lw, ping

is it normal for jail cronjobs to run some seconds late ?

HER: Not that I've noticed.

i used this: * * * * * /bin/date >> /tmp/cron_minute

in host it runs each minute at :00

in jail it varies

is there a Freebsd 12 pkg archive/mirror? Need to get picocom for a Pfsense

you're running a firewall with an OS that is EOL? o.O

these days?!

yes, matey, it's how you do it

everybodys doing and nobody talking about

it's some netgate appliance, if I update it pkg goes to hell, can't install anything, it's a longer story

anyway, no fbsd 12 archive on the back alleys?

pkg archive ?

there is none that i am aware of

right, so what are my options here? install fbsd 12, get the ports tree if still available and generate a pkg?

picocom has practically no dependencies so you shold be fine

I would honestly just get the source from upstream and build outside of ports if it's an emergency situation

doesn't even need gmake

HER, i have cron_flags="-J 60" in my bastille jails

scoobybejesus: oh. i will have to try that

I just have this netgate appliance, can't compile anything, will install a freebsd 12 and copy over the binary, cheers jbo

why not just install freebsd 14.1 then?

netgate pfsense is basedon fbsd 12, just for compat sakes

wat

wait

do you need picocom on the appliance or on another host to interface the appliance over serial?

on the actual appliance - so I can interface a switch :)

other than why are you not just interfacing the switch from another host... no way that netgate is actively distributing something based on an EOL'd FreeBSD

it's an old appliance, jbo , updating it breaks pkg, it gets complicated, I just want picocom and my desktop icons back in penis shaped as they were before

alrighty

if it helps: I used to run pfsense myself for many years until I eventually just ditched it for stock FreeBSD

have not looked back

appreciate it, but I was just given it and told to do some task with it, not my choice

anyway, thanks for the help

cheers

Nux, Really just using the background image of the icon background is good enough though, right? :-)

rwp, you know, web dude :)

*you know it

It was fun to find someone else who knew that reference. It's a new classic!

yeah, that's how I discover the over-40s

Hold on... I'll start reciting Holy Grail references... :-)

Shrubbery!

... and, back on track.

those will have to wait for tomorrow, it's 2am here, night folks

In Japan it's the knights who say 2.

Good night!

scoobybejesus, I never knew about that cron_flags -J 60 option. And the -j 60 too. That's pretty useful to avoid the thundering herd problem.

what would be the best way to setup x without a video card? still want to be able to connect remotely.

VNC+

VNC?

remote X is S L O W

deepthaw, You said two things that in my world are in conflict. "remotely" and "x". Those do not go together. Remote X is so painful with any of the technologies that I suggest not using it.

What things do you want to be doing with this remote system?

I use my pi via VNC, its fantastic

well phooey then.

How remotely is your pi? Across the LAN is not remote. That's Local Area Network.

I mean, remote X via LAN is still terrible

deepthaw, You can still try it. I may poo poo it but people do things I don't approve of all of the time! :-)

meanwhile, VNC is good

VNC is much better than raw X for certain.

but you're right, however, I'm not going to open the ports

but I'm sure its doable

you can always use arcan

and by use I mean, become a developer because only devs can use it

I don't know if the linux compatibility layer would allow NoMachine to work but it's better than VNC.

hi folks

I'm new to BSD

and the journalctl follow log option does not work I think

it gives me a non-zero exit code

I have read in the UNIX handbook it's not good

journalctl is a systemd/linux thing, here you want something like `tail -f path/to/your/logfile`

I think my HDD is dying ahcich0: Timeout on slot 13 port 0 (ada0:ahcich0:0:0:0): WRITE_FPDMA_QUEUED. ACB: 61 0 (ada0:ahcich0:0:0:0): CAM status: Command timeout

jimmiejaz, or cable

can you compile freebsd on a pi4 8gb

(as opposed to using a memory-constrained VM with no disk space)

I compiled FreeBSD on raspi1 from 2011 (which serves me well since 2012 to date). It takes time but worked.

I wouldn't try to "compile" FreeBSD documentation to HTML with Hugo or Jekyll though ;)

so long as we can use -j4...

is 8gb enough for -j4?

Soni: ~1.5-2gb budget per job seems fairly reasonable to me

I'm having trouble starting a vnet jail

hello... C neophyte here... Am starting to read /usr/src... Any tips on where to start? I'm guessing start with userland..

