07:39:29 tykling trying out syncoid 6 years ago: https://github.com/tykling/ansible-roles/tree/master/tykbackup_client/files did it take over from your old way of doing backups ? 07:39:30 Title: ansible-roles/tykbackup_client/files at master · tykling/ansible-roles · GitHub 07:40:09 no it never really clicked for me 07:40:47 oki just stumbled over it, and found it inside the ansible role :) so i thought it was a match 07:41:01 so you still use the old way 07:41:42 yes 07:41:57 I am not really happy about it though 07:42:08 my problem atm is that the backup server is a jail a place where it doesnt have own direct ssh, so i need to use another port and in pf redirect that to backup jail 07:42:24 oh, well that should be fine 07:42:48 in periodic how to add the port part, i didnt really find out 07:43:00 add it in .ssh/config 07:44:00 can i tell remote port on source ssh config? 07:44:05 yes 07:44:13 didnt know that 07:44:13 Host backupjail.example.com 07:44:16 Port 2222 07:44:21 in .ssh/config 07:52:05 thanks tykling something i never knew, i will take my new knowledge and try ;) 07:54:07 :D np! 09:00:23 tykling i made it work, its actually doing its job now :) im amazed hehe thanks one more time for old documents ;) 09:04:41 great! :) 09:06:56 one more checkmark, next step is central place to review /var/logs ;) so i dont need to go check my servers and every jail 13:41:03 i'm having trouble to get sfp+ interface working in bsd, the cable isnot being detected as connected it seems, in ubuntu it works,tried live distro to test, here some info i collected, am i doing anything wrong? or could it be a bug? https://forums.freebsd.org/threads/cant-get-sfp-nic-to-work-amd-driver-issue.93186/ 13:41:04 Title: can't get sfp+ nic to work amd driver issue? | The FreeBSD Forums 15:58:23 toying around with poudriere in a bhyve vm. i had a typo in my config and instead of installing jails, etc. to /usr/local/poudriere it went to /wrong/path ... so i went to rm -rf and start over, but i get all sorts of errors like this: rm: /wrong/path/jails/140Ramd64/usr/lib32/libthr.so.3: Operation not permitted ... i'm not sure what's blocking the delete, any insight? 16:02:39 markmcb, The installer sets an "schg" immutable flag on a couple of dozen files. Look for them with: find . -xdev -flags +schg -exec ls -ldo {} + 16:02:48 markmcb, what does poudriere jail -l say? 16:03:06 markmcb, you'd typically remove a jail using poudriere jail -d -j 16:03:47 An schg immutable flag file will look like: -r--r--r-- 1 root wheel schg,uarch 1959392 Dec 2 2021 /lib/libc.so.7 16:04:30 yeah, if the old jail still shows up in poudriere, I assume you could just -d it :) 16:05:34 or if it's not in poudriere, you could still zfs destroy it 16:05:45 To recursively remove the schg flag from a path: chflags -xR 0 /the/path/desired 16:06:02 thanks. the old jail was there. i just deleted it. i still have a /wrong/path/jails directory that i can't get rid of... i'll try the find/chflags commands rwp mentioned 16:06:31 I always add -x and -xdev to avoid crossing mount points to add insurance that I don't recursively do more than I expect to do. 16:07:14 rwp: chflags did the trick, thanks! 16:07:17 If you have datasets then those are mount points and prevented from crossing those mount points. But that's usually what I want and I am working at the mount point or below. 16:07:27 will add that to my list of things to better understand :) 16:07:28 \o/ 16:07:47 yeah that list is pretty long here too 16:12:24 i wonder if we could just get rid of schg nowadays 16:12:34 or at least not set it by default, the flag itself is useful 16:13:55 so that seems to have caused some collateral damage (feeling good about my decision to do this in a bhyve vm) ... does poudriere hard link OS files into the jail setup? 