00:00:18 you may be able to set the display mode on boot, but I only have older RPIs so I don't know how 00:02:35 I don't really know if it's framebuffer or not, I did an install, installed xorg and xcfe, wrote an ~/.xinitrc file, then ran startx 00:03:03 I see not enough current docs or wiki entries to know what to do 00:23:54 kids these days don't use x, they use wayland 00:24:51 mmlj4: chapter 8.2.3.3 in https://docs.freebsd.org/en/books/handbook/desktop/ 00:24:53 Title: Chapter 8. Desktop Environments | FreeBSD Documentation Portal 00:25:48 nothing there is relevant to the question 01:06:06 any way to make the scripted bsdinstaller not put zfs_enable="YES" in /etc/rc.conf? i already have it in /etc/rc.conf.d/zfs!! 01:08:53 I'm looking at this: https://elinux.org/RPi_Configuration # hdmi_safe=1 is set in /boot/msdos/config.txt, but that defaults to hdmi_mode=4 which that page says is hdmi_mode=4 720p 60Hz # maybe I can fiddle with it? 01:08:54 Title: RPi Configuration - eLinux.org 01:09:54 but this is an off-the-shelf HDMI monitor :-/ 01:14:53 yeah... I can change it! woot! 01:15:35 I'll have to go on site and fiddle wit it on their huge TV, but this'll work :-) 01:47:25 when you guys make a set of config files that customize freebsd how you want, does that set of config files only contain what's different than the stock install, or does it even include default configs? 01:48:29 feels redundant to pull default config into my custom set, but at the same time keeping an incomplete config set also has downsides 02:02:02 I would set all the configuration explicitly that is wanted. That was way not have to rely on things changing underneath|"without notice"; may help in chasing bugs 02:02:12 s/was // 02:02:37 parv ok but default configuration that isn't explicitly wanted, leave it out of the custom config? 02:03:09 polyex, If you do not care, for example ZFS support, yes leave it out 02:36:34 depends what the config is 02:36:42 like, FreeBSD has /etc/defaults/ 02:36:49 and then you override it in /etc/ 02:37:00 or /etc/.d/.conf 02:37:00 etc 02:37:16 so that you can auto-inherit defaults you didn't explicitly change 02:37:56 ya, and all of the overriding i do from the stock install, is in my custom config set. what i was wondering is if i should bring more than the 'diff' into my config set but i think parv is right, that i shouldn't 02:46:56 AllanJude when you make sets of configs to customize a freebsd install, do you put ALL config files and settings in it? or just the ones that you change from stock? (add, change, remove) 02:48:39 I mostly try to keep my changes in separate files that get included etc 02:48:49 so I can just lay down the files that change the settings 02:48:53 rather than trying to mess with 'diffs' 02:49:03 some parts are easier (the ones that use the UCL config file language) 02:49:08 or where there are includes 02:49:32 I had a patch for a pet peeve of mine (newsyslog.conf default file size, and default compression when using ZFS), but never finished it 02:50:31 so you just keep stuff you actually change, and tar it all up as a distro, so in a scripted bsdinstall it gets expanded onto base and it's good to go? 03:34:10 why does https://svnweb.freebsd.org/ports/head/sysutils/firstboot-pkgs/files/firstboot_pkgs.in?view=markup#l39 have Title: [ports] Contents of /head/sysutils/firstboot-pkgs/files/firstboot_pkgs.in 03:35:16 To satisfy requirement ofs some input. 03:35:43 so without that the cmd would FAIL? 03:36:05 Do not know 03:36:36 why would pkg require some input? why not just take the cmd and do the work? 03:50:54 polyex, See "This is typically useful to detach a process from a tty (such a process is called a daemon)." at This is typically useful to detach a process from a tty (such a process is called a daemon). 03:51:35 polyex, Sorry for the duplicate; second should have been https://stackoverflow.com/a/19955475 03:51:36 Title: What is why detach? you don't want pkg to run in the bg, you want the terminal to wait 03:51:47 oh 03:52:13 That redirection is guarenteeing that the pkg will be non-interactive no matter what. 03:53:09 And then they are a little silly by piping the output through cat to ensure that the output cannot be a tty either. I don't think that is needed. 03:53:48 "env ASSUME_ALWAYS_YES=YES pkg bootstrap -f | cat" doesn't have the polyex, File a PR to bring consistency? 03:55:07 That does seem inconsistent. But it is also slightly different in that those are running the bootstrap action which is known and not installing any of the package list. 03:55:29 And the same for the update action. Meanwhile it might be that some package in the package list causes an interaction. 03:55:41 oh 03:57:18 how would you make those commands rwp? 03:57:52 The packages list comes from firstboot_pkgs_list and is not in that file and I don't know what would specify it from looking. 03:58:16 Make those commands? update and bootstrap? Those are in the pkg source. 03:59:23 There are (at least) two distinct pkg commands. One is in base at /usr/sbin/pkg and the other is the /usr/local/bin/pkg port. 03:59:26 how would you write the bootstrap and install commands if different from how they did in that file? 04:02:05 Even though the scripting style in that is such that I don't like it I am not sure they NEED to be written differently. That's been there since 2020 and proven to work. Best not to thrash it. 04:03:05 Since there are several commands all getting piped to |cat to make the output a non-tty I would probably really examine if that is needed. 04:03:35 If so then I would probably make a command list with {\n stuff\n stuff\n stuff\n } |cat so that the entire list is output through the non-tty pipe. 04:03:43 But I don't think that is needed. 