I'm trying to pass it an epair (the "b" part) and it looks like it performs "ifconifg epair0b vnet 0" but that command is failing with "SIOCSIFVNET: Device not configured"

I'm trying to do all the ifconfig setup in "exec.prestart += ..." and I'm probably just missing something

but i create the interface and run an "ifconfig epair0b up", and...I'm not sure what else should be required

tjpcc: vnet 0 seems wrong

vnet 0 is the first vnet for prison0 ("the host"), a jail with a new vnet will (iirc) be assigned vnet# that matches the new jail's jid

oh that's probably my problem - I tried counting from 0 and I was explicitly setting "jid = 0"

kevans: thank you! using 1 works fine

tjpcc: ah, good to hear. sorry that the error message sucks / leaves so much to be desired

Hm... if you have multiple networks in wpa_supplicant, your device will continuously broadcast until one of the APs is picked up? But this means other people around you can intercept what SSIDs your device is looking for, no?

the only way to fix this is to comment out SSIDs you do not want to connect to in public...?

and then reload wpa_supplicant

or is there a better way to do this?

is "exec.poststop" a reasonable place to put "ifconfig epairXb destroy" to clean up the epair? "service jail stop" is bringing down the jail just fine but I'm finding the epair is still there.

from testing I've found I can call destroy on either the a or b, so I've got: exec.poststop = "ifconfig ${vnet.interface} destroy";

ah sorry I figured this out pretty quick. I think the poststop runs too early and the 'b' was still hidden on the host. It can destroy the "a" side just fine though.

all good. just found the FreeBSD Developer's Handbook and Architecture Handbook.

polarian: if you ktrace your bhyve start, anything interesting in subsequent kdump for nmdm?

tjpcc, Here is some copy-pasting out of a working jail example here (which uses a second NIC for jail networking): paste.debian.net/plain/1323452

kevans: never used ktrace before... not too sure how to do this...

ktrace -di bhyve ...

then kdump | less and poke through it

thanks :)

I missed the d

ktrace: unknown facility in bhyve

hm

wait

shouldn't see that unless you passed 'bhyve' as an argument to -t for some reason

ktrace -di <command you were already using> should just work

thats what I did...

wait hold on... I think I typoed

rwp: thanks, its helpful to see examples

yeah apologies I typo'd it :)

tjpcc, That's from a "lab machine" I am using to try things out myself. I am using the second NIC connected to bridge0 for all of the jail networking. That's going to need to be somewhat different on a single NIC system.

I don't (yet) do anything with IPv6 there, because I don't have IPv6 here on this network to do anything with.

I mean for networking just between jails there's no NIC needed at all

kevans: kevans I got the ktrace... although I am not sure what I am looking for to be honest...

polarian: maybe let's just start with: `kdump -H | grep nmdm | nc termbin.com 9999`

if there's anything nmdm-related in that bad boy, we can dig deeper

oh I used the wrong flag

that would explain the useless data :P

tjpcc, Here is the jail gateway2 pf.conf file to do the "virtual lab" internal routing: root@zima2:~# cat /jails/gateway2/etc/pf.conf

ext_if = "ja0"

int_if = "ja1"

#table <rfc1918> const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }

 

# Allow anything on loopback

set skip on lo0

 

# Scrub all incoming traffic

scrub in

##no nat on $ext_if from $int_if:network to <rfc1918>

no nat on $ext_if from $int_if:network to 10.0.0.0/8

 

# NAT outgoing traffic

nat on $ext_if inet from $int_if:network to any -> ($ext_if:0)

 

# Reject anything with spoofed addresses

antispoof quick for { $int_if, lo0 } inet

 

# Default to blocking incoming traffic, but allowing outgoing traffic

block all

pass out all

 

# Allow LAN to access the rest of the world

pass in on $int_if from any to any

block in on $int_if from any to self

 

kevans: termbin.com/24hj

# Allow LAN to ping us

one line :P

pass in on $int_if inet proto icmp to self icmp-type echoreq

 

polarian: also, can you describe your setup a little bit more? are you running bhyve(8) on bare metal just on the host, or in a jail, or something that needed back flips?

Oops! That was supposed to be paste.debian.net/plain/1323453!!!

