00:19:19 Folks, two SA have been released, a list of openssl vulnerabilities which seem to elude to a RCE 00:19:19 I havent looked into it yet take it as a pinch of salt 00:19:19 errr... 00:23:02 anyways also security patch to jail 00:23:15 please update! This affects all supported releases :) 00:23:25 im going to leave my buildworld going overnight :) 00:40:56 i can't to do working redmine with nginx passenger and postgresql http://radio.yapyap.life 00:44:04 someone could help me ? 00:54:59 https://paste.debian.net/hidden/789a51b8 00:55:31 https://paste.debian.net/hidden/67ac3ff2 00:56:20 by /usr/local/etc/nginx/nginx.conf and nginx/config.d/redmine.conf 00:56:58 my* 01:00:56 what's the problem? 01:30:36 see http://radio.yapyap.lfie 01:30:47 http://radio.yapyap.life 01:31:24 rtprio: sorry i was try some command but just loop 01:33:05 rtprio: see http://radio.yapyap.life 01:40:30 no web app availe 01:42:09 avaible 01:50:55 https://bpa.st/3UG22 01:54:07 i so boring 01:54:16 i'd like it work 02:21:38 jack-sparrow: looks like you're almost there, is redmine configured correctly? 02:23:49 how looks like redminne configured correctly ? 02:26:23 redmine_plugins_directory ? 02:26:33 this really isn't a freebsd problem, can you ask in a redmine channel? 02:29:00 I have used rails with nginx+unicorn and with apache+phusion but not nginx+phusion but the errors say puma errors. And also undefined method `redmine_plugins_directory'. So seems there are multiple configuration errors. 02:31:31 i just use gitea/forgjo which is a single go binary and a lot easier to plop behind nginx 02:34:16 I invented a script machinery to have git generate dumb repos every time I push to my gitolite, and then use stagit to generate overviews of my smaller repos. It doesn't really scale well but w/e 02:57:25 random question and not specific to freebsd, but I thought it might be worth asking? Are there any applications (or ssh options) that'd run on the "server" and connect to a remote network endpoint and then expose that via stdio to the "client" where i'd be exposed as a local network port? does that make sense? 02:59:46 specifically I have a kubernetes cluster and a seperate db server not accessible publicly. ever now and then i'd like to be able to connect to the database server, but don't want to open it up, and I've been resisting setting up wiregaurd or openvpn on the cluster and having it run, though I don't have a great reason for not doing so...something about it feels like it has a smell? but I can't put my finger on it. I can't access the 02:59:46 nodes of the kubernetes cluster directly, I can only run containers on it. 02:59:49 ssh tunnels do exactly this 03:00:10 a package like autossh can ensure they connection stays up 03:00:12 mjp, I can't ssh into the machine, otherwise that'd be exactly what I need 03:00:54 how do you expect any solution to work if you dont have open ports or connectivity to services available? 03:03:12 mjp, I can run containers with stdin and stdout access and have just been avoidant of adding firewall exceptions. I was hoping that the proxying could be done via stdin and stdout 03:05:14 not sure i follow :) if you don't allow some kind of network connectivity you won't be able to connect 03:06:28 mjp well I was hoping i could have something connect from the container running in the cluster to the database, and something on my computer that'd expose a local network port, but that they could talk to each other via stdio instead of directly via networking 03:06:40 That description was pretty confusing to me too. I would always ensure I have ssh access available, possibly through a bastion host. If there isn't any ssh then that's beyond me. 03:07:12 How can stdin not be using networking? Isn't that the same thing? 03:08:07 rwp, they do use networking, but via whatever the kubectl command is doing. I can't ssh into the hosts directly. I can only run things via the kubernetes control plane. 03:08:57 I'm not expecting blazing performance or anything, fwiw :) 03:09:18 I am not a k8s person but that just sounds too limiting to me. 03:10:21 i would just open the ports required/expose the services that need to be exposed, use a firewall if required 03:10:56 How is it that you were wanting to "access" the database? For me that would be the command line "mysql" command. But were you thinking myphpadmin or something? 03:11:10 rwp: hello 03:11:43 Hello black. If you have a question just ask it. If you just want to chat then #freebsd-social is the chatting channel. 