04:04:23 tyvm 04:04:23 And since the entire thing is meant to be non-interactive I would "exec But again what's there is proven to be working so I would be hesitant to make a modification which is just there to pretty something. 04:06:37 how can we add a user, all in a 1 line command, and pass a password hash instead of password? 04:07:44 I don't think it is possible to do that in one command. Why is one command a requirement? Do it two commands. 04:08:36 Regardless the "pw" command is the utility to look at if it can be done. 04:08:58 what's the 2nd command that sets the hash of a user's pw? 04:12:52 I am not sure of the BEST way. Someone here might know. I would probably create the user. Then I would edit the /etc/master.passwd file (using vipw and setting EDITOR). 04:13:09 ah 04:14:48 The EDITOR variable can be set to a script (or perl one-liner) which edits the file. Can set the hash with it. 04:14:52 Then when the file is saved and $EDITOR exits the vipw tests the consistency of the file. This prevents an accidental mangling of the file for some types of errors. It's still possible to mangle it so be careful. 04:15:34 Then after the file is updated vipw calls pwd_mkdb(8) automatically to update the /etc/spwd.db file so that it is updated. 04:16:04 why not use sed to search/replace in the file? 04:16:35 You can use sed or any scriptlet you wish to edit the file through EDITOR. It's up to you. Note the 1-second rule as noted in the man page though. 04:17:24 oh wow ty! good catch 04:17:24 It's also possible to edit the /etc/master.passwd file directly and then call pwd_mkdb afterward. That's fine too. 04:17:30 does zfs timestamp with subsecond time? 04:17:49 i wanna script this so i can't do it manually 04:17:52 interactive 04:18:33 Yes. zfs has sub-second time resolution. 04:18:50 so i don't need to sleep? 04:19:48 You know that is probably true. Could verify that by looking at the source code. But I think you are correct. That note is probably no longer needed on newer file systems. 04:20:11 Recently someone mentioned on the lines of that computers are now too fast for proper software function 04:21:48 imo code just needed to be updated. i've been bit by FS not having precise enough timestamps 04:22:15 another OS not even freebsd 04:28:12 I looked up in the source: https://cgit.freebsd.org/src/tree/lib/libutil/pw_util.c#n344 04:28:13 Title: pw_util.c « libutil « lib - src - FreeBSD source tree 04:28:22 It checks for sub-second resolution if it is available. 04:30:01 Though perhaps even though I suggested vipw as that is a time honored way since it semaphores editing of the files it is probably also okay for most situations to simply edit the master file directly and then update from it. 04:31:02 Such as when a new VM or system is being provisioned and deployed since at the time of creation there isn't any other agents fighting with you for provisioning it. It's just yourself. 04:33:10 parv, You are right about that. Though in this case I am not sure I like that vipw uses a time modification to indicate editing. Since that is not foolproof. (Because fools are too clever!) 04:33:34 ya should be a file hash 04:34:06 but then where do you store the hash 04:34:29 in memory 04:35:03 On line 302 the process forks and the parent waits while the child edits. The hash could remain in the parent's memory. 04:36:16 But then people would argue over which hash to use, md5, sha1, sha256, sha512, zebrapeartrain37 (yes I just made up that last one) so this would still not solve the problem but just move it around. 05:15:22 why doesn't pw take a pw hash as input to create a user with? seems so stupid man 06:06:07 my server has a user account i ssh in with a key file. can i configure sudo to work the same way somehow? then the user account wouldn't need a password at all 06:31:19 polyex: i would configure ssh so that root login with ssh key is allowed, or you could set NOPASSWD in sudo for that user 06:31:53 how's that answer my question? confused 06:32:37 polyex: then i did not understand what you want 06:34:03 sudo does not take ssh keys 06:34:23 pooooo 07:12:34 when installing a pkg during scripted bsdinstall, the dep readline when it's being installed outputs some errors. /bin/sh: indexinfo: not found (repeated 3 times) and pkg: POST-INSTALL script failed. what's going wrong? 08:07:53 polyex: how exactly are you installing it? 08:08:17 and do the logs say anything more useful? 08:08:25 env ASSUME_ALWAYS_YES=YES pkg install bash bash-completion sudo unbound < /dev/null | cat 08:08:42 dunno how to access the log 08:08:57 what's the point of < /dev/null | cat? 08:09:21 ppl said it was good to collect output so nothing gets hung 08:09:26 smth like that not sure 08:10:36 polyex: next time someone says stuff you don't understand, please ask for clarification… 08:11:42 sry 08:11:46 i tried to understand 08:12:13 I think what folks are saying might be related to https://freshbsd.org/freebsd/src/commit/c0e249d32c780ee8240fe8b3b8144078a8eec41f and the bug linked from there, but i can't be sure 08:12:14 Title: FreeBSD / src / c0e249d / bsdinstall: avoid conflicts with fd 3 - FreshBSD 08:13:36 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273148 scathing review of a commit 08:13:38 Title: 273148 – [PATCH] scripted installs are unable to verify checksums for fetched dists 08:15:09 but either way, it seems rather strange. i can't figure out what | cat will, that its absence won't. probably buffet? also, what's the point of you think those bugs are related to my prob? 08:15:34 i'll just take both off 08:15:51 I don't know. certainly not to your readline issues 08:17:11 it just makes the code hard to read / understand, when it's sprinkled with random cargo cult ritual invocations, that probably don't do much, and if they do, it's not documented 08:18:38 for an outsider (say, you yourself in six months from