07:06:49 dogg0, that has nothing to do with your shell or term, I can reproduce exactly this behaviour by pressing ': -a' in vi (not sure why I press this, but sometimes happens). You can simply exit this state with ':q' 07:08:31 this doesn't happing in vim though; must be another key combo there 07:27:42 -w, s actually splits the screen in vim, vi probably has similar functionality. Anyhow, ':q' solves your 'problem' dogg0 08:53:29 so i'm trying to work out getting my nvidia P400 into a jail and i'm working on seeing if it works at all on the host and got this... https://his.macer.life/@macer/115785009424595380 08:53:58 fatal trap 09:07:27 vkarlsen, Stuck in the middle with you -- got it. 09:14:18 Macer: you already tried to use it directly and it works like that? I have no idea what a jail should make diffrent there so that it leads to a trap in kernel 09:21:38 nimaje: i didn't even get to the jail part yet. i was just seeing if nvidia-smi worked on the host 09:22:28 i'm not sure how important it is to do nowadays but i vaguely remember having to put it in persistent mode to get it working with plex or jellyfin. but maybe i'm wrong. i just finished getting jellyfin running in a jail so i'll have to test it out 09:27:02 ok, yeah no idea about nvidia, you writing jail in that message made it seem like it was jail-specific and I wanted to confirm that 11:22:55 I'm currently testing FreeBSD 15.0 and I tried the auto-installer with ZFS. According to the handbook I should use twice the sice of RAM for swap. So since my vm has 4G RAM I expect swap to be 8G but the installer suggested 2G. Is that just the installer default or did something change here? 11:29:56 that is the installer default, but well, you don't need as much swap anymore, for kernel crash dumps it would be good to have the same amount of swap as ram, but else you need less and less swap as you increase ram, not sure where the 1:1 ram:swap suggestion lays, I think it was with 1G ram and with 16G I think the suggestion was 2:1, but not sure about those numbers 11:47:24 Okay, I guess for my 8G machine I will just use 8G of swap then. 11:58:25 Liaf: if you plan to use poudriere (you probably don't) and you have less than 64 GB RAM with 8+ cores, you might want 32 GB of swap space just in case 11:59:57 Remilia: I won't use it. I currently just test 15.0 a bit on my local hypervisor to get a feeling for what I want when I migrate my mail and nextcloud server :-D 12:06:25 I was thinking today about freebsd supply chain attacks, if I remember correctly the port mirrors are not signed but anything... 12:07:02 My two largest struggles at the moment are a) switching from UFS to ZFS which I haven't used since 12.x I think and b) if I want geli encryption on a remote server or if the hassle isn't worth it :-D 12:07:44 would be cool if we could embed signify into pkg and the releases 12:09:48 polarian: isn't there a checksum on the ports git? I thought that gets verified but I never checked 12:10:49 Liaf: a checksum isn't the same as cryptographic verification, and I dont know anything about this 12:12:37 GNU Privacy Guard supports cryptographic signatures, but it has the wrong license... 12:13:23 polarian: what do you mean by cryptographic verification? 12:20:48 Liaf, IMHO, is the processess whereby the author signs a file with his public key, so that the receiver can verify its authentity. 12:23:17 ant-x: you sign it with your private key. the reciever can then verify the signature using your public key 12:23:44 or decrypt if needed 12:24:17 of cause you then need the recievers public key to encrypt 12:24:25 ant-x: ah, got it. 12:27:48 BarnabasDK, yes, but there's also clearsigning, where the paylod is not encrypted, if I am not in error. 12:28:23 ant-x: yes. 12:28:35 * ant-x nods. 12:28:51 the reciever still needs your public key to verify 12:33:28 Yes, I never said he did not. Bu this is /exactly/ the same as with checksums: you need the checksum to verify. 