00:03:45 so i guess no swap for me because 13.3 had a bug in it 00:04:46 alepzi, Did you find a bug report on it? Sharing is caring. 00:05:37 I am running 13.2R here due to using the radeankms module out of precomiled pkg packages and those are compiled against 13.2R. 00:05:56 no https://bugs.freebsd.org/bugzilla/buglist.cgi?f1=version&o1=substring&query_format=advanced&v1=13.3 00:05:59 Title: Bug List 00:10:35 alepzi, After I fixed the /etc/fstab entry I simply rebooted. I had no reason not to and I wanted to ensure that everything worked at boot. With the fixed /etc/fstab my 13.3-RELEASE-p1 system has swap enabled okay. 00:10:57 is that the 1 that didn't have swap before but it has it now? 00:12:47 Yes. I must have missed putting anything in /etc/fstab for swap on that system. It's actually my zfs backup server so its only function is to backup my other zfs machine which is actually in use. So I never noticed that it did not have any swap configured. 00:13:10 oh what was the error you had in /etc/fstab? maybe i have the same 1 00:13:37 The error was that it was zero sized. And it had apparently been zero sized since install based upon my looking at old snapshots. 00:14:27 mind showing me the before/after for the relevant /etc/fstab line? 00:15:36 Here is how I looked at old snapshots and the fixed version of the file. https://termbin.com/i3j3 00:16:20 where does it show 0 sized and where does it show the new size? 00:16:24 the 0 0? 00:16:28 I did that for loop because I didn't think wildcards were expanded in the .zfs directory. But they are. So that for loop was silly. This works: ls -l /.zfs/snapshot/*/etc/fstab 00:17:32 In ls -l output the first column is file mode, then number of inode links, then user, group, then size. In my paste the size was 0 for them all, then datestamp month, day, year, then filename. 00:18:01 i don't understand what you're saying. so what does the working fstab line look like? 00:19:32 I showed it in https://termbin.com/i3j3 but here is a paste with nothing but the /etc/fstab file for swap here https://termbin.com/37nn 00:20:14 ok well my fstab line looks the same and it doesn't work for me so *shrug* 00:20:24 I am using geli encrypted swap using ephemeral keys. 00:20:38 ya i configured encrypted swap too 00:22:01 Here is what it shows when I swapoff, then swapon, (just to show the messages), then swapinfo. https://termbin.com/cecl 00:22:07 Do you get errors when you swapon? 00:22:47 Also for me "gmirror status" shows me the swap mirror since I am using an array so I have swap mirrored here. 00:25:29 This section covers it but for non-mirrored swap. https://docs.freebsd.org/en/books/handbook/disks/#swap-encrypting 00:25:30 Title: Chapter 20. Storage | FreeBSD Documentation Portal 00:25:59 And they do fancy stuff which I don't think is needed now since the defaults are okay. 00:52:26 when i run swapoff it says no such file or dir 01:00:53 swapon -a still says invalid parameters 02:27:40 anyone know why the encrypted swap on my host isn't working? https://termbin.com/c4yx is my host's ZFS config in bsdinstall installerconfig 02:51:33 why is it that a thick jail can run n daemons, but a thin jail can only run 1 (ONE) daemon? 02:53:15 Because if you put multiple daemons in a thin jail, it's more likely they'll conspire to escape. 02:53:35 april fools answer or for reals? 02:54:10 It's been the 2nd of April for almost 12 hours now, but it was indeed a joke. 02:57:12 "cool" 03:28:00 alepzi, There is no reason you can't put two things into a jail. But one of the goals for jails is isolation so it is divide processes up into logical modules. That's regardless of thick or thin jails. 03:29:54 ah so the advice i heard somewhere (can't remember) that thin jails should only run 1 daemon was just opinion and not a hard fact? 03:37:39 I think that is just a design choice decision. Definitely not a hard fact. 03:38:16 tyvm rwp 03:38:39 Let's get our definitions in sync though. Think jail means a non-clone dataset or regular file storage. Thin jail means a clone of a template. Right? Or something different? 03:39:18 yep 03:39:33 template being a snapshot of a base 03:40:07 https://docs.freebsd.org/en/books/handbook/jails/#jail-types 03:40:08 Title: Chapter 17. Jails and Containers | FreeBSD Documentation Portal 03:40:19 thin jails, clones of templates, can have their own state that builds up over time right? even though they start with the same immutable base 03:41:00 Thanks V_PauAmma_V as that is a good thing to have understood. 03:41:05 I think the thick jail can do pretty much anything. It's the default way to do things. 03:41:38 I think that thin jails are an optimization. Good for when one is doing something that the disk space optimization helps with. 03:42:32 But if one is running a long running jail and is upgrading the jail then over time the files from the clone that are shared will be removed and replaced. That will expand the disk space and obviate the benefit from the clone. 03:42:32 but thin jail is immutable shared base (template clone) + their own individual files/state right? because i can't see how n thin jails could be useful if they could ONLY be immutable duplicates of eachother 03:42:55 So clones are great for temporary ephemeral jails created on the spot for something and then discarded afterward. 03:43:50 The template is shared. Then cloned. The clone is a live modifiable file system. It will act like a full file system after that point. 03:45:07 what if it's never upgraded? can the base part stay immutable, and have it just build up its own state over time? 03:46:30 I think thin jails should never be upgraded. That's a design choice. It's not prevented or anything. But instead I think if upgrading the jail a new clone would be created from a new template and a new jail created and configured from it. 03:46:55 yea 03:46:56 exactly 03:49:08 And also it just is not worth creating a clone for a thin jail if preparing one jail, or even five jails, since disk space is not really a problem these days. But if creating 100 jails in parallel then that is where it is beneficial. Or creating 100 jails one after the other in sequence. 03:49:15 a template is just a snapshot of an expanded base right? 03:50:40 Correct. 03:51:21 Start with a dataset. Create a snapshot. Clone the snapshot. 03:52:33 so let's say i want to advocate fbsd and give out shells like the old days. so i expand base into dataset, snapshot, clone 1000x, then add a tiny customization to each 1 (pub key), then 1000 ppl each get a shell account on their own install 03:52:41 that sensible? 03:53:29 Uhm... Sure. I might not do it that way. But it is a valid design. It would work. 03:53:38 how would you do? 03:54:23 I just give people a login on the system without the jails. (shrug.) That's the way it has always been before jails. Works. 