say I want a jail to upgrade itself. how would that process look like?

more specifically, I'm using package base, and I get the following: "Fail to rename /lib/.pkgtemp.libcrypt.so.5.eAr1k8vXs0BT -> /lib/libcrypt.so.5:Operation not permitted"

okay fixed that

but now I migrated a Jail from base.txz to pkgbase

and now I have like .pkgsave of... every file!

Hi Guys. I tried to install FreeBSD on my old MacBook Air 2014 today. Installation itself went well. But sadly no drivers found for my Broadcom BCM4360 chips.

I went through man page of bwn. looks the it supported till BCM4319

Broadcom is anti-friendly to free software systems. As soon as you say Broadcom I just shake my head about it.

:D

no wonder

I know that on the linux side of things their is a non-free driver that can't be distributed directly so it usually means everyone must compile it themselves locally. That's probably a solution for you too. I don't know. I avoid broadcom as being a hostile agent.

witt: the most common suggestion you will find is to use a usb wifi adapter. They make them that are the size of a wireless mouse/keyboard receiver

the other alternative I'm awre of, unfortunately, is to use linux

Those small USB wifi adaptors work great! +1

s/awre/aware

Well... Use linux in a container. The wifibox project works so well that most people find it acceptable and stop there.

But even in Linux Broadcom is a hostile agent.

For wifibox I have these references saved off: jrgsystems.com/posts/2022-04-20-802.11ac-on-freebsd-with-wifibox

On a frame.work laptop: xyinn.org/md/freebsd/wifibox

yeah, I noticed this option, usb wifi adapter. Just a little bit more little thing I have to bring with my Mac everywhere. I don't feel very neat

Upstream: github.com/pgj/freebsd-wifibox

I'm now on Linux Mint. it works.

For the installation of broadcom on Debian: unix.stackexchange.com/questions/17…om-bcm4360-on-debian-on-macbook-pro

On Ubuntu: askubuntu.com/questions/55868/installing-broadcom-wireless-drivers

On Arch: bbs.archlinux.org/viewtopic.php?id=249038

So you will have good company of everyone who is struggling to get Broadcom working for them but will have help from people who have made it work.

very nice

So, I think I can try to find the source of the fireware and compile locally some day. Just to see how painful it will be. These things are amazing to me.

Sadly I don't have much tech basic on these. Have to catch up step by step.

The journey of ten thousand miles begins with the first step.

oh...

witt I have a MacBook Pro 2015, I ended up using a USB WiFi, works like a charm.

(thumbup)

the old mac getting very slow. and not able to upgrade to latest OS, as it's taking too much disk space and everything.

mine is rarely use, it's a waste to throw it away. So I find Unix/Linux a saver.

The only thing better than using free software operating systems to keep old proprietary machines running after they run out of proprietary support is to avoid them in the first place and use free software operating systems right from the start! :-)

Free software , what a great world!

Like Obiwan said, "Luke! Use the source!"

:D

Hey, BTW, I'm new to FreeBSD, just wondering, is there any specific reason you guys choose Unix over Linux ?

more stable ? more flexible license ?

I like the built in tools better: ZFS, Jails, Bhyve etc

The docs are better imo as well

witt: for me it was excellent documentation (long time ago) and all-in-one system, the kernel, the userland, and the tools like DNS server and mail server all part of the basic system.

and the ability to "make world" - everything from source in one go

The base OS is a single cohesive thing making installs and upgrades reliable.

I came for the ZFS disk arrays and stayed for the system organization.

witt: i noticed some issue with power management on my early 2011 macbook pro, that I haven't had time to track down yet. same issue with the in-built wireless, but i have a realtek wifi usb adaptar that is pretty solid.

as for why BSD vs Linux, it's not a dilemma for me because I work on software and building for both helps keep my stuff portable. but i have been using BSD since before the Big Corporations were funding Linux improvements and idk, i just like BSD better.

also i prefer the BSD license to the GPL, for secret reasons.

top sekret

now everyone is waiting for you to share your "secret"

it's secret reasons so that it can sound super mysterious while the truth is that i don't actually want to have a huge argument about licenses and i certainly don't want to convince anyone, it's just the better license choice >for me<

witt: wifibox works great on my macbook pro from 2013 (i think it was), suspend-resume however is a different issue.

antranigv: does resume work with your macbook? did you need to fiddle?

witt: poettering is the primary reason i returned to bsd after two decades of linux

(and with poettering i mean everything systemd stands for, rather than the individual himself. a name is just a shorter way to express so much.)

