another question related to jails networking using vtnet, would anyone recommend netgraph instead of "classical" epair + bridge ?

RhodiumToad: hm...I'm lost

anyone know why the redmine package was removed in 13? I can't believe all the shit I have to build just to reinstall it lol

From /usr/ports/MOVED: www/redmine42||2023-06-30|Has expired: Broken with all supported Ruby versions

ah, so I guess at some point redmine50 (which is a port) will be an available package?

Search bugs.freebsd.org/bugzilla for any other details

Title: FreeBSD Bugzilla Main Page

parv thanks

pjs: is it not already a package?

If anyone would care to send the update (or new port) as patch

RhodiumToad: doesn't appear to be.. I've even `pkg update` and it's not there

pjs, RhodiumToad, Sorry, did not see "redmine50" port

it seems to be missing on some architectures, maybe build problems

what ABI are you looking for packages for, and which repo?

FreeBSD:13:amd64 seems to be the one missing tier1 build

Yea, that's what I'm on

(latest, not quarterly)

took a few hours but the build is done

looks like the last package build for it failed because x265 failed

also looks like there's a 13/amd64/latest build running now, with about 18? hours to go, which will contain the package

the worst part is I actually run it from a git checkout, just use the package to install the dependencies. I updated from 12.x to 13.2 (I know, I know) today and the package disappeared and I didn't realize it uninstalled it lol. So fun times ensued but all good now

18 hours? wow

yeah, package builds these days typically take 4-5 days

wow, just not enough resources or what?

the builder machines aren't small :-)

I imagine not heh

see pkg-status.freebsd.org/beefy16/buil…132amd64-default&build=1129bbfc327e if curious

Title: Poudriere bulk results

that one doesn't look as bad as most, 72 elapsed hours and 80% done gives an estimated 3.75 days total

there's at least three ports with >24hour build times, but in that build they're already done

oh I see, you mean it takes that time to build ALL packages

(chromium x2 and iridium)

I thought you meant just redmine lol

right, but packages don't appear in the repo until (some time after) the whole build run is done

right

No worries either way. redmine is back and it's Saturday so no one cares it was down hehe

redmine itself took only 2.5 minutes, presumably mostly installing dependencies

Thanks for the info though. I hadn't seen that pkg-status site before

it's not easy to navigate if you don't have ipv6 (possibly even if you do have ipv6)

builders still don't use ccache?

No one wants to eat the init. cost of it?

wouldn't help with some of the larger issues, and you'd need a monster size cache

one of the issues for example is that curl updates very often, and rebuilding curl forces a rebuild of rust, and hence all rust-dependent ports

building rust is a drag

zeylos: i recall seeing someone test that and netgraph was noticably slower than epair+bridge in the same configuration, although i don't remember the details or where i saw it

Hi all, anyway to use rsnapshot backup to include /zroot bhyve vms installed?

can a wireguard Endpoint have multiple ips or only ever 1?

i think it can only have one

In config file I have included /, but seems the VMs folder under /zroot is not included in the backup file.

nvm, got it...

anyone around who knows the NFS kernel code? the nfs client on this system seems to have locked up, kgdb shows: bsd.to/ZPOp

Title: dpaste/ZPOp (Plain Text)

ive upgraded to freebsd 14 and now my vms cannot connect to the internet ive checked my configuration and everything looks the same as it was on my freebsd 13.2 box

not sure what else i need to check

bsdbandit: what virtualization?

bhyve

do you use vm-bhyve or something similar?

im running bhyve on freebsd 14

im thinking about rolling back to freebsd 13.2

are your interfaces the same? are the bridges created properly?

yeah

its like as soon as i upgraded to 14 i started having these issues

there no way to make unbound read data from /etc/hosts?

can you show your topology?

polyex: i don't think so

that's not how the resolver works

in an environment where you want to serve /etc/hosts to clients, dnsmasq might be more appropriate as it's more designed for that kind of situation

this is a fun bug: bugs.freebsd.org/bugzilla/show_bug.cgi?id=275871 - zfs+union can result in creating a file with '/' in its name

what's weird is i feel like it's already working. i can ssh myothermachine and it connects, but myothermachine's ip is only in /etc/hosts

