damn martinrame left :/

Hmm vuxml.freebsd.org/freebsd/f4297478-fa62-11ef-b597-001fc69cd6dc.html

patched version pushed to the port tree on the 6th, its now becoming the 9th and still no port compiled for the pkg repo...

but there is a llvm update which was just pushed to the pkg repo, and that had no vulxml entry... surely updates which fix cves should be build first!?!?

I assume its just a normal queue, FIFO

so build it yourself

hm, which recent llvm update do you mean?

I just got a basic nvidia graphics card (MSI 1030) and I'm trying to get it to work

I was using scfb

so far I've uninstalled xf86-video-scfb

cloned the ports git repo - I'm on 14.2 quarterly and afaik that is stiil for 14.1

made and instaled nvidia-driver

stll

kldload nvidia-modeset looks OK

but starting sddm does nothing

might have found it

I hadn't removed 20-scfb.conf but that doesn't fix it either

got it, needed to nvidia-xconfig

I'm having OpenVPN 2.6.13 problems. Server is on FreeBSD 14.2 - all clients on FreeBSD14.1 have a "ETAFssh_ssh_dispatch_run_fatal: Connection to <IP_ADDRESS> port 22: message authentication code incorrect" problem. Updating the client to FreeBSD 14.2 solves the problem - if I was to file a PR where should it go? Some detail here: dan.langille.org/2025/03/09/problem…-is-freebsd-14-2-and-client-is-14-1

dvl: does interactive ssh work or no?

also can you compare the list of `ssh -Q mac` on both the server and the non-working client?

hello

I've set up a poudriere server to build packages for software used on another server. That server has some software installed on the host and additional software running in different jails. Would it be better to create a separate poudriere jail for the host and individual poudriere jails for each jail?

o_O

Yo we heard you like jails so we put a jail in your jail.

I cant figure out how to do a keyfile on a usb stick to autodecrypt a server on boot

the man pages have an example but I cant figure out how to get it working

the example in the man pages seem so store the keyfile on the boot drive, to decrypt secondary disks

or usb sticks

none of it explains how to use a usb stick (unencypted) with a keyfile on it, to decrypt the boot disk

imma mess with loader.conf a little more but how would I give a path to a keyfile when the usb wouldn't be mounted...

hmmm I guess loader.conf will mount anything referenced, and then its the relative path from / on the filesystem

so if the file is in / say "master.key" it would simply be master.key as the path

I assume /master.key would work too

rtprio: yes, interactive ssh is possible over the VPN. I don't usually use that, so it took me a while to test.

[working on the other answers now]

rtprio: `ssh -Q mac` for server, 14.1 client, and 14.2 client - gist.github.com/dlangille/576e8c75f7cc984420cbfe3b8abf18bb

TommyC: I do run poudriere in a jail. Love it.

CyberCr33p: When you say separate poudriere jail, do you mean as in `poudriere jail -c`? If it helps, I have many jails, and one poudriere instance. It builds repos for use by all of them. I have one main repo (`primary`) and a list of ports to build for that jail. You could have a different build list, each creating a separate poudriere repo, for each jail. Or as I do it, one repo for use by all of them. `sudo poudriere bulk -j 142amd64 -p default -z primary -f

/usr/local/etc/poudriere.d/buildlists/primary` <== builds the main repo

CyberCr33p: If you have a special jail, which needs different config options for some reason, you could either 1 - one repo just for the packages in that jail, or the simple way. create a new set: `sudo poudriere bulk -j 142amd64 -p default -z SPECIAL -f /usr/local/etc/poudriere.d/buildlists/primary` - then create /usr/local/etc/poudriere.d/SPECIAL-make.conf which has the options specific to that jail.

CyberCr33p: This is an overview... lots more to learn about that.

that's annoying, you can't create a vxlan in a vnet jail?

and if you create it in the host and put it in a jail, you can't configure it :-(

Hi, I'm trying to configure pf to filter packets but, on the same machine I have nginx running as a reverse router for web sites running on other jails running on the same server. So, when a packet enters into the firewall it allows all packets for port 443, this is handled by nginx, then the packet if forwarded (via reverse proxy to, for example 192.168.100.209:4000) and should return to the caller.

My problem is packets enters, but not return...

If I do curl -v "192.168.100.209:4000" from the firewall I get the correct results.

that is a longggg ip address

BTW, I can connect to other redirected ports, for example 2222 -> 192.168.100.101:22 without issues.

and he's gone....