rtprio: first thing i do for any irc client

ZedHedTed: the counter to the one that joins, asks, and leaves is the one who sits patiently waiting, but only one person responds, and they answer every question with another question.

And there, there's me. I came in in 2019 with a question and never left. :-)

same, but 1999 or so

n/28

wrong window :(

too many windows, nms

too many

i'm getting stuck. i have zfs on root, mirrored, nda0 and ada0, booting from nda0p1 (efi). i need to be able to boot from ada0p1 so i can zfs replace nda0 with a new drive.

`dd if=/dev/nda0p1 of=/dev/ada0p1 bs=1m` << seems like that should put the necessary bootcode where it needs to be.

`efibootmgr -a -c -l /boot/loader.efi -L efi-new` gives me an error "efibootmgr: Cannot translate unix loader path '\boot\loader.efi' to UEFI: No such file or directory"

forgive me for rubberducking, but here we go. `mount -t msdos /dev/ada0p1 /mnt` so i have access to the actual loader bin. then `efibootmgr -a -c -l /mnt/efi/boot/BOOTx64.efi -L efi-new` and it seems there's a new entry now. time to reboot, swap nvme, and hope i boot into ada0

we're booting!

I installed a network card (PCIe) some time ago, but can't seem to get it online, even though the card itself gets recognized by FreeBSD just fine. Anyone knows why? Card in question is igb0@pci0:2:0:0, Intel I210 Gigabit Network Card.

But even assigning an IP or even DHCP won't make it connect.

remiliascarlet: what does your /etc/rc.conf have for the card?

voy4g3r2: ifconfig_re0="DHCP" and ifconfig_igb0="DHCP"

the realtek one works.. but the igb0 one does not?

Yes.

and ifconfig igb0 shows anything?

i take it you ahve done this stuff already, probably

voy4g3r2: Yes, ifconfig igb0 shows the flags, options, the MAC address, media type, and status as "active", but no IP address.

scoobybejesus: that was a fun experience.. i just did something similar myself but went from ada0 to nvme

remiliascarlet: last question, does it work if you have a static ip address?

something like this: dpaste.org/4b84h

Title: dpaste/4b84h (Plain Text)

this is my rc.conf related to network

voy4g3r2: As I already said, it doesn't. Neither static nor DHCP.

voy4g3r2: Just curious, what does "cloned_interfaces" exactly do?

Just to check if my assumption is correct.

Also, is "netmastk" a typo?

it is setting up virtual nics for bhyve and jails

Oh, so not what I thought.

so it will make "copies" of re0 for use in the subsystems and bridge them

and i have a typo.. errr

I was expecting something like "in case network card 1 fails, automatically switch to network card 2".

i am not sure if you can do that

the context i was helped with, make epair (jails) tap (bhyve)

If you could, it would be really useful.

so i can have 2 bhyve instances running at once and a jail running

if you want more that add more :)

and i am not 100% sure why your situation is happening but figure maybe showing mine would spark an idea

I don't really have any usecase for jails myself.

i started doing my manual pages craziness with a jail then transitioned to bhyve when it made more sense to do that work in a -CURRENT instance

since my base is 14.0 can not make a jail that is higher than base

with bhyve i was even thinking of trying haiku

Maybe the one usecase I can think of would be to put Steam in a jail, but Steam doesn't even work on FreeBSD without a jail to begin with anyway.

or plan9front keeps coming up in my youtube stuff

i have thought about doing a jail for my git server

right now i am just using a git user and a spot on zfs

and for some reason my bhyve instance lags when i try to commit to git

too many ideas, not enough time

I tried both. Haiku installs in under a few seconds, but crashes a few minutes in after installation. And 9front has the issue that I can't get my mouse working no matter what, and the OS is a mouse centric system.

a very "weird" mouse centric system at that

the concept is quite neat but it is like.. what use case

and be was just awesome .. so there is that

does anyone know of a way to "figure out" if a package is a contrib package in base without going to each file?

i was thinking that everything in contrib/ would be the whole thing.. but that is clearly not an all inclusive list

wiki.freebsd.org/ContribSoftware <-- not really sure if this is even accurate

Title: ContribSoftware - FreeBSD Wiki

voy4g3r2: contrib/, sys/contrib, crypto/

oh, and sys/cddl, sys/gnu

and cddl/

kevans: thank you!! perl scripts are now being updated..

and one wonders, why i did NOT ask that question earlier :)

remiliascarlet: man.freebsd.org/cgi/man.cgi?query=lagg&sektion=4&format=html <-- this looks like how you could do "aggregation" of network connections.. but i do not think it oculd work with that bridge thing.. tap0 epair0 stuff

Title: lagg(4)

stupid question, how many jails is too much jails ?

