i saw that freebsd-update and pkg need tcp port 80. is it actually http requests going on there to get the files or is it just using a common port?

alepzi: it's using plaintext http; public key comes pre-installed and signatures are independent of the transport medium.

alepzi: see /etc/pkg/FreeBSD.conf

nice

as for freebsd-update, not sure but i suspect its similar.

can't find the info

handbook doesn't even say what firewall rules freebsd-update and pkg need

which protocol it uses etc

anyone using freeipa client or can attest to its stability in fbsd?

alepzi: It's uses HTTP(s) ports for downloads. Outgoing 80 and 443.

tyvm!

so pkg uses http 80 and local sigs, freebsd-update uses 80 and 443 https

stdout: Hello, again! You might want to check out vermaden.wordpress.com/2024/03/06/c…-freebsd-14-0-stable-to-freeipa-idm (I found this earlier when you'd mentioned it.)

Title: Connect FreeBSD 14.0-STABLE to FreeIPA/IDM | 𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗

thanks, let me check that out

alepzi: I *think* both use fetch(1) which defaults to using http:// if no url scheme is given.

alepzi: /etc/freebsd-update.conf contains a key to authenticate the data it fetches

phryk: Yep. Doesn't really matter whether it's HTTPS or not. It's just package downloading. Secure keys are used to determine authenticity.

is there anything like proxmox for freebsd?

I think most people are using vm-bhyve and zfs datasets to manage virtual machines.

meaning the zfs dataset is trading information to the vm?

vm is creating datasets for use by the vm and allocating them to the vm and cleaning up the dataset when cleaning up the vm

Which is also what proxmox+ceph will do. It's a similar arrangement.

host zfs, host zfs has datasets for vms, vms also run their own zfs

This is the way.

should add, vms also run their own zfs (backed by its host zfs dataset)

stdout: vm-bhyve is a nice bhyve manager: github.com/churchers/vm-bhyve

Title: GitHub - churchers/vm-bhyve: Shell based, minimal dependency bhyve manager

understanding the underlying stuff is great, bhyve.. as you can pass options through vm-bhyve but it removes a lot of headaches like setting up a zfs dataset, backups and managing network settings.. the wiki is pretty good too

Guests running ZFS themselves ends up being a bit wasteful.

on the host, to be more specific.

it is almost as wasteful as trying to get haiku to load in the dang bhyve

wasteful how?

zfs everywhere is the dream

don't rob me of my dream mason

tm512: have you ever used one of these? amazon.com/Redragon-One-Handed-Mech…ofessional-Detachable/dp/B099W79T6N

Title: Amazon.com: Redragon K585 DITI One-Handed RGB Mechanical Gaming Keyboard, 42 Keys Type-C Professional Gaming Keypad w/Upgraded Hot-Swappable Socket, 7 Onboard Macro Keys & Detachable Wrist Rest : Video Games

idk if it has freebsd support but it should work as a regular keyboard

based

alepzi: Having the host maintain the ZFS on which the guests run doesn't double up buffering, for instance.

what's that mean? sorry

in unbound config, how can i make the outgoing forwarding port be 5333? i tried forward-zone: forward-addr: 1.2.3.4@5333, but that seems to be destination port, not origin port

i want queries to go to 1.2.3.4's normal 53 port, but OUT of my box on 5333 not 53

not sure if that's possible

johnjaye: never used anything like that. I don't really have a use for it

Maybe this? outgoing-port-permit:

tm512: well i'm going to try it out anyway. but i have my own use case

when unbound starts i see it make a bunch of port 53 connections to other ips for ".". what is that?

i have forward-addr set but it's not connecting to those, they're ips i don't know about

Hello

; EDE: 22 (No Reachable Authority): (at delegation shapovalov.website.)

; EDE: 23 (Network Error): (91.203.24.166:53 timed out for shapovalov.website A)

How is that so?

listening on IPv4 interface wlan0, 192.168.100.104#53

creating IPv4 interface wlan0 failed; interface ignored

WHAT?

vgaetera September 18, 2021, 5:43pm 4 Binding interfaces is asking for troubles as it can easily fail due to a race condition with netifd.

How is that so? How can I avoid that?

