we have a new contender for easiest-to-test-ports: www/darkhttpd

dependencies: none <3

jbo: well sure, if you want to play ports in easy mode

lw, let me have this one, okay? **schnipp**

at least I don't bitch around about being a maintainer :p

jbo: fine, this is okay to commit

triggered >:D

lw ircII is like irssi

?

not really, except in the sense they're both command-line irc clients

although irssi was (i believe) intended to be a "better ircII", so i suppose they work sort of similarly

they stop developin irssi

?

i don't think so? i don't follow irssi development at all thoug

h

ko

ok

and what about ircII

i don't use original ircII either... last i looked their website was down though so development may have stopped there. ircII-EPIC is a separate fork

what would you use to benchmark a CPU that runs on FreeBSD and macOS? something like prime95? doesn't need to be a super in-depth benchmark, just a basic number is okay

math/primegen maybe

openssl speed

rtprio: not a bad idea but is there a way to force it not to use hardware crypto support?

you can specify a provider?

or engine

ok, do you know what the engine for software crypto is called off hand?

no, i've not used it

Could someone help me diagnose why my NFSv4 mount isn't working please? Server is FreeBSD 13, client is FreeBSD 14. I get "RPC: Authentication error; why = Client credential too weak" when not root, and " Operation not permitted" (client) / "mountd[1924]: mount request denied" (server)

I would like to be able to access this NFS share from two separate hosts, with different user IDs (but same username). I believe NFSv4 can help with this.

what are your export lines

and is there any more info from mound

mountd*

ShinyCyril: show /etc/exports on the server, /etc/fstab on the client, and /etc/rc.conf on both the server and the client

but in reply to your second question - no, NFSv4 does not help with that, although you would think that it would

it only does the username->uid mapping for writes, not reads, which means if the client uid doesn't match the server uid, you'll be able to create files, but when you try to read them, they'll have the wrong uid

actually maybe i have that backwards, it's for reads, not writes... but in any case you still need the UIDs to match on both sides for things to work properly

i *think* using Kerberos (sec=krb5) fixes this, but it's been a while since i tested that, i just use LDAP for passwd now to avoid the problem entirely

i honestly wondering if that NFSv4 issue is a FreeBSD bug, because i'm sure i remember this working correctly on Solaris... but it's probably been 15 years since i tested that, so who knows

i need to up my nfs game. still using nfsv3. kerberos might be nice?

rtprio: i use Kerberos (with NFsv4) everywhere and love it

using security/krb5 (MIT Kerberos) which can store the KDC data in OpenLDAP, so it's automatically replicated across all my LDAP servers

if you're still using NFsv3, at least upgrade to NFsv4 for the protocol enhancements like not requiring portmapper or mountd

makes firewalling much easier

sorry had to step away for sec. Export line is "V4: /nfs/media" (just trying to get _something_ working first). No fstab on the client, just trying to mount with "mount_nfs 192.168.1.2:/mnt/media ~/media"

Server rc.conf:

rpcbind_enable="YES"

nfs_server_enable="YES"

nfsv4_server_enable="YES"

mountd_enable="YES"

nfsuserd_enable="YES"

Client rc.conf:

nfs_client_enable="YES"

ShinyCyril: the V4: line by itself does not export any filesystems, it just defines the V4 root

you need something like

V4: /data -sec=sys:krb5:krb5i:krb5p -network 2001:8b0:aab5::/48

/data/www -sec=krb5:krb5i:krb5p -ro thyme.eden.le-fay.org

/data/home -sec=krb5p -network 2001:8b0:aab5::/48

then in case case you would mount server:/www or server:/home on the client

s/in case case/in this case/

lw: good to know - thanks!

(because the NFSv4 root here is '/data', the export of /data/www becomes /www from the client's point of view)

lw: tbqh i'm aware of kerberos but don't quite understnd what it does in the nfs context.

rtprio: 1) it uses the client user's Kerberos ticket to determine their identity, so the numeric uid's don't need to match, 2) it uses Kerberos encryption to encrypt and authehticate NFS traffic on the wire (you can also do this with IPSec or, in very recent systems, TLS)

so a rando on my subnet will no longer able to mount my exports?

that sounds like a good idea

correct

I'm thinking NFS might not be the right approach here. I really just want to set up a simple fileshare between a couple of hosts on my home network. Having hard-coded credentials would be fine - can I accomplish this with NFS, or should I be looking at SMB?

rtptio: if you export to a subnet with sec=krb5, anyone on the subnet can still mount, but they need a Kerberos ticket first

but are you using nfs with just host credentials or with per user credentials?