now) it's like watching a cargo cult unfold in a language you don't speak, so you try to piece it together, but it's in vain 08:19:15 WTF 08:19:32 i left the | cat but took out the < /dev/null and no pkg error loool 08:20:10 cool cool cool 08:20:22 you're so right about this cargo cult stuff 08:20:23 I figured out one error 08:20:31 https://forums.freebsd.org/threads/pkg-post-install-script-failed.81415/ 08:20:33 Title: pkg: POST-INSTALL script failed | The FreeBSD Forums 08:20:45 you want to pkg update before your pkg install 08:23:11 ya same prob but they didn't say the solution 08:23:22 amazing that you found that btw 08:23:25 which search engine you use? 08:24:31 🦆🦆 go! 08:24:49 lol 08:25:32 wait maybe it didn't work wtf 08:29:54 first off, instead of ya taking all that off, still fails 08:31:21 damn 08:38:18 polyex: yes, but how does it fail? does the failure mode change? 08:41:53 GOT IT!! 08:42:18 needed to add /usr/local/bin|sbin to $PATH, like the link you posted said 08:42:33 https://forums.freebsd.org/threads/pkg-post-install-script-failed.81415/post-523770 08:42:35 Title: pkg: POST-INSTALL script failed | The FreeBSD Forums 08:42:39 so that fixed that 08:43:04 gonna try to fix bash issue now 08:46:25 in a scripted bsdinstall, i pkg install bash then i try to pw useradd ... -s bash and that errors, but pw useradd ... -s /usr/local/bin/bash works. can i make the former work somehow? man page strongly recommends not using the path form. (pw: no default shell available or defined) 08:51:44 which bash returns /usr/local/bin/bash as expected 08:51:58 just before pw ... -s bash says that error wtf 08:59:54 no you can't 09:00:07 what? 09:00:15 oh 09:00:17 why not? 09:00:26 polyex: pw only allows stuff to be set as shell that exists in /etc/shells 09:00:34 it's in there 09:01:01 https://man-dev.freebsd.org/shells.5 09:01:03 Title: shells(5) - FreeBSD Manual Pages (Dev) 09:01:38 it's not. /usr/local/bin/bash but not bash 09:01:57 what? 09:02:02 i can pass -csh so why not -bash 09:02:31 that's a great question 09:02:47 do you have /usr/local/bin in your path? 09:03:02 yep 09:03:48 consisting of the shell's path, relative to root. -- whoever wrote this needs a whack on the head 09:07:08 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274233 09:07:10 Title: 274233 – shells(5) is unnecessarily obtuse and lacks examples 09:07:58 polyex: i'd have to look at pw's code to figure out why it's refusing that 09:08:06 imo i'd say path to the shell 09:08:17 meena you know how to do that!? 09:08:25 path is ambiguous 09:08:42 yes, I'm one of those people. 09:08:42 then absolute shell, but TO the shell, not OF the shell 09:08:59 because a shell can have a path, the path within a session of the shell 09:09:12 but a path TO the shell makes it clearer you mean the binary of the shell 09:14:42 https://github.com/freebsd/freebsd-src/blob/main/usr.sbin/pw/pw_user.c#L422 09:14:43 Title: freebsd-src/usr.sbin/pw/pw_user.c at main · freebsd/freebsd-src · GitHub 09:15:55 wtf 09:17:16 is no default shell available or defined only in 1 spot in all the code? 09:17:23 then we know for sure where it's coming from 09:46:00 how do we run sed on master.passwd since we gotta go through vipw to do it? like sed "s/foo/bar/g" vipw > vipw? 10:00:35 polyex: what are you trying to achieve? 10:01:18 and why can't it be done with pw? 10:04:44 i wanna set the hash value of a user's pw 10:04:51 i'm only given a hash not the desired pw 10:05:18 meena ^ 10:10:50 cat hashed passwd | pw usermod name - H 0 10:11:46 echo -n hashed_passwd | pw usermod username -H 0 10:12:18 https://github.com/canonical/cloud-init/blob/main/cloudinit/distros/freebsd.py#L150 10:12:19 Title: cloud-init/cloudinit/distros/freebsd.py at main · canonical/cloud-init · GitHub 10:14:00 WOW 10:18:40 WORKS! 10:18:56 would be cool to get proper cloud-init support for bhyve, but i haven't had time for that yet 10:19:07 ya that would be amazing! 10:20:12 unfortunately I am only as well skilled as I am paid 10:20:59 i hear that 10:21:28 sed "s/foo/bar/g" file > file empties the file out, so what's the RIGHT way to search and replace in a file? 10:24:33 sed -i'' "s/foo/bar/g" file 10:25:55 -i" ? 10:26:56 ya that doesn't wor 10:26:57 k 10:28:03 https://man-dev.freebsd.org/sed.1#i / https://man-dev.freebsd.org/sed.1#I 10:28:04 Title: sed(1) - FreeBSD Manual Pages (Dev) 10:28:36 ah, maybe leave space 10:28:49 tried that didn't work 10:29:28 as per examples below, and anyway, saying "that doesn't work" is extremely useless for people trying to help you 10:30:24 "here's the error message i get when i try that: " is a lot more betterer 10:32:55 got it! 10:32:56 ty 10:58:12 if i won't ever use a mouse with this server can i block ums0 from loading or would that block usb keyboards too? 11:00:06 if ums really is just mouse driver like man pages say, then it shouldn't effect on anything else, i would presume 11:01:57 any way to know for sure? i only have the server in a bhyve guest no way to hook up a physical usb keyboard 11:02:03 just doing vnc into it 11:04:26 maybe you can tell bhyve not to create a mouse 11:05:06 yes! how? 11:55:40 morning 12:20:24 re bhyve mouse: No idea. 12:20:38 can someone help me to debug why freebsd 13.2 hangs on xhci initialization on aarch64? qemu/sbsa-ref platform 12:21:28 xhci0: iomem 0x60110000-0x6011ffff irq 2 on acpi0 12:21:30 xhci0: 32 bytes context size, 32-bit DMA 12:21:33 and hang 12:22:05 works if I remove that controller from system at qemu/edk2 level but that's not the solution 12:23:55 sounds like a bug… 12:24:08 meena: netbsd 10 boots, openbsd boots 12:24:45 hrw: any chance you can try 14.0-BETA or main to see if it's we fixed this and just need to backport? 12:24:48 and I have *BSD week and already found a bunch of bugs in places 12:24:57 meena: jsut give me url to iso 12:25:01 have you submitted them? 12:25:19 CD/memstick, or VM image? 