Title: 275871 – [unionfs] [nullfs] [zfs] corrupt filesystem

yet i'm using unbound

polyex: if it's in /etc/hosts on the machine running the ssh client that's expected, as /etc/nsswitch.conf uses both files and dns by default

oh wow wtf is nsswitch.conf dont think i ever looked at this

it configures where the system looks for name service databases (users, groups, hosts, and a few other things). the default for hosts is 'files dns' because you wouldn't want the system to stop using /etc/hosts just because you configured a DNS server in /etc/resolv.conf, that would make /etc/hosts fairly useless

so why can't i type 'host myothermachine' and get its ip back?

because host(1) doesn't use the system NSS database, its purpose is specifically to make DNS queries. try 'getent hosts myothermachine' instead, which will use nss (and therefore /etc/hosts)

wow! tyvm

why does chrony require dns for time service to work?

polyex: It wants to pull time from a reliable public source.

i also learned i can replace the hostname in chrony.conf with its ip and it doesn't complain

polyex: your local resolver should check /etc/hosts

why can i get a result for host www.foo.org but if i try to ping it i get udp connect no route to host, but if i ping the ip directly it works!?

Different resolver behaviours.

hmm

what makes ping hostname fail with udp error?

you get a UDP error from ping? can you show the entire error?

ping should be using icmp not udp, how can you get udp connect no route to host?

ping: UDP connect: No route to host

from ping www.foo.org

On the surface I don't see how that would be possible. I would like to learn how that might be possible.

this seems to be related to ping's attempt to determine the source address in the IPv6 case, most likely you're using an IPv4 literal but the hostname resolves to an IPv6 address, which ping prefers

(see src/sbin/ping/ping6.c:1059)

you could use 'ping -4' to fix the problem (probably) but it seems like a bug that it does this instead of just falling back to IPv4

i dont have any ipv6 rules set by pf so it's prolly blocked

that worked!!!

ping -4 www.foo.org works

do you have non-link-local IPv6 addresses assigned to the but no IPv6 default route or something like that?

s/to the/to the host/

i have ip6addrctl_enable = NO

does seem like a bug to not fallback

why did you set that to NO? if you don't want to use IPv6 at all, the default address selection behaviour should just prefer IPv4 when no routable IPv6 addresses are assigned

tried to turn whatever ipv6 shit i found off to keep it simple. didn't find any clear doc on how to turn ipv6 off

i wouldn't be surprised if that was (directly or indirectly) the cause of this problem, the default configuration is designed to just not use IPv6 when you don't configure it

although it does seem like that setting alone shouldn't actually break it

if you're sure i'll take that out

well, i can't comment on your network, but it's very unusual to need to change the address selection policy. although presumably enough people asked for it that they added a setting for it...

i also have ipv6_network_interfaces = NONE because default is auto. is that unneeded?

I am connected on an IPv4 only network and I don't do anything special to disable IPv6 and everything works for me.

from what i remember (although i don't have any IPv4-only hosts to check this), getaddrinfo(3), which is what ping uses to determine if it should do a v4 or v6 ping, shouldn't return IPv6 addresses if the system has no routable IPv6 addresses configured

ok ya disabling those 2 doesn't seem to add any ipv6 stufff to ifconfig automatically

polyex: there should be no need to configure that either. the default behaviour is to just bring up IPv6 link-local addresses on each interface (which are not routable). if you're using a firewall, you can just block all inet6 traffic (which is much more reliable anyway). is this system running PPPoE or something like that? perhaps the peer assigns it an IPv6 address

guess i'll delete that

(Wireguard or other VPNs might also do this)

i'm blocking all ipv6 in fw too ya

ok ya taking out ipv6_network_interfaces = NONE also didn't seem to add any new ipv6 shit to ifconfig

fwiw i just tested this and i can't reproduce your issue: dpaste.com/9BKWB24ZK - removing the IPv6 address just makes ping use IPv4, which is what i'd expect

Title: dpaste: 9BKWB24ZK

did you have ipv6_network_interfaces = NONE too?

no. i just mean in the normal case (with no unusual configuration) it seems to work

I did a truss ping -c3 example.com (which has an IPv6 address) and it shows that there is an immediate connect IPv6 addr No route to host and then it falls back to IPv4.

k well i'm taking those out and will try ping again

fwiw, if you want to completely disable IPv6, the correct method is to remove INET6 from the kernel and then set WITHOUT_INET6=yes in /etc/src.conf and build world. but that's probably not worth the effort

(also, i wouldn't be surprised if this breaks some ports or other stuff, it's probably only really tested on embedded systems)

ya not worth it i'm gonna start using ipv6 soon anyway

well ping works without the -4 hack now ofc

uh

i just have ip6addrctl_policy="ipv4_prefer" but i didn't follow everything

rtprio shouldn't AUTO choose that if no ipv6 ip is configured?

