babz: anyway, my /usr/src belongs to my user. I keep it in sync with git.freebsd.org, and push my own changes to codeberg.org

but because I don't want my machine to exclusively be used for building FreeBSD, I keep up to date via PkgBase

does anyone run thin jails inside thick jails? and i wonder what the overhead cost is for the middle jail?

I just do thick jails for everything these days… until podman becomes production ready?

how much extra disk and extra ram does it take to run a thick jail vs a zfs template cloned thin jail?

guesstimate

meena: ^

openbsd has a convention of putting the main nic of a comp in the "egress" group. does freebsd have a convention like that?

has anyone seen where man pages require groff to be installed to be able to render? for example man cxgbetool

well lets see how this git pull request goes.. freebsd/freebsd-src #1072 and lets see how bad it is..

Title: A set of changes to manual pages that were identified to be out of alignment by chrisdavidson · Pull Request #1072 · freebsd/freebsd-src · GitHub

tap tap tap... this thing on? Just going through my list of apps to get working on freebsd, got to hexchat. Yay!

nice!

indeed, it is. So much cleaner than some other OSes.

openbsd has a convention of putting the main nic of a comp in the "egress" group. does freebsd have a convention like that?

i am not familar with that alepzi-

is there something in particular you are looking for, from open to free?

pledge() would be nice :3

voy4g3r2: nice work on the PR

voy4g3r2: some nitpicking review coming your way :D

uh oh...

does anyone run thin jails inside thick jails? and i wonder what the overhead cost is for the middle jail?

yuripv: thank you :)

i do not know if i am struggling more figuring out man pages.. or this damn git

yuripv: you bring up some real good points and that zzz one is just weird

zzz does NOT exist on armv7 but does on amd64

i have started to a major of the work on amd64 now

but you are changing the x86-only man page

guess it doesn't get installed on arm as well

yes, i thought i "fixed" that mistake

i am also breaking up pull reguest into smaller commits

it is my, hopefully right, understanding.. i can have multiple commits in one pull request, corret?

yes, you can

sweet, okay

and i prefer to err on the side of more commits if i'm unsure, because the committer can squash them if needed before committing

whereas 'un-squashing' a big commit is much harder

yeah, a few people highlighted that in the pull request

and also here too

yuripv: i appreciate the reviews.. its late here but will tackle these in smaller commits, i do appreciate the input/comments

voy4g3r2: also i noticed you had a couple of merge commits in the PR, you might want to read up on rebasing (git pull --rebase) to avoid those. it's not a big deal though, just that rebasing is more common than normal merging nowadays

yeah, that was a nightmare

i thought it was taken out, guess not.. but some light reading before bed, thank you!

voy4g3r2: one thing to share if you're still around. Splitting commits into smaller ones via unstaging specific hunks in a file can get tedious in general. For this situation it be might be better to soft reset your commit and make each file their own commit.

is AF_LINK the right address family to represent an ethernet interface's hardware address?

if we don't want any local logging can we just have remote logging configured in syslogd.conf and no local logging will happen?

handbook implied local logging is always required even when remote logging

i don't see any reason why that wouldn't work, but not everything in /var/log is created by syslog (some of it comes from daily, for example, like the *.today files)

how reliable is remote logging? likelyhood of getting messages dropped here and there?

each message is a single UDP packet with no acknowledge or retry, so messages will be dropped if the network is congested or if the remote host is down or busy

can you adjust the buffer size for remote logging or how does send queuing work?

the buffer size on the client, sending side

i've never tried that, perhaps net.inet.udp.recvspace would work on the receiving side

in practice how often do you see log messages dropping when there's machine and network capacity available?

never due to network congestion, often due to rebooting hosts or other maintenance work (so i would never rely on remote syslog alone, unless there was no other option)

ok sounds like there's a reason for a reliable log shipper then and just use syslog for local

does anyone run thin jails inside thick jails? and i wonder what the overhead cost is for the middle jail?

do we not have == for structs yet in C? that would be quite useful when dealing with basic data structs... surprised this isn't there given the other usability features we've got recently

Hi there, I'm start having SATA drives detach / periph destroyed again

This happening almost on all machines regardless of drive or system brand

zfs raid 0 - mirror become degraded, one drive become offline for couple of seconds and back online again

here is the sample from the log: bsd.to/0VPk#edit

Title: dpaste/0VPk (Plain Code)

you can find plenty of similar message in forums, eg: forums.freebsd.org/threads/random-drive-detachments-from-host.89135

Title: ZFS - Random drive detachments from host | The FreeBSD Forums

there is literally no issues with hard drives, drives where tested with all possible tests.