12:34:39 Liaf: I don't know any published checksums of the ports tree, the individual ports contain checksums for most stuff that gets downloaded, to ensure that it is exactly what was expected, but that doesn't mean the sources the ports maintainer write into the port are what was released by the upstream maintainer and that also that doesn't mean anything for the resulting pkg, but the resulting pkg repo 12:34:41 should be signed by the builder (see signature_type in the repo config, but not sure what guaranties the default of fingerprints gives) 12:38:50 well a checksum has not got anything to do with authentication, just verification of the file contents imho 12:39:11 which may be all you need 12:41:55 nimaje: yea, I was thinking the threat model was that someone takes over a mirror. Then the checksum would be enough to verify that it differs from the original file. If we talk about someone compromising the whole "update" of a port then yes, the checksum is not enough. 12:42:40 hm. i managed to get the nvidia driver installed but it doesn't seem to want to work for a jail 13:19:51 On my test system I've added a user and set the home directory to be encrypted with ZFS. I set a passphrase and rebooted the system. However, the system decrypts the home directory during boot but I cannot find where it stores the key. Any idea where to look? 13:26:44 hm, the pam module responsible for unlocking is named pam_zfs_key, but it seems like it is missing documentation, iiuc it uses the password of your user in some way for unlocking 13:50:34 latest firefox-esr-140.6.0_1,2, youtube can play anything but live streams 13:55:54 I have to say that v15.0 is really nice. Also first interaction with packages instead of distribution sets. 14:00:39 I didn't try the packages yet but I guess I'll reinstall it later anyway :-) 14:39:20 hm 14:39:23 ./nv-freebsd.h:17:2: error: This driver does not support FreeBSD-CURRENT! 14:39:26 and i'm running RELEASE 14:39:32 kind of odd 14:58:41 blah. i'm at a loss here. i really don't know where to even look 15:19:55 Hello everyone, I would like to talk about (kinda ask for advices) setting FreeBSD. I have been running freebsd 15 stable, no problem with the system. Everything works fine, I wonder, how do you guys manage to upgrade systems... Let me explain, I'm thinking to switch to freebsd current, but I would need to save my gpg keys and all config files. Do you guys keep one system with a stable release and another 15:20:02 one to run test (like current, or openBSD, netBSD, etc...)? 15:25:04 you know that current and stable are development branches? But you should be able to just upgrade without losing what you have saved on the system as long as there is no bug that deletes random user data. So you should keep backups anyway, as bugs happen 15:27:01 I didn't know that both are dev branches. I will do some research about how to upgrade. I'm still learning more about FreeBSD 15:27:20 But yeah, I will do backups before trying to update 15:33:02 if you're a new user, i don't know why you would want to use current 15:33:37 if you use zfs, you can use bectl(8) to make a copy of the current system before upgrading 15:39:04 "stable" in the freebsd version means the ABI (and KBI I think) stays stable and is the branch to develop the next minor release, stuff from current can get merged in there as long as it doesn't change ABI 15:40:02 ok. i'm at a loss with this :/ 15:40:14 i guess maybe native fbsd nvidia driver doesn't come with cuda? 15:41:18 I don't know but I wouldn't count on it 15:43:18 and the actual nvidia one thinks i'm running CURRENT heh 15:43:20 sigh 15:43:27 otherwise jellyfin seems to run great 15:49:20 hrm, my jellyfin does fine with software 15:50:01 are you doing much transcoding for your media? 15:52:23 if it's for jellyfin, don't you only need NVENC, not CUDA? 15:59:54 rtprio: I'm trying to learn to contribute to FreeBSD, so using current seemed to me like a good option. 16:00:48 nimaje: What ABI and KBI stands for ? 