12:25:22 it was qemu bug (working on it), netbsd bug (backport needed) 12:25:31 CD preffered 12:27:16 will try with https://download.freebsd.org/snapshots/arm64/aarch64/ISO-IMAGES/15.0/FreeBSD-15.0-CURRENT-arm64-aarch64-20230921-febba4622b60-265435-bootonly.iso 12:27:34 https://download.freebsd.org/releases/ISO-IMAGES/14.0/FreeBSD-14.0-BETA4-arm64-aarch64-bootonly.iso 12:27:42 oy, yeah, good enogh 12:28:10 xhci0: iomem 0x60110000-0x6011ffff irq 2 on acpi0 12:28:10 xhci0: 32 bytes context size, 64-bit DMA 12:28:10 usbus0 on xhci0 12:28:12 works 12:28:42 and gets hit by qemu bug later 12:29:15 what qemu version are you testing on? 12:29:41 HEAD 12:29:53 freebsd 14 behaves like 15 - fine 12:30:09 https://fedora.juszkiewicz.com.pl/sbsa-ref/ has firmware images 12:30:10 Title: Index of /sbsa-ref/ 12:30:51 I'm happy to hear that 14 works, so let's open a bug report and find out what's going on 12:30:58 you can probably cc manu@ 12:31:39 meena: https://paste.centos.org/view/ee5a0b8e is bootlog with qemu command 12:31:40 Title: UNTITLED - Pastebin Service 12:32:20 note: I do not run freebsd on any of my systems (trunas box does not count) 12:36:01 ok, account created, time to report bug 12:43:42 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274237 12:43:44 Title: 274237 – boot hangs on initializing XHCI controller on SBSA Reference Platform 12:44:26 \o/ 12:45:47 will end with yet another backport probably 12:50:05 meena: I am writing blog post about my "*BSD week on SBSA ref" and try to mention anyone who helped. How to mention you? By ircnick 'meena'? 12:50:40 Mina Galić (meena on IRC) 12:50:52 thanks 12:51:17 of if people use social media, @meena⊙cc ; but I'm definitely way more on IRC than on Mastodon. 12:52:30 @hrw⊙soc 14:42:41 What programs do you use to look on network traffic 14:43:32 ...of a specific process 14:46:07 tcpdump if you want to capture things, termshark or wireshark as a tui or gui for inspecting the pcap data 14:48:43 debdrup, *hypothetically* if you wanted to see the contents of traffic (shell commands, output) of a docker client connected to it's daemon via localhost what program would you use :)? 14:49:03 dtrace 14:49:33 Thanks! 14:49:37 dtrace is the only way to inspect the entire system 14:53:17 debdrup, ... 14:53:48 by traffic I meant network traffic 14:54:07 yes, i get that 14:54:32 dtrace can trace things from userspace all the way to the data exiting out the kernel to the actual device 14:58:41 so it's not a joke? 14:59:51 why would it be? 15:01:10 no idea, anyways the problem I am having is that running one docker command displays no output, I quickly want to check if the docker daemon is even sending that ouput to the client and the client is just not displaying it correctly 15:01:25 i'm not sure why you're asking about docker in #freebsd 15:01:25 the output is just text 15:02:12 debdrup, could you atleast elaborate on how you would use dtrace pls :) 15:03:48 i'm not sure what you're asking for 15:50:11 how do i make an rc.d script run as a different user than root 16:39:36 bz: maybe setting suid on the file and setting the file's owner to that user would do it 16:39:55 I'd test it first though 16:40:30 that specifically does not work 16:41:20 there are *_user= variables that you can set in the rc.conf or default in the file - note that those are only used for part of the process 16:42:20 Hi all, wanted to ping here before opening a bug report. FreeBSD13-2 | `pkg audit -F` isn't showing any vulns, but `pkg upgrade -v` identifies two vulnerable packages. This is the case on a handful of systems I maintain. 16:43:04 is /var/db/pkg/vuln.xml up to date? 16:43:42 @RhodiumToad, pkg update reports it is. 16:44:00 does it have a suitably recent timestamp, etc? 16:44:46 3 Oct 13:40 UTC 16:45:31 shrug. pkg audit -F seems to be working for me 16:45:59 what packages? 16:46:52 cyrus-sasl-2.1.28 and p5-IO-Socket-INET6-2.72_1 16:48:15 Did the vuln database get updates for those? 16:50:10 The last cyrus-sasl was for 2.1.27 so .28 is good. Something new come out for either one? 16:50:27 I don't see the IO-Socket one anywhere? 16:52:20 I don't see anything published for the installed versions. 16:52:48 what is the best channel for asking vagrant-on-freebsd/bhyve questions? 16:57:03 Here's the output. Maybe I'm misinterpreting the "vulnerability found" statement? https://pastebin.com/gnZZmcWG 16:57:04 Title: pkg audit -Fvulnxml file up-to-date0 problem(s) in 0 installed package(s) fo - Pastebin.com 16:59:20 pkg info p5-IO-Socket-INET6 shows what version? 17:00:46 2.72_1 17:04:23 so I don't see any reference to p5-IO-Socket-INET6 in recent security/vuxml updates, and I don't see any recent updates to the port 17:04:42 so where on earth is it getting the idea that it's vulnerable? 17:07:17 good question! I appreciate the sanity check. 17:10:50 Do you have multiple repos? 17:12:22 On some hosts, but not the ones exhibiting this behavior. 17:16:24 I remember seeing a malformed items in vuxml the other day. Wonder if it's related. 17:29:30 So everything in UPGRADED list is there because of a vuln? 17:29:38 er no... pkg-audit returns nothing. 17:30:47 pkg upgrade -v should only upgrade vuln packages. 17:30:54 yeah, pkg audit returns nothing. The upgraded list must have a dependency relationship. 17:31:22 That's my understanding. According to the manpage, -v should target vulnerable packages. 