crest: if you're asking me, mostly per-user credentials, i have one or two mounts using host credentials

remember that mounting the file system is done on behalf of the client not any use on the client

ShinyCyril: can you not re-number one of the clients?

actually let me just check, I'm the only user on my MacBook, so I might be in luck. Depends how they start there id/gids

ShinyCyril: i do not recommend SMB on FreeBSD, the in-kernel SMB client is ancient and useless (it only supports SMBv1) so you'd be relying on a FUSE client, if that even exists

(that's what i would do in this case; and have done in the past)

ShinyCyril: although if you're exporting from FreeBSD to macOS/Linux/Windows clients, SMB is probably fine

I could probably change my uid on macOS. Maybe better to change my uid on FreeBSD - less likely to cause unintended consequences :)

same process on either; vipw and edit the group file; re-chown everything; reboot and log back in

got it

macOS does not put normal users in /etc/master.passwd so vipw is not going to help there

i recently changed my uid on macOS, which i did by adding a new admin user, logging in as that user, changing my other user's uid in the OpenDirectory admin tool, find | chown, then logging in as the original user again, and it seemed to work ok

iirc there's user editor which had advanced mode and you could update the uid/gid

lw: it used to

i swear

rtprio: i'm not a macOS expect so it's quite possible such tool exists and i just don't know about it

you could probably do it with dscl?

i guess that's the command-line version of the OpenDirectory admin too, but it's so horrible to use i'd just do it with the GUI

s/too/tool

lw im getting this error

/usr/local/lib/hexchat/plugins/python.so: Undefined symbol "PyCapsule_Type"

/usr/local/lib/hexchat/plugins/perl.so: Undefined symbol "PL_current_context"

warsoul: sorry, i have never used hexchat and know nothing about it

ok

thanks mate

lw how i can see if i have python installed in my system?

pkg info|grep python

lw thanks

lw

jay bee oh

never mind - I just did it (wanted to ask, but then... you didn't respond)

here we go again

what did you do

what have you done, omg

you know _exactly_

you've ruined everything

YOU did ruin everything

telling me how to use wine and all that...

real classic bitch move, lw. not proud my friend.

oh you're playing factorio again

ssssshh

we call it "using wine"

running out of iron in a death world is no picnic

rail world > death world

i always play with enemies off, they're just boring by mid game

meh, railworld is just normal but more distance and no expansion

hence death world, my friend

real _men_ play deathworld ;)

he who should know

.__.

jbo: fancy an easy ports commit?

no testporting required!

i've not tried deathworld

ribbon world i got about half way through

i'm playing with RSO at the moment which aiui, on the default setting, is somewhat like Railworld

what is the T flag in a set of permissions? d-w-r-xr-T

crb: lowercase 't' is usually a setuid directory, e.g. /tmp. i think uppercase T is used when the directory is setuid but some other permissions are missing

d-w-r-xr-T is an extremely odd set of permissions, which would explain that

its on /homes/crb/.cache/gnome-control-center which is an empty directory

that sounds like a broken program

ok, i tested it: uppercase T means the directory is setuid, but the other-x flag is missing

... which makes no sense and is certainly the result of some program bug

yep probably thank you!

lw what's up?

lw, ping

Hi People

I recently purchased an eight terabyte external USB drive. I was going to keep it as exFAT but decided to change it to UFS.

This is the first external drive I have had that will be dedicated to a FreeBSD computer.

Does this look right:

sudo dd if=/dev/zero of=/dev/da0 count=1

sudo gpart destroy -F /dev/da0

sudo gpart create -s GPT /dev/da0

sudo gpart add -t freebsd-ufs -l ISDi0A_8T -a 4k /dev/da0

sudo newfs -L ISDi0A_8T /dev/da0

(I figured six lines were OK to paste in channel )

You want to run the newfs on the partition device, not the disk device.

would that be: /dev/da0p1 or /dev/da0s1?

da0p1 it looks like.

cracauer: Thanks.

Outside of FreeBSD installers, this is the first time I have formatted a disk as UFS using FreeBSD.

When I set -a alignment I normally align to 1M boundaries rather than 4k boundaries. Perhaps 1M alignment is more conservative than needed for a USB disk though.

If looking to see what slices/partitions were created by the gpart add action I would simply list the new device nodes created: ls /dev/da0*

Also I find using "geom -t" to produce a nice readable display of the logical structure of the disks, device nodes, and type.

rwp: I'll make a note of both of those.

I thought the -N flag would show me what would be created.