16:15:15 markmcb: no, but even if it did, removing the hard link wouldn't affect the original file 16:15:39 what was /wrong/path actually? 16:15:50 seems all my previously install packages (with pkg) got affected. pkg upgrade -f did the trick 16:16:26 lw: /usr/local/pudriere (missing the o) 16:16:46 i wonder if find followed a symlink into / 16:17:00 (if you used find to remove the files) 16:17:15 i used rm -rf /wrong/path 16:17:34 (after the chflags command) 16:21:58 that's strange, i don't know how that affect anything on the host itself 16:22:40 hm... does poudriere mount host filesystems into the jail at all? i didn't think it did, aside from /dev and a couple of others 16:47:54 how do i build a bootable vmimage with a specific kernel? 16:49:14 ah, apparently qemu has a -kernel option, that might help 17:14:53 Any idea where this was fixed? https://nvd.nist.gov/vuln/detail/CVE-2024-29937 17:14:54 Title: NVD - CVE-2024-29937 17:17:01 skered: as far as i'm aware this hasn't been fixed yet - no SA and i didn't see any related commits 17:18:02 although based on a recent doc commit, i'm wondering if it's due to users not understanding how NFS exports work 17:18:17 i.e. if you export /nfs/data, and that's just a directory on the root filesystem, a client can access any file on the root filesystem 17:18:32 (this is really unfortunate behaviour but it's innate in how NFS works) 17:19:15 https://cgit.freebsd.org/src/commit/?id=9d975e47d5a3638d4f575b2cf97e07bf22b53c7e 17:19:16 Title: src - FreeBSD source tree 17:20:10 i hope it's not *this* because this is a known 30-year-old vulnerability, i was hoping it would be something more interesting 18:03:40 hmm, make memstick has to be run as root? install: /src/obj/src/freebsd/src/main/riscv.riscv64/release/dist/kernel/boot/kernel/kernel: chown/chgrp: Operation not permitted 18:12:42 i wonder how bricoler gets around this 18:29:40 udevrules/groups, suid, sudo? 18:30:32 what's udevrules? 18:31:05 er that's Linuxism... what does FreeBSD call them.... 18:31:09 i don't think bricoler uses any of those though, at least based on a quick grep 18:31:18 devfs? 18:31:32 devd? 18:32:00 Does memstick make the image or writes it to disk? 18:32:22 there are no matches for sudo, devd or devfs in the bricoler source, yet it somehow manages to build a memstick image (and boot it) without root... i guess i'll dig into the code later once i've solved this problem 18:32:41 actually no, bricoler creates a vmimage, not a memstick, i wonder if that works differently 18:33:29 I think that's just dirs on disk converted via something like qemu? 18:33:51 right, the issue seems to be it tries to installworld into a directory then turn that into a disk image 18:33:58 and it's the installworld bit that needs root 18:34:06 Otherwise I think any/all disk operations needs some high level user even mdconfig. 18:34:30 I guess for setuiding? 18:34:39 i wonder if bricoler does something clever with mtree + makefs 18:34:41 Or just permissions 18:35:07 skered: right. i expected this might require root, the odd part is that bricoler doesn't need root to do the same thing 18:35:58 I would interested in seeing the permissions of the data in the images 18:36:02 +be 18:36:30 let me run it again and check, might take a while 18:36:49 What's bricoler too? 18:37:15 https://github.com/markjdb/bricoler - a utility for booting source trees in qemu 18:37:17 Title: GitHub - markjdb/bricoler 18:46:17 skered: seems like file ownership in the bricoler build is fine: https://www.le-fay.org/tmp/30d/YOmis5.txt 18:47:01 Is this the booted image? 18:47:05 Or the image itself? 18:47:10 yes, that is inside qemu in the booted image 19:00:02 It appears to just me makefs? 