17:39:41 as i search around for how to use ZFS send and receive (haven't read the man page yet, but will), i have pretty much only found how to send local to remote. local for me is a VPS, though, and i want to send it to my home. i don't want my vps to phone home though. i want my home to reach out to the vps and pull a snapshot home. anyone have a link for a short writeup on that? i'm not worried about automation yet. just a one-off 17:41:09 zfs send just writes to stdout, so there's no problem 17:54:21 i'm not enough of an ssh guru to understand the mechanics of that. presumably there needs to be zfs receive running at home that awaits the a zfs send triggered on the vps by an ssh connection from my home, and maybe the send gets piped back through that same connection.... but it'd be nice to see an example :) 17:54:43 ssh -n remote zfs send ... | zfs receive ... 17:55:43 Is there way to search the ports tree without running BSD or digging through the github? 17:56:03 the freshports website? 17:56:19 https://www.freshports.org/ 17:56:20 Title: FreshPorts -- The Place For Ports - Most recent commits 17:57:06 By architecture? I'm trying to play with some PPC and SPARC hardware, and from recollection PPC had more support lol 17:57:13 i imagine i will realize how simple this is once i turn that into a working example. thank you! 17:59:21 iirc, sparc was deprecated in fbsd 13 18:00:05 deprecated in 12, removed in 13 18:00:18 powerpc is still supported afaik 18:01:58 yeah, ppc should be in reasonably good shape. ppc64el was recently-ish added, and its almost certainly better supported in the ports tree than ppc64 or ppc32 18:03:47 what's el stand for? 18:03:51 little endian 18:03:56 well I guess endian little :) 18:04:00 sigh 18:04:14 I thought that's what it means…… 18:04:36 whoops 18:04:57 i always screw up the word ordering :-) 18:05:15 it was mipsel, mips64el 18:05:22 armeb 18:05:39 ahhh, so I'm not crazy. I was only coming up with armeb as for a plausible explanation as to why 18:06:10 I guess jhibbits just thought it was a silly tradition and went with powerpc64le 18:06:14 (I think it was jhibbits) 18:06:58 i suspect not, he's pretty pro-BE 18:07:21 or at least, he was the last time I remember him talking about it 18:18:45 I have the same repo on gitea and Github. I've done a pull and push to each origin, but they don't have the same tags yet. Not sure how to fix that. https://github.com/FreshPorts/packages-import/tags vs https://git.langille.org/FreshPorts/packages-import/tags - thanks 18:18:46 Title: Tags · FreshPorts/packages-import · GitHub 18:22:16 dvl: git push --tags (or even --all) 18:23:48 meena: Thanks. Something is happening 18:25:00 All kinds of new tags which I'll need to clean up. https://git.langille.org/FreshPorts/packages-import now has 287 tags. ;) but it has the one I need right now. 18:25:05 Title: FreshPorts/packages-import: Code for importing packagesite.yaml information into FreshPorts - packages-import - Dan's git collection 18:26:57 meena: It is expected that 'releases' didn't go over too? 18:30:08 what is the best channel for asking vagrant-on-freebsd/bhyve questions? 18:33:45 dvl: i don't know what releases is, so I don't know 18:34:42 meena: I suspect it's a github/gitea specific thing 18:41:55 can we tell bhyve to not create a mouse? 18:42:25 dvl: yeah, that would not surprise me 18:43:20 kevans: I can get tags copied from GH to gitea, but not releases. No big deal so far. 18:43:50 I think there's a special github importer that would probably do the trick, but releases are a concept tacked on top of git 18:44:17 much like pull requests & issues are tacked on top 18:46:22 https://marcin.juszkiewicz.com.pl/2023/10/03/testing-bsd-on-sbsa-reference-platform/ 18:46:24 Title: Testing *BSD on SBSA Reference Platform – Marcin Juszkiewicz 18:46:28 polyex: how are you creating VMs right now? 18:48:46 bhyve -AHu -c cores... -m ... -w -s 0,amd_hostbridge -s 1,virtio-blk,/dev/zvol... -s 2,virtio-net,tap...,fbuf,tcp...,w...,wait -s 30,xhci,tablet...,lpc -l bootrom,...uefi 18:48:56 omitted stuff that seemed obviously irrelevant with ... 18:49:08 hope that's ok meena 18:53:11 hrw: ah nice, we also surfaced a problem in qemu, though it doesn't seem clear yet if we're doing something we really shouldn't be? 18:57:00 kevans: that AHCI one? 18:58:00 kevans: it was this thread: https://lore.kernel.org/qemu-devel/20230609140844.202795-1-nks⊙fo/ 18:58:02 Title: [PATCH v3 0/8] misc AHCI cleanups - Niklas Cassel 18:59:49 kevans: if it worked before this got merged (QEMU v8.0.3) then I would compare with v8.0.5 when it was present. 19:00:13 kevans: https://lore.kernel.org/qemu-devel/b7e00b36-2ac8-44fa-9847-b2025ebe05f6⊙lo/ is a thread where I pointed out that somethign went wrong 19:00:14 Title: FreeBSD 13.2 installer does not see AHCI devices on aarch64/sbsa-ref and x86-64/q35 - Marcin Juszkiewicz 19:01:45 in a scripted bsdinstall, i pkg install bash then i try to pw useradd ... -s bash and that errors, but pw useradd ... -s /usr/local/bin/bash works. how can i make the former work somehow? man page strongly recommends not using the path form. (pw: no default shell available or defined) which bash returns /usr/local/bin/bash, and that path is in 19:01:45 /etc/shells. 19:05:36 hrw: right, the question is if we're expected something that's common-place but not in the spec vs. are they doing something that's actually out of spec following that change 19:05:44 s/expected/expecting/ 19:06:21 kevans: no idea. I was glad that it happened also on Q35 so it was no longer architecture related bug 19:07:20 kevans: I am rather trying to make my tickets list shorter ;D 19:08:29 eheh :-) 19:09:14 Niklas wrote that we will look at it so it is in his basket now 19:09:56 I have the hagios4 package installed, but it's got various problems... like no config file, no samples, other complaints... right now I'm trying to beat configs from slackware and/or debian to make them work, and it's not going well 19:30:44 Hi there! Anyone installed 14's beta4? 