03:55:37 if you have to ask, its not. 03:56:08 ask what? 03:58:24 Yes, ask what? I don't understand either. 03:59:18 So alepzi here is the problem I see with the clone for 1000x shell logins for people. How do you upgrade the jail? 04:01:09 People will have their own data there. And probably would have made customizations such as installing whatever ports/pkgs they need. This makes it hard to discard the thin clone jail and then build a new jail because that would lose all of their customizations. 04:01:31 yep 04:05:21 so what if the user thin jail is configured so /home is on a network share so after blowing away thin jail and recreating, user ssh back in and their user files are still there? 04:06:03 That would be good for the user files. And if the user only installed files in $HOME/bin for example and never pkg install then that would be okay. 04:06:35 ..amazing 04:06:42 freebsd is the best OS to ever exist 04:17:24 FreeBSD is an excellent system. And it just keeps getting better. 04:17:42 But in all honesty other systems also have features which are similar. FreeBSD just has almost all of the good features in one place. 04:18:14 And ZFS is one of those killer features. Which has fledged out like a baby bird and now has left the nest and is now available on other systems. 04:18:38 When using ZFS and the ZFS feature set it is the same on the other systems that also support ZFS. 04:19:47 1 thing is freebsd needs to realize rust isn't just a meme and the hype is real. base needs to get rewritten in rust piece by piece. that would make freebsd take its lead back from linux 04:20:49 Jails and FreeBSD networking is another one of those features that I find a lot easier to work with on FreeBSD than on other systems. Can be done on other systems. But not as easily as using FreeBSD jails. 04:20:56 patches welcome 04:21:29 really? i read the mailing list thread about it a couple months ago and ppl kinda said no because it meant bundling the rust toolchain in base i think? 04:21:36 don't remember and don't totally understand 04:22:30 I am also not convinced that rust is the path to paradise. It's not without cons. 04:22:31 there's a good amount of build support required, but it's certainly feasible to integrate as an external toolchain 04:23:04 imo the people with the build-fu aren't motivated by the rust part, and the people with the rust-fu aren't motivated by the build part 04:24:06 rwp ya i hear ya but i've been learning it for a couple months and imo the hype is real. try it yourself? (not snark) 04:24:21 i mean i didn't mean that as snark, i really meant try it 04:24:38 ok maybe i can learn kevans ty for the nudge 04:25:13 one of the key points of the thread is that you won't be rewriting something incredibly load-bearing in rust to start off with 04:25:28 you kind of have to sell the benefits and ease its way in 04:25:31 ya, a tiny leaf function 04:25:35 or smth 04:29:46 I have spent time learning rust and working with rust. I admit I am not enthralled by some of the syntax. I would say I prefer Go-lang syntax better. 04:29:52 I haven't seen that in FreeBSD the big problem is memory safety. FreeBSD is a mature software base and AFAICS the main problem is not bad pointer access. 04:36:51 I think if we took the entire FreeBSD code base and if we were able to do a mechanical automated translation to rust that in the end we would have exactly what we have now. It would just be a different language. But things would pretty much be the same thing we have now. 04:38:28 there are logic bugs and stuff that fall out too tho 04:38:31 <[0x1eef]> Is Rust as fast as C in every circumstance ? Or as portable ? 04:38:48 fast ya, probably not QUITE as portable 04:38:49 yet 04:39:16 another thing is, the next gen will be doing way more rust than c or even c++ 04:39:21 so it's good for longevity 04:40:46 <[0x1eef]> True. I was studying Rust for a while. I've since switched focus to Zig instead. 04:41:29 zig seems cool 04:41:34 like it? 04:41:50 If you want to get up to speed on the rust debate then here is the start of the recent discussion. There are a lot of good points throughout the thread. https://lists.freebsd.org/archives/freebsd-hackers/2024-January/002823.html 04:41:51 Title: The Case for Rust (in the base system) 04:46:15 <[0x1eef]> Yep, so far I like it a lot. 04:47:15 nice 08:20:39 Hi guys, I'm trying to install 32-bit wine on FreeBSD 14.0 amd64. The handbook instructions https://www.freebsdhandbook.com/wine/ seem to be outdated, and I'm having a fair amount of trouble with this... is there updated documentation out there? 08:20:40 Title: Chapter 11. WINE 08:22:12 Ah, I see! 08:23:55 Ok, so I'm still having quite a lot of issues ;) It seems that wine in amd64 tries to install both 64 and 32 bit versions..? At least it asks me to run /usr/local/share/wine/pkg32.sh install wine-devel mesa-dri. Even when that is done however, I get the errors wine: could not load kernel32.dll, status c0000135. 08:25:24 Trying to pkg delete wine-devel and installing wine fails however, since the pkg32.sh script has installed a lot of stuff that pkg delete does not remove. How do I purge a wine-devel installation? 08:32:23 Figgured it out :) /usr/local/share/wine/pkg32.sh delete wine-devel mesa-dri; pkg delete wine-devel; pkg install wine; /usr/local/share/wine/pkg32.sh install wine mesa-dri. Works well now. This stuff should really be in the handbook I think. 08:37:39 So, if I understand it correctly, only wine64 is available for amd64 FreeBSD, and only 32-bit wine for i386 FreeBSD, in recent releases? 09:03:17 Hm, it seems that pkg32.sh installs a 32-bit wine with dependencies in ~/.i386-wine-pkg, but I don't know how to use this. Trying to rm -rf ~/.wine && ./.i386-wine-pkg/usr/local/bin/winecfg fails with "Make sure that your X server is running and that $DISPLAY is set correctly." The wine instructions in the handbook really needs revision... 11:17:56 dansimon: what you're referring to the handbook isn't. All official FreeBSD documentation is on doc.freebsd.org and anything else is not just out-of-date but also suspect. 11:23:25 For example, the version you're looking at predates documentation move to asciidoc+hugo as well as a whole redesign, and quite a few changes to the wine section in particular: https://cgit.freebsd.org/doc/log/documentation/content/en/books/handbook/wine 11:23:27 Title: doc - FreeBSD documentation tree 11:24:17 As for the rest, it sounds like issues with your PATH and other environment variables. 11:26:01 hey i have a question 11:26:10 what filesystem do you use for external backups? 