03:11:44 rwp, I am fine with the mysql and psql command line tools and running those in a container and connecting to the db is how I do anything I need to do. teammates like using fancy guis and stuff though, so... :-\ 03:12:05 mjp, yeah, it's doable, but I'm just trying to avoid exposing stuff 03:12:32 exposing sdin is still exposing stuff btw 03:12:36 I would not expose anything that isn't meant to be exposed, such as ssh which is designed for it. 03:15:47 mjp, stdio is being proxied via the control plane inside of whatever connections k8s is using for client-server, not a direct connection to the interenet 03:17:31 gp5st, Do you have console access? You could then log into the console tty for it. 03:19:06 rwp, i'm pretty much doing that when I run mysql or psql in a container 03:20:22 So... Then that's available to you? And good enough? 03:20:52 I use the console routinely. So that's generally good enough. Though it is a little tedious that there is no SIGWINCH there and have to manually size terminals. 03:21:55 rwp, it's fine for me. like I said my coworkers like using guis for stuff. I like being in the terminal personally 03:23:31 I only use the command line but I have set up phpMyAdmin for coworkers before. That can be set up behind an http basic auth proxy to keep it secure. Perhaps you can create a k8s node for it? 03:24:25 Of course my assumption that it is MariaDB will offend sensible people using Postgresql. But statistically speaking it is probably MariaDB so... 03:25:21 it's both. they like their desktop apps 03:25:33 i figured it was worth an ask at any rate 03:27:01 Kubernetes environments are pretty specialized-weird environments. Things are done differently there. And it always feels very bizarre to those of us not working in it. 03:31:36 it's not that bad tbh. we made a concious choice to use a hosted service to run the cluster (AWS EKS) and to choose that we don't want to be able to ssh into the boxes so that they stay "stock" and can be upgraded without issue via the service 03:33:04 Okay so it is AWS. Then can you set up a (bastion host) node that can access the database and use it to provide whatever access you need? You don't need to actually log into the database host itself. 03:33:28 we're primarily using it for basic "HA" and as an organization medium for small apps. It works pretty well for us. 03:33:38 There is no problem that can't be solved by adding another layer. Except for the problem of having too many layers. 03:33:46 I could set up a bastion. I was just hoping to not have an extra thing to manage 08:49:15 This is a very stupid thing to do, I know, but if I setup 15.0 with pkgbase and `pkg delete -a` it leaves the system un-bootable, even if you remove all the required packages. 08:49:46 kind of expectable.... but it's a different behavior than what would happen before. 08:51:14 I mean even if you answer "Y" every time pkg prompts you to remove a required package. Obviously, it doesn't include all the required packages. 09:38:23 freebsd-update(8) IDS reports that my timezone file is broken (SHA mismatch): how do I fix it? 09:50:43 exact message: /usr/share/zoneinfo/Europe/Paris has SHA256 hash 963879dc1b49a414519cf17ef85fe7bf314611b52169d7f37aa56d4b79b622b8, but should have SHA256 hash ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8. 10:32:17 Mine is ab77a1488a2dd4667a4f23072236e0d2845fe208405eec1b4834985629ba7af8 (15.0p1, FreeBSD-zoneinfo-15.0) 10:42:07 hey can anyone tell me if/when wow64 support will be enabled in wine? wine_devel 11.0 has it disabled: https://github.com/freebsd/freebsd-ports/blob/main/emulators/wine-devel/Makefile#L157-L160 10:53:23 guess what idiot left make buildworld going overnight but forgot to pass the -j flag 10:53:30 10 hours wasted using only a single core 10:53:33 fuck! 10:54:10 bloody hell.. shoot me now.. one of the other sysadmins at $day_job is using Gemini to update PHP code *facepalm* 10:57:58 polarian: At least the power consumption was low :D 11:09:43 pertho: well, old wow64 is supported, the hack where you install a 32bit version of wine into your users $HOME, new wow64 isn't supported yet where wine is build with support for both 64bit and 32bit, sadly neither the commit message nor the problem report updating wine-devel to 11.0 say why it isn't supported or what the current plan is, maybe you just have to enable it when building 11:10:44 vkarlsen: lol 11:16:30 nimaje: yeah it doesn't seem complete, and I can't find any messages on any of the FreeBSD mailing lists from a "monwarez⊙mo" (the maintainer according to the Makefile) 11:21:13 pertho: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291328#c17 11:25:56 nimaje: ahh didn't think to check bugs.. cheers 12:50:20 I followed everything in rtw89(4), but it still doesn't appear when I run ifconfig, am I missing something? 