19:37:46 mtwk: many people have! 19:41:17 meena: ah! 19:43:12 I'm currently installing blued because hcsecd doesn't work with my headphones 19:47:03 <_xor> Hmm, quick opinions...if I have a tarball that is digitally signed, would you store the signature inside the tarball or alongside the tarball as a separate file? 19:47:29 alongside like freebsd releases have? the installer iso img file, then the checksums file? 19:47:39 <_xor> Specifically, this is for an archive that contains a ZFS dataset snapshot and some text files (e.g. jail.conf template). 19:48:18 <_xor> Kind of, but not just a checksum. I'm using a digital signature that can be verified via public key (which the target system will have). 19:48:23 if you're hashing a tarball and storing the hash file inside, how do you correctly calculate the hash? 19:48:54 if the sha256sum changes every time the hash file inside the tarball changes 19:49:45 <_xor> Well, couple of ways. You can store a list of signatures for the contents of the archive (instead of the archive itself). You can also store a tarball within the compressed archive, and then keep the signature for the tarbell as a separate file within the archive. 19:50:37 <_xor> I'm leaning towards keeping them separate since it would be simpler and also because I can fetch the metadata text file (which is where the signature would be stored), and store additional info within that to possibly cache the archive. 19:50:43 well if you're going to do that then ya i'd have an inner and outer tarball 19:50:48 resources inside first layer 19:51:03 <_xor> In which case the target system can decide whether or not it actually needs to download the archive or not (if it's already cached). 19:51:33 <_xor> It's basically how docker does it's images, except it uses file system tarballs with white-out files rather than ZFS image + snapshots. 19:52:21 <_xor> By "except it", I mean docker (or more specifically, OCI) does it using file system tar archives. 19:53:02 nice 19:53:13 why do zfs image + snapshot instead of file system method? 19:53:24 <_xor> Gah, I wish OCI had been a bit more flexible to begin with. Would be much nicer to be able to leverage the existing ecosystem there and still be able to use ZFS. 19:53:48 <_xor> Because ZFS image + optional snapshots is more efficient and also doesn't require whiteout files. 19:54:53 <_xor> Also, it would essentially be impossible to accidently apply the layers in the wrong order. Tarballs you can just extract into a directory and it won't complain. ZFS snapshots can't be applied out-of-order. 19:56:02 what's a whiteout file? 19:56:15 <_xor> Also, I have the option of setting zfsprops on the dataset. Doing that with the file system tarballs would mean keeping that in a separate metadata file and handling those appropriately. 19:56:57 <_xor> A specially named file in a directory that basically tells docker, "Hey, these files were deleted..." 19:57:08 oh 19:57:32 so instead of doing an 'install', you do an image copy of a fully configured system right into place? 19:58:11 <_xor> If I'm understanding the question right, then yes basically. 19:59:06 that's like next level automation and efficiency even beyond scripted bsdinstall 19:59:29 <_xor> Docker/OCI images are immutable, so you can't just delete a file from a layer in volume and keep it immutable. Instead you have these specific whiteout files scattered about as necessary that tell Docker/OCI which file(s) were deleted in a specific layer that exists in a previous layer. 19:59:46 <_xor> It's common with containers. I'm doing the same thing, except with jails. 20:00:23 <_xor> Though I think I have a bit of an advantage on the ZFS + Netgraph front. On the flip side, rctl isn't as fine-grained as cgroups+namespaces. 20:08:26 hrw: yeah, more than happy for him to evaluate the change he made and either fix it or point to something specific we must be doing wrong 20:10:01 Hi guys, i guess some of you already heard of CVE-2023-4911 / https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt - I'm assuming, that FreeBSD isn't vlunerable as they use an own libc Implementation. Correct? 20:16:16 danel1: correct. freebsd libc and glibc share no code 20:18:20 danel1: we share some features, but no code. 20:18:20 that makes my evening much better :-P 20:31:29 Woohoo!!! https://i.imgur.com/pQkwXoO.png 20:32:26 I do prefer FreeBSD over Gentoo now :) 20:36:47 I'm confused. https://i.imgur.com/XN7NZ5A.png 20:37:07 So, does dsp0 exist or no? 20:37:23 do we have quantum block devices now?! 20:37:31 character* 20:48:42 how do i non-interactively edit a sudoer file? we're supposed to use visudo but how do we do that with another program? 20:49:10 you can just edit /usr/local/etc/sudoers with any text editor 20:50:08 ya but not supposed to 20:50:15 same with master.passwd 20:50:26 there's locks and syntax checking 20:50:32 nothing bad will happen 20:50:40 if you don't mess anything up 20:50:44 k ty but i'll do it right instead 20:51:08 visudo just runs "vi /usr/local/etc/sudoers" as i know 20:51:53 i'm not doing it your way, ty 21:26:13 what is the best channel for asking vagrant-on-freebsd/bhyve questions? 21:37:13 meena, Regarding "< /dev/null | cat" that's from https://cgit.freebsd.org/ports/tree/sysutils/firstboot-pkgs/files/firstboot_pkgs.in#n38 where it is used there. I surmise it forces a non-interactive installation. 21:37:15 Title: firstboot_pkgs.in « files « firstboot-pkgs « sysutils - ports - FreeBSD ports tree 21:38:01 I think the polyex, I strongly suggest NOT _editing_ a sudoers file. Instead place a full file in its entirety such as /usr/local/etc/sudoers.d/sudoers in the sudoers.d directory avoiding the need to ever edit or merge with it. 21:49:56 rwp ya that's what i'm doing. -f 21:50:19 oh, ever needing to edit it 21:50:21 hmm 21:53:49 The last line of the standard sudoers file is "@includedir /usr/local/etc/sudoers.d" which includes all files from that directory into the combined configuration. 