11:26:26 just wanna know in case i break my system 11:26:49 A good backup follows a 3-2-1 strategy; 3 copies of the data, 2 different mediums (both physical as well as filesystems and online vs offline), 1 off-site. 11:28:05 To further improve your backups, read up on and implement RPO and RTO. 11:28:35 And do remember, if you don't automate testing of your backups, you don't know that they work when you need them. 11:30:15 yeah that's what ive been intending to do 11:35:54 alepzi, what makes you think Rust is just a hype? 11:36:58 According to Simon Laux from DeltaChat, switching from C to Rust is one of the best decisions for them for their core library 11:39:37 Farooq: those are two separate issues. "Rust is just a hype" is, indeed, giving it a little bit too little credit for what it's achieved in the past 8 years. 11:40:09 hmm 11:40:31 There might be actually a hype but that doesn't mean Rust is just a hype 11:40:45 Do we have an offtopic channel? 11:40:50 yeah iirc there is 11:41:08 But, a that's not what alepzi said. They said that "rust isn't just a meme and the hype is real." and that "base needs to get rewritten in rust piece by piece. that would make freebsd take its lead back from linux" 11:41:31 Linux already has Rust in the kernel. so I'm not sure we're taking any lead from them there… 11:41:56 Is there a thing in FreeBSD community to not steal stuff from Linux? 11:42:06 Like it's bad to take leads from Linux? 11:42:15 anyway, comparing DeltaChat (a mail based messenger) to an operating system is a non-starter. 11:42:41 I was trying to argue that Rust is not just a hype 11:42:49 And that it's useful in many cases 11:43:00 In OS, however, I don't have experience so I wouldn't comment 11:43:04 yeah, but it's hard to integrate 11:43:49 The build-system alone would eat three engineers, and keeping up with updates at least another two 11:44:25 The biggest proponents of rust have no idea what it's like to not work with it when not greenfielding code. 11:44:29 We need time to find good use-cases, and we need to integrate them in a way that doesn't blow up our build times to infinity 11:44:55 That's a good summary 11:45:48 Rust has advantages, yes - but it's not free of undefined behaviour, and some of the biggest downsides to C which rusts attempts to fix, are also addressed by things like CHERI, which only run on FreeBSD (for now, there's nothing stopping anyone from adopting it for something else). 11:46:44 s/C which rusts/C and C++ which rust/ 11:47:01 okay these are topics I need to learn 11:47:09 what is CHERI? What is greenfielding code? 11:47:44 Farooq: "greenfield" is writing new code from nothing; what we're dealing with is a 30+ year old code-base. 11:47:52 ah I get it 11:48:01 often called a "brownfield" 11:48:14 (might be derogatory, i don't know) 11:48:17 of course decisions in 30+ year old code base is nothing eassy 11:48:30 For example, let's say you do replace all of FreeBSD with rust - what happens with all the hand-optimized in-line assembly optimizations for things like memset(3), memmov(3), and other parts of the standard library? You're going to, at the very least, inline that same code in rust, and that means doing it in an unsafe manner (which rust considers undefined behaviour, I might add). 11:48:31 Our code in DeltaChat wasn't even 10 years old let alone 30 11:49:04 debdrup, yeah I see. Using inline assembly in Rust is unsafe 11:49:07 I can't say I'm too interested in other bits of code. 11:49:46 Fun fact: For my Genetic Programming research I thought Rust is the best option. Then I realized Lisp is 11:49:47 Farooq: we're working on updating to C17 +GNU extensions, so our move to C23 can smooth: https://reviews.freebsd.org/D44145 (this is a whole stack) 11:49:49 Title: ⚙ D44145 Disable C standards under C99 from kernel build 11:49:59 There's ~14 million or so lines of code in FreeBSD, that'd need to be rewritten, and by the time you're done you've surely introduced enough undefined behaviour to have run into at least one nasty failure case that rust won't protect you from. 11:50:50 debdrup, the thing is that, IMO, if you are gonna use all unsafe code in Rust, why use Rust anyway? unsafe code in C is much better than unsafe code in Rust to my knowledge 11:50:59 It's simply a non-starter. 11:51:15 Farooq: not really… 11:51:37 If you wanna talk about greenfielding code in FreeBSD, then you need to carefully consider the amount of uplift that comes in the form of toolchain modification. 11:51:48 like Rust compiler doesn't give you much of information when you write unsafe code in Rust and fail but C compiler does as far as I've seen 11:51:53 I never talked about greenfielding 11:52:08 It's the only alternative to rewriting everything. 11:52:13 TBH, I have no comment or opinion when it comes to an OS 11:52:51 unsafe code in Rust is, at least marked in with a keyword (most of the time, let's not talk about undefined behaviour lol) in C the everything is potentially unsafe. But, we have a lot of tooling to scan our code for these kind of things 11:53:35 anyway, Farooq, "the hype is real" means something else than "it's just hype" 11:53:36 I see but my point is that when your unsafe Rust code fails, there is little tooling to help you debug it 11:53:48 meena, yeah I misread that 11:54:08 I was kinda hyped too thinking Rust will do good for my GP research 11:54:31 There is a Persian proverb: "Anything is made for some specific purpose" 11:54:51 That is, you can't rule everything with just one language 11:55:18 Anyway, CHERI is cool 11:55:28 https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ 11:55:28 CHERI _is_ cool. 11:55:29 Title: Department of Computer Science and Technology: Capability Hardware Enhanced RISC Instructions (CHERI) 11:55:30 This? https://cheribsd.org 11:55:32 Title: CheriBSD 11:55:48 yup 11:55:56 CheriBSD is the fork of FreeBSD made to run on CHERI architectures. 11:56:08 hmm I see 11:56:41 Most of the people who work on it also have commit to FreeBSD, so we often get some improvements back 11:58:03 Even if they weren't committers, getting code upstreamed to minimize their own patchset is also just pragmatically the best reason to upstream. 12:18:32 debdrup: we actually have a CHERIfied linux, but CheriBSD is what has most of the interesting work 12:18:48 a lot more engineering was put into CheriBSD 12:19:17 there's also https://cheriot.org/ 12:19:18 Title: CHERIoT Platform | Welcome to the CHERIoT Platform, a hardware-software co-design project that provides game-changing security for embedded devices. 13:56:26 Huh, I wish I'd known about https://www.freshports.org/sysutils/archivemount/ earlier. 13:56:28 Title: FreshPorts -- sysutils/archivemount: Mount archives with FUSE 13:57:03 wow cool 13:57:15 can you write files back to it into the archive? or just readonly 13:59:52 I only just learned about it, so *shrug* 14:00:42 if you got a typical web app with nginx reverse proxy to a node.js app working good, what's the first step to converting it to being jailed? i was thinking that i add another ip to the host, then expand base into a jail dir, then start moving pieces of the working app into the jail from the host. that more or less right? 