I am surprised the global bot did not kick me for that. Sigh. Oh well.

kevans: bare metal

After that goof I think I will crawl back under my rock again. Sorry everyone!

rwp: please use a pastebin

polarian: w/o jail?

yes

sorry...

does the handbook have information on ktrace + kdump?

there is a section on kernel debugging but a brief search I couldn't find ktrace mentioned

polarian: ok, so we'll need some more context there- can you just drop the full kdump into a termbin, please?

not sure

kevans: termbin.com/atkp

seems to be truncated, didn't realize there was a limit

I guess maybe the last grep you posted to termbin, but add something like -C 20

20 lines of grep context should be fine

sure

kevans: termbin.com/b44u

ok, so there's something else going on, maybe

we opened nmdm0B just fine, which means the clone worked and nmdm(4) likely absolved of guilt

kevans: so... what do you advice then :)

advise*

hmm

so we have nmdm allegedly wired up to com1, but neither side is showing up in /dev

Indeed.

-40

works just fine when i tried with cu... opened a nmdm device (A) and then A and B showed up just fine on the host...

(ignore that math bit, sorry, something else)

hmm

I think that'd suggest we closed the nmdm for some reason

wait let me try with stdio then

hm actually

kevans: dpaste.org/02nPU

then sh: turning off NDELAY mode

detaches from standard output too?

I'ma fraid you've exhausted by bhyve knowledge several lines ago :-)

s/by/my/

still had more knowledge than me :P

welp I guess I wait on the mailing list and hope some very smart developer can help out :P

What make freebsd-update second install (userland) so dog slow?

"sudo bastille pkg ALL upgrade -y"

I love FreeBSD.

hmm my jail is stuck in the dying state

so I guess I'm likely to return to FreeBSD as a server OS for the first time in several years. have had DragonflyBSD on my home server since around 2014

welcome back

HAMMER is nice especially since my old home server only has 2GB RAM, but unfortunately package updates are quite slow to come down the pipeline. there hasn't been a single update to the ports collection (and packages by extension) since february

ports is automatically pulled from FreeBSD and combined with patches, but all of that happens in a staging branch which has to be manually merged before the repo builders pick it up

as much as I like running more obscure OSes, I also like having up-to-date software, and the "obscure" part sorta entails that there's not a lot of manpower behind the (presumably very tedious) process of maintaining a repo

was considering OpenBSD or NetBSD for this new box I picked up but I've got one application for it where I'd really like to have the ability to put a hard limit on the CPU % this application takes up, and it appears that FreeBSD can do that

I run a chess bot on lichess. my current home server is like a 15W Atom, so I can let the chess engine drive the CPU at full tilt without wasting much power or generating much heat, but this new box has like 6x the TDP

it seems like I can cap the CPU percentage that an entire jail is allowed to have, though I'm not sure if I can do it outside of a jail, just for a single process and its children

if there's like a generic Bastille template I can build off of for a python application, then spinning it up in a jail might be convenient enough

there's a program called cpulimit that sends SIGSTOP/SIGCONT to a process according to its CPU usage github.com/opsengine/cpulimit

apparently there's rctl for resource limits though it seems like it requires a custom kernel build? at least as of 2015, so maybe that's too out of date forums.freebsd.org/threads/limit-cpu-usage-by-process.52556

tm512: it's standard in GENERIC these days

Howdy, folks!

Managed to get an extra PC(Free of charge from a friend of our family).

And of course, managed to install FreeBSD on it.

In fact, i'm using it right now.

Which means, i now have 2 FreeBSD installs, 1 being a i3/486 Laptop, and the other being a x86-64/amd64 PC.

nicholaus04_: cheers mate

And my brain just realized i'm already on libera.chat, but on another PC(My linux one.). Hence why i have an underscore after my name.

Hecate: Also, thanks!

Included with the same thing, was a few old phones (One android powered one, and a flip-phone.), and a monitor that was meant to be used on the new PC, that i decided to use for my current linux-based one. And a printer.

I like to install a different OS on each when possible, I can use them for testing program on all

s/program/programs/

And yes, just like my current PC, it's an HP one, with 4 CPU cores. But unlike it, it doesn't have much in the way of RAM.

Another thing is that it even has out-of-the-box support for PS/2 components in addition to USB.

zwr: this is what VMs are for :-)

kevans: True, but there are some cases where you need to test it on actual hardware.

my main machine is OpenBSD which is terrible for VMs, and real hardware is different. I already found a bug in the NetBSD kernel just by trying to boot it on a machine, panicked on startup.

i'd argue that the vast majority of people aren't testing things where the distinction between baremetal vs. virtualized is important

you can find bugs specifically by running it in a kind of VM too. One time I wanted to learn 8086 assembly but discovered interrupt 1 was broken on DOSBox when I tried to DEBUG.EXE a program. The entire register file would randomly corrupt, but only rarely

just do both I guess. But I wonder how many people are doing real hardware vs virtual machines?