16:01:49 uh 16:04:18 Never mind, just googled it. Silly question 16:11:50 ivy: not sure heh 16:11:58 either way i can't get ffmpeg to use it on the host either 16:22:08 guess i'll have to do it the ugly way and use a VM and pass the gpu through 16:22:22 that kind of sucks. i sure wish i could sort out how to get this nvidia P400 working in a jail properly 16:48:18 crap. i really should have used beadm for this 16:48:42 i totally forgot to snapshot the boot env so now i'm sure i have proprietary nvidia module stuff everywhere and that didn't work anyways 16:49:05 think i'll just go ahead and start over and start with the gpu 16:49:43 Sounds like my way of working, Macer, I always think of taking snapshots after tthe harm has been done 16:52:27 yeah 16:52:34 because now i'd have to hunt down wherever it pu tthem 16:52:46 let me look at the install script and hunt it all down manually 16:58:03 Macer: can the host not keep up without acceleration? 17:01:10 rtprio: probably.. but why do that when i can use the lower powered P400 17:01:24 it's a ryzen 3700x so i'm not sure where that would top out at 17:01:54 i had nvidia-smi working .. .other than it causing a reboot when trying to put it in persistent mode 17:02:10 but i couldn't get it working on the host with ffmpeg or in a jail with either ffmpeg or jellyfin 17:02:23 so i tried the proprietary drivers and those didn't even work with nvidia-smi 17:04:58 my jellyfin is a vm on a E5620 and it does fine for less than 4k 17:13:32 ok.. i managed to get it back to the state it was in prior to using the stuff FROM nvidia 17:13:49 pfew 17:13:52 although i think i'm at the point where i'm about to just pass it through to a vm 17:14:05 this seems impossible. i can't really find much information on how to do it either 17:14:56 you're a pioneer, our Columbus 17:15:13 Macer: at some point this was just broken, not sure if/when it was fixed, you might want to search bugzilla 17:21:25 ivy: what was? 17:21:37 Macer: nvidia passthrough 17:21:43 oh. for bhyve? 17:21:46 yes 17:22:02 well.. it seems broken altogether for me right now :) 17:22:33 like i don't understand how you're supposed to get it working 17:23:00 i almost feel like tossing my arc in it but the arc probably has worse support than the nvidia 17:24:04 what is arc 17:24:20 intel discrete gpu 17:25:11 i've thought about slapping a gpu in my r710 bhyve host 17:25:18 [hevc_nvenc @ 0x32774cc1b500] Cannot load libcuda.so.1 17:25:19 but without gpu passthru what's the point 17:25:21 blah 17:25:58 yeah heh.. using proxmox all you have to do is ckick and add render128 to a container and it "just works" (tm) ... the arc at least 17:26:12 *click 17:26:42 this is more of a personal project to see if i can find parity between proxmox and freebsd ... i sort of figured i'd have a huge hangup with this part 17:26:51 i don't need/want the clicky proxmox; just need to wait until some patches land for bhvye 17:27:01 saw a usb passthru is in the phrabicrator 17:27:44 i sort of expected it to work in a jail fairly easily .. but i can't even get the transcoding working properly on the host .. let alone a jail 17:28:08 i guess the nvidia stuff is only meant for using a desktop maybe and just isn't built for this stuff for fbsd? 17:28:55 it should still transcode, without the video card 17:29:38 oh. sure. i can do it on the cpu.. but.... :/ 17:29:55 that just isn't efficient nowadays 17:30:24 and i mean... my P400 absolutely crushes the cpu transcoding .. and that thing is ancient.. my arc absolutely crushes the P400 :) 17:30:39 those intel arc cards are something special 17:30:47 (for this use case) 17:32:06 i mean, the P400 is almost 10 years old :-) but yes, Intel does provide quite decent encoding hardware, i think those even have AV1 support 17:32:16 they do 17:32:50 my ryzen 3700x that i'm doing this on is rather old too. 17:33:15 i thought about putting one in here, but i already have 2 x8 cards (nic, hba) so i'd have to file off one of the x4 slots to fit the gpu in 17:33:26 i actually replaced it with a 1u supermicro that has an arc in it for proxmox just for this 17:33:46 yeah i had the same problem. i was going to use an arc in an ancient 1u i had but it doesn't have pcie notches 17:34:04 notches should be standard :/ 17:35:18 they probably omit them deliberately for market segmentation 17:35:34 yeah but the 1u is a server board lol 17:36:25 it's kind of rare to see the notches though. i guess maybe some boards have them.. like back in the day i'm sure there were plenty of boards with 8 pcie x1 slots with notches 17:37:09 i think then people were actually cabling them into cages or something. blame matt damon. 