19:00:19 No special devices or privileges are required to perform this task. 19:00:40 skered: for make vm-image, or make memstick? 19:00:44 vm-image 19:01:22 memstick wants to make both legacy and EFI bootable images? 19:01:43 It seems EFI should just be doable via makefs. 19:02:46 let me try with vm-image instead of memstick then 19:03:12 or vm-release rather 19:03:37 Well this is the context of bricoler's vm-image. 19:05:30 ok, now i'm confused, 'make -C release -j8 TARGET=riscv TARGET_ARCH=riscv64 vm-release' returns immediately but doesn't build anything 19:14:55 weird behavior that maybe makes sense (but i don't understand). pkg version. it's lightning fast UNLESS I have clone the ports tree to /usr/ports then it is insanely slow. like 10+ minutes. i'm not using /usr/ports for anything other than looking at files. why would it existing slow things down? if i delete it, pkg version is back to light speed. 19:15:13 markmcb: i suggest truss'ing it to see what it's doing 19:18:28 ok, will try that. my first truss'ing 19:25:44 suggest truss pkg version 2>&1 > truss.out so you can examine it more easily 19:27:52 I have two zpools connected, both on USB drives. I want to copy some datasets from one to the other. is zfs send | zfs recv the best way, even locally? 19:32:19 yourfate: yes 19:32:24 ty 19:32:50 you can also use rsync, but send|recv is generally better as it is guarantee to preserve all metadata, compressed blocks, etc., and is usually faster 19:33:36 ye, the dataset used compression 19:33:48 right, that's neat, no need to uncompress/recompress 19:34:29 it will decrypt by default though 19:34:37 but no one should be using zfs native encryption anyway as it's broken 19:34:55 I don't use encryption rn 19:35:02 its not very performant on my rpi 19:35:17 yeah, no hardware crypto on rpi 19:35:40 I used aes adiantum on it, with BTRFS when it was still linux 19:35:43 that performed very well 19:35:53 its an aes implementation optimized for running on CPU 19:36:27 btrfs with aes-adiantum + zstd compression 19:36:42 it was still easily fast enough to max out the hdd 19:37:34 i only get ~200MB/s from my rpi ssd anyway, probably due lack of UASP in freebsd 19:37:49 still spinning rust there :D 19:38:21 I have a little bit of spinning rust 19:38:32 its just an external hdd connected to it, as a network share for unimportant stuff, like TV shows to play on the TV 19:38:51 I now swapped it for a larger one, so I'm moving the datasets over 19:39:01 a sort of shitty NAS 19:39:09 I have a decent nas offsite 19:39:19 my NAS is spinning rust but that's 8x 8TB SAS disks, not sure to connect that to rpi :-) 19:39:46 my nas I put in a network cabinet in my parents' basement. when I set it up I was still living in a small studio and didn't want the noise 19:40:09 I kept it there, its now my offsite backup target 19:40:25 lw: only 8 disks, those are rookie numbers 19:40:43 mine is an of-the-shelf synology box with only 2 drives 19:40:46 * yourfate ducks 19:40:52 SponiX: it's not a dick waving contest. this is more than enough storage for our requirements 19:41:30 lw: you sure? 19:41:36 lol 19:41:49 it's 28% used, so yes, sure 19:43:39 the send/recv seems to be decently fast 19:43:41 neat 20:06:29 and it keeps all the permissions etc. I like this. 20:39:56 lw, I have problems 20:40:18 jbo: we noticed 20:40:26 .__. 20:41:02 lw, soo... the I226-LM NIC on my new mainboard is only giving me 100 Mbps according to iperf3. it's not a cabling issue, it's not a switch issue. it's truly specific to this new setup. 20:41:21 the thing is, ifconfig igc0 says: 20:41:22 1000baseT 20:42:24 wow, i'm not the only one having issues building electron: pkg.freebsd.org doesn't build it either due insufficient resources: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278049 20:42:26 Title: 278049 – net-im/signal-desktop: not in repo anymore and version expired 20:42:55 jbo: tried changing cable? 