Jan 1 00:01:44 orangepi smtpd[1266]: rspamd: 2010/01/01 00:01:44 responding desired filters

Mar 20 09:05:21 orangepi dovecot[1125]: master: Warning: Time moved forwards by 448577183.076629 seconds - adjusting timeouts.

what is that?

flux capacitor kicking in

tykling: flux capacitor kicking in? what do you mean by that?

Back to the Future

(Dr. Emmett Brown)

ah, okay

i'm afraid that is connected with my trouble somehow

that i mentioned previously

08:29 < V-T60> listening on IPv4 interface wlan0, 192.168.100.104#53

08:29 < V-T60> creating IPv4 interface wlan0 failed; interface ignored

can someone explain what could be meant by 08:30 < V-T60> vgaetera September 18, 2021, 5:43pm 4 Binding interfaces is asking for troubles as it can easily fail due to a race condition with netifd.

how do i mitigate that?

does freebsd init system has such feature as openrc? so i could subdivide service by several diferrent levels (like boot, default, etc...)

the fact that netifd is being triggered at the same time as named is far for ideal for me...

the fact that netifd is being triggered at the same time as named is far from ideal for me...*

Hi! I have a problem with Bugzilla after updating FreeBSD 13 to FreeBSD 14. When I try to open bugzilla in a web browser, I get the following error message: bpa.st/27ZQ. checksetup.pl gives the following output: bpa.st/MDCA. /usr/local/lib/perl5/5.36 is installed, but /usr/local/lib/perl/5.32 only contains a manpage. I've removed bugzilla50 and reinstalled it, so I don't know why

Bugzilla (or Pg.so) wants the old version of libperl instead of the new one. :-/ Any suggestions?

Install own perl?

parv: Hmm, how do you mean?

stdout: there is BVCP but its not as advanced as proxmox: bhyve.npulse.net

Title: BVCP: FreeBSD Bhyve Project

Download the source; compile it; install it outside of ${LOCALBASE:/usr/local} or /usr/{bin,lib}, say in $HOME/bugz-perl?

parv: I mean, the best solution should be if I can make Bugzilla use the new version of Perl instead of the old one. Isn't there any way to make the happen? :-/

andreas303, I do not know.

parv: OK. Did you mean that I should download the source code for Bugzilla or the source code of Perl?

andreas303, Source code of Perl. Do take care supplying PREFIX to the install location (read the instructions) when starting build of of perl. After installing, put its path before any other PATH; that would be: export PATH="${HOME}/bugz-perl/<whatever>/bin:${PATH}"

parv: OK, I'll try. Thx!

andreas303, But perhaps wait for others; they may have better suggestion

parv: OK.

Around this time, people kind of disappear for 2-4 hours

parv: I see. I'll wait and see if I get any better suggestions.

how do i postpone some services to wait for other services?

Hello

how do i postpone some services to wait for other services?

V-T60: might you be interested in man.freebsd.org/cgi/man.cgi?query=rcorder%288%29&sektion= ?

Title: rcorder(8)

give this a look: docs.freebsd.org/en/articles/rc-scripting/#rcng-hookup

Title: Practical rc.d scripting in BSD | FreeBSD Documentation Portal

are there any other vm hosts than bhyve and virtualbox for freebsd?

with passthru support

Xen is the only other one, I think?

They all use the exact same hardware-accelerated virtualization method, though - so the only difference is going to be when it comes to peripheral virtualized drivers.

where is /firstboot documented?

meena: rc(8) I think ?

Hi, I have one external interface and a bridge device with an ip address on it. The external interface is not attached to the bridge. VMs and vnet jails have their interfaces attached to the bridge and traffic going out the external interfaces get nat'd with pf. Now I'm trying to replicate this netgraph just for the sake of learning and I'm sort of struggling about it. I though I would create a standalone ngeth interface and assign ip address to it and then

create a netgraph bridge hooked to the ngeth, but I'm failing to create a netgraph node that is not connected to anything. Is this even the right way of going about it?

aru, I don't know, and I only know about half of the term words you mentioned, I think your doing this to learn is very good, but perhaps trying to write that up as a documentation page would make the parts you know and the parts you don't know more obvious and then other people could understand the process better and be able to also learn it along with you and other might be able to fill in the missing parts?