also, this never happen to the primary/boot drive, even if drives are switched

also old hard drives (5-7yo) which is still in the raid - never had this issue

meena: i went with Unlicense for netd because i prefer the text (it's a lot shorter than CC0) and more appropriate to software

interestingly Google forbids both CC0 and Unlicense

lw: it's not in here, docs.freebsd.org/en/articles/license-guide/#_acceptable_licenses so if you want to get it into base, you'll either have to negotiate with core@, or reticence

Title: FreeBSD Licensing Policy | FreeBSD Documentation Portal

meena: i'm not that bothered about it going into base but, if someone wanted to import it, they could simply relicense it under BSD

(if this ever happens, and there's an issue with that, perhaps i'll revisit this)

right. it's public domain, they could just do that

fwiw i'm not writing this with the intention of it being merged, i'd be fine if it was just in ports. mostly because i think the amount of bikeshedding needed for that to happen would be far more than i care to subject myself to :-)

i need to check you can completely disable rc(8)'s networking stuff though, if not i may end up submitting some patches for that

👍

lw: btw, if you're planning to use ucl for the config format, which, again, it's right there! do why not?! meka has some example code for for to go between nvlist and ucl: github.com/mekanix/freebsd-project/tree/master

Title: GitHub - mekanix/freebsd-project: Skeleton of ideal FreeBSD project

meena: i was hoping to avoid having any kind of configuration file

for now i'm going to use nvlist_pack()/nvlist_unpack() to store the state database... i suppose it could use ucl or something later if that seems useful

but the idea is you just configure it with netctl, there should never be any need to edit files

ah

perhaps ucl is useful to let people manually repair the state in case of bugs

as there are nvlist_send() and nvlist_recv() and they don't note any compability constraints, I would guess they use the same format (except that you can send file-desciptors if you use unix sockets) and it remains stable, especially as there is a note that byteorder gets handled automatically and you don't have to worry about it

TommyC: whenever i write C++ code, i end up getting distracted trying to implement all the things the standard is missing, like Unicode strings and a coroutine-based event loop, and never get any actual work done. so i'm staying with C until those things get into C++27 or whatever :-)

basically, C lets me lower my expectations of what the language should do

hmm, my cache directory is 42GB. isn't that meant to be automatically pruned?

er, ccache directory

lw: uh...how are you getting those features in C?

i'm not, but in C i just don't expect them. in C++ i do since it's a better language and should do these things. :-D

(i know people are working on both of these things, they just aren't in yet)

lw: Well, the standard defines coroutines since C++20 which is ~4 years old now. I don't know much about Unicode so can't help you there.

If the compiler you're using isn't keeping up with the standard...well, can't help with that either.

yeah, it has coroutines, but you have to bring your own coroutine context, event loop, etc. i've implemented this myself at least partly but it's a huge amount of complex code and i never got around to finishing it

and none of the existing implementations i looked at really seemed very nice

kenrap: that is a good idea, i think the best way is to update a file and make a commit.. for each file... will save the smarter people latest of trouble

is there any downside of having rctl enabled? or why is the default that rctl is disabled?

kevans: playing around with netlink, it seems like bringing an interface up also generates RTM_NEWLINK. i wonder if this is supposed to be an 'interface was modified' event rather than specifically a new interface?

lw: git --rebase will require me to read a few times... i came tot he conclucion, makes sense.. multiple people are doing changes.. sometimes you want to commit a subset of yours, while someone else is working on it. BUt be careful rebase is not the holy grail.. it can be schrubbery and a black knight with no legs.. if not careful

the git/scm handbook.. oh boy

voy4g3r2: in this case it's not really that different from merge. the main difference is instead of the history being [old commits]-[your commits]-[merge commit]-[new commits], it becomes [old commits]-[new commits]-[your comments] - i.e. it reapplies your commits on top of the new commits, as if you'd done it that way to begin with

yeah.. i need to reread, that was not sticking in my brain

imagine it plucks your commits out of the history and puts them back at the top of the history

so your commits are always the latest commits on the branch, even when people have pushed new commits since then

yeah, rebase is just cherry-pick underneath

voy4g3r2: this might help, maybe it's easier to follow than the git manual: git-rebase.io

Title: Learn to change history with git rebase!

ah, so i can have commits over days/weeks and other people are doing their work.. and i go, well there stuff is cool.. so let me add to mine and make a pretty hisetory instead of a merge/branch nightmware

yeah, exactly

when you submit a PR you want your commits to be the latest commits on the branch, that's what rebase does

(it can also do a lot of other useful things, but this is the most important)

(well, until you start doing squash / fixup)

ah and in that PR history, it shows (which i was trying to do) a rebase

and me making a mess of things :)

rebases don't show in the PR history at all because they're invisible in the history, what shows in your PR is a merge

ah, i did try the rebase functionality in github and was like.. yeah i think this looks worse.. but i am nieve in this area to be quite honest

a merge being like a history entry that explicitly merges two branches together: your branch and the new upstream branch

i am just pushing forward as these man pages need to be cleaned and i am NOT looking forward to