20:43:14 oh, you said yes 20:43:22 you changed the switch as well? 20:43:30 I did 20:43:38 and this is a proper cisco switch that cost more than the mainboard 20:43:58 20:44:25 jbo: does it work if you run iperf to localhost? just to rule out any weird OS issues 20:45:07 lw, getting 40 Gbps that way 20:45:30 i'm expecting a system with I225-V ports soon so curious about this issue, although i probably won't use them 20:46:07 lw, well, according to the mainboard manufacturer, it's I226-LM any chance that that's the issue? 20:46:34 the manpage doesn't say it supports that but i would be inclined to assume that's just a doc issue, probably the same chip 20:46:51 I though the same, yes. 20:46:56 plus it's technically working :D 20:47:02 and ifconfig reports 1000base-T 20:47:06 did you try a different iperf endpoint? what are you testing against? 20:47:31 lw, against a host on the same switch. neither that host nor a 3rd host have any issues doing 1 Gbps via iperf3 20:47:40 hmm 20:48:13 jbo: any errors in netstat -m or netstat -in? what does cpu use look like when iperf is running? 20:48:20 also check errors on the switchport 20:48:42 and is it *exactly* 100Mbps or just vaguely around that? 20:49:07 lw, well it's 97Mbps 20:49:10 98 sometimes 20:49:12 whatever 20:49:15 it's static, constant. 20:49:26 yeah about what you'd expect for IP over 100BASE-TX 20:49:52 jbo: i don't have any other ideas especially since i don't own this hardware, but i think a bug or a quick mail to the driver maintainer might be in order 20:49:59 lw, nothing obvious with netstat -m and netstat -lm 20:50:16 jbo: second one is dash eye (i) dash em (m) 20:50:48 and Oerrs is the relevant column 20:50:56 (or Ierrs maybe) 20:51:02 lw, nothing in there - at all 20:51:16 it produces empty output, or it's all zero? 20:52:04 produces empty output 20:52:17 that's strange, you should at least have an entry for lo0 20:52:22 wait 20:52:33 -i -n, not -i -m. i said it the first the first time :-) 20:53:42 lw, netstat -i -n reports 0 froth both Ierrs and Oerrs on that interface. it does have 0 Ierrs and 436 Oerrs on the vm-public interface tho (but this is host-to-host, no vm invovled) 20:53:59 that's probably not related 20:54:22 jbo: check stats on the switch too (show int geX/Y/Z) 20:55:07 can you be more explicit? 20:55:35 not especially as i don't have any IOS devices here to check but it should list input/output errors on the port 20:56:51 is that part of netstat? 20:57:10 no it's an IOS command 20:57:16 or do you not have login access to the switch? 20:57:51 oh, you talk about the ethernet switch, not the switch on my host for bhyve vms -__- 20:58:01 oh. yeah 20:58:07 i doubt bhyve switch is related to this issue :-) 20:58:29 although you never know, stranger things have happened 20:59:08 jbo: is the igc in the (local, freebsd) bridge? might be worth trying it outside the bridge just to rule that out 21:01:02 lw, I don't have enough FreeBSD networking knowledge to know what that means/what to do. 21:08:00 jbo: ifconfig bridge0 delm igc0 # note: this will take your network offline; ifconfig bridge0 inet 1.2.3.4/24 -alias; ifconfig igc0 inet 1.2.3.4 up; route add default 1.2.3.1 # replace 1.2.3.4/24 with your IP address and 1.2.3.1 with your router 21:08:17 sorry, deletem, not delm 21:09:26 oh, and that should be ifconfig 1.2.3.4/24 up 21:09:36 don't know why you keep asking me for network advice i can't even type words 21:12:56 as long as you don't try pasting we're good :p 21:14:16 jbo: i have to say though this feels like a driver bug 21:14:50 i wonder if freebsd⊙ic would be interested, although igc(4) says Netgate rewrote the driver