Hello, all. Is any one using lightdm?

Can you please send me your lightdm and lightdm-autologin files from /usr/local/etc/pam.d, or tell me how I can get their unmodified version without reinstalling lightdm?

ant-x, Did you install by pkg? Do you still have the pkg file around? ls /var/cache/pkg/ | grep lightdm

rwp, Yes, I did, and still have the file.

What sort of archive is .pkg?

Try: tar tvf /var/cache/pkg/lightdm-1.2.3.pkg

If it is in there then you can extract it from the tar file.

No, the arhive contains only pam.d/lightdm.sample, but not the actual pam.d/lightdm, which was created on my system, and I think not by copying from the .sample file.

I haven't installed lightdm but usually when a .sample is installed that's the pristine original copy.

Which component copies file.sample onto file?

I thought that was only ever done by you the person who installs it. No? Then I don't know.

I am looking through my system for an example that might do something with a .sample file...

No: upoin installing lightdm via pkg, those files already existed.

rwp, But this makes sense: pkg install is expected to end up with configured program, so the configuration files should already exist.

My call to lightdm users is still in force, for I have antoher question about it.

Funny: [make sense] and [make love] can be valid commands.

I do find MANY .sample files that are installed and apparently automatically. TIL this and did not realize it was being done before.

rwp, my question is, whethr lightdm may be installig .sample files and then generating actual files slightly different from the .sample ones, because when I copied .sample files over the acrtual ones, my problems with autologin were fixed!

...so I wonder what the bug was in pam.d/lightdm and pam.d/lightdm-autologin .

I ran this next command to see if any of my .samples and installed files were different.

for f in $(find /usr/local/etc/ -type f -print); do test -f $f.sample && diff -u $f $f.sample; done | less

For me the only files with differences are ones I remember having edited after installation in order to customize them for my system.

So, first, I don't know... But it appears that if the package contains a .sample that it is installed automatically and no customization is done.

I guess I would need to learn how to build a binary pkg and in that documentation it would tell us everything we are asking about this question now.

Is there a postinstall scripting capability for binary packages? Seems like there should be. And if so then that's the place customization would be done.

Thanks for the trouble, rwp. I doublt that I messed those files myself, but I could have. Do you where the PAM system stores its logs in FreeBSD?

Normally all of those messages go into /var/log/messages

If you don't want to reinstall lightdm in your host then you might create a simple jail and install it there as a test and look at the installed files there.

rwp, Are you sure? PAM is security-critical component and may be writing log to another place. Some non-BSD sources mention /var/log/security.

rwp, Is jail some kind of isolated environment? Thanks.

I am not sure. But /var/log/security has little in it.

I read [secure], not [security]. Wait a bit.

...Yes, just an initial message in mine...

And I did not find a mentioned of it in theP PAM docs. They menioned syslog, but what is it?

A jail is a very powerful FreeBSD container type. A jail container is like a very powerful chroot container. After the chroot came the FreeBSD jail. All other containers in other systems came afterward.

It's somewhat of a tragedy that every system has a system log daemon, syslogd, but they all log to a different primary log file.

Some systems log to /var/log/syslog and some to /var/log/messages and some to other places. FreeBSD logs to /var/log/messages as the primary system log file.

rwp, Thanks. Does dmest read from the same source?

dmesg reads from the kernel buffers. I forget exactly which is logged where but early before syslog is available it goes into the kernel buffer. Later to the syslog. In between sometimes both.

OK.

On that topic there is also the /dev/console messages. Things may write to the system console. Which may or may not be logged to dmesg or may or may not be logged to the /var/log/messages file.

When running a jail or a virtual machine we see the /dev/console messages by looking at them. We can log those to a file too. I log jail console output to /var/tmp/consolelog-$name for example.

It's only confusing because at boot time nothing is available yet. So messages go to the system console. And then as the system log daemon is started up we start logging to the system log. After the system is running everything that is logged should be getting logged to the system log. It's only a boot time limitation that things before the system log are started can't be logged there.