17:37:48 why do you want to transcode those videos? isn't the result of that mostly quality loss? 17:41:17 nimaje: imagine you have a library of high quality (4K) HEVC/AV1/whatever movies, and you want to play them on some old streaming stick that only does AVC, or only can decode 1080p, so you have to transcode it 17:41:49 yes, it reduces quality, but it's not really noticable for casual viewing 17:42:16 most people prefer to transcode on the fly rather than keep 2+ encodes of everything around permanently 17:43:53 also tonemapping HDR movies for SDR playback, although i'm not sure if hardware encoding actually helps with that... 18:06:50 I am still confused about my encrypted test home dir. 18:07:16 I have checked that zroot/home/test is encrypted with a passphrase and the keylocation is "prompt". 18:07:50 I found that in /etc/rc.d/zfskeys somehow the keys are loaded but somehow the system manages to decrypt the dataset without me entering a passphrase. 18:10:56 iiuc the password is the same as for your user and pam_zfs_key suplies it when you login for the first time (but currently misses unmounting the dataset when you log out of all your sessions, so it will remain readable until reboot) 18:11:30 I mean it's readable after reboot as well. I rebooted the system. Logged in as root via console and accessed the home dir. 18:11:42 No password or passphrase of user 'test' required 18:12:21 I mean it's pretty convenient but I would like to understand what happens :-D 18:20:18 ah, wait, did you add that user with encrypted home in the installer or manually after the fact? What I wrote should apply to the first case, but I only read a bit about it, I didn't play around with it yet; if you do it manually you can many things 18:22:15 rc.d/zfskeys should only apply if you have zfskeys_datasets in rc.conf (and maybe zfskeys_enable) 18:27:41 I added the user with the adduser command afterwards 18:27:57 I also checked and zfskeys is disabled so that wasn't doing the trick anyway 18:29:50 The key is also unavailable the whole time. 19:06:10 Liaf: maybe it's not encrypted ? 19:06:34 zroot/home/test encryption aes-256-gcm - 19:07:10 It should be but I just saw that if I execute mount the dataset does not show up. Only zroot/home shows uop 19:07:34 OK 19:07:51 so you have to decrypt it on login 19:08:08 do you have the password aka key set ? 19:08:24 A passphrase, yes 19:08:34 does it match user password ? 19:08:36 No 19:09:00 But I think adduser created the directory and uses it though there is an unmounted dataset 19:09:42 if it doesn't match user's password, you will not be able to unlock it with pam module 19:09:52 can you load the key ? 19:10:02 zfs load-key -a 19:10:22 I can 19:10:26 And I just figured it out 19:10:44 It's like I said. adduser creates the directory and afterwards it creates the dataset 19:10:45 do you want to unlock it by hand from root's account ? 19:10:50 OK 19:11:05 So after reboot there's an empty "home" that is accessible but the real "home" is unmounted 19:11:21 I deleted /home/test loaded the key and zfs mount zroot/home/test 19:11:36 Now it's not only there but all the .files are also in the directory. 19:11:51 do you want to poke it with each reboot ? 19:14:55 Well I would like for it to be encrypted and get decrypted at login (gonna test this now with a new testuser and passphrase == passowrd as you mentioned). 