21:54:08 ya i guess i don't ever need to edit the main file, i can just drop files in the .d 21:54:17 i need to get those files edited right first 21:54:18 Yes. By completely owning a full file in that directory it means it never needs to be edited. 21:54:36 You can also have several files in that directory if that helps things too. 21:55:06 I keep one file for most of my systems. But some systems additionally get additional files with additional configuration specific to that system and stuff there. 21:55:14 i have to set the file's perms so visudo doesn't complain 21:55:44 Permissions and ownership should be correct there regardless. visudo is simply going to enforce the rules of sudo. But you can do it yourself too. 21:57:17 ya so i have to manually change the .d/* file perms right? 21:57:41 In times before @includedir existed it was necessary to combine all of the configuration into one file. Which means merging. But after @includedir exists it is much easier to maintain separate files and never modify the main /usr/local/etc/sudoers file ever so that it never needs to be merged. 21:58:36 When you say "change" the permissions I would say "create the file and set the permissions" appropriately. That's standard for so many things in the system that isn't that just the standard operating procedure for everything? 21:59:00 oh so if i set perms on a file, tar it up, uncompress into a freebsd install, the perms will stick? wow cool 22:00:10 This is the first I read you mentioning tar but maybe you said it before and I missed it. Yes. tar will preserve users and permissions and if unpacking as root (superuser permissions to do anything) then it will set the file owner:group:mode as from the tar file. 22:01:17 Note that in BSD the group of the directory normally sets the group of files created in the directory. On other operating systems that behavior requires the set-gid bit ('s') to be set. 22:02:03 Normally non-root users unpacking a tar file do not have the ability to set the user:group outside of themselves. But of course the superuser can. 22:02:53 In the tar man page please see the section "-p, --insecure, --preserve-permissions" for the documented details of this behavior. 22:03:34 Which do accurately describe the behavior but if you want the rationale and the why behind this then wind me up about it and I will write some article on it. 22:04:43 i get wrong owner (uid, gid) should be (0, 0) on the files in the .d/. gonna have to figure that out 22:05:50 What user is unpacking? root? What user:group was packed up? "tar tvf file.tar" to see the content Table Verbosely. 22:06:00 ya root 22:06:06 just a regular user on another box 22:06:13 k sec 22:07:02 looks like my user/group is on the files in there? 22:07:12 any way to strip that out so the tar is clean of that? 22:07:53 The tar bundle was packed up that way then. Was the machine you packed this up on a Debian-like system? (I think I heard that earlier.) If so then pack it up using "fakeroot" there. 22:08:02 no freebsd 22:08:12 Then install fakeroot there and use it. 22:08:16 tar -C dir -cJvf dir.txz . 22:08:21 that's how i made archive 22:08:26 "pkg search -f fakeroot" 22:09:53 do i have to use that? 22:10:36 No. But it is convenient. It's a way to have files on disk be owned by non-root but have them bundled up into the archive with a root owned listing. 22:11:34 Okay. Strike most of the above. After unpacking simply "chown root:wheel /usr/local/etc/sudoers.d/sudoers" your file. Then "chmod 0440 /usr/local/etc/sudoers.d/sudoers". 22:13:08 Thinking somewhat more "chown 0:0 /usr/local/etc/sudoers.d/sudoers" is probably better because it is more portable across systems. Other systems use gid 0 but use a different name than wheel. Avoiding the name and using the number would work all places. 22:13:46 k trying now 22:26:22 ya that worked 22:26:35 i added chmod 440 .d/* files 22:26:39 visudo -c passes now 22:27:14 ty!! 22:27:37 in a scripted bsdinstall, i pkg install bash then i try to pw useradd ... -s bash and that errors, but pw useradd ... -s /usr/local/bin/bash works. how can i make the former work somehow? man page strongly recommends not using the path form. (pw: no default shell available or defined) which bash returns /usr/local/bin/bash, and that path is in 22:27:38 /etc/shells. 22:33:50 hm. in my system setup script, I do pw useradd ... -s zsh and it works 22:33:54 what error did you get? 22:39:44 I read the man page for pw, see that warning, and also it says shellpath is set in /etc/pw.conf which I do not have on my systems. Perhaps that is needed in order to use the short name rather than the full path? 22:40:09 aha 22:40:16 shells = "sh","csh","tcsh","bash","zsh" 22:40:55 and shellpath = "/bin:/usr/local/bin" 22:41:04 my setup script edits those into pw.conf 22:41:26 specifically it does: 22:41:43 touch "$DESTDIR/etc/pw.conf"; pw useradd -C "$DESTDIR/etc/pw.conf" -D -u 1000,3999 -i 4000,9999 -s sh; ed ... 22:43:06 I tested a few things and I think by default shellpath includes /bin but does NOT include /usr/local/bin and therefore does not allow using "-s bash" by default. Requires shellpath to add /usr/local/bin 22:44:57 Just as a side comment, in order to support #!/bin/bash scripts (blech! I hate those. But there are some.) without editing the script I create a symlink /bin/bash to /usr/local/bin/bash to pragmatically allow those to work. 22:45:24 Same thing for #!/usr/bin/perl too. 22:45:39 I just change the first line to be env 22:46:17 I would be needing to locally patch a lot of other people's code that I would prefer not to touch. I would get cooties from it I am sure. I know my eyes would bleed. 22:46:29 but… shouldn't #!bash work just as well? 22:46:46 I assume you are teasing me now! :-) 22:47:09 I mentioned that because for me with /bin/bash as a symlink using pw -s bash "worked" but I got /bin/bash in my passwd entry. 