Another tidbit about the kernel is that it removes alternate paths to a device node that can no longer be used. Meaning that if a device has a partition path, a label path, a gpt/label path then all three paths are initially created. But as soon as one attaches to, say, a gpt/label then the other alternate paths are immediately removed, since they cannot be used at the same time as the others.

rwp: What are some situations where it would be useful to see the geometry the way geom -t shows it?

That's helpful but often confusing behavior because one moment /dev/ada0p1 is there and the next moment it is not, removed because I mounted /dev/gpt/zfs1 and so the other paths were disabled.

This removal process is just for that boot, right?

I think I have experienced something like that before.

Everything resets upon the next boot. Also if the device is free'd up then the devices appear again too. But making a device free again can be tricky and often a reboot is the best way to test that all is going to work okay on the next reboot anyway.

So I like the tree structure that geom -t displays. And it shows the gpt/label that I have assigned. When possible I suggest using the gpt/label. Here on my larger disk arrays (6x disks) I set the serial number of the drives as the gpt/z0K1G42J7B type of gpt labels so that I can match failures to a particular drive.

The assignment of the /dev/da3p2 type of device names is not persistent as disks are moved around in a system. Meaning that later on if one has a disk problem with da3p2 it might be difficult to tell which drive that actually was before.

Sure if it is alive on the system then one can "smartctl -i /dev/da3" and query the drive for it's data. But if it is removed then you already have to know or it is too late to query it.

new freebsd user, not a lot of technical experience. I've successuflly installed windows10 in a vm-bhyve guest. I'm using TigerVNC viewer to connect. I'm trying to increase resolution to 1900x1200 with no luck. There are not any options to adjust in TigerVNC viewer and I've added graphics_res="1920x1200" to windows.conf. Any suggesitons on how to view the windows guest in something other than default 800x600?

mvee, if you already created the VM make sure that you actually edit the .conf file of the VM itself, not the windows.conf template

jbo: That worked! Thank you!

mvee, happy to help!

mvee, generally, I would also recommend you to use RDP. it works much, much better than VNC for most scenarios.

jbo: I've seen that mentioned a few times in the Forums during my troubleshooting today. Folks in there say the same as you

Once I'm comfortable with how to set up the guest vm's, I intend to branch out more

it has nothing to do with whether it's a VM or not

the same applies if you windows is located somewhere else on bare metal hardware.

Vm's would be the only use for now, I have one laptop

still irrelevant. it was a recommendation that applies outside of the context of VM or non-VM

Ok, maybe I don't understand what it is. Is it software for viewing remote content?

yes, similar to VNC

just a lot more capable if you actually have a desktop

I understand, what I was saying is, the only thing I would need to view at the moment are any vm's I create

I have one laptop no content anywhere else locally or remote

mvee: the vnc in bhyve is more designed as a console and less as a means for commonly interacting with the vm

rtprio: using RDP improves the interaction with a bhyve vm?

yes, it would. you could do vnc too, but i would run vnc on the host itself rather than via bhyve for performance reasons

ah, I see. makes sense.

jbo: wasn't trying to be difficult, but I think I understand what you were saying. I appreicate the help

all good

Anybody knows sound and could help me get my laptop speakers working? Headphone out works. Dmesg and friends in here: forums.freebsd.org/threads/my-turn-…adphone-out-does.92565/#post-645530

Title: My turn for "speakers not working although headphone out does" | The FreeBSD Forums

lw, ping

cracauer, I saw that post of yours today and had to giggle.

cracauer, the laptop I'm using since 2020 also has no working speakers - I am still managing to just not have a look at it...

wasn't lw having some speaker / sound issues? but i think it was more complex than that.. as a DAC and external speakers were invovled.. not an internal one

i really wish i could just have neovim make all lines 80 and add a \ knowing spaces were there..

I am making a new port and for some reason upon running make it tries to install all of the ports in the ports tree alphabetically

I have no idea how my dependencies pull in a php81 php80 and such

Here is the Makefile for my port: termbin.com/vkto

What happens upon launching make: termbin.com/vkto

Wrong link I meant termbin.com/eo38

so py39-cookiecutter pulls in py39-click which is what I think caused the issue

should one classify that as a bug

hmm, I must have imagined this, but I thought I read about a tool (not sysrc) in the base system that lets you edit /boot/loader.conf.

You can do it with /bin/ed for that warm feeling of nostalgia

hehe

I think I have a script somewhere that uses ed

I have vague memories of using /bin/ed. Obviously, I'm too sober to fully repress.

I like ed(1). It makes fee like a Fully Qualified Daemonological Nerd.