19:15:38 I'm just happy I figured out that I had "two" directories and one wasn't the dataset 19:17:27 Liaf: when dataset name will match username and dataset password will match userpassword, and user needs password for logging in, you can use pam module for automation 19:17:55 but if for example your user logs in via ssh it will not work 19:18:29 but you can still add extra, encrypted dataset for this user and use pam module 19:20:11 Okay, for now I am very happy I figured out what I did wrong :-D 19:20:51 Now the next step is to figure out if I want full disc encrpytion with geli and if I want ZFS encrypted home on a remote server. Both I have to decrypt everytime first :-D 20:01:24 https://crazy.macer.life/moving-to-freebsd-jails-bhyve-part-7-jellyfin-in-a-jail-with-hw-transcoding/ 20:01:31 boom.. ffmpeg works.. now to sort out how to get jellyfin to use it lol 20:01:47 i wonder if i can just use an alias for it somehow.. is there a way to make global aliases? 20:10:09 Macer: just create a wrapper? 20:27:27 cyric: hm 20:27:35 is that something that can be done in jail.conf? 20:27:48 i just need the jail to use nv-sglrun ffmpeg instead of just ffmpeg 20:28:05 unfortunately jellyfin for fbsd doesn't let you change this 20:28:08 i wonder if the linux ver does 20:29:06 guess not. it only has the path 21:07:27 experience* 21:19:17 is there some universal way to force ffmpeg to run as 'nv-sglrun ffmpeg' in freebsd? 21:19:48 this seems pretty hard coded in jellyfin 21:34:40 so using gpu passthrough to bhyve doesn't work. using an ubuntu jail isn't too practical because you don't get vnet... and i can't sort out how to force ffmpeg to use nv-sglrun. so looks like i hit a brick wall with hw accel for jellyfin. i'll leave it alone for the rest of the day. 21:40:07 what about the wrapper script suggestion? and what problem did you have with a vnet jail? 21:44:24 nimaje: i don't think linux jails support vnet.. only alias. at least bastille doesn't do it 21:45:00 nimaje: as for a wrapper script. i wouldn't know where to start there .. mostly because even if i did make the script how would i get jellyfin to use it when it seems to only want to use the ffmpeg bin heh 21:46:58 i tried making a basic script and moving ffmpeg to ffmpeg.bin .. that didn't work. i think jellyfin is actually hard coded to check for a ffmpeg bin.. but their matrix bridge is down now because of the earlier tomfoolery 21:56:33 https://crazy.macer.life/moving-to-freebsd-jails-bhyve-part-7-jellyfin-in-a-jail-with-hw-transcoding/ <- this is what i'm trying to do. ... but i need a timeout. :) 21:59:57 I don't see why linux jails wouldn't support vnet, but maybe the linux userland doesn't have the tools to configure interfaces on freebsd, then you would need to configure it from the host, most commands have a -j option for that 22:12:11 Is lang/erlang broken with ODBC enabled? 22:19:07 why do you ask? at least it is not marked as such 22:33:19 Macer: yeah, afik jellyfin uses it's own bundled ffmpeg 22:36:45 Macer: could you relocate that ffmpeg.bin to a shell script that calls "nv-sglrun ffmpeg.h0h0 $@" 22:50:32 This may be a bit dense, but I'm using "cp -a" and getting a bunch of chflag errors saying that the operation isn't supported. I'm trying to copy from a local pool to a NFS mount. All files are 755 and chown'ed to my current user. I've also set the same permissions on the mount point on both ends. 22:57:46 wipt: my first guess would be that files on your local system have some sort of ACLs enabled that the NFS mount isn't configured to support and so cp fails to set the mode on them 22:58:34 wipt: I might try rsync instead of cp because I believe you can have it do things like drop ACLs when you copy files 22:58:39 nprice: shouldn't be any ACLs set. Pretty simple set up for a family server. 22:59:08 wipt: what happens if you try cp -R instead of cp -a? 23:00:07 wipt: also maybe the NFS service doesn't have the rights to set the permissions on the target files 23:00:20 nprice: -R is clean, it's the -p flag that's doing it. I don't think I have this issue within the same pool. 23:00:48 maybe the uid is different across the systems -_- 23:01:11 wipt: that'd probably do it 23:01:20 wipt: have you tried to chown/chmod things over the NFS mount 23:01:25 same uid... 23:02:12 which files? 