kde??

i'd report that as a bug

meena: looks like that

i gonna try to build the NanoBSD image first. then will reinstall kde5....lets see how will it work that way...

not Nano sorry. NomadBSD.

meena: Ok. the building script does work now. however on the github page for NomadBSD both packages required from ports collection are outdated. simply need to install via pkg instead of ports. sudo pkg install markdown and sudo pkg install mkfontscale.

tyler82: no one said you couldn't do that

meena: ok. i was just following the instructions on the github page...