[chanting loudly] Blog! Blog! Blog! Blog!

i have done nothing with netgraph. i've heard an increasing amount of chatter about illumos, and every time anyone mentions it they say, "and of course it's got Crossbow!" like with that they can conclusively rest their case. does netgraph bow crosses? i've only heard about it in the context of netflix and at least 10GbE.

so even your confusion as it stands would be enlightening to me

For example the parts above I have some understanding of is the bridge, the address assignments, NAT with pf, but then I heard ngeth interface and had never heard that term before, and netgraph I only know as documentation.

i'm assuming ng in ngeth stands for netgraph, and further that it's a netgraphy veth?

For some reason I did not split ngeth at the ng-eth part. D'oh! That's an obvious thing I did not see.

netgraphy veth is my mental image of the thing, yes

I'll try putting something together

hurray!

aru, Last year in the FreeBSD Journal Jan/Feb 2023 there was an interesting article on setting up a network lab environment. Perhaps interesting? issue.freebsdfoundation.org/publica…ion/?m=33057&i=784514&p=9&ver=html5

Title: FreeBSD Journal DE January/February 2023 9

I think something has changed with the FreeBSD Journal site because it used to be I could link to issues and then see either the HTML or the PDF of things but I can't seem to do that now or my web search fu is insufficient. So I only have that PDF issue link now which I find less good.

I found that virtual lab environment article to be pretty useful for me.

thanks, I'll take a look at that

yes thanks rwp! from a quick look, the article's setup uses stock jails with jail.conf not a jail manager, no assumption of ZFS, vnet on the jails, a pf firewall, ethernet bridging, and /usr/share/examples/jails/jib

I don't like using the jib helper utility myself. After I learned what ifconfig commands it ran I just run those ifconfig commands myself now. I felt like jib obscured the process by hiding away the details. I prefer the ifconfig commands to be plainly shown so that it is easier to learn and know what is happening.

when unbound starts i see it make a bunch of port 53 connections to other ips for ".". what is that? i have forward-addr set but it's not connecting to those ips, they're ips i don't know about

alepzi, I don't know but I might guess that unbound is getting a list of the root nameservers. Try "dig @a.root-servers.net ns ." to see the list.

Normally there is a "seed" file containing a known list of known root nameservers to bootstrap a nameserver. But that list might be stale. Just recently we had one of the name servers change addresses for example. So the nameserver will make query to get the current copy of the data. As long as at least one bootstrapping root server is available then the nameserver can bootstrap into a working state.

The manpage is wrong for wcpncpy and wcpcpy on FreeBSD 14

wcpncpy(wchar_t *s1, wchar_t *s2, size_t n)

s1 should be 'restrict'

s2 should be "const wchar_t * restrict"

my usb-uart adapter died today. its usb connector was very hot (connected to thinkpad running freebsd, other side to raspberry pi 4 running freebsd). it creeps to my mind could this have been a result of a driver bug of some sort

rwp: is there a drill command equivalent of that? i don't have dig installed

Yes. s/dig/drill/ as the syntax is compatible.

The local bootstrapping file is most often called db.root but I didn't look to see what unbound actually installed.

paulf, Please file a bug report so that it can get reviewed and updated! Thanks!

rwp any way to turn off the root nameserver stuff in unbound? i ONLY want it to forward. not do its own resolving

after some upate i have this line on the bottom of my screen windows, how can i remove that? i know its simple but i cant find the info anymore

alepzi, I have no idea. And as I said I was guessing that was what it was doing and did not really know. But it sounded like the behavior of it.

plasma, ??Line?? Are we talking "screen" the original terminal multiplexor? Or are we talking something different?

yeah screen, the other one of tmux

with time and date and the shellname and hostname

Are we talking the "hardstatus" line at the bottom? I always configure that in my ~/.screenrc file.

yeah thats what i mean

In the info page look for the "Hardstatus" "Set a window's hardstatus line" node and the documentation is there.

thx

I would look for it being turned on in your ~/.screenrc file.

Look at the /usr/local/etc/screenrc file if it is installed.