14:00:48 oh thick jail btw 14:23:43 Hello! Question about zfs mirrors, this is probably splitting hairs, but I have one ssd and one nvme, which would be best to use as the backing drive that becomes the mirror? I guess it might not matter. 14:24:29 alepzi: you want to setup a jail, confirm it is operational with an ip address, then install the packages for nginx and node 14:24:40 once that is complete, then you "mgirate" the working code to the respectively loications within the jail 14:25:35 ok ty 14:36:03 there any way to do ahead of time config of a jail just like we can do with a scripted bsdinstall? 14:36:27 so i basically have an archive that i extract and bam, the jail is all configured already 14:36:33 or smth 15:37:58 anyone got any partitions that look like this, https://github.com/canonical/cloud-init/pull/5122 ? 15:37:59 Title: feat(freebsd): support freebsd find part by gptid and ufsid by jinkkkang · Pull Request #5122 · canonical/cloud-init · GitHub 15:39:25 alepzi: yes. 15:56:38 fyi https://odysee.com/@AlphaNerd:8/the-xz-backdoor-almost-compromised-every:0 15:56:39 Title: The XZ Backdoor Almost Compromised Every Linux System 15:56:58 does the BSD effected by XZ Backdoor ? 15:59:45 No. 16:00:02 I guess not, My bsd xz versions is 5.4.1 / 5.2.5 16:00:32 lts thanks for reply 16:02:13 freebsd completely tosses out the upstream build system anyways 16:03:01 and tests 16:03:25 you could question the validity of the source as well given that Jia touched it, but Lasse is busy churning through that and we'll know more in the coming weeks 16:03:41 until then, probably best to avoid too much speculation :) 16:03:41 yah, but that was a scary backdoor 16:30:13 beastwick: One SATA/AHCI and one NVMe, you mean? 16:41:37 I'd recommend trying to match interface speeds and specifications, because AHCI and NMVe are fundamentally quite different both in terms of number of queues and the size of them. 16:43:34 nerozero: "The XZ Backdoor Almost Compromised Every Linux System" That's very optimistic 16:43:53 hello meena 16:44:38 That was the name of the video, but the backdoor was nasty, yeah 16:45:03 If it's in a video, it's probably not a very accurate summary. 16:45:11 Imagine how much time will that took to find out in a closed source code 16:45:35 also true 16:46:04 considering how he diagnosed it, about the same amount of time if it was trying to accomplish the same thing 16:46:17 Any ops around? 16:46:53 he didn't exactly have source to the exploit, yet he still debugged his way into figuring out what it was doing 16:47:17 debdrup thanks 16:47:26 mane: instead of asking for people, just ask the question and people who know can answer. 16:48:19 debdrup, maybe he need to game an OP here :) 16:48:21 kevans: yeah, that's the advantage of a systematic approach to rootcausing symptoms 16:48:23 Well I run a smalls fundraiser and I was wondering can I tell about it here and link my blog post about it 16:48:26 qq, so I created the mirror, I see some message that I should update the boot loader code. The drives are UEFI, when I try any variation of gpart bootcode I am getting operation not permitted, as root. 16:48:30 Small* 16:49:28 mane: if one person does it, more people will do it - it sets a precedence that's hard to get rid of. 16:49:44 So I take it as no 16:50:46 Can I at least pm you the link? 16:50:48 beastwick: with UEFI, you'll wanna replace /boot/loader.efi on the EFI in \EFI\BOOT\BOOTX86.EFI 16:51:33 debdrup do I use gpart bootcode for that? 16:51:42 just cp it 16:51:54 beastwick: no, you copy the file over, it should be mounted as /boot/efi on modern systems, I believe. 16:52:00 there's a second copy at \efi\freebsd\loader.efi if you've installed a recent syste 16:52:23 It'd be nice if gpart bootcode could do it, but I don't know of anyone working on that. 16:52:25 oh interesting, is there a reason why this doesn't happen automatically? 16:52:35 it's complicated 16:52:49 You don't wanna touch bootcode in an automated way, because what if something breaks? 16:52:57 agreed 16:53:01 we don't know that it's safe to blow away what's there. in the case of the freebsd vendored namespace we can, but \efi\boot is more complex 16:54:05 okay, I do not see /efi/boot or /EFI/BOOT/BOOTX86.EFI 16:54:07 Presuming you don't upgrade the root filesystem, the worst case that can happen with an out-of-date bootloader, is that it doesn't render quite properly - but it'll still boot just fine. 16:54:19 beastwick: then mount it via mount_msdosfs(5) 16:54:47 mane: if it's FreeBSD related: yes. if not, #freebsd-social 16:54:48 you're notably looking at /boot/efi/, not at the root of your system 16:55:46 meena: ok so I got permission for FreeBSD-social 16:56:57 ok, I get it, but I am still having an issue, I try as root mount -t msdosfs /dev/ada0p1 /mnt but I am getting operation not permitted 17:00:00 Curiouser and curiouser, said Alice. 17:00:43 And gpart show lists ada0p1 as a EFI partition on a GPT disk? 17:01:47 40 1953525088 ada0 GPT (932G) 17:01:51 40 532480 1 efi (260M) 17:03:35 beastwick: does mount_msdosfs give the same error? 17:03:37 meena: sorry i lost internet, still here? 17:04:05 And what does file -s /dev/ada0p1 report? 17:04:29 I have a vague memory of this happening before, but I can't for the life of me remember what the solution ended up being. 17:04:32 /dev/ada0p1: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "BSD4.4 ", sectors/cluster 32, root entries 512, sectors/FAT 65, sectors/track 63, heads 16, sectors 532480 (volumes > 32 MB), serial number 0x7fe50820, unlabeled, FAT (16 bit) 17:04:54 Yea, that's as it should be. 17:10:01 anyone know why the encrypted swap on my host isn't working? https://termbin.com/c4yx is my host's ZFS config in bsdinstall installerconfig 17:14:20 alepzi: all i said was: yes, you can do that 17:16:38 so like i make my own installer with a installerconfig in it and all of my customizations for the jail, then jail bsdinstall it into place or? 17:16:47 mind giving me the overview? 17:23:16 debdrup my fstab for the efi partition (ada0p1) looks like /dev/gpt/efiboot0 /boot/efi 17:23:32 that is confusing me, what is /dev/gpt/efiboot0 17:23:41 It's a GPT id 17:23:52 Check with mount(8) if it's aready mounted, that'd explain it. 17:24:30 ok, so it is mounted /dev/gpt/efiboot0 on /boot/efi 17:24:32 Well, GPT label, not ID. 17:24:46 so I can just copy the aforementioned file to /boot/efi/... 