"relearn" C :)

i wouldn't worry about this too much because it's possible for someone else to fix it, but it's worth learning at some point :-)

(since many projects expect PRs to be submitted this way)

yeah and i am starting to see why upstream is better to work on than 14

you could actually make changes on 14 and rebase them onto main if you wanted (but i don't suggest doing that, always easier to work on current)

because a few of these man pages do not make sense, as current has changed/modified/refined a lot of stuff.. so it will always be a chicken and egg thing

fwiw, if you decide to split these into separate commits, and you can identify which commits should be backported to 14 or 13, you can include 'MFC after: 2 weeks' in the commit message to indicate that

(this is one benefit of more, smaller commits)

ah, yeah i may look at that.. when work decides to STOP throwing meetings on my calendar... thankfully european collegues go home in 3 hours :)

i guess one last one.. i made a jail for this work (to minimize screwing up my server), i can just pull the -CURRENT branch even though working on 14.0.. and use the mandoc utility to "build" the man pages for a sanity check?

yuripv was making a few references to mandoc.. even found a bug in the html output vs man page output and links..

you can try 'man ./manpage.1' but i'm not sure how you'd go about using the current mandoc on 14, i've never tried that

i really do not understand rtnetlink(4)... i'm subscribing to RTM_NEWLINK and i want to get IFLA_IFNAME in the message, how do i tell the kernel that?

ah, apparently you get this by default

how do i print aligned columns of data with libxo, without having to calculate padding myself? i can't seem to find anything about this in the documentation

@lw use column -t

i mean from C

it seems like using {Vh:} prevens padding from working... so {Vh:somevalue/%-30d} won't be padded

ah ok so you need to do it like this: "{[:8}{Vhn,hn-decimal,hn-1000:txrate/%ju}b/s{]:}"

lw: netlink messages apparently have flags that `route monitor` doesn't dump, what do those look like for all of these?

just digging through the kernel it's a little annoying to trace down how and whene these are generated

when, even

kevans: nlmsg_flags is 0 for all the messages

yeah I don't see how these are useful

kevans: tried printing out a couple more fields, there are a lot of different flag-type fields here le-fay.org/tmp/30d/YEewO6.txt

ifi_flags is presumably the flags ifconfig prints, i'm not sure what ifi_change is

nimaje: rctl is for resource management right? it's prollydisabled by default as not everyone uses it?

does anyone run thin jails inside thick jails? and i wonder what the overhead cost is for the middle jail?

alepzi-: but being enabled by default would make it easier to start using it and if it doesn't really have costs having it enabled, then that seems like a better default, so I'm asking for the costs that has, because I don't really expect costs from merely enabling it

nimaje: i agree.

github.com/freebsd/freebsd-src/blob/HEAD/sys/kern/kern_racct.c#L68

Title: freebsd-src/sys/kern/kern_racct.c at dfe30e41967f9b5112c42ca20ec2c366db74cef9 · freebsd/freebsd-src · GitHub

that's the default in all KERNCONFs

otoh, if we move people over to MINIMAL, they'd get used to adding stuff to loader.conf so it wouldn't feel like that big a deal

but why enable it if it's not in use?

just because it's easier to start using it? that's called proper configuration which isn't even hard

meena: if you want to get ppl to WANT to go to MINIMAL, do some serious benchmarks or whatever that shows it has a benefit

either reduced attack surface, better perf, etc

why isn't there a loader tuneable for ulimit and default that to disabled? most people don't set ulimits

alepzi-: MINIMAL boots significantly faster, for one.

but still, it would be nice if these things could be enabled without a reboot

I don't even see why it needs a tuneable, do I miss some costs of enabling rctl there?

alepzi-: a jail just existing doesn't really have all that much overhead on its own

lw: what a mess... hopefully melifaro can shed some light

kevans: a thick jail has atleast the disk requirement of a full base which is what, 1GB?

vs a thin jail zfs template clone which is basically 0

sure

then there's runtime cost, is there any ram or cpu overhead to a jail layer?

nothing significant; unless you're running closer to the order of thousands of these, I'd be surprised if you notice any impact

struct prison is relatively light, it has to be maintained in the allprison list just like any other

maybe 1% cpu and ram overhead vs running the binary in the host directly?

should be <<1% and nesting shouldn't add any addiional overhead

what's struct prison?

wow that low? that's almost free

yeah, I'd probably estimate lower as well... we don't exactly spend a lot of our time searching jails

struct prison is the internal representation of a jail

any potential footguns i should be aware of if i'm putting thin jails in thick jails?

On a Gentoo system I am able to mix "stable" with "testing" packages. Can I achieve this somehow with FreeBSD ports? Basically try mixing quarterly with latest via poudriere somehow?