And some things generate huge amounts of logging. Like Apache, Nginx, Postfix, and so on that process things continuously and on a busy system will have lots and lots of logs. So those things are usually configured into their own log files that are separate just for some organization to it.

rwp, that logging trobles me, because it may be the cause of constant HDD activity in an idle PC.

Constant activity? What is it doing? You can tail the file and watch it as it happens with: tail -F /var/log/messages

I should start with a genral monitoring of HDD activity: what files are being read/written.

Normally unless there is something happening that file won't be getting written to. But if there is something to be said then it will say it there.

That is not my primary problem now, so let it rest in favour of enabling Reboot and Poweroff from lightdm. I was surprised to learn that it required some JavaScript (!) programming -- to add polkit rules.

I think that using JavaScirpt for such config files is huge overhead.

I am not using lightdm and can't see the advantage of adding reboot and poweroff capability to it. I use "shutdown -r now" when I want to reboot and "shutdown -p now" when I want to power something off. But can't really think of a reason to power off a system.

rwp, I can live without it, too, but I am setting up a laptop for a slightly less computer-savvy person.

The instructions are printed by: `pkg info -D xfce4-session' .

In that case I should bow out of the conversation and let people who know about laptops help.

And I bow to you.

What is your machin, rwp: some server, or a normal PC?

I have a collection of systems. My desktop is an HP z210 workstation. My storage array systems are Supermicro rack systems. My other servers are random craphound gear. It's really all over the place.

For laptops I really only ever use Thinkpads. Because those are the mainstream machine for free software developers and I want to stay in the mainstream.

rwp, Thinkpads are sensible machines.

Earlier there was a poor soul struggling with Broadcom WiFi and that's just sad.

Speaking of which, I don't know how to use WiFi from this HP laptom with FreeBSD. During installation, I configured the normal Ehternet connection, but not the WiFi module. Can this be fixed?

I am a terrible person to ask this since I am not actually running FreeBSD on my laptop(s). I have been a Debian person so that's what is running on my laptops. Except I migrated from Debian to Devuan and all of my Debian systems are now Devuan systems.

It's in my task queue to grab a laptop and work through all of the issues with running FreeBSD on a laptop. But I have not done it yet. So I can only help you peripherally.

What is the WiFi chipset on your HP laptop?

rwp, I reported a couple of bugs observed during the installation of FreeBSD.

You might try "pciconf -lev | less" and browse.

Thank you for reporting bugs! That's very much appreciated. It's how things get fixed.

I don't remmeber right now, but I am sure the installer detected it and offered to congure it, but I chose to configure the Ethernet card instead.

For the most part one figures out what chips they have, then what driver is needed, then reads the man page for that specific driver. For example "man iwlwifi" and then does whatever the man page instructs to do for that driver. Each might be different.

rwp, Seems to be: RTL8723DE

Thanks.

Do you know anything about `polkit'?

Great! He shows rc.conf and loader.conf.

Things keep getting better.

What has the latter to do with it?

I mean, the line: [compat.linuxkpi.skb.mem_limit=1] in loader.conf.

I don't know what lspci command he has installed to make that available though...

He refers to: wiki.freebsd.org/WiFi/Rtw88

I do not know much about polkit. I do things very much the old-school way and therefore don't need it. And by that I mean I add my login account to the required groups to provide me access to things I need and do not need the dynamic on-the-fly handling provided by polkit.

Right now that means my login account is a member of the video group and the webcamd group and that's been sufficient for everything I have done in the last three years to work for me.

rwp, nor do I need it, but the existing software seems to rely on it. Do you think I can bypass polkit for enabling Shutdow and Reboot in lighdm? Their instruction tells me to use polkit...

I see.

Does tapping the power button work for shutting down? (From Linux side knowledge) That usually generates an ACPI event and the acpi system will then shutdown the system gracefully.

On the debian linux side acpi-support-base contains the acpi handling system which enables tapping the power button to handle power off. And virtual machines need it in order for KVM operation too.

Yes (it hadn't occured to me).

Hey, what it KVM. It seems to be an method of fast hardware-accelerated virtualisation, right?

I don't know but I will ask if control-alt-delete keyboard triggers a reboot? It might only work from the vt consoles. I can't remember now. Control-Alt-F1 should drop to the vt console. Then Control-Alt-Delete should trigger a soft reboot.