I'm currently hosting 50+ webapps and I was wondering about the feasability of having one jail per webapp

(currently I have one jail for Python webapps, one jail for Ruby webapps, one jail for PHP webapps, etc)

it would ease deployment of those webapps as I was planning to have one zfs dataset per webapp, so the plan is to create a new zfs dataset on the "build" machine, build stuff, and simply use zfs send/recv to redeploy

mage: beyond the environments using different technology stacks are they all using the same web server? as in nginx or apache or whatever?

the first thing that pops in my head.. that is a lot of jails to manage.. where the main focal points are 3 technology stacks

I have a laptop with a Intel Graphics Iris Xe on a 12th gen i7 system

(frame.work) it doesnt detect and when I load i915kms it hard locks

Is this a known issue?

JohnGalt, has been encountered before - yes

voy4g3r2: I don't know, but I don't blame you for asking (it's a mess) or for not realizing these other directories are generally contrib (who isn't going to be blindsided by crypto/ being contrib?) :-)

JohnGalt, FreeBSD & DRM versions?

kevans, I was just thinking of you :>

kevans, any news on the newlib efforts? :D

mage: 999999 is too many jails

jbo: no, sorry; trying to push through this last bit of effort to wrap up my ecc branch

kevans, no need to apologise :o

I'll just be salty about it :>

voy4g3r2: did you come to learn anything about nvd vs nda vs nvme? my drive is an nvme that i'm replacing, but i don't understand why i see nvme0, nda0, and nvd0 in /dev, and in `zpool status`, `geom disk list`, and `gpart show` it uses nda0

if there is a resource to read about these, that summarizes a comparison with notable points, that might be super useful

jbo: heh :-)

if this ecc branch hadn't just reached its three year anniversary I'd be more than happy to deprioritize it, but I do want to get it out of my local tree

kevans, fully understood :)

kevans, curiosity: ecc?

Title: Elliptic-curve cryptography - Wikipedia

as an alternative to RSA for signing

kevans, so ed25519 et al?

yeah

kevans, what exactly are you working on?

pkg

ah, that is nice. I'll gladly nuke my RSA keys

kevans, you wouldn't be rolling your own crypto tho, right?

oh yeah. :-) no, not at all

scoobybejesus: i could never figure out 100% it was my understanding that nvme is the controll and nda is the drive

scoobybejesus: i used this great article from mason to help me with the clone: wiki.freebsd.org/MasonLoringBliss/ZFSandGELIbyHAND

coolio thanks for the input

Title: MasonLoringBliss/ZFSandGELIbyHAND - FreeBSD Wiki

ah awesome

and lw brain

awesome work and i got tons of onenote stuff

i started with lw and then went on what mason shared to fill in holes

i had issues with the efi partition stuff .. i had the situation where my old drive, tiw as using that efi partition and not the new one nda0

mage: 1000 jails is quite common. over that it gets less common.

What tool do do you use to manage that many jails?

sysutils/cbsd is nice for larger setups. it allows to register multiple nodes, migrate between nodes etc.

I tried to use cbsd once, but never realy got the hang of it. It looked quite complex tbh

cbsd jconstruct-tui

cbsd jstart

done :D

cbsd --help if in doubt

and docs

and author is very responsive too

oha

In that case I was probably just stupid.... xD

Does cbsd also utilises ZFS like bastille does?

yes

I once had to move an entire jails dataset to a different pool and it worked flawlessly too.

that's pretty nice

CBSD 14.0.4 was released yesterday and it now explicitly requires to have a separate dataset

so newcommers should not run into the zfs-on-root-with-cbsd issue anymore

If I remember correctly cbsd required sudo, is it possible to build it without it?

