hi

How can I give permission to an user to execute 'at' queue?

"at: you do not have permission to use this program"

Found!

ferz: tell us what you found!

Guys, does anyone know how FreeBSD's `struct link_map` work? I'm iterating through it on my program by doing the following:

- Call `dlopen` with `filename` set to `NULL` (returns the head of the linked list)

- Loop through the link chain using the `l_next` field.

It's weird though - the last value of the linked list is not null - it is `0x10000000` and I don't understand why.

Also, the `l_addr` is always NULL for all the modules loaded

Where can I find more info about this?

I'm also having problems with: `Note type: 0x1 is not supported for owner: 'FreeBSD'` after `ptrace` calls

I don't even know what that means

does anyone know how wireguard (if_wg) is supposed to work in FreeBSD 14.0? there doesnt appear to be a way to get it to start via rc.conf and the old wireguard package doesnt work on 14.0 either

do you not configure it like any other ifconfig_wg0

no it doesnt use inet/netmask parameters

the existing pkg uses wireguard_enable="YES" & wireguard_interfaces="wg0" which loads all of the settings from /usr/local/etc/wireguard/wg0.conf

it can be done manually using: ifconfig wg0 create && wg addconf wg0 /usr/local/etc/wireguard/wg0.conf

surely this should be integrated into rc.conf though?

mjp: have you tried having the kernel module wg load on boot?

oh scratch that.. i missed the sentence above

yes its already loaded... not that its needed, it can be loaded after boot with kldload wg_if

I feels like FreeBSD 14.0 may have left eveyone in a position where they have to write their own rc.d/init scripts for wireguard?

maybe i am missing it.. you ahve the kernel loaded but you can not configure wg module?

i can configure it after boot by hand... but i'm trying to configure it in rc.conf so the interface (and all its settings) are loaded on each boot

its like just the if_wg module was included in 14.0 but none of the associated scripting for rc.d to make it work on boot

I'll continue to play around with rc.conf and see if i can find any documentation that will enable it to work, but so far its not looking promising

meh, i just use the rc script still in ports

> 22:07 < mjp> it can be done manually using: ifconfig wg0 create && wg addconf wg0

that's not quite a match for what the script in ports does

i am reading some forum posts and confir with kevans

is this a fresh 14.0 install or an upgrade from 13.2?

there's some sugar added atop for, e.g., DNS and stuff that it strips out

it wasn't feasible to bring wg-quick into base, but it's still in the wireguard-tools package that's compatible with base kmod

fresh 14.0 install

my first challenge was just to make wireguard bring up the interface and show the pub/priv keys, listen port etc. once that was done i was going to look at routing/forwarding/nat/pf etc. but i'm currently stuck even making wireguard load on boot

I did try using the wireguard (and deps) pkg but it did not bring up the if so assume it was broken on 14.0

the wireguard package actually has this notice on install: This port is deprecated; you may wish to reconsider installing it: Only useful for FreeBSD 12 which is EoL soon. It is scheduled to be removed on or after 2023-12-31.

i'm off for now but will be back on in ~4 hours to continue troubleshooting

net/wireguard-tools isn't deprecated, just the other ones

should be just fine on 14, I've been using it since before stable/14 branched

i will see if i can find any notes but it does not look to be deprecated.. notes state it is valid

net/wireguard is a meta-port that brings in wireguard-tools and wireguard-kmod, wireguard-kmod and the metaport are both going away

kevans: i do not have experience with wireguard but maybe "sharing" how you get it to load on boot may help?

nothing special, just set wireguard_enable=YES and wireguard_interfaces=wg0 in rc.conf

i see a lot of ways to load it on 13.2 which with a little "leap" could work on 14.0, one would think

it mentions those modules.. maybe mjp retrace your steps and see if there is a miss?

the only change from ports perspective is that the kmod moved into base, the binary interface remained exactly the same pretty much since we added the new version of the kmod to ports in the first place

got it partially working using wireguard-tools, thanks

I just found I had an incorrect Address in /usr/local/etc/wireguard/wg0.conf which caused a 'ifconfig: ioctl (SIOCAIFADDR): File exists' error when I first tried using the script