17:25:53 /boot/loader.efi -> /boot/efi/efi/freebsd/loader.efi 17:26:35 You'll probably also wanna replace the other file, unless that's a different boot loader (like rEFInd) 17:27:49 bootx64.efi? 17:28:25 beastwick: IF you use /boot/efi/efi/freebsd/loader.efi you'll need a boot variable to go with it. 17:28:38 is that what bootx64.efi is? 17:29:24 beastwick: bootx64.efi is fallback naming, which would mean /boot/efi/efi/boot/bootx64.efi 17:29:51 And for that would wouln't need a boot variable, assuming your bios is usable, which some aren't. 17:30:05 beastwick: To see boot variables, say: efibootmgr 17:30:22 (or efibootmgr -v) 17:30:53 beastwick: I have examples of both sorts - freebsd/loader.efi and boot/bootx64.efi - in https://wiki.freebsd.org/MasonLoringBliss/ZFSandGELIbyHAND 17:30:55 Title: MasonLoringBliss/ZFSandGELIbyHAND - FreeBSD Wiki 17:31:32 thanks 17:32:00 mason: i'm using zfs and geli together and encrypted swap isn't working. mind looking at my tiny config to see if there's an obvious prob? 17:32:17 alepzi: How are you marking it in your fstab? That should be all that matters. 17:33:05 alepzi: I shy away from swap on a zvol, so what I do here is to have a standalone partition (or gmirror) for it, and have geli encrypt it ephemerally. 17:33:35 https://termbin.com/c4yx is the installerconfig portion, then fstab is https://termbin.com/pc5v 17:33:42 alepzi: Also an example of that in the linked page, but to save you wading, in a mirror for example: /dev/mirror/swap.eli none swap sw 0 0 17:34:56 i just let bsdinstall set it up for me tbh 17:35:05 alepzi: looks right - what do you see when you say "swapon -a 17:35:07 ? 17:35:42 swapon: /dev/nvd0p3.eli: Invalid parameters, then another line for nvd1p3 saying the same 17:35:50 13.3 fwiw 17:37:05 Half a sec, firing up my laptop to check the naming. 17:37:10 tyvm 17:40:13 alepzi: Ah, right, so it's /dev/nda0p2.eli here - can you look in your /dev and maybe share ls /dev/n* ? 17:40:26 sec 17:40:52 I'm curious what the difference is here. Looking. 17:41:17 alepzi: For instance, here: https://bpa.st/OHIQ 17:41:18 Title: View paste OHIQ 17:41:23 https://termbin.com/np44 17:42:47 okay, boot loader updated and reboot worked as I am here again chatting 17:42:48 Oh, I'm on 14. That might be the difference. 17:42:54 thanks mason 17:42:55 beastwick: good good 17:42:59 hehe 17:44:17 alepzi: It shouldn't be necessary to change what the installer gave you, but I'd be inclined to try /dev/nda0p3.eli instead of /dev/nvd0p3.eli in your fstab, just to see if it matters. This split between nd and nvd is new to me. 17:47:45 I guess nda devices take direct NVMe commands, and nvd presents disk devices that happen to be backed by NVMe. 17:48:05 Someone will correct me if I'm wrong. 17:54:52 nda is newer 1 i think 17:55:58 ya, in my boot loader i have hw.nvme.use_nvd=0 17:57:08 note that one set are symlinks and probably don't get resolved for this purpose 17:57:12 alepzi: Any difference if you try nda? Why it'd matter isn't coming to me. I'd think the one you've got already, nvd, would be utterly unexceptional. 17:57:35 if you have nda enabled then nvd are just symlinks to the new ones for a compatibility shim 17:57:39 kevans: =gasp= didn't realize thios 17:57:48 so if i change the etc/fstab entries to just swap nvd to nda and then save file and swapon -a? 17:57:59 yeah, try that 17:58:12 k sec 17:58:13 kevans: Any notion of what his "invalid argument" might be then, in this case? If they point to the same thing, that should be okay. 17:58:16 should i be afraid? 17:58:30 alepzi: no 17:58:41 mason: geom itself doesn't know about this kind of linking, that's at the devfs level 17:58:43 alepzi: Failure mode here is "oops, still no swap" 17:59:07 so it helps with some userland tooling, but not necessarily some that might just take the basename and pass it on 17:59:11 omg it worked 17:59:27 kevans: Might be bugworthy then, as he got the nvd entries straight from the (13.3) installer. 17:59:31 "adding ... as swap device" 17:59:59 weird thing is sudo top shows swap size as 2048 but if you look at my bsdinstall installerconfig for it, i selected 1GB 17:59:59 alepzi: You should be safe making that be a permanent change for both in your fstab. It's what the 14.0 installer does out of the box. 18:00:11 alepzi: You've added two swap devices, each 1G 18:00:30 So 2G is right. 18:00:31 oh i thought it would just use 1GB across the mirror of 2 drives 18:00:41 alepzi: Critical point: it did not create a mirror. 18:00:58 ah interesting 18:01:04 alepzi: If you want a mirror, "swapoff -a" and make them into a mirror, and then use something like /dev/mirror/swap.eli as I had in my example. 18:01:20 Again, my cheat sheet has examples of how to do it. 18:01:23 i'll just leave it as is 18:01:38 tyvm 18:01:53 if you want any help figuring out the bug just ask 18:01:56 alepzi: Only issue leaving it as-is is, if you lose a disk, you're probably going to crash as you just ripped out some swap unceremoniously. 18:02:07 oh, shit 18:02:17 If it's a mirror, it'll survive losing one of the underlying block devices. 18:02:35 do you know how i "make them into a mirror"? 18:05:15 alepzi: You can use https://wiki.freebsd.org/MasonLoringBliss/ZFSandGELIbyHAND as an example. It says: gmirror label -v swap gpt/swap0 gpt/swap1 18:05:16 Title: MasonLoringBliss/ZFSandGELIbyHAND - FreeBSD Wiki 18:05:40 alepzi: But if you don't have gpt labels - not sure if you do or not - you can use the bare device names too. I prefer labels in all cases. You can look here: ls /dev/gpt/ 18:06:30 alepzi: You might need geom_mirror_load="YES" in your loader.conf. 18:07:07 in /dev/gpt/ i have basic%20data%20partition, efi%20system%20partition, microsoft%20reserved%20partition, efiboot0, efiboot1, gptboot0, gptboot1 18:07:39 alepzi: So you'd want to label your swap partitions. Alternately, just use the two bare device names if you prefer. 18:08:16 ok... and btw this is fixed in 14? maybe i'll just reinstall once 14.1 hits and keep swap off till then. i'm still pretty new 18:08:51 alepzi: We're not entirely sure what's wrong, so it's hard to say it's fixed. That said, I see nda out of the box in 14. 18:09:25 alepzi: Triple-check this before doing it, but I believe you could use: gmirror label -v swap /dev/nda0p3 /dev/nda1p3 18:09:35 and then change your fstab accordingly 18:10:32 ty guys 18:10:45 what bug are we talking about, precisely? 18:11:24 kevans: The installer gave him nvd for his two swap partitions, and swapon is balking, saying "invalid argument" 18:11:33 right, but that's just a cosmetic issue 18:11:47 https://termbin.com/c4yx is my bsdinstall installerconfig entries 18:11:51 Sort of. It's leading to error messages and swap not being activated. 18:11:56 Feels more bug than cosmetic. 18:12:03 I guess there's more systems to install? 18:12:23 i have a boot loader entry that says hw.nvme.use_nvd=0 18:12:48 Oh, I didn't register the installerconfig stuff. I've not used that. I'd tend to guess specifying nvd there is insisting on it for everything including swap. 18:13:07 we can't really do anything about that if you're installing from an installer image that's booted without nda enabled 18:13:16 alepzi: I suspect from that that there's a SWAP mirror setting somewhere. 