The pkg installs a /usr/local/etc/screenrc file and it contains hardstatus configuration by default. I just installed it on a fresh in order to peek and avoid my already configured system.

plasma, It looks like "hardstatus ignore" turns it off. You can try this dynamically with PREFIX-: hardstatus ignore Enter

plasma, I was able to do a ~/.screenrc local override of the pkg default /usr/local/etc/screenrc with that setting and it worked for me. (Though I prefer having my own customized status line there so I am turning it back on for me.) :-)

hardstatus ignore

turnes it off ;)

s/turnes/turns

Yes. Correct.

found this interesting article, if anyone cares

Title: Understanding GNU Screen’s hardstatus strings – kbps

Good doc page! Thanks!

rwp: no, thank you! :)

\o/

so I somehow made it work

but oh the pile of hacks

aru, I am looking forward to reading your write-up on the adventure. :-)

rwp I'll try to log an issue tonight

rwp: hopefully over the weekend

Switched to FreeBSD 14.0 recently, but now I don't get any audio playing on firefox which is really strange

parappa, Just to be clear, it was working for you before on 13?

yes, it was

I am still on 13, and sound from firefox is working for me, so I don't have any suggestions. I will wait eagerly for other ideas from people who are running 14.

I see, thanks!

could be SNDIO related, check about:config for media.cubeb.backend and if it's set to sndio switch it to OSS REF forums.freebsd.org/threads/upgraded…and-now-no-audio.88717/#post-622975 && bugs.freebsd.org/bugzilla/show_bug.cgi?id=270642#c3

Title: Upgraded Firefox and now no audio | The FreeBSD Forums

if I'm not mistaken, sndio is the default now for Firefox

just checked, i see nothing regarding cubeb.backend

like the option isn't even around

then i decided to turn on sniod and it works now

yay!!!

bonus. I just did a make configure in www/firefox and jack/pulseaudio and sndio are all selected by default

Nice

and i say this as pulseaudio public enemy #1 (i just don't like linuxisms in general)

Thanks jimmiejaz! I am noting those references down for when I upgrade to 14.1R here in a bit. :-)

I got hit with that a few months ago. I'm going to attempt to catch my current craptop on fire and replace it before updating to 14.

LMAO

it's a 2010 ASUS, bottom cover is off and it averages 85C at idle

damn that sounds quite bad

it's rough. updating via source takes nearly 2 days

yeah that makes sense

if i had a laptop that old id use packages either from the official repos or built from another computer

for the first time ever, since I first started using FreeBSD back in the 90s, it's pkgs only. But I can't kick the buildworld habit, it feels ... dirty

yeah i can feel ya

rn im just STRUGGLING when it comes to my server

i FUCKING LOST ALL THE PASSWORDS TO IT

and im lucky its from a vps provider so i can just like chroot

too bad i cant mount rw from debian rescue and that mounting ro doesnt change the server password

all my passwords are written in a couple of books, sitting on my bookcase. my root password is written in an ancient bible from the 50's that looks like it's not been touched since the 50s. Does't include what it's for, it's just one written string in a grouping of nonsense strings

jimmiejaz, The machine I am using for IRC right now is a Thinkpad x220 from 2008. It's still the best keyboard of my bunch! I have made my peace with the later island style keyboards. But my x220 is still a great machine.

parappa, So... With your VPS you can mount it and fix the passwords? Basically I just need to know if you are looking for sympathy? Or an engineered solution? I can go either way. I just need to know! :-)

agreed, I have a cheapish logitech mecanical keyboard for newer laptops, can't stand the KBDs on them. My work's Macbook air, I have no idea how anyone can use them

yeah i'm mounting it and TRYING TO FIX

but i cant seem to

I bought a new super thin laptop two years ago. I loved the size and weight of it. Super thin. 14 hours of battery life. And I absolutely HATED the keyboard. I just could not use it. I started to carry a USB keyboard to slap on top and use it that way. Which worked. But then why did I buy this super thin machine?

Since then the battery has failed completely, and replacements are currently just not available to buy. So I am back to using a Thinkpad x270 for travel now. It's got great battery life. But the newer island style keyboard. Life is a compromise.

I see, sounds cool!

I haven't had a battery in this since... 2012 I think

parappa, What's the OS involved for both host mounting and the system being rescued?

mounting is debian rescue

being rescued is freebsd 14.0

I think that's going to be problematic because to set a password we eventually need to run pwd_mkdb for the FreeBSD to update the binary password database.

so what should i be using instead then

I don't think that is possible (is it?) using a Debian system to rescue it.

i see

i mean im on a vps provider so i cant just load up a freebsd live iso

parappa: What VPS provider? With some, you can upload your own ISO.

contabo

Oh, I don't know them.

ya

I assume it is ZFS and that's how you are mounting the FreeBSD file system onto the Debian rescue image?

ufs but yeah

parappa: contabo.com/en/custom-images

I think you could compile a new password database on another FreeBSD system and then simply copy the previously compiled .db file over to the system being rescued. I think that should work.