Hm, that nickname seems familiar..

meena: man at :-) If there is any /var/at/at.[allow|deny].file only root can use at.

s/is/isn't/

all working now :)

all ZFS users should #> sudo sysctl vfs.zfs.dmu_offset_next_sync=0 ASAP

mage: Why? What happened?

there is a currently silent data corruption bug

it looks serious openzfs/zfs #15526#issuecomment-1823737998

Title: some copied files are corrupted (chunks replaced by zeros) · Issue #15526 · openzfs/zfs · GitHub

15526 – [NEW PORT] security/pgpgpg: a wrapper for GnuPG to emulate PGP 2.6 bugs.freebsd.org/bugzilla/show_bug.cgi?id=15526

mage: Done. Should I add it into sysctl.conf file as well? For next boots.

I would, until an EN is issued

mage: thank you for this information

Title: PSA: it's not block cloning, it's a data corruption bug on reads in ZFS 2.1.4+, set zfs_dmu_offset_next_sync=0 : zfs

18 months with a silent corruption bug in ZFS.

but does it actually affect FreeBSD specifically

also guess I will ask here too:

Good question.

does anyone know what changed in periodic in 14.0 so massively that my load averages jump to 2.0 for 2+ hours?

comparison between Nov 18th, 13.2-RELEASE-p5, and Nov 23rd, 14.0-RELEASE: i.koumakan.jp/2023-11-24/1700820947.png vs i.koumakan.jp/2023-11-24/1700820981.png

I think this is somewhat abnormal

(the load jump has happened every single run since the upgrade)

Remilia: May I ask, what's the name of that interface?

tercaL, what do you mean?

Remilia: The software that you check your CPU loads

oh, that's just grafana with Prometheus storage and data from node_exporter, haproxy exporter, and php-fpm exporter among others

Thank you

Remilia: my first instinct is to look what has changed in the code, and I'm not seeing anything exciting in the periodic scripts

i'm updating from 13.2 to 14.0 (on amd64), but the kernel config failed because: 'unknown option "IMAGACT_BINMISC"'. has this option been renamed? or is it no longer available? i use it to build ports for arm64, so i hope it hasn't been removed... i couldn't find anything in the 14.0 release notes

makes me wonder if it's a ZFS thing

it says 'I'm a Gackt'

unixwitch: wasn't it the default since 2014?

Remilia: as in, it's included even if not in the config?

ah... apparently it was renamed to IMGACT_BINMISC at some point

Title: Fix a typo in the binmisc option name · freebsd/freebsd-src@eb6f488 · GitHub

at this point, it seems

unixwitch: the GENERIC kernel from 14 has it btw: /root/GENERIC/kernel/boot/kernel/imgact_binmisc.ko

so it really seems to be the default

yeah, i just prefer to build things i want into the kernel rather than using modules

(except for vmm.ko because the maintainer has some objection to doing that :-)

are you sure it really becomes built in

sometimes stuff stays a module

pretty sure, because it works even though i never loaded it as a module

(hm... maybe i'll check though)

Remilia: yes, it definitely seems to be built in, binmiscctl works even though the module isn't loaded: bsd.to/2796

Title: dpaste/2796 (Plain Text)

I see

seeing a weird issue on 14.0-RELEASE where starting jails causes a kernel panic (although it looks ZFS-related)... just me? bugs.freebsd.org/bugzilla/show_bug.cgi?id=275306 panic: VERIFY0(0 == spa_do_crypt_abd(B_TRUE, spa, &zio->io_bookmark, BP_GET_TYPE(bp), BP_GET_DEDUP(bp), BP_SHOULD_BYTESWAP(bp), salt, iv, mac, psize, zio->io_abd, eabd, &no_crypt)) failed (0 == 5)

Title: 275306 – 14.0-RELEASE: starting jail causes panic

mage: that OID doesn't exist on FreeBSD 15-CURRENT.