18:13:21 you'd need to boot the installer with nda enabled (default in 14.x) and use nda0/nda1 instead 18:13:55 oh my installerconfig options aren't enough? 18:14:11 Where are these installerconfig variables documented? 18:14:21 "lmao" 18:14:37 i wish bsdinstall had an option to output the installerconfig of a manual config 18:14:47 Ah, in bsdinstall(8) 18:15:19 alepzi: There's a ZFSBOOT_SWAP_MIRROR setting you might want, aside from the nvd/nda thing. 18:15:43 wow good catch 18:16:44 I'd want to try as well to see if it yields a working system: export ZFSBOOT_DISKS="nda0 nda1" 18:16:49 i thought ZFSBOOT_VDEV_TYPE="mirror" was enough to make it a mirror for everything, including swap, but i guess not 18:17:15 alepzi: You're getting separate partitions for swap, because swap-on-a-zvol is potentially explosive. 18:17:29 why? 18:17:50 i just want to replicate what i can do in bsdinstall gui manually, by selecting mirror, encrypted swap, etc 18:18:35 alepzi: I don't remember all the arguments, but it adds memory pressure when you need to swap, which is just when you don't want more memory pressure. 18:18:47 oh ya my disks are set in ZFSBOOT_DISKS to nvd, the older interface, even tho i turn that off in boot loader. you're right i should try nvd variants of them 18:18:57 But the installer definitely gives you plain partitions, nothing to do with ZFS for swap. 18:19:06 nda* 18:19:13 er ya 18:19:23 TIL - thank you both 18:19:56 ok i'm gonna change those devices to nda and add the swap mirror setting, then reinstall and see if that works 18:20:07 zfsboot_swap_mirror="yes"? 18:20:12 er no " " 18:24:21 iirc i did try zfsboot_disks nda but it couldn't find the drives 18:25:14 that sound right maybe? 18:25:29 it was either 13.2 or 13.3 18:27:59 I've never tried the scripted install features, but now I want to. Seems really useful. 18:28:23 it's so cool to sit back and watch the dominos fall 18:45:03 13.3 default for hw.nvme.use_nvd is still 1 btw 18:45:18 i think 14 is when that's switched to 0, anyone can haz verify for me pls? 18:48:45 I noted that a while ago, yes 18:48:53 ah sorry, ty 19:11:10 is /usr/local/jails the best place to put jails? that's what the handbook uses but it also says ppl put them in other places like /usr/jails and /jails 19:13:00 alepzi: I use /var/jail - up to you. 19:13:19 what's the rationale for /var/jail over the others? 19:16:11 * meena uses /isolates 19:17:03 why? 19:24:01 meena hates the follow up questions lol 19:24:52 alepzi: because I like languages, and find language isolates especially fascinating 19:25:45 So i have a dedicated zpool for jails that's mounted under /isolates 19:25:59 i only know isolates from weed world 19:26:17 https://codeberg.org/pkgbase/website/src/branch/main/howto/jails.md 19:26:18 wow a dedicated zpool, cool, why? 19:26:19 Title: website/howto/jails.md at main - pkgbase/website - Codeberg.org 19:27:05 because it's easier to transfer from one machine to the next when i get a new virtual Maschine 19:27:51 what makes it easier? 19:28:00 I have it on an extra, external storage, which i then just attach to the new machine, and import the pool 19:28:06 ahh 19:29:26 good to see you using ipv6 19:30:20 I have had it for a couple years now, and have moved it from many different VMs (usually rather than doing an upgrade, i just get a fresh machine) and have also moved from amd64 to aarch64 19:30:58 alepzi: my server does. where I live i don't get IPv6, so, personally, im not using it :( 19:31:12 sad 19:31:28 maybe in another 20 years we'll be able to just single stack ipv6 19:31:46 that's the most succinct way to describe rural Ireland's infrastructure, yes 19:32:43 hehe 20:32:43 anyone here have ufsid or gptid and can give some feedback here? https://github.com/canonical/cloud-init/pull/5122 20:32:44 Title: feat(freebsd): support freebsd find part by gptid and ufsid by jinkkkang · Pull Request #5122 · canonical/cloud-init · GitHub 21:11:31 Hi, is there a way to "convert" a FreeBSD 13.2 VM to a Jail?. I have this VM in DigitalOcean and would like to convert to a Jail in my home server. 21:12:15 martinrame, It is easier to create a jail than a VM because a jail does not need any bootcode installed. 21:12:44 Simply copy the files from your droplet to your home system into a directory tree. Then use it as the basis of your jail. 21:13:25 99.44% of everything is covered by just that. But the remaining things are adjusting networking for the change from a droplet VM to your local server jail networking. 21:14:11 rwp, yes!, it looks as easy as you mention. Let's try that. 21:14:13 At that point you will need to make adjustments to your hosting /etc/rc.conf, hosting /etc/jail.conf, and the jail's /etc/rc.conf file. I would use a vnet jail by default. But it depends upon what you want. 21:14:54 I know the devil is in the details there but if you get stuck ask questions and many of us can help you through it. 21:16:00 Also remember that a jail should be the same version or older version than the hosting kernel. Due to newer code possibly (likely) using newer syscalls not supported by older kernels. So whatever version of VM OS that you have you will want to run that version or newer version hosting the jail of it. 21:16:07 I thought it was 13.2 but it's 12.2, no problem. 21:16:28 12 running on either 13 or 14 is certainly no problem! 21:16:40 rwp, yes, that's the case 21:17:16 just make sure you have COMPAT_FREEBSD12 if you use a custom kernel (that's already in GENERIC) 21:17:17 What services are you wanting to run? Is this going to be a vnet jail with it's own IP address? Or is this going to be a non-vnet jail sharing networking with the host? 21:19:03 rwp, well, in fact the only service running there is ssh. It's a machine accessed by my co-developers to build FreeBSD executables or our apps. They mostly develop on Linux and Mac, the push to a repo then log in to this machine, pull the code, compile and deploy. 21:21:53 martinrame, Sounds good. Are you wishing to continue that ssh access? If so then a vnet jail with its own IP stack and address would be indicated. But setup often more confusing. Alternatively you share the network with the host and run sshd on a specific non-22 port to avoid conflict with your host sshd. 21:22:35 Running sshd on a non-22 port is the simpler option. 21:23:13 rwp, yes, I'm creating it with VNET. In the server we have other VNET jails, so I'm copying the config and installing from scratch. BTW, now I'm looking for info on how to install a 12.2 jail on a 14 system. 21:23:32 rwp: wouldn't a more common non-vnet configuration be to assign an IP alias to the jail, so each sshd has its own IP address? 