23:03:24 same group id and groups exist on both? 23:05:24 gid is different across systems, 1001 vs 0, both should have the user in the wheel group. 23:06:48 right, but cp -a is the same as cp -RpP and -p is trying to preserve the group id which doesn't match 23:07:12 its trying to preserve a lot of things, but thats the one that has bit me in the ass before, so maybe a place to look at 23:08:39 dkeav: but the cp man page says that if the uid "and" gid can not be persevered, no error is printed. Is that an inclusive "and"? 23:08:52 see if you can chgrp a file over nfs to 0 (or 1001) 23:14:01 wipt: i think that may refer to copying within the same filesystem, not to NFS 23:20:39 It looks like Jellyfin for FreeBSD just uses the ffmpeg in pkg / ports 23:20:52 rtprio: I tried that. 23:22:00 It still didn’t work. I tried moving ffmpeg to ffmpeg.bin and making a script called ffmpeg to “trick” jellyfin but it didn’t work. 23:23:10 Does $@ accept everything after as input? Maybe that’s where I went wrong. 23:31:35 $@ does not accept anything. It expands into the arguments, so that "$@" is reusable in invocations. 23:33:29 This may be the way subcommands such as "pkg install" may be implemented in shell: analyse the first argument, shift, use "$@" for the handler. 23:34:50 ant-x: ah that's what i meant. 23:34:57 essentially takes all the --settings for ffmpeg 23:35:05 rtprio: thank you so much. that did it 23:35:10 If you passed them. 23:35:20 let me double check that it's using the card 23:35:50 Macer, you can always debug your scrits, e.g. with echo commands to STDOUT or a log file. 23:36:53 oh wait. no it didn't heh.. i disabled nvenc in jellyfin. let me try again 23:37:23 | 0 N/A N/A 42485 C ffmpeg.bin 54MiB | 23:37:27 SWEET thanks! 23:37:45 probably going to be problematic when ffmpeg gets updated in pkg heh 23:38:21 Macer, observe that $PATH is search left-to-right. Put your overrides on the left. 23:38:29 Macer: you can do `chattr schg` to it to prevent pkg from clobbering it lol 23:38:38 lol 23:38:56 pkg will be unhappy but ffmpeg won't 23:38:58 nprice: it's a simple script. i just didn't know there was a $@ option 23:39:08 nprice: yeah :/ 23:39:14 it's a terrible way to do it 23:39:31 the only other option would be if there was a different dep with a differnet pkg for jellyfin on fbsd 23:39:40 that does this for you 23:41:21 #!/bin/sh 23:41:23 nv-sglrun ffmpeg.bin "$@" 23:41:25 just a 2liner heh 23:49:04 yeah 23:49:31 Macer: so does that work? 23:51:09 ill be damned 23:51:12 yo're welcome 23:51:28 Hello! I just changed my email address on bugzilla and it said I should get a confirmation mail where I can verify the new email address but I haven't received on yet. In the account information tab the new address is displayed as pending. Do I have to wait longer (waiting currently about 10mins) or is this process not automated? 23:51:32 yeah. i tried that but didn't realize i needed a $@ lol 23:52:29 one more thing down i guess. but that's going to be an issue unless i find a better way to do it lol.. i might have to script pkg upgrades 23:52:54 something that moves ffmpeg back and forth 23:53:14 you're using an external script to call ffmpeg right? 23:53:20 yes 23:53:27 but it has to be called ffmpeg 23:53:47 why does it need to be in the /usr/local/bin path, just put it in a non conflicting path and adjust your script to its new discrete path 23:54:08 pkg can update ffmpeg all it wants, your binary is safe over there and the script is still calling it 23:54:10 hm. i can try that out 23:54:37 i'm not sure how jellyfin searches for ffmpeg but hopefully it's from PATH 23:55:31 for now i'm going to work on adding libraries to it now that it's working. i still have to move onto the apache2 jail 23:59:48 FreeBSD people are moving from jail to jail.