Oh, nevermind, I typo'd.

o/

I cannot get my YubiKey to do show up for my 2FA, it works fine with the Touch interface and that key, but the Yubi dekstop app doesn't show it. The Yubi config app does. I have search and tried all the things I could. Anyone have any suggestions?

How to flush disk cache? echo 1 > /proc/sys/vm/drop_caches; does not work

FreeBSD isn't Linux.

from my recent investigation, the only way is to try unmounting. even unsuccessful (in-use) unmounts will flush cache

however I think this doesn't work on root filesystem, it bails out too early

so how do I flush on freebsd?

sync(1)?

The question is, what are you trying to accomplish?

debdrup: my postgres query is using cache and I want to test performance without it

meena: I did `sync`. It still uses it.

sync(8) or zpool-sync(8) will flush outstanding writes to disk, but "flush disk cache" is ambiguous when you're using Linux terminology because it can either mean "ensure what's in-flight has been written), or it can mean invalidating the unified buffer cache

simply `sync` by root?

If your postgres database is on ZFS, you can set sync=always to force all writes to always be synchronous - but since postgres is a RDBMS, so it does basically everything via synchronous writes unless you set sync=disabled on ZFS.

What do you mean "postgres query is using cache"?

debdrup: pastebin.mozilla.org/xh6uE6f2 see `memoize`

Title: Mozilla Community Pastebin/xh6uE6f2 (SQL)

So set enable_memoize=false.

Title: PostgreSQL: Documentation: 14: 20.7. Query Planning

debdrup: i don't think postgres uses O_DIRECT/O_SYNC?

Hello71: it uses fsync and, rather famously, fdatasync.

debdrup: thank you! that worked

It can use o_sync for the WAL if memory serves, but by default it's using f_sync.

do you really need to be root to be able to use sync though

It's in section 8 of the manual pages..

I think disabliing memoize fixed. No need for sync tamper now

Hello71: it uses whatever wal_sync_method says, fsync is default for the port

though the configuration file says 'fdatasync (default on Linux and FreeBSD)', I think the port defaults to fsync?

or was it during the Bug Times

FreeBSD did the right thing, I remember that much. It might've been changed for things not FreeBSD, but since that didn't affect me, I wasn't paying a lot of attention.

What is freebsd best for? only servers? I think I am trying to mix it with server and desktop usage. But even as in servers, there are issues with puppeteer, node versions,

I stand corrected, it is fdatasync

checked run-time configuration

Beladona: it is typically best for what you have good knowledge of

also please do not taint FreeBSD by running node on it

Beladona: that question comes off as being incredibly troll-ish, so I'd kindly ask you to refrain.

debdrup: ok sure but I am genuinly disturbed. I don't want to switch. Surely I am doing something wrong. I can refrain if you want from this topic (just because you think its trollish).

Beladona: You really don't need to free up that

HIA: free up what ?

is there a way to label disks for zfs replacement similar to the way linux uses /dev/disk/by-id/MODEL-SN?

it would be a lot nicer to be able to easily identify broken disks in my nas

is that something bsdlabel would do?

use smartctl to get model and s/n?

bsdlabel is not for that

there is glabel, though, and you can also set labels for GPT

rwp: i am officially off linux for synology work and installed freebsd 14.0 on the machine.. now time to get the 3 drives setup in a pool for awesomeness :)

CueXXIII: yes. that i can do. but what if you're in a situation where a disk completely dies?

and smartctl doesn't work on it to identify it?

Macer: set GPT labels

it would be nice if it showed information in zpool status for easier identification

look at all other disks and don't replace those?