21:24:31 lw, I thought that in that configuration sshd binding to *:22 on the host still attached to all of those addresses? No? 21:24:49 rwp: it does by default, you need to set ListenAddress in sshd_config 21:25:23 (for non-vnet jails you basically have to set the equivalent of that option for every network listener on the host... which is one reason i prefer vnet jails, less hassle) 21:25:28 lw: I don't know. Having an internal IP and port 22 looks like an easier way, just install, then add the IP:PORT forwading to /etc/pf.conf and that's it. 21:25:31 Agreed. Can modify both sshd's in both host and jail guest and bind all of them to the specific address. Yes. That will work. 21:26:12 (for vnet jails I just like that they look like full stack hosts with a standard configuration for programs running in the jail) 21:28:41 martinrame, I am confused about your need to install a fresh 12.2 jail if you were planning on copying the existing 12.2 VM droplet. If you are creating a new jail then why not create something newer? 21:29:26 But regarding installing 12.x AFAIK the only currently distributed versions is 12.4R and older versions are already gone. 21:29:27 rwp, because there are some compilers that maybe won't run on newer FreeBSD versions. 21:30:04 To install exactly 12.2 now one would need to build it from git source tag. AFAIK. Though if you can get a base.tar for 12.2 then that is all you need. Just untar it and you have 12.2 for the jail. 21:30:38 Right specifically at this point in the discussion I am talking specifically about the difference between 12.2 and 12.4. 21:31:17 Do you have a /usr/freebsd-dist/base.txz available from your 12.2 system? If so then use it for the jail base for your 12.2 jail. 21:32:06 rwp: mmm, no, I don't have it. 21:32:32 Is 12.4R close enough? 21:32:44 rwp: yes 21:33:30 ISO images are here https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.4/ 21:33:32 Title: Index of /ftp/releases/ISO-IMAGES/12.4/ 21:33:58 I don't remember how to force installing that version 21:34:06 Anyone have the base.txz URL path for 12.x handy? I would need to dig it out. 21:34:48 rwp: BSDINSTALL_DISTSITE=https://download.freebsd.org/ftp/releases/ISO-IMAGES/12.4/ (maybe that) 21:34:49 Title: Index of /ftp/releases/ISO-IMAGES/12.4/ 21:35:19 martinrame, Isn't that the same path I just posted? :-) 21:35:50 rwp: yes, I was trying to figure out the param to specify a different base version. 21:36:41 AFAIK the previous versions are now End-Of-Life and no longer available from the main repositories for download. 21:38:34 Ah! Here are 12.2 ISO images. (Still looking for base.txz images) http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/ISO-IMAGES/12.2/ 21:38:35 Title: Index of /pub/FreeBSD-Archive/old-releases/ISO-IMAGES/12.2/ 21:38:55 rwp: great! 21:39:01 You're crusty. 21:39:13 Opps - wrong channel, sorry :) 21:40:25 Bahhumbug, Perhaps wrong channel but not wrong! :-) 21:41:30 martinrame, Got it. http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/arm64/12.2-RELEASE/ includes base.txz for that exact version. 21:41:31 Title: Index of /pub/FreeBSD-Archive/old-releases/arm64/12.2-RELEASE/ 21:41:50 rwp: great!, thank you very much! 21:43:00 Is your droplet running zfs? If so then if it were me I would zfs send the zroot/ROOT/default dataset from there to your local system and have an exact copy of the file system and recv it for the jail. 21:43:24 rwp: yes! 21:44:16 Also even though I said to zfs send zroot/ROOT/default but first take a snapshot and then send the snapshot. I realized that was a confusing instruction otherwise. 21:48:07 finally I'm in. Ty alepzi for the support. Hi everyone 21:48:30 yw 21:49:21 Hello mixef. Thank you alepzi for helping out there! :-) 21:49:43 o/ 21:49:50 hi, very new to IRC. Alepzi stood by and took me through joining. 21:50:06 very helpful and very welcoming 21:50:14 plus got to know each other a little 21:50:49 Excellent! Welcome. It's good to review the topic for new channels that you join to get the information specific to that channel. Type in "/topic" and Enter and it should display to you. (We will not see that you did that.) It's in the top line of almost all IRC clients but usually too long to fit. 21:50:52 next step is date night at a little italian place i know and a beach walk 21:50:56 fingers crossed 21:51:35 * rwp laughs 21:52:00 will do, my next question was about to be what is the first step now im here s ty 21:52:46 That's a pretty open ended question. And it depends very much upon where you are starting from and very much upon where you want to go. 21:53:46 You just missed a somewhat involved discussion about setting up a legacy version of FreeBSD 12 as a jail converting a VM from a DigitalOcean droplet. And before that there was a discussion of kittens. So discussion varies. 21:54:44 I'll note that there is #freebsd-social for random off topic discussion, kittens, and other things. 21:56:26 ah i see, I mentioned to alepzi that i foudn this channel by searching through the servers on various channels to find servers that focussed on chat with the highest number of users. I now realise that i neglected to understand the channel name. My knowledge of BSD is lesser than my knowledge of IRC but would like to stick around if you'll have me? 21:57:29 You can stick around but know that the rule is 1) See one. 2) Do one. 3) Teach one. If you stay then after you learn something you must teach something. 21:59:45 Perhaps this is your chance to learn something about BSD? ;) 21:59:59 Well i will be learning a lot for sure. I have xperience of unix-based systems and appreciate all efforts at providing open-source platforms. I'm also keen to understand linux from a vulnerability perspective, particularly in the embedded/operational technology space but its a steep learning curve for me right now so ty for having me 22:00:07 Also a good rule from the amateur radio side of things is that it is not required to talk. It's good to listen first for a while and see what is normal on a newly joined IRC channel from the regulars. And then you know what you are stepping into. I as a boisterous extrovert am often violating that rule. And therefore I talk too much. 22:00:54 Understood, i came here with the wrong intentions but now eager to listen in, so ty for allowing me to remain. 22:01:07 rwp: well, with HAMs, you're basically forced to receive before you can transmit, unless you want to pay some pretty heavy fines for transmitting without a license in a licensed frequency band. 22:01:42 If you type in "/who" and Enter you will see a very long list of users and bots who have joined the channel. Only a smaller number of those are brave enough to type in something. 