13:10:45 <[tj]> what does: sysctl net.wlan.devices 13:10:46 <[tj]> contain 13:12:00 net.wlan.devices: rtw890 13:13:20 <[tj]> ifconfig wlan create wlandev rtw890 13:13:59 <[tj]> https://man.freebsd.org/cgi/man.cgi?query=networking&sektion=7&apropos=0&manpath=FreeBSD+15.0-RELEASE+and+Ports 13:28:12 it works, I thought there was a mistake, but I could have just continued with the handbook instructions, thanks [tj] 13:30:30 <[tj]> no worries, it is not obvious if you don't come at it from the right angle 13:39:27 Any iocage users around? I've borked a jail: I interrupted by mistake "iocage update $jail" and then it wouldn't complete, so I tried to restart it. It wouldn't shutdown so I used iocage stop --force . Now when I try to restart it I get: + Executing exec_poststart FAILED 13:39:38 Script is not executable! 13:39:59 I've tried reverting to earlier snapshots create by iocage before update and none of them work 13:40:10 I'm on FreeBSD 14.3 14:45:50 polarian, if you ^c out of the build and re-run, the already built components should be fine. 14:46:32 (re-run with -jX I mean) 14:47:56 (I have the best luck with 1.5 * Cores. . . cores, not hyper-threads.) 14:48:46 CrtxReavr: I am aware :) 14:48:48 its still annoying 14:49:07 because I woke up to realise it wasnt done compiling... 10 hours wasted 14:49:14 it takes 6-7 hours to compile base and kernel 14:49:17 old laptop :p 14:49:33 but yeah after backing out and doing -j4 it compiled an hour or two later, and that was hours ago now 14:49:35 :) 14:50:19 For a time (years ago) I was using a 486/66 has a natd box. . . a buildworld would run about 24 hours on that bad boy. 15:14:01 damn 15:17:23 I have poudriere running and building only the ports I want to configure with non-default options, and the dependencies are downloaded via pkg. When a patch release happens, but all packages have not yet been built, poudriere detects this and starts to build them itself. At the same time, I want to automate poudriere. Is there a way to automate poudriere so that it doesn't start building if the 15:17:25 dependencies are not yet available as packages? 15:19:32 lts: you have pkgbasified? :/ 15:19:49 I have indeed 15:20:48 :( 15:20:52 death to pkgbase! 15:20:55 :) 15:51:58 Hey is anyonr able to update the desc of my talk 15:52:00 https://fosdem.org/2026/schedule/event/YTYUAH-openbsd-router/ 15:52:34 I updated it on pretalx, there was a bunch of grammar mistakes which I have fixed :) 16:06:55 does freebsd have a non-github place for the repositories? github seems to just rate limit when you breathe on it. 16:07:41 <[tj]> git.freebsd.org ? 16:10:06 ah ha cgit.freebsd.org.. perfect 16:18:18 this is gonna sound like a stupid question: is RES in top reflective of a program's actual memory usage, assuming no swap? 16:18:22 i had been assuming it was 16:19:08 <[tj]> https://en.wikipedia.org/wiki/Resident_set_size 16:25:35 massively unhelpful and appears to confirm my initial assumption 16:31:46 <[tj]> RES is the resident set size, it is the pages a program has allocated and "touched" sans those swapped out 16:32:05 <[tj]> the wikipedia page is succinct, but correct 16:36:33 pertho: the repo on github is just a mirror of the official one on git.freebsd.org and cgit.freebsd.org is a web interface to the official repo 16:39:40 stuff like overcommit, mmapping files and copy-on-write makes measuring memory usage a bit difficult 18:28:39 dvl: would you be willing to share your nagios pkg-audit script ? 18:30:19 rtprio: https://git.langille.org/dvl/nagios 18:42:05 thank you 18:43:59 dvl, Unsolicited comment from the peanut gallery: "NOTE: This repo is not my go-to-place for these scripts. I've collected them here for public convenience." In this new world where everyone typos that sentence just reads a little funny to me. 18:44:47 rwp: Type, or public convenience == toilet? 18:44:52 I initially read that as "... is /now/ my go-to-place...". And then drew up short and read it again. In the end I don't quite know what to understand about that git repoisitory. 18:46:29 I have those scripts in an ansible repo. That's the real location. 