CueXXIII: I have 30 disks in it

ok…

process of elimination would be a bit much vs just finding a way to label them

Remilia: ah ok. i'll take a look at that

zfs allows you to use GPT labels for the pool members

Remilia: yeah i really wish i had them. can these be changed after the fact?

or is this something that can only be done during creation?

that would probably involve ejecting a member from the pool :\

yeah that's what i'm doing now just because a disk died.

the pool was imported from elsewhere so i guess it is what it is now

for imported pools, if the GPT partitions *had* labels, zpool import should probably have picked that up

they didn't heh

i'll see what i can do with the disk i'm about to replace and see if maybe i can find a way to actually label them.

it seems like if maybe you label all the disks, export the pool, then import again it shoudl use labels vs dev/daxx

who knows :|

but generally I would not rely on tyhat

that*

ok. i have the new disk in and i copied the partition table to it.. just need to sort out how to label p2

HIA: I didn't understood

gpart modify -l R03-01_Seagate_Ironwolf_SERIAL /dev/da14p2

gpart: Option 'i' not specified.

hm... not really sure what to do with that -i it is asking for

ah ok. it's the index of the partition table.

ls /dev/gpt/ R03-01_Seagate_Ironwolf_--------

so i should be able to treat that like a partition when replacing the partition in zfs right?

the label? yeah you can just use use /dev/gpt/label as a device

isley: thanks. i started the replacement / resilver now ... seems to be doing stuff so i'll see how it goes

so if i label all the disks one by one... and replace them with the label. would that essentially resilver each one with the new label even if it's the same disk?

\l/

i am going to throw it out there, has anyone tried using openzfs and time machine backups netalalk in particular

voy4g3r2: Last time I had to use Netatalk for Time Machine, ZFS wasn't a think, or was just starting to be a thing but wasn't in FreeBSD. Seems like a match made in Heaven.

a thing*

Time Machine would occasionally corrupt itself and require a full back-up again which obviously isn't ideal, and ZFS snapshots would have been an amazingly pleasant solution to it.

mason: yeah, i am struggling with afp:// to see shares

voy4g3r2: It was quite literally a couple decades ago here, but it *did* work at the time, and the back end shouldn't matter much. That said, I believe Time Machine might also work over Samba, and that might offer a more pleasant experience nowadays.

hrm.. let me give that a try

because mac os x just says i can not find shares..

voy4g3r2: It's worth exploring anyway. Last I heard, Netatalk was on life support, if that.

voy4g3r2: Ah! And I'm wrong about that. I see fairly recent commits here: github.com/Netatalk/Netatalk

Title: GitHub - Netatalk/netatalk: Netatalk is a freely-available Open Source AFP fileserver. A UNIX, Linux or BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP)

why didn't i try that.. it has documentation :)

i was using old tutorials to figure out how to setup /usr/local/etc/afp.conf

Someone knows why opie(4) was removed from FreeBSD 14 base system ?

devnull: it was old and unmaintained

and ssh keys generally preferred to telnet.

Title: ⚙ D17118 Add OPIE deprecation notice

rafe: it was removed, with very little ceremony

I was very occasionally using that.... Like, once a decade.

rtprio and rafe, thanks for information

I'm new to freebsd and am trying to debug some assembly code that uses SSE2 instructions (and the XMMn) registers. I have an odd failure were a multiply fails consistently, but when I debug it and single step the instruction it works. Any clue?

Cheyenne: reminds me of the job interview questions I got at a large DJ gear company in Berlin.

voy4g3r2, Then I assume the data recovery was complete? Cool! Glad to hear you were successful. Persistence and tenacity will always triumph in the end.

Macer, Look at man zpool-import the -d dir|device option. One can change a zpool from one device naming to another device naming at import time by using -d /dev/gpt to force finding the gpt labels first.

The downside of that is that one needs to boot rescue media or other live boot media and then import the pool there in order to change to the labels.

Otherwise the only way I know how to do it is to replace each disk one at a time with the new label and let it sync each disk. Not terrible for a small number of disks but more tedious for a large number of disks.

For ZFS hot swap arrays I always use a combination of drive bay location and drive serial number in the gpt label to identify the drive.

Title: borked zfs pool - Pastebin.com

have my own data recovery going on lol