I will definitely try cbsd again :)

Hi, I have a question about openssl and x509. I'm trying to sign my intermediate ca csr by root ca. but I'm getting this error: "Signature did not match the certificate request" could anyone help me to understand what does it mean?

souji, nope, cbsd requires sudo to do it's magic. the only reason I still have sudo over doas :(

souji, main issue is that doas does not support wildcards

jbo: ahhh thats to bad

souji, cbsd/cbsd #83

Title: doas support · Issue #83 · cbsd/cbsd · GitHub

83 – System crash after abrupt end of slip session bugs.freebsd.org/bugzilla/show_bug.cgi?id=83

souji, cbsd/cbsd #536

Title: Usage of sudo · Issue #536 · cbsd/cbsd · GitHub

536 – No copyrights in usr/src/lib/libc/stdtime bugs.freebsd.org/bugzilla/show_bug.cgi?id=536

ok, I see the issue... it seems like the is no easy solution to that

spmzt_: I don't know about openssl but if you only need to do that for a development environment I can recommend the CLI tool from smallstep. I found it easier for working with certificates on the command line than openssl.

Title: GitHub - smallstep/cli: 🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

There's also easyrsa (I think that the name).

easy-rsa

souji: thank you, saw smallstep before. but for now, I need to use openssl. The error is so confusing. I can understand what a signature is in a CSR, But I can't understand what exactly is being compared to it?

spmzt_: fair enough. I'm sorry, but I also have no clue what this error refers to...

Solved. but I still can not understand why a CSR with exact same parameters and extensions generated by openssl would not do the job, but the yubikey's tool (ykman) can?!

i think i messed up. there are no empty sectors at the end of my new, bigger, disk. i just `gpart resize -i4 nda0`, and it took all the space. but i want to leave space at the end. what do i do now?

can i just destroy the partition and create a new one? it's just a partition scheme, right? nothing should be filling the second half of the disk yet.

Why wouldn't you?

If you didn't create a filesystem on the partition yet.

well, i spent 13 hours resilvering

sounds like a good time

i am replacing the disks in my mirror zroot with larger disks. this was the first disk

Oh. Yes, I did the same thing at least once.

From what I understand, deleting the partition does not delete the data. So as long as the partition starts in the same place it does now, I should be alright to delete it and recreate it a bit smaller. I hope.

Yes. And another resilver would uncover problems.

Ah true

now the device is busy. maybe i need to offline it from the pool first.

scoobybejesus: do you have a backup of your data? you can resize a partition but if anything is "off" you may lose data

i have everything already on the other (ada0) drive of the mirror that i just resilvered from. so i pulled nda0 offline, ran gpart backup ada0 | gpart restore -F nda0, and put nda0 back online. and then initiated a scrub. so far so good.

the next time i resize, i will specify a size. hopefully i get it right. gpart doesn't have a -n for a dry run

scoobybejesus: nice!

the one area that got me was making sure ebiboot knew about the other location

kevans: yeah, well maybe i should write that down somewhere.. i have gone down the freebsd wiki rabbithole and man there is just "stuff"

but it adding those directories, i found 6 more "contrib" packages that are no correctly aligned

oh look at that.. the re0 kicked me off my ssh sessions

errr!!

scoobybejesus: so the efi boot partition is all fixed now and you are just scrubbing? may i ask why a scrub? i did not do that

probably should

ssd's will do wear leveling and basically whatever they want under the hood. i had expanded the partition to larger than i wanted it. after putting the partition back how it was previously, i wanted to ensure that all the data was still in place where i left it. the scrub completed (0B repaired), so now i will put the bootcode back on nda0 and swap out ada0

well.. after i resize correctly

with such great power, requires great patience

i got sucked into that area myself

but glad you were able to get through it

i didnt know you could expand a mirror, i thought it was only a raidz

rtprio: i picked from that mason article

i did not do the mirror stuff but it had nuggets in there that helped with the efi stuff

kevans: github.com/chrisdavidson/manpages/b…b/master/tools/parse_broken_refs.pl <-- all fixed :) thanks again

Title: manpages/tools/parse_broken_refs.pl at master · chrisdavidson/manpages · GitHub

well cool

my sector size is wrong so sadly i can't expand the pool

ada6 ONLINE 0 0 0 block size: 512B configured, 4096B native

(i mean i could, but the new drives would also be 4096 native)

feels great to have 932G available

I am geting bad PIN with gnupg and a yubikey with gpg when I have tested the pin on other machines and the pin is ok, also gnupg does not start a pinentry but instead prompts for a password

do you have pinentry installed?

FreeBSD 14/gpg 2.4.3

yes

/usr/local/bin/pinentry-curses

sometimes it spams gpg-agent CONFIRM 1

I was able to set the pin tries to 10, so I know the yubikey works

clearly I cant keep trying things because it blocks, and I have to unblock it

also I cant get a drm driver to load for my intel Iris Xe card, FreeBSD 14, tried loading i915kms and it hard locked