22:47:38 When I removed that symlink for the test then pw -s bash then gave the expected error. I had to set the full path in that case. 22:48:12 so create your pw.conf as detailed above 22:48:29 Also the man page for older classic chsh says that the path must match the path in /etc/shells implying one would always use the full path with chsh. 22:49:03 polyex, See what RhodiumToad said ^^ there. (It's not me it's polyx.) :-) 22:53:06 https://cgit.freebsd.org/src/tree/usr.sbin/pw/pw_conf.c#n308 shows that the compiled in default shellpath is "/bin". 22:53:08 Title: pw_conf.c « pw « usr.sbin - src - FreeBSD source tree 23:09:27 do we have to put rbash and nologin into the shells = line in pw.conf or are they implied? 23:09:52 i'm adding a pw.conf now to see if that lets scripted bsdinstall pw add a user with -s shortname 23:10:04 ty so much RhodiumToad and rwp 23:14:09 boo 23:14:17 I don't feel like doing a freebsd-update today 23:14:31 i never do them i just reinstall 23:14:46 that's fair 23:15:53 I've started it on my backup server 23:16:37 RhodiumToad ok that worked!!! i can pass -s shortname in scripted bsdinstall 23:16:46 polyex, How are you installing bash? Because a "pkg install bash" will automatically add bash and rbash to /etc/shells. 23:17:12 rwp ya same. but that doesn't add them to pw.conf 23:17:31 btw adduser still ends up showing nologin, so pw.conf shells = "..." doesn't have to include nologin 23:17:34 Meanwhile... Word of advice. Never use rbash or any of the restricted shells. They are mostly security theater being too hard to actually secure and too easy to miss something making it trivial to break out of them. 23:18:11 ya i just use csh on root (till it changes to sh in 14) and bash on user level. that good? 23:18:29 polyex, So in the grand scheme of things pw is a new thing. Previously users would use chsh and that always required the full path. (And sysadmins would just edit the /etc/passwd file directly at that time and set what they wanted.) 23:19:31 well i'm using pw because that's the only way i found to change the ENCRYPTED pass of a user 23:20:07 Of course that's fine (re csh, tcsh, sh for root). Note the presence of the "toor" user (root backwards) that can be enabled as an alternate root login account. I tend to use it. 23:20:21 that's being removed in 14 23:20:24 or 15 23:21:29 A lot of these things that exist by default or don't exist by default just exhibit the "tyranny of the default" but they are all things that can be changed by the local sysadmin. Let defaults be a guide but don't let them restrict you. 23:23:07 For me I can use csh, tcsh, sh, ksh, and others okay no problem. (Did I leave out zsh? Yes. Good.) But my fingers do know bash keybindings strongest. So I prefer to use bash. 23:23:37 But bash is in ports not base. When going through a major upgrade base will change EVERYTHING. Or at least might change everything. Which has in the past broken ports. Ports like bash. 23:24:18 I snagged myself on an upgrade previously where I had changed root's shell to /usr/local/bin/bash which would no longer work and left me without any way to log into the system by any user account that existed. It was self-inflicted of course. 23:24:54 So now I leave root as the default base contained csh or sh or whichever it happens to be okay. No problem. Then I enable and modify toor to use bash and then log into the system using it. 23:25:02 ya i never change root shell 23:25:11 That way if I break a port shell again I can still fall back to the default root shell and all will be okay. 23:25:18 ya 23:25:45 Some people choose to do the opposite. They will enable the toor user and leave it using the base shell and then modify the root shell to use a port shell. It's the same thing. Just reversed. That's fine too of course. 23:26:53 Meanwhile... I use zfs so of course Boot Environments exist so I just rebooted and booted to the previous Boot Environment and then fixed up the new Boot Environment root shell and then rebooted again and had the problem fixed in the time it took for two reboots and one file edit in the middle. Boot Environments ROCK! 23:27:02 And then could finish the major release upgrade. 23:27:26 man i can't wait to figure out how to start using boot envs 23:31:54 after install, why don't i got scripted bsdinstall's log at /tmp/bsdinstall_log like man bsdinstall says it should? or is that only during install then it gets deleted? 23:32:10 even when i try to cat it in my scripted bsdinstall it's not found 23:33:20 like a month ago someone was here with a broken /bin/sh from a freebsd-update 23:33:48 WHOA 23:33:54 how is that even possible 23:33:59 a broken update is usually unpredictable 23:34:46 cool benefits of rescue environments and backups 23:34:47 polyex, /tmp/bsdinstall_log? I was unaware of that path. Are you clearing /tmp on boot like I am? 23:35:12 ya but it's not even there DURING scripted bsdinstall 23:36:00 No idea. Browse through /usr/sbin/bsdinstall (it's a shell script) and see what it is doing? 23:38:34 Looks like "debug" needs to be set. From a quick look. 23:38:36 is that in /tmp on the install disk or the target disk? 23:39:38 I think it would be in the install disk system not the target disk system. 23:43:05 how do i make scripted bsdinstall set debug? 23:50:38 Anyone else getting dup FreeBSD Sec. update emails? 23:53:13 * meena hasn't been getting emails since Friday… 23:54:20 I just get a digest :\ 23:55:11 thedaemon: icumi https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274211 23:55:14 Title: 274211 – lang/tcc: Crashes with SIGSEGV on 14.x / 15.0-CURRENT when compiling hello world 23:59:52 in a scripted bsdinstall, how do we set the system timezone? just tzsetup UTC?