Yes, the switching between VT consoles works.

KVM -- Kernel Virtual Machine. Again on the linux side of things that's the virtual machine technology of choice. In FreeBSD it is bhyve (bee-hive).

And rebooting does work from the VT1

I remember that the vt console keymap has an entry for control-alt-delete bound. You can browse the keymaps in /usr/share/vt/keymaps/ . I hack together my own for my use.

It already works, so all is well, except that I am still want to enable the Shutdown and Reboot button, and wonder why it should be so difficult for so basic a functionality.

That's a philosophical question. Why are things so difficult for such a basic functionality?

The freedesktop folks, you know who I am talking about, only understand message-passing systems. en.wikipedia.org/wiki/Message_passing

And when you only have a hammer all problems look like nails.

Therefore all solutions from that community are based upon a message-passing solution.

The X system itself is quote complited, with its client-server architechture. I wonder if Wayland is simpler.

But with message passing there is the problem of is the requesting agent authenticated? Is it authorized?

So when a message comes down dbus and says power off it must be checked if the requester is authenticated? If it is authorized? And then the message might be acted upon. This makes things much more complicated to do simple things than just doing those simple things directly. But that's the price to pay if you want everything to be a message-passing system.

You mention Wayland but Wayland is a minimum viable product for the people that like Wayland. Meaning that it over the last decade has not been completed to meet the needs of the rest of us. And therefore it might never be finished! It might never meet our needs.

Indeed.

(I commented on your ruminations about message-passing)

Well, is anybody using qemu on FreeBSD?

An interesting musing about Wayland: dudemanguy.github.io/blog/posts/202…6-10-wayland-xorg/wayland-xorg.html

A comparison, by the name of the page?

Reading back "<ant-x> Great! He shows rc.conf and loader.conf" ... "What has the latter to do with it?" The loader.conf file happens very early in the boot process. Since it is desired to get networking going as early as possible it is useful to load the driver as early as possible.

Wayland is also a complicated thing...

And I have no idea anything about compat.linuxkpi.skb.mem_limit=1 there.

rwp, that line is: compat.linuxkpi.skb.mem_limit=1 . It does not seem to be loading a driver.

Hmmm, and the WiFi module needs (I think) a GUI thingy to let the user choose a network and enter credentials.

Oh I didn't realize you were asking about that part but thought it was the other part. I have a lot of things like nmdm_load="YES" in my loader.conf file to load drivers.

That compat setting is a sysctl. You can get a list with: sysctl compat

I have to read about kernel stuff from the beginning: no idea what it is all about.

The system is a big place. Even after working with it and using it for many years there are entire rooms I have not ever looked into yet.

Yeah, and I fear it is just too big for my small head, overwhelming. But doing things blindly, I don't understand them, and theremore do not remember.

I take solace that the things I want to learn about are there for me to learn about. It allows me to configure them as I want. Other things just work and I don't need to know anything and so I let them just work. Other things are in my queue to learn about because I am not yet using them but want to and will get to them at some point.

Yes, one thing at a time, boy.

Good night, rwp et al.

Good night!

Can BOOTX64.EFI boot encrypted UFS bootable partitions? I found something on the forums from 2018 that it was either not implemented or not implemented correctly. I'm getting ready to swap back to FreeBSD on my laptop and I'm going to use UFS but want full disk encryption, including the /boot partition. It appears it can boot encrypted /boot partitions with ZFS as I was prompted prior to the FreeBSD

boot menu when I was using it on my laptop but on my laptop, since I had an unencrypted /boot, the password wasn't prompted until after the kernel loaded.

On my desktop was where I had an unencrypted /boot. I'm running Gentoo currently on my laptop but I'm wanting to switch back to FreeBSD. I want to use UFS though with an encrypted /boot partition.

I don't have any need or desire to use any of the bells and whistles of ZFS. When I was using FreeBSD on my desktop, UFS worked perfectly fine.

This is the post I came across in question: forums.freebsd.org/threads/is-full-…-encryption-with-ufs-possible.92399

gbde geli for ufs, and then openzfs / zfs has encryption

how well each one boots i have no clue, i know their working on secureboot

securing the uefi/efi partition the secureboot part. someday.