22:01:50 It's always interesting when you get to talk to someone who doesn't know that, and then suddenly goes _very_ quiet.. ;) 22:02:27 I'n my former life using radio, me were always told we should communicate based of the the assumption that every second if transmission costs an extortinate amound of money. So i will remain quiet now :D 22:02:45 I didn't really get active on ham radio until I already had my novice license. And then I had to acquire a radio. So there was no delay between those for me. 22:03:06 rwp: yeah, a lot has changed with (web)sdr, in that respect. 22:04:30 mixef, (which I am "highligthing your nick" by addressing it to show that I am looking at you) I really did not mean to drive you off. You are most welcome here. I am just one of the many users in the community with no authority of any sort here. I just want to help you get the most out of the system. Let me encourage you to be an active participant. We have more lurkers than any channel needs. 22:06:13 Even if you don't have an internet connection, RTLSDR goes a long way. 22:09:42 rwp: not talking about me, are you? ;) 22:10:54 much appreciate rwp, already learnt a lot tonight and thanks for being so welcoming 22:13:38 * rwp laughs with Ltning 22:19:38 from the wording in 17.3.4 of jail page of handbook it says files in /etc/jail.conf.d/ have to be included in /etc/jail.conf, then it shows the wildcard include line. why's that required? we don't need a similar include line in /etc/rc.conf for files in /etc/rc.conf.d/ to be picked up 22:29:06 alepzi, Because the underlying code was written by different people with different ideas? I don't know. I just know they are different. And that jail.conf.d/* has some restrictions that have confused me over time. Some things apparently must be in jail.conf and other things are allowed to be in a jail.conf.d/* file. I don't grok it myself yet. 22:31:02 nod, ty 22:32:12 rwp: i think people are aware of the inconsistencies and working on fixing them 22:32:52 nice! 22:36:41 That's great! I have just gotten into the habit of only using the jail.conf file itself to avoid the issue. But I welcome improvement in using individual files. That would be nice. 22:37:29 freebsd is the best OS to ever exist and it's only getting better !! 22:57:34 so is the pfsense thing real or not ? https://www.netgate.com/blog/pfsense-software-embraces-change-a-strategic-migration-to-the-linux-kernel 22:57:35 Title: pfSense® Software Embraces Change: A Strategic Migration to the Linux Kernel 23:00:26 <[0x1eef]> April 1st. 23:05:39 Regardless of the April 1st publish date of that we think it is real because it is consistent with other news from them. And also TrueNAS also is doing the same thing. 23:06:03 They should have waited a day to post it and that would have avoided people wondering about the date of it. 23:06:37 <[0x1eef]> Yeah I'm not sure. There's nothing funny in it. A Linux kernel with a FreeBSD userland sounds weird though. Plus how will they have pf on Linux ? Migrate to iptables? 23:08:20 Read through this thread for some further context: https://www.reddit.com/r/freebsd/comments/1bhvt2e/comment/kvukh2k/ 23:08:34 Don't be too distracted by the headline being about TrueNAS because the comment discussion is about pfsense. 23:12:21 <[0x1eef]> Yeah could be real. I happened to buy a pfsense router a week or so ago, and I don't really like it. I'd prefer to run a stock version of FreeBSD and that's what I eventually plan to do. 23:16:06 if anyone needs the freshest net/cloud-init and net/cloud-init-devel packages, I build for 14.0 aarch64 & amd64, and publish here: https://pkg.igalic.co/ 23:16:07 Title: Index of / 23:16:25 <[0x1eef]> Also, after reading that comment, I wouldn't want to use any of their products. Total jerk. 23:20:57 *freshest, as soon as rust is built on my tiny aarch64 vm, that's also hosting this IRC session 23:22:16 rust hype 23:22:37 [0x1eef]: imagine a freebsd userland with a mach kernel 23:23:00 <[0x1eef]> :)) 23:23:14 * meena doesn't know what that means and will now goto bed 23:25:32 one day, when I have the time… I'm going to sit down and figure out what we can do to our ports system to not have to rebuild rust every time curl does a (minor) release. Also, how to build npm packages, and I'm not sure which of those two is going to be harder https://xkcd.com/1425/ 23:25:33 Title: xkcd: Tasks 23:26:49 I'd be surprised if netgate moves pfsense to linux. First off, the name would have to change. They already have a firewall product for enterprises built on linux, afaik, so if anything they would likely outright drop pfsense. 23:27:42 They've thrown a lot of money and manpower at freebsd over the years, even in recent times - and on things that I would classify as somewhat long-term investments 23:30:48 Then again, their blog post is depressingly corporate 23:32:17 So .. I dunno. Keeing the freebsd userland makes absolutely no sense, though. There's nothing in it that would be meaningful to keep and doing so would not unlock any of the potential they're claiming without a metric ton of additional work and kludges 23:32:18 <[0x1eef]> That comment tells you a lot, I didn't see anything positive in there - it sounds like someone who has given up and would prefer to use Linux. 23:40:52 what is pfSense anyway? is it just a web interface for functionality that already exists (pf, dhcpd, routing...?) or does it provide new things? 23:42:06 I mean yeah, the post makes no sense 23:42:14 pfSense is a web interface 23:42:22 why would it matter if it's FreeBSD userland 23:42:34 if it's meant as a joke, it's not funny and wildly confusing 23:42:51 <[0x1eef]> Yeah - it's nothing you couldn't do yourself. And in the process, they change fundamental parts of how a FreeBSD system works. You're not suppose to use rc.conf. pf.conf is not used either. So it's like their own weird version of FreeBSD that is only useful with their web UI. 23:48:11 this blew my mind. I zfs send|zfs receive (as rwp mentioned) the zroot/ROOT/default dataset from a VM on DigitalOcean to my PC and created a jail out of it, and it worked! 23:52:35 martinrame, Of course! :-) 23:52:50 lmao best OS ever 23:53:22 rwp: now I'm sending the zroot/usr/home (8gb) 23:53:46 if you want to get eve fancier you can tunnel through ssh and all that fun stuff 23:53:48 meena: what does rust currently rebuild every time curl does a release whatsoever? 23:54:29 alepzi: yea! 23:56:53 lw: imo it's more community minded if instead of 1 blessed vendor the focus is a wiki page that links to known compatible hardware and preset freebsd configs that give you a turn key whether that's fw, router, whatever 23:57:26 imo that's the real power is taking freebsd tech and starting to make it easy to get transparent wraps on it for common templates 23:58:08 so it's easy to see "oh just these few commands and config files to make it a fw", another that includes web gui