I haven't found anything specifically because of the hardware on my FreeBSD laptop, but I've compiled plenty on it. It's nice to have no load on my main machine

the DOSBox thing was using the FreeBSD laptop too

For me, i would just do both real hardware/bare metal, and VMs in terms of platform support tests.

Though for (MS-)DOS, i would perfer doing real hardware tests first, then testing on DOSBox(-X).

Howdy, folks!

Hello

I tried to install gitea in an iocage in TrueNAS Core which is based on FreeBSD

When I manually run gitea it works just fine

But when I try to 'service gitea start' it does nothing

The jail is based on 13.3-RELEASE

Can it be a bug of 13.3?

i am running gitea in a jail. it started as probably 13.0 and now is 14.1

scoobybejesus, I get nothing after 'service gitea start'

i assume the rc script is there in /usr/local/etc/rc.d/ ?

hmmm

it is /usr/local/etc/rc.d/gitea

it is listed in output of 'service -le'

it is its content: paste.debian.net/1323494

i mean, one thing you could do, which will give a lot of output to sift through (ideally, the only interesting bits will be at the end when it presumably fails) is to edit the script and put a `-x` i think it is on the shebang line so it will print out everything it does

interesting. mine doesn't have the start_precmd

maybe i should add it

i also don't have the thing, it's checking on, the gitea_configcheck_enable variable

scoobybejesus, It does only 'gitea doctor check' before starting gitea

scoobybejesus, So you say the 1st line should be '#!/bin/sh -x' ??

yeah, i would try that and see the output

scoobybejesus, Can you understand anything from the output? paste.debian.net/1323501

looking at the end, it looks like it launched. what do you see if you tail the /var/log/daemon.log ?

scoobybejesus, I see this paste.debian.net/1323502

ah right

sorry. how about tail /var/log/gitea/gitea.log

something is wrong when it wants to listen on port 3000

PID 36652. Received SIGINT. Shutting down... odd

do you have something else running that is taking port 3000? maybe the gitea you manually ran is still running?

scoobybejesus, How could I know that?

ps aux | grep gitea

or look in htop/top

yeah there is a process gitea already there

the second column is the pid, i think. i think you can kill -9 ###, where ### is the number of the pid

or just restart the jail

which would start the process on it's own

scoobybejesus, I think it only recognize 'grep gitea' paste.debian.net/1323504

No gitea at all

sockstat -l -4 | grep 3000

no output

is this a vnet jail?

scoobybejesus, Of course

the IP address you gave it is different from the host address, i assume?

i was going to tell you to do the same sockstat command on the host, but i guess the host should not be an issue

in your /usr/local/etc/gitea/conf/app.ini, in the [log] section, is there a LEVEL listed? mine is at Info now. maybe you should try again with LEVEL = DEBUG or even TRACE, and then running again and looking at the log output again

scoobybejesus, It always gets these 2 lines in gitea.log:

2024/07/17 00:15:35 ...s/graceful/server.go:70:NewServer() [I] Starting new Web server: tcp:192.168.8.204:3000 on PID: 36652

2024/07/17 00:15:45 ...eful/manager_unix.go:203:handleSignals() [W] PID 36652. Received SIGINT. Shutting down...

I can't remember if vnet jails need this enabled, but in your jail.conf, you might want/need allow.raw_sockets = "1";

but i am running out of ideas

scoobybejesus, Maybe it's a bug: go-gitea/gitea #25159

i'm on 1.21.6 fwiw

my gitea version is 1.21.11_3

also, that doesn't look like a bug. the person wrote a script that misbehaved

a curiosity i have is if you changed -p {pidfile} to -P {pidfile} (capital P) and commented out the procname line

hi

aaaaah

file /var/run/gitea.pid is always empty

hi , on linux there is a xbox one controller driver called xone which let me use the controller as usb audio card and works nicely on one pc i have without integrated sound card i was able to make the xobox controller here on fbsd with xbox360gp driver but no sound working anyone have an idea how to make it work ?

anyway, momken, this is what i followed when i set it up: ccammack.com/posts/jail-gitea-in-freebsd .. not much to it, though it seems like you have something else going on. i don't know how to find where that SIGINT came from