18:47:20 i need to figure out my npre or ssh checks 18:48:13 dvl, Okay. Gotcha. Now I understand. May I unsolicitly suggest more or less saying, hey, I am not actually using the files from here live, I am using other files for real, I just copied them here a while ago to share. I might have changed all of them since throwing them here. :-) 18:48:39 In any case, obviously I was interested in looking. Thanks for sharing them! :-) 18:51:32 moviuro, If I had that problem of having found a modified file from base and wanting to update that file individually I would fetch the base.txz bundle of base files and then extract that one file from it and fix up that one file. 18:52:55 For example for 14.3R "fetch https://download.freebsd.org/releases/arm64/14.3-RELEASE/base.txz" and then for your example "cd / && tar xvf ~-/base.txz /usr/share/zoneinfo/Europe/Paris" 18:53:35 However how would only ONE file become corrupted? If that part doesn't make sense then I would suspect that where there is one corrupted file that there are probably many corrupted files. 18:54:04 But if I were pretty sure it was just me who broke something then sure I would just fix that one file I created. 18:55:35 And then I would move to zfs and enable automatic snapshots. With zfs auto snaps enabled here I would compare /usr/share/zoneinfo/Europe/Paris against /.zfs/snapshot/zfs-auto-snap_weekly-2026-01-04-00h14/usr/share/zoneinfo/Europe/Paris for example and update from the auto-snap snapshot. 18:56:06 Also if there were some underlying hardware problem that corrupted the data then zfs checksums would prevent that being silent in the future. 18:56:23 NOTE: These scripts were copied here from my actual offline repo. 18:56:23 They worked at the time, but may become out-of-date. 18:57:05 dvl, Nice clarification. I like it! :-) 18:57:55 updated 19:02:31 thanks, working, or would not be so short. 19:59:00 How do I see if snapshots are enabled for my ZFS partitions? I thought that was done by default but apparently not. `zfs list` gives me zroot/usr/home which is mounted at /usr/home. Where would the .zfs/snapshot be? in /usr/home ? 20:00:09 zfs list -t snapshot 20:00:25 they're "enabled" but have you made any? they don't happen automatically 20:00:58 the .zfs/snapshot directory would be /usr/home/.zfs/snapshot 20:02:26 I see zroot/ROOT/default and zroot/containers in the output for 'zfs list -t snapshot' but nothing for zroot/usr/home. 20:04:15 rtprio: I was under the impression that whenver there were changes on the filesystem, like deleting files, etc. that a snapshot was taken. When I worked at the place that destroyed Sun, that used to happen "automagically" and I just thought it was default behaviour. I'll have to learn ZFS a lot more now. 20:04:47 nope, not automagic. there are tons of scripts which will run `zfs snapshot` for you as often as you like 20:05:21 oh 20:06:04 I wonder how they did that. Will have to check with coworkers that are still there. 20:06:21 I have been using the older zfstools zfs auto snap but these days most people recommend sanoid. https://freebsdfoundation.org/blog/zfs-automatic-snapshots-with-sanoid-on-freebsd/ 20:07:07 I wonder how the snapshots for zroot/ROOT/defaults got taken. Must be as part of the upgrades 20:08:29 mns: bectl 20:08:50 freebsd-update automatically makes a couple of snapshots over its upgrades in conjuction with Boot Environments. See: bectl list 20:09:32 (beadm is the original tool, which is now in ports. bectl is a recreation, resides in base.) 20:11:02 Over time and major upgrades those will consume disk space and it's unlikely needed past a certain point. I review them manually and expire them off after I am sure I won't need them anymore. 20:11:32 how do I get more info on a snapshot, like when it was taken, etc. 20:13:25 See "zpool history". 20:13:46 thanks 20:15:03 The Boot Environments are just slightly more complicated. I would use bectl (or beadm) to manage them. "bectl list" and if you want to remove one "bectl destroy $theonehere" and it will take care of the snapshot and the clone together. Because Boot Environments are life file system clones based upon a snapshot. 20:15:23 But for the other snapshots feel free to manage them manually as you wish. 20:15:23 Just did a pkg upgrade for the FreeBSD OS packages. Went smooth, through a reboot and everything. 20:15:34 Woot! 20:17:09 wavefunction: using pkgbase? 21:51:40 mns: Yes, sorry -- couldn't remember what it was called