By packages, I mean ports.

beastwick: that's not really how we roll…

but sure, you can duplicate the repo definition and have Fbsd-quarterly and Fbsd-latest and then run into all kinds of pain

Does anyone know if it is possible in FreeBSD to send raw commands to a ps2 port?

well, latest isn't really "testing" stuff that is in the ports tree should work, quarterly is just that you have less versions jumps and at more predicable times

but you could try building stuff from quarterly and cherry-picking from latest

On linux raw ps2 port voodoo is sort of possible in a very roundabout way by enabling serio_raw (which effectively disables atkbd), send the command to /dev/serio_raw and then remap the bus to atkbd ... i think on FreeBSD kbdcontrol can be similarly used to attach/detach a keyboard, but i'm not seeing an an obvious equivalent of serio_raw

jns: what does that achieve

Curious, does anyone here run quarterly userland, but also use a jail for certain "latest" packages? Is this a viable approach? I am split on running mostly quarterly with some cherry picking, or using a jail. My goal is to minimize manual work. If I cherry pick, I have to manually build against installed dependencies. I say to my self, it will only be for a small set of software, but truthfully -

it tends to grow.

or am I thinking about this wrong?

why not using the official pkg repo? then it shouldn't matter that much on the manual work side if you use quarterly or latest

nimaje I want to use mostly quarterly, but "backport" if you will some latest packages, just was curious if a jail could help me out here

depends, for the normal usecase of jails, putting services in a seperate system it should work perfectly fine

beastwick: latest packages are "backported" quite frequently, if there's serious bugs or security issues

see, freshbsd.org/freebsd/ports/branch/main?q=MFH

Title: FreeBSD / ports - FreshBSD

meena: what does what achieve?

jns: the thing you're describing. can you go a level above. what are you trying to advice

oh, sure,.. i have a rather exotic keyboard, it has a built-in vfd display, controlled with ps2 commands, and over 100 individually controllable led's and such... (and a bunch of extra keys)

i managed to make the extra keys scannable by slightly modifying the atkbd kernel driver, but that doesn't really help me with the extra leds or display

am i wasting my time if i try to get bhyve on bsd box.. to get -CURRENt operational?

meena: on linux i used to use this little script to write text to the display: linkerror.com/stuff/vfdwrite.sh.txt -- obviously won't work on FreeBSD because there's no raw serio, at last not as far as i know -- i just wanted to confirm i'm right about that, really... I'll probably end up having to write a driver

ls

err don't mind me

voy4g3r2: bhyve should work fine and running a freebsd vm with it should be easier than to run an android-x86 vm with it, do you have any problems?

Hello all, after installing Docker on FreeBSD 14, how do I start the Docker daemon?

nimaje: that is good to know

service docker start doesn't seem to start the daemon

signalblue: anything in logs?

meena: docker does not exist in /etc/rc.d or the local startup directories (/usr/local/etc/rc.d), or is not executable

that is the result of service start docker

hm, it only has bin/docker maybe it works without a daemon?

how so?

ah, it has an install message, you need docker-machine too, could be added in the pkg-descr too, so that people are more likely to see it

but that one too brings only an executable and no documentation, so no idea how it is used

nimaje: I assume you do not use Docker

Anyone happen to run OpenHAB on a Raspberry Pi? I swtich pkg to Latest to install 4.1.0, but there is a issue with com.sun.jnathat has no freebsd aarch64 support, only x86 and x86-64 from what I can tell from the log

pkg quaterly only has 2.5.something

I don't use docker, I just looked what these ports build and install

weust: how is Java not pursuing aarch64 Tier 1 support? isn't it supposed to be running on 14 billion devices, most of which are phones and most of which, by now, are aarch64?

signalblue: the pkg-message for docker mentions only installing the client, which can talk to remote host's daemons.

meena: it's supported arm64 for ages, maybe just not on freebsd?

lw: maybe

What's the main difference between /usr/local/man and /usr/local/share/man?

_xor: the first shouldn't exist

anything installed in there is a ports bug

i think this was a bit unstandardised until recently though?

any potential footguns i should be aware of if i'm putting thin jails inside thick jails?

Don't know, but I was just refreshing my memory on port macros related to man pages. During that process I noticed /usr/local/man and /usr/local/share/man, and wondered what the difference was.

I have a bunch of files in /usr/local/man/*, looking up which ports put them there currently. Apparently, samba is one of them.

alepzi: you will consume more space than thin jails :)

doas, sudo, pkg ,etc. Bunch of ports.

Are you sure that it's /usr/local/man that's not supposed to exist?

_xor: the adventures of man pages :)

_xor: i'm fairly sure but i can't find where i saw that now

meena: java, imo, lost cross-platform when it started to ass architecture specific code

but, in this case I see OS's like win and, of course, linux with aarch64 included. and MacOS

ass architecture