Title: Custom Images: Deploy Anything, Anywhere!

how do i do that though rwp

and i know of the custom images but they cost

parappa: Looks like you can give them an ISO. Whether or not you can then boot your VPS with it, dunno.

and i cannot use them to rescue the system

kk

I am making this up as I go along but... If you have another FreeBSD system with a compatible account system then I would copy /etc/pw.db file from there and copy it into place on the UFS system that you seem to be able write to?

yeah, i have another system in my desktop but i dont think the account system is compatible

It would have root and that would be enough to get you a password that you know and then you could log into the system. And then you would update that again from the source files using pwd_mkdb.

parappa: Did you say you're able to mount the image read-write?

The FreeBSD disk?

no i cannot mount read-write

That's my question too. Can you write to the FreeBSD UFS disk from Debian rescue? If not then this is always going to be the wrong path.

i cannot

i guess its clonezilla then

i never used clonezilla

parappa: Something I've done...

Then this is always going to be the wrong path. Must reverse out and try something different. Boot a FreeBSD ISO image, mount it there, then fix it that way.

You can run a FreeBSD VM and point your disk at it.

wdym wiht htat

its not a server i have phyiscal access to

parappa: You can boot Debian. So, see if you can get a VM going inside of Debian. With a FreeBSD VM that has your VPS disk attached as a second disk, you can go in and modify things.

I am not familiar with contabo but most VPS providers allow booting from other block storage devices.

mason, That's brilliant! I like it.

i see

but i have no block storage ar all

you have to pay for that and i havent paid for that

parappa: You've got a "hard drive" that you boot from. But if you can boot from Debian rescue, you're not booting from your hard drive, but you have it available.

so what do i do then

How about another option. You can access the data using Debian's rescue boot. Can you just back up all of the data you care about, get everything backed up, then discard the server and start a new one?

yeah that was whast i was planning

Depends a bit on the Debian rescue environment. If you can install packages, then you can proceed.

Ah, that'd work too.

fucked up FUCKED UO

Pull down your root partition, modify locally, push it back up and write it.

wdym with that

cipoy it all to desktop then restart server?

This is one of those problems where there are a dozen solutions all different but all of them will take some work but can be done okay.

parappa: Moving around partitions is probably the most dangerous idea.

parappa: Looks like they offer different options for what rescue media you boot. FreeBSD isn't one of them?

parappa: Some ideas if you want to follow the VM route: wiki.freebsd.org/powerpc/QEMU#Linux_host

Title: powerpc/QEMU - FreeBSD Wiki

yeah itsw not

out of curiosity, does your VPS provider provide you with the full FreeBSD boot menu?

no idea

I like the idea of backing up files first regardless of the other solutions forward. It's just safer to have a full backup!

yeah im gonna do that

cant do anything else anwyay

parappa: In that wiki article, where it talks about booting the installer disk, in addition to the qcow you'll also point it to your "real" disk.

parappa: Also: passwords in a password safe - keepassx or something.

i literally use keepassxc already

parappa: Another article that is a little more focussed, on booting a FreeBSD VM: sethops1.net/post/run-f

That was cut off. Meant: sethops1.net/post/run-freebsd-in-qemu-on-linux

Title: run freebsd in qemu on linux

shit would be so much better if i just made multiple password files instead of just keeping one all the time

If you could write to the disk the other option would be to install an ssh key to allow you to log in using ssh keys rather than passwords. That's much safer than my crazy insane idea to copy over a pw.db file. Just had to mention this before I forgot again.

So, again in that one, point it to both the FreeBSD image and your "disk"

yeah i really should have started doing ssh key signins

idk why i did that one right back when i used debian server

It's a typical situation. It's the type we say that you got the test first and the lesson second. A lot of things are like that. It's a learning experience. We have all been there ourselves. Many times!

yeah. absolutely fucking hate it whenever i lose passwords though.

i got REALLY LUCKY the last time

becaues back then i still backed up to another second system as opposed to just external drive

now i no longer have that device and OF COURSE I forget to back it up as i stop using windows

what is it about windwos that i always lose data whenver i get out of it

and always switch to it ewhen i lose data

i heard that contabo is definitely not recommended for freebsd installations, partly for the reason you cite that you cannot mount your own ISO without their system automatically wiping your disk