Got a question. In 2023; nanobsd or poudriere is the way to go to build a FreeBSD image for an appliance, i.e. an old Soekris - that is still not dead.

is there a way to find out why poudriere built a particular package (i.e., what other packages depend on it)?

unixwitch: pkg info?

syslogd_flags="-ss" what's -ss mean and how am i supposed to find it myself?

polyex: man syslogd

(that should answer both questions)

TommyC: i was hoping for something that would work for build-depends too, or does the pkg metadata include that?

omg i was looking in syslog.conf but that's dumb

ty

unixwitch: I can't recall off the top of my head. There probably is, though.

unixwitch: pkg rquery '%rn' $dependedpkg

kenrap: that doesn't seem to include build dependencies... for example texlive-base lists tex-formats, but tex-formats lists nothing. i'd like to know why poudriere built texlive-base

unixwitch: I haven't followed the whole discussion, but maybe 'cd /usr/ports/.../... ; make missing" helps?

make missing also includes build time dependencies...

elirco: aiui that would show me what this package requires to build, but what i want is to know what other packages (in the set of packages that poudriere is building) require this package to build

ah ic, the other way round...

good morning

unixwitch: I'm guessing using "%dn" was probably what you wanted instead e.g. `pkg rquery "%dn" texlive-base`. In addition to the build deps, I suppose you could use poudriere-testport(8) to discover them through the build output.

kenrap: isn't %dn just the list of the package's own dependencies?

unixwitch: you're right, nevermind on that one

i'm sure i saw this information somewhere in the poudriere HTML output, but i can't find it now, and iirc it also vanished after the build was finished...

can freebsd boot with secure boot enabled bios?

Miles8of9, atm no.

Title: SecureBoot - FreeBSD Wiki

from the task list, it seems like you *could* use secure boot, but you'd have to enroll your owns keys and sign the loader yourself

Title: FreeBSD UEFI Secure Boot – FreeBSD Foundation

unixwitch: poudrieres html contains *one* reason in the queue part, maybe portgraph can help, but no idea if it can take multiple ports as starting point

wow, drm-kmod actually supports the integrated graphics on this ancient intel laptop. i'm mildly surprised

..

i seem to be unable to run openvpn on user nobody in FreeBSD 14

do you get an error message

no

well, it has to do network stuff, would be strange if 'nobody' where allowed to configure that stuff

it's bufg

bug

openvpn starts as root then drops privileges

that's the desired behavior

on 14 if i do that i see configured interface tun0 and no openvpn on the process list

and the whole thing isn't working

Merry yule to all those who celebrate

mfm_: poudriere-image(8) with the firmware type

debdrup: Merry yule to all... -> Scandinavian I suppose?

pr-asadi: Danish, so yes

I know we're largely indistinguishable to everyone but ourselves :D

Scandinavian: Swedes, Danes, Norwegians. Right?

Since it's off-topic, would you not mind if we continue in private?

well this is awkward: pid 1131 (kadmind), jid 0, uid 0: exited on signal 11 (no core dump - bad address)

apparently something has broken adding principals to kerberos

pr-asadi: yea, Scandinavia is just those three countries, for what's now mostly-historic reasons.

I prefer keeping conversations in public, and since there ain't much going on, it's probably fine.

unixwitch: last time I played with Kerberos was when using NFS.

debdrup: i use it for NFS and SSH

(i know, ssh keys, but... i already have it for nfs)

I've been eyeing ssh certs instead of keys lately.

at least i got a backtrace, time to file my third bug this week :-)

debdrup: I prefer keeping conversations... -> I thought off-topic is not allowed on technical/supporting channels.

unixwitch: I hope it has symbols :D

debdrup: i might consider SSH certs in a large organisation, but for our home/soho network it's way overkill. last time i was in that position i wrote a custom script to pull them from LDAP, which actually worked pretty well, but certs seem a bit neater.

pr-asadi: We've gone back and forth; we have -social where we can move things to if things are busy (ie. multiple people are helping multiple other people), but if it's relatively quiet, I think it's fine to keep it in here.

unixwitch: what's this over---kill..? I do not comprehend.

If I could see through walls, I could eye the full rack I've got sitting...

debdrup: Well then, what are the historic reasons? I am fond of Nordic(And proto-Nordic) people. We have -social? You meant "#freebsd-social"?

Yes, we do have #freebsd-social.

pr-asadi: Denmark, Norway, and Sweden are the countries that the Vikings spread out from, and we've had more to do with each other throughout our shared history than any other country. In addition, we also have a common language root (Norse, though not the same dialect), so we're all mutually intelligeble to each other (though people not from here can have a hard time understanding the suble linguistic

differences)

English-speaking folks often think Scandinavia = Nordic, so they sometimes include Faroe Islands, Greenland, Iceland, and even Finland - but while most of those are countries that the Vikings settled/colonized, they're not strictly part of Scandinavia.

debdrup: I am well aware of your shared-history. Yeah, Norse. I am fond of Scandinavian(Including Proto-Scandinavian) people.

Yes, I am well aware of that as well(The people include Finland and some others when talking about Scandinavia).

debdrup: I assume you are an old-ways believer, am I right?

apparently the problem is that my openssl's md4 is broken. did support for that get removed?

pr-asadi: you'd assume wrong.

unixwitch: I honestly wouldn't be shocked if it has been removed.

pr-asadi: there's a place for tradition for the sake of tradition (I mean, why else do it?), but I think it's erroneous to assume that things were better in the old days, because a LOT of things about the past sucked, and if we're not prepared to learn from them, we're doomed to repeat them.

Knowing history, though, is the first step in trying to learn from it.

debdrup: thank You!

Title: Bug Access Denied

hm

not publisjhed yet

so there's meant to be a [kadmin] default_keys = ... option to disable arcfour-hmac-md5, but it doesn't seem to do anything, it still tries to generate the arcfour-hmac-md5 key

debdrup: Excuse me sir, did I miss any messages after my last message? I got disconnectd.

unixwitch thank you (for epair + bridge vs netgraph), I indeed saw similar stuff on the mailing list archive, I'll keep it classical and not do too much crazy stuff :)

rwp: did u get your banana pi running?

i am going to try over vacation

(: i will let u know if i succeed

Hello FreeBSD. I need some help on locale ,there 's no my THAI locale "locale -a | grep TH" How can I manually add my locale language ?

I have installed KDE Dekstop on FreeBSD14.0 , no apps can display Thai Language

jediikai: what's your current locale?

As I recall "en_EN.UTF8"

i see that th_TH is missing, sadly, but with any UTF-8 locale you should be able to see Thai language

ok I could use some help here, I did a fresh install of 14.0 in a zfs fs on an existing system and now it won't boot, I try to use the install cd which will boot to bectl activate the old or the new install and i get a libbe_init("") failed. what's up with that?

yuripv: I think so ,but I am not able to see any Thai Chars, I have used Ubuntu It contains th_TH Can I copy to FreeBSD But I don't know how to do

crb: at which point does it not boot? can you capture the last few lines

rtprio, yes I can but I'd have to go back and boot it again and type them by hand stand by

failed to find boot able partition /boot/lua/loader.lua: no such file or directory

also before that Setting currdev to zfs:zroot/ROOT/13.1

13.1, eh

rtprio, I installed a 14.0 system which booted fine but I needed some information from the old install so I tried to bectl activate 13.1 and now nothing boots

:| i'm not sure how you'd recover from that

rtprio: yes I am not either I can boot the install disk and open a recovery shell but I can't run bectl

i don't think you'd be able to;

wait, if this was a fresh install i'm confused where 13.1 is coming from

crb: it may be sufficient to just set the bootfs property on the root pool to the correct filesystem

which you should be able to do in the recovery system

unixwitch, yes I've come to that conclusion but I'm not sure how to do that I keep getting invalid property bootfs

so I'm obviously doing it wrong

soo I

so I'm googling now to try